flowd_aggregate.py seems to hang and use 100% of a CPU core:
root@sense:/var/log # ps awwux | grep python
root 23373 100.0 0.4 49448 30248 - Rs 08:26 60:35.15 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)
To me it seems flowd log rotation has an issue. flowd.log is 2.2GB large and it's the only file since 3 days...
Could this be the trigger for the python script to hang, that it cannot deal with a file that huge?... I'll try to delete the flowd.log file and see what happens.
root@sense:/var/log # ls -la flowd*
-rw------- 1 root wheel 2279341264 Aug 24 10:34 flowd.log
-rw------- 1 root wheel 10486044 Aug 22 23:11 flowd.log.000001
-rw------- 1 root wheel 782466528 Aug 22 03:59 flowd.log.000002
-rw------- 1 root wheel 101899976 Aug 20 13:58 flowd.log.000003
-rw------- 1 root wheel 10502864 Jul 29 10:04 flowd.log.000004
-rw------- 1 root wheel 10495928 Jul 29 05:20 flowd.log.000005
-rw------- 1 root wheel 10487840 Jul 29 00:13 flowd.log.000006
-rw------- 1 root wheel 10507124 Jul 28 19:29 flowd.log.000007
-rw------- 1 root wheel 10531068 Jul 28 08:40 flowd.log.000008
-rw------- 1 root wheel 10489760 Jul 26 17:05 flowd.log.000009
-rw------- 1 root wheel 10506312 Jul 15 02:37 flowd.log.000010
also, I have configured System > Settings > Logging to 5 days, why is flowd ignoring this? Is it a different setting for flowd?
I deleted all flowd log files under /var/log, but flowd_aggregate.py continues to use a full core (100%).
I disabled IDS, and it's still consuming 100%.
One day later, flowd.log was back at 20GB (!) and had not rotated. I deleted it, but flowd_aggregate.py is still consuming 100%...
Settings under System > Settings > Logging have no influence on flowd it seems (neither resetting, neither the number days of retention). Where do I configure flowd logging behaviour?
Found the flowd logging settings, it's where it should be, I scrolled past it 4 times somehow. ::)