Hi Richard, a couple of suggestions on this one: 1. apply the default policy "attack detector" - this will cut down the number of events being logged significantly - compare this ploiy to the one being used 2. set logsize back to default 50000 and set high water mark to 10% - this will reduce the number of records actually being synced, so there is a better chance for the sync process to complete 3. upgrade to 3.2.1 if not yet done 4. monitor your LAN using M$ packet monitor - what�s really out there 5. check if there are busy machines like netmgmt servers that can be filtered 6. if you are monitoring 100Mbps LANs consider an upgrade for CPU + MEMORY 7. maybe there is a certain event that triggers the engine to go mad - experiment with policies starting with a real simple one - use trace log for problem analysis Good Luck Karl Jaeger BDG Richard Sears wrote: > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! > ---------------------------------------------------------------------------- > > I posted this message a few weeks ago and have gotten some suggestions on > how to fix the problem outlined below but, have been unsuccessful. I thought > if I was a little more detailed with my description that perhaps someone > might know what to do to remedy my situation, other than installing massive > amounts of memory, which was one suggestion that I got from someone. Do you > really think it's a problem that throwing tones of memory at will fix, or is > it that the CPU isn't fast enough? Is it a configuration issue? Is it all of > the above? Please, let me remind you that this was a problem that developed > over time and which was not evident for the first nine months I used > RealSecure. I can't think of any changes that have been made in the network > that would cause this. > > The problem or group of problems involves ISS RealSecure 3.2. I can't get > rid of the error message, "DB High water-mark reached," which shows up in > the RSCONSOLE machine's High Priority Event log. This event is also filling > the Windows NT event viewer application log on the machine which monitors > the internal network traffic. I have tried everything suggested in the > "help" and any documentation supplied with RealSecure. When this came to my > attention the default settings for the "Dynamic Database Upload" was not > enabled by default - I was syncing them manually. I have two detectors > (running the network_engines) one is monitoring the internal network, > machine named RS2, and the other the traffic from the Internet, machine > named RS1. RS1 seems to be functioning fine. Let me describe the symptoms of > RS2. > > 1. The CPU will max out at 100% usage. In the Task Manager > Processes tab the Image Name network_engine uses all available CPU. Memory > Usage by the service seems to consistently stay at about 70% of total system > memory. > 2. When I go into Control Panel Services and stop the Daemon > Service (which can take a long time due to the processor being tied up) the > processor time returns to System Idle Process. > 3. When the DB Sync occurs the RSCONSOLE appears to be frozen > in the detector pane. The Detector DB Progress remains at "Auto Sync: 0 of > 50000" there doesn't appear to be anything happening. Sometimes the Detector > DB Progress will indicate a synchronization error and sometimes (most of the > time it just seems to hang at "Auto Sync: 0 of 50000") for the detector on > RS2. This is being caused be to heavy CPU utilization by the network_engine > on RS2. When the sync is successful the "DB High water-mark reached" > messages will diminish for a time but their frequency will increase over > time until there is another successful sync of the DB. > 4. I have attempted to fix the problem in with the following > remedies. > * In Maintain Log, I have increased "Maximum > Records in Log" from the default of 50000 to progressively higher settings > * Decreasing "DB Sync HighWater Mark" > percentage from the default of 90% to progressively lower settings > * In Maintain Logs, I deleted some of the > console log history > > I have to reboot RS2 or stop the Daemon to get it back to a normal > operation, where the processor isn't screaming to a point where I think it's > going to melt! This is only temporary - until the database attempts > synchronization, then RS2 will be right back at 100% CPU usage. The three > dedicated machines in question have PII 350 with 128 Meg of ram. HELP! > > Thanks, > Rick
begin: vcard fn: Karl-Heinz Jaeger n: Jaeger;Karl-Heinz org: BDG adr;dom: http://www.bdg.de;;;;;; email;internet: [EMAIL PROTECTED] tel;work: 49 6126 94433 21 tel;fax: 49 6126 94433 31 x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard
