Re: [pfSense Support] PHP Process consuming 100% CPU
Well, I uninstalled the Snort plugin after reading your mail. That may have been the cause. I guess a pentium III 900MHz just can't handle snort + PHP. - Original Message - From: "Glenn Kelley" To: support@pfsense.com Sent: Sunday, November 29, 2009 9:50:53 AM GMT -08:00 US/Canada Pacific Subject: Re: [pfSense Support] PHP Process consuming 100% CPU I saw this as well - found it was the snort plugin doing it when ever it was clicked - cpu climbed. Interesting - on the sister machine (same hardware - same config) cannot duplicate. On Nov 29, 2009, at 2:31 AM, darkf...@comcast.net wrote: Hello all, I am running pfSense 1.2.3-RC1, and the php process is currently eating 100% CPU. I have tried logging in via SSH and using the "restart the WebConfigurator" option, but that doesn't restart the PHP process. I am holding off on restarting the machine in case any devs was to SSH in and see if there's anything they can see causing the issue. All I can tell that causes the PHP process to do this is viewing certain pages in the web interface. Thank you for any help. AR
[pfSense Support] Viewing RRD Graphs causes system lock-up or reboot.
Going to the RRD Graphs page will lock up the pfSense box (rare), or will cause it to reboot (typical). I am running pfSense 1.2.3-RC3 on the PC platform on a Pentium III Gateway PC with 256MB of 133Mhz SD-RAM. ACPI is disabled because it doesn't work properly. The system was built in 2001 according to the labels on it. When I had a monitor attached, during boot there was a bunch of warnings that flashed up faster than I could read them, but they pertained to the RRD database. Something about it being damaged or invalid entries. I have noticed that the reboot/lock-up occurs while rendering the graphs for the last 6 months and 18 months. So perhaps during a power failure (this being a residential pfSense install, not a business one) the RRD data became corrupt. Is there a way I can remove the invalid data and keep the good data, or do I need to completely reset the RRD database. And how would I go about accomplishing these tasks if they are indeed my only solutions? (I like to keep the graphs to monitor internet usage to avoid exceeding ISP bandwidth caps). Thank you for your assistance.
Re: [pfSense Support] PHP Process consuming 100% CPU
yeah - honestly what I found was Snort needs some pretty good processor to do the job... I know of some basic hardware that does it really well - under $400 for a simple rackmount It works well however :-) Found it on this list just a short time ago Have a great productive week. Glenn On Nov 30, 2009, at 5:27 AM, darkf...@comcast.net wrote: > Well, I uninstalled the Snort plugin after reading your mail. That may have > been the cause. I guess a pentium III 900MHz just can't handle snort + PHP. > > > - Original Message - > From: "Glenn Kelley" > To: support@pfsense.com > Sent: Sunday, November 29, 2009 9:50:53 AM GMT -08:00 US/Canada Pacific > Subject: Re: [pfSense Support] PHP Process consuming 100% CPU > > I saw this as well - found it was the snort plugin doing it when ever it was > clicked - cpu climbed. > Interesting - on the sister machine (same hardware - same config) cannot > duplicate. > > > > On Nov 29, 2009, at 2:31 AM, darkf...@comcast.net wrote: > > Hello all, > > I am running pfSense 1.2.3-RC1, and the php process is currently eating 100% > CPU. I have tried logging in via SSH and using the "restart the > WebConfigurator" option, but that doesn't restart the PHP process. > I am holding off on restarting the machine in case any devs was to SSH in and > see if there's anything they can see causing the issue. > All I can tell that causes the PHP process to do this is viewing certain > pages in the web interface. > > Thank you for any help. > AR > >
Re: [pfSense Support] Viewing RRD Graphs causes system lock-up or reboot.
darkf...@comcast.net schreef: Going to the RRD Graphs page will lock up the pfSense box (rare), or will cause it to reboot (typical). Sounds like you have a faulty cpu cooler or a bad stick of ram. for the last 6 months and 18 months. So perhaps during a power failure These are the heaviest to generate graphs from as these contain the most data. Is there a way I can remove the invalid data and keep the good data, or That's hard. do I need to completely reset the RRD database. And how would I go about Remove /var/db/rrd/.rrd Generating graphs is a read only operation, it can only get corrupted during a update which happens once every minute. Considering one or more databases is damaged I think your hardware is pretty sick. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Weird msg in pfsense logs
Dear All, I'm getting this message in my logs - but I can't explain it, any help? kernel: arp: 19.19.19.19 is on le2 but got reply from 00:01:02:03:04:05 on le1 I'm going to assume that this message is because it's received a return packet, or an expected packet on a different interface than the one it was expecting. Does this packet still get processed, for example if it was suppose to be forwarded to another system, or does it get dropped when this message is noted? (ip address and mac address changed) --- Kind Regards, Mr Gabriel
Re: [pfSense Support] Weird msg in pfsense logs
Gabriel - IP Guys schreef: Dear All, kernel: arp: 19.19.19.19 is on le2 but got reply from 00:01:02:03:04:05 on le1 You have a system moving from one interface to another. That or you have a cable loop. Also possible is that somebody created a network bridge under windows XP between 2 network adapters. was expecting. Does this packet still get processed, for example if it was suppose to be forwarded to another system, or does it get dropped when this message is noted? It gets dropped, because it comes in on the wrong interface. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Weird msg in pfsense logs
> -Original Message- > From: Seth Mos [mailto:seth@xs4all.nl] > Sent: 30 November 2009 12:06 > To: support@pfsense.com > Subject: Re: [pfSense Support] Weird msg in pfsense logs > > Gabriel - IP Guys schreef: > > Dear All, > > > > kernel: arp: 19.19.19.19 is on le2 but got reply from > 00:01:02:03:04:05 > > on le1 > > You have a system moving from one interface to another. That or you > have > a cable loop. > > Also possible is that somebody created a network bridge under windows > XP > between 2 network adapters. > > > was expecting. Does this packet still get processed, for example if > it > > was suppose to be forwarded to another system, or does it get dropped > > when this message is noted? > > It gets dropped, because it comes in on the wrong interface. > > Regards, > > Seth > > If I have a shared physical network, and this is the reason that the second interface sees those packets, can I tick the box under 'System' Advanced Functions, that says "suppress ARP messages when interfaces share the same physical network" Will this mean that packets now get routed, or will they still get dropped? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Weird msg in pfsense logs
Gabriel - IP Guys schreef: "suppress ARP messages when interfaces share the same physical network" That surpresses the arp messages, just like it should. Will this mean that packets now get routed, or will they still get dropped? Dropped. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Weird msg in pfsense logs
> -Original Message- > From: Seth Mos [mailto:seth@xs4all.nl] > Sent: 30 November 2009 13:14 > To: support@pfsense.com > Subject: Re: [pfSense Support] Weird msg in pfsense logs > > Gabriel - IP Guys schreef: > > > > "suppress ARP messages when interfaces share the same physical > network" > > That surpresses the arp messages, just like it should. > > > Will this mean that packets now get routed, or will they still get > > dropped? > > Dropped. > Arrgh! Is this correct behaviour? Basically, I have two ISP connections and those connections are plugged into a switch, into which is plugged my router - at the moment I have a fedora box, happily connected to both ISP's and routing all inbound and outbound connections properly. This does not drop packets. My last question, if this message comes up, will the packet be received on both interfaces? Because I see no reason why a packet that is not destined for that interface is being dropped. How can I check if the correct interface has not picked up the packet? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Viewing RRD Graphs causes system lock-up or reboot.
darkf...@comcast.net wrote: > Going to the RRD Graphs page will lock up the pfSense box (rare), or > will cause it to reboot (typical). > I am running pfSense 1.2.3-RC3 on the PC platform on a Pentium III > Gateway PC with 256MB of 133Mhz SD-RAM. ACPI is disabled because it > doesn't work properly. The system was built in 2001 according to the > labels on it. > > When I had a monitor attached, during boot there was a bunch of > warnings that flashed up faster than I could read them, but they > pertained to the RRD database. Something about it being damaged or > invalid entries. > I have noticed that the reboot/lock-up occurs while rendering the > graphs for the last 6 months and 18 months. So perhaps during a power > failure (this being a residential pfSense install, not a business one) > the RRD data became corrupt. > > Is there a way I can remove the invalid data and keep the good data, > or do I need to completely reset the RRD database. And how would I go > about accomplishing these tasks if they are indeed my only solutions? > (I like to keep the graphs to monitor internet usage to avoid > exceeding ISP bandwidth caps). > > Thank you for your assistance. Other possibilities: 1) memory errors that are only hit when generating graphs from lots of data. 2) hard drive errors. 3) bad data, but I would expect this would just cause the graphs to be screwy for those time frames. Lyle Giese LCR Computer Servcies, Inc.
RE: [pfSense Support] Weird msg in pfsense logs
> Date: Mon, 30 Nov 2009 13:37:49 + > From: gabr...@impactteachers.com > To: support@pfsense.com > Subject: RE: [pfSense Support] Weird msg in pfsense logs > > Arrgh! Is this correct behaviour? Basically, I have two ISP connections > and those connections are plugged into a switch, into which is plugged > my router - at the moment I have a fedora box, happily connected to both > ISP's and routing all inbound and outbound connections properly. This > does not drop packets. > > My last question, if this message comes up, will the packet be received > on both interfaces? Because I see no reason why a packet that is not > destined for that interface is being dropped. How can I check if the > correct interface has not picked up the packet? > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > can you please make an ASCII drawing of the layout you are talking about? the way you describe it barely makes sense. why not have separate interfaces on the router for the 2 ISP connections? or are you using VLAN's on the switch?
RE: [pfSense Support] Weird msg in pfsense logs
From: Sean Cavanaugh [mailto:millenia2...@hotmail.com] Sent: 30 November 2009 14:52 To: support@pfsense.com Subject: RE: [pfSense Support] Weird msg in pfsense logs > Date: Mon, 30 Nov 2009 13:37:49 + > From: gabr...@impactteachers.com > To: support@pfsense.com > Subject: RE: [pfSense Support] Weird msg in pfsense logs > > Arrgh! Is this correct behaviour? Basically, I have two ISP connections > and those connections are plugged into a switch, into which is plugged > my router - at the moment I have a fedora box, happily connected to both > ISP's and routing all inbound and outbound connections properly. This > does not drop packets. > > My last question, if this message comes up, will the packet be received > on both interfaces? Because I see no reason why a packet that is not > destined for that interface is being dropped. How can I check if the > correct interface has not picked up the packet? > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > can you please make an ASCII drawing of the layout you are talking about? the way you describe it barely makes sense. why not have separate interfaces on the router for the 2 ISP connections? or are you using VLAN's on the switch? Ah, I see why it must be confusing ISP A ---| | |:5 Port Mini Switch | -- Pfsense WAN adapter --|Pf | | | -- Pfsense Optional adapter --|Box |-- LAN interface ISP B This is my FIRST ASCII diagram! So please be nice! And to explain - both my ISP come into modems, which both plug into the same switch - The modems do not do any NAT and are not the gateways on the LAN. My pfsense box is that. Originally, plugged into the same switch I have a fedora box which worked perfectly. My pfsense box is a virtual box, which has two dedicated virtual NICS which are wired directly to the switch. (Don't ask how or why, please just take my word for it, it works!) Pfsense is the only setup that has complained about this setup, and if it drops packets because of it, I've got a real problem, and I'll have to go back to a previous working setup without pfsense.
Re: [pfSense Support] Weird msg in pfsense logs
On Mon, Nov 30, 2009 at 8:25 AM, Gabriel - IP Guys wrote: > Pfsense is the only setup that has complained about this setup, and if it > drops packets because of it, I’ve got a real problem, and I’ll have to go > back to a previous working setup without pfsense. I did something similar once and had no problems. In my case, both interfaces received the packet in question. I hypothesized that the "correct" interface routed the packet, while the "incorrect" interface just dropped it. I didn't worry too much about it because everything just worked. I was using m0n0wall, which at the time didn't have the option to suppress those messages in the log, which was annoying, but not worse than that. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Weird msg in pfsense logs
> -Original Message- > From: David Burgess [mailto:apt@gmail.com] > Sent: 30 November 2009 15:36 > To: support@pfsense.com > Subject: Re: [pfSense Support] Weird msg in pfsense logs > > On Mon, Nov 30, 2009 at 8:25 AM, Gabriel - IP Guys > wrote: > > > Pfsense is the only setup that has complained about this setup, and > if it > > drops packets because of it, I’ve got a real problem, and I’ll have > to go > > back to a previous working setup without pfsense. > > I did something similar once and had no problems. In my case, both > interfaces received the packet in question. I hypothesized that the > "correct" interface routed the packet, while the "incorrect" interface > just dropped it. I didn't worry too much about it because everything > just worked. I was using m0n0wall, which at the time didn't have the > option to suppress those messages in the log, which was annoying, but > not worse than that. > > db > I was hoping that this was the case, thank you for clarifying this.
RE: [pfSense Support] Weird msg in pfsense logs
>can you please make an ASCII drawing of the layout you are talking about? the >way you describe it barely makes sense. > >why not have separate interfaces on the router for the 2 ISP connections? or >are you using VLAN's on the switch?? > >Ah, I see why it must be confusing > > >ISP A ---| > | > |:5 Port Mini Switch | -- Pfsense WAN > adapter --|Pf | > | | > -- Pfsense Optional adapter --|Box |-- LAN interface >ISP B > > > >This is my FIRST ASCII diagram! So please be nice! And to explain – both my >ISP come into modems, which both plug into the same switch –>The modems do not >do any NAT and are not the gateways on the LAN. My pfsense box is that. >Originally, plugged into the same switch I have>a fedora box which worked >perfectly. My pfsense box is a virtual box, which has two dedicated virtual >NICS which are wired directly to the>switch. (Don’t ask how or why, please >just take my word for it, it works!) > >Pfsense is the only setup that has complained about this setup, and if it >drops packets because of it, I’ve got a real problem, and I’ll have to>go back >to a previous working setup without pfsense. Ok, that makes a lot more sense. you do have 2 interfaces from pfsense, even though they are only virtual interfaces. yes, in this case you need to turn on the option to ignore ARP requests as was previously stated by someone else. also like was stated, the interface that the packet is assigned will respond and other will drop so no worries. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PHP Process consuming 100% CPU
On Mon, Nov 30, 2009 at 5:27 AM, wrote: > Well, I uninstalled the Snort plugin after reading your mail. That may have > been the cause. I guess a pentium III 900MHz just can't handle snort + PHP. > That's more than enough, must be some sort of problem with the Snort package. Haven't seen that personally, we are doing some work on the Snort package right now (primarily for 2.0), may run into or resolve that in the process. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Power Question for pfsense
I've had my disk get corrupted exactly once in the last several years with pfSense power failure. It confused me how it could happen given that the embedded runs with the disk partition for the config mounted RO. In anycase, a manual fsck fixed it up, but it was definitely not something The Boss could have done on her own at home. At home we get power failures at a ridiculous frequency...
Re: [pfSense Support] PHP Process consuming 100% CPU
On Mon, Nov 30, 2009 at 9:43 PM, Chris Buechler wrote: > On Mon, Nov 30, 2009 at 5:27 AM, wrote: >> Well, I uninstalled the Snort plugin after reading your mail. That may have >> been the cause. I guess a pentium III 900MHz just can't handle snort + PHP. > That's more than enough, must be some sort of problem with the Snort > package. Haven't seen that personally, we are doing some work on the > Snort package right now (primarily for 2.0), may run into or resolve > that in the process. I've seen this on three production boxes now, and also seen two users that popped into the IRC channel mentioning the same. The problem seems to be with snort and the option(s): - Convert Snort alerts urls to clickable links - Associate events on Blocked tab If either or both are enabled and you enter the "Blocked" page, the page starts to load and seemingly stops loading. If you fire up top on a console, you see that PHP consumes 100% CPU. At work, we have a decent Dell R200 (Xeon based CPU and 4GB RAM) that spikes with 100% CPU usage on two cores. The execution of the PHP script doesn't seem to time out, and I have to manually kill the PHP processes to get things back to normal. Switching off the above options and then going back into the "Blocked" page, and everything is back to normal. -- Yours sincerely Jostein Elvaker Haande A free society is a place where it is safe to be unpopular http://tolecnal.net -- tolecnal at tolecnal dot net - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PHP Process consuming 100% CPU
On Mon, Nov 30, 2009 at 4:15 PM, Jostein Elvaker Haande wrote: > On Mon, Nov 30, 2009 at 9:43 PM, Chris Buechler wrote: >> On Mon, Nov 30, 2009 at 5:27 AM, wrote: >>> Well, I uninstalled the Snort plugin after reading your mail. That may have >>> been the cause. I guess a pentium III 900MHz just can't handle snort + PHP. >> That's more than enough, must be some sort of problem with the Snort >> package. Haven't seen that personally, we are doing some work on the >> Snort package right now (primarily for 2.0), may run into or resolve >> that in the process. > > I've seen this on three production boxes now, and also seen two users > that popped into the IRC channel mentioning the same. > > The problem seems to be with snort and the option(s): > > - Convert Snort alerts urls to clickable links > - Associate events on Blocked tab > > If either or both are enabled and you enter the "Blocked" page, the > page starts to load and seemingly stops loading. If you fire up top on > a console, you see that PHP consumes 100% CPU. > > At work, we have a decent Dell R200 (Xeon based CPU and 4GB RAM) that > spikes with 100% CPU usage on two cores. The execution of the PHP > script doesn't seem to time out, and I have to manually kill the PHP > processes to get things back to normal. Switching off the above > options and then going back into the "Blocked" page, and everything is > back to normal. > Thanks for the info on replicating, I opened a bug ticket. http://redmine.pfsense.org/issues/show/200 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Mailing list admin
Would the mailing list admin please contact me off list please? Thanks in advance, Curtis Maurand
Re: [pfSense Support] Power Question for pfsense
Perhaps a workaround is in order, you should consider investing in a small UPS. You can then install NUT or APCUPSD packages to perform a safe shutdown when the UPS's battery falls below a certain threshold. Chris > >
[pfSense Support] Wake On LAN
Somehow I cannot get magic packets to awaken any PC on a pfSense LAN. I don't get it. Some motherboard BIOS seem to have WOL and others don't. Even the ones I have that are said to have it cannot be awoken as best I can tell! I have tried an Intel GT1000 with WOL functionality. I can get Boot on LAN to work OK, WOL seems a mystery! It is not clear to me the state that a PC to be awoken in is, I expected that the ATX power supplies would allow the PC to awaken when the right packets are sent however I am wondering if what is needed is a PC in a suspended state - or something else? Any guidance or links would be appreciated please! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Wake On LAN
On Tue, Dec 1, 2009 at 2:53 AM, Tortise wrote: > Somehow I cannot get magic packets to awaken any PC on a pfSense LAN. I > don't get it. > > Some motherboard BIOS seem to have WOL and others don't. Even the ones I > have that are said to have it cannot be awoken as best I can tell! I have > tried an Intel GT1000 with WOL functionality. I can get Boot on LAN to work > OK, WOL seems a mystery! > > It is not clear to me the state that a PC to be awoken in is, I expected > that the ATX power supplies would allow the PC to awaken when the right > packets are sent however I am wondering if what is needed is a PC in a > suspended state - or something else? > Just need a WOL-enabled NIC, and to have WOL turned on in the BIOS. If you have an onboard NIC, it should be as simple as enabling it in the BIOS. As long as the machine is plugged in, it'll wake. With add-in NICs you need a WOL cable from the NIC to the motherboard, that can complicate things. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org