the java.exe process can sometime takes a lot of CPU cycle or spike to 100% for a short period of time.
In latest version of the sensor you can add manually a setting to slow down the collector by pausing the reading of the point product. This settings were added and standardised to be the same between all the sensors, but you need to run latest version (December LiveUpdate 2010)
This settings apply to the following sensors type:
Database sensor = DB.jar
Estreamer = estreamer.jar
Log file = logfile.jar
NeXpose Sensor = NeXpose.jar
SDEE = sdee.jar
VMware = VMwareSensor.jar
Windows Event Collector Sensor = WindowsEventlog.jar
Windows WinRM = wsmanagement.jar
The settings are:
pauseForNoEvents = It sets the lenght of time the sensor will pause after a successful read from target box. Default is 100 milliseconds.
pauseBetweenRequests = It controls the lenght of time before the next attempt to read a log, when sensor is at end of log. Default is 3000.
There is an extra settings for the following collectors: Streamer, Sdee, WEC, Wsmanagement
sleepMaxErrorTime = It defines the lenght of time sensor sleeps after an error. Default for that is 10000.
How to edit:
On the collector machine make a backup of the config.xml file first.
There is an element called com.symantec.cas.ucf.sensors.SensorsProperties. if you'll put those properties into
sub element of SensorProperties element they will be loaded.
The values need to be fined tuned depending of your environment. If these value are to high in some conditions the collector might experience a high delay in event processing.
If you run LiveUpdate and there is an update the changes will be overwritten.
LogFile Sensor was updated in LiveUpdate to support extra parameters (all informations are in LiveUpdate-logfileSensor.txt):
Excessive CPU usage when current file is not being updated and sensor is looking for another file to start reading from. The LogFile sensor version 2.40 introduces a new property LoglistUpdateFrequency to handle the excessive CPU utilization when current file is not being updated and sensor is looking for another file to start reading from. This behaviour is handled by adding a timeout for the sensor to wait after it reaches EOF in the current file and before it starts looking for another file. It accepts positive integer values in seconds. The default value is 5 (seconds).
NOTE 1: In case of logfile sensor, there might be a high CPU usage if the file sensor is set to monitor dynamic file See KB TECH92007 and KB TECH173421
NOTE 2: Another important option when you use logfile sensor is to follow this KB TECH91995
Imported Document ID: TECH153858
Subscribing will provide email updates when this Article is updated. Login is required.