While the log file collector is collecting, CPU usage stays at 90% or more.

Symptoms
You have enabled Dynamic log files, there are multiple large logs and the CPU usage is very high.

This is a known issue with the MonitorDynamicLog setting in the Log File sensors. With DynamicLogFile the sensor must load the logs that are in that directory. If there are a lot of logs in the target log directories, it uses more resources to load them.

There are several ways to resolve this problem.

Set the sensor to monitor Single Log Files only
Set the sensor to monitor Single Log Files only. This setting will cause the sensor to only monitor the active log file. As new events are added to the active log file, they are read by the sensor.
 

1. Log in to the SSIM Console as administrator
2. Click System
3. Click Product Configurations
4. Expand the collector configuration
5. Open up each sensor
6. In "reading mode" choose: MonitorSingleLogFile
7. In Log file name enter the name of the actual log file, <logfilename>active.csv (example: Failed Attempts active.csv)
8. Save and distribute the sensor settings

Using DynamicLogFile
In order to continue using DynamicLogFile, you must cut down on the logs that are being processed. You must move logs that have already been processed or irrelevant logs to another directory to reduce the CPU consumption.
 

1. Stop the Sesa agent.
2. In Windows Explorer navigate to the target log file folders for the log types you are collecting.
3. Move any logs that have already been processed.
4. Move any logs which are too old to be relevant.
5. Restart the sesa agent.
6. Make a routine to move the old logs from this folder periodically.

Another option is to follow KB TECH173421 (see reference at bottom)