samplicate pegging cpu

Started by ubu, March 18, 2026, 04:31:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 18, 2026, 04:31:33 PM
I am very new to opnsense.
Environment
OPNsense 26.1.4 (amd64)
Hardware: HP Pavilion tower, AMD A12-9800 CPU
NICs: igc0 (WAN), igc1 (LAN), re0 (DMZ)

Problem
samplicate is running at 100% CPU continuously. It was configured with two NetFlow destinations (127.0.0.1:2055 and 127.0.0.1:2056) but nothing is actually consuming data on those ports — sockstat confirms nothing is listening on 2056 and only samplicate itself is on 2055.

Reproduction steps
Any attempt to stop samplicate causes an instant silent reboot loop that requires restoring a config backup to recover. Attempts made:
— GUI: Clearing NetFlow destinations and hitting Apply
— CLI: service netflow stop
— CLI: kill <pid>
— CLI: ngctl shutdown ksocket_netflow_igc0: then ngctl shutdown netflow_igc0: then kill <pid>
All result in an immediate reboot loop. System log captures nothing before the reboot — the kernel appears to die before it can write to disk.

Diagnostics
— /var/crash/ is empty — no crash dumps generated
— dmesg shows no panic or fatal entries
— monit is not watching samplicate (monit summary shows only System and RootFs)
— samplicate is launched via daemon wrapper by /usr/local/etc/rc.d/netflow
— netflow stop uses kill -9 on samplicate then ngctl shutdown on netflow nodes
— UPS is healthy (CyberPower 1350VA, 100% charge, OL status)
— No os-netflow, os-insight, or os-ntopng plugins installed — NetFlow is OPNsense core

Current netflow.conf

netflow_interfaces="igc0"
netflow_egress_only="igc0"
netflow_version="9"
netflow_int_destination="127.0.0.1:2055"
netflow_destinations=" 127.0.0.1/2055  127.0.0.1/2056 "
netflow_active_timeout=1800
netflow_inactive_timeout=15
Question
Is this a known issue with netgraph + samplicate on this kernel version? Is there a safe way to disable NetFlow/samplicate without triggering a kernel panic? Is there a way to enable crash dumps to capture the panic for a proper bug report?

Any help appreciated. Happy to run additional diagnostics.
Today at 10:43:45 AM #1
this is crazy to me that not a single person responded to this. I am still dealing with samplicate pegging my cpu. I don't know what else to do
Today at 10:47:31 AM #2
Hmm if nothing is listening to NetFlow why enable NetFlow? It will generate NetFlow output for each packet on the interfaces you configured it on and that takes a lot of CPU. Samplicate will offer the data to all configured receivers further hogging CPU. Yes, this is without anyone looking for NetFlow data but the data is already there otherwise nobody will be able to receive it.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
Print
Go Up Pages1
User actions