Crash dhcp
-
-
The cpu varies quickly between 27 and 80%.
-
@Gertjan Thank you for your reply
-
The main system log with some time either side of the crash event would probably show it.
The error there is 'out of swap' but sicne the SG-1100 does not use swap that's really out of RAM.
Running pfBlocker and Squid could easily do that.Check the Status > Monitioring graphs for historical memory usage.
Steve
-
@stephenw10 Thank you for your answer, I'd really like to solve this problem. So, probably, pfblocker and squid together are too much for sg1100?
Better to uninstall pfblocker and configure opendns?
I upload the logs to the cloud and place the link, I'm not allowed to put them here.https://ncloud.zaclys.com/index.php/s/2bPZpJqyQDdrLB3
Thanks
-
-
Change it to system memory rather than processor, like:
That log contains mostly firewall logs. We need the system logs only really.
Steve
-
-
@stephenw10 For the logs, I change the settings and save only the system ones, in case you should reoccur the problem will be easier to understand something.
Thank you -
@stephenw10 Hi, have you seen the memory diagram? What do you think? Thank you
-
Sorry, looks like I had a reply typed out here and failed to send it.
The time scale on that graph is probably too long. You should choose the shortest time scale you can that still covers one of the times it failed. Otherwise the data averaging can cover up spikes in usage.
However it would surprise me if this is not a memory exhaustion issue just because you have Squid and pfBlocker running both of which are known large consumers of memory.
Can you disable Squid as a test?Steve
-
@stephenw10 No problem thanks for the answer.
Yes of course I can try to disable squid (although for me very useful as it saves navigation logs).
I can disable pfblocker and replace it with opendns.
I try to narrow the graph in the day of the crash.
Thank you very much -
@stephenw10 hello, I managed to narrow down the memory chart in the time of the crash (Oct 27 15:08:43 pfsense.lonampio.local kernel: pid 52747 (unbound), uid 59, was killed: out of swap space) what do you see?
Thanks
-
@ilarioQ said in Crash dhcp:
(unbound), uid 59, was killed: out of swap space) what do you see?
pfSense without it's resolver ?
That's like a car without tires.As said above : shut down that package that makes unbound huge : pfBlockerNG.
After you assured yourself things are stable again - some days or a week, you can consider activating pfBlockerNG but do not try to add every possible list. Just the most important ones. Check the files mentioned in pfBlockerNG 's logs when you force reload. You will have an idea of the memory foot print.
Keep also in mjnd that during every restart of unbound it parses all the DNSBL and IP lists, the can become huge and know that the SG-1100 has a rather small processor. During startup the resolver (unbound) will not function ... so you're entire LAN will be without DNS also ... many forum posts exists about this observation.Squid is the other memory eater .... put it on a diet - keep en eye - daily if needed - on it's log files ( !! ) or remove it all together.
Plan B would be : use a device with much more memory.
-
@Gertjan Thanks for your answer. I didn't understand anything about it
, I'll pass your answer on to my technician. Anyway, thank you for the explanation. -
@Gertjan What I see is that since I disabled pfblocker the curves of the inactive and free memory have reversed.
-
Mmm, so pfBlocker is clearly using significant RAM there. Did you have a lot of lists loaded? You might need to use fewer for the limited RAM in the SG-1100.
Steve
-
@stephenw10 Hi, I had selected a dozen lists. Alternatively, use openDNS and let their servers work on filtering the navigation?
-
Yes, you could use that instead. Less control that running it locally but no loading either.
Steve
-
@stephenw10 Thanks for your answer. I'll have opendns servers work ;-)
