Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎05-27-2020 06:27 AM Edited on ‎08-28-2023 10:58 AM

Article Id 190603

Technical Tip: Performance issues when collecting host applications

Description
Poor performance can be experienced in systems configured to collect application information when endpoints are scanned.  Symptoms include but are not limited to:

  • Extended startup time of the appliance's management services
  • Delayed or no response to RADIUS requests from managed wireless devices, causing intermittent wireless authentication failures
  • Database replication failures in pairs configured for High Availability 
  • /bsc/logs/output.master log contains numerous "Database lock time exceeded" messages
A restart of services temporarily clears the behavior.
 
 
To determine if the system is configured to collect application information:
1. Navigate to Policy > Policy Configuration
2. Under Endpoint Compliance, click Configuration
3. In the Collect Applications column, a green check mark will display next to configuration names that have this setting enabled


Scope
Version: 8.x

Solution
Workaround:
At this time, it is recommended to disable the Application Inventory function on all Endpoint Compliance Configurations.

1. Under Policy > Policy Configuration, double click on the Endpoint Compliance Configuration and uncheck Collect Application Inventory
2. Click OK.

3. Delete the existing Host Application records in the database.  This process requires CLI access to the appliance.  Contact Support for assistance. 
    Note: This process will restart services.

Solution:
Addressed in versions 8.7, 8.8 and 9.1.
 
View Current Size of Host Applications Table
 
Login to the Control Server CLI as root and type


mysql bsc -e "select count(*) from RTRHostApplications"

The following example shows a system with over 22 million records in the database.

 
Example:


> mysql bsc -e "select count(*) from RTRHostApplications"
+----------+
| COUNT(*) |
+----------+
| 22150990 |
+----------+
1 row in set (26.08 sec)

 

View Current Size of Scanned Applications Table
 
Login to the Control Server CLI as root and type

mysql bsc -e "select count(*) from RTRScannedApplications"
 
Drop the Applications Table(s) to Delete Records
 
Run the following commands:
shutdownCampusMgr
<wait 30 seconds>
 
mysql bsc -e "drop table RTRHostApplications"

mysql bsc -e "drop table RTRScannedApplications"
 
startupCampusMgr
Labels:
447
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.