Very high CPU usage every 15 minutes

provels

@ViniciusBr Are you using a ramdisk or hard drive for /tmp?

ViniciusBr

Same HD, one for everything... this started to happen not long ago.

Before all were ok.

stephenw10

Hmm, how long does it take to reload the filter? I have a 35k ruleset here and it does use ~100% of one CPU core while it reloads but it takes maybe 1s to do it.

You have something that is triggering the filter reload every 15mins. Check the system logs.

Steve

ViniciusBr

@stephenw10 said in Very high CPU usage every 15 minutes:

Hmm, how long does it take to reload the filter? I have a 35k ruleset here and it does use ~100% of one CPU core while it reloads but it takes maybe 1s to do it.

How can I check how long it is taking to reload?

About the logs: cannot find anything useful there.

stephenw10

Go to Status > Filter Reload, hit the button there. If you have top open in a console at the time you can see how it actually behaves.

Steve

ViniciusBr

@stephenw10 said in Very high CPU usage every 15 minutes:

Go to Status > Filter Reload, hit the button there. If you have top open in a console at the time you can see how it actually behaves.

Steve

Ok, so that is the way of reproducing the issue!

Got the same high CPU usage, just not sure how to troubleshoot from there.

stephenw10

Does it show any errors on the reload page? Does it take more than a few seconds?

Something is triggering that reload, probably a result of something else being updated like an alias perhaps. I'd be amased if nothing shows in the system log though. Can we see it?

Steve

ViniciusBr

@stephenw10 said in Very high CPU usage every 15 minutes:

Does it show any errors on the reload page? Does it take more than a few seconds?

Something is triggering that reload, probably a result of something else being updated like an alias perhaps. I'd be amased if nothing shows in the system log though. Can we see it?

Steve

It is taking around 25 seconds to complete.

stephenw10

Hmm, no errors that jump out there. It's quite a long list though. 25s seems waaay longer than I might expect. It may be resolving a load of things.

I meant the system log though. Covering at least, say, 30mins so we can see a reload cycle.

Steve

ViniciusBr

I don't see anything strange:

stephenw10

Hmm, sure looks like it's reloading the rules. And not at 1h intervals.

If you install the cron package when cron jobs are listed? (or just check the crontab)

Steve

ViniciusBr

Here we go:

stephenw10

Ok so it's the filter_configure_sync cronjob. That is created if you have scheduled firewall rules.

Do you need those rules?

Of course it shouldn't be anything like the hit you're seeing to run it.

Steve

ViniciusBr

@stephenw10 said in Very high CPU usage every 15 minutes:

filter_configure_sync cronjob. That is created if you have scheduled firewall rules

I just deleted the schedule and removed the schedule from the rule, I will monitor and will get back here.

ViniciusBr

So the 15 minutes spike is over, but the filter reload is still consuming loads of CPU, not as before, but still high (yellow are is after the schedule deletion):

Checking the logs I can only see the filter reload:

stephenw10

Yeah it still has to reload the ruleset whenever it changes, pfBlocker updated in that instance.

Is it actually causing a problem though? You would expect it to use as much CPU as available to load the ruleset in the shortest possible time but won't necessarily effect other processes.

Steve

ViniciusBr

Well, the thing is: I have other pfsense boxes and they all have this 15 minute spike, but they don't go above 6% cpu usage, a few of them use less than 1%.. I know that several factors can cause this difference, but I still don't see why this huge CPU usage.

Thanks so far for the help!

ViniciusBr

Another update: CPU is not consuming like before, maybe the first filter reload after the change was bad, but the following spikes are much much less cpu consuming:

stephenw10

Mmm, that certainly looks better. But using CPU cycles is not a problem unless it takes priority over something more important. Extra CPU idle time isn't doing anything, literally!

Steve

chpalmer

@ViniciusBr said in Very high CPU usage every 15 minutes:

CPU Type Intel(R) Celeron(R) CPU G470 @ 2.00GHz

Keep in mind that CPU is a bit on the wimpy side compared to many others you see here.. So it will tend to look more "used" by the system at times. https://ark.intel.com/content/www/us/en/ark/products/74390/intel-celeron-processor-g470-1-5m-cache-2-00-ghz.html

Its single core. Can you/have you enabled multithreading in BIOS?