Swap space (virtual memory) may degrade the performance of Security Analytics v7.x


Article ID: 168454


Updated On:


Security Analytics


In versions of Security Analytics 7.0 and later, swap (virtual memory) should be disabled as it may contribute to performance issues.  On new installs of 7.x, swap is disabled by default.  For upgrades from version 6.x to 7.x, swap may not be disabled as it should by the upgrade process.



To see if swap is currently enabled on a Security Analytics appliance version 7.x, log in via SSH as 'root' and run "free -m":
$ free -m
             total       used       free     shared    buffers     cached
Mem:          7968       7708        260         28        178       6726
-/+ buffers/cache:        802       7166
Swap:         8173          0       8173

In this example, note that swap is turned on (total Swap = 8173) but not used (used = 0, free = 8173).

If swap is on, regardless of the amount used, turn off and disable it using the following procedure:

1) Disable swap on boot/startup by commenting out the "swap" line in /etc/fstab using 'sed':
$ sed -e '/^.*swap.*$/ s/^#*/#/' -i /etc/fstab

Verify that it is commented out (has a # at the beginning of the line):
$ grep swap /etc/fstab

On the next system boot, swap will not be enabled.

2) To clear and turn off the swap immediately without performing a reboot, run:
$ swapoff -a

For a system with high swap usage, this command could take a long time (>30min) to complete and performance may remain degraded during that operation.  If needed, cancel that command with Ctrl-C and reboot the appliance to finish clearing and disabling swap more quickly.