Has anyone experienced NMI errors on virtual ESM appliances? Basically the VM dies/stops responding, sometimes it will cover by itself, else only a hard reset via vCentre can fix it.
Running on version 9.6.0 MR8.
We are experiencing similar issues. Was happening on 9.6.0 MR5 and is happening again on 10.0.3
We are running on a CentOS 7 host running the KVM virtual machines. I opened an SR with McAfee on it.
We may have found a solution. As I mentioned, we're running ours on Linux via KVM. I don't know if this will help on other platforms. It seems to have fixed out problem and the VMs that were crashing immediately stopped after the fix was applied, no reboot of the host or VM was required.
echo never > /sys/kernel/mm/transparent_hugepage/defrag
sync && echo 3 > /proc/sys/vm/drop_caches
This change can be made permanent by adding the following cronjob:
@reboot echo never > /sys/kernel/mm/transparent_hugepage/defrag
@monthly sync && echo 3 > /proc/sys/vm/drop_caches
We're not 100% sure yet if the drop caches part is needed or not.
Thanks. Your first part of commands seemed to worked, but cronjob gives me bash: @reboot: command not found, and @monthly: command not found.
Any idea why? I tried this on the SIEM VM CLI.
The cronjobs and the fix need to be applied to the host, not the McAfee VM. I should have been more clear on that.
We haven't implemented the monthly cronjob as we want to see if that one is actually necessary or not first, as it will impact performance, at least when it's run.
The @reboot command should work in root's own crontab file, or if you're doing it in the system crontab (/etc/crontab), you'd need to indicate the user to run it (in this case root) so:
@reboot root echo never > /sys/kernel/mm/transparent_hugepage/defrag