CPU / Memory usage is high on Malware Prevention Service VM
search cancel

CPU / Memory usage is high on Malware Prevention Service VM

book

Article ID: 330596

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Title: CPU / Memory usage is high/very high on Malware Prevention Service VM

Event ID: malware_prevention_health.service_vm_cpu_usage_high, malware_prevention_health.service_vm_cpu_usage_very_high, malware_prevention_health.service_vm_memory_usage_high malware_prevention_health.service_vm_memory_usage_very_high

Added in release: NSX 4.1.2

Alarm Description
  • Symptom: Following is observed on NSX UI: Alarms dashboard shows "Service VM CPU Usage High" or "Service VM CPU Usage Very High" or "Service VM Memory Usage High" or "Service VM Memory Usage Very High". On Alarm description, transport node name for which usage is high is mentioned.
  • Cause: When Malware Prevention SVM is under severe load of analysing files, we may see this issue when memory/cpu utilization has crossed threshold set for high usage (80% is default) or very high usage (90%) over 10 minutes .
Resolution:
Migrate some VMs which are generating lot of file events away from the affected host to reduce the load on the SVM.
One way to identify VMs generating lot of file events is to go on NSX Manager UI Screen
Security > Malware Prevention > All Files
and look for VMs on the ESX host that has lot of file events in progress and then vmotion those VMs

Maintenance window required for remediation?
No

Environment

VMware NSX-T Data Center

Additional Information

The malware prevention components run on NSX-T Edge nodes (when North-South malware prevention is enabled) and on SVMs on Host nodes (when East-West malware prevention is enabled).