HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: IDS/9000 spawns too many idsagent processes
Operating System - HP-UX
1834557
Members
3509
Online
110069
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2003 01:06 PM
07-08-2003 01:06 PM
IDS/9000 spawns too many idsagent processes
I am running J5083AA, A.02.01.32 HP IDS 9000 A.02.01. I notice that I seem to have something of a varying number of idsagent processes getting out of control. How many should I have running at any one time?
I have only one template running on each machine. Yet I note that ids keeps 7 message queues open:
# ipcs | grep ids
q 2 0x000003e8 --rw------- ids ids
q 94211 0x000004a2 --rw------- ids ids
q 94212 0x000004a3 --rw------- ids ids
q 94213 0x000004a4 --rw------- ids ids
q 94214 0x000004a5 --rw------- ids ids
q 94215 0x000004a6 --rw------- ids ids
q 94216 0x000004a7 --rw------- ids ids
q 94217 0x000004a8 --rw------- ids ids
And while when I start up ids it has just one idsagent process going, I eventually end up with a whole bunch:
# ps -ef | grep idsagent ids 28477 1394 0 Jun 19 ? 0:00 ./idsagent -a
ids 14943 1394 0 Jun 26 ? 0:00 ./idsagent -a
ids 8288 1394 0 11:36:02 ? 0:00 ./idsagent -a
ids 13091 1394 0 Jun 26 ? 0:00 ./idsagent -a
ids 1394 1 0 Jun 11 ? 554:42 ./idsagent -a
ids 7425 1394 0 11:22:24 ? 0:00 ./idsagent -a
ids 1556 1394 0 Jun 11 ? 0:00 ./idsagent -a
ids 2367 1394 0 Jun 11 ? 0:00 ./idsagent -a
ids 9553 1394 0 11:43:30 ? 0:00 ./idsagent -a
rlevy 11286 16571 1 13:36:50 pts/1 0:00 grep idsagent
ids 9128 1394 0 11:40:54 ? 0:00 ./idsagent -a
ids 8423 1394 0 11:36:48 ? 0:00 ./idsagent -a
ids 8447 1394 0 11:36:58 ? 0:00 ./idsagent -a
ids 9174 1394 0 11:41:09 ? 0:00 ./idsagent -a
ids 2078 1394 0 Jun 21 ? 0:00 ./idsagent -a
ids 9870 1394 0 11:45:26 ? 0:00 ./idsagent -a
Is there something that causes this? I don't think there are supposed to be that many processes running for this.
Thanks,
-Ron Levy
I have only one template running on each machine. Yet I note that ids keeps 7 message queues open:
# ipcs | grep ids
q 2 0x000003e8 --rw------- ids ids
q 94211 0x000004a2 --rw------- ids ids
q 94212 0x000004a3 --rw------- ids ids
q 94213 0x000004a4 --rw------- ids ids
q 94214 0x000004a5 --rw------- ids ids
q 94215 0x000004a6 --rw------- ids ids
q 94216 0x000004a7 --rw------- ids ids
q 94217 0x000004a8 --rw------- ids ids
And while when I start up ids it has just one idsagent process going, I eventually end up with a whole bunch:
# ps -ef | grep idsagent ids 28477 1394 0 Jun 19 ? 0:00 ./idsagent -a
ids 14943 1394 0 Jun 26 ? 0:00 ./idsagent -a
ids 8288 1394 0 11:36:02 ? 0:00 ./idsagent -a
ids 13091 1394 0 Jun 26 ? 0:00 ./idsagent -a
ids 1394 1 0 Jun 11 ? 554:42 ./idsagent -a
ids 7425 1394 0 11:22:24 ? 0:00 ./idsagent -a
ids 1556 1394 0 Jun 11 ? 0:00 ./idsagent -a
ids 2367 1394 0 Jun 11 ? 0:00 ./idsagent -a
ids 9553 1394 0 11:43:30 ? 0:00 ./idsagent -a
rlevy 11286 16571 1 13:36:50 pts/1 0:00 grep idsagent
ids 9128 1394 0 11:40:54 ? 0:00 ./idsagent -a
ids 8423 1394 0 11:36:48 ? 0:00 ./idsagent -a
ids 8447 1394 0 11:36:58 ? 0:00 ./idsagent -a
ids 9174 1394 0 11:41:09 ? 0:00 ./idsagent -a
ids 2078 1394 0 Jun 21 ? 0:00 ./idsagent -a
ids 9870 1394 0 11:45:26 ? 0:00 ./idsagent -a
Is there something that causes this? I don't think there are supposed to be that many processes running for this.
Thanks,
-Ron Levy
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2003 01:34 PM
07-08-2003 01:34 PM
Re: IDS/9000 spawns too many idsagent processes
Seven message queues are probably not n issue. The product may need a message queue per client.
Processes seems a little out of whack though, the number of processes should be stable unless there is an increasing number of intrusion attempts.
Do the logs track back to the increase in processes? What I mean is, is there any activity on the system that might explain the processes?
There is a lot of related IDS/9000 info in these threads, but no smoking gun(didn't read em all).
http://us-support.external.hp.com/emse/bin/doc.pl/sid=b21a34b90503f8d7d4?todo=search&searchtext=IDS%2F9000+too+many+idsagent+processes&x=34&y=4&searchcriteria=boolean&searchtype=SEARCH_TECH_DOCS&searchtype=SEARCH_MANUAL&searchtype=SEARCH_TRAINER&searchtype=SEARCH_FORUMS&searchcategory=ALL&rn=25&presort=rank
Might be time to measure performance:
(attached)
You may have a resource problem that prevents proper process shutdown.
IDS/9000 has been known to cause some resource problems, as my search shows.
Processes seems a little out of whack though, the number of processes should be stable unless there is an increasing number of intrusion attempts.
Do the logs track back to the increase in processes? What I mean is, is there any activity on the system that might explain the processes?
There is a lot of related IDS/9000 info in these threads, but no smoking gun(didn't read em all).
http://us-support.external.hp.com/emse/bin/doc.pl/sid=b21a34b90503f8d7d4?todo=search&searchtext=IDS%2F9000+too+many+idsagent+processes&x=34&y=4&searchcriteria=boolean&searchtype=SEARCH_TECH_DOCS&searchtype=SEARCH_MANUAL&searchtype=SEARCH_TRAINER&searchtype=SEARCH_FORUMS&searchcategory=ALL&rn=25&presort=rank
Might be time to measure performance:
(attached)
You may have a resource problem that prevents proper process shutdown.
IDS/9000 has been known to cause some resource problems, as my search shows.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2003 12:51 PM
07-10-2003 12:51 PM
Re: IDS/9000 spawns too many idsagent processes
Ron -
This is known problem which is fixed in the soon-to-be released V2.2 of HP-UX Host IDS (new name for IDS/9000).
Here is the description of the workaround from the change request.
CR: JAGae29081
Headline: An ever increasing number of persistent idsagent processes are created.
Added 020612 by PASTUREL,PIERRE
The workaround is to make sure there are no non-executable files
in /opt/ids/response. Examples of non-executable files include ones
which do not have execute permission for user ids, which are zero
length files, and which do not contain a valid executable image.
Pierre
p.s. Please post any future questions about IDS/9000 on the hp-ux security forum. Thanks.
This is known problem which is fixed in the soon-to-be released V2.2 of HP-UX Host IDS (new name for IDS/9000).
Here is the description of the workaround from the change request.
CR: JAGae29081
Headline: An ever increasing number of persistent idsagent processes are created.
Added 020612 by PASTUREL,PIERRE
The workaround is to make sure there are no non-executable files
in /opt/ids/response. Examples of non-executable files include ones
which do not have execute permission for user ids, which are zero
length files, and which do not contain a valid executable image.
Pierre
p.s. Please post any future questions about IDS/9000 on the hp-ux security forum. Thanks.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP