My SLES only installed SAP HANA, every morning processor status always reach 100% all, I see it on System Status Monitor. and at night surely no one using the SAP apps. So every morning I have to restart the server to get it normal.
Any idea how to check what makes the processor 100% usage ?
Thanks
Have you tried the typical OS tools like ‘top’ to see what is using the
system? Which SLES version and patches? Is this production, dev, QA,
etc. and does it happen in other environments? Is anything misbehaving
other than the perceived problem with CPU utilization? Is this a physical
or virtual box? How many CPUs/cores/etc. does it have?
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
I am using 2 Xeon 8Core, I try run TOP and it is stated that m64.pl taking much process. what is m64.pl ?
thanks
On 02/25/2014 08:24 PM, tdphanab1 wrote:[color=blue]
I am using 2 Xeon 8Core, I try run TOP and it is stated that m64.pl
taking much process. what is m64.pl ?
thanks[/color]
No idea. Which package is it from? Find out the file’s path and then see
which package placed it. If one did not, then you may want to disconnect
your system and see if it has been hacked. The m64.pl process shows up in
Google as possibly being a bit of malware used as a bitcoin miner, which
means somebody is making money by using your CPU to do bitcoin “mining”.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
So any guidence to solved this issue ? I activated SSH server on my SLES maybe this is the problem ? so I have to disable the SSH ?
Hi tdphanab1,
[QUOTE=ab;19554][…] then you may want to disconnect
your system and see if it has been hacked. The m64.pl process shows up in
Google as possibly being a bit of malware used as a bitcoin miner, which
means somebody is making money by using your CPU to do bitcoin “mining”.
typical CERT procedures apply. Check where that m64.pl is coming from and where it is placed. If you cannot safely determine “someone from the inside” has placed and started that program, but have to fear your system was compromised, detach it from all networks and start analysis. If you then conclude your system was broken into, try to identify the attack vector (to make sure you won’t open that “hole” again), try to find out if more than BTC mining was added (i.e. the system was used to attack further systems on your network) and then reinstall the server.
The decision not to re-install ought only be made if you’re sufficiently sure what had been done and that the system is still “safe” - no back-doors, no malware, no new accounts, all security holes covered,…
Regards,
Jens