-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase in Disk_Read by Wazuh-syscheckd #22601
Comments
Issue updateI have started by analysing the test reports, where the following can be seen: 4.7.3Both the graph and the CSV file show that the disk read value remains at zero from the start until 4.8.0In both
Beta 3Beta 4Something to note is that in all cases, the |
As reported in #22565, Vulnerability Detector is enabled when the test starts (default configuration) and this affects Since the
And we can see the following:
Therefore I propose to re-launch the test with the appropriate configuration so that the Vulnerability detector does not affect the measurement. |
In order to clarify the previous comment, we can see that at the beginning of the 4.8.0 test Vulnerability Detector is enabled because it is taking a default Wazuh configuration from a template.
The configuration is replaced and the manager is restarted:
And with this new configuration we see that Vulnerability Detector is disabled:
Unlike 4.7.3 where it is always disabled. This affects the measurement and makes the graphs not comparable. Therefore, Vulnerability Detector should be disabled before the manager starts. |
During testing in Release 4.8.0 - Beta 4 - Footprint Metrics - MACOS-SOLARIS (2.5d) it has been detected an increase in Disk_Read by Wazuh-syscheckd. This behavior has not been detected in previous versions, but it has been detected in 4.8.0 Beta 3, although it had not been reported since footprint was not analyzed at that stage. An increase in Wazuh-modulesd can also be seen but this is already reported in this issue #22566
The plots are compared to #22314.
4.8.0 - Beta 3 plot:
The text was updated successfully, but these errors were encountered: