Fatal Counters

The fatal counters indicate serious errors. These counters should be at or near 0 on a healthy system. The following example lists the fatal counters.


> show counters
Protocol     Counter                           Value   Context
CRYPTO       RING_FULL                             1   Summary 
CRYPTO       ACCELERATOR_CORE_TIMEOUT              1   Summary 
CRYPTO       ACCELERATOR_RESET                     1   Summary 
CRYPTO       RSA_PRIVATE_DECRYPT_FAILED            1   Summary

The RING_FULL counter is not a fatal counter, but indicates how often the system overloaded the cryptographic chip. The ACCELERATOR_RESET counter is the number of times the TLS crypto acceleration process failed unexpectedly, which also causes the failure of pending operations, which are the numbers you see in ACCELERATOR_CORE_TIMEOUT and RSA_PRIVATE_DECRYPT_FAILED.

If you have persistent problems, disable TLS crypto acceleration ( or config hwCrypto disable ) and work with Cisco TAC to resolve the issues.

Note	You can do additional troubleshooting using the show snort tls-offload and debug snort tls-offload commands. Use the clear snort tls-offload command to reset the counters displayed in the show snort tls-offload command to zero.