12-19-2023 03:13 AM
Hello team,
I have query regarding Cortex XDR Linux agent memory consumption and management.
We have seen multiple cases where Cortex XDR memory consumption is high, however whenever we raise a case we got to know that memory consumption is normal.
I would like to know what is the idle consumption for Cortex XDR agent in linux OS?
How Cortex XDR agent manages virtual (VSS) and resident memory(RSS) allocation in linux? As virtual memory consumption looks huge multiple time while checking the consumption.
Thanks in advance !!
12-22-2023 06:20 AM
Hello @tejaspatil12
Thanks for reaching out on LiveCommunity!
We cannot provide idle memory consumption for XDR agent because it varies from environment to environment. Regarding memory allocation, Resident memory is the actual physical memory used by the process, while virtual memory means that the os reserved pages for the process. In pmd's case, most of those pages are not used. The sum of resident memory of all processes should not exceed the systems total available RAM while virtual memory can easily exceed the total RAM. Thus, the relevant metric for memory pressure is usually the resident memory.
Note: If memory consumption is consistently high please open the TAC case to find the root cause.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
12-25-2023 11:22 PM
Hello @nsinghvirk ,
Thanks for clarity on these.
1 more query regarding the same :-
If virtual memory is used by process pmd is not used then when it gets released by Cortex XDR. As increased consumption of these virtual memory is also issue right?
01-11-2024 12:19 PM
Hi please, I need your comments.
We have a server linux CentOS 7, with 2CPU, 40GB HardDisk and 4GB RAM.
The agent version is 8.1.1.112729
The RAM usage for the agent it's 2GB. We can limit RAM usage for Cortex processes??
Or what is your recommendations?
Best regards,
01-12-2024 06:21 AM
Hello @DanielaMorales
Thanks for reaching out on LiveCommunity!
The specification required for Cortex XDR agent version 8.1 are given below.
|
REQUIREMENT |
MINIMUM SPECIFICATION |
|---|---|
|
Processor |
Processor 2.3 GHz dual-core processor |
|
RAM |
4GB; 8GB recommended |
|
Hard disk space |
10 GB |
Hence please follow the minimum specification of 4GB RAM for proper working of agent. To know more about cortex xdr agent requirements for linux operating system please follow below document.
01-12-2024 06:46 AM
Hi Nsinghvirk,
Thank you for your comments, I am very clear about the minimum and recommended requirements for the version 8 agent.
What remains in my doubt is whether with 4GB of RAM the available memory can be considered very limited? Considering that pmd's processes Cortex are taking up 2 GB. Can memory use be limited for Cortex processes? Or how can I check why Cortex is using so much memory to analyze?
Regards,
01-12-2024 08:55 AM
Hello @DanielaMorales
There is no inbuilt memory limiting feature available with Cortex XDR. We do not recommend to limit the memory for XDR as it will impact its protection capabilities. 4GB is given as a minimum specification with 8GB being the recommended RAM requirement. If you are observing high memory usage by XDR please open a TAC case because they will be able to analyse the memory consumption logs and will help you to reduce the usage.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
