This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR agent installation suggestions for a Proxmox host and its LXC containers

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR agent installation suggestions for a Proxmox host and its LXC containers

rmavrinac
L0 Member

‎03-23-2023 12:07 PM

We use a cluster of Proxmox servers which host a number of LXC containers and KVM/QEMU VMs. Our central IT department requires use to install the Cortex XDR agent on all the devices. I have a Debian Bookworm server with the cortex agent installed which only consumes between 0.0-0.3% CPU. On the Proxmox servers, this CPU usage is about 140%. Making things worse, each LXC container shares the host's kernel and for every pmd process in hosted LXC containers these processes show up on the Proxmox server host as additional pmd processes also running at 140% CPU usage.

 

I see plenty of documentation about Docker/Kubernetes and VM templates, but none of it applies to Linix containers.

 

Any suggestions as to how to get this to behave?

0 Likes Likes
2 REPLIES 2

anlynch
L4 Transporter

‎03-23-2023 12:55 PM

Hi @rmavrinac,

 

Thanks for reaching out to LIVEcommunity!

 

I'm sorry to hear about the problem that you're running into.  First, I don't believe the Cortex XDR Agent is going to run properly in a ProxMox LXC Container.  Please see here for our documentation regarding where a Cortex XDR Agent can be installed.

 

In regards to your issues of CPU usage I'd recommend reaching out to Customer Support.  You'll have the ability to send them a support file and they'll be able to give you more help on how to resolve this issue if possible.  

 

I hope you found this information helpful.

 

Have a great day!

0 Likes Likes

rmavrinac
L0 Member
In response to anlynch

‎03-24-2023 06:28 AM

Thanks for your comments.

Regardless of how the agent will run in the LXC container, the host server itself is experiencing the high CPU load. We'll open a ticket for that specifically.

Our security group is insisting on having the cortex agent installed on every server - unfortunately we have a number of servers running as containers. Since the LXC container processes are just isolated by namespace while sharing the host kernel, and the host sees all these processes anyhow, I agree that the agent probably shouldn't be running in an LXC container at all.

  • 1290 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks