This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG125 higher than normal CPU usage since upgrading to 9.713-19

Hi there, since upgrading to 9.713-19 it appears that one of our smaller UTM's, an SG125, has begun exhibiting higher than normal CPU usage.

CPU usage comes in spikes, while memory is constantly above 60%

SUM 4 monitor also has a warning that "projected load average trend shows major increase of 75%"

Shortly afterwards we noticed that the office using this UTM began struggling with internet connectivity due to packet losses.

We've engaged with the ISP and the line seems to be OK, so this leads me to suspect that the UTM is to blame.

What strikes me as odd is that the UTM isn't very busy, i.e. there's barely anyone in the office, and it has been fine with a full office several times a month.

Is there any way to determine whether a recently updated component is causing this? I've disabled IPS, QoS and Port Scan detection. WAF is not used, nor is email protection.

I'm at a loss and would appreciate any guidance. Thanks.

Kind regards,

Byron.



This thread was automatically locked due to age.
Parents
  • Hi Byron,

    Please copy here what you see when you run top at the command line.

    Although we might be able to resolve this here, I would have your reseller open a case with Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Byron,

    Please copy here what you see when you run top at the command line.

    Although we might be able to resolve this here, I would have your reseller open a case with Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    Here's screenshot of the top results:

    Postgres seems to spike the CPU every so often, but otherwise seems to be mostly confd.plx <defunct>, httpproxy and acc-agent.plx.

  • Does a reboot get the system to settle down?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    It turns out that the UTM is not at fault for our packet loss situation, but rather a faulty switch that has been tricky to isolate.

    While the UTM does exhibit higher load levels than previously, this does not seem to be causing any major issues.

    Rebooting the UTM only seems to provide temporary improvement.

    I also noted the following two processes with high CPU utilisation popping up every once and a while:

    create_rdd_grap
    rddtool

    Kind regards,

    Byron