There are instances when you are required to gather a detailed log information about a Deep Security Virtual Appliance experiencing a high CPU usage.
When there is a high CPU usage on a DSVA, there are two logs required to be examined:
Find the strace log of the process that triggers the issue.
- Determine which process is causing the high CPU usage from the default "top" command. The first column of the output will show the PID of the high-CPU process.
- Once you found the PID of the process, run the command below:
strace -f -p <pid_of_high_cpu_process> -o <path/log_file_name>
For example, if the high-CPU process' PID is 12345, then the command should be:
strace -f -p 12345 -o /dsam_trace.log
Gcore dump file
Generate the core dump of the process that triggers the issue.
- Determine the PID of the high-CPU process.
- Run the following command:
gcore -o <path/dump_file_name> <pid_of_high_cpu_process>
For example, if the PID is 12345, the command should be:
gcore -o /dsam.dmp 12345