HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: IDS/9000 idscor, idsagent, idssysdsp performan...
Operating System - HP-UX
1833758
Members
2711
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2003 04:36 AM
08-12-2003 04:36 AM
IDS/9000 idscor, idsagent, idssysdsp performance
I have implemented IDS/9000 v2.1 (B.02.01.32) on several 11.i systems. When the idsagent startup script is launched, I noticed in top that idscore (especially), idsagent and idssysdsp processes occupy a high CPU load average (see snip below).
I checked the security forum for previous posts on performance and can only find Pierre's mention of checking executable files located in /opt/ids/response. The only executables in that directory are:
-r-x------ 1 ids ids 16384 Mar 22 2002 ids_alertResponse
-r-x------ 1 ids ids 573 Aug 23 2001 send_alert_to_vpo.sh
Anybody have any ideas?
I checked the security forum for previous posts on performance and can only find Pierre's mention of checking executable files located in /opt/ids/response. The only executables in that directory are:
-r-x------ 1 ids ids 16384 Mar 22 2002 ids_alertResponse
-r-x------ 1 ids ids 573 Aug 23 2001 send_alert_to_vpo.sh
Anybody have any ideas?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2003 04:56 AM
08-12-2003 04:56 AM
Re: IDS/9000 idscor, idsagent, idssysdsp performance
You mean something like this ???
3 ? 22555 ids 241 20 27680K 14000K run 87:05 95.14 94.98 idscor
1 ? 23806 root 154 20 11548K 6044K sleep 11830:32 14.15 14.12 oninit
1 ? 22556 ids 168 20 13044K 208K sleep 5:15 4.52 4.51 idssysdsp
2 ? 22397 ids 152 20 14168K 10716K run 4:40 3.87 3.86 idsagent
The files in opt/ids/response got nothing to do with performance. This are just executables that are triggered in case of level 1 alerts.
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2003 07:30 PM
08-18-2003 07:30 PM
Re: IDS/9000 idscor, idsagent, idssysdsp performance
Hi,
There are some notes within the documentation supplied with IDS/9000 concerning performance related issues. If my memory serves me right, by turning off security options within the templates will help the situation.
I did turn the suggested options off, but found that inheritantly the idsagent continues to use a lot of resources. If I find the notes that I'm talking about, I post another reply.
Regards,
Joanne
There are some notes within the documentation supplied with IDS/9000 concerning performance related issues. If my memory serves me right, by turning off security options within the templates will help the situation.
I did turn the suggested options off, but found that inheritantly the idsagent continues to use a lot of resources. If I find the notes that I'm talking about, I post another reply.
Regards,
Joanne
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2003 08:47 PM
08-18-2003 08:47 PM
Re: IDS/9000 idscor, idsagent, idssysdsp performance
Checking for buffer overflows seems to use a lot of resources. Instead of monitoring for this, use the executable_stack setting in the kernel to not allow them (after setting it to warn first to make sure none of your needed apps will fail). The other advanced feature, searching for race conditions, also uses more resources. This isn't as easily protected against, but making sure that SUID programs are properly patched and user's can't create their own (use mount option -nosuid) will help.
- Chris
- Chris
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP