High cpu usage with packages enabled - squid, snort,etc
-
hi everyone
using an old core 2 e6420 on a gigabyte p35 with 4gb ddr2, nvidia 210 pcie graphics, dual intel pcie pro/1000 nics, and a 250gb hd. i am the only user here. internet is cable @ 250/20 with the isp modem in bridge mode.
using pfsense 2.2.1 x64 with the following plugins.
- squid3 dev
- squidguard dev
- HVAP (disabled as it gives me issues)
- pfblockerng
- snort
- bandwidthd
- sarg
- Service Watchdog
- iperf
i have squid3 running as a http (not https ) transparent proxy. setup wdap using the online guide and urlresolver instead of the forwarder.
everything is working fine except that the cou stays at 50%+ load as in this picture, even when there is no traffic. Also, the squid3 package turns off every so often. I installed that Service Watchdog to restart it.
squid 3 has 30,000mb for cache in a /cache folder as per the one of the online guides.
Any idea what pluggin is causing this cpu load?
-
I'd just log in to bash (ssh) and perform a "top"
-
I'd just log in to bash (ssh) and perform a "top"
can you be more specific? ssh login with putty I can do - what is a top? what is the exact command?
-
did a google search of top and pfsense, and found this: https://forum.pfsense.org/index.php?topic=43339.0
went diagnostics - system activity and here it is:
last pid: 18925; load averages: 1.18, 1.25, 1.20 up 0+08:14:31 19:12:29
157 processes: 5 running, 112 sleeping, 40 waitingMem: 95M Active, 437M Inact, 249M Wired, 948K Cache, 136M Buf, 3154M Free
Swap:PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
17 root -16 ki-1 0K 16K CPU1 1 493:54 100.00% [idlepoll]
11 root 155 ki31 0K 32K RUN 0 264:45 68.65% [idle{idle: cpu0}]
11 root 155 ki31 0K 32K RUN 1 193:18 28.17% [idle{idle: cpu1}]
78363 root 22 0 224M 33480K piperd 0 0:00 0.20% php-fpm: pool lighty (php-fpm)
6865 root 20 0 771M 398M bpf 0 1:38 0.00% /usr/local/bin/snort -R 12483 -D -q –supp
0 root -16 0 0K 224K swapin 0 0:49 0.00% [kernel{swapper}]
12 root -60 - 0K 640K WAIT 0 0:13 0.00% [intr{swi4: clock}]
43228 root 20 0 54892K 8796K kqread 0 0:08 0.00% /usr/local/sbin/lighttpd -f /var/etc/light
5 root -16 - 0K 16K pftm 0 0:08 0.00% [pf purge]
32917 root 20 0 16812K 2660K bpf 0 0:04 0.00% /usr/local/sbin/filterlog -i pflog0 -p /va
276 root 20 0 224M 23916K kqread 0 0:04 0.00% php-fpm: master process (/usr/local/lib/ph
21 root 16 - 0K 16K syncer 0 0:03 0.00% [syncer]
45523 unbound 20 0 55728K 31732K kqread 1 0:03 0.00% /usr/local/sbin/unbound -c /var/unbound/un
22681 root 20 0 49772K 14808K nanslp 0 0:03 0.00% /usr/local/bin/barnyard2 -r 12483 -f snort
80311 root 20 0 14664K 2400K select 0 0:03 0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/v
38431 root 20 0 12464K 2232K select 0 0:02 0.00% /usr/local/sbin/apinger -c /var/etc/apinge
15 root -16 - 0K 16K - 0 0:02 0.00% [rand_harvestq]
63378 root 52 20 17144K 2488K wait 1 0:02 0.00% /bin/sh /var/db/rrd/updaterrd.shI have "Enable device polling" on as my network cards support it - could that be the cause? how do i get idlepoll working properly?
-
disabled idlepol and rebooted, cpu usage is back to zero.
is there a way to get it working without it sucking so much cpu power? seems to speed things up by negating irqs.
POST disabling idlepolling and rebooting
last pid: 27923; load averages: 0.86, 0.76, 0.34 up 0+00:02:07 19:20:12
159 processes: 3 running, 116 sleeping, 40 waitingMem: 427M Active, 57M Inact, 232M Wired, 972K Cache, 96M Buf, 3218M Free
Swap:PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0K 32K CPU0 0 1:44 95.36% [idle{idle: cpu0}]
11 root 155 ki31 0K 32K RUN 1 1:26 95.26% [idle{idle: cpu1}]
59214 root 39 0 224M 40040K piperd 1 0:00 0.59% php-fpm: pool lighty (php-fpm)
8632 proxy 52 0 73644K 13072K nanslp 1 0:00 0.39% /usr/local/sbin/squid -f /usr/pbi/squid-am
0 root -16 0 0K 224K swapin 0 0:49 0.00% [kernel{swapper}]
4 root -16 - 0K 32K - 0 0:00 0.00% [cam{doneq0}]
12 root -60 - 0K 640K WAIT 0 0:00 0.00% [intr{swi4: clock}]
4 root -16 - 0K 32K - 0 0:00 0.00% [cam{scanner}]
43555 root 20 0 50796K 7424K kqread 0 0:00 0.00% /usr/local/sbin/lighttpd -f /var/etc/light
71515 root 20 0 763M 360M bpf 0 0:00 0.00% /usr/local/bin/snort -R 12483 -D -q –supp
45428 unbound 20 0 43440K 21796K kqread 0 0:00 0.00% /usr/local/sbin/unbound -c /var/unbound/un
5 root -16 - 0K 16K pftm 0 0:00 0.00% [pf purge]
12 root -92 - 0K 640K WAIT 0 0:00 0.00% [intr{irq256: em0:rx 0}]
54 root -8 - 0K 16K mdwait 1 0:00 0.00% [md1]
12 root -92 - 0K 640K WAIT 1 0:00 0.00% [intr{irq259: em1:rx 0}]
33182 root 20 0 16812K 2408K bpf 1 0:00 0.00% /usr/local/sbin/filterlog -i pflog0 -p /va
95254 root 20 0 28172K 18076K select 1 0:00 0.00% /usr/local/sbin/ntpd -g -c /var/etc/ntpd.c
12 root -88 - 0K 640K WAIT 0 0:00 0.00% [intr{irq262: ahci1:ch}] -
What? You enabled the horrible Device polling "feature" in System: Advanced: Networking? Kindly do not touch any Network Interfaces defaults there unless you absolutely know what you are doing. (I requested this item to be removed multiple times to no avail, allegedly it is "useful" for someone. The only use without exception for anyone who ever touched that polling checkbox was a CPU burn-in test.)
-
ahh ok thanks for the reply. i thought it would speed things up. guess not.