cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Wagner1991
Level 7
Report Inappropriate Content
Message 1 of 3
‎03-23-2021 01:40 PM

MWG 8.2.12 CPU 100%

Hi All,

I've got the problem with high CPU  usage on MWG version 8.2.12.we currently have two physical appliances, I have restarted the appliances but this high CPU still continues.

I need a suggestion to help me solve this problem.

 

 
 

01.PNG

 

02.PNG

 

Regards.

0 Kudos
Reply
2 Replies
mkutrieba
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎03-23-2021 11:26 PM

Re: MWG 8.2.12 CPU 100%

Hello @Wagner1991,

this could literally be anything causing it. You would need to check current running connections with command:
# /opt/mwg/bin/mwg-core -S Connections
and also scans:
# /opt/mwg/bin/mwg-core -S Amjobs

Could be possible that clients generated some huge traffic running multiple updates and MWG initiates an external connection for each and downloads archives, executables etc. and must extract and scan all of them.
Could also be something else, a bug (8.2.12 is from Sep 2020) etc.
The output of the lists maybe provides you more details, maybe you see a pattern like same URL is scanned X times or you see that there are many connections to same website downloading same file.

I would suggest to create a feedback file and also core file while the issue is occurring (to have most important information from MWG while being in high CPU state) and open a ticket with this data as it is to sensitive for sharing in community.

If you do not want to troubleshoot this, I personally would upgrade to latest version and then perform a clean reboot. Update/reboot kills all running connections and scans. If issue is resolved then, we do not know why, if issue re-occurs then any traffic initiated by your clients is causing it and above debug data is needed for support so that they can check why is currently running on MWG and scanned while data was created during high CPU issue time.

FEEDBACK FILE
1) Navigate to "Troubleshooting" > select the MWG you are testing on > "Feedback"
2) Keep the option "Pause running McAfee Web Gateway to create a backtrace (recommended)" enabled (this will NOT stop any service!)
3) Click the "Create Feedback File" button. This way we get your policy, configuration and debug information.
Via CLI:
# /opt/mwg/bin/feedback.sh -l 2

Manual Core File from CLI
1) Navigate to /opt partition to have more disk space available
# cd /opt/mwg/log/debug/cores
2) Manually force a crash to create a gcore file:
# gcore $(pgrep -n mwg-core)
3) Download the file from UI via "Troubleshooting" > "Log files" > "debug" > "cores" or transfer the file via FileZilla or WinSCP

Please let me know if you have further questions.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Reply
Kishore_CYber
Level 7
Report Inappropriate Content
Message 3 of 3
‎03-29-2023 11:38 PM

Re: MWG 8.2.12 CPU 100%

Hello

Will there any service interruption if we perform above mentioned captures during production hours

 

regards

Kishore

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC