This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

High CPU usage since 2:20 this night

Hello,

I already contacted Sophos Support and now I am waiting for the callback from the senior engineers.

However, I also don't find it wrong to ask here.

I am having 100% usage if I enable the internet connection. We are using a LTE modem (modem, not router). While the connection is started, the whole GUI is extremely laggy, takes sometimes 1-2 Minutes to switch between pages. And basically only disabling the WAN interface and the webadmin interface is almost instantly responsive. 100% CPU usage remains a while, and it also goes down by itself after a while.

Now, I called my ISP, and asked them if there are some issues known, and they told me they "see something, but can't tell me exactly what". And told me basically to wait till tomorrow and see if it's better.

I am also ruling out a firewall overload. We have around 10-15 SSL remote access users, a site to site and RED. Firewall usage is usually between 30-50%. Logs reflect that too.

Sophos Support said it might be that, but it also might be hardware. Even maybe something else. They are now consulting with senior engineers.

Is there something I can do on the firewall to ascertain the cause of the issue?

I already checked top and atop, and there are only weird entries like USER "nobody" and command "HTTPD". Those take 10% and more, and there are more than one. Here are screenshots of those.

Can you make something of this?

Thank you



This thread was automatically locked due to age.
Parents
  • I already checked top and atop, and there are only weird entries like USER "nobody"

    I wouldn't worry about this user, that is a common special group for security in Linux.  As far as your other issues, I don't know, as I am not that versed in the advanced side of things in UTM.  I know we had a post about something similar to his a month or two ago here that I am trying to find and link in case it had any results.  There were several people that posted that had this happen all around the same date/time.

    I saw my UTM do this in my own home environment because of a bad MiniGBIC port on a switch that was connected back to my core switch.  For whatever the reason when I rebooted the switches, that connectivity would cause my UTM to spin up something crazy, and you could hear all of my fans in the UTM kicking up.  Disconnecting that GBIC brought it back down, so I replaced the switch and haven't had a problem since then.

    Edit:  This is the post I was thinking of, but may not be your issue.  I don't see rrdtool on your screenshots:  rrdtool high cpu usage - General Discussion - UTM Firewall - Sophos Community

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Thank you. My problem is httpd apparently. Multiple instances which consume lot of CPU. That is also visible in ps aux.

    And that only when I connect our LTE. Doesn't happen with our 2nd ISP connection, which is DSL (both are static IP LAN connections).

Reply
  • Thank you. My problem is httpd apparently. Multiple instances which consume lot of CPU. That is also visible in ps aux.

    And that only when I connect our LTE. Doesn't happen with our 2nd ISP connection, which is DSL (both are static IP LAN connections).

Children
No Data