Very high CPU usage every 15 minutes
-
@NollipfSense You can, but it would require editing the cron task.
-
How large is the rules.debug file?
What CPU is that?
That looks pretty extreme.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
How large is the rules.debug file?
What CPU is that?
That looks pretty extreme.
Steve
Yes, it is pretty bad, looking forward to fix it.
Where is this file located? /tmp? If yes it is currently 38K
38 -rw-r--r-- 1 root wheel 38K Sep 15 20:45 /tmp/rules.debug -
CPU Type Intel(R) Celeron(R) CPU G470 @ 2.00GHz
AES-NI CPU Crypto: NoThanks!
-
@ViniciusBr Are you using a ramdisk or hard drive for /tmp?
-
Same HD, one for everything... this started to happen not long ago.
Before all were ok.
-
Hmm, how long does it take to reload the filter? I have a 35k ruleset here and it does use ~100% of one CPU core while it reloads but it takes maybe 1s to do it.
You have something that is triggering the filter reload every 15mins. Check the system logs.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
Hmm, how long does it take to reload the filter? I have a 35k ruleset here and it does use ~100% of one CPU core while it reloads but it takes maybe 1s to do it.
How can I check how long it is taking to reload?
About the logs: cannot find anything useful there.
-
Go to Status > Filter Reload, hit the button there. If you have top open in a console at the time you can see how it actually behaves.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
Go to Status > Filter Reload, hit the button there. If you have top open in a console at the time you can see how it actually behaves.
Steve
Ok, so that is the way of reproducing the issue!
Got the same high CPU usage, just not sure how to troubleshoot from there.
-
Does it show any errors on the reload page? Does it take more than a few seconds?
Something is triggering that reload, probably a result of something else being updated like an alias perhaps. I'd be amased if nothing shows in the system log though. Can we see it?
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
Does it show any errors on the reload page? Does it take more than a few seconds?
Something is triggering that reload, probably a result of something else being updated like an alias perhaps. I'd be amased if nothing shows in the system log though. Can we see it?
Steve
It is taking around 25 seconds to complete.
-
Hmm, no errors that jump out there. It's quite a long list though. 25s seems waaay longer than I might expect. It may be resolving a load of things.
I meant the system log though. Covering at least, say, 30mins so we can see a reload cycle.
Steve
-
I don't see anything strange:
-
Hmm, sure looks like it's reloading the rules. And not at 1h intervals.
If you install the cron package when cron jobs are listed? (or just check the crontab)
Steve
-
Here we go:
-
Ok so it's the filter_configure_sync cronjob. That is created if you have scheduled firewall rules.
Do you need those rules?
Of course it shouldn't be anything like the hit you're seeing to run it.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
filter_configure_sync cronjob. That is created if you have scheduled firewall rules
I just deleted the schedule and removed the schedule from the rule, I will monitor and will get back here.
-
So the 15 minutes spike is over, but the filter reload is still consuming loads of CPU, not as before, but still high (yellow are is after the schedule deletion):
Checking the logs I can only see the filter reload:
-
Yeah it still has to reload the ruleset whenever it changes, pfBlocker updated in that instance.
Is it actually causing a problem though? You would expect it to use as much CPU as available to load the ruleset in the shortest possible time but won't necessarily effect other processes.
Steve
