99% Memory Useage

Snowaks

So where to start well I have been running Pfsense for about 8 years now. the Problem I Am running in to is after a reset I get to about 99% memory Usage
and the network become's unstable a restart or setting Ram dsik fix's this. I can set up a Ram Disk but it gets used up. If i set up a ram disk does not use all my memory. This was a fresh install then backup applied . What happend was I did a hardware swap and then had a bad disk.
The hardware I came from was a Dell 2900v3 2x Xeon 4 cores Also due to to much power usage.
That's when this Problem start the old system did have 58Gb ECC of Ram.

New Harware Specs:
AMD 6 Core FX-6300
ASUS M5A99FX
32Gb Crucial DDR3 ECC Non Reg
4 Port Intel Nic
3x2Tb HDD In Raidz1 Setup as a ZFS Raid.

States are At Default setting so are Mbufs.

Packages:
Suricata
PfblockerNG
Removed: Squid Proxy to help with memory usage

!

A Former User

First things first, it would really help if you used some of the tools up the top there are applied a tiny bit of formatting to your text so it's easy to read.

At the moment it's a giant wall of text, with many spelling errors, bad formatting and honestly, it's almost impossible to read and understand.

If it's running out of memory, the first thing to do would be to post the output of any logs that show this. What's the output of vmstat -h ? You'll have to run it from the CLI.
What does top show you? Do you have hundreds of processes?

If you're not sure how to parse the output of those commands, that's fine, paste them here.
PLEASE PLEASE PLEASE paste them using the "code" formatting button above, the </>
Otherwise it becomes a horrid wall of text that's impossible to read.
It should look like this:

[2.4.3-RELEASE][admin@wallbanger]/root: vmstat -h
procs  memory       page                    disks     faults         cpu
r b w  avm   fre   flt  re  pi  po    fr   sr md0 md1   in    sy    cs us sy id
1 0 0 1.1G  647M   666   0   0   1   839   11   0   0  206   884   766  0  1 99

etc.

I hope this helps - please take the time to clearly explain the problem etc - read back over what you've written before submitting it, make sure it's clear, so that it'll be much easier for us to help you.

Cheers,
El Muppo.

Snowaks

Sorry about that Edited and Fixed I hope. I know I can make some walla of text and it sounds like I am a mad man. Yeah my spelling & Grammar are pretty bad Only have around a 8th grade spelling level Thanks to public school... when I concentrate.

xciter327

I've had this happen to me too. It was something between pfblocker and unbound. Try updating pfblocker to lates "development" version. I can vouch it works great. That interacts much better with unbound.

Snowaks

Well do thanks will update if it fix's it just did this Going to have to do a Power Button reset as it produced this error. Fatal error: Call to undefined function pfb_alerts_default_page() in /usr/local/www/pfblockerng/pfblockerng_general.php on line 96 PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_general.php, Line: 96, Message: Call to undefined function pfb_alerts_default_page() And the Remote Client Is frozen.

Crash report:
Crash report begins. Anonymous machine information:
amd64
11.1-RELEASE-p10
FreeBSD 11.1-RELEASE-p10 #13 r313908+293707af843(RELENG_2_4): Thu May 10 15:09:24 CDT 2018 root@buildbot2.netgate.com:/builder/ce-243/tmp/obj/builder/ce-243/tmp/FreeBSD-src/sys/pfSense
Crash report details:
PHP Errors:
[18-Sep-2018 13:41:28 America/Chicago] PHP Fatal error: Call to undefined function pfb_alerts_default_page() in /usr/local/www/pfblockerng/pfblockerng_general.php on line 96
No FreeBSD crash data found.

Error after reboot but memory is at 10%.

0_1537296839475_PHP_errors.log.gz

other then the error it seems like this is the fix.

Snowaks

Well update after about 1h and siting around 38% memory used but will see to night when my power user's log on and start to hit the network hard.
Still Having the crashing problem but it is not freezing the Remote UI like it was doing at the start of the PfblockerNG update.
Also I had a question is it useful to run var as a ram disk? Or do you only see this being usefully in heavy network utilization environments?

A Former User

@snowaks You first post looks much better, thanks, I'm sorry I hope I didn't come across as rude.

The only reason to run var as a RAM disk is if you're worried about disk writes on a SDCard or similar. If you're running this on a decent SSD/hard disk then I wouldn't bother doing it, keep the RAM for something useful.

Snowaks

ok update seem's to have level off at 80% witch is ok Will update after 2 day's.
Still getting a Crash report but none of my system & network seem to not be affected.
Remote UI still works, All packages are up and ruining I may have to do some tuning to
get squid up and ruining. So I can see what amount of ram I will have left over to be used with squid.

xciter327

I think it's still broken. Under no condition should unbound use this much memory. Try running it with pfblocker disabled. If memory stays low, post an issues in the pfblocker section.

BBcan177

@snowaks said in 99% Memory Useage:

So where to start well I have been running Pfsense for about 8 years now. the Problem I Am running in to is after a reset I get to about 99% memory Usage
and the network become's unstable a restart or setting Ram dsik fix's this. I can set up a Ram Disk but it gets used up. If i set up a ram disk does not use all my memory. This was a fresh install then backup applied . What happend was I did a hardware swap and then had a bad disk.
The hardware I came from was a Dell 2900v3 2x Xeon 4 cores Also due to to much power usage.
That's when this Problem start the old system did have 58Gb ECC of Ram.

Check out the following reddit thread and see if that helps:
https://www.reddit.com/r/PFSENSE/comments/9g9csi/pfblockerngdevel_high_cpu_usage/

Also try running the following top command:

top -aSH

Snowaks

Should I Do a restart after disable of Pf blocker ? Will take a look at the reddit post thanks guys!
Do you think the Cpu problem is just like the Ram one ? Hey I will try any thing with in reason.
My best fix yet is to set var/ to as a ram disk and it does not allow it to go over the set parameter.
Will Disable and update my post It takes around 2-3 day's to for the memory to hit 99%.
I change Cron to 4h set logging on unbound to level 3 as it was on level 2.

unbound-control -c /var/unbound/unbound.conf status (Edit2)

Snowaks

PFblockerNG Off for 1 day still showing 90% Plus

Snowaks

@bbcan177 said in 99% Memory Useage:

top -aSH

I mist your command as it was in black.

xciter327

Are Your sure it's not Surricata eating all the RAM?

P.S. - You could install htop with "pkg install htop". Might need a reboot to work(for me at least). There you can check in real time what's going on.

BBcan177

@xciter327 said in 99% Memory Useage:

Are Your sure it's not Surricata eating all the RAM?

Yes its definately Suricata .. you can see several PIDs for the same interface...

If you are using the package "Service Watchguard", do not add Snort/Suricata as it will try to restart the package when cron is updating the rules leading to phantom processes.

Snowaks

@bbcan177 @xciter327

I have used it in the past have not reinstalled it. Do to the memory problem and read some where about cron and problems with it
I can disable Suricata and will still get 99% I mean I may Be mistaken and end up with my foot in my mouth.
I will also do a reboot to clear the used Ram as this is the only way I have found to get it to back to normal.
If so I think it would be a good idea to add in a memory setting in general to only control the packages amount of Max used Ram?
I will Disable Suricata and add screen shots.

PS Is there a way to set per a package max used Ram in tunables?

Snowaks

@snowaks said in 99% Memory Useage:

top -aSH

xciter327

With Suricata disabled, do a reboot to make sure it's all clean.

P.S. - this is not related, but why run both unbound and dns forwarder?

Snowaks

I was Under the understanding that Unbound was for internal traffic Lan and forward was for Wan side incoming.
I had some problems get stuff to see some stuff from the outside the network
Did not matter what firewall rule/port forwarding I added. I read some where that you should enable
forwarder I did and the traffic worked. So I prayed to the Pfsense gods and walked a way with it up and happy.
Plex was the problem Program.

MoonKnight

@snowaks said in 99% Memory Useage:

I was Under the understanding that Unbound was for internal traffic Lan and forward was for Wan side incoming.
I had some problems get stuff to see some stuff from the outside the network
Did not matter what firewall rule/port forwarding I added. I read some where that you should enable
forwarder I did and the traffic worked. So I prayed to the Pfsense gods and walked a way with it up and happy.
Plex was the problem Program.

Hi,

Have you tried a clean install, without using your backup config?
Then just change your settings manually and add one package at the time.