Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
7
Helpful
4
Replies

CSA causes cpu utilization spike in enforcement mode?

piltze
Level 1
Level 1

‎02-08-2006 07:12 AM - edited ‎03-10-2019 01:53 AM

I am experiencing a problem where two servers (specifically a file a server and a Citrix server) are experiencing spikes in CPU utilization (maxing out at 100% util) whenever we take them out of "Test" mode.

These systems are running CSA v4.5-1 build 616 agents. In order to stop the CPU issue, we had to stop the agent (which dropped the processor util immediately), put the system back into a "Test" state, restart the agent, and poll the server.

Now that the server is back in a Test state, the CPU problem doesnt exist.

Any thoughts or suggestions would be greatly appreciated.

Labels:
0 Helpful
4 Replies 4

tsteger1
Level 8
Level 8

‎02-08-2006 02:13 PM

What groups, policies and events are associated with the servers?

Are there corresponding Windows events?

What other processes are running on the servers?

Are there other similar servers in different groups that aren't having the issues?

One thing you could try is to put one of the servers in a group with minimal policies (Required Windows?) and see how it behaves.

The other thing would to put different policies in test mode...

Tom S

0 Helpful

piltze
Level 1
Level 1
In response to tsteger1

‎02-15-2006 09:55 AM

I put the server in (the default group), and it is still experiencing the same problem.

It is currently not running any other policies/group associations.

There are other servers experiencing the same problem. I have tried putting them into the only, and they have the same problem.

No Windows events worth mentioning.

0 Helpful

tsteger1
Level 8
Level 8
In response to piltze

‎02-15-2006 11:20 AM

CSA is trying to do a lot of work but it isn't logging anywhere because it's set not to.

1. Create a new group called "Windows test".

2. Clone the policies in the group and add them to the new group.

3. Change all the rules in those cloned policies to log.

4. Put the group in test mode.

5. Put a problem server in the group and see what events are generated.

You should see what's causing the problem without killing the server in the process.

Then you'll be able to either except the process or disable the rule causing it (if that's safe).

You also didn't mention what process is spiking the CPU.

Tom S

piltze
Level 1
Level 1
In response to tsteger1

‎02-15-2006 12:17 PM

Thanks for the tip, I will try this.

The okclient is actually what is spiking -- its taking up 40+% of the CPU utilization.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card