pcscd daemon is enabled after reboot
-
It's possible to run an encrypted filesystem but the biggest problem with doing so is you nede to enter the decryption key at every boot. Obviously that's a significant issue on a firewall, especially if it's remote!
Steve
-
@bingo600 yes it says so in the pfsense documentation
-
@steveits yes Steve compression of log files
-
@nattygreg said in pcscd daemon is enabled after reboot:
@bingo600 yes it says so in the pfsense documentation
What does it say in the documentation ??
What are we talking about here ?
-
@bingo600 that ZFS install of pfsense is already compress so there is no need to compress the logs again, unbound for me was using 7775M until I turn off bzip, now unbound uses 703M. And my memory usage is hovering at 15-17% and this is with pfblocker running around 20. Blocklist in python mode.
With the installed patch for pcscd, it prevents it from starting up after a reboot.
Still have one issue- maybe u can help with my i5-240M embedded cpu in my 1u still Carrieās a temperature of 68-70 degrees Celsius.
I have two exhaust fans from notua running in it and the regular fan on the cpu
-
@nattygreg said in pcscd daemon is enabled after reboot:
@bingo600 that ZFS install of pfsense is already compress so there is no need to compress the logs again, unbound for me was using 7775M until I turn off bzip, now unbound uses 703M.
So you are telling me that log rotating with bzip2 consumes 7GB of Ram ?
That would clearly be an issue i would report to Netgate.
-
@bingo600 when I check they are aware, these are the work around until itās fix in 2.6 CE, when I was in 2.4.5 I never had these issue, but because Iām a phenatic for making sure my home is secured I upgraded and wish I hadnāt but I can not see my self going backward so we search and find solution until the release of 2.6. Those fixes that I suggest has brought my memory usage down.
Iām running 2.5.2 CE
-
@bingo600 said in pcscd daemon is enabled after reboot:
you are telling me that log rotating with bzip2 consumes 7GB of Ram
I don't know about 7 GB RAM usage but I've run into slower-CPU routers with half a dozen bzip processes running, using CPU, I/O, and RAM. It's noticeable when the CPU gets maxed out.
@nattygreg said in pcscd daemon is enabled after reboot:
these are the work around until itās fix in 2.6 CE
Technically the release notes I linked say they will disable log compression on new installations with ZFS, not that they will change the setting on existing routers.
pcscd will however be optional by default.
-
@steveits said in pcscd daemon is enabled after reboot:
I don't know about 7 GB RAM usage but I've run into slower-CPU routers with half a dozen bzip processes running, using CPU, I/O, and RAM. It's noticeable when the CPU gets maxed out.
Hmmm ...
Since they mention bzip2 log rotate in the docs , i would have expected it to be a rare occurrence. But if the CPU (or disk) is constrained, i can see the compression taking some time. I think my logs on my linux server are rotated every 24 hr's.
/Bingo
-
Generally if you see that it's because something is massively spamming the log file in question. That's what happens if you kill pcscd while ipsec is running. The log file reaches it's maximum size and is compressed/rotated faster than the system can do it.
Steve
-
@stephenw10
Will IPSEC still be available (aka. can i still make an ipsec VPN tunnel) if I have "patched" the pcscd "out"./Bingo
-
@bingo600 said in pcscd daemon is enabled after reboot:
Will IPSEC still be available (aka. can i still make an ipsec VPN tunnel) if I have "patched" the pcscd "out".
yes
-
It's disabled by default in 2.6 (using this same method) and that is now the current release!
-
@stephenw10 are you running 2.6 if so is there any caveats
-
I've been running 2.6 for months, on numerous boxes, no significant issues.
There seems to be some potential problems if you're running in Hyper-V. Some users are seeing throughput reduced (significantly) in VMs there.
Steve
