Puzzling CPU Usage
-
@LPD7 said in Puzzling CPU Usage:
"exiting on signal" and "now monitoring attacks"
these are normal
sometimes see the PID message 16962 about a memory issue
this one and it says "cannot allocate memory" --- look in pfblockerng.log and you might find the table is overflowing
look for lines near the end of the last list update , something like this - what do you see?pfSense Table Stats ------------------- table-entries hard limit 600000 Table Usage Count 142826
notice the error references the same list I asked about here..
@jrey said in Puzzling CPU Usage:
are all the alias pfb lists that you are building actually used in a rule ?
in particular pfb_NAmerica_v4 is that in an Allow or Deny Rule? -
@jrey Thanks Jrey, I noticed in the log that the only message is " ASN Token not defined. Terminating Download. " and nothing more. I see a number of feeds that show the asn token not defined message and dont recall these feeds requiring one. I am going to look at them and see if I can suss out the problem. I reached the max uploads so I have posted what I can from the logs. I need to look into your alias question, I know the feeds are capturing packets as indicated in the dashboard but how they are configured is not something I looked at, just inferred once the feed was setup the filtering would just happen. I will upload what I can find, not something I looked at before.
Log entries:
Update: As per your question regarding lists/rules for the feeds yes based on what I can take from the below SS they are being blocked, rejected, and matched, does this answer your question?
-
@jrey said in Puzzling CPU Usage:
something like this - what do you see?
pfSense Table Stats
table-entries hard limit 600000
Table Usage Count 142826
notice the error references the same list I asked about here..Some interesting things in the log parts you have provided, but I don't think you went down far enough (or at least I'm not seeing this section in what you provided)
it should be very close to (if not just before the logging of UPDATE PROCESS ENDED.)What exactly is your expectation for the NAmerica rule at the top of the rules list?