Disk usage 80-95% and squid nearly 100% CPU
-
Hi,
my disk usage is very high between 80% and 95%
Further the squid process is running with nearly 100% CPU[2.0-RC1][admin@pfsense2.hpa]/tmp(7): df -h Filesystem Size Used Avail Capacity Mounted on /dev/da0s1a 57G 45G 7.8G 85% / devfs 1.0K 1.0K 0B 100% /dev /dev/md0 3.6M 48K 3.3M 1% /var/run devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev [2.0-RC1][admin@pfsense2.hpa]/tmp(8): top last pid: 24984; load averages: 1.03, 0.96, 0.86 up 0+00:37:24 22:28:22 47 processes: 2 running, 45 sleeping CPU: 10.9% user, 0.0% nice, 15.1% system, 0.5% interrupt, 73.4% idle Mem: 114M Active, 3073M Inact, 557M Wired, 116M Cache, 416M Buf, 57M Free Swap: 8192M Total, 140K Used, 8192M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 18878 proxy 1 118 0 41872K 25120K CPU0 0 2:49 98.68% squid 36089 root 1 57 0 102M 17416K accept 2 0:05 0.00% php 36122 root 1 76 0 102M 15728K accept 1 0:05 0.00% php 48654 root 1 76 0 102M 18856K accept 1 0:01 0.00% php 40927 root 1 76 0 102M 16004K accept 0 0:01 0.00% php 33800 root 1 44 0 23716K 3616K kqread 1 0:01 0.00% lighttpd 29263 root 1 44 0 5836K 1392K select 1 0:01 0.00% apinger 5794 root 1 76 20 8292K 1400K wait 1 0:00 0.00% sh 50802 dhcpd 1 44 0 10544K 6172K select 1 0:00 0.00% dhcpd 35455 root 1 69 0 100M 8720K wait 2 0:00 0.00% php 34342 root 1 76 0 100M 8788K wait 3 0:00 0.00% php 36714 root 1 53 0 666M 13056K select 2 0:00 0.00% radiusd 14438 root 1 76 0 19492K 1604K wait 3 0:00 0.00% login 3963 root 1 44 0 26140K 3412K select 1 0:00 0.00% sshd 59231 root 1 48 0 8292K 1352K wait 3 0:00 0.00% sh 18351 root 1 44 0 11768K 2112K bpf 2 0:00 0.00% tcpdump 36940 _ntp 1 44 0 5832K 1384K select 1 0:00 0.00% ntpd 26859 root 1 44 0 8284K 2524K pause 1 0:00 0.00% tcsh 28441 root 1 44 0 9364K 2224K CPU2 2 0:00 0.00% top 13842 root 2 44 0 7084K 1252K nanslp 3 0:00 0.00% sshlockout_pf 25914 root 1 44 0 9036K 1464K select 0 0:00 0.00% inetd 22006 root 2 44 0 7084K 1256K nanslp 1 0:00 0.00% sshlockout_pf 23832 root 2 44 0 7084K 1244K nanslp 1 0:00 0.00% sshlockout_pf 249 root 1 64 20 8000K 1140K kqread 1 0:00 0.00% check_reload_status 22046 root 1 76 0 8292K 1604K wait 1 0:00 0.00% sh 52862 root 1 44 0 6996K 1516K select 2 0:00 0.00% syslogd 6990 root 1 44 0 7980K 1428K nanslp 2 0:00 0.00% cron [2.0-RC1][admin@pfsense2.hpa]/tmp(9):A reboot of pfsense didn't solve. A complete uninstallation of squid and a reboot didn't solve it.
This is my squid.conf# Do not edit manually ! http_port 172.17.0.1:3128 http_port 127.0.0.1:80 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/German icon_directory /usr/local/etc/squid/icons visible_hostname hpa cache_mgr rbs.hpa@polizei.hessen.de access_log /dev/null cache_log /var/squid/log/cache.log cache_store_log none logfile_rotate 1 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 172.17.0.0/255.255.252.0 httpd_suppress_version_string on uri_whitespace encode cache_mem 1024 MB maximum_object_size_in_memory 512 KB memory_replacement_policy heap LFUDA cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 10240 128 256 minimum_object_size 0 KB maximum_object_size 204800 KB offline_mode off cache_swap_low 80 cache_swap_high 90 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? cache deny dynamic http_access allow manager localhost # Allow external cache managers acl ext_manager_1 src 172.17.0.1 http_access allow manager ext_manager_1 http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Custom options refresh_pattern -i .*adobe\.com/.*\.(exe|msi) 4320 100% 43200 reload-into-ims refresh_pattern -i .*apple\.com/.*\.(pkg|dmg) 8640 100% 86400 reload-into-ims refresh_pattern -i .*microsoft\.com/.*\.(cab|exe|msi|msp) 8640 100% 86400 reload-into-ims refresh_pattern -i .*windowsupdate\.com/.*\.(cab|exe|msi|msp) 8640 100% 86400 reload-into-ims refresh_pattern -i .*ubuntu\.com/.*\.(tar|bz|bz2|gpg|gz|zip|deb) 8640 100% 86400 reload-into-ims refresh_pattern -i ^ftp: 1440 20% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 range_offset_limit -1 # Default block all to be sure http_access deny allThe other package is freeradius.
Why is this happening ? Found some old threads where the conclusion was "an open file was deleted" or so on.
How could I find out which file it is ?Thanks for your help.
-
Removing the squid package does not remove the squid cache directory. If you want to remove that, you have to manually do this:
rm -rf /var/squid/Which will delete all of the logs, cache, etc.
If you want to track down what is using the space, use the "du" command, like so:
du -kd 1 /And then see which one is using the most space, go in there, and repeat that command until you find it. You can use du without the "-d 1" to get a complete output, but it can be harder to sort through and interpret the whole thing instead of doing it level by level.
-
Thanks for your feedback. I will try this in the future if the problem occures again.
But for now I did a complete reinstallation because in the past I installed and reinstalled many package and so on and I think its good to know to have a clean system and a clean config.xml file to work with ;-)
