Fatal Counters
The fatal counters indicate serious errors. These counters should be at or near 0 on a healthy system. The following example lists the fatal counters.
> show counters
Protocol Counter Value Context
CRYPTO RING_FULL 1 Summary
CRYPTO ACCELERATOR_CORE_TIMEOUT 1 Summary
CRYPTO ACCELERATOR_RESET 1 Summary
CRYPTO RSA_PRIVATE_DECRYPT_FAILED 1 Summary
The RING_FULL counter is not a fatal counter, but indicates how often the system overloaded the cryptographic chip. The ACCELERATOR_RESET counter is the number of times the TLS crypto acceleration process failed unexpectedly, which also causes the failure of pending operations, which are the numbers you see in ACCELERATOR_CORE_TIMEOUT and RSA_PRIVATE_DECRYPT_FAILED.
If you have persistent problems, disable TLS crypto acceleration ( or config hwCrypto disable ) and work with Cisco TAC to resolve the issues.
Note | You can do additional troubleshooting using the show snort tls-offload and debug snort tls-offload commands. Use the clear snort tls-offload command to reset the counters displayed in the show snort tls-offload command to zero. |