Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 2517 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos SGG290] CPU 100% and log disk space too

RaphaelleB

Hello,

Our client is currently experiencing a problem.

His Sophos SG290 has a CPU and log disk problem at 100% continuously.

I have found people who talk about this and how to solve it: https://community.sophos.com/utm-firewall/f/management-networking-logging-and-reporting/33301/asg320-disk-space-full-and-100-cpu-load

i can't find the last one :

/var/storage/pgsql/init/reporting_db_init.sh

 

And I would like to know how is it possible to know the reason for such a large generation of logs as we had already done the log deletion a short time ago.

Because there is nothing on logs that can explain this (no DDOS...). 

This only solved the problem temporarily.

 

Here is my open case : 

04327429
Can you help me to find where is the problem ?
Regards.


This thread was automatically locked due to age.
Parents
  • 0

    Salut Raphaëlle and welcome to the UTM Community!

    What non-zero file sizes do you see when you enter the following command at the command line?

         ll /var/log/*.log|sort -n

    What processes do you see taking  so much CPU when you run top?

    Pictures or copied lines for both questions, please.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob :) 

    Here is the result of your command :

    customerfw:/var/log # ll /var/log/*.log|sort -n
-rw-r--r-- 1 root log 0 Aug 27 00:00 /var/log/aptp.log
-rw-r--r-- 1 root log 0 Aug 27 00:00 /var/log/boot.log
-rw-r--r-- 1 root log 0 Aug 27 00:00 /var/log/endpoint.log
-rw-r--r-- 1 root log 0 Aug 27 00:00 /var/log/html5vpn.log
-rw-r--r-- 1 root log 0 Aug 27 00:00 /var/log/login.log
-rw-r--r-- 1 root log 0 Aug 27 00:00 /var/log/reverseproxy.log
-rw-r--r-- 1 root log 1048576 Aug 27 16:37 /var/log/smtp.log
-rw-r--r-- 1 root log 10771 Aug 27 16:25 /var/log/uma.log
-rw-r--r-- 1 root log 1077248 Aug 27 16:37 /var/log/mdw-debug.log
-rw-r--r-- 1 root log 1110016 Aug 27 16:36 /var/log/selfmon.log
-rw-r--r-- 1 root log 114688 Aug 27 16:37 /var/log/httpd.log
-rw-r--r-- 1 root log 1253376 Aug 27 16:37 /var/log/named.log
-rw-r--r-- 1 root log 13856768 Aug 27 16:37 /var/log/packetfilter.log
-rw-r--r-- 1 root log 13940 Aug 27 16:37 /var/log/logging.log
-rw-r--r-- 1 root log 1847296 Aug 27 16:37 /var/log/red.log
-rw-r--r-- 1 root log 192512 Aug 27 16:37 /var/log/afc.log
-rw-r--r-- 1 root log 196608 Aug 27 16:37 /var/log/rsyncd.log
-rw-r--r-- 1 root log 2510 Aug 27 16:09 /var/log/wireless.log
-rw-r--r-- 1 root log 2572288 Aug 27 16:37 /var/log/fallback.log
-rw-r--r-- 1 root log 258048 Aug 27 16:37 /var/log/mdw.log
-rw-r--r-- 1 root log 262144 Aug 27 16:37 /var/log/up2date.log
-rw-r--r-- 1 root log 2804 Aug 27 00:00 /var/log/sshd.log
-rw-r--r-- 1 root log 2818048 Aug 27 16:37 /var/log/ftp.log
-rw-r--r-- 1 root log 2977792 Aug 27 16:37 /var/log/confd.log
-rw-r--r-- 1 root log 299008 Aug 27 16:37 /var/log/kernel.log
-rw-r--r-- 1 root log 33480704 Aug 27 16:36 /var/log/confd-debug.log
-rw-r--r-- 1 root log 3461120 Aug 27 16:37 /var/log/high-availability.log
-rw-r--r-- 1 root log 3670016 Aug 27 16:37 /var/log/system.log
-rw-r--r-- 1 root log 36864 Aug 27 16:37 /var/log/aua.log
-rw-r--r-- 1 root log 385024 Aug 27 16:36 /var/log/notifier.log
-rw-r--r-- 1 root log 43438399488 Aug 27 16:37 /var/log/http.log
-rw-r--r-- 1 root log 454656 Aug 27 16:37 /var/log/ips.log
-rw-r--r-- 1 root log 686 Aug 27 06:39 /var/log/mg-agent.log
-rw-r--r-- 1 root log 712704 Aug 27 16:37 /var/log/webadmin.log
-rw-r--r-- 1 root log 81920 Aug 27 16:37 /var/log/dhcpd.log
-rw-r--r-- 1 root log 84365312 Aug 27 16:37 /var/log/openvpn.log

    And the result of top command : 

    top - 16:40:03 up 29 days, 14:33,  1 user,  load average: 4.59, 4.85, 4.88
Tasks: 181 total,   4 running, 174 sleeping,   0 stopped,   3 zombie
Cpu(s): 57.1%us, 31.2%sy,  0.0%ni,  2.7%id,  0.0%wa,  0.0%hi,  9.0%si,  0.0%st
Mem:   8090152k total,  7429644k used,   660508k free,   206912k buffers
Swap:  4194300k total,   867064k used,  3327236k free,  4273440k cached

  PID USER      PR  NI  VIRT  RES  SHR S   %CPU %MEM    TIME+  COMMAND
30274 httpprox  20   0 1708m 992m 5676 S     72 12.6   7154:16 httpproxy
 5733 root      20   0  702m 587m 2232 R     27  7.4   4475:52 syslog-ng
  846 snort     15  -5  147m 119m 1380 R     23  1.5 822:56.92 snort
 4873 root      15  -5 50664  36m  508 R     17  0.5   2266:36 conntrackd
10745 root      20   0 31832 1872 1380 S     10  0.0   0:01.39 websec-reporter
10705 root      19  -1 35720 4644 1236 S      7  0.1   0:01.50 ulogd
30246 httpprox  20   0  135m 112m  54m S      7  1.4 660:49.04 urid
 4208 root      20   0  280m 238m  804 S      6  3.0 900:30.90 oculusd
10797 root      20   0     0    0    0 Z      4  0.0   0:00.12 confd.plx <defunct>
 1880 afcd      19  -1 42208  17m 7576 S      3  0.2   0:40.75 afcd
10780 root      20   0 64160  21m 1656 S      1  0.3   0:00.02 confd.plx
 2299 root      20   0     0    0    0 S      0  0.0   3:24.88 kworker/0:0
 6043 root      20   0 32224 1864 1612 S      0  0.0   0:05.00 vpn-reporter.pl
    1 root      20   0  3976  536  508 S      0  0.0   0:22.06 init

    Thank you for your help.

    Regards,

  • 0 in reply to RaphaelleB

    I asked the customer why the CPU is not 100% like last time, he told me that the CPU has random spikes. So it is not 100% all the time. Here is a picture of the spikes in question:

Reply Children
No Data
Unfiltered HTML