Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 6912 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device Usage while accessing the Network-Camera)

Andreas Czech

Hi,

 

I need your Help with my CPU-Usage.

Situation (normally):

CPU Usage around 5-10%

my Problem is -> when I access my Network-Camera (Axis M1125-E) using the Webinterface, the CPU-Usage goes to 90-100%.

I created an Exception in the Web Filtering, Advanced Threat Protection, Intrusion Prevention. Although tried DNAT/SNAT Rule but nothing helps. Maybe I've missed something/configured something incorrect. Maybe you have an Idea what could be the Cause/and how to solve it.

Thanks in Advance

 

attached the Screenshot of my IPS Log:

192.168.131.170 is my Computer and 192.168.41.126 is the Network Camera

 

Andy



This thread was automatically locked due to age.
  • 0

    I'd start by disabling web protection and all the sub tabs under intrusion protection (global, attack patterns, antiflooding, etc..).  Access your camera.  In shell, execute top, which will show you what is consuming cpu.

    Start adding each disabled function back one at a time.  Once you've determined the culprit focus on creating the proper exception or bypass. A systematic approach helps narrow it down too many variables confusing things.

  • 0

    Hi Andy,

    Please show the Edit of your Intrusion Prevention Exception.

    Have you tried the following as root at the command line?

    cc set ips snortsettings max_queued_bytes 1060000

    You can find that by limiting the following Google to the last year:

    site:community.sophos.com/products/unified-threat-management/f "Configured max bytes to queue"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:
    Please show the Edit of your Intrusion Prevention Exception.

    sure

     

    BAlfson said:

    Have you tried the following as root at the command line?

    cc set ips snortsettings max_queued_bytes 1060000

    yes, tried it now

    but the CPU Usage increases still to ~95%

  • 0 in reply to Jay Jay

    Jay Jay said:
    and all the sub tabs under intrusion protection (global, attack patterns, antiflooding, etc..). 

    the CPU Consumption is still 55-60%

     

    Jay Jay said:
    I'd start by disabling web protection

    the CPU Consumption is still 25-30%

     

    Jay Jay said:
    I'd start by disabling web protection and intrusion protection/Anti-Portscan

    the CPU Consumption is still 20-25%

     

    maybe it's somehow related to NAT?

  • 0 in reply to Andreas Czech

    Don't you want "Internal (DMZ) (Network)" instead of "Internal (DMZ) (Address)" in your Exception?  Did that make any difference?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:
    Don't you want "Internal (DMZ) (Network)" instead of "Internal (DMZ) (Address)" in your Exception?  Did that make any difference?

    added Internal (DMZ) (Network)" + "Internal (DMZ) (Address)" to the Exceptions.

    the CPU-Usage is again around 95% (95-100%)

    what's with the Thought an NAT Rule would help?

Unfiltered HTML