Troubleshooting Tip: Linux Agent Causes High CPU Usage In Linux Servers

koolishami · ‎12-09-2025

Description

This article describes the issue of the Linux agent causing high CPU usage and provides a step-by-step solution to resolve the problem. The article focuses on identifying the root cause of the issue and provides a detailed guide to resolving it.

Scope

FortiSIEM v7.x+.

Solution

To find the cause of Linux Agent consuming high CPU Usage,Agent Application Logs with the command below:

tail -50f /opt/fortinet/fortisiem/linux-agent/log/phoenix.log

Usually, the error below is the cause of the issue:

2025-12-03T10:26:55.580792-00:00 localhost phLinuxAgent[147077]: [PH_UTIL_FILE_STAT_FAILURE]:[eventSeverity]=PHL_ERROR,[procName]=phLinuxAgent,[fileName]=phMiscUtils.cpp,[lineNumber]=2351,[filePath]=<filepath_not_given_correct_permissions>,[errorNoInt]=1,[phLogDetail]=Failed to stat file

To resolve the issue of the Linux agent causing 99% CPU usage, follow these steps:

Go to ADMIN -> Setup -> Linux Agents -> Host To Template Associations and remove any files or directories that are defined under File Integrity Monitoring (FIM), especially system pseudoFS like /proc. As a best practice, it is not recommended to monitor system pseudoFS like /proc.
Select Apply to apply the changes.
If the /proc directory monitoring is required, refer to FortiSIEM Linux Agent for instructions to add it to the FIM configuration.
Make sure to change the permissions on the directories in the Linux servers. For example, to monitor the /proc directory, run the following commands:

chmod +x /proc
chmod -R +rx /proc

Troubleshooting Tip: Linux Agent Causes High CPU Usage In Linux Servers

You are leaving our website