Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 5248 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Savd scanner timeout error

Cards11x

Had a VM become unresponsive and unable to ssh. Looking at the logs, it appears that the savscand held up the kernel and caused it to lock up.

savlog shows the following

Tue 01 May 2018 07:28:40 PM EDT: savd.scanner.timeout  Scan processor failed to send heartbeat messages and will be stopped.
Tue 01 May 2018 08:03:11 PM EDT: savd.scanner.timeout  Scan processor failed to send heartbeat messages and will be stopped.
Tue 01 May 2018 07:20:12 PM EDT: savd.daemon           Sophos Anti-Virus daemon started.
Tue 01 May 2018 07:20:13 PM EDT: savd.daemon           Previous instance of Sophos Anti-Virus daemon did not exit cleanly.
Tue 01 May 2018 07:20:15 PM EDT: sophosmgmtd           Remote Management System started.
Tue 01 May 2018 08:21:09 PM EDT: savd.scanner.timeout  A scan processor timed out during startup.
Tue 01 May 2018 08:22:10 PM EDT: savd.scanner.timeout  A scan processor timed out during startup.
Tue 01 May 2018 08:22:21 PM EDT: savd.daemon           On-access scanning enabled using talpa.
Tue 01 May 2018 11:23:01 PM EDT: update.updated        Updating from versions - SAV: 9.14.2, Engine: 3.70.2, Data: 5.50
Tue 01 May 2018 11:23:01 PM EDT: update.updated        Updating Sophos Anti-Virus....
Updating SAVScan on-demand scanner
Updating Virus Engine and Data
Updating Manifest
Update completed.

And found this looking at the kernel logs.

May  1 18:34:40 kernel: Process savscand (pid: 21796, threadinfo ffff88010f900000, task ffff88083172d520)

Can anyone help explain what actually is occurring with the savd.scanner.timeout error we're seeing in the savlog.


This thread was automatically locked due to age.
Parents
  • 0

    The first two are the two existing savscand being terminated for failing to send heartbeat messages to savd.

    The second two are from new savscand failing to start up in time.

     

    They would normally indicate the machine is very overloaded, and unable to run the scanners appropriately. They are a symptom of the machine failing to give enough resources to the scanners.

    The syslog line is probably part of a hung process output? Or maybe OOM killer? We'd need more context to work it out.

     

    In summary: I think the SAV output is a symptom if something else causing a problem on the box, either keeping CPU busy, or filling memory, or saturating I/O.

Reply
  • 0

    The first two are the two existing savscand being terminated for failing to send heartbeat messages to savd.

    The second two are from new savscand failing to start up in time.

     

    They would normally indicate the machine is very overloaded, and unable to run the scanners appropriately. They are a symptom of the machine failing to give enough resources to the scanners.

    The syslog line is probably part of a hung process output? Or maybe OOM killer? We'd need more context to work it out.

     

    In summary: I think the SAV output is a symptom if something else causing a problem on the box, either keeping CPU busy, or filling memory, or saturating I/O.

Children
No Data
Unfiltered HTML