Bribing pfSense
-
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
Thanks Igor. I just test that, and created a screenshot.
-
@Mr.:
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
Thanks Igor. I just test that, and created a screenshot.
That's ungodly big config backup.
-
Ok, I saw your 'top'.
snort and squid eat already 45% of your CPU time.
Note that you have some zombies to ( 8) . THis means processes are crashing in your box.
But all this isn't very conclusive for me.This might a be a nasty one: you have a boatload of packages running or your box.
I guess it might be worth the shot to disable them all, enable one by one and see when the GUI (simple web server+ PHP) starts slowing down.It can't be your hardware, you have more horse power in the box as I have, but still, the "software load" bogs it down …
Thanks GertJan ;D
(Bedaankt :-* ).
I may have pasted the top while Snort was updating. Here's another one:
last pid: 411; load averages: 0.40, 0.37, 0.29 up 0+04:45:25 19:22:51 65 processes: 1 running, 58 sleeping, 6 zombie CPU: 4.3% user, 0.0% nice, 4.3% system, 0.8% interrupt, 90.6% idle Mem: 361M Active, 2169M Inact, 1213M Wired, 528K Cache, 2104M Buf, 12G Free Swap: 32G Total, 32G Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 14853 root 8 20 0 1984M 1881M uwait 0 6:28 3.47% suricata 22287 root 15 20 0 219M 93032K nanslp 0 1:38 2.98% ntopng 76817 root 1 20 0 21988K 3152K CPU0 0 0:02 0.10% top 14138 root 150 20 0 193M 21948K uwait 0 0:26 0.00% filterdns 23911 root 1 20 0 14656K 2436K select 1 0:20 0.00% syslogd 96188 nobody 1 20 0 19060K 3516K select 1 0:12 0.00% darkstat 63665 root 1 20 0 21720K 5892K select 0 0:08 0.00% openvpn 30669 root 1 20 0 12456K 2180K select 1 0:06 0.00% apinger 71884 unbound 2 20 0 88488K 32732K kqread 1 0:06 0.00% unbound 17917 root 3 52 0 24572K 4716K uwait 0 0:03 0.00% redis-server 49979 dhcpd 1 20 0 24812K 13732K select 1 0:02 0.00% dhcpd 39033 root 1 20 0 50788K 7796K kqread 0 0:02 0.00% lighttpd 66015 root 1 20 0 21720K 5920K select 0 0:02 0.00% openvpn 65501 root 2 20 0 783M 386M nanslp 1 0:01 0.00% snort 99052 root 1 20 0 14540K 2080K select 1 0:01 0.00% powerd 79354 root 1 52 20 17136K 2708K wait 1 0:01 0.00% sh 249 root 1 20 0 224M 23864K kqread 1 0:01 0.00% php-fpm 89390 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 91338 root 1 20 0 55720K 7528K bpf 0 0:01 0.00% bandwidthd 90609 root 1 20 0 55720K 7528K bpf 0 0:01 0.00% bandwidthd 89470 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 91063 root 1 20 0 55720K 7588K bpf 1 0:01 0.00% bandwidthd 90317 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 90849 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 27472 root 1 20 0 16804K 2340K bpf 1 0:01 0.00% filterlog 89712 root 1 20 0 55720K 7588K bpf 1 0:01 0.00% bandwidthd 26816 root 1 20 0 28164K 18052K select 1 0:00 0.00% ntpd 14226 root 1 52 0 16664K 2524K nanslp 1 0:00 0.00% cron 6133 root 1 20 0 43604K 6296K select 0 0:00 0.00% mpd5 99043 uucp 1 20 0 18832K 2580K nanslp 1 0:00 0.00% upsmon 30999 root 1 20 0 28344K 3004K piperd 1 0:00 0.00% rrdtool 40664 root 1 20 0 55624K 6216K select 1 0:00 0.00% sshd 40320 root 6 20 0 737M 16308K usem 0 0:00 0.00% radiusd 264 root 1 40 20 19024K 2580K kqread 1 0:00 0.00% check_reload_status 28002 root 1 20 0 18780K 2344K select 1 0:00 0.00% inetd 277 root 1 20 0 13164K 4464K select 0 0:00 0.00% devd 41275 root 1 24 0 17136K 2756K wait 0 0:00 0.00% sh 40969 root 2 20 0 14748K 2312K nanslp 1 0:00 0.00% sshlockout_pf 54468 root 1 47 0 12404K 2008K nanslp 1 0:00 0.00% minicron 43186 root 1 35 0 17476K 3856K pause 1 0:00 0.00% tcsh 41378 root 1 52 0 17136K 2664K wait 1 0:00 0.00% sh 7016 root 1 20 0 32420K 5228K select 0 0:00 0.00% sshd 72822 root 1 20 0 12408K 2224K kqread 0 0:00 0.00% dhcpleases 42562 root 1 20 0 43568K 2800K wait 0 0:00 0.00% login 58733 root 2 20 0 14748K 2312K nanslp 0 0:00 0.00% sshlockout_pf 7202 root 2 20 0 14748K 2220K nanslp 0 0:00 0.00% sshlockout_pf 42883 root 1 21 0 17136K 2776K wait 1 0:00 0.00% sh 42916 root 1 52 0 17136K 2660K ttyin 0 0:00 0.00% sh 20251 root 1 21 0 224M 23868K accept 0 0:00 0.00% php-fpm 18833 nagios 1 52 0 23180K 4956K select 1 0:00 0.00% nrpe2 98998 root 1 52 0 18832K 2552K piperd 0 0:00 0.00% upsmon 54781 root 1 20 0 12404K 2008K nanslp 0 0:00 0.00% minicron 411 root 1 52 20 8304K 1952K nanslp 0 0:00 0.00% sleep 96433 nobody 1 52 0 19060K 2396K sbwait 0 0:00 0.00% darkstat 54289 root 1 20 0 12404K 1996K wait 1 0:00 0.00% minicron 54475 root 1 21 0 12404K 1996K wait 1 0:00 0.00% minicron 55145 root 1 21 0 12404K 1996K wait 1 0:00 0.00% minicron 266 root 1 52 20 19024K 2404K kqread 1 0:00 0.00% check_reload_status 55546 root 1 20 0 12404K 2008K nanslp 1 0:00 0.00% minicronThat is showing the machine is doing very little?
How can I kill the zombies ( ;D ;D ;D )?
-
@Mr.:
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
Thanks Igor. I just test that, and created a screenshot.
That's ungodly big config backup.
'tIs a feature, not a bug ( ;D ;D ;D ).
I don't know, perhaps it's BB's pfblockerNG tables that are being backupped too? (I don't know :-[ ).
-
@Mr.:
'tIs a feature, not a bug ( ;D ;D ;D ).
I don't know, perhaps it's BB's pfblockerNG tables that are being backupped too? (I don't know :-[ ).
[/quote]Nope, it's not a feature. It's a result of very poor pfSense config. We offer paid support exactly to prevent that : )
