InsightIDR agent CPU usage / system resources taken on busy SQL server?

Hi, I have received a query from a system admin about the resources that the ir_agent process is taking being higher than expected. There have been some issues on this machine with connections timing out so the finger is being pointed at the ir_agent process as being a possible contributing factor.
The agent updated to the latest version on the 22nd April and has been running OK as far as I can tell since last July when it was first installed. I would be interested if anyone has received similar concerns within your organisations and specifically relating to agent usage on SQL servers? I would expect the agent might take up slightly more CPU % on such an active server but not to the point of causing any overall impact to system performance? I don’t think there are any settings to control the priority of the agent process?

Hi @J1m

since the agent collects process start events along with windows event logs the agent may run a bit hot in the event that the machine itself is producing many events (process starts and/or security log events)

The agent.log does log when it processes windows events every 10 seconds, and it also logs its own cpu usage. In order to establish what is the root cause of the additional resources we would need to review these agent logs.

If you haven’t already raised a support case with us I would suggest you do so.

We have had some customers write in to us about similar issues, the root causes vary from machine to machine, we would need to review the security log also.

David