BitNinja increases the server load

You are here:
Estimated reading time: 1 min

What process is responsible

We need to check what process is responsible for the increased load.

To do so:

  1. Run htop or top command, htop is more user-friendly
  2. Sort the processes according to memory usage
    1. in htop press F6 and select the PERCENT_MEM option at the left side with the arrow keys or clicking and press enter
  3. See which process consumes most of the server’s memory

inotify-wait

You can copy the commands from the video below

If you see a process, called inotify-wait, it belongs to our Malware Detection module, however, it is not the only Monitoring tool that we have if you feel like you can change it to AuditD which is using less resource.

  1. Open the Configuration menu on your BitNinja dashboard.
  2. Select the setting level on the left side. (server-level, server group-level, account-level)
  3. Select the Malware Detection module.
  4. Change the “File system monitor” value to “aduitd”.

  5. Click on the Apply button at the top.

bitninja [MalwareDetection]

If the process’ name is bitninja [MalwareDetection] then the load is increased because:

  • There are a lot of files that are being charged or created at the same time so BitNinja’s Malware detection checks all of them. Please check if you have any crons on the server that might cause a lot of files being regenerated or changed.
  • If BitNinja was recently installed on the server, then our Malware detection module will only increase the load on the server for a short time, as it might be generating an indexing database of the whole filesystem.
If you are experiencing an increase in server load due to the malware detection module, we have a guide available to help you optimize it:

MalwareDetection load optimization

Senselog or ConfigParser

If the process is called Senselog or ConfigParser then their resource usage will be minimal, these processes only increase the load of the server when BitNinja has just been installed, the load should be back to normals after BitNinja processed the logs of the server. After that BitNinja will only check changes.
If one of the above modules are responsible for the increased load please send us a ticket here
Please include a screenshot of the htop command’s output and the server’s hostname for speedy investigation.

Was this article helpful?
It was not helpful
Views: 1076