This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Extreme High CPU Usage with sophps protection with Linux

hello , 

we are using Sophos Protection for Linux on a DNS server ( CentOS STREAM 8 with 64 bit ) ; CPU usage varies from  83.5 % to 85% and it's caused by  This component /opt/sophos-spl/plugins/edr/bin/osqueryd .  This really ties up my system  . 

the SPL version installed : 1.1.9.11

Any suggestions would be highly appreciated.

best regards 



This thread was automatically locked due to age.
Parents
  • We are seeing the same issue. The `osqueryd` process is sitting at 75-80% usage. I've confirmed in Central that no scans are running, and restarting the `sophos-spl` service has no effect (goes back to high usage after restart)

    Host running Ubuntu 18.04, sophos agent version 1.1.10.6

  • Hello Hayden,

    For OSquery that takes 75-80% of usage, you can clear out the directory /opt/sophos-spl/plugins/edr/var/osquery.db.

    You can run  running rm -rf /opt/sophos-spl/plugins/edr/var/osquery.db/* This will clear out the database. You can also perform individual deletion through the above path shared Shorting by (Size or Date). The OSquery will repopulate the database once up and running. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hello Hayden,

    For OSquery that takes 75-80% of usage, you can clear out the directory /opt/sophos-spl/plugins/edr/var/osquery.db.

    You can run  running rm -rf /opt/sophos-spl/plugins/edr/var/osquery.db/* This will clear out the database. You can also perform individual deletion through the above path shared Shorting by (Size or Date). The OSquery will repopulate the database once up and running. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data