McAfee Smart agent causing issues with ElasticSearch cluster
I installed the McAfee Smart Agent on some Centos7 servers that are part of an Elasticsearch cluster, which I believed installed MFEcma 5.5.0 and End Point Security Threat Prevention (ISecTP) version 10.2.0
The install seemed to go OK, and the services started. We noticed some sluggishness with loading data into Elasticsearch and after about 18 hours the Elasticsearch database crashed. Several attempts to restart and rebuild the DB we attempted with no success. The rebuild would be panfully slow and would eventually bring the CPU load on one of the nodes to a point where we would have to cycle power.
I stopped the cms and isectp agents on the elasticsearch nodes and the recovery was able to complete in very short time with no issues.
Is there as way to configure these agents to exclude looking at certain directories or file systems? I will admit I was instructed to install these by my employer (federal govt) and have little insight to how they should function.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.