CRON job hung with high CPU useage
-
Hello all,
I hope I'm providing enough information, if not just let me know.
I'm new to PFSense but I've been getting better, and just last week I began using DNSBL to block advertisements across my network.
Everything was running smoothly until this morning, when everything seemed… slower...
Viewing PFBlockerNG's logs show the service is stuck on a CRON task involving DNSBL, "top -aSH" shows multiple CRON instances hogging CPU cycles, and the home interface shows 100% usage.
I know my system isn't ridiculously powerful, but it should be strong enough to blacklist domains and cache downloads, so what gives? Has anyone else experienced this?
Thanks for the help
.png)
.png_thumb)
.png)
.png_thumb)
-
Don't enable any of the fancy deduplication and other features in pfBlockerNG.
-
Deduplication is not turned on. Could it be anything else? Should I change the Download Failure Threshold to a value below unlimited? Could that be what's causing it to hang?
-
Alright, so I disabled PFBlockerNG, rebooted the system, then re-enabled it, and now I have some context:
===[ DNSBL Process ]================================================
Missing DNSBL stats and/or Unbound DNSBL conf file - RebuildingDoes this have to do with custom DNSBL blacklists and should remove them/start from scratch?
-
Not sure why it created so many duplicate "cron" processes, but I would suggest either a reboot or killing the duplicate "cron" pids:
ps auxww | grep pfbthen
kill -9Follow that with a "Force Update" and see if it completes. Does the Box have any issues resolving DNS queries?
-
Thanks, that dropped my CPU usage enough for me to be able to interact with the GUI.
I'm going to uninstall PFBlockerNG and reinstall with a Spamhaus blacklist instead, perhaps it was having issues with my current blacklists
I have had no issues browsing or using my network other than the fact that it was pretty slow, so I don't think I had any DNS problems -
I'm seeing the exact same issue on my system, which has been running fine for around 1 year up until (I would guess) a couple of days ago.
Killing the offending PIDs returns the system to normal, until the cron runs again.
Offending process:
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cronCron entry (should this even be there, if pfBlockerNG is already running?!):
0 * * * * root /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1Reinstalling pfBlockerNG hasn't resolved the issue.
Top:
last pid: 15767; load averages: 1.04, 0.89, 0.68 up 0+15:39:23 23:08:19 147 processes: 4 running, 128 sleeping, 15 waiting Mem: 240M Active, 318M Inact, 253M Wired, 1684K Cache, 165M Buf, 150M Free Swap: 1024M Total, 11M Used, 1013M Free, 1% Inuse PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 19147 root 102 0 224M 29644K RUN 8:11 100.00% /usr/local/bin/php /usr/local/www/pfblockerng 0 root -16 - 0K 176K swapin 32.2H 0.00% [kernel{swapper}] 11 root 155 ki31 0K 16K RUN 128:51 0.00% [idle] 14950 root 20 0 21624K 4560K select 5:26 0.00% /usr/local/sbin/openvpn --config /var/etc/ope 13877 root 20 0 21624K 4528K select 4:33 0.00% /usr/local/sbin/openvpn --config /var/etc/ope 0 root -92 - 0K 176K - 0:58 0.00% [kernel{em0 taskq}] 12 root -60 - 0K 240K WAIT 0:38 0.00% [intr{swi4: clock}] 12 root -72 - 0K 240K WAIT 0:36 0.00% [intr{swi1: netisr 0}] 0 root -92 - 0K 176K - 0:22 0.00% [kernel{em1 taskq}] 80302 unbound 20 0 454M 434M kqread 0:14 0.00% /usr/local/sbin/unbound -c /var/unbound/unbou 85221 root 20 0 101M 4704K select 0:10 0.00% /usr/local/bin/vmtoolsd -c /usr/local/share/v 15 root -16 - 0K 16K - 0:06 0.00% [rand_harvestq] 7 root -16 - 0K 16K pftm 0:04 0.00% [pf purge] 86254 root 52 20 17000K 2180K wait 0:04 0.00% /bin/sh /var/db/rrd/updaterrd.sh 63232 root 23 0 224M 29964K nanslp 0:03 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblocke 85597 dhcpd 20 0 24812K 12516K select 0:02 0.00% /usr/local/sbin/dhcpd -user dhcpd -group _dhc 78154 root 20 0 15012K 2192K nanslp 0:02 0.00% [dpinger{dpinger}] 78478 root 20 0 15012K 2196K nanslp 0:02 0.00% [dpinger{dpinger}] -
See the following:
https://forum.pfsense.org/index.php?topic=102470.msg671811#msg671811 -
See the following:
https://forum.pfsense.org/index.php?topic=102470.msg671811#msg671811That seems to have fixed it. Thanks!
