Messages

I disabled the log parser because it was pegging a CPU. My dual 10 gig, with dual 40 gig internal links, were handling to much traffic for the python code to process efficiently.

I think stopping the parser caused the log files to stop rotating eventually filling up my firewall disks. I had to ssh in, remove the file manually, and restart all services for the space to actually get freed (while troubleshooting, I rebooted, which is probably why I needed to restart the services, and free the file handle to the log).

I wish there was a way to fix this. Either with a much more efficient parser, or the ability to disable/limit collection so this doesn't happen again.

Clearing the netflow data fixed it for awhile, but eventually the CPU usage returned. For now I'm just going to renice the process.

Stopping the flowd_aggregate service via the web GUI eliminated the CPU process. After doing so I noticed a file that the /var/log/flowd.log file had grown to be over a gigabyte. Not sure where it was at before I stopped the aggregator process though.

Anyways, I cleared the netflow data via the web GUI, and so far, the process isn't hogging a CPU core anymore.

I'm seeing this same problem. Netflow is pegging a CPU at 100% ... I just rebooted my firewall so I'm wondering if my recent config changes did this, or the problem was there before I didn't notice.

Anyone know if this is a bug in the code, or is netflow simply having trouble keeping up with the traffic volume? My firewall is pushing an average of about a 1 gigabit/sec out to the internet (bursting up to 10 gigs), and that doesn't include internal traffic. So it's possible the volume is simply too much for a single threaded python process to handle. I've noticed the process does periodically drop to idle. But it doesn't stay that way for long (5 to 8 minutes at 100% followed by less than 2 minutes at idle, if I'm guesstimating).

Thoughts?