This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SASI high CPU usage

Hi there!

I'm currently running on SFVH (SFOS 19.5.0 GA-Build197) and notice a very high CPU usage caused by the SASI service. I tried to turn off Anti-Spam in my E-Mail profile, but it didn't change.

TOP:

Control Center:

The only thing I could find was a periodic error while trying to download some Checksums (?) in the sasi.log:

Any ideas? Did anyone observe anything similar? Maybe even a fix?

Regards,

Patrick

This thread was automatically locked due to age.

Top Replies

emmosophos 9 months ago in reply to Patrick Wolfensberger +1

Hello Patrick, Once you have the Case ID please share it with us so we can follow up. Regards,

Parents

0 JanosRapcsak 9 months ago

Hi Patrick,

can you please check if automatic pattern updates are turned on under "Backup & firmware / Pattern updates / Pattern download/installation"?
Cancel
Vote Up 0 Vote Down

Cancel
0 Patrick Wolfensberger 9 months ago in reply to JanosRapcsak

Hello Janos

Yes, those updates are turned on:
Cancel
Vote Up 0 Vote Down

Cancel
0 JanosRapcsak 9 months ago in reply to Patrick Wolfensberger

OK, then please raise a support case as suggested by Mayur to get this investigated.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos 9 months ago in reply to Patrick Wolfensberger

Hello Patrick,

Once you have the Case ID please share it with us so we can follow up.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel
0 Patrick Wolfensberger 8 months ago in reply to emmosophos

I would open up a case, but due to my Home-License, this channel here is my only way to get help. So yea, I might be stuck with it. Sad for the otherwise good product...
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk 8 months ago in reply to Patrick Wolfensberger

Hi Patrick,

please try performing a restart.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 bobbylam 8 months ago in reply to Patrick Wolfensberger

If you can enable support access & share the access ID, we can take a look at the problem for you as well.
Cancel
Vote Up 0 Vote Down

Cancel
0 Patrick Wolfensberger 8 months ago in reply to bobbylam

Who do I have to share the access ID with?
Cancel
Vote Up 0 Vote Down

Cancel
0 bobbylam 8 months ago in reply to Patrick Wolfensberger

Hi Patrick,

You can share it with JanosRapcsak , he can help take a look at this issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 JanosRapcsak 8 months ago in reply to bobbylam

Hi,

Patrick's system fails to access SASI DB checksum files on sasi.sophosupd.com. When this happens, the system's CPU starts to spin until reaching a timeout, but then (after 140 seconds) it tries again.

I've asked Patrick to check whether a firewall rule or another network device blocks that.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk 8 months ago in reply to JanosRapcsak

Hi,

your answer does cause me some concern. A user firewall rule is capable of blocking traffic that is not recorded in any report and would not not show up in the log viewer review of that firewall rule.

The traffic does not show up in daily WAN usage so how is a user supposed to identify a failure?

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Patrick Wolfensberger 8 months ago in reply to rfcat_vk

Hi there

I replied to Janos yesterday. My Sophos firewall is directly connected to my ISP without any active network device in between. I noticed however that trying to download the SASI DB checksum via terminal (curl command) and force it to use IPv4 (curl -ipv4), it works fine every time. If I force it to use IPv6 (curl -ipv6) it fails most of the time (curl gets stuck and has t obe aborted). Ping and Traceroute to the SASI server however work for both IPv4 and IPv6 directly from the firewall's terminal.

Regards, Patrick
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Patrick Wolfensberger 8 months ago in reply to rfcat_vk

Hi there

I replied to Janos yesterday. My Sophos firewall is directly connected to my ISP without any active network device in between. I noticed however that trying to download the SASI DB checksum via terminal (curl command) and force it to use IPv4 (curl -ipv4), it works fine every time. If I force it to use IPv6 (curl -ipv6) it fails most of the time (curl gets stuck and has t obe aborted). Ping and Traceroute to the SASI server however work for both IPv4 and IPv6 directly from the firewall's terminal.

Regards, Patrick
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data