search cancel

High CPU usage after deploying Intrusion Detection policy to an Agent installed on the Manager

book

Article ID: 161803

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server

Issue/Introduction

After deploying an Intrusion Detection (IDS) policy to an agent installed on the Symantec Critical System Protection (CSP) Manager or Data Center Security (DCS) Server, CPU usage is high and stays high.

Cause

This generates a loop which causes constant CPU usage.

The CSP Manager writes to the logfiles and SQL files as it works/processes data, then with the agent monitoring those files for modifications it generates more data for the Manager to process and subsequently write to those files again.

CPU Usage due to this setup will vary depending on the size and activity of the environment CSP or DCS is deployed in.

Resolution

Do not monitor these files for modification in the IDS Policy deployed to the manager. 

The largest impact observed is the monitoring of the SQL Files for modification.


Applies To

CSP Agent Installed on CSP Manager Server or DCS Agent installed on a DCS Manager server.

IDS Policy deployed to the agent watching for the modification of CSP Manager log files and MSSQL files for Symantec CSP.