Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 10024 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging for onAccess scanning

Matt Gehrls

Is there a way to look at what is currently being scanned by the onAccess scanning. I had about 25 minutes this morning where my SVMs went to high CPU load and I felt like I was blind to what was happening. I'd like to see all activity on the SVM and what a individual GVM is scanning. (also want to be able to tune\verify that exclusions are working)

Thanks
Matt



This thread was automatically locked due to age.
Parents
  • 0

    Well, after looking at the configuration guide again, Page 17 shows how to export the logs. In there the ssvm.log shows some of the activity. But I'm seeing lots of noise and more "scan errors" or "Failed to get data from GVM" lines then successfully scanned lines. This is still not real-time and clunky to do...

    Also, my gut is telling me that exclusions are not working properly. I have a couple processes that process a lot of txt files and I can spike the SVMs CPUs when they run. I'll probably open a ticket on that and see what they see. (I would rather be a little self sufficient and easily see for myself what is happening...)

     

    Matt

Reply
  • 0

    Well, after looking at the configuration guide again, Page 17 shows how to export the logs. In there the ssvm.log shows some of the activity. But I'm seeing lots of noise and more "scan errors" or "Failed to get data from GVM" lines then successfully scanned lines. This is still not real-time and clunky to do...

    Also, my gut is telling me that exclusions are not working properly. I have a couple processes that process a lot of txt files and I can spike the SVMs CPUs when they run. I'll probably open a ticket on that and see what they see. (I would rather be a little self sufficient and easily see for myself what is happening...)

     

    Matt

Children
  • 0 in reply to Matt Gehrls

    Hi Matt

     

    The logs will contain by default a lot of noise. Generally, because the SVMs are so busy it will only log failure events.

     

    If you would like to dig deeper as to what might be causing this, I echo QC's thoughts and think contacting Support directly would be best.

     

    Nero

Unfiltered HTML