Operational Defect Database
BugZero updated this defect 58 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 356716
VoyenceControl: Using unanchored optional regex patterns in check patterns can cause severe VoyenceControl performance degradation
Last update date:
3/22/2024
Affected products:
Smart Assurance - NCM
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Symptoms
Using unanchored optional regex patterns in check patterns can cause severe VoyenceControl performance degradationApplication Server memory and swap usage surges after running VoyenceControl Enforce Policy or Compliance AuditsVoyenceControl Enforce Policy and/or Compliance Audit takes an extreme amount of time to completeRunning VoyenceControl Enforce Policy on a large set of devices returns the following Java Exception to the client: java.rmi.ServerException: IOE; nested exception is: java.io.IOException: Server returned HTTP response code: 503 for URL: http://192.168.1.2:8881/invoker/EJBInvokerServlet VoyenceControl Application Server powerup.log file repeatedly logs lines similar to the following: DEBUG [com.powerup.configmgr.server.services.configaudit.impl.RegExHelper] (JMS SessionPool Worker-459) Match found for line(CAPTURE_GROUP_TEXT)?
Cause
This issue is caused by using optional Regex patterns without being anchored by Exact Order Match or by additional regex statements around the optional pattern. When optional regex check patterns are "unanchored" like this, each configuration file is scanned repeatedly which can cause severe VoyenceControl performance degradation.
Resolution
To resolve this issue, optional regex patterns without an anchor must be anchored one of the following ways: Use Exact Order Match: Open up your Regex Test for editing and choose Exact Order Match instead of Line By Line (see Note statement). This will anchor your optional regex pattern with other regex check patterns in the same Test*. If no other regex patterns exist in this test, Exact Order Match will have no affect. Anchor the optional regex: Anchor your optional regex with extra statements on the same line. The following shows an example of how to do this: The following is unanchored optional regex, which will always be found in a given configuration file because it is simply a group of characters that must match 0 or 1 times to pass: (abc)? Changing the above line to the following would anchor this pattern so that it is no longer optional, meaning it cannot pass by matching 0 times: (abc)?d
Related Information
When using Exact Order Match in VoyenceControl 4.1.0, the optional regex will need to be anchored with other regex check patterns within the same step.
