Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lot of PHP processes

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      musicwizard
      last edited by

      Hi

      i am running 2.3-RELEASE (amd64)
      built on Mon Apr 11 18:10:34 CDT 2016
      FreeBSD 10.3-RELEASE

      but when i do a TOP i see this and maybe a lot more php's

      18292 root        3  40  20  1312M  707M sbwait  1  35:04  2.69% snort
      57638 root        1  52    0  262M 35748K accept  0  0:00  0.39% php-fpm
      18661 root        2  40  20  857M  456M nanslp  3 325:32  0.00% snort
      18859 root        1  20    0 16676K  2744K bpf    1  13:47  0.00% filterlog
      50237 root        1  20    0  224M 34120K nanslp  2  12:27  0.00% php
      7977 root        1  20    0  224M 34136K nanslp  1  12:26  0.00% php
      49823 root        1  20    0  224M 34136K nanslp  2  12:25  0.00% php
      31236 root        1  20    0  224M 34108K nanslp  0  12:19  0.00% php
      24484 root        1  20    0  224M 34080K nanslp  1  12:16  0.00% php
      14219 root        1  20    0  224M 34092K nanslp  1  12:16  0.00% php
      31160 root        1  20    0  224M 34128K nanslp  0  12:15  0.00% php
      66238 root        1  20    0  224M 34104K nanslp  1  12:15  0.00% php
      75871 root        1  20    0  224M 34104K nanslp  3  12:14  0.00% php
      13952 root        1  20    0  224M 34136K nanslp  3  12:14  0.00% php
      83219 root        1  20    0  224M 34152K nanslp  2  12:14  0.00% php
      6850 root        1  20    0  224M 34148K nanslp  3  12:13  0.00% php
      93653 root        1  20    0  224M 34076K nanslp  3  12:13  0.00% php
      80756 root        1  20    0  224M 34148K nanslp  3  12:13  0.00% php
      9774 root        1  20    0  224M 34116K nanslp  0  12:12  0.00% php
      20323 root        1  20    0  224M 34152K nanslp  0  12:08  0.00% php
      27378 root        1  20    0  224M 34132K nanslp  0  12:07  0.00% php
      35122 root        1  20    0  224M 34136K nanslp  1  12:07  0.00% php
      94768 root        1  20    0  224M 34152K nanslp  0  12:06  0.00% php
      94540 root        1  20    0  224M 34160K nanslp  3  12:06  0.00% php
      96485 root        1  20    0  224M 34152K nanslp  0  12:05  0.00% php
      44822 root        1  20    0  224M 34156K nanslp  2  12:04  0.00% php
      3795 root        1  20    0  224M 34152K nanslp  0  12:04  0.00% php
      49130 root        1  20    0  224M 34144K nanslp  0  12:03  0.00% php
      34714 root        1  20    0  224M 34148K nanslp  0  12:02  0.00% php
      43064 root        1  20    0  224M 34156K nanslp  3  11:32  0.00% php
      17358 root        1  20    0  224M 34124K nanslp  0  11:32  0.00% php
      53647 root        1  20    0  224M 34152K nanslp  0  11:31  0.00% php
      53053 root        1  20    0  224M 34144K nanslp  0  11:31  0.00% php
      38852 root        1  20    0  224M 34136K nanslp  1  11:30  0.00% php
      36567 root        1  20    0  224M 34144K nanslp  1  11:30  0.00% php
      10193 root        1  20    0  224M 34128K nanslp  0  11:29  0.00% php
      43540 root        1  20    0 14516K  2316K select  0  11:01  0.00% syslogd
      57781 root        1  20    0  224M 34080K nanslp  2  10:10  0.00% php
      36751 root        1  20    0  224M 34088K nanslp  0  10:09  0.00% php
      88497 root        1  20    0  224M 34092K nanslp  2  10:09  0.00% php
      84759 root        1  20    0  224M 34084K nanslp  0  10:07  0.00% php
      57495 root        1  20    0  224M 34084K nanslp  3  10:07  0.00% php
      88021 root        1  20    0  224M 34072K nanslp  3  10:05  0.00% php
        194 root        1  20    0  224M 34068K nanslp  0  10:04  0.00% php
      43344 root        1  20    0  224M 34076K nanslp  0  10:02  0.00% php
      17042 root        1  20    0  224M 34084K nanslp  0  10:01  0.00% php
      19150 root        1  20    0  224M 34080K nanslp  3  9:59  0.00% php
      32829 root        1  20    0  224M 34080K nanslp  2  9:59  0.00% php
      41287 root        1  20    0  224M 34088K nanslp  1  9:59  0.00% php
      38403 root        1  20    0  224M 34048K nanslp  0  9:27  0.00% php
      38608 root        1  20    0  224M 34024K nanslp  3  9:26  0.00% php
      51207 root        1  20    0  224M 34016K nanslp  0  9:26  0.00% php
      81867 root        1  20    0  224M 34016K nanslp  3  9:25  0.00% php
      61068 root        1  20    0  224M 34048K nanslp  1  9:25  0.00% php
      4907 root        1  20    0  224M 34004K nanslp  2  9:24  0.00% php

      due to that my load is also much higher then normal. i never seen this before. started to see it after the upgrades.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well that must be from some package your running.. Maybe snort that I see your running..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          musicwizard
          last edited by

          @johnpoz:

          Well that must be from some package your running.. Maybe snort that I see your running..

          Yes i have snort running as wel as pfblocker.

          i disabled both now. snort still seems to be in the service list as running while its all stopped.
          WAN DISABLED AC-BNFA ENABLED DISABLED

          but i still see all the php.

          I did a restart of the router and they are all gone now. Lets see if it gets back or not.

          I did update pfblockerng like 2 or 3 times since 2.3 might be something got stuck or so.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            well did you reboot??  What I can tell you is I don't see any php running on my pfsense 2.3

            toppsense.png
            toppsense.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              musicwizard
              last edited by

              @johnpoz:

              well did you reboot??  What I can tell you is I don't see any php running on my pfsense 2.3

              Yes i just did a reboot. Might be a update of 1 of the plugins that caused this because i never had it before 2.3 like this.


              this is a image as you see it increases the processes starting about
              16-04-2016

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                update 1?  You mean 2.3_1 that was a ntpd update… Yes I am running it..  You have some package doing it plain and simple..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • M
                  musicwizard
                  last edited by

                  @johnpoz:

                  update 1?  You mean 2.3_1 that was a ntpd update… Yes I am running it..  You have some package doing it plain and simple..

                  i guessed as much yes
                  the only packages i have are

                  Cron
                  openvpn-client-export
                  pfBlockerNG.
                  Service_Watchdog
                  snort security

                  the one that got updated a few times is PFblocker.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Well I can tell you the packages that I have that match yours are not doing it ;)

                    I have the following packages..

                    packages.png
                    packages.png_thumb

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator
                      last edited by

                      Run the following commands:

                      For Snort, you should see one process per defined Snort Interface(s):

                      ps auxww | grep snort
                      

                      For pfBlockerNG, There should only be two processes (only if DNSBL is enabled):

                      ps auxww | grep pfb
                      root    39809   0.0  0.2  40364   6680  -  S    29Apr16     1:15.90 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
                      root    40773   0.0  0.4 251152  12880  -  S    29Apr16     3:30.45 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
                      

                      Need to do a process of elimination… Disable package services. Reboot... check if you still have the issue.... then add one package .... rinse and repeat ...

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      1 Reply Last reply Reply Quote 0
                      • M
                        musicwizard
                        last edited by

                        @BBcan177:

                        Run the following commands:

                        For Snort, you should see one process per defined Snort Interface(s):

                        ps auxww | grep snort
                        

                        For pfBlockerNG, There should only be two processes (only if DNSBL is enabled):

                        ps auxww | grep pfb
                        root    39809   0.0  0.2  40364   6680  -  S    29Apr16     1:15.90 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
                        root    40773   0.0  0.4 251152  12880  -  S    29Apr16     3:30.45 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
                        

                        Need to do a process of elimination… Disable package services. Reboot... check if you still have the issue.... then add one package .... rinse and repeat ...

                        i see there are 2 php processes again.

                        disabling and rebooting each times costs way to much time that my network/server would be offline.

                        as i said i never had the problem before 2.3_1 and i also never changed packaged still the same setting/packages.

                        Problem is it takes a while before it shows it self again.

                        and i rather dont run it without those 2 packages.

                        ps auxww | grep snort
                        root    99802  19.4  5.6  877940 460720  -  Ss    3:27PM   27:43.56 /usr/local/bin/snort -R 46905 -D -l /var/log/snort/snort_igb146905 --pid-path /var/run --nolock-pidfile -G 46905 -c /usr/local/etc/snort/snort_46905_        igb1/snort.conf -i igb1
                        root    63597   1.2  8.1 1326116 670292  -  Is    3:33PM   12:11.00 /usr/local/bin/snort -R 19237 -D -l /var/log/snort/snort_igb019237 --pid-path /var/run --nolock-pidfile -G 19237 -c /usr/local/etc/snort/snort_19237_        igb0/snort.conf -i igb0
                        root    42264   0.0  0.0   18740   2244  0  S+   10:46PM    0:00.00 grep snort
                        
                        
                        root    28722   0.0  0.4  229204  33084  -  S     9:47PM    0:03.15 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
                        root    28771   0.0  0.4  229204  33104  -  S     9:47PM    0:03.16 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
                        root    91567   0.0  0.1   44340   6220  -  S     3:25PM    0:00.88 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
                        root    78542   0.0  0.0   18740   2240  0  S+   10:47PM    0:00.00 grep pfb
                        

                        When i update pfblocker and use reload all.
                        i see a PHP process pop up and once the reload is done its gone again.

                        is it possible the php's one are stray ones that didn't want to close/end correctly?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.