This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Postgres errors filling logs, high cpu load

Hi there,

I realized, that our Firewalls are very slow due to CPU load of 97%-99% caused by filling-up system-log with postgres errors:

...

2016:07:26-15:14:40 firewall-1 postgres[30097]: [3-1] ERROR: function ins_websecurity(unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, integer, integer, integer, bigint) does not exist at character 8

2016:07:26-15:14:40 firewall-1 postgres[30097]: [3-2] HINT: No function matches the given name and argument types. You might need to add explicit type casts.
2016:07:26-15:14:40 firewall-1 postgres[30097]: [3-3] STATEMENT: select ins_websecurity($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14::int4, $15::int4, $16::int4, $17::int8)
...

...and so on, almost every 3 seconds

Checking the logs shows, that this error came up after Installing 9.402-7 (on May 13th 2016).
Right now the dual SG-230 HA system runs on actual 9.404-5

Any hints to correct this very quickly? 
I need more speed right now, because in 2 days, there will be the whole VOIP connect to the firewall... 

tnx and meeow!

Clyde



This thread was automatically locked due to age.
Parents
  • Although this will delete the data in the data bases and graphs, Clyde, it's the only way to fix your issue.  If you're uncomfortable doing this yourself, ask Sophos Support.  As root at the command line: /etc/init.d/postgresql92 rebuild

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Although this will delete the data in the data bases and graphs, Clyde, it's the only way to fix your issue.  If you're uncomfortable doing this yourself, ask Sophos Support.  As root at the command line: /etc/init.d/postgresql92 rebuild

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hello Bob,

    ...and again you saved my day! I rebuilt the database with the command, and everything is fine again, CPU load went down to 9%. Nice!

    Thanks a lot, have a good day too!

    cheers

    Clyde

    <big-meeow>

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)

  • Hi Bob,

    I was a little bit to fast with being happy :-)

    20 miutes after the database-rebuild, the Dashboard still shows 92-96% CPU load
    Weird: the postgres service, that was up to 35% before is low now (0.1%)
    The highest CPU load is marked by the syslog service (?) see below:

    root      5906 10.2  0.0  10456  6736 ?        Ss   07:10   9:05  \_ /usr/sbin/syslog-ng -f /etc/syslog-ng.conf


    But then again, system-log is still filled with :

    (...)

    2016:07:28-08:47:31 firewall-1 postgres[28239]: [3-1] ERROR: function ins_websecurity(unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, integer, integer, integer, bigint) does not exist at character 8

    2016:07:28-08:47:31 firewall-1 postgres[28240]: [3-1] ERROR: function ins_websecurity(unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, integer, integer, integer, bigint) does not exist at character 8
    2016:07:28-08:47:31 firewall-1 postgres[28240]: [3-2] HINT: No function matches the given name and argument types. You might need to add explicit type casts.

    (...)

    What's going wrong here? The high-cpu-load started after the upgrade to 9.402-7 months ago.
    Why is the cpu-load high on dashboard, when i can't see any service with high-load on the process-list?

    tnx

    Clyde

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)

  • Hi,

    This is a known issue, which is taken into consideration in NUTM- 3882. We are waiting for an update from the Dev Team on this instance.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi,

    Good to hear, that it's not my faulty configuration... :-)
    Cooler runs at 110%, so keep the Dev Team busy!

    tnx

    Clyde

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)

  • Hello sachingurung,

      Hello Sophos-UTM Team

    Our Firewalls (SG-230-HA) still running on 95-97% CPU load, constantly!!

    What's up with NUTM-3882, we really need a solution right now.
    Everything is slow, managment is unhappy with remote-access / VPN speed,
    web-sufing is slow, responsetimes going up! (my nerves too... btw)


    Come on, get me out of this telephone-terror: "Internet is slow..." b [:@]

    Any time-frame, when we can expect a correcting update?


    tnx

    Clyde

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)

  • Hi Clyde,

    Is is possible to log a support case on this matter ? Unfortunately, I cannot push the developers until a support case is logged further.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi sachingurung,

    Just in case it's possible without opening a support-case, telling those people again and again what's already written here in this posts:

    here is my process-list (never gives you a summary of 97%CPU-Load ?!) and
    below a screenshot from the logfiles, showing some "significant" CPU-load step after update 9.402-7
    (without any other changes), 

    Together with NUTM-3882 this should be realy enough to wake up development, don't you think?

    Currently running under FW 9.405-5 still no changes, just d*** slow!

    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         2  0.0  0.0      0     0 ?        S    Aug02   0:00 [kthreadd]
    root         3  0.0  0.0      0     0 ?        S    Aug02  11:59  \_ [ksoftirqd/0]
    root         5  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [kworker/0:0H]
    root         7  0.0  0.0      0     0 ?        S    Aug02   1:43  \_ [migration/0]
    root         8  0.0  0.0      0     0 ?        S    Aug02   0:06  \_ [rcu_bh]
    root         9  0.1  0.0      0     0 ?        S    Aug02  20:23  \_ [rcu_sched]
    root        10  0.0  0.0      0     0 ?        S    Aug02   1:34  \_ [migration/1]
    root        11  0.0  0.0      0     0 ?        S    Aug02   8:06  \_ [ksoftirqd/1]
    root        13  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [kworker/1:0H]
    root        14  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [khelper]
    root       123  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [writeback]
    root       126  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [bioset]
    root       127  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [crypto]
    root       129  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [kblockd]
    root       335  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [khubd]
    root       343  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [edac-poller]
    root       462  0.0  0.0      0     0 ?        S    Aug02   0:25  \_ [kswapd0]
    root       527  0.0  0.0      0     0 ?        SN   Aug02   0:04  \_ [khugepaged]
    root       528  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [fsnotify_mark]
    root      1167  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [deferwq]
    root      1251  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [ata_sff]
    root      1269  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [scsi_eh_0]
    root      1272  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [scsi_eh_1]
    root      1275  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [scsi_eh_2]
    root      1278  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [scsi_eh_3]
    root      1830  0.1  0.0      0     0 ?        S<   Aug02  21:36  \_ [kworker/0:1H]
    root      1849  0.0  0.0      0     0 ?        S<   Aug02   4:01  \_ [kworker/1:1H]
    root      2606  0.0  0.0      0     0 ?        S    Aug02   0:21  \_ [jbd2/sda6-8]
    root      2607  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [ext4-rsv-conver]
    root      3037  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [jbd2/sda1-8]
    root      3038  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [ext4-rsv-conver]
    root      3039  0.0  0.0      0     0 ?        S    Aug02  11:30  \_ [jbd2/sda5-8]
    root      3040  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [ext4-rsv-conver]
    root      3041  0.0  0.0      0     0 ?        S    Aug02   3:17  \_ [jbd2/sda7-8]
    root      3042  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [ext4-rsv-conver]
    root      3043  0.0  0.0      0     0 ?        S    Aug02   0:00  \_ [jbd2/sda8-8]
    root      3044  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [ext4-rsv-conver]
    root      4557  0.0  0.0      0     0 ?        S<   Aug02   0:00  \_ [redd]
    root      2992  0.0  0.0      0     0 ?        S    07:11   0:01  \_ [kworker/u4:1]
    root     23319  0.1  0.0      0     0 ?        S    14:35   0:08  \_ [kworker/0:0]
    root     17502  0.0  0.0      0     0 ?        S    15:11   0:00  \_ [kworker/u4:0]
    root      6950  0.0  0.0      0     0 ?        S    15:35   0:00  \_ [kworker/1:1]
    root     10291  0.0  0.0      0     0 ?        S    15:45   0:00  \_ [kworker/1:2]
    root     18184  0.0  0.0      0     0 ?        S    15:55   0:00  \_ [kworker/0:2]
    root     17130  0.0  0.0      0     0 ?        S    15:56   0:00  \_ [kworker/u4:2]
    root         1  0.0  0.0   1932   540 ?        Ss   Aug02   0:03 init [3]  
    root      2667  0.0  0.0   2412   300 ?        S<s  Aug02   0:00 /sbin/udevd --daemon
    root      4967  0.0  0.0   2500   252 ?        S<   Aug02   0:00  \_ /sbin/udevd --daemon
    root      6835  0.0  0.0   2408   324 ?        S<   Aug02   0:00  \_ /sbin/udevd --daemon
    root      3413  0.0  0.0   1944   664 ?        S    Aug02   0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
    200       3426  0.0  0.0   2616   216 ?        Ss   Aug02   0:00 /bin/dbus-daemon --system
    201       3644  0.0  0.0   6664  1456 ?        Ss   Aug02   0:02 /usr/sbin/hald --daemon=yes
    root      3645  0.0  0.0   3680   708 ?        S    Aug02   0:00  \_ hald-runner
    root      3666  0.0  0.0   5588   704 ?        S    Aug02   0:00      \_ hald-addon-input: Listening on /dev/input/event1 /dev/input
    root      3681  0.0  0.0   5600   712 ?        S    Aug02   0:00      \_ /usr/lib/hal/hald-addon-cpufreq
    201       3682  0.0  0.0   5324   596 ?        S    Aug02   0:00      \_ hald-addon-acpi: listening on acpid socket /var/run/acpid.s
    root      3711  0.0  0.0   2204   404 ?        Ss   Aug02   2:59 /usr/sbin/lcd-serial300 5
    root      3723  0.2  0.0   6272  4380 ?        Ss   Aug02  38:32 /sbin/haveged -w 1024 -v 0
    root      3747  0.0  0.2  58088 22316 ?        Ss   Aug02   0:55 confd [master]
    root      3748  0.0  0.0   1912   468 ?        S    Aug02   0:00  \_ logger -p daemon.debug -t confd[3747]
    root      3893  0.0  0.1  55108 15316 ?        S    Aug02   4:42  \_ confd [listener]
    root     23497  1.2  0.4  76188 40028 ?        S    15:49   0:09      \_ confd [worker:prpc:webadmin]
    root     28716  0.0  0.0   2736   968 ?        R    16:01   0:00      |   \_ ps auxwf
    root     27380  2.2  0.0      0     0 ?        Z    16:01   0:00      \_ [confd.plx] <defunct>
    root     28177  1.0  0.2  55108 19660 ?        S    16:01   0:00      \_ confd [worker:prpc:system]
    root      3762  0.0  0.0   1912   444 ?        Ss   Aug02   0:00 /usr/local/bin/confd-queuer
    root      3774  0.0  0.0   8080  4120 ?        Ss   Aug02   0:15 confd-qrunner.pl
    root      3791  0.0  0.0   8980  3404 ?        S    Aug02   2:52 /usr/local/bin/sysmond
    root      3828  0.0  0.0  17272  5300 ?        S    Aug02   0:00 /var/aua/aua.bin
    root      3829  0.0  0.0   1912   200 ?        S    Aug02   0:00  \_ logger -p daemon.debug -t aua[3828]
    root     31830  0.0  0.0      0     0 ?        Z    15:30   0:00  \_ [aua.bin] <defunct>
    root      4098  0.0  0.0  14276  4432 ?        S    Aug02   0:00 /usr/local/bin/notifier.plx -d
    rrdcache  4115  0.0  0.0 100676   820 ?        Ssl  Aug02   2:12 /usr/bin/rrdcached -l unix:/var/run/rrdcached/socket -m 777 -b /var
    at        4146  0.0  0.0   2360   216 ?        Ss   Aug02   0:00 /usr/sbin/atd
    root      4308  0.0  0.0   1908   544 ?        S    Aug02   0:00 /usr/local/bin/watch_path
    root      4310  0.0  0.0   3240  3236 ?        S<Lsl Aug02   0:51 /usr/local/bin/ha_daemon
    root      4312  0.0  0.0   2000   468 ?        Ss   Aug02   0:17 /usr/local/bin/ha_sysmond
    root      4546  0.0  1.5 143196 125032 ?       S    Aug02   7:03 /var/mdw/mdw.plx
    root      4550  0.0  0.0   1912   516 ?        S    Aug02   0:01  \_ logger -p daemon.debug -t middleware[4546]
    root      4687  0.0  0.0   1936   364 ?        Ss   Aug02   0:02 runsvdir -P /etc/service log: .....................................
    root      4693  0.0  0.0   1792   204 ?        Ss   Aug02   0:00  \_ runsv snort-00
    snort    24999  8.5  3.5 368644 289428 ?       S<l  Aug10 155:03  |   \_ /sbin/snort -M -Q -c /etc/snort/snort.conf -K none -P 65535
    root      4694  0.0  0.0   1792   208 ?        Ss   Aug02   0:00  \_ runsv selfmonng
    root      4696  0.2  0.0  11732  4396 ?        S    Aug02  27:40      \_ /usr/local/bin/selfmonng.plx
    root      4706  0.0  0.0  11448   840 ?        S    Aug02   0:01          \_ [timewarp check]
    root      4688  0.0  0.0   2440   684 tty1     Ss+  Aug02   0:00 /sbin/mingetty --no-hostname tty1
    root      4689  0.0  0.0   2440   684 tty2     Ss+  Aug02   0:00 /sbin/mingetty --no-hostname tty2
    root      4690  0.0  0.0   2440   676 tty3     Ss+  Aug02   0:00 /sbin/mingetty --no-hostname tty3
    root      4691  0.0  0.0   2440   684 tty4     Ss+  Aug02   0:00 /sbin/mingetty --no-hostname tty4
    root      4692  0.0  0.0   2160   600 ttyS0    Ss+  Aug02   0:00 /sbin/mingetty ttyS0
    root      4726  0.0  0.0   4728   448 ?        Ss   Aug02   0:01 /usr/sbin/rsyncd --daemon
    root      4750  0.0  0.1  19332  9064 ?        S<s  Aug02   6:26 /usr/sbin/conntrackd -d
    root      5199  0.0  1.5 173264 127196 ?       Ssl  Aug02   9:18 /usr/sbin/named -4
    root      5229  0.0  0.0   2380   736 ?        Ss   Aug02   0:00 /usr/sbin/cron
    root      7016  0.0  0.0   2420   592 ?        S    00:01   0:00  \_ /usr/sbin/cron
    root      7027  0.0  0.0      0     0 ?        Zs   00:01   0:00      \_ [sh] <defunct>
    root      5276  0.0  0.0   4960   492 ?        Ss   Aug02   0:00 /usr/sbin/sshd -f /etc/ssh/sshd_config
    root      5358  0.0  0.0   2744    44 ?        Ss   Aug02   0:00 /usr/sbin/pptpd
    root      5486  0.0  0.0   8800  1116 ?        Ss   Aug02   0:14 /bin/pop3proxy
    root     21642  0.0  0.0   8932  2580 ?        S    16:01   0:00  \_ /bin/pop3proxy
    root     21643  0.0  0.0   8932  2580 ?        S    16:01   0:00  \_ /bin/pop3proxy
    root     21644  0.0  0.0   8932  2580 ?        S    16:01   0:00  \_ /bin/pop3proxy
    root     28219  0.0  0.0   8932  2612 ?        S    16:01   0:00  \_ /bin/pop3proxy
    ftpproxy  5487  0.0  0.0   2316    48 ?        S    Aug02   0:00 /usr/sbin/frox -f /etc/frox.conf
    root      5505  0.0  0.0   3812   256 ?        S    Aug02   0:00 supervising syslog-ng                     
    root      5506 22.0  0.5 132536 41604 ?        Ss   Aug02 2893:47  \_ /usr/sbin/syslog-ng -f /etc/syslog-ng.conf
    root     16943  0.1  0.3  30264 26292 ?        S    15:56   0:00      \_ /usr/bin/perl /usr/local/bin/reporter/admin-reporter.pl
    root     16944  0.1  0.1  16616 12836 ?        S    15:56   0:00      \_ /usr/bin/perl /usr/local/bin/reporter/pfilter-reporter.pl
    root     16946  0.0  0.0  37376  1456 ?        Sl   15:56   0:00      \_ /usr/local/bin/reporter/vpn-reporter.pl
    root     16949  0.0  0.1  15740 11856 ?        S    15:56   0:00      \_ /usr/bin/perl /usr/local/bin/reporter/mailsec-reporter.pl
    root     16951  0.0  0.1  16844 13044 ?        S    15:56   0:00      \_ /usr/bin/perl /usr/local/bin/reporter/ips-reporter.pl
    root     16957  0.0  0.1  16344 12448 ?        S    15:56   0:00      \_ /usr/bin/perl /usr/local/bin/reporter/waf-reporter.pl
    root     28715  0.0  0.0   3764  1116 ?        S    16:01   0:00      \_ /usr/local/bin/reporter/websec-reporter.pl
    root     28717  0.0  0.4 132536 39656 ?        R    16:01   0:00      \_ /usr/sbin/syslog-ng -f /etc/syslog-ng.conf
    root      5976  0.1  5.0 481512 412092 ?       Ssl  Aug02  22:42 /usr/bin/cssd -d
    root      5986  0.0  0.0   4360   376 ?        Ss   Aug02   0:00 /usr/lib/ctasd/ctasd.bin -p /var/run/ctasd_outbound.pid -l /usr/lib
    root      5991  0.0  0.2  48248 22152 ?        Sl   Aug02   1:54  \_ /usr/lib/ctasd/ctasd.bin -p /var/run/ctasd_outbound.pid -l /usr
    root      6002  0.0  0.0   4360   388 ?        Ss   Aug02   0:00 /usr/lib/ctasd/ctasd.bin -p /var/run/ctasd_inbound.pid -l /usr/lib/
    root      6007  0.0  0.3  55216 27572 ?        Sl   Aug02   3:45  \_ /usr/lib/ctasd/ctasd.bin -p /var/run/ctasd_inbound.pid -l /usr/
    root      6029  1.0  0.0  23088  3264 ?        Ssl  Aug02 140:31 ./ctipd.bin -l /usr/lib/ctipd
    810       6299  4.4  9.5 1850024 774768 ?      Ssl  Aug02 590:10 /var/chroot-http/usr/bin/httpproxy -f -c /var/chroot-http -u httppr
    postgres  6684  0.0  0.0  12428  4928 ?        S    Aug02   0:04 /usr/local/bin/repctl
    root      6769  0.0  0.0   6484  1196 ?        Ss   Aug02   0:01 /usr/libexec/postfix/master -w
    postfix  18394  0.0  0.0   6304  1536 ?        S    15:57   0:00  \_ pickup -l -t unix -u -c
    postfix  18395  0.0  0.0   6360  1552 ?        S    15:57   0:00  \_ qmgr -l -t unix -u -c
    root      6841  0.0  0.0   2276   212 ?        S    Aug02   1:09 /usr/sbin/openl2tpd
    root      6885  0.0  0.0   2376    76 ?        Ss   Aug02   0:00 /usr/libexec/ipsec/starter
    root      6897  0.0  0.0   8800   444 ?        Ss   Aug02   0:00  \_ /usr/libexec/ipsec/pluto --nofork --debug-none --nocrsend --nat
    root      7198  0.0  0.0   1892     0 ?        S    Aug02   0:00      \_ _pluto_adns
    root      7515  0.0  0.0  10252  1292 ?        Ss   Aug02   0:14 /usr/sbin/dhcpd -cf /etc/dhcpd.conf eth5 eth0
    root      7709  0.0  0.0   5356   892 ?        Ss   Aug02   6:10 /usr/sbin/irqd
    root      8066  0.0  0.0  15592  6196 ?        Ss   Aug02   0:02 confd-sync
    postgres  8093  0.0  0.0   4728   420 ?        Ss   Aug02   0:00 /usr/bin/rsync --daemon --config /var/lib/postgresql/rsyncd.conf
    nobody    8123  0.0  0.0   4060    20 ?        S    Aug02   0:02 /sbin/ha_proxy
    nobody    8125  0.0  0.0   4060     4 ?        S    Aug02   0:00  \_ /sbin/ha_proxy
    postgres  8204  1.9  0.3 1107184 29376 ?       S    Aug02 250:32 /usr/pgsql92/bin/postgres -D /var/storage/pgsql92/data
    postgres  8395  0.0  1.3 1107808 105480 ?      Ss   Aug02   0:38  \_ postgres: checkpointer process                        
    postgres  8396  0.0  0.0 1107700 7264 ?        Ss   Aug02   0:02  \_ postgres: writer process                              
    postgres  8397  0.0  0.2 1107700 17048 ?       Ss   Aug02   1:38  \_ postgres: wal writer process                          
    postgres  8398  0.0  0.0 1108464 1828 ?        Ss   Aug02   0:22  \_ postgres: autovacuum launcher process                 
    postgres  8399  0.0  0.0   7984   544 ?        Ss   Aug02   0:00  \_ postgres: archiver process   last was 0000000100000023000000EB
    postgres  8400  0.4  0.0   8264   864 ?        Ss   Aug02  65:23  \_ postgres: stats collector process                     
    postgres  8547  0.0  0.0 1110748 5188 ?        Ss   Aug02   0:02  \_ postgres: smtp smtp 127.0.0.1(54392) idle             
    postgres  8604  0.0  0.3 1110944 25112 ?       Ss   Aug02   0:01  \_ postgres: smtp smtp 127.0.0.1(54399) idle             
    postgres  8718  0.0  0.0 1110748 4700 ?        Ss   Aug02   0:00  \_ postgres: pop3 pop3 198.19.250.2(34200) idle          
    postgres  8734  0.0  0.2 1110768 22652 ?       Ss   Aug02   0:32  \_ postgres: pop3 pop3 127.0.0.1(54414) idle             
    postgres  8743  0.0  0.0 1110748 5224 ?        Ss   Aug02   0:02  \_ postgres: smtp smtp 198.19.250.2(34227) idle          
    postgres  8745  0.0  0.0 1110772 5688 ?        Ss   Aug02   0:00  \_ postgres: smtp smtp 198.19.250.2(34233) idle          
    postgres  8958  0.0  0.0 1108436 1800 ?        Ss   Aug02   3:57  \_ postgres: wal sender process repmgr 198.19.250.2(34268) streami
    postgres 27833  0.0  0.0 1110748 6284 ?        Ss   00:15   0:31  \_ postgres: smtp smtp 198.19.250.2(55728) idle          
    postgres 26746  0.1  0.4 1111220 34696 ?       Ss   10:56   0:20  \_ postgres: reporting reporting [local] idle            
    postgres 20638  0.0  0.0 1110112 4184 ?        Ss   15:59   0:00  \_ postgres: repmgr repmgr 198.19.250.2(59698) idle      
    postgres 13024  0.0  0.0 1110748 6024 ?        Ss   16:00   0:00  \_ postgres: smtp smtp 127.0.0.1(39386) idle             
    postgres 21646  0.1  0.0 1110872 7084 ?        Ss   16:01   0:00  \_ postgres: pop3 pop3 127.0.0.1(39401) idle             
    postgres 21647  0.0  0.0 1110872 6824 ?        Ss   16:01   0:00  \_ postgres: pop3 pop3 127.0.0.1(39402) idle             
    postgres 21649  0.0  0.0 1110872 7156 ?        Ss   16:01   0:00  \_ postgres: pop3 pop3 127.0.0.1(39403) idle             
    postgres 28221  0.0  0.0 1110808 6660 ?        Ss   16:01   0:00  \_ postgres: pop3 pop3 127.0.0.1(39423) idle             
    root      8226  0.0  0.2  41740 18300 ?        Ss   Aug02   9:10 awed [master]
    root      8748  0.0  0.1  41740 12344 ?        S    Aug02   4:51  \_ AP55C A400340E1301C6E (AP55C #20 ET)
    root      8750  0.0  0.1  41740 12332 ?        S    Aug02   4:52  \_ AP30 A40012724C6DC33 (AP30 #10 EE)
    root      8235  0.0  0.0  12316  7464 ?        Ss   Aug02   1:33 dns-resolver.plx
    root      8268  0.0  0.0   6576  1608 ?        Ss   Aug02   0:11 /usr/sbin/openvpn --config /etc/openvpn/openvpn.conf --writepid /va
    root     25239  0.0  0.0   1904     0 ?        S    Aug04   0:00  \_ async_auth 14
    root      8292  0.0  0.0   9984   412 ?        Ss   Aug02   0:11 /bin/httpd -f /etc/httpd/httpd.conf
    root      8294  0.0  0.0   1912    64 ?        S    Aug02   0:00  \_ /bin/logger -t httpd -p local6.notice
    wwwrun    8295  0.0  0.0   9896   420 ?        S    Aug02   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    wwwrun   23196  0.8  1.2 100880 98536 ?        S    15:49   0:06  |   \_ /var/webadmin/webadmin.plx
    wwwrun   23298  0.0  0.0  10416  3712 ?        S    15:49   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    wwwrun   15072  0.0  0.0  10436  3732 ?        S    15:56   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    wwwrun   22285  0.0  0.0  10120  2728 ?        S    16:01   0:00  \_ /bin/httpd -f /etc/httpd/httpd.conf
    root      8478  0.0  0.0  10988   856 ?        Ssl  Aug02   0:14 /usr/local/bin/service_monitor
    810       8519  0.0  1.4 135908 114424 ?       Ss   Aug02   5:50 /var/chroot-http/opt/ws/bin/urid --chroot /var/chroot-http --user 8
    root      8526  0.0  0.1  67316 13124 ?        Ss   Aug02   6:20 smtpd [master]
    root      8544  0.0  0.1  42132 10004 ?        S    Aug02   0:45  \_ smtpd [queue manager]
    root      8545  0.0  0.0  39496  5888 ?        S    Aug02   0:02  \_ smtpd [sandbox_watcher]
    smtp      8607  0.0  0.0   9192  2208 ?        S    Aug02   0:07  \_ /bin/exim -DINPUT -bdf
    810       7074  0.0  0.0  26096  2440 ?        Sl   00:01   0:00 /var/chroot-http/usr/bin/memd -p 4493
    root     26739  0.1  0.0  32020  2716 ?        S<sl 10:56   0:20 /usr/sbin/ulogd -c /etc/ulogd.conf -d
    afcd     17642  0.1  0.3  50656 30224 ?        S<sl 15:56   0:00 /usr/sbin/afcd
    root     17719  0.0  0.0  13436  1808 ?        Ss   15:56   0:00 /sbin/ntpd



    
    

    Thank you,

    Clyde

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)

  • Clyde, this isn't a common problem.  The way things work at Sophos, issues cannot be brought to the developers from posts here.  You should get a case open, get it escalated and then ask Support to get the developers involved.  If you have a strong Sophos Solution Partner, they should also be involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Good things first: it works again!

    I made a backup of the current config, took the "Standby-Node" Firewall out of the network and did a factory-reset on it.
    I planned to reconfigure the machine step-by-step, but then decided, to reinstall the backup i've just made.

    And lucky me, it works right the way it should: CPU load went down to 6% (up to 40% peaks).
    Switched the nodes and done the same thing to the seccond appliance.

    After sync, they both working togehter again as a stable HA-System.
    Don't know what happened before, but if it works this way: well, fine for me!  :-)

    Thanks for the help! 


    meeeow!
    Clyde

    __________________
    System-Administrator
    Astaro-User since Dez.2009
    2 x SG230-HA (Fw. V9.x)