Imperva Cyber Community

Hi, We have a DAM Imperva appliance and we have detected that the use of CPU and RAM memory is too high (CPU +90%, RAM +85%), but when we check the top process, these wasn't over 50%.
How we can check it?
Is it normal % to DAM Imperva appliance?


Cpu(s): 91.0%us, 1.5%sy, 0.0%ni, 7.2%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 8063584k total, 7987788k used, 75796k free, 33760k buffers
Swap: 3145720k total, 966700k used, 2179020k free, 3671800k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24170 mxserver 20 0 7443m 3.5g 8064 S 351. 5 46.1 66050:27 java
15543 oracle 20 0 1770m 394m 386m S 5.0 5.0 2:57.06 oracle
23634 oracle 20 0 1770m 438m 431m S 4.3 5.6 3:18.65 oracle
1956 root 20 0 201m 9284 2312 S 2.7 0.1 173:04.38 snmpd
2857 oracle 20 0 1770m 418m 411m S 2.7 5.3 3:32.20 oracle
8727 oracle 20 0 1770m 320m 313m S 2.7 4.1 1:57.90 oracle
31357 oracle 20 0 1763m 265m 263m S 1.0 3.4 399:33.62 oracle
3335 root 20 0 4060 156 128 S 0.3 0.0 94:04.66 rngd
3343 root 20 0 104m 1060 808 S 0.3 0.0 375:49.12 monit
1 root 20 0 19340 1000 808 S 0.0 0.0 0:44.78 init
2 root 20 0 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 0 S 0.0 0.0 2:30.82 migration/0
4 root 20 0 0 0 0 0 S 0.0 0.0 0:07.22 ksoftirqd/0
5 root RT 0 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#DatabaseActivityMonitoring

------------------------------
matías di cola
------------------------------

Your CPU load does seem too high.  Are you running any data classification scans? 
Our MXs only get to 25% used, but typically much lower.

Does the CPU load drop after restarting SecureSphere?

The appliance is running CentOS, and will attempt to use all of the memory. 
Your percentage is normal from what I have seen.

Cpu(s): 0.4%us, 0.1%sy, 0.0%ni, 99.4%id, 0.0%wa, 0.0%hi, 0.1%si, 0.0%st

Mem: 8063584k total, 7941948k used, 121636k free, 359244k buffers

Swap: 3145720k total, 176208k used, 2969512k free, 3897464k cached

Hi Robert,

We restart the SecureSphere service today, but the use of CPU was the same before and after action (+90%).

Can we test anything else?

------------------------------
matías di cola
------------------------------

Original Message:
Sent: 09-03-2020 13:53
From: Robert Miller
Subject: CPU & RAM high

Your CPU load does seem too high.  Are you running any data classification scans? 
Our MXs only get to 25% used, but typically much lower.

Does the CPU load drop after restarting SecureSphere?

The appliance is running CentOS, and will attempt to use all of the memory. 
Your percentage is normal from what I have seen.

Cpu(s): 0.4%us, 0.1%sy, 0.0%ni, 99.4%id, 0.0%wa, 0.0%hi, 0.1%si, 0.0%st

Mem: 8063584k total, 7941948k used, 121636k free, 359244k buffers

Swap: 3145720k total, 176208k used, 2969512k free, 3897464k cached

------------------------------
Robert Miller
Bank of the West
Omaha NE

Original Message:
Sent: 09-02-2020 14:40
From: matías di cola
Subject: CPU & RAM high

Hi, We have a DAM Imperva appliance and we have detected that the use of CPU and RAM memory is too high (CPU +90%, RAM +85%), but when we check the top process, these wasn't over 50%.
How we can check it?
Is it normal % to DAM Imperva appliance?


Cpu(s): 91.0%us, 1.5%sy, 0.0%ni, 7.2%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 8063584k total, 7987788k used, 75796k free, 33760k buffers
Swap: 3145720k total, 966700k used, 2179020k free, 3671800k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24170 mxserver 20 0 7443m 3.5g 8064 S 351. 5 46.1 66050:27 java
15543 oracle 20 0 1770m 394m 386m S 5.0 5.0 2:57.06 oracle
23634 oracle 20 0 1770m 438m 431m S 4.3 5.6 3:18.65 oracle
1956 root 20 0 201m 9284 2312 S 2.7 0.1 173:04.38 snmpd
2857 oracle 20 0 1770m 418m 411m S 2.7 5.3 3:32.20 oracle
8727 oracle 20 0 1770m 320m 313m S 2.7 4.1 1:57.90 oracle
31357 oracle 20 0 1763m 265m 263m S 1.0 3.4 399:33.62 oracle
3335 root 20 0 4060 156 128 S 0.3 0.0 94:04.66 rngd
3343 root 20 0 104m 1060 808 S 0.3 0.0 375:49.12 monit
1 root 20 0 19340 1000 808 S 0.0 0.0 0:44.78 init
2 root 20 0 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 0 S 0.0 0.0 2:30.82 migration/0
4 root 20 0 0 0 0 0 S 0.0 0.0 0:07.22 ksoftirqd/0
5 root RT 0 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#DatabaseActivityMonitoring

------------------------------
matías di cola
------------------------------

Hello Matias,
I would like to ask if you could go to Admin -> System performance -> CPU load percentage over time by component and check "View last day".  Many times you'll see a component that is taking most CPU, and this will give you a clue on where to start debugging.  If you could please check that and reply back it will help to identify the potential issue.

Thank you.

------------------------------
Craig Burlingame
------------------------------

Original Message:
Sent: 09-02-2020 14:40
From: matías di cola
Subject: CPU & RAM high

Hi, We have a DAM Imperva appliance and we have detected that the use of CPU and RAM memory is too high (CPU +90%, RAM +85%), but when we check the top process, these wasn't over 50%.
How we can check it?
Is it normal % to DAM Imperva appliance?


Cpu(s): 91.0%us, 1.5%sy, 0.0%ni, 7.2%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 8063584k total, 7987788k used, 75796k free, 33760k buffers
Swap: 3145720k total, 966700k used, 2179020k free, 3671800k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24170 mxserver 20 0 7443m 3.5g 8064 S 351. 5 46.1 66050:27 java
15543 oracle 20 0 1770m 394m 386m S 5.0 5.0 2:57.06 oracle
23634 oracle 20 0 1770m 438m 431m S 4.3 5.6 3:18.65 oracle
1956 root 20 0 201m 9284 2312 S 2.7 0.1 173:04.38 snmpd
2857 oracle 20 0 1770m 418m 411m S 2.7 5.3 3:32.20 oracle
8727 oracle 20 0 1770m 320m 313m S 2.7 4.1 1:57.90 oracle
31357 oracle 20 0 1763m 265m 263m S 1.0 3.4 399:33.62 oracle
3335 root 20 0 4060 156 128 S 0.3 0.0 94:04.66 rngd
3343 root 20 0 104m 1060 808 S 0.3 0.0 375:49.12 monit
1 root 20 0 19340 1000 808 S 0.0 0.0 0:44.78 init
2 root 20 0 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 0 S 0.0 0.0 2:30.82 migration/0
4 root 20 0 0 0 0 0 S 0.0 0.0 0:07.22 ksoftirqd/0
5 root RT 0 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#DatabaseActivityMonitoring

------------------------------
matías di cola
------------------------------

Hi Craig,

I checked the graph and the monitoring process has a ~+65% (CPU load) in the last day.

Does the process only check the status of the database agents? or Does the process also handle alerts, violations and rules?

------------------------------
matías di cola
------------------------------

Original Message:
Sent: 09-04-2020 12:05
From: Craig Burlingame
Subject: CPU & RAM high

Hello Matias,
I would like to ask if you could go to Admin -> System performance -> CPU load percentage over time by component and check "View last day".  Many times you'll see a component that is taking most CPU, and this will give you a clue on where to start debugging.  If you could please check that and reply back it will help to identify the potential issue.

Thank you.

------------------------------
Craig Burlingame

Original Message:
Sent: 09-02-2020 14:40
From: matías di cola
Subject: CPU & RAM high

Hi, We have a DAM Imperva appliance and we have detected that the use of CPU and RAM memory is too high (CPU +90%, RAM +85%), but when we check the top process, these wasn't over 50%.
How we can check it?
Is it normal % to DAM Imperva appliance?


Cpu(s): 91.0%us, 1.5%sy, 0.0%ni, 7.2%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 8063584k total, 7987788k used, 75796k free, 33760k buffers
Swap: 3145720k total, 966700k used, 2179020k free, 3671800k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24170 mxserver 20 0 7443m 3.5g 8064 S 351. 5 46.1 66050:27 java
15543 oracle 20 0 1770m 394m 386m S 5.0 5.0 2:57.06 oracle
23634 oracle 20 0 1770m 438m 431m S 4.3 5.6 3:18.65 oracle
1956 root 20 0 201m 9284 2312 S 2.7 0.1 173:04.38 snmpd
2857 oracle 20 0 1770m 418m 411m S 2.7 5.3 3:32.20 oracle
8727 oracle 20 0 1770m 320m 313m S 2.7 4.1 1:57.90 oracle
31357 oracle 20 0 1763m 265m 263m S 1.0 3.4 399:33.62 oracle
3335 root 20 0 4060 156 128 S 0.3 0.0 94:04.66 rngd
3343 root 20 0 104m 1060 808 S 0.3 0.0 375:49.12 monit
1 root 20 0 19340 1000 808 S 0.0 0.0 0:44.78 init
2 root 20 0 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 0 S 0.0 0.0 2:30.82 migration/0
4 root 20 0 0 0 0 0 S 0.0 0.0 0:07.22 ksoftirqd/0
5 root RT 0 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#DatabaseActivityMonitoring

------------------------------
matías di cola
------------------------------

Hi All,
we still couldn't solve it.
we have a technical question: How Imperva agenst works?
Example: We install an Imperva agent in a database server, after that What databases are monitored by agents?
Are all the databases that exist on the server monitored?
How can I specify which database I want to monitor?

------------------------------
matías di cola
------------------------------

Original Message:
Sent: 09-04-2020 14:56
From: matías di cola
Subject: CPU & RAM high

Hi Craig,

I checked the graph and the monitoring process has a ~+65% (CPU load) in the last day.

Does the process only check the status of the database agents? or Does the process also handle alerts, violations and rules?

------------------------------
matías di cola

Original Message:
Sent: 09-04-2020 12:05
From: Craig Burlingame
Subject: CPU & RAM high

Hello Matias,
I would like to ask if you could go to Admin -> System performance -> CPU load percentage over time by component and check "View last day".  Many times you'll see a component that is taking most CPU, and this will give you a clue on where to start debugging.  If you could please check that and reply back it will help to identify the potential issue.

Thank you.

------------------------------
Craig Burlingame

Original Message:
Sent: 09-02-2020 14:40
From: matías di cola
Subject: CPU & RAM high

Hi, We have a DAM Imperva appliance and we have detected that the use of CPU and RAM memory is too high (CPU +90%, RAM +85%), but when we check the top process, these wasn't over 50%.
How we can check it?
Is it normal % to DAM Imperva appliance?


Cpu(s): 91.0%us, 1.5%sy, 0.0%ni, 7.2%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 8063584k total, 7987788k used, 75796k free, 33760k buffers
Swap: 3145720k total, 966700k used, 2179020k free, 3671800k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24170 mxserver 20 0 7443m 3.5g 8064 S 351. 5 46.1 66050:27 java
15543 oracle 20 0 1770m 394m 386m S 5.0 5.0 2:57.06 oracle
23634 oracle 20 0 1770m 438m 431m S 4.3 5.6 3:18.65 oracle
1956 root 20 0 201m 9284 2312 S 2.7 0.1 173:04.38 snmpd
2857 oracle 20 0 1770m 418m 411m S 2.7 5.3 3:32.20 oracle
8727 oracle 20 0 1770m 320m 313m S 2.7 4.1 1:57.90 oracle
31357 oracle 20 0 1763m 265m 263m S 1.0 3.4 399:33.62 oracle
3335 root 20 0 4060 156 128 S 0.3 0.0 94:04.66 rngd
3343 root 20 0 104m 1060 808 S 0.3 0.0 375:49.12 monit
1 root 20 0 19340 1000 808 S 0.0 0.0 0:44.78 init
2 root 20 0 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 0 S 0.0 0.0 2:30.82 migration/0
4 root 20 0 0 0 0 0 S 0.0 0.0 0:07.22 ksoftirqd/0
5 root RT 0 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#DatabaseActivityMonitoring

------------------------------
matías di cola
------------------------------

Hi Matias,

    To answer you agents question - once the agent is installed on a server (physical or IaaS), that agent will monitor ALL databases running on that server.  The agent is fairly simple in what it does, ALL DB transactions for all DBs are sent to the gateway to be processed and that's where the policies are applied.  So the gateway does all the heavy lifting when it comes to processing the data.  Policies determine what data to audit and keep or alert on.  Anything that does not match a policy is ignored.  It is possible to apply Agent Monitoring Rules (AMR) to the agents.  These AMRs tell the agents to ignore certain elements (Backups, traffic from specific IPs, etc...) and anything matching the AMRs will NOT be sent to the gateway at all.  There is much much more that can be found on docs.imperva.com about agents and AMR rules.  

AMR - https://docs.imperva.com/bundle/v12.6-file-security-user-guide/page/3015.htm

------------------------------
Rich Blais
------------------------------

Original Message:
Sent: 11-04-2020 10:32
From: matías di cola
Subject: CPU & RAM high

Hi All,
we still couldn't solve it.
we have a technical question: How Imperva agenst works?
Example: We install an Imperva agent in a database server, after that What databases are monitored by agents?
Are all the databases that exist on the server monitored?
How can I specify which database I want to monitor?

------------------------------
matías di cola

Original Message:
Sent: 09-04-2020 14:56
From: matías di cola
Subject: CPU & RAM high

Hi Craig,

I checked the graph and the monitoring process has a ~+65% (CPU load) in the last day.

Does the process only check the status of the database agents? or Does the process also handle alerts, violations and rules?

------------------------------
matías di cola

Original Message:
Sent: 09-04-2020 12:05
From: Craig Burlingame
Subject: CPU & RAM high

Hello Matias,
I would like to ask if you could go to Admin -> System performance -> CPU load percentage over time by component and check "View last day".  Many times you'll see a component that is taking most CPU, and this will give you a clue on where to start debugging.  If you could please check that and reply back it will help to identify the potential issue.

Thank you.

------------------------------
Craig Burlingame

Original Message:
Sent: 09-02-2020 14:40
From: matías di cola
Subject: CPU & RAM high

Hi, We have a DAM Imperva appliance and we have detected that the use of CPU and RAM memory is too high (CPU +90%, RAM +85%), but when we check the top process, these wasn't over 50%.
How we can check it?
Is it normal % to DAM Imperva appliance?


Cpu(s): 91.0%us, 1.5%sy, 0.0%ni, 7.2%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 8063584k total, 7987788k used, 75796k free, 33760k buffers
Swap: 3145720k total, 966700k used, 2179020k free, 3671800k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24170 mxserver 20 0 7443m 3.5g 8064 S 351. 5 46.1 66050:27 java
15543 oracle 20 0 1770m 394m 386m S 5.0 5.0 2:57.06 oracle
23634 oracle 20 0 1770m 438m 431m S 4.3 5.6 3:18.65 oracle
1956 root 20 0 201m 9284 2312 S 2.7 0.1 173:04.38 snmpd
2857 oracle 20 0 1770m 418m 411m S 2.7 5.3 3:32.20 oracle
8727 oracle 20 0 1770m 320m 313m S 2.7 4.1 1:57.90 oracle
31357 oracle 20 0 1763m 265m 263m S 1.0 3.4 399:33.62 oracle
3335 root 20 0 4060 156 128 S 0.3 0.0 94:04.66 rngd
3343 root 20 0 104m 1060 808 S 0.3 0.0 375:49.12 monit
1 root 20 0 19340 1000 808 S 0.0 0.0 0:44.78 init
2 root 20 0 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 0 S 0.0 0.0 2:30.82 migration/0
4 root 20 0 0 0 0 0 S 0.0 0.0 0:07.22 ksoftirqd/0
5 root RT 0 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#DatabaseActivityMonitoring

------------------------------
matías di cola
------------------------------