High Memory Usage
-
Hi, I am experiencing a high memory usage which I am not sure if it is normal. I have installed the following packages:
squid3-dev
squidGuard-squid3
havp
snortOther than installing packages, I did not do much except to get all the services running.
This is my dashboard:
This is my System Activity:
Is this normal? I was hoping it could be under 500mb.
Thanks in advance for any help.
-
memory cache?
-
Doesn't seem unusually high given all the packages you're running. I imagine Snort is using the most but it's not in the process list. Try running 'vmstat -m' at the console.
Steve
-
How do I see how much memory cache is using or how do I clear cache?
I noticed in System Activity there are 2 clamd processes, is it correct?
I am trying to use pfSense as a UTM, can you advise me on the packages that I have to install?
These are the results from vmstat -m. I have removed those that uses less than 20K of memory.
$ vmstat -m
Type InUse MemUse HighUse Requests Size(s)
filedesc 128 95K - 1715243 16,32,64,512,1024,2048,4096
linker 215 803K - 234 16,32,64,128,256,512,2048,4096
temp 46 685K - 4299978 16,32,64,128,256,512,1024,2048,4096
devbuf 307 566K - 314 16,32,64,128,256,512,1024,2048,4096
subproc 188 402K - 923297 512,4096
sysctloid 2608 129K - 2648 16,32,64,128
bus-sc 31 67K - 1488 16,32,64,128,256,512,1024,2048,4096
bus 965 80K - 3039 16,32,64,128,256,512,1024
kobj 326 1304K - 395 4096
msg 4 89K - 4 1024
shm 5 28K - 40 2048
pcb 44 158K - 3485 16,32,64,128,1024,2048,4096
biobuf 11 22K - 3826 2048
vfscache 1 1024K - 1
vfs_hash 1 512K - 1
BPF 23 148K - 28 16,128,512,4096
ifaddr 76 23K - 77 32,64,256,512,2048,4096
clone 15 60K - 15 4096
DEVFS1 73 37K - 76 512
DEVFS3 173 44K - 177 256
hostcache 1 28K - 1
syncache 1 96K - 1
ipsecpolicy 98 25K - 797024 256
inodedep 1 512K - 2 256
pagedep 1 128K - 2 128
ufs_mount 9 20K - 9 512,2048,4096
vm_pgdata 2 129K - 2 128
ddb_capture 1 48K - 1
GEOM 63 19K - 514 16,32,64,128,256,512,1024,2048
acpica 2072 233K - 24473 16,32,64,128,256,1024,4096
entropy 1024 64K - 1024 64
solaris 103 4359K - 105 16,64,128,1024 -
Sorry, I've given you bad info there. :-[
Try running 'ps -auxm' to see what processes are eating your RAM.Steve
Edit: Or sort the top output by size with 'top -aSHo size'
-
Looks fine to me…
-
clamav is using the bulk of your RAM from the looks of that. That's probably normal if you're running all your web traffic through it via Squid, though can't say I've messed with squid3+clamav enough to tell you definitively.
-
Sorry, I've given you bad info there. :-[
Try running 'ps -auxm' to see what processes are eating your RAM.Steve
Edit: Or sort the top output by size with 'top -aSHo size'
[/quote]Output of "ps -auxm"
Only these 2 stands out (the rest uses less than 3%) and I believe both are using clamd stored in different folders as shown in System Activity.
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
clamav 13374 0.0 14.5 335068 300468 ?? Is Wed02AM 0:08.43 /usr/pbi/squid-amd64/sbin/clamd{clamd}
root 87412 0.0 14.5 335104 300868 ?? Is Wed02AM 0:08.37 /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf{clamd}Output of "top -aSHo size"
last pid: 3909; load averages: 0.00, 0.00, 0.00 up 2+03:52:23 06:39:31
151 processes: 2 running, 136 sleeping, 13 waitingMem: 734M Active, 48M Inact, 173M Wired, 600K Cache, 127M Buf, 1009M Free
Swap: 1920K Total, 1920K FreePID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND
34798 root 64 20 364M 74164K bpf 0:10 0.00% /usr/pbi/snort-amd64/bin/snort -R 54882 -D -q -l /var/log/
34798 root 64 20 364M 74164K nanslp 0:03 0.00% /usr/pbi/snort-amd64/bin/snort -R 54882 -D -q -l /var/log/
87412 root 44 0 327M 294M select 0:08 0.00% /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf{clamd}
87412 root 44 0 327M 294M select 0:00 0.00% /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf{clamd}
13374 clamav 44 0 327M 293M select 0:08 0.00% /usr/pbi/squid-amd64/sbin/clamd{clamd}
13374 clamav 68 0 327M 293M select 0:00 0.00% /usr/pbi/squid-amd64/sbin/clamd{clamd}
19289 root 44 0 150M 41724K piperd 0:02 0.00% /usr/local/bin/php{php}
6414 root 76 0 148M 38332K nanslp 0:06 0.00% /usr/local/bin/php
35844 root 76 0 144M 22968K wait 0:00 0.00% /usr/local/bin/php
29329 root 76 0 144M 22924K wait 0:00 0.00% /usr/local/bin/php -
Hi, I am experiencing a high memory usage which I am not sure if it is normal. I have installed the following packages:
squid3-dev
squidGuard-squid3
havp
snortIs this normal? I was hoping it could be under 500mb.
Thanks in advance for any help.
Diagnostics, system activity will show how much ram is being used. I can see snort and other services running in there, snort is showing its using about 630M, but every so often it appears twice on this page for less than a second as if a new process is starting up and the other one is being killed off.
I've found 2Gb of ram to be a bit restrictive when experimenting with configs in a vm, so I give the sample config pfsense vm's 8Gb as standard now, that way I dont get any unexpected problems like Snort interfaces failing to start.
-
Ah, there's Snort and it's using quite a bit. I agree that some of those processes are shown twice (same PID). We know the total memory usage is ~1GB and the totals shown are greater than that.
Anyway I don't think you're seeing unusually high memory usage given the packages you're running.Steve
-
You can easily get Snort to use a lot of memory. With the settings I had before it used up to 4 GB of memory. With my current setup it's using 808 MB of memory with php-fpm being second highest user at 207 MB.
-
With Snort, set the Memory setting to: AC-BNFA-NQ. Also make sure that you don't manually click the start/stop interfaces icons while Snort is attempting to start as this can lead to duplicate pids.
pgrep snort
This command should only show one pid per interface.
