Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CPU load in pfsense cause by regex

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @khouloud
      last edited by

      @khouloud said in CPU load in pfsense cause by regex:

      last pid: 26893; load averages: 2.50, 2.48, 2.44 up 336+14:40:02 12:46:24
      336 threads: 7 running, 287 sleeping, 42 waiting

      "2.50, 2.48, 2.44" is huge.

      "336 threads" is 3,5 times more as I have on my Netgate 4100.

      Detail your setup please.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      K 1 Reply Last reply Reply Quote 0
      • K
        khouloud @Gertjan
        last edited by

        @Gertjan Yes. Wich detail do you need exactly?

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @khouloud
          last edited by

          @khouloud

          Something like "I use a 2010 based i386 based intel device with 1Gbytes of RAM, many LANs, hundreds of LAN devices, all of them open thousands of connections, and all pfSense packages installed and activated".

          Then I would say : "Everything is fine then" ;)

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            What pfSense version is this?

            We have been looking at a loading issue similar to this in the new kea2unbound function in 24.08 snapshots.

            1 Reply Last reply Reply Quote 0
            • K
              khouloud
              last edited by

              @stephenw10 @Gertjan the firewall System is Netgate 7100
              version: 24.03-RELEASE (amd64)
              CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz
              4 CPUs : 1 package(s) x 4 core(s)
              and I have a big infrastructure that maybe this is the reason of the load.

              K 1 Reply Last reply Reply Quote 0
              • K
                khouloud @khouloud
                last edited by

                the Ram is 8 GB

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Did the ps output show anything more than just the egrep called by rrdupdate? Like what part of that actually called it?

                  K 1 Reply Last reply Reply Quote 0
                  • K
                    khouloud @stephenw10
                    last edited by stephenw10

                    @stephenw10
                    this is the result

                    USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED          TIME COMMAND
                    root        0 222.6  0.0      0   1664  -  DLs   7Nov23  105560:16.48 [kernel]
                    root       11 154.3  0.0      0     64  -  RNL   7Nov23 1790158:20.32 - [idle]
                    root        7   0.9  0.0      0     16  -  DL    7Nov23     695:03.24 - [pf purge]
                    root        1   0.0  0.0  11352   1228  -  ILs   7Nov23       0:00.24 - /sbin/init
                    root     1625   0.0  0.4 110328  32432  -  Ss    7Nov23      11:18.69 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
                    root     5056   8.8  7.3 773308 609808  -  S    25Sep24       8:48.22 | |-- php-fpm: pool nginx (php-fpm)
                    root    68894   0.0  0.0   5128   2612  -  R    16:06         0:00.00 | | `-- [sh]
                    

                    and the CPU load after disabling RRd it reduced 20% of the amount of CPU then it should be the one who was consuming the cpu

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @khouloud
                      last edited by Gertjan

                      @khouloud said in CPU load in pfsense cause by regex:

                      root 0 222.6 0.0 0 1664 - DLs 7Nov23 105560:16.48 [kernel]
                      root 11 154.3 0.0 0 64 - RNL 7Nov23 1790158:20.32 - [idle]
                      root 7 0.9 0.0 0 16 - DL 7Nov23 695:03.24 - [pf purge]
                      root 1 0.0 0.0 11352 1228 - ILs 7Nov23 0:00.24 - /sbin/init
                      root 1625 0.0 0.4 110328 32432 - Ss 7Nov23 11:18.69 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
                      root 5056 8.8 7.3 773308 609808 - S 25Sep24 8:48.22 | |-- php-fpm: pool nginx (php-fpm)
                      root 68894 0.0 0.0 5128 2612 - R 16:06 0:00.00 | | `-- [sh]

                      ahrd to read ...
                      Use :

                      62e58832-19af-415b-b7b2-e340a113c226-image.png

                      so things becomes way more readable :

                      [24.03-RELEASE][root@pfSense.bhf.tld]/root: ps -auxwwd
                      USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED        TIME COMMAND
                      root        0   0.0  0.0      0   1312  -  DLs  24Sep24   244:14.24 [kernel]
                      root       11 198.9  0.0      0     32  -  RNL  24Sep24 41066:28.47 - [idle]
                      root        1   0.0  0.0  11344   1220  -  ILs  24Sep24     0:00.46 - /sbin/init
                      unbound 54544   0.4  3.8 185892 154088  -  Ss   00:15      12:40.44 |-- /usr/local/sbin/unbound -c /var/unbound/unbound.conf
                      root      573   0.0  0.8 110112  32720  -  Ss   24Sep24     0:31.72 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
                      root     1606   0.0  2.5 158668 100040  -  I    Tue08       5:40.50 | |-- php-fpm: pool nginx (php-fpm)
                      root    12087   0.0  2.5 162764  99576  -  I    Mon13       6:31.22 | |-- php-fpm: pool nginx (php-fpm)
                      root    28210   0.0  2.4 158668  97860  -  I    Mon12       7:34.59 | |-- php-fpm: pool nginx (php-fpm)
                      root    34768   0.0  2.5 158668  99548  -  I    Mon12       7:48.36 | |-- php-fpm: pool nginx (php-fpm)
                      root    38507   0.0  2.5 158668  99256  -  I    Mon08       9:43.96 | |-- php-fpm: pool nginx (php-fpm)
                      root    60206   0.0  2.5 158604  99232  -  I    Mon13       6:51.04 | |-- php-fpm: pool nginx (php-fpm)
                      root    98309   0.0  2.4 166860  98824  -  I    Mon09       8:21.45 | `-- php-fpm: pool nginx (php-fpm)
                      root      676   0.0  0.1  13232   2928  -  INs  24Sep24     0:00.12 |-- /usr/local/sbin/check_reload_status
                      

                      edit : Ok, coll, you figured it out 👍

                      or use top (install htop ^^) and I sorted on "CPU Load":

                      96417bcc-45d9-4894-8d26-5fbfcfc5efdf-image.png

                      edit : you have a "7100". That's not a small system.

                      No ntopng/bandwidthd/suricata or other pfSene packages installed ?
                      IMHO, a 7100 can do some serious routing. That said, with half a zillion firewall states open, things tend to get 'hot' and slow.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 1
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Mmm, uptime nearly a year. Shouldn't be an issue but I would want to check if a reboot removes it.

                        K 1 Reply Last reply Reply Quote 0
                        • K
                          khouloud @stephenw10
                          last edited by

                          @stephenw10 Yes we plan to reboot it

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.