search cancel

How to monitor SPE performance in a "Core" only install?


Article ID: 237889


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS Protection for SharePoint Servers


What suggestions for monitoring SPE performance can you recommend in a "Core" only install?


Release : 8.2.2

Component : Default-Sym


Symantec Protection Engine (SPE) 8.x records details for resource consumption in Resources Consumption Logs (RCL's). These files have a filename extension of .rcl and are in the same folder as .log and .dat files. By default, this location on Linux is /opt/SYMCScan/logs and on Windows is "C:\Program Files\Symantec\Scan Engine\logs" 

The details tracked by .rcl files are documented here:

For SPE instances enrolled with the central console, monitoring resources usage can occur there, or possibly through splunk:,-Alerts,-and-Reports/importing-symantec-protection-engine-events-into-s-v128206670-d4995e35591.html

In addition to the monitoring built into SPE itself, you can also monitor using the resource monitoring tools of each operating system. On Linux, these are tools such as sar, top, and vmstat. On Windows, perfmon is widely accepted as a way to record and review performance counters.