Firewall syslog service is showing 100% CPU utilization.


This article applies to:

  • Firewall Suite

Symptoms:

  • Firewall syslog service is showing 100% CPU utilization.

Causes:

When using the syslog service to retrieve firewall log files the CPU utilization may increase to 100% every time the syslog service is accessed.

Most often this is caused by one of the two scenarios listed below.

If multiple profiles are using the syslog service to retrieve the same log file(s), this can cause issues with the syslog service. Only one profile should be specified to use the syslog service. The other profiles should be using the log files generated by the syslog. The log files, by default, are stored in the following directory, which is specified within the profile that is retrieving the syslog:

    \WebTrends Firewall Suite\SyslogLogs

The Network Interface Card (NIC) driver may not be the correct driver to use the syslog. Experience has shown that some network card drivers have issues using the syslog service.

  • Specifically the Compaq NETFLEX 3 10/100 TX UTP, using driver NETFLX3.SYS V 4.22 causes such an issue. If the driver is switched to NETFLX3.SYS V4.36 the issue should be corrected.

This article was previously published as:
NETIQKB1639

Last Modified 4/13/2006.
https://support.trustwave.com/kb/KnowledgebaseArticle10174.aspx