Very high CPU usage every 15 minutes
-
@ViniciusBr Are you using a ramdisk or hard drive for /tmp?
-
Same HD, one for everything... this started to happen not long ago.
Before all were ok.
-
Hmm, how long does it take to reload the filter? I have a 35k ruleset here and it does use ~100% of one CPU core while it reloads but it takes maybe 1s to do it.
You have something that is triggering the filter reload every 15mins. Check the system logs.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
Hmm, how long does it take to reload the filter? I have a 35k ruleset here and it does use ~100% of one CPU core while it reloads but it takes maybe 1s to do it.
How can I check how long it is taking to reload?
About the logs: cannot find anything useful there.
-
Go to Status > Filter Reload, hit the button there. If you have top open in a console at the time you can see how it actually behaves.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
Go to Status > Filter Reload, hit the button there. If you have top open in a console at the time you can see how it actually behaves.
Steve
Ok, so that is the way of reproducing the issue!
Got the same high CPU usage, just not sure how to troubleshoot from there.
-
Does it show any errors on the reload page? Does it take more than a few seconds?
Something is triggering that reload, probably a result of something else being updated like an alias perhaps. I'd be amased if nothing shows in the system log though. Can we see it?
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
Does it show any errors on the reload page? Does it take more than a few seconds?
Something is triggering that reload, probably a result of something else being updated like an alias perhaps. I'd be amased if nothing shows in the system log though. Can we see it?
Steve
It is taking around 25 seconds to complete.
-
Hmm, no errors that jump out there. It's quite a long list though. 25s seems waaay longer than I might expect. It may be resolving a load of things.
I meant the system log though. Covering at least, say, 30mins so we can see a reload cycle.
Steve
-
I don't see anything strange:
-
Hmm, sure looks like it's reloading the rules. And not at 1h intervals.
If you install the cron package when cron jobs are listed? (or just check the crontab)
Steve
-
Here we go:
-
Ok so it's the filter_configure_sync cronjob. That is created if you have scheduled firewall rules.
Do you need those rules?
Of course it shouldn't be anything like the hit you're seeing to run it.
Steve
-
@stephenw10 said in Very high CPU usage every 15 minutes:
filter_configure_sync cronjob. That is created if you have scheduled firewall rules
I just deleted the schedule and removed the schedule from the rule, I will monitor and will get back here.
-
So the 15 minutes spike is over, but the filter reload is still consuming loads of CPU, not as before, but still high (yellow are is after the schedule deletion):
Checking the logs I can only see the filter reload:
-
Yeah it still has to reload the ruleset whenever it changes, pfBlocker updated in that instance.
Is it actually causing a problem though? You would expect it to use as much CPU as available to load the ruleset in the shortest possible time but won't necessarily effect other processes.
Steve
-
Well, the thing is: I have other pfsense boxes and they all have this 15 minute spike, but they don't go above 6% cpu usage, a few of them use less than 1%.. I know that several factors can cause this difference, but I still don't see why this huge CPU usage.
Thanks so far for the help!
-
Another update: CPU is not consuming like before, maybe the first filter reload after the change was bad, but the following spikes are much much less cpu consuming:
-
Mmm, that certainly looks better. But using CPU cycles is not a problem unless it takes priority over something more important. Extra CPU idle time isn't doing anything, literally!
Steve
-
@ViniciusBr said in Very high CPU usage every 15 minutes:
CPU Type Intel(R) Celeron(R) CPU G470 @ 2.00GHz
Keep in mind that CPU is a bit on the wimpy side compared to many others you see here.. So it will tend to look more "used" by the system at times. https://ark.intel.com/content/www/us/en/ark/products/74390/intel-celeron-processor-g470-1-5m-cache-2-00-ghz.html
Its single core. Can you/have you enabled multithreading in BIOS?
