Imperva Cyber Community

Expand all | Collapse all

Gateway CPU Utilization

  • 1.  Gateway CPU Utilization

    Posted 29 days ago
    We are using x8510 gateway.
    Its CPU utilization goes around 90% when an application gets around 600 connections and 2300 hits.
    Though the throughput is around 3.9 Mbit/sec


    When we disable that particular application, CPU utilization comes around 20%

    Please help to understand the issue.
    Also please let us know, how we can mitigate this.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Pankaj Chouhan
    ------------------------------


  • 2.  RE: Gateway CPU Utilization

    Community Manager
    Posted 29 days ago
    @Pankaj Chouhan

    Here are a couple of post that others asked. Maybe some of the information in these posts can help more. 

    CPU & RAM high​ - @matías di cola, did you figure this issue? Do you remember what you did to solve it?
    One thing that @Craig Burlingame mentions is: I would like to ask if you could go to Admin -> System performance -> CPU load percentage over time by component and check "View last day".  Many times you'll see a component that is taking most CPU, and this will give you a clue on where to start debugging.  If you could please check that and reply back it will help to identify the potential issue.


    regexp match error match time limit ​​- @Shoulin Yan, maybe you can also talk about how you might of resolved this issue? ​
    One thing that @Ira Miga mentions is: Also you can check if recently new policies have been applied that could have caused this.
    The CPU can be high since the processed traffic has extremely large parameters.
    You can create an exception to the policy to ignore extremely large parameters to see if it solves the issue.
    But then you should find the problem and delete the exception.

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 3.  RE: Gateway CPU Utilization

    Posted 27 days ago
    Hi Christopher, we still couldn't solve it.
    we have a technical question: How Imperva agenst works?
    Example: We install an Imperva agent in a database server, after that What databases are monitored by agents?
    Are all the databases that exist on the server monitored?
    How can I specify which database I want to monitor?

    ------------------------------
    matías di cola
    ------------------------------



  • 4.  RE: Gateway CPU Utilization

    CHAMPION
    Posted 25 days ago
    Hello,

    Does this specific application has any Audit Policy where is audited everything? If it is, you should tune your audit policy, because auditing and also learning an "Audit All" policy is very cpu consuming, i noticed.
    As for agents, when a new service is created and associated with an agent, you have default ports depending on type of service you selected. For example, you have in a service MSSQL ports: 1443, for Oracle service are ports: 1521,1527. So if you have instances on these ports will be monitored. You should check the interfaces in the respective agent, if you have any interface in "ignore this interface" mode  it wont be monitored.
    Also, depends in the protected IP you have configured in Server Group level.

    If you want to monitor only a specific database you can define Agent Monitoring Rule, with match criteria: Database and Schema or you can create an Audit Policy to only monitor that database, or instance.

    Hope it helps,

    ------------------------------
    Sabajete Elezaj
    SNT Albania
    ------------------------------