Zenarmor periodicals not working correctly?

Started by Maginos, Today at 02:10:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:10:20 PM
Hi all,

I have a question concerning Zenarmor periodicals:


Every Day at 4:03 am I get the following message from Zabbix:


Problem: Lack of avail. memory on server OPNsense 2
Problem started at 04:03:13 on 2026.02.08
Problem name: Lack of avail. memory on server OPNsense 2
Host: OPNsense
Severity: Warning
Operational data: 3.45 GB
Original problem ID: 79101

The value at Operational data varies, it can be 450 MB or less.

My Opnsense (version 25.7_11 so far, I just upgraded atm to 26.1) has a total amount of 16 GB of RAM, which is plenty for only Zenarmor running and no Suricata.

I looked up in /var/log/system/latest.log and found NO Out-Of-Memory entry there, so I assume, the OOM error from Zabbix comes from the ARC of my ZFS array. I have two SSDs, which are configured in Z1.

The message from Zabbix I get after 3-4 days and then daily always at 4 am in the morning.

I looked up my cronjobs and only Zenarmor periodicals are running at that time.

After some research I found, that the file /usr/local/datastore/sqlite/conn_all.sqlite keeps growing in size up to some GB.

When this file reaches a certain size, I get the OOM error in zabbix. That's the reason why I see the error in Zabbix after some days.

If I reset the database of Zenarmor via GUI manually, the conn_all.sqlite file is reduced in size and the zabbix error message does not occur for some days.

After that it occurs again and I have to reset the database manually again.

In future, I would like to avoid this.

On a second OPNSense machine, everything works perfectly.

I have following settings on the OPNSense:

- Sqlite
- Reporting Period 2 days
- Memory Disk Size 300 MB
- Tracefs Partition Size 100 MB

Logs:

- Log Level Debug
- Rotation 1 Day
- Retire 3 Days


I already uninstalled and reinstalled Zenarmor (restore from backup), but that didn't help.

So my assumption is, that the database is not properly cleaned up by Zenarmor periodicals cronjob and therefore the conn_all.sqlite file keeps growing.

What can I do in this situation?


Thank you for your help.

Maginos
Print
Go Up Pages1
User actions