flowd_aggregate.py consuming 100% of one core – flowd log rotation issue?

Started by 9axqe, August 24, 2023, 10:41:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 24, 2023, 10:41:23 AM
flowd_aggregate.py seems to  hang and use 100% of a CPU core:

Code Select

root@sense:/var/log # ps awwux | grep python
root    23373 100.0  0.4   49448  30248  -  Rs   08:26    60:35.15 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)



To me it seems flowd log rotation has an issue. flowd.log is 2.2GB large and it's the only file since 3 days...

Could this be the trigger for the python script to hang, that it cannot deal with a file that huge?... I'll try to delete the flowd.log file and see what happens.

Code Select

root@sense:/var/log # ls -la flowd*
-rw-------  1 root  wheel  2279341264 Aug 24 10:34 flowd.log
-rw-------  1 root  wheel    10486044 Aug 22 23:11 flowd.log.000001
-rw-------  1 root  wheel   782466528 Aug 22 03:59 flowd.log.000002
-rw-------  1 root  wheel   101899976 Aug 20 13:58 flowd.log.000003
-rw-------  1 root  wheel    10502864 Jul 29 10:04 flowd.log.000004
-rw-------  1 root  wheel    10495928 Jul 29 05:20 flowd.log.000005
-rw-------  1 root  wheel    10487840 Jul 29 00:13 flowd.log.000006
-rw-------  1 root  wheel    10507124 Jul 28 19:29 flowd.log.000007
-rw-------  1 root  wheel    10531068 Jul 28 08:40 flowd.log.000008
-rw-------  1 root  wheel    10489760 Jul 26 17:05 flowd.log.000009
-rw-------  1 root  wheel    10506312 Jul 15 02:37 flowd.log.000010
August 24, 2023, 10:45:44 AM #1
also, I have configured System > Settings > Logging to 5 days, why is flowd ignoring this? Is it a different setting for flowd?
August 25, 2023, 07:52:43 AM #2
I deleted all flowd log files under /var/log, but flowd_aggregate.py continues to use a full core (100%).

I disabled IDS, and it's still consuming 100%.

One day later, flowd.log was back at 20GB (!) and had not rotated. I deleted it, but flowd_aggregate.py is still consuming 100%...

Settings under System > Settings > Logging have no influence on flowd it seems (neither resetting, neither the number days of retention). Where do I configure flowd logging behaviour?
August 25, 2023, 08:42:07 PM #3
Found the flowd logging settings, it's where it should be, I scrolled past it 4 times somehow.  ::)

Print
Go Up Pages1
User actions