Understanding and troubleshooting Ram, CPU, Disk, and Network I/O errors.

Introduction

This article provides information about I/O errors that may occur in hardware such as RAM, CPU, network, or disk in Logsign server.

CPU Control

Services such as Elasticsearch, Logsign-parser, or Logsign-alarmflow consume top-level CPU in Logsign server. In some cases, the server's CPU may not be sufficient.

You can check CPU usage or load average with Htop or top. If high usage values continue constantly, you can perform a CPU increase process.

If the CPU is insufficient, you may experience slowness in your user interface and all other operations.

1.png

 

In addition to the following Logsign services, it is not possible for a process outside Logsign to constantly consume CPU. This process may be a package or agent loaded onto the Logsign server, and you can ease CPU usage by removing unimportant packages and agents from the server.

2.png

 

RAM Control

Services such as Logsign Elasticsearch, Logsign-parser, or Logsign-alarmflow use top-level RAM. In some cases, RAM usage reaches the server's capacity limit and falls into swap area usage. The problem here is the occurrence of 80-100% usage of your 4GB swap area. If RAM usage has not increased due to an abnormal process other than Logsign services, you should perform a RAM upgrade process.

3.png

4.png

 

RAM usage status is critical. If RAM status is insufficient, the operating system services will be shut down, and problems will occur in the connected services.

 

Disk Control

The read/write speed of the disk in Logsign servers is important, and slowness on the current disks can affect the entire system and even cause log interruption. We can perform disk I/O control with the following command.

iotop

5.png

6.png

 

You can view the instant I/O rates of your disk on this graph.

You can examine the existing disk for problems by testing the read/write speed of your disk with the following command.

dd if=/dev/zero of=/tmp/logsign.test bs=1M count=1024

7.png

 

In the above example, we examined the read/write speed of a 1GB file being written to the disk instantly. If this speed drops below an average of 100 MB/s, check your disk.

The disk latency is checked with the following command. It is recommended that the average should not be below 1 MB in the test results.

dd if=/dev/zero of=/tmp/test2.img bs=512 count=1000 oflag=dsync 

 

Network Control

You can perform a quick test by pinging the gateway address on all network cards in your Logsign servers.

8.png

 

Ping response time should not exceed 2.0 ms.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.