100% CPU (linked to IDS/Suricata?)

[Tugdualenligne]

Hi there, I've had twice the same issue with one my CPU bloated at 100% on this:
/usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -p /var/run/legacy_log -S /var/run/legacy_logpriv -k -s -s -f /var/etc/

In the Suricata logs I get also that message (inked to the WireGuard interface I have created):
suricata: [101248] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'wg1': (55u) No buffer space available

The only way to stop that 100% use was to stop the Suricata IDS.
Issue is that 1/ this is not normal; 2/ it barely enables the rest of the system to function correctly (web sites not accessible); 3/ and my server is quite hot! (passive cooling)

I have had that issue with both versions 20.1.3 and 20.1.4

Any ideas how to correct that please?

Many thanks in advance

[Supermule]

What hardware??

[Tugdualenligne]

I'm using a Qotom Q350G4, CPU i5-4200U

[shadesh]

Had the same issue with syslogd, i also had strange core dumps with out of memory with it.
My solution was:

1. Stop syslogd (Webinterface or CLI, whatever makes you happy)
2. Remove everything in /var/log
3. Start syslogd again

Check the process load of syslogd with "top" or something and be sure that it get's down to a normal level after a few moments.

[Tugdualenligne]

Thanks for your response. I tried and rebooted my system. Will keep you posted on what happens next (if any).

By the way, going to the root console, I noticed the follwing messages that appear a bit weird (I didn't disable the wg (WireGuarg) interface, so not sure why it was 'destryed'

[Tugdualenligne]

I got the issue another time. When I deactivate the WG (WireGuard) interface in the Wireguard settings, it stops the 100% CPU usage. So I'm staying with that setting at the moment...

If anyone has an idea... it'll be most welcome

Many thanks

[dia4]

I've had a similar problem with Suricata and high cpu load.
What have worked for me was to login on root console, menu option (11) did the trick!


Ciao