Linux Security real-time protection causes performance issue
Further analysis is needed to pin-point the problematic file and/or process that is causing the performance issue. By setting fsoasd (real-time inspection process) log to debug mode, it is possible to record all accesses that perform real-time virus and integrity checking. Follow the steps below:
We recommend deleting the existing fsoasd.log file so a fresh log file is created for easier analysis. Execute the following command:
The numbers on the left indicates the epoch time (January 1, 1970). The items after BOTTOMHALF are as follows:
0x0: OPEN (Open file)
0x2: CLOSE (Close the file)
0x10: CLOSE (Close the file after change)
0x4: EXEC (Execute the file)
0x80: Load module
[flags] open Flags argument
[file] Name of the file to access
[process] Name of the process that performed the file operation
[pid] Process identification number of the process that performed the filed operation
Performance improvement tips
Based on your debug log, you can identify ways to improve system performance.
If there are many files in the same directory being accessed, there is a possibility that performance may be improved by excluding the corresponding folder from real-time protection.
If many processes access the same process, there is a possibility that performance may be improved by registering the corresponding process in [whitelisted executable file] in real-time protection scan setting.