I can restart and it and the CPU hog seems to go away for a while but it soon comes back and runs like this 24/7. Let's take a look with top:
root@bosk:~ # top
last pid: 1685; load averages: 1.74, 1.54, 1.34 up 5+21:38:23 11:13:46
60 processes: 3 running, 57 sleeping
CPU: 29.7% user, 0.0% nice, 1.7% system, 0.3% interrupt, 68.3% idle
Mem: 388M Active, 5572M Inact, 202M Laundry, 1416M Wired, 735M Buf, 312M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
51222 root 1 103 0 37M 26M CPU3 3 141.5H 99.72% python3.8
86842 root 7 20 0 3076M 1166M nanslp 2 662:06 6.80% suricata
49827 root 1 20 0 61M 36M select 1 0:01 1.21% php-cgi
426 root 2 52 0 105M 59M accept 3 0:27 0.53% python3.8
61091 root 1 20 0 61M 37M accept 2 0:03 0.12% php-cgi
35054 root 1 20 0 14M 4052K CPU0 0 0:00 0.07% top
88400 root 4 20 0 43M 12M kqread 1 30:55 0.06% syslog-ng
// SNIP
So that's PID 51222:
root@bosk:~ # ps 51222
PID TT STAT TIME COMMAND
51222 - Rs 8487:33.77 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.8)
root@bosk:~ #
So searching around I'm not the first to report such a thing so this looks like a longstanding problem. I'm not seeing any plausible solutions to the problem though.
If I had strace available I'd take a look to see what the process was doing.
Any thoughts? I'm sure if I disable netflow the problem will go away but that does remove rather an important feature of opnsense.
If you don't use netflow, disable it.
I noticed this while setting up my new netflow collector (remote), and I shutdown the flowd_aggregate service via the gui ( I expect there is a place to disable it, please do tell!!)