How to see on-access scanning log on linux

Dear All

I have a Linux host, as long as on-access scanning is enabled, it will become very slowly , so i want to check on-access scanning log.

Please tell me what to do.

Linux kernel : 4.12.14-122.17-default

Sophos Anti-virus version: 9.16.1 VE3.79.0

  • Hello Jacky Tu,

    normally On-Access scanning should not cause a significant overhead, but on an NFS server it could cause a performance impact.

    On Linux On-Access scans all files that are opened and closed. What information do you expect from an on-access scanning log? auditd could provide information on which files are accessed (note that On-Access doesn't scan on its own but only in response to an open/close by some process). I don't think ( correct me if I'm wrong) that the scanner can supply detailed performance numbers.
    Questions are, what is the role of this server, which applications is it running, where is this slowness perceived?

    Christian 

  • In reply to QC:

    Dear Christian 

    The Linux host is official Website of company . The host owner told me that the execution of MYSQL job will cause slow access speed,

    but disable on-access scanning returns to normal. So I need to check the log to find the path that causes slowness and exclude the scan.

  • In reply to Jacky Tu:

    Hello Jacky Tu,

    as said, AFAIK On-Access scanning doesn't log the files it scans.

    Can't say if there are generally problems when running MySQL and on-access scanning together (I've found only one post mentioning one). If you want to troubleshoot on your own you'd have to do it from the MySQL side (as mentioned in the first article frequent open/close while writing large files can cause performance issues) you should open a ticket with Support.

    Christian 

  • In reply to QC:

    Dear Christian 

    I will open a ticket with support , thanks you help.