performance problems - fwlogwatch uses 80%MEM

Today content filter was restarted several times. SMTP proxy stopped working again; more precise: connections on port 25 were not possible.

Here's  the output of ps -aux. When I did the ps -aux the system was working not too bad without reboot again. But I am wondering about the cpu time and memory usage of the fwlogwatch process.

Can you help? Let me know if you need anything else!
License is office version, av and content filter enabled.

Regards,

Jochen

USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  1316   80 ?        S    Sep30   0:01 init [3]
root         2  0.0  0.0     0    0 ?        SW   Sep30   0:05 [keventd]
root         3  0.0  0.0     0    0 ?        SWN  Sep30   0:00 [ksoftirqd_CPU0]
root         4  0.3  0.0     0    0 ?        SW   Sep30   7:44 [kswapd]
root         5  0.0  0.0     0    0 ?        SW   Sep30   0:00 [bdflush]
root         6  0.0  0.0     0    0 ?        SW   Sep30   0:00 [kupdated]
root        11  0.0  0.0     0    0 ?        SW   Sep30   0:03 [kjournald]
root        41  0.0  0.0     0    0 ?        SW   Sep30   0:00 [kjournald]
root        42  0.1  0.0     0    0 ?        SW   Sep30   2:44 [kjournald]
root        43  0.0  0.0     0    0 ?        SW   Sep30   0:00 [kjournald]
root        44  0.0  0.0     0    0 ?        SW   Sep30   0:00 [kjournald]
root        45  0.0  0.0     0    0 ?        SW   Sep30   0:00 [kjournald]
root        46  0.0  0.0     0    0 ?        SW   Sep30   0:00 [kjournald]
root       171  0.0  0.1  1324  288 ?        SN   Sep30   0:05 /usr/local/bin/ipaccd
root       204  0.1  0.0  1376  168 ?        S    Sep30   2:54 /usr/sbin/klogd -k /System.map -c 1
root       205  0.2  0.0  1564  224 ?        S    Sep30   6:08 /usr/sbin/syslogd -m 60 -r -a /dev/log -a /var/chroot-ahi/dev/log -a /var/chroot-bind/dev/log -a /var/chroot-dhcpc/dev/log -a /var/chroot-dhcps/dev/log -a /var/chroot-ha/dev/log -a /var/chroot-identd/dev/log -a /var/chroot-ipsec/dev/log -a /var/chroot-pop3/dev/log -a /var/chroot-pppd/dev/log -a /var/chroot-pppoe/dev/log -a /var/chroot-pptp/dev/log -a /var/chroot-pptpc/dev/log -a /var/chroot-smtp/dev/log -a /var/chroot-snmp.mrtg/dev/log -a /var/chroot-socks/dev/log -a /var/chroot-squid/dev/log
root       275  0.0  0.0  2420  144 ?        S    Sep30   0:00 /sbin/sshd -4 -f /etc/sshd_config
root       279  0.0  0.0     0    0 ?        SW   Sep30   0:00 [khubd]
root       309  0.0  0.0  1372  116 ?        S    Sep30   0:00 /usr/sbin/cron
nobody     361  0.0  0.0  2808  232 ?        S    Sep30   0:02 /usr/bin/perl -w /usr/sbin/psd-watch.pl
root       365  0.0  0.0  1732  164 ?        S    Sep30   0:12 /bin/license /etc/wfe/conf/license
root       439  0.7  0.7 17400 1924 ?        S    Sep30  16:57 ./mdw_deamon.pl
root       451  0.0  0.0  6180  208 ?        S    Sep30   0:03 ./aua.bin /etc/wfe/conf/aua_main_config.ini
root       472  0.0  0.0  1288  232 ?        S    Sep30   0:04 /usr/local/bin/daemon-watcher superdaemon.pl /usr/local/bin/superdaemon.pl & 5
root       473  0.0  0.0  1284    4 tty1     S    Sep30   0:00 /sbin/mingetty --no-hostname tty1
root       474  0.0  0.0  1284    4 tty2     S    Sep30   0:00 /sbin/mingetty --no-hostname tty2
root       476  0.5  0.5  5596 1440 ?        S    Sep30  12:07 /usr/local/bin/superdaemon.pl
root       607  0.0  0.0  4804  124 ?        S    Sep30   0:01 /usr/sbin/httpd -f /etc/httpd/httpd.conf
wwwrun     613  0.0  0.0  4748  132 ?        S    Sep30   0:00 [httpd]
root      1046  0.0  0.0  3660    4 ?        S    Sep30   0:06 /usr/sbin/snmpd__
squid     1064  0.0  0.0  2252    0 ?        SW   Sep30   0:00 [sockd]
squid     1074  0.0  0.0  2252    0 ?        SW   Sep30   0:00 [sockd]
squid     1075  0.0  0.0  2276    0 ?        SW   Sep30   0:00 [sockd]
squid     1076  0.0  0.0  2252    0 ?        SW   Sep30   0:00 [sockd]
squid     1077  0.0  0.0  2252    0 ?        SW   Sep30   0:00 [sockd]
squid     1078  0.0  0.0  2252    0 ?        SW   Sep30   0:00 [sockd]
squid     1086  0.0  0.0  2268    0 ?        SW   Sep30   0:00 [sockd]
root      1092  0.0  0.0  3176    4 ?        S    Sep30   0:10 /usr/sbin/named__
squid     1109  0.0  0.0 21576    0 ?        SW   Sep30   0:03 [spamd.exe]
squid     1111  0.0  0.0  3608    0 ?        SW   Sep30   0:00 [exim]
root      1147  0.0  0.0  3708    4 ?        S    Sep30   0:00 /bin/squidf -sYD
squid     1149  0.0  0.8 23548 2264 ?        S    Sep30   1:19 [squidf]
nobody    1151  0.0  0.0  1476    0 ?        SW   Sep30   0:00 [dhttpd]
squid     1153  0.0  0.0  5268   16 ?        S    Sep30   0:21 (urlfilterdrone)
squid     1154  0.0  0.0  5248   16 ?        S    Sep30   0:07 (urlfilterdrone)
squid     1155  0.0  0.0  5248   12 ?        S    Sep30   0:04 (urlfilterdrone)
squid     1156  0.0  0.0  5248   12 ?        S    Sep30   0:02 (urlfilterdrone)
squid     1157  0.0  0.0  5248   12 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1158  0.0  0.0  5248   12 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1159  0.0  0.0  5248   12 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1160  0.0  0.0  5248   12 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1161  0.0  0.0  5248   12 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1162  0.0  0.0  5248   12 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1163  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1164  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1165  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1166  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1167  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1168  0.0  0.0  5248    4 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1169  0.0  0.0  5248    4 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1170  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1171  0.0  0.0  5248    4 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1172  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1173  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1174  0.0  0.0  5028   16 ?        SN   Sep30   0:13 /bin/urlfilter -f -d
squid     1181  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1186  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1192  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1194  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1195  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1211  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1212  0.0  0.0  5056   16 ?        SN   Sep30   0:13 /bin/urlfilter -f -d
squid     1213  0.0  0.0  5040   16 ?        SN   Sep30   0:14 /bin/urlfilter -f -d
squid     1215  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1220  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1221  0.0  0.0  5248    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1222  0.0  0.0  5164    4 ?        S    Sep30   0:00 (urlfilterdrone)
squid     1223  0.0  0.0  5164    0 ?        SW   Sep30   0:00 (urlfilterdrone)
squid     1224  0.0  0.0  1284    0 ?        SW   Sep30   0:00 (aua_auth)
squid     1225  0.0  0.0  1284    0 ?        SW   Sep30   0:00 (aua_auth)
squid     1226  0.0  0.0  1284    0 ?        SW   Sep30   0:00 (aua_auth)
squid     1227  0.0  0.0  1284    0 ?        SW   Sep30   0:00 (aua_auth)
squid     1228  0.0  0.0  1284    0 ?        SW   Sep30   0:00 (aua_auth)
squid     1229  0.0  0.0  1280    4 ?        S    Sep30   0:00 (unlinkd)
root      1242  0.0  0.0  1476    0 ?        SW   Sep30   0:00 /usr/local/sbin/pptpd
root      1482  0.0  0.0  1496  128 ?        S    Sep30   0:47 /usr/local/bin/nacctd
wwwrun    4817  0.0  0.1  5116  340 ?        S    Sep30   0:00 [httpd]
root      5462  0.0  0.0  1684    4 ?        S    Sep30   0:00 /bin/cnotifier /etc/wfe/conf/settings /usr/local/bin/anotifier /var/chroot-squid/var/run/notify /var/run/notify
squid    14333  0.0  0.0  2252    0 ?        SW   Sep30   0:00 [sockd]
root     11036  0.0  0.0  1372    8 ?        S    00:01   0:00 /USR/SBIN/CRON
root     11037  0.0  0.0  2088    8 ?        S    00:01   0:00 /bin/bash /usr/local/bin/log-rotate.sh
root     15215  0.0  0.0  2592    8 ?        SN   00:12   0:00 /usr/bin/perl -w /usr/local/bin/fwlw.pl /var/log/kernel-20030930.gz
root     17353 46.3 89.0 250456 228176 ?     RN   00:17 586:23 /usr/local/bin/fwlogwatch -S -f /var/log/kernel-20030930.gz -P n -b -m 5 -t -e -n -N -p
root     17354  0.0  0.0  2072    4 ?        SN   00:17   0:00 sh -c nice -19  /usr/bin/bzip2 -czq > /var/chroot-report/fwlogwatch/kernel-20030930/Dst_report.bz2
root     17355  0.0  0.0  8692    8 ?        SN   00:17   0:00 /usr/bin/bzip2 -czq
root     25079  0.0  0.0  2096    8 ?        S    03:26   0:00 /bin/bash /sbin/init.d/av-scanner start
root     25080  0.0  0.0  2096    8 ?        S    03:26   0:00 /bin/bash /sbin/init.d/av-scanner start
root     25082  0.0  0.0  2256   20 ?        S    03:26   0:00 /bin/avsocketmultiplexer /var/chroot-smtp/tmp/AvpCtl /var/chroot-smtp /tmp/AvpCtl
root     25083  0.0  0.0  2256    8 ?        S    03:26   0:00 /bin/avsocketmultiplexer /var/chroot-pop3/var/run/AvpCtl /var/chroot-pop3 /tmp/AvpCtl
root     25095  0.0  0.0  6608    4 ?        S    03:26   0:00 ./kavdaemon -Y -dl -WS -F=/usr/lib/kavdaemon/exiscan.prf -f=/tmp -* /var
wwwrun    4432  0.2  0.2 13680  580 ?        D    21:01   0:02 /usr/local/httpd/htdocs/index.fpl
wwwrun    4522  0.0  0.7  5024 1876 ?        S    21:02   0:00 [httpd]
root      4665  0.0  0.0     0    0 ?        Z    21:02   0:00 [aua.bin ]
root      8415  0.0  0.1  5096  476 ?        S    21:15   0:00 sshd: loginuser [priv]
loginuse  8541  0.0  0.2  5028  616 ?        S    21:15   0:00 [sshd]
loginuse  8579  0.0  0.3  2192  796 pts/0    S    21:16   0:00 -bash
root      8634  0.0  0.3  2176  980 pts/0    S    21:16   0:00 -bash
root     10314  0.0  0.0     0    0 ?        Z    21:22   0:00 [cron ]
root     11282  0.0  0.2  2532  740 pts/0    R    21:22   0:00 ps -aux
root     11283  0.0  0.3  2072  852 ?        S    21:22   0:00 sh -c /bin/ps -eo ppid,stat, | /bin/grep 439 | /bin/grep -E  [^ZDT]
root     11284  0.0  0.2  2504  672 ?        R    21:22   0:00 /bin/ps -eo ppid,stat,
root     11285  0.0  0.1  1404  392 ?        S    21:22   0:00 /bin/grep 439
root     11286  0.0  0.1  1396  388 ?        S    21:22   0:00 /bin/grep -E [^ZDT]

Parents

0 helpinghand over 22 years ago

Drop some packets to reduce the size of your kernel-logfile. You should drop broadcasts, Netbios and some other packets that you do not need in your kernel-logfile. After that your kernel-logfile will be small and easy to process by fwlogwatch.

cheers
HelpingHand
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 helpinghand over 22 years ago

Drop some packets to reduce the size of your kernel-logfile. You should drop broadcasts, Netbios and some other packets that you do not need in your kernel-logfile. After that your kernel-logfile will be small and easy to process by fwlogwatch.

cheers
HelpingHand
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data