About AssemblyLine Performance Troubleshooting
AssemblyLine performance troubleshooting: You will need to tweak performance in AssemblyLine if you have lower resources than the recommended. This could result in Service Errors during submission analysis because of docker instances failing because of limited resources. In addition, you can just disable services that you do not need to speed up analysis.
Affiliate: Experience limitless no-code automation, streamline your workflows, and effortlessly transfer data between apps with Make.com.
AssemblyLine Performance Troubleshooting – Submitting file for Analysis
Left panel => [Submit] => [File] => Drag and drop => [Upload and Scan]
You can use Total Commander setup file as example. It includes around 700 files inside, which is a good performance test for AssemblyLine.
Checking Performance
Left Panel => [Dashboard]
Check the “System Resource” widget. If the memory gets around 75% and CPU is around 20% it is better to optimize services.
AssemblyLine Performance Troubleshooting – Lowering resource consumption
Right Top corner => [User Icon] => [Services] Click each service [GENERAL] Max Number of Instances: 1 [SAVE CHANGES]
Recheck performance with the new settings
. Resubmit the file analysis
. Check the performance again
. See what Services have the most performance usage and are the slowest to complete.
Tweaking resources consumption
. Return to [Service] configuration again.
. Click the process you want to tweak:
[GENERAL] Max Number of Instances *** You can increase this number so there will be more instances opened and files will balance between them. [SAVE CHANGES] [CONTAINER] Click the box under "Container Image" Allowed CPU cores *** You may increase the number of cores per instance, the processing may go faster. Allowed memory range *** You may increase the maximum memory value [SAVE] [SAVE CHANGES]
. Resubmit the file and check the Dashboards analyze the performance after tweaking.
Checking AssemblyLine Performance over SSH
You may check the performance of the docker instances on the server itself. Connect with SSH:
ssh user@serverIPorDOMAIN
Execute the docker status command:
sudo docker stats
This command will show you the performance and resource usage of each instance. By default, it shows these fields:
NAME, CPU %, MEM USAGE / LIMIT, MEM %, NET I/O, BLOCK I/O, PIDS
You can show only specific fields from the above. Command to show all the fields:
sudo docker stats --format "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
We used the next fields more than the others:
sudo docker stats --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}"
To run stats on specific instance:
sudo docker stats al_DeobfuScripter_0
AssemblyLine Performance Troubleshooting – Thoughts and Tips
Our environment is 32 GB Memory and 32 CPU Cores. Meaning, we need to tweak AssemblyLine accordingly.
Pixaxe – Disabled the service. The CPU usage of each instance with 20 cores was on 100% for several hours without any result. Possible problem with a service, a bug or anything. Will wait for update to see if it performs better.
Floss – Needs more CPU than default settings, instances can close unexpectedly:
Max number of instances: 4 Allowed CPU cores: 10 Allowed memory usage MAX: 768
YARA – Works fine with default settings, can perform faster with:
Max number of instances: 2 Allowed CPU cores: 4 Allowed memory usage MAX: 768
FrankenStrings – Works fine with default settings, can perform better:
Max number of instances: 4 Allowed CPU cores: 10 Allowed memory usage MAX: 512
Cukoo – If you have numerous files, you will need numerous instances to send as much files as you can to the sandbox and probably you will not need 2000 MB per instance because all the computing is done in Cukoo itself:
Max number of instances: 10 Allowed CPU cores: 0.5 Allowed memory usage MAX: 1024
AssemblyLine Google Groups for Troubleshooting
Finally, you can follow the AssemblyLine Google Groups page to post your questions and check if there is already a solution for your query.