I just took over a Sentinel implemenation with some problems. The web UI
and the Event Source Management console stops responding periodically.
Only a restart of the Sentinel server will fix this.

I've been working with NetIQ support for two months with no joy so I
thought I'd post here to see if someone might have an insight on what's
going on.

Here are some particulars:
Sentinel v7.1.1.2 VMWare appliance with 8 vCPU and 24576MB memory.
We have a CM and two SAM servers.
180 devices with agents and about 25 or 30 other devices connecting via
syslog, etc.
EPS run anywhere from ~70 to ~400 on a normal day.

Some things we've tried are:
Deleted the one Security Intelligence dashboard we had.
Turning off a custom collector.
Turning off our only correllation engine.
Installing a clean mongodb.
Some other stuff I've forgotten.

We see memory dumps continually. I just sent one to NiQ support a couple
of days ago for them to analyze.

Whenever the UI stops responding I can go in to Sentinel and see that
the status is "running". I do see on the Performance tab in VMWare that
the CPU utilization practially flatlines. Like it's not doing any work
at all.

The techs I've been working with have been really awesome working with
me on this but this has them stumped.

Any thoughts?


tscislaw's Profile: https://forums.netiq.com/member.php?userid=8043
View this thread: https://forums.netiq.com/showthread.php?t=52000