search cancel

How to monitor SPE performance in a "Core" only install?

book

Article ID: 237889

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS Protection for SharePoint Servers

Issue/Introduction

What suggestions for monitoring SPE performance can you recommend in a "Core" only install?

Environment

Release : 8.2.2

Component : Default-Sym

Resolution

Symantec Protection Engine (SPE) 8.x records details for resource consumption in Resources Consumption Logs (RCL's). These files have a filename extension of .rcl and are in the same folder as .log and .dat files. By default, this location on Linux is /opt/SYMCScan/logs and on Windows is "C:\Program Files\Symantec\Scan Engine\logs" 

The details tracked by .rcl files are documented here: 
  https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2-2/Configuring-and-Monitoring/about-resource-consumption-log-files-v128533017-d4995e11886.html#v128533017_v128533051

For SPE instances enrolled with the central console, monitoring resources usage can occur there, or possibly through splunk:
  https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2-2/Logs,-Alerts,-and-Reports/importing-symantec-protection-engine-events-into-s-v128206670-d4995e35591.html

In addition to the monitoring built into SPE itself, you can also monitor using the resource monitoring tools of each operating system. On Linux, these are tools such as sar, top, and vmstat. On Windows, perfmon is widely accepted as a way to record and review performance counters.