Can someone help me - I continue to test Polylogyx...
# eclecticiq-polylogyx-extensiond
Dervon
04/20/2021, 9:14 AMCan someone help me - I continue to test Polylogyx. I can say that on lightly loaded systems it works fine and even better than sysmon or something else that I have tried. But on heavily loaded systems, when I started testing in production, I saw the problem. The server crashed after 20 hours of work with polylogyx agent, and was not available by any means until I rebooted it. In errors, I encountered the following events
Dervon
04/20/2021, 9:30 AM@OpenPlgx Maybe you can help - I don’t know which way to dig anymore
o
OpenPlgx
04/20/2021, 9:35 AMCan you manually stop the services?
1. sc stop plgx_osqueryd
2. sc stop plgx_cpt
3. sc stop vast
4. sc stop vastnw
OpenPlgx
04/20/2021, 9:35 AMIgnore any failures..but verify that all the services have stopped by running "sc query <svc_name>"
OpenPlgx
04/20/2021, 9:35 AMYou might have to wait 10-15 seconds..
OpenPlgx
04/20/2021, 9:36 AMonce all the services are stopped, try running only "sc start plgx_osqueryd" and lets see if everything comes back to normal
d
Dervon
04/20/2021, 9:55 AMI had to reboot the server completely - since it did not answer and was not available on the Rdp
Dervon
04/20/2021, 9:56 AMafter reboot - all back to normal. But half hour ago - second server with DC role got the same problem
Dervon
04/20/2021, 9:57 AMFirst server - 20 hours before crash
Second server ~ 21
Dervon
04/20/2021, 10:05 AM@OpenPlgx maybe i can add this sequence for example to restart every 8 hours? maybe this can helpto avoid this problem. What you think?
o
OpenPlgx
04/20/2021, 1:35 PMthat can be one work around, yes
d
Dervon
04/20/2021, 2:52 PMthank you sir - i will try
3 Views