There are two parts to FAM, that work independently:
- the FAM monitoring, which generates alerts or blocks file access;
- the FAM crawler, which discovers files that may contain sensitive information.
The two work completely separately - you can run one, or the other, or both. In your case, it sounds like your performance hit is because of the crawler process; that may be because, after installation, it needs to investigate the entire file system once. After the initial pass, it will consume less resources, since it only needs to run periodically and look for any changes.
If you do not need the crawler capabilities - in other words, if you already know what files you want to protect - then of course you can just stop the crawler. FAM monitoring/alerting will continue to be active.
------------------------------
Paul Spencer
------------------------------
Original Message:
Sent: Wed July 10, 2019 12:19 PM
From: Rodrigo Diaz
Subject: Issue FAM Agent
Hi Community,
We are having problems with the consumption of resources in the fileserver that we installed the fam agent. Basically when we installed the FAMs we configured the source directory, then from the investigation dashboard you can generate rules based on the found files. We do not have rules implemented more than any of testing, for which the FAM is consuming resources just for doing the crawler that we understood that it should work correctly since just above that rules apply.
We configured source directory for example as 'E:/', we see all the files on the investigation dashboard and we can apply rules from this dashboards, but the resources (RAM & CPU) of file server are very high.
Can you help us with that issue? or maybe We need a scope to define the installation of guardium FAM agents.
Thanks in advance,
Best regards,
Rodrigo
------------------------------
Rodrigo Diaz
------------------------------