Firewall log compression cause high CPU in pfsense
-
Hi, Everyone.
I hope you can help me with my issue. I have pfsense and on the dashboard it is showing 100% CPU utilization and it is not going away. I perform “top -aSH” and below is the screenshot of the result
which shows 3 insstance “bzip2 -f /var/log/filter” and 1 instance of “/usr/local/sbin/filterlog” are all running at 67%.
I have tried the following to try to fix this:
- reset log files
- restart pfsense
- turn off the system log daemon
- disable send logs to remote syslog server
- Increase log rotation count to 15
But none work, any suggestion that may help fix this issue?
Device information:
Pfsense is installed in a protectli box with disk capacity of 250 GB and using Pfsense+ 22.01 -
It's because your firewall logs are filling so fast the log rotation starts to take as long as they are filling. So you can do a number of things to mitigate it.
Disable log compression, 250GB is not going to be used up any time soon.
Increase the log file size for the filter log so it doesn't have to rotate so often.
Stop logging as much in the firewall. If it's all just external hits on the WAN you might choose to stop logging the default block rule or to add your own block rule on WAN without logging.
Steve
-
-
Thank you for pointing out that my firewall is generating a lot of logs. I have checked firewall logs and found out that my home assistant is causing the problem. Because I have configure DoH blocking in pfblocker, and this is what being triggered. I have disabled the logging for this and that fixed the problem.
Again thank you so much for the big help.
