Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
100% CPU (linked to IDS/Suricata?)
« previous
next »
Print
Pages: [
1
]
Author
Topic: 100% CPU (linked to IDS/Suricata?) (Read 7606 times)
Tugdualenligne
Newbie
Posts: 13
Karma: 0
100% CPU (linked to IDS/Suricata?)
«
on:
April 11, 2020, 04:04:02 pm »
Hi there, I've had twice the same issue with one my CPU bloated at 100% on this:
/usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -p /var/run/legacy_log -S /var/run/legacy_logpriv -k -s -s -f /var/etc/
In the Suricata logs I get also that message (inked to the WireGuard interface I have created):
suricata: [101248] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'wg1': (55u) No buffer space available
The only way to stop that 100% use was to stop the Suricata IDS.
Issue is that 1/ this is not normal; 2/ it barely enables the rest of the system to function correctly (web sites not accessible); 3/ and my server is quite hot! (passive cooling)
I have had that issue with both versions 20.1.3 and 20.1.4
Any ideas how to correct that please?
Many thanks in advance
«
Last Edit: April 11, 2020, 04:05:35 pm by Tugdualenligne
»
Logged
Supermule
Full Member
Posts: 235
Karma: 15
Re: 100% CPU (linked to IDS/Suricata?)
«
Reply #1 on:
April 11, 2020, 04:09:47 pm »
What hardware??
Logged
Tugdualenligne
Newbie
Posts: 13
Karma: 0
Re: 100% CPU (linked to IDS/Suricata?)
«
Reply #2 on:
April 11, 2020, 04:27:19 pm »
I'm using a Qotom Q350G4, CPU i5-4200U
Logged
shadesh
Newbie
Posts: 41
Karma: 2
What?
Re: 100% CPU (linked to IDS/Suricata?)
«
Reply #3 on:
April 11, 2020, 04:58:53 pm »
Had the same issue with syslogd, i also had strange core dumps with out of memory with it.
My solution was:
1. Stop syslogd (Webinterface or CLI, whatever makes you happy)
2. Remove everything in /var/log
3. Start syslogd again
Check the process load of syslogd with "top" or something and be sure that it get's down to a normal level after a few moments.
Logged
Tugdualenligne
Newbie
Posts: 13
Karma: 0
Re: 100% CPU (linked to IDS/Suricata?)
«
Reply #4 on:
April 11, 2020, 06:15:14 pm »
Thanks for your response. I tried and rebooted my system. Will keep you posted on what happens next (if any).
By the way, going to the root console, I noticed the follwing messages that appear a bit weird (I didn't disable the wg (WireGuarg) interface, so not sure why it was 'destryed'
Logged
Tugdualenligne
Newbie
Posts: 13
Karma: 0
Re: 100% CPU (linked to IDS/Suricata?)
«
Reply #5 on:
April 13, 2020, 09:49:12 pm »
I got the issue another time. When I deactivate the WG (WireGuard) interface in the Wireguard settings, it stops the 100% CPU usage. So I'm staying with that setting at the moment...
If anyone has an idea... it'll be most welcome
Many thanks
Logged
dia4
Newbie
Posts: 24
Karma: 2
Re: 100% CPU (linked to IDS/Suricata?)
«
Reply #6 on:
January 23, 2021, 11:28:42 pm »
I've had a similar problem with Suricata and high cpu load.
What have worked for me was to login on root console, menu option (11) did the trick!
Ciao
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
100% CPU (linked to IDS/Suricata?)