AIOps Alert "Adverse Resource Usage"

AIOps Alert "Adverse Resource Usage"

3061
Created On 02/16/22 00:58 AM - Last Modified 06/07/23 22:55 PM


Symptom


Alert from AIOps regarding Adverse Resource Usage trends

Environment


  • PAN-OS
  • AIOps

Cause


The device is experiencing an increase in traffic that has resulted in one or more of the following symptoms: 

  • A sudden burst in connections per second (CPS) rate.
  • A sudden burst in the number of long-lived sessions.
  • A SYN-flood attack even when the device is configured to use DOS protection.
  • Approaching CPS, session table, or throughput capacity. 

Resolution


To troubleshoot the problem:

  1. Review the related metrics to identify the problem at hand.
  2. Identify source of traffic
    1. Compare the ACC report during the high traffic usage as compared to the lower traffic usage. Identify the traffic that could be the cause of the increase in the metric. How to use ACC KB . If the traffic source is legitimate then the device is reaching its capacity limits and an upgrade to a larger platform might be necessary.
    2. This increase in traffic could also be caused by a DoS attack. Identify the source of traffic burst and prevent the possibility of DOS attack.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNCjCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail