pfilter-reporte is chewing up 100% of cpu for long periods of time resulting in system loads hovering between 1-4. Even as root in console this process won't go away.
William, are you using any of the p2p monitoring/helpers? I have a feeling, but I can't prove it that they go a little wild every so often. My ASG runs with some sort of load (above normal) for a couple of days, then 90-100% cpu and talks to nothing and nothing is logged.
Makes it very hard to report problems in this forum and ask for help.
Do you have a lot of bandwith consumption and a lot of dropped packets? Can you please check how many packets are dropped by minute/hour? What hardware and which ASG version do you use?
I just found out that the IPS portscan setting did the damage. It was due to skype application installed on some of the company workstations. Uninstalled skype and problem resolved
I've also noticed the following: For each node violating the IPS filters (skype traffic example) the Astaro consumes about 20%-25% of its CPU load on a P4 2.8 HT PC with 1GB RAM. This is making me pretty nervous on how to present the solution to the board of directors under stress testing as I have already bought the software [:(]
I've also noticed the following: For each node violating the IPS filters (skype traffic example) the Astaro consumes about 20%-25% of its CPU load on a P4 2.8 HT PC with 1GB RAM.
I'd still prefer a more precise metric measurement, like in "with 10.000 dropped packets per minute my machine runs with a load of X, and the process list looks like Z".
Two people here having that problem so far, neither coming up with machine/network specs or data which would be useful in spotting the possible problem, so how do you expect us to address this issue? From the data I was given I'd assume that your hardware is underpowered, so it might be better to use another product if you want to stick with that hardware.
Does the term underpowered refer to a p4 based systems these gentlemen
are having issues with. I would say that is more than enough firepower.
Maybe some other config or something else is the issue. But, Andreas would
like more tech info than. Andreas what kind of comment is this:
"so it might be better to use another product if you want to stick with that hardware"
Two people here having that problem so far, neither coming up with machine/network specs or data which would be useful in spotting the possible problem, so how do you expect us to address this issue? From the data I was given I'd assume that your hardware is underpowered, so it might be better to use another product if you want to stick with that hardware.
Regards, andreas
What an arrogant statement. The issue is clearly notated inside my post. The specs of the machine are in my signature. You know i tried really hard to give astaro the benefit of the doubt after the v5 fiasco but it appears astaro has only continued the downward trend. Guess what? I have all of the basic functionality with ipcop, cop+ and copfilter that i would have with astaro. It's free, it's not a beta masked as a commercial release, and furthermore IT ACTUALLY WORKS RIGHT! It also doesn't require a p-4 3ghz and a gigabyte of ram to run sufficiently. You just lost one customer here for good and i will use whatever vineyards i have to make sure nobody else makes the mistake of using such a product backed by such a company as Astaro.
Good Day.
p.s. if you delete this post feel free as it's being posted on my blog along with the entire thread
i had the same problems on my V7 (i think it was 6.9*) and i saw the same process "pfilter-reporte" eating up all my cpu.
But, my hardware IS to slow. I use a 1Ghz Esther-Cpu with 512MB Ram. With PPPOE, 5 packet-filter-rules, 2 NAT-rules, 2 site2site-tunnels and only a little traffic.
With IPS (server-rules disabled), portscan-detection and anti-dos i had exactly the same problems. From time to time my ASG just freezed and was not accessible for about 15 minutes.
