I use the Sophos Single Sign-On Client (SSO) the first one in Client downloads page.
The thing happens at morning as i notice my internet connection in my desktop lost constantly, then i check the xg find there is high cpu usage with little traffic. Using top i find a "worker" process constantly running 100% (suppose it's single threaded), and "access_server" "login_user" "logout_user" apear time to time with high cpu usage. This brings me the the authentication log where i find the logs below, which is apearantly unnormal.
|
2017-02-13 14:33:59
|
Firewall Authentication
|
SUCCESSFUL
|
user@domain.local
|
10.18.100.146
|
SSO
|
N/A
|
Open PCAP
|
|
|
2017-02-13 14:33:59
|
Firewall Authentication
|
SUCCESSFUL
|
user@domain.local
|
10.18.100.146
|
SSO
|
AD
|
Open PCAP
|
|
|
2017-02-13 14:34:00
|
Firewall Authentication
|
SUCCESSFUL
|
user@domain.local
|
10.18.100.146
|
SSO
|
N/A
|
Open PCAP
|
|
|
2017-02-13 14:34:00
|
Firewall Authentication
|
SUCCESSFUL
|
user@domain.local
|
10.18.100.146
|
SSO
|
AD
|
Open PCAP
|
I manually stop all of the SSO Client and CPU instantly went back to normal (mostly idle).
So far i have tried reboot every thing around it and itself. I also have tried to restore a know good config backup a month ago. Rollback to the 16.01.3 MR-2. All of them didn't solve the problem.
=====edited======
unrelated
Find some thing strange, /log/syslog.log shows /bin/login is constantly restarted in a one sec interval
Feb 14 03:08:02 (none) daemon.info init: process '/bin/login' (pid 9706) exited. Scheduling for restart.
Feb 14 03:08:02 (none) daemon.info init: starting pid 9707, tty '/dev/ttyS0': '/bin/login'
Feb 14 03:08:03 (none) daemon.info init: process '/bin/login' (pid 9707) exited. Scheduling for restart.
Feb 14 03:08:03 (none) daemon.info init: starting pid 9708, tty '/dev/ttyS0': '/bin/login'
This thread was automatically locked due to age.
