Tuning the Patchman agent
The Patchman agent process allows for multiple tuning options. This article serves as a collection of available tuning methods and where to find them.
Scanning limits
Scanning limits allow you to set restrictions on full server scans. Setting an option will apply the scanning limit after a certain event is triggered. Disabling the scanning limit will make sure that the limit will not be applied. Scanning limits can be disabled for manual server scans triggered through the Portal. Scanning limits will only apply to full server scans and therefore will not affect manual end user scans.
You can configure this on the server group (https://portal.patchman.co/servers/group/)
The following limits and triggers can be configured:
Throttle dynamic malware scanning by only scanning changed files
Disable dynamic malware scanning altogether
Abort all scanning
The following triggers can be configured:
Disabled
After scanning N users
After scanning N directories
After scanning one in N users
After scanning one in N directories
After scanning for N hours total (since the beginning of the server-wide scan)
After surpassing the time of day
Scanning interval
Scanning interval enables you to choose to run Dynamic malware scanning not on every scan, but only on certain intervals, for instance, on certain days of the week.
You can configure this on the server group (https://portal.patchman.co/servers/group/)
The following options can be configured:
During every scan, scan every file dynamically
During every scan, scan files that have changed since the last dynamic scan
Only when the scan is in the configurable interval, scan every file dynamically
Scan every file dynamically when the scan is in the configurable interval, during all other scans only scan changed files dynamically
Never perform dynamic scanning
Further reading:
More information about configuring scanning limits and interval can be found in the main Patchman CLEAN article, here: What is Patchman CLEAN, and how do I enable & configure it?
Maximum file size
Additionally, scanning limits offer a maximum file size setting, allowing you do determine the cut-off for scanning large files:
CPU Nice value and I/O Priority
The agent also allows you to configure CPU and IO resource priorities, through nice values for CPU, and Best effort priority for CFQ I/O scheduling
You can configure this on the server group (https://portal.patchman.co/servers/group/)
Multi-threaded scanning configuration
With the introduction of multithreading, multithreading settings can be configured for the agent. You can configure this on the server group (https://portal.patchman.co/servers/group/). The following settings can be configured:
Absolute (thread count)
Configure the exact number of threads to use for multithreaded scanning.
CPU Ratio
Allocate a percentage of total available CPU threads to use for multi-threaded scanning. As this is a percentage, it is worth noting that it rounds down, to whole threads.
CPU Reservation
Allocate the number of CPU threads for the Patchman daemon to leave unused. Note that there is a minimum thread allocation of 1. If a user configures a lower limit, for example 0, or -4 (an 8 thread reservation on a 4 core machine), the Patchman agent logs at info
level and instead uses 1 thread.