- Products
- Learn
- Local User Groups
- Partners
-
More
It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
The CPU Spike Detective is a tool running only on Gaia OS 3.10 that monitors the system CPU usage and checks for CPU utilization spikes. This tool is introduced starting from R80.40 JHF 69.
How does the spike detective work:
A spike in a CPU core utilization is considered when these conditions are met:
- CPU utilization is over 80% (this threshold is configurable)
- CPU utilization of the specific CPU core is at least 1.5 times higher than the entire system average usage (this threshold is configurable).
This ensures that a highly utilized system (for example, during a performance testing) will not detect all CPU cores as "spiked".
A thread/process is considered as "spiked" if it meets the below conditions:
- Running on a "spiked" CPU core
- Utilization is over 70% (this threshold is configurable)
- Utilization is at least 1.5 times higher than the system average (this threshold is configurable)
Tip 1
The Thread-Spikes information can be reviewed:
# cpview -> CPView > CPU > Spikes > Thread-Spikes
Tip 2
The CPU-Spikes information can be reviewed:
# cpview -> CPView > CPU > Spikes > CPU-Spikes
More read here:
SK166454
With this you can easily find CPU spikes. Is it possible to analyse this over time and output the values in a table?
From SK166454 it seems the only source is /var/log/spike_detective/spike_detective.log
as CPView only has the last minute. And how to find the culprit process without External Stats Collector if this CPU is nothing special?
tnx
CPU spike detective saves spikes’ history across time in the spike_detective.log file and in cpview _services (accessible using the command ‘cpview –t’).
The tool may also extract perf records during the spike which are saved in the /var/log/spike_detective/ directory (same location as the log), which greatly assist in locating the process and/or flow which ran during the spike.
Nice tool!
Is also a network Spike Detective available?
Same Tool ! Look ony at the CPU/core(s) that work as SND(s) and - voilà ! - here is Network Spike Detective 😎
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY