I've updated to 25.7.11_1 (from 25.7.10) 1 or 2 days ago. A few minutes ago the hostwatch process went haywire and stayed at 100%. I also saw that syslog-ng was at about 80%. Then I killed the hostwatch process and everything went back to normal.
What is this process and what does it do? Is it a new service and what could it make to jump to 100% CPU all of a sudden?
Ok, in the release notes I can see:
This release brings the new host discovery service which resolves and remembers MAC addresses for IPv4 and IPv6 hosts in your connected networks and provides this data for the firewall MAC aliases and captive portal clients. It is now enabled by default, but you can choose to opt out by disabling the automatic discovery option.
Well, my questions still remain. What could it make to jump to 100% CPU all of a sudden? Also, I am not sure what this actually does. MAC addresses are "remembered" in the ARP cache, so why do I need this service? What is going to be worse (perf, functionality, ...) when I do not use this service?
Nothing is going to be worse, just disable it.
Interfaces: Neighbors: Automatic Discovery
It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.
Quote from: Patrick M. Hausen on January 17, 2026, 04:01:33 PMNothing is going to be worse, just disable it.
Interfaces: Neighbors: Automatic Discovery
It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.
More useless garbage that we didn't ask for..... Why can't this be a plugin that those folks can install separately and not brick our routers.... I have a 16Gig hostwatch log this morning, lose gui, forced to restart to recover... Definitely not a professional group here....
Quote from: bycarlsjr on January 17, 2026, 07:05:25 PMQuote from: Patrick M. Hausen on January 17, 2026, 04:01:33 PMNothing is going to be worse, just disable it.
Interfaces: Neighbors: Automatic Discovery
It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.
More useless garbage that we didn't ask for..... Why can't this be a plugin that those folks can install separately and not brick our routers.... I have a 16Gig hostwatch log this morning, lose gui, forced to restart to recover... Definitely not a professional group here....
Yep, that new feature broke my WebUI because it filled up the storage completely ( /var/log/hostwatch/hostwatch_20260116.log was more than 100 Gigs).
People reporting high CPU usage with this update is probably related to this also.
Here is the explanation -> https://github.com/opnsense/hostwatch/issues/8
I noticed that since upgrading, the disk access LED on my Opnsense box flashes much more often than before the upgrade - like every 2 seconds or so. I disabled the Host Discovery feature and it stopped immediately. I'm not sure what this feature needs to access the disk so much for (my log file was only 40KB after running for a few hours), but this seems like a great way to wear out an SSD. I agree this feature should be disabled by default; those who need it can enable it themselves.
Quote from: Patrick M. Hausen on January 17, 2026, 04:01:33 PMNothing is going to be worse, just disable it.
Interfaces: Neighbors: Automatic Discovery
It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.
Thank you very much. This explains it perfectly. Not the 100% CPU usage, but what this thing actually is. I checked the docs, but I couldn't find anything related to the new UI form. e.g. there should all be an "exclude interfaces" field. I have over 20 interfaces (mostly VLANs), and 4 WAN interfaces. I certainly don't need discovery on the WAN, but the current UI requires me to select all internal interfaces.
Your explanation (answer) is exactly what should be in the documentation. ;-)