Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 5750 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CPU baseline has gone from 10% to about 25%

harrisonpensa

Since June 8, our firewall CPU baseline has gone from about 10% to almost 25%. You can see it in the graph segment that I pasted here. Running TOP, the biggest consumer of CPU is httpprox and the odd spike of postgress but not much else happening. I checked the change logs and nothing was done on the 8th at all other than up2dates at 6:30am and pm which is scheduled to go at those times. It started happening out of the blue. 

 I am not sure what else to check other than looking at some archived log files starting on the 8th. Anyone else seen or notice this by any chance or does anyone have any suggestions/trouble shooting ideas I should use? 

 

Thanks.

 



This thread was automatically locked due to age.
  • 0

    If rebooting doesn't resolve the problem, you should get Sophos Support involved, Harrison.

    I suspect they will tell you that re-initializing the PostgreSQL databases might help get it back to 10% but that would mean losing the history in graphs and Reporting.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I figured out how this occurred. Believe it or not, one of my internal users visited a computer shopping web site and left his web browser open on the shopping page. I am not sure what was on that page but for the last number of days, it was generating so much web traffic that it was consuming about 15% of my CPU usage on my firewall. I found all of the activity in the logs. As soon as I identified the weird traffic, identified the IP, visited the user and he closed the browser window, everything stopped and was normal.

    I suspect the web page the user was on must have had video/streaming/constant refreshing going on at a furious pace. No viruses involve, just weird constant http traffic. 

    Problem is now solved thanks to the logging and some instinct on which logs to look at.

     

Unfiltered HTML