Analyzing the resource consumption of the File Threat Protection task

To analyze the resource consumption of the File Threat Protection task:

1. Stop all scan and monitoring tasks.
2. Make sure that on-demand scan tasks (tasks of the ODS and ContainerScan types) are not scheduled to run during your investigation:
   1. Get the list of all application tasks by executing the following command:

      kesl-control --get-task-list

   2. Get the schedule settings for all tasks of the ODS and ContainerScan types by running the following command:

      kesl-control --get-schedule <task ID/name>

      If the command output is RuleType=Manual, the task can only be started manually.

   3. For all tasks that have a RuleType other than Manual, change the schedule by running the following command:

      kesl-control --set-schedule <task ID/name> RuleType=Manual

3. Enable generation of application trace files with a high level of details by executing the following command:

   kesl-control --set-app-settings TraceLevel=Detailed

4. If the File Threat Protection task is not running, start it with the following command:

   kesl-control --start-task 1

5. Load the system in the mode that caused the performance problems; a few hours is enough.
6. Analyze the resulting trace files. By default, trace files are saved in the /var/log/kaspersky/kesl/ directory.

   Under load, the application writes a lot of information to the trace files; however only 10 files 500 MB each are kept, meaning that older information is overwritten.

   If performance and resource consumption issues persist, you may need to optimize File Threat Protection.

   If performance and resource consumption issues no longer occur, then the most likely cause of the issues are the on-demand scan tasks (tasks of the ODS and ContainerScan types). This means you need to optimize these tasks.

7. Disable creation of the application trace files by executing the following command:

   kesl-control --set-app-settings TraceLevel=None

Page top