1.1.2 Ensure 'Enable Log on High DP Load' is enabled


Enable the option 'Enable Log on High DP Load' feature. When this option is selected, a system log entry is created when the devices packet processing load reaches 100% utilization.
When the devices packet processing load reaches 100%, a degradation in the availability of services accessed through the device can occur. Logging this event can help with troubleshooting system performance.


Navigate to Device > Setup > Management > Logging and Reporting Settings > Log Export and Reporting.
Set the Enable Log on High DP Load box to checked.
Sustained attacks, especially volumetric DOS and DDOS attacks will often affect CPU utilization. This setting will generate an event that is easily monitored for and alerted on. While setting CPU utilization watermarks in a Network Management System is a standard practice, this setting does not depend on even having an NMS, it doesn't require anything other than standard logging to implement.
Default Value:
Not enabled

See Also


Item Details


References: 800-53|AU-3, 800-53|AU-12, CSCv6|4.2, CSCv7|6.2

Plugin: Palo_Alto

Control ID: 8f7c0d34a9afc5cf51eb3060e7ed4f3820237b307a0b37f60396ad7b8bee644b