Messages

Same issue here. Since upgrade to 23.7.10_1-amd64 cpu usage is much more higher then before and my monit system monitor regularly complains about cpu usage over 75%.

Code Select Expand

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
46114 root          1  85    0    48M    31M CPU1     1  33.0H  97.91% /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)
24479 root          1  28    0    69M    33M nanslp   0   0:01  11.18% /usr/local/bin/php-cgi
  257 root          1  52    0   135M    40M accept   0  39:54   4.87% /usr/local/bin/python3 /usr/local/opnsense/service/configd.py console (python3.9)
67545 root         13  20    0  2869M  1074M nanslp   1 790:15   3.19% /usr/local/bin/suricata -D --netmap --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml
19874 root         12  20  -20   906M    43M uwait    2 124:11   2.45% ipdrstreamer
22851 mongodb      28  52    0  2876M  1043M uwait    2 242:15   2.34% /usr/local/bin/mongod --logappend --setParameter=disabledSecureAllocatorDomains=* --config /usr/local/etc/mongodb.conf --fork
19514 root         12  20  -20  2997M   332M nanslp   1 471:32   2.03% eastpect: Eastpect Instance 0 (eastpect)
55207 root          3  20    0    50M  9976K kqread   3  12:06   0.46% /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-ng.pid
15107 root          1  20    0    14M  3660K CPU3     3   0:02   0.43% top
44068 root          1  20    0    60M    31M accept   0   0:06   0.31% /usr/local/bin/php-cgi
37823 root          2  20  -20   946M    56M nanslp   2  18:10   0.28% /usr/local/zenarmor//bin/eastpect -D
80154 root          1  20    0    13M  1796K bpf      0   2:04   0.18% /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
80838 root          1  28    0    13M  1784K nanslp   0   0:19   0.10% /usr/sbin/cron -s
16942 root          1  20    0    21M  7204K kqread   1   1:04   0.09% /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
69045 root          1  20    0    25M    14M select   1   1:58   0.08% /usr/local/bin/python3 /usr/local/opnsense/scripts/dhcp/unbound_watcher.py --domain home (python3.9)
82347 root          1  20    0    23M    11M select   1   3:23   0.05% /usr/local/bin/python3 /usr/local/sbin/configctl -e -t 0.5 system event config_changed (python3.9)
98727 root          1  20    0    18M  7344K select   0   0:00   0.05% sshd: root@pts/0 (sshd)
82850 root          1  20    0    23M    11M select   1   3:04   0.04% /usr/local/bin/python3 /usr/local/opnsense/scripts/syslog/lockout_handler (python3.9)
  258 squid         1  20    0   174M    21M kqread   3   1:39   0.03% (squid-1) --kid squid-1 -f /usr/local/etc/squid/squid.conf (squid)
54088 root          1  21    0    13M  1932K wait     1   1:25   0.02% /bin/sh /var/db/rrd/updaterrd.sh
39938 root          1  20    0    21M  5868K select   2   0:28   0.01% /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf


Does anyone have some suggestions?

Greetings Manuel

I'm struggling with suricata quite a long time. I activated it today since long time ago again and I reckon that's not working properly. I'm sending all logs to pfelk and my kibana log is empty. If I check the Alerts Tab in Intrusion Detection --> Administration --> Alerts the last shown log entries are back from 2019.

My config looks like the following.

There are a lot of threads in this forum and I also checked the Wiki from opnsense. Could you please help me, where should I start?

Thank you for your help.

Regards Manuel

Hello
After updating to newest release 21.1.5 on 23.05. 12:00 the CPU Load looks now different. As mentioned by gpb python3.7 is using quite a lot of CPU time.

Code Select Expand


last pid: 16333;  load averages:  0.79,  0.89,  0.89                                                                                                                         up 3+20:47:14  08:57:55
49 processes:  1 running, 48 sleeping
CPU:  2.8% user,  0.0% nice,  7.0% system,  0.6% interrupt, 89.6% idle
Mem: 53M Active, 1518M Inact, 461M Wired, 217M Buf, 2095M Free
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
17984 root          1  20    0    29M    20M select   2  35.3H   0.03% python3.7
88970 root          1  20    0  1048M  8424K select   2  10:52   0.14% openvpn
68332 root         11  20    0    39M  7824K nanslp   3   8:45   0.00% collectd
8987 root          1  52    0  1037M  3332K wait     3   2:40   0.00% sh
90751 root          1  20    0    26M    11M select   2   1:53   0.04% python3.7
16747 root          1  20    0    21M    11M select   2   1:42   0.04% python3.7
90286 root          3  20    0    32M    11M kqread   2   1:33   0.08% syslog-ng
58694 root          1  52    0    54M    32M accept   0   1:29   0.97% python3.7


Greetings Manuel

Hello gpb
Thank you for your answer and the link. This is it.  :D

Regards Manuel

Hello Astucky
Thank you for your answer. Will try this out.

Regards Manuel

Hello
I have collectd running on my opnsense box which is a apu2e4 with 4 cores (AMD Embedded G series GX-412TC) and 4GB RAM. As you can see in my Grafana Graphics there is a zigzag of the CPU Usage. Normally the cpu load raises over 2 or 3 days continuously and then drops to 1%.

Does anybody know the reason for this or has made same observation?

Thank you very much for a hint.

Greetings Manuel

Hello
I managed to toggle a firewall alias to enable and disable through the api with postman. Unfortunately it seems, that after this change a firewall reload seems to be necessary. How can I do this through the api?

My goal is to enable/disable a firewall rule to block my kids devices completely from accessing the internet. For this reason I created a firewall alias with all ips of my kids devices and then I created a firewall rule using that alias as source.

I just want to enable/disable that rule or alias very quickly from my smartphone without accessing the web gui. Any advice is very welcome.  ;)

Thank you for your help.

Greetings Manuel

Hello
Managed to create the following FW rules. It's now working :-)

Thank you for your help.

Manuel

Hello
I'm trying to setup a separate dmz network (no dhcp). The goal is to have only Internet access from this network. No Access to LAN on this new network at all. How can I achieve this? I tried to configure the fw according to the opnsense how to "Setup a guest network" but I can't resolve host names at all and browse the internet.

What is wrong with my fw rules?

Thank you very much for your help.

Manuel

Hello together
I never managed to get IPS up and running on 18.7.9 and suricata 4.0.6. I still only see "Action allowed" in the Alert tab of  Intrusion Detection Administration whatever rules (abuse and some opnsense) I have activated. Hardware Offloading on NIC is disabled and WAN and even LAN interface is activated.

Any idea to get also some drop actions?

Thank you very much for your help.

Manuel

Hello xmichielx
Thank you very much for your answer. So only LAN instead of WAN should be selected in Settings --> interfaces  ???? I currently only have WAN interface according to the opnsense Wiki selected.

I'll try this asap.

Greetings Manuel

Hello
I'm still on 18.7.9 and Suricata 4.0.6. I followed the instructions on https://wiki.opnsense.org/manual/how-tos/ips-feodo.html and downloading all abuse.ch rules daily via cron. I also enabled them and changed Filter to drop. If I check my alerts I only can find log entries with action allowed. I can't find not one blocked action. Strange.

Does my IPS really do his job? How can I test it and force a blocked action?

Thank you very much for your help.

Greetings,
Manuel

Hello Franco
Yes, on my box IDS and IPS is enabled on WAN interface only.

Managed to update from 18.7 to 18.7.9 and WAN problems are gone. My internet connection to ISP is stable since some days.

Sorry that I can't assist you anymore but I couldn't find any error entries in dmesg or system.log when loosing IP address on WAN interface igb1.

Regards Manuel

Hello Franco
Thank you for your detailed answer. I'll try this this evening.

Really appreciate your help and work.

Greetings Manuel

Hello Franco
Thank you very much for your explanation.

# opnsense-revert -r 18.7.9 opnsense

Didn't work for me and produced a

# Fetching opnsense.txz: .. failed

Maybe because of missing internet connection?

I still don't get the point how to upgrade from 18.7 to 18.7.9 now. Sorry about that.

Yes you're right, WAN DHCP does not keep its designated IP. That's the problem.

I also checked system.log after upgrading to 18.7.10 but couldn't see any hint why WAN is losing its IP address. Unfortunately I had to go back to 18.7 because I can't live without internet and I don't have another apu2 to play with.

Maybe someone else could provide more info out of log files to investigate this issue.

Thank you very much for your help I'm really a big big fan of opnsense! Very good work.

Greetings Manuel