This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RAM Usage is High

Hi,

RAM Usage is high for a week or so.

The only configuration in UTM is IPS, Web filtering and IPS.

Please see image below:



This thread was automatically locked due to age.
  • What does the process list show you?  Can you post it?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • No, I mean can you copy all the text and paste in here as code or something, you have less than half a list there.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Sorry, My bad.

    Here's the process list.

    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         2  0.0  0.0      0     0 ?        S    Feb16   0:00 [kthreadd]
    root         3  0.0  0.0      0     0 ?        S    Feb16   0:30  \_ [ksoftirqd/0]
    root         4  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [kworker/0:0]
    root         5  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/0:0H]
    root         7  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [migration/0]
    root         8  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [rcu_bh]
    root         9  0.0  0.0      0     0 ?        S    Feb16   0:11  \_ [rcu_sched]
    root        10  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [migration/1]
    root        11  0.0  0.0      0     0 ?        S    Feb16   0:16  \_ [ksoftirqd/1]
    root        12  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [kworker/1:0]
    root        13  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/1:0H]
    root        14  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [migration/2]
    root        15  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [ksoftirqd/2]
    root        16  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [kworker/2:0]
    root        17  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/2:0H]
    root        18  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [migration/3]
    root        19  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [ksoftirqd/3]
    root        20  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [kworker/3:0]
    root        21  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/3:0H]
    root        22  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [khelper]
    root       133  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [writeback]
    root       136  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [bioset]
    root       137  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [crypto]
    root       139  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kblockd]
    root       289  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [khubd]
    root       297  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [edac-poller]
    root       394  0.0  0.0      0     0 ?        S    Feb16   0:17  \_ [kworker/0:1]
    root       412  0.0  0.0      0     0 ?        S    Feb16   0:02  \_ [kswapd0]
    root       477  0.0  0.0      0     0 ?        SN   Feb16   0:02  \_ [khugepaged]
    root       478  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [fsnotify_mark]
    root      1125  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [deferwq]
    root      1184  0.0  0.0      0     0 ?        S    Feb16   0:29  \_ [kworker/1:1]
    root      1213  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [nvme]
    root      1228  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ata_sff]
    root      1246  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [scsi_eh_0]
    root      1249  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [scsi_eh_1]
    root      1252  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [scsi_eh_2]
    root      1255  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [scsi_eh_3]
    root      2202  0.0  0.0      0     0 ?        S<   Feb16   0:02  \_ [kworker/0:1H]
    root      2211  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/3:1H]
    root      2273  0.0  0.0      0     0 ?        S    Feb16   0:06  \_ [kworker/3:2]
    root      2466  0.0  0.0      0     0 ?        S    Feb16   0:01  \_ [jbd2/sda6-8]
    root      2467  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ext4-rsv-conver]
    root      2468  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/2:1H]
    root      2472  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [kworker/1:1H]
    root      2718  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ixgbe]
    root      2739  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [kworker/2:2]
    root      2975  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [jbd2/sda1-8]
    root      2976  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ext4-rsv-conver]
    root      2977  0.0  0.0      0     0 ?        S    Feb16   0:01  \_ [jbd2/sda5-8]
    root      2978  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ext4-rsv-conver]
    root      2979  0.0  0.0      0     0 ?        S    Feb16   0:01  \_ [jbd2/sda7-8]
    root      2980  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ext4-rsv-conver]
    root      2981  0.0  0.0      0     0 ?        S    Feb16   0:00  \_ [jbd2/sda8-8]
    root      2982  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [ext4-rsv-conver]
    root      4322  0.0  0.0      0     0 ?        S<   Feb16   0:00  \_ [redd]
    root     26835  0.0  0.0      0     0 ?        S    07:12   0:04  \_ [kworker/u8:2]
    root     30857  0.0  0.0      0     0 ?        S    07:26   0:00  \_ [kworker/u8:0]
    root         1  0.0  0.0   3976   592 ?        Ss   Feb16   0:01 init [3]              
    root      2531  0.0  0.0   5184   360 ?        S<s  Feb16   0:00 /sbin/udevd --daemon
    root      4694  0.0  0.0   5180   204 ?        S<   Feb16   0:00  \_ /sbin/udevd --daemon
    root      4695  0.0  0.0   5180   208 ?        S<   Feb16   0:00  \_ /sbin/udevd --daemon
    root      3337  0.0  0.0   3988   588 ?        S    Feb16   0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
    200       3350  0.0  0.0   4660   208 ?        Ss   Feb16   0:00 /bin/dbus-daemon --system
    201       3580  0.0  0.0  17180  1516 ?        Ssl  Feb16   0:00 /usr/sbin/hald --daemon=yes
    root      3581  0.0  0.0   5900   764 ?        S    Feb16   0:00  \_ hald-runner
    root      3603  0.0  0.0   8456   564 ?        S    Feb16   0:00      \_ hald-addon-input: Listening on /dev/input/event0
    201       3620  0.0  0.0   8164   820 ?        S    Feb16   0:00      \_ hald-addon-acpi: listening on acpid socket /var/run/acpid.s
    root      3659  0.0  0.0   8300  3496 ?        Ss   Feb16   0:10 /sbin/haveged -w 1024 -v 0
    root      3683  0.0  0.3  59712 22024 ?        Ss   Feb16   0:18 confd [master]
    root      3684  0.0  0.0   3956   524 ?        S    Feb16   0:00  \_ logger -p daemon.debug -t confd[3683]
    root      3798  0.0  0.2  59404 14760 ?        S    Feb16   0:09  \_ confd [listener]
    root      4598  0.0  0.3  59404 18828 ?        S    07:55   0:00      \_ confd [worker:prpc:webadmin]
    root      6836  0.4  0.5  72780 35792 ?        S    08:03   0:05      \_ confd [worker:prpc:webadmin]
    root     11176  0.0  0.0   4776   952 ?        R    08:25   0:00      |   \_ ps auxwf
    root     11123  0.5  0.0      0     0 ?        Z    08:25   0:00      \_ [confd.plx] <defunct>
    root      3698  0.0  0.0   3956   524 ?        Ss   Feb16   0:00 /usr/local/bin/confd-queuer
    root      3710  0.0  0.0  10216  4068 ?        Ss   Feb16   0:02 confd-qrunner.pl
    root      3727  0.0  0.0  11040  3344 ?        S    Feb16   0:22 /usr/local/bin/sysmond
    root      3764  0.0  0.0  19428  5768 ?        S    Feb16   0:00 /var/aua/aua.bin
    root      3765  0.0  0.0   3956   200 ?        S    Feb16   0:00  \_ logger -p daemon.debug -t aua[3764]
    root      9465  0.0  0.0      0     0 ?        Z    08:17   0:00  \_ [aua.bin] <defunct>
    root      4011  0.0  0.0  16056  4320 ?        S    Feb16   0:00 /usr/local/bin/notifier.plx -d
    rrdcache  4064  0.0  0.0 111016  1292 ?        Ssl  Feb16   0:06 /usr/bin/rrdcached -l unix:/var/run/rrdcached/socket -m 777 -b /var
    at        4095  0.0  0.0   4404   224 ?        Ss   Feb16   0:00 /usr/sbin/atd
    postgres  4160  0.0  0.9 1137388 56016 ?       S    Feb16   0:03 /usr/pgsql92-64/bin/postgres -D /var/storage/pgsql92/data
    postgres  4162  0.0  4.8 1138060 292304 ?      Ss   Feb16   0:05  \_ postgres: checkpointer process                           
    postgres  4163  0.0  0.1 1137904 7308 ?        Ss   Feb16   0:00  \_ postgres: writer process                                 
    postgres  4164  0.0  0.2 1137904 17104 ?       Ss   Feb16   0:10  \_ postgres: wal writer process                             
    postgres  4165  0.0  0.0 1139004 1868 ?        Ss   Feb16   0:03  \_ postgres: autovacuum launcher process                    
    postgres  4166  0.0  0.0  26932   596 ?        Ss   Feb16   0:00  \_ postgres: archiver process   last was 000000010000004B000000F9
    postgres  4167  0.0  0.0  27208   912 ?        Ss   Feb16   0:09  \_ postgres: stats collector process                        
    postgres  5582  0.0  0.1 1141392 6264 ?        Ss   Feb16   0:00  \_ postgres: smtp smtp 127.0.0.1(47317) idle                
    postgres  5671  0.0  0.3 1141480 19520 ?       Ss   Feb16   0:01  \_ postgres: smtp smtp 127.0.0.1(47319) idle                
    postgres 22623  0.0  0.0 1141292 5092 ?        Ss   03:03   0:00  \_ postgres: smtp smtp [local] idle                         
    postgres 22626  0.0  0.0 1141292 5096 ?        Ss   03:03   0:00  \_ postgres: smtp smtp [local] idle                         
    postgres 22630  0.0  0.7 1145120 43896 ?       Ss   03:03   0:00  \_ postgres: reporting reporting [local] idle               
    postgres 22632  0.0  0.0 1141300 4772 ?        Ss   03:03   0:00  \_ postgres: reporting reporting [local] idle               
    postgres 22655  0.0  0.0 1141396 5756 ?        Ss   03:03   0:00  \_ postgres: hotspot hotspot [local] idle                   
    postgres 22666  0.0  0.4 1144144 29068 ?       Ss   03:03   0:04  \_ postgres: reporting reporting [local] idle               
    postgres 22679  0.0  0.0 1141396 5756 ?        Ss   03:03   0:00  \_ postgres: hotspot hotspot [local] idle                   
    postgres 22909  0.0  0.0 1141312 5328 ?        Ss   03:04   0:00  \_ postgres: sandbox sandbox [local] idle                   
    postgres 22910  0.0  0.0 1141392 6020 ?        Ss   03:04   0:00  \_ postgres: sandbox sandbox [local] idle                   
    postgres  7860  0.0  0.1 1141456 7524 ?        Ss   08:08   0:01  \_ postgres: smtp smtp 127.0.0.1(55732) idle                
    root      4259  0.5  3.4 234820 210752 ?       S    Feb16   7:18 /var/mdw/mdw.plx
    root      4265  0.0  0.0   3956   520 ?        S    Feb16   0:00  \_ logger -p daemon.debug -t middleware[4259]
    root      4696  0.0  0.0   5008     0 ?        Ss   Feb16   0:00  \_ /bin/bash /bin/DSL.sh eth1#REF_IntPppPldt15mbps 5
    root      4701  0.0  0.0   4876   144 ?        S    Feb16   0:00      \_ /usr/sbin/pppd-pppoe call REF_IntPppPldt15mbps ipparam eth1
    root      4286  0.0  0.0   3980   364 ?        Ss   Feb16   0:00 runsvdir -P /etc/service log: .....................................
    root      4293  0.0  0.0   3836   208 ?        Ss   Feb16   0:00  \_ runsv selfmonng
    root      4297  0.4  0.0  13780  4400 ?        S    Feb16   7:01  |   \_ /usr/local/bin/selfmonng.plx
    root      4326  0.0  0.0  13500   924 ?        S    Feb16   0:00  |       \_ [timewarp check]
    root      2750  0.0  0.0   3836   244 ?        Ss   07:44   0:00  \_ runsv snort-00
    snort     2752  0.0  1.1  88528 70492 ?        S<l  07:44   0:00  |   \_ /sbin/snort -M -Q -c /etc/snort/snort.conf -K none -P 65535
    root      2751  0.0  0.0   3836   248 ?        Ss   07:44   0:00  \_ runsv snort-01
    snort     2753  0.0  1.1  88528 71248 ?        S<l  07:44   0:00      \_ /sbin/snort -M -Q -c /etc/snort/snort.conf -K none -P 65535
    root      4287  0.0  0.0   4484   640 tty1     Ss+  Feb16   0:00 /sbin/mingetty --no-hostname tty1
    root      4288  0.0  0.0   4484   632 tty2     Ss+  Feb16   0:00 /sbin/mingetty --no-hostname tty2
    root      4289  0.0  0.0   4484   632 tty3     Ss+  Feb16   0:00 /sbin/mingetty --no-hostname tty3
    root      4290  0.0  0.0   4484   632 tty4     Ss+  Feb16   0:00 /sbin/mingetty --no-hostname tty4
    root      4291  0.0  0.0   4204   588 ttyS0    Ss+  Feb16   0:00 /sbin/mingetty ttyS0
    root      4769  0.0  0.0   3964   484 ?        Ss   Feb16   0:00 /usr/local/bin/nwd
    root      4861  0.0  0.1  14516  7672 ?        Ss   Feb16   0:48 dns-resolver.plx
    root      4868  0.1  1.2 106456 73220 ?        Ssl  Feb16   2:29 /usr/sbin/named -4
    root      4904  0.0  0.0   4424   748 ?        Ss   Feb16   0:00 /usr/sbin/cron
    root      5139  0.0  0.0   5856   204 ?        S    Feb16   0:00 supervising syslog-ng                     
    root      5140  0.0  0.0  11176  4936 ?        Ss   Feb16   0:53  \_ /usr/sbin/syslog-ng -f /etc/syslog-ng.conf
    root     22593  0.0  0.2  19724 13768 ?        S    03:03   0:03      \_ /usr/bin/perl /usr/local/bin/reporter/pfilter-reporter.pl
    root     22594  0.0  0.2  20272 14340 ?        S    03:03   0:01      \_ /usr/bin/perl /usr/local/bin/reporter/admin-reporter.pl
    root     22595  0.0  0.0  31184  1380 ?        Sl   03:03   0:00      \_ /usr/local/bin/reporter/vpn-reporter.pl
    root     22596  0.0  0.0  31832  1828 ?        Sl   03:03   0:00      \_ /usr/local/bin/reporter/websec-reporter.pl
    root     22597  0.0  0.2  18760 12668 ?        S    03:03   0:02      \_ /usr/bin/perl /usr/local/bin/reporter/mailsec-reporter.pl
    root     22598  0.0  0.2  18848 12780 ?        S    03:03   0:01      \_ /usr/bin/perl /usr/local/bin/reporter/ips-reporter.pl
    root     22599  0.0  0.0  30560  1400 ?        Sl   03:03   0:00      \_ /usr/local/bin/reporter/websec-reporter.pl -e
    root     22600  0.0  0.0   4304   756 ?        S    03:03   0:11      \_ /usr/local/bin/reporter/waf-reporter
    810       5343  0.0  1.0 136748 61992 ?        Ss   Feb16   0:27 /var/chroot-http/opt/ws/bin/urid --chroot /var/chroot-http --user 8
    root      5546  0.1  0.5  78672 32440 ?        Ss   Feb16   1:31 smtpd [master]
    root      5579  0.0  0.4  42760 26328 ?        S    Feb16   0:06  \_ smtpd [queue manager]
    root      5580  0.0  0.4  42488 25512 ?        S    Feb16   0:00  \_ smtpd [sandbox_watcher]
    smtp      5670  0.0  0.0  11620  3020 ?        S    Feb16   0:00  \_ /bin/exim -DINPUT -bdf
    root      6252  0.0  0.0   8412  1236 ?        Ss   Feb16   0:00 /usr/libexec/postfix/master -w
    postfix   9797  0.0  0.0   8532  2172 ?        S    08:18   0:00  \_ qmgr -l -t unix -u -c
    postfix   9798  0.0  0.0   8476  2156 ?        S    08:18   0:00  \_ pickup -l -t unix -u -c
    root      6314  0.0  0.0   9768  3184 ?        Ss   Feb16   0:00 /usr/sbin/dhcpd -cf /etc/dhcpd.conf eth4 eth5 eth7 eth6
    root      6370  0.0  0.0   9136  1076 ?        Ssl  Feb16   0:00 /usr/local/bin/service_monitor
    root     28798  0.0  0.1  18352  7408 ?        Ss   Feb16   0:00 /usr/local/bin/uma.plx
    root      3804  0.0  0.0   7188  2596 ?        Ss   07:49   0:00  \_ /usr/bin/ssh -o UserKnownHostsFile=/tmp/uma_known_hosts -o Serv
    root      4601  0.0  0.0   7728  3100 ?        S    07:55   0:00  \_ /usr/bin/ssh -o UserKnownHostsFile=/tmp/uma_known_hosts -o Serv
    root     22657  0.0  0.0  34696  2576 ?        S<sl 03:03   0:03 /usr/sbin/ulogd -c /etc/ulogd.conf -d
    afcd     26423  0.0  0.4  73296 28456 ?        S<sl 07:11   0:01 /usr/sbin/afcd
    root     26825  0.0  0.0   7572   960 ?        Ss   07:12   0:00 /usr/sbin/sshd -f /etc/ssh/sshd_config
    root      9450  0.0  0.0   8112  3368 ?        Ss   08:17   0:00  \_ sshd: loginuser [priv]                   
    100       9478  0.0  0.0   8112  1840 ?        S    08:17   0:00      \_ sshd: loginuser@pts/0                    
    100       9496  0.0  0.0   7104  2048 pts/0    Ss   08:17   0:00          \_ -bash
    root      9734  0.0  0.0   6428  1272 pts/0    S    08:18   0:00              \_ su
    root      9777  0.0  0.0   7088  2152 pts/0    S    08:18   0:00                  \_ bash
    root      9800  0.2  0.0   4764  1100 pts/0    S+   08:18   0:00                      \_ top
    810      27336  0.9 14.9 1256304 909124 ?      Ssl  07:14   0:41 /var/chroot-http/usr/bin/httpproxy -f -c /var/chroot-http -u httppr
    root     29602  0.0  0.0  12420  2992 ?        Ss   07:21   0:00 /bin/httpd -f /etc/httpd/httpd.conf
    root     29604  0.0  0.0   3956   432 ?        S    07:21   0:00  \_ /bin/logger -t httpd -p local6.notice
    wwwrun   29605  0.0  0.0  12332  1668 ?        S    07:21   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    wwwrun   29610  0.4  1.3  95288 82528 ?        S    07:21   0:17  |   \_ /var/webadmin/webadmin.plx
    wwwrun   10605  0.3  0.0  12664  3988 ?        S    08:23   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    wwwrun   11151  0.7  0.0  12564  3680 ?        S    08:25   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    wwwrun   11155  0.5  0.0  12564  3656 ?        S    08:25   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    root     32197  0.0  0.0  15780   928 ?        Ss   07:33   0:00 /sbin/ntpd
    root     32751  0.0  0.1  12240  8264 ?        S    07:35   0:00 /usr/local/bin/ipsfb
    root       328  0.0  0.0   6504  1708 ?        Ss   07:36   0:00 /usr/sbin/irqd
  • Your httpproxy looks a bit high, hah.  Are you using web caching?  Or have you done the local db load command some time ago?

    I forget the complete command, but something like:  cc set http sc_local_db [mem or disk, etc]?

    You are a couple of revisions behind as well, I don't recall any httpproxy fixes in them, but it might be good to update to 9.708, then .709.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)