Hello guys!
I have a big problem after changing the hardware my Sophos UTM was installed on, (Home license) and I could use your help please.
I have been running a Home license UTM for many years now on a Dell machine running an i3-4130 CPU, 8GB Ram and a 100 GB 2.5" HDD
Everything was being smooth, CPU usage usually at 1%, Ram usage about 30%, no problem whatsoever
Recently I acquired a decommissioned firewall appliance (more details on this later, if problems are solved I will post it in the Hardware section for compatible devices)
This appliance, as far as I understand, is quite similar to Sophos SG 125 (Intel Atom c2358). It also has 4GB of Ram and a new 120GB Kingston msata SSD.
So, my Dell machine was installed a few years back and has been over these years upgraded to the latest UTM version (9.703-3 at the moment). For the new appliance, I downloaded the same version, performed a clean installation and booted it with a USB stick containing the latest backup. It came up with all the settings in place, no issues there. I also copied all logs from var/log to the new disk so that I have the logs (I know they are not really necessary but I wanted them just because)
The problem is that this new appliance is constantly running at 98% CPU. The below are operating on the UTM:
|
I expected that the Atom CPU is not a match to the i3, but I was expecting it to be around 20-30% utilization, not a 100%. So started searching a bit and for starters the problem I saw was
utm postgres[14402]: [3-1] FATAL: database "reporting" does not exist
I started searching a bit, found about rebuilding the database but it did no good. After digging a bit more, I realized that, when a few years back, posgresql was changed to 64bit, I never converted it on my old UTM to 64bit and the backup file I restored was from a machine running the 32bit version (not sure if this is a problem, though). In any case I found instructions to create /var/log/reporting/pgsql92 and /var/storage/pgsql92 folders, changed permissions, restarted the postgresql service but I still have the above FATAL error
I even thought that I screwed up when I copied the old logs and had to change some permissions, so I performed a reset of the configuration and started again from scratch (using the backup file to restore configuration) with no logs at all. The problem is still there
I also disabled IPS and Web Filtering, but CPU usage stays the same (which is strange..)
The result of all this is that:
- CPU is always at 98% (don't know if the usage will drop if/when this is fixed, hope it will). The little sunon 40mm fan is really annoying at this high usage.
- I also got a few emails about RRD cache daemon not running - restarted
- Reporting is not working at all
- System messages log has grown to about 100MB in just 8-9 hours which is certainly not good (a lot of writes, also smart reports temperature of SSD at 50C)
Any help is greatly appreciated guys! Below is a snapshot of top in case it helps:
This thread was automatically locked due to age.