Zombie processes after adding VLAN.
-
I recently added a VLAN to handle our public Wireless network. After adding the VLAN, adding the outbound NAT rule, and setting up DHCP on the vlaned interface CPU utilization soared to 100% i SSHd into the box and saw that all the CPU is taken up by a handful of zombie processes and the Syslog process.
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 36583 85.7 0.4 1440 1032 ?? Rs Tue09AM 3588:45.05 /usr/sbin/syslogd -ss -f /var/etc/syslog.conf root 19455 56.9 0.0 0 0 ?? ZN 10:43AM 0:01.30 <defunct>root 29377 42.0 0.0 0 0 ?? ZN 11:09AM 0:01.02 <defunct>root 91036 28.0 0.0 0 0 ?? ZN 4:27AM 0:00.54 <defunct>root 31321 23.0 0.0 0 0 ?? ZN 11:15AM 0:00.88 <defunct>root 31576 12.4 8.4 23852 21140 ?? DN 11:17AM 0:00.87 /usr/local/bin/php /etc/rc.filter_configure_sync root 69561 3.4 7.1 19292 17872 ?? S 10:22PM 0:14.23 /usr/local/bin/php</defunct></defunct></defunct></defunct>Everything else is working fine except for the new VLAN which is really unresponsive, sometimes DHCP will bless me with an IP and sometimes i can even NAT out to the internet. most of the time i get nothing.
Is it safe to kill the zombie processes, anyway to see why syslog is taking up all my CPU? All the logs aren't showing more traffic than normal.
I really want to avoid a reboot.
-
looks like the zombies were all from bandwidthd, uninstalled and they all went away. looks like syslog is my problem now, and in particular the IPSEC log is really getting hammered.
Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21) Nov 4 14:02:54 racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19) Nov 4 14:02:54 racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18) Nov 4 14:02:54 racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=17) Nov 4 14:02:54 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=16) Nov 4 14:02:54 racoon: INFO: ::1[500] used as isakmp port (fd=15) Nov 4 14:02:54 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=14) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9c%vlan0[500] used as isakmp port (fd=13) Nov 4 14:02:54 racoon: [Self]: INFO: 10.10.0.1[500] used as isakmp port (fd=12) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21) Nov 4 14:02:54 racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19) Nov 4 14:02:54 racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18) Nov 4 14:02:54 racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=17) Nov 4 14:02:54 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=16) Nov 4 14:02:54 racoon: INFO: ::1[500] used as isakmp port (fd=15) Nov 4 14:02:54 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=14) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9c%vlan0[500] used as isakmp port (fd=13) Nov 4 14:02:54 racoon: [Self]: INFO: 10.10.0.1[500] used as isakmp port (fd=12) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21) Nov 4 14:02:54 racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20) Nov 4 14:02:54 racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19) Nov 4 14:02:54 racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)Do i need to force racoon to only use one interface? kind of at a loss now.