What suggestions for monitoring SPE performance can you recommend in a "Core" only install?
Release : 8.2.2
Component : Default-Sym
Symantec Protection Engine (SPE) 8.x records details for resource consumption in Resources Consumption Logs (RCL's). These files have a filename extension of .rcl and are in the same folder as .log and .dat files. By default, this location on Linux is /opt/SYMCScan/logs and on Windows is "C:\Program Files\Symantec\Scan Engine\logs"
The details tracked by .rcl files are documented here:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2-2/Configuring-and-Monitoring/about-resource-consumption-log-files-v128533017-d4995e11886.html#v128533017_v128533051
For SPE instances enrolled with the central console, monitoring resources usage can occur there, or possibly through splunk:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2-2/Logs,-Alerts,-and-Reports/importing-symantec-protection-engine-events-into-s-v128206670-d4995e35591.html
In addition to the monitoring built into SPE itself, you can also monitor using the resource monitoring tools of each operating system. On Linux, these are tools such as sar, top, and vmstat. On Windows, perfmon is widely accepted as a way to record and review performance counters.