Hello. anyone seeing osquery going crazy cpu with ...
# linuxj
julient
12/18/2018, 8:46 AMHello. anyone seeing osquery going crazy cpu with "osqueryd worker (pid) stopping: Maximum sustainaible utilization limit exceeded" and killed every 15sec or so? almost no other messages but a few hundred query results (network connections and process) vs 4k limit exceeded a day... trying to get more info on setup. Thanks
p
packetzero
12/18/2018, 9:45 PMyou need to figure out which query or queries are causing the load.
packetzero
12/18/2018, 9:45 PMstrip down your config to minimal and build it up from there
j
julient
12/18/2018, 10:05 PMThanks @packetzero would be nice but prod system that I can't even touch...
p
packetzero
12/18/2018, 10:21 PMyou are going to have to touch the config at some point. Look at "SELECT name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed FROM osquery_schedule;"
packetzero
12/18/2018, 10:21 PMmight give you insight on cpu and memory load
j
julient
12/19/2018, 10:58 AMclearly. added monitoring pack on my options. for now, trying to get system build-run book so I can minimize test iterations...
4 Views