CPU load in pfsense cause by regex
-
@Gertjan Yes. Wich detail do you need exactly?
-
Something like "I use a 2010 based i386 based intel device with 1Gbytes of RAM, many LANs, hundreds of LAN devices, all of them open thousands of connections, and all pfSense packages installed and activated".
Then I would say : "Everything is fine then" ;)
-
What pfSense version is this?
We have been looking at a loading issue similar to this in the new kea2unbound function in 24.08 snapshots.
-
@stephenw10 @Gertjan the firewall System is Netgate 7100
version: 24.03-RELEASE (amd64)
CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz
4 CPUs : 1 package(s) x 4 core(s)
and I have a big infrastructure that maybe this is the reason of the load. -
the Ram is 8 GB
-
Did the ps output show anything more than just the egrep called by rrdupdate? Like what part of that actually called it?
-
@stephenw10
this is the resultUSER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 0 222.6 0.0 0 1664 - DLs 7Nov23 105560:16.48 [kernel] root 11 154.3 0.0 0 64 - RNL 7Nov23 1790158:20.32 - [idle] root 7 0.9 0.0 0 16 - DL 7Nov23 695:03.24 - [pf purge] root 1 0.0 0.0 11352 1228 - ILs 7Nov23 0:00.24 - /sbin/init root 1625 0.0 0.4 110328 32432 - Ss 7Nov23 11:18.69 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) root 5056 8.8 7.3 773308 609808 - S 25Sep24 8:48.22 | |-- php-fpm: pool nginx (php-fpm) root 68894 0.0 0.0 5128 2612 - R 16:06 0:00.00 | | `-- [sh]and the CPU load after disabling RRd it reduced 20% of the amount of CPU then it should be the one who was consuming the cpu
-
@khouloud said in CPU load in pfsense cause by regex:
root 0 222.6 0.0 0 1664 - DLs 7Nov23 105560:16.48 [kernel]
root 11 154.3 0.0 0 64 - RNL 7Nov23 1790158:20.32 - [idle]
root 7 0.9 0.0 0 16 - DL 7Nov23 695:03.24 - [pf purge]
root 1 0.0 0.0 11352 1228 - ILs 7Nov23 0:00.24 - /sbin/init
root 1625 0.0 0.4 110328 32432 - Ss 7Nov23 11:18.69 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
root 5056 8.8 7.3 773308 609808 - S 25Sep24 8:48.22 | |-- php-fpm: pool nginx (php-fpm)
root 68894 0.0 0.0 5128 2612 - R 16:06 0:00.00 | | `-- [sh]ahrd to read ...
Use :
so things becomes way more readable :
[24.03-RELEASE][root@pfSense.bhf.tld]/root: ps -auxwwd USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 0 0.0 0.0 0 1312 - DLs 24Sep24 244:14.24 [kernel] root 11 198.9 0.0 0 32 - RNL 24Sep24 41066:28.47 - [idle] root 1 0.0 0.0 11344 1220 - ILs 24Sep24 0:00.46 - /sbin/init unbound 54544 0.4 3.8 185892 154088 - Ss 00:15 12:40.44 |-- /usr/local/sbin/unbound -c /var/unbound/unbound.conf root 573 0.0 0.8 110112 32720 - Ss 24Sep24 0:31.72 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) root 1606 0.0 2.5 158668 100040 - I Tue08 5:40.50 | |-- php-fpm: pool nginx (php-fpm) root 12087 0.0 2.5 162764 99576 - I Mon13 6:31.22 | |-- php-fpm: pool nginx (php-fpm) root 28210 0.0 2.4 158668 97860 - I Mon12 7:34.59 | |-- php-fpm: pool nginx (php-fpm) root 34768 0.0 2.5 158668 99548 - I Mon12 7:48.36 | |-- php-fpm: pool nginx (php-fpm) root 38507 0.0 2.5 158668 99256 - I Mon08 9:43.96 | |-- php-fpm: pool nginx (php-fpm) root 60206 0.0 2.5 158604 99232 - I Mon13 6:51.04 | |-- php-fpm: pool nginx (php-fpm) root 98309 0.0 2.4 166860 98824 - I Mon09 8:21.45 | `-- php-fpm: pool nginx (php-fpm) root 676 0.0 0.1 13232 2928 - INs 24Sep24 0:00.12 |-- /usr/local/sbin/check_reload_statusedit : Ok, coll, you figured it out
or use top (install htop ^^) and I sorted on "CPU Load":
edit : you have a "7100". That's not a small system.
No ntopng/bandwidthd/suricata or other pfSene packages installed ?
IMHO, a 7100 can do some serious routing. That said, with half a zillion firewall states open, things tend to get 'hot' and slow. -
Mmm, uptime nearly a year. Shouldn't be an issue but I would want to check if a reboot removes it.
-
@stephenw10 Yes we plan to reboot it
