Details
Enable the option ‘Enable Log on High DP Load’ feature. When this option is selected, a system log entry is created when the device’s packet processing load reaches 100% utilization.
Rationale:
When the device’s packet processing load reaches 100%, a degradation in the availability of services accessed through the device can occur. Logging this event can help with troubleshooting system performance.
Solution
Navigate to Device > Setup > Management > Logging and Reporting Settings > Log Export and Reporting.
Set the Enable Log on High DP Load box to checked.
Impact:
Sustained attacks, especially volumetric DOS and DDOS attacks will often affect CPU utilization. This setting will generate an event that is easily monitored for and alerted on. While setting CPU utilization watermarks in a Network Management System is a standard practice, this setting does not depend on even having an NMS, it doesn’t require anything other than standard logging to implement.
Default Value:
Not enabled
References:
‘What is Enable Log on High DP Load’ – https://live.paloaltonetworks.com/docs/DOC-4075
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Palo_Alto.