FSM slow

Hello,

I have this problem for months, we have 2 x m370 clusters, the FSM is very slow in displaying the logs, if I set maximum log Messagges to 3 then it works fine, besides not.
Even if I remove the colors it works fine, I have already checked my PC, all the resources are ok too, the problem does not manifest itself on the WebUI of the Firebox.

Some idea ?

Comments

  • This seems like a FSM client issue to me.
    I would not expect the color or max log lines displayed to be impacted by the firewall itself.

    Check the Refresh Interval setting in FSM -> Traffic Monitor.

    How many log entries are being sent from the firewall and displayed in FSM per minute?

  • Hi Bruce,

    the interval is 5 seconds, how can I understand how much logs are sent by the firewall per minute?

  • You can count the number in FSM -> Traffic monitor.
    Or for a 10 second or 1 second look.

    You can count the number of log lines displayed on your PC screen. Then count the number of pages being displayed of the desired period of time.

    For example, for my low use firewall, I rarely see more than 20 log entries per second.

    And, as I recall, the FSM access to the firewall process has a low priority, so for a high use firewall, I can see where access might be slow.

  • Thanks Bruce, I'll check and let you know, but I think I'm around 30 per second

  • Hi Bruce,

    an average of about 30 per second

  • That doesn't seem excessive to me.
    Consider a support incident.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    There's likely (without having a look at the cluster or seeing the problem first hand) some type of debug logging or something else turned on.

    Check Setup -> Logging -> Diagnostic Log Level, and make sure that everything is set to the error level unless you're actively troubleshooting. Proxies also have log override settings in the proxy action -- if the override checkbox in the general area of the proxy has logging override turned on and you're not actively troubleshooting, turn it off.

    FSM makes a request to the firewall via x-path at every refresh interval and depending on how many logs it has to pull down at that interval, may take anywhere between a second to a several seconds each time (I think the longest I've seen personally is 15 seconds.)

    As a side note, you can change the refresh interval to anything you want if you hover over it and click on it. I would suggest not going below 2 seconds (If there's a lot of logs, I've seen firewalls enact DDOS protection policies and start dropping FSM traffic.) This is why the drop down menu only allows you to go to 5 seconds.

    If you want a "streaming" view vice the refresh every few seconds way, try the traffic monitor in the WebUI.

    -James Carson
    WatchGuard Customer Support

  • Hi James,

    you were probably right, I still had it set to debug, I think for the problem I had "nx_domain_server", I do some tests and I don't know.

    Thanks a lot, bye

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @toscanatlc If you want to adjust some things and see if that helps, no problem -- if you keep seeing it perform badly, make a support case so we can look into it more closely. Worst case scenario is that it ends up being a bug, and we can start working on getting that fixed if that's the case.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.