Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 26 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 5977 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home VM v20 - Snort using all CPU with some random trigger

Bryan Lucas

I've seen similar topics here, but none seem to quite work.  XG Home VM, v20, with a pretty minimal ruleset.  I'm really the only person on my home network.  At some random times the VM will go to 90-100% CPU usage and stay there.  This has happened at 2 in the morning when nothing is really being used.  Traffic through the XG will usually stop flowing when this happens.  TOP shows that snort is the top process on both CPUs when this happens, followed by conntrack.  If I drop the snort service, I regain about 50% of my CPU.  The only thing that actually fixes the issue for a time is to use the console to purge logs and reboot.

I'm about at the point where I just want to rebuild from scratch, as I can't pin down the event that causes this.  Any advice?



This thread was automatically locked due to age.
  • 0

    Does the pattern of IPS are updated? Check the pattern update at that time. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Nope, pattern updates were performed several hours after the issue occurred and was temporarily resolved.  Also the 100% CPU condition remains until I manually solve it, so a pattern update shouldn't completely tank the FW...

  • 0 in reply to Bryan Lucas

    Hi,

    is v20 your first installation of XG?

    What version of VM are you using?

    Do you have the resources locked to the XG?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    v20 is an upgrade, and I've upgraded MANY times. I believe the XG Home download is still v19.

    Unfortunately I have to stick with VMWare 6.7, as the R610 I have isn't compatible with newer versions.

    The server is reasonably beefy.  two hexcore xeon e5640s, 128GB mem, more than enough storage.  As locked as they can be, yes.  My mem never fluctuates but is reserved at its max, and I have more than enough CPU bandwidth reserved.

  • 0 in reply to Bryan Lucas

    Hi,

    thank you for the information. V20 is available for all that want to download it. Please check the v20 GA notification page, also you should be able to request an upgrade from the XG GUI firmware page.

    You locked 4CPUs and 6gb of ram?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Confused about your first paragraph.  Yes, I'm on v20, but it's nowhere near a new install.

    I'll be honest - I've always had 2 CPUs allocated to the XG.  I can increase to 4, but I'm not sure what positive effect that will have.

  • 0 in reply to Bryan Lucas

    My response is in answer to your statement about home users only having access to v19.

    CPUs assignment is not the issue, it really is about CPU cycles available to the XG in the VM partition.

    Does top show snort consuming one CPU?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Was the user cpu 100% or system CPU ?

    Can you please provide top output, ips.log, and syslog.log logs when the issue occurs?

    If possible can you please share access details with us so we can analyze your device?

  • 0 in reply to NileshPatel

    Good question - didn't check before clearing the logs.  Only saw the mem usage on my vmware console.  Will make sure to check.  Will grab TOP output if this happens again.  Unsure what you'd like for access details.

  • 0 in reply to Bryan Lucas

    Hi,

    they need the access code in the Diagnostic tag in the GUI - support access.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML