Author Topic: flowd_aggregate.py consuming 100% of one core – flowd log rotation issue? (Read 1100 times)

9axqe · « **on:** August 24, 2023, 10:41:23 am »

flowd_aggregate.py seems to hang and use 100% of a CPU core:

root@sense:/var/log # ps awwux | grep python
root    23373 100.0  0.4   49448  30248  -  Rs   08:26    60:35.15 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)

To me it seems flowd log rotation has an issue. flowd.log is 2.2GB large and it's the only file since 3 days...

Could this be the trigger for the python script to hang, that it cannot deal with a file that huge?... I'll try to delete the flowd.log file and see what happens.

Code: [Select]

root@sense:/var/log # ls -la flowd*
-rw-------  1 root  wheel  2279341264 Aug 24 10:34 flowd.log
-rw-------  1 root  wheel    10486044 Aug 22 23:11 flowd.log.000001
-rw-------  1 root  wheel   782466528 Aug 22 03:59 flowd.log.000002
-rw-------  1 root  wheel   101899976 Aug 20 13:58 flowd.log.000003
-rw-------  1 root  wheel    10502864 Jul 29 10:04 flowd.log.000004
-rw-------  1 root  wheel    10495928 Jul 29 05:20 flowd.log.000005
-rw-------  1 root  wheel    10487840 Jul 29 00:13 flowd.log.000006
-rw-------  1 root  wheel    10507124 Jul 28 19:29 flowd.log.000007
-rw-------  1 root  wheel    10531068 Jul 28 08:40 flowd.log.000008
-rw-------  1 root  wheel    10489760 Jul 26 17:05 flowd.log.000009
-rw-------  1 root  wheel    10506312 Jul 15 02:37 flowd.log.000010

9axqe · « **Reply #1 on:** August 24, 2023, 10:45:44 am »

also, I have configured System > Settings > Logging to 5 days, why is flowd ignoring this? Is it a different setting for flowd?

9axqe · « **Reply #2 on:** August 25, 2023, 07:52:43 am »

I deleted all flowd log files under /var/log, but flowd_aggregate.py continues to use a full core (100%).

I disabled IDS, and it's still consuming 100%.

One day later, flowd.log was back at 20GB (!) and had not rotated. I deleted it, but flowd_aggregate.py is still consuming 100%...

Settings under System > Settings > Logging have no influence on flowd it seems (neither resetting, neither the number days of retention). Where do I configure flowd logging behaviour?

9axqe · « **Reply #3 on:** August 25, 2023, 08:42:07 pm »

Found the flowd logging settings, it's where it should be, I scrolled past it 4 times somehow.

Author Topic: flowd_aggregate.py consuming 100% of one core – flowd log rotation issue? (Read 1100 times)

9axqe

flowd_aggregate.py consuming 100% of one core – flowd log rotation issue?

9axqe

Re: flowd_aggregate.py consuming 100% of one core – flowd log rotation issue?

9axqe

Re: flowd_aggregate.py consuming 100% of one core – flowd log rotation issue?

9axqe

Re: flowd_aggregate.py consuming 100% of one core – flowd log rotation issue?