Hello. Thanks for all the stories from everyone. I disabled some pretty nasty (lots of port matches) terms and the issue went away for a few weeks.
I've just edited this term, by adding an IP to the destination-prefix-list: [edit firewall family ethernet-switching filter ci_infra] - term splunk { - from { - protocol [ tcp udp ]; - destination-port [ 9997 http 9998 syslog ]; - source-prefix-list { - trusted_nets; - } - destination-prefix-list { - ci_splunk; - } - } - then accept; - } And here we are again.. doh. last pid: 55690; load averages: 1.00, 1.00, 0.84 up 29+03:39:44 14:12:55 112 processes: 5 running, 88 sleeping, 19 waiting Mem: 203M Active, 21M Inact, 91M Wired, 61M Cache, 110M Buf, 606M Free Swap: PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 832 root 1 129 0 81544K 37152K RUN 36.8H 96.19% pfem I am waiting for it to calm down again, do you think splitting the term into a TCP and UDP version will help? Regards, C. -- +442077294797 http://mediaserviceprovider.com/ _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp