VoyenceControl: Using unanchored optional regex patterns in check patterns can cause severe VoyenceControl performance degradation
Article ID: 303556
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
Using unanchored optional regex patterns in check patterns can cause severe VoyenceControl performance degradation
Application Server memory and swap usage surges after running VoyenceControl Enforce Policy or Compliance Audits
VoyenceControl Enforce Policy and/or Compliance Audit takes an extreme amount of time to complete
Running VoyenceControl Enforce Policy on a large set of devices returns the following Java Exception to the client:
Using unanchored optional regex patterns in check patterns can cause severe VoyenceControl performance degradation
Application Server memory and swap usage surges after running VoyenceControl Enforce Policy or Compliance Audits
VoyenceControl Enforce Policy and/or Compliance Audit takes an extreme amount of time to complete
Running VoyenceControl Enforce Policy on a large set of devices returns the following Java Exception to the client:
java.rmi.ServerException: IOE; nested exception is:
java.io.IOException: Server returned HTTP response code: 503 for URL: http://192.168.1.2:8881/invoker/EJBInvokerServlet
VoyenceControl Application Server powerup.log file repeatedly logs lines similar to the following:
DEBUG [com.powerup.configmgr.server.services.configaudit.impl.RegExHelper] (JMS SessionPool Worker-459) Match found for line(CAPTURE_GROUP_TEXT)?
Environment
VMware Smart Assurance - NCM
Cause
This issue is caused by using optional Regex patterns without being anchored by Exact Order Match or by additional regex statements around the optional pattern. When optional regex check patterns are "unanchored" like this, each configuration file is scanned repeatedly which can cause severe VoyenceControl performance degradation.
Resolution
To resolve this issue, optional regex patterns without an anchor must be anchored one of the following ways:
- Use Exact Order Match: Open up your Regex Test for editing and choose Exact Order Match instead of Line By Line (see Note statement). This will anchor your optional regex pattern with other regex check patterns in the same Test*. If no other regex patterns exist in this test, Exact Order Match will have no affect.
- Anchor the optional regex: Anchor your optional regex with extra statements on the same line. The following shows an example of how to do this:
-
- The following is unanchored optional regex, which will always be found in a given configuration file because it is simply a group of characters that must match 0 or 1 times to pass:
(abc)?
Changing the above line to the following would anchor this pattern so that it is no longer optional, meaning it cannot pass by matching 0 times:
(abc)?d
- The following is unanchored optional regex, which will always be found in a given configuration file because it is simply a group of characters that must match 0 or 1 times to pass:
Additional Information
When using Exact Order Match in VoyenceControl 4.1.0, the optional regex will need to be anchored with other regex check patterns within the same step.
Feedback
Yes
No
Powered by
