|Applies To||RSA Product Set: RSA NetWitness Platform|
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.3, 11.4, 11.5
O/S Version: 7
Product Name: sasftpagent.sh
|Issue||After running the NetWitness linux sasftpagent.sh script for some time finds there are numerous zombie processes.|
For example running the "top" command shows a non-zero zombie process count.
|Cause||If the sasftpagent.sh script is scheduled to run too frequently and the logs been collected is large, then the script will not have sufficient time to finish before the run of the script starts.|
The sasftpagent.sh script will try to kill the previously running instance of the script which may be causing the zombie processes to appear.
The sasftpagent.sh script log indicates that a previously running script tried to be killed, many times and regularly.
|Resolution||Change the cronjob that runs the sasftpagent.sh script to run less frequently.|
If the sasftpagent.sh script runs every 15 minutes, then change it to run every hour and if the zombie processes do not increase, decrease the frequency down to 20 or 30 minutes.
Recommendation: Do not run the sasftpagent.sh script more frequently than every 15 minutes, as the script has a lock timeout of 15 minutes in case large file transfers do not complete within that time.
|Notes||Zombie processes do not use any system resources, they only occupy a process ID entry in the process table.|
The zombie processes will show in the ps output as defunct processes.
Can try tidy up any remaining defunct processes with the following kill command.