Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall log compression cause high CPU in pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.8k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      adelaide_guy
      last edited by adelaide_guy

      Hi, Everyone.

      I hope you can help me with my issue. I have pfsense and on the dashboard it is showing 100% CPU utilization and it is not going away. I perform “top -aSH” and below is the screenshot of the result

      mRemoteNG_zXvzkYyODT.png

      which shows 3 insstance “bzip2 -f /var/log/filter” and 1 instance of “/usr/local/sbin/filterlog” are all running at 67%.

      I have tried the following to try to fix this:

      1. reset log files
      2. restart pfsense
      3. turn off the system log daemon
      4. disable send logs to remote syslog server
      5. Increase log rotation count to 15

      But none work, any suggestion that may help fix this issue?

      Device information:
      Pfsense is installed in a protectli box with disk capacity of 250 GB and using Pfsense+ 22.01

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        It's because your firewall logs are filling so fast the log rotation starts to take as long as they are filling. So you can do a number of things to mitigate it.

        Disable log compression, 250GB is not going to be used up any time soon.

        Increase the log file size for the filter log so it doesn't have to rotate so often.

        Stop logging as much in the firewall. If it's all just external hits on the WAN you might choose to stop logging the default block rule or to add your own block rule on WAN without logging.

        Steve

        A 2 Replies Last reply Reply Quote 0
        • A Offline
          adelaide_guy @stephenw10
          last edited by

          @stephenw10

          Hi, Stephen.

          Thanks for the advice, I will try this as soon as I can.

          1 Reply Last reply Reply Quote 0
          • A Offline
            adelaide_guy @stephenw10
            last edited by

            @stephenw10

            Thank you for pointing out that my firewall is generating a lot of logs. I have checked firewall logs and found out that my home assistant is causing the problem. Because I have configure DoH blocking in pfblocker, and this is what being triggered. I have disabled the logging for this and that fixed the problem.

            Again thank you so much for the big help.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.