RAM consumption - out of space memory - Log management

Started by s1lence, March 08, 2022, 10:57:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 08, 2022, 10:57:34 AM Last Edit: March 08, 2022, 11:30:08 AM by s1lence
Hello everyone.

This is my first post here.
First of all, we'd like to thank OPNSense technical team for their work.

We would just want to share our last production incident appearing from last upgrades.

Some new logs (logs level?) have to be added recently.
Probably since 21.+ versions.

In fact since we upgraded from 20 to 21+ versions we observed some incredible RAM usage on some of our OPNSense.

The RAM was consumed with a perfect rising ramp.
We discovered then that logs are indeed write in RAM in:
/var/log/...

We should have known better.

Here, you can read the "pfsense" documentation:
https://docs.netgate.com/pfsense/en/latest/monitoring/logs/size.html

As you can read logs default size should be 500KB with a rotation and a maximum of 7 files if our understanding is correct. This might not be the case for OPNSense but I did not find this level of details in OPNSense documentation. The restrictions on log file size and rotation may not be implemented.

I precise that ofc we did not change anything in default logging policy/settings.

The thing is that we observe some +300 MB log file wrote in a day for some of our infrastructure in:
"/var/log/filter/filter_date.log"

The disk will get filled and the OPNSense crash with a spamming error:
"..... out of swap space"

So if anyone is experimenting this kind of behaviour.
You can of course mount /var/log on an external disk...
Or you can temporarily clear and disable logging in
>> system > settings > logging

Hope this help the few of us having this kind of issue with RAM management on most recent OPNSense without having, like us, the knowledge to fix it straight away.

Kind regards.
March 12, 2022, 03:17:47 PM #1
I can confirm the exact same behaviour on my own SOHO edge box. I've disabled logging for now and it looks like I won't have to reboot every 7 days or so.

But, I can confirm a perfect ramp of free mem use with no processes really accounting for any of that, and resetting logs had an immediately effect.
March 20, 2022, 06:21:50 PM #2
I had same issue, fixed with 22.1.3 update
Print
Go Up Pages1
User actions