High guys, fairly new hear. I build this Pfsense box (ver. 2.2 9/24/13) a little while ago and it's been running great. However I've had some issues.
Originally I had a Intel Celeron g1610 dual core CPU running with 4gb of ram and a 6gb SSD plugging along with packages apinger, dhcpd, dnsmasq, miniupnpd, ntpd, nut, openvpn, and the load snort.
I have a 50 down and 5 up internet source from time warner, and during heavy torrenting I was seeing 100% cpu usage.
So I upgraded my cpu to a intel i3-3240 and most of the time it stays around 30-40 CPU load.
I checked yesterday while doing some light torrenting and was using around 30 down and 2.5 up and my CPU was pegged at 100% and ram was around 88%????
Now I know snort is heavy on cpu, and I know my CPU load is dependent on throughput, however what is ram related to? Why is my cpu load increasing so high recently? Also (on a further note which I don't believe is related to CPU usage) my NTP clock sync service stops randomly sometimes? The log shows all kinds of things like can't find host, no servers can be used exiting, giving up on time sync after 3 attempts, listen and drop, listen normal <-many things I'm not familiar with.
I'm loving this machine so far, just a few problems. I use this machine at home, and have it set to NAT and only have a few rules for RDP and a couple web cams.
Any help would be great, or points to where to look would be great. I don't want to upgrade to an intel i5 if I don't have to.
For a 50/5 connection your original CPU should be fine. That is capable of >1Gbps of Firewall/NAT.
Before you loaded Snort I assume your CPU was barely above idle?
Snort is very dependent on how you tune it. If you load up every rule set there is it will eat CPU and RAM at a massive rate!
4GB of RAM should be fine but does your dashboard show any swap usage? That will destroy performance.
The other thing is have you enabled powerd? If you have any sort of power saving features enabled then you might be seeing 100% of some lower, reduced power CPU speed. Although at 100% it should be ramping up to max speed.
My money would be on Snort not tuned at all.
ntpd can behave strangely at the best of times. Make sure you've given it at least 4 upstream ntp servers to check against. If you do have power saving enabled you may be running into a cpu clock issue depending on what timecounter is selected. I won't go into that now. ;)
Thanks for giving me some interesting things to think about and to look at. I will tinker around a bit, never considered looking at power settings because all cores showed 50c. Which now that i think about it is prob on the low side for 100%.