Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 1897 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virtual sophos XG reboots spontaniously every few days, snort is eating swap

johanj

Hi,

I need some help, anyone has the same?

I have a virual sophosXG running ( SFV1C2 (SFOS 17.1.1 MR-1) 1 CPU, 2Gb memory) it spontaniuosly reboots every few days. I think it is related to snort eating away the swapfile

When the firewall is just started after a reboot the swap usage by snort is low:

SFV1C2_VM01_SFOS 17.1.1 MR-1# for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | grep snort

Tue Jul 17 12:31:27 CEST 2018
snort 364 kB
snort 716 kB
snort 644 kB


But after a while it starts to grow. 8Mb is added per snort proces every half hour. That sums up to 32mb per hour. Until al swap is consumed, (see full log below)

Thu Jul 19 10:01:57 CEST 2018
snort 67684 kB
snort 64720 kB
snort 472 kB

This goes on until all swap is consumed, from then the firewall can keep running for some time but eventualy it will reboot.

SFV1C2_VM01_SFOS 17.1.1 MR-1# uptime
 09:30:43 up 4 days,  1:30,  load average: 4.27, 3.87, 4.15
SFV1C2_VM01_SFOS 17.1.1 MR-1# top
top - 09:30:51 up 4 days,  1:30,  0 users,  load average: 4.01, 3.82, 4.14
Tasks: 370 total,   3 running, 367 sleeping,   0 stopped,   0 zombie
Cpu(s):  8.9%us,  8.6%sy,  0.0%ni, 75.2%id,  5.3%wa,  0.0%hi,  2.0%si,  0.0%st
Mem:   2053060k total,  1641936k used,   411124k free,     9272k buffers
Swap:  1048572k total,  1048572k used,        0k free,    87580k cached

  PID  PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 3976  20   0 31104  15m 2520 S  8.2  0.8  25:52.60 worker
 6612  20   0  8892   68    0 S  2.0  0.0   0:04.21 dhcpd
 6728  20   0  310m  64m 2304 S  2.0  3.2  66:39.26 snort
   18  20   0     0    0    0 S  1.6  0.0  26:33.41 kswapd0
 3833  20   0     0    0    0 S  0.7  0.0   0:02.97 kworker/0:1

Some log I keep from the growing swap usage:

 Thu Jul 19 06:01:55 CEST 2018
snort 8880 kB
snort 8528 kB
snort 472 kB
--------
Thu Jul 19 06:31:55 CEST 2018
snort 19268 kB
snort 18084 kB
snort 472 kB
--------
Thu Jul 19 07:01:55 CEST 2018
snort 23432 kB
snort 22180 kB
snort 472 kB
--------
Thu Jul 19 07:31:56 CEST 2018
snort 28516 kB
snort 27260 kB
snort 472 kB
--------
Thu Jul 19 08:01:56 CEST 2018
snort 37712 kB
snort 36456 kB
snort 472 kB
--------
Thu Jul 19 08:31:56 CEST 2018
snort 40480 kB
snort 39228 kB
snort 472 kB
--------
Thu Jul 19 09:01:56 CEST 2018
snort 47144 kB
snort 45500 kB
snort 472 kB
--------
Thu Jul 19 09:31:57 CEST 2018
snort 56420 kB
snort 54552 kB
snort 472 kB
--------
Thu Jul 19 10:01:57 CEST 2018
snort 67684 kB
snort 64720 kB
snort 472 kB
--------



This thread was automatically locked due to age.
Parents Reply Children
No Data