Issue
The /usr/sbin/imunify-auditd-log-reader has consuming abnormal high-CPU resources
Environment
- Imunify360
- imunify-auditd-log-reader
Solution
The imunify-auditd-log-reader high load problem has been resolved by the developers (internal tasks DEF-18208, DEF-17936, DEF-20182), appropriate updates have been released and are available for installation. It is enough to update Imunify360 as described in the documentation.
Additional steps for the situation when the problem persists even after the update.
The actions described below should only be applied in a situation where an update og Imunify360 has not fixed the problem. At the same time, it is worth contacting support to let us know that the problem with the high load was not solved by the update.
- Temporarily disabling the system call monitor should avoid the CPU pressure from the imunify-auditd-log-reader process.
# imunify360-agent config update '{"LOGGER":{"syscall_monitor":false}}'
# systemctl restart imunify360
- A workaround might be checking and deleting the Logger's DB directory. Although, if the /var/lib/imunify-auditd-log-reader/events.db/ directory is not very big on a server, it would be great to send it in the support ticket for analysis, so we can verify that these issues it causing or pinpoint some kind of problem with it.
Comments
0 comments
Please sign in to leave a comment.