PIMv14 agents running on RHEL6.10 and RHEL 7.5 are showing event messages on our endpoints.
This can be seen when we query for a deployed policy on the endpoint using the selang command:-
sr hnode __local__
The observed message says:-
"The product has restarted ReportAgent due to memory threshold breach 300MB"
(see the attached screenshot LinuxEndpoint.png)
What does this message mean and if this is an issue what is is the resolution.?
Because of the large installation and handling of the data, Reportagent is crossing the memory threshold and causing it to restart.
Release : 14.0
Component : CA ControlMinder
Increase seos.ini token ProcVSizeHigh to 600.
The threshold of 300 MB was chosen fairly arbitrarily because
1) it was based on observations in a small-scale setup;
2) it was initially the same across all supported platforms. The idea behind that token (and it was a standard approach in eTrust division, e.g., uxauthd in UNAB has it even though it does not need that now (after memory leaks were eliminated)) is to restart a long-running AC process if it seems to leak memory as reflected by its reaching a certain size in memory that is deemed excessive. Thus, the 300 MB limit may not be appropriate for a large installation and needs to be raised in that case. One can increase that limit to say 600 or even 800 (MB) without any impact on performance and if the new value is still lower than ReportAgent actually needs for its normal operation, it should be adjusted again.