Hello, I have one Astaro, running ASG v7.403. It's a normal desktop-pc with a Pentium 4 (3,2 GHz), and 3 GB RAM (currently, about 35% RAM in use). (single harddrive, no RAID) It never swaps. Nevertheless, it looks like it's sometimes overloaded. Occasionally, I get the message Do you want the current request to be aborted? When that happens, the WebAdmin shows a cpu-load of more than 90%. I started an ssh-session and launched "atop". Which sometimes shows the CPU-loads in red. Here's an overview of the configuration: This machine has been running since 2005 (or longer) 5 physical network interfaces almost no remote users (only admins) normally not more than 2 admins logged in at the same time. 988 host definitions, 245 service definitions 161 packet filter rules 2 active Masquerading rules, 31 active NAT rules IPS active with 4140 of 7059 patterns Watching 1 local network with about 250 nodes Anti-DoS/Flooding active: "Use TCP SYN Flood Protection" only Anti-Portscan active, action: drop traffic, limit logging 11 HTTP Servers, 3 DNS server and 3 SMTP servers registered under IPS / Advanced No modified IPS rules SMTP proxy active, but no anti-virus or anti-spam. All mails (if any) are cached and forwarded to another machine for filtering. Normally, the dashboard shows: "0 emails processed". Web proxy active. 7 HTTP/S profiles + default profile VoIP and IM/P2P-Security is off. 3 IPSec Site2site VPN-connections, no SSL Site2site-VPN 171 local users (used mainly for PPTP-VPN); normally never more than 5 concurrent PPTP-connections IPSec VPN, OpenVPN and PPTP deamon log are transmitted to remote syslog server Statistics for today shows: (it's 16:25 now, working hours are almost over for most employees) 53 600 packets filtered 4 100 URLs filtered; 287 475 http-requests served today Is that too much for this machine? What could I do to substantially reduce the load on the server? I have 75 packet filter rules for the VPN-users to make sure they can only reach those machines which are needed. Of course, everything else is blocked. Would it help to create some groups under Users / Groups and use these groups for the packet filter rules? I estimate that I could reduce the 75 rules to 25. If anybody has some more ideas, I'd really appreciate that. Would it help to replace the normal harddrive with a RAID 0? Or do I need a faster server? Hon.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[ASG 7.304] Timeouts in Webadmin; machine overloaded?

Hello,

I have one Astaro, running ASG v7.403. It's a normal desktop-pc with a Pentium 4 (3,2 GHz), and 3 GB RAM (currently, about 35% RAM in use). (single harddrive, no RAID) It never swaps. Nevertheless, it looks like it's sometimes overloaded.
Occasionally, I get the message

Do you want the current request to be aborted?

When that happens, the WebAdmin shows a cpu-load of more than 90%.
I started an ssh-session and launched "atop". Which sometimes shows the CPU-loads in red.

Here's an overview of the configuration:

This machine has been running since 2005 (or longer)
5 physical network interfaces
almost no remote users (only admins) normally not more than 2 admins logged in at the same time.
988 host definitions, 245 service definitions
161 packet filter rules
2 active Masquerading rules, 31 active NAT rules
IPS active with 4140 of 7059 patterns
Watching 1 local network with about 250 nodes
Anti-DoS/Flooding active: "Use TCP SYN Flood Protection" only
Anti-Portscan active, action: drop traffic, limit logging
11 HTTP Servers, 3 DNS server and 3 SMTP servers registered under IPS / Advanced
No modified IPS rules

SMTP proxy active, but no anti-virus or anti-spam. All mails (if any) are cached and forwarded to another machine for filtering. Normally, the dashboard shows: "0 emails processed".
Web proxy active. 7 HTTP/S profiles + default profile
VoIP and IM/P2P-Security is off.
3 IPSec Site2site VPN-connections, no SSL Site2site-VPN
171 local users (used mainly for PPTP-VPN); normally never more than 5 concurrent PPTP-connections
IPSec VPN, OpenVPN and PPTP deamon log are transmitted to remote syslog server

Statistics for today shows: (it's 16:25 now, working hours are almost over for most employees)

53 600 packets filtered
4 100 URLs filtered; 287 475 http-requests served today

Is that too much for this machine?
What could I do to substantially reduce the load on the server?
I have 75 packet filter rules for the VPN-users to make sure they can only reach those machines which are needed. Of course, everything else is blocked. Would it help to create some groups under Users / Groups and use these groups for the packet filter rules? I estimate that I could reduce the 75 rules to 25.

If anybody has some more ideas, I'd really appreciate that.
Would it help to replace the normal harddrive with a RAID 0?
Or do I need a faster server?

Hon.

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

On the 'Global' tab of 'Intrusion Protection' what do you have in 'Local networks'?

The next time you get a heavy load, SSH into the box, run top and touch M

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 thtran over 16 years ago in reply to BAlfson

On the 'Global' tab of 'Intrusion Protection' what do you have in 'Local networks'?

The next time you get a heavy load, SSH into the box, run top and touch M

I just learned something new! [[;)]] In top, you can type "O" (capital o) to get a "sort-order-menu". Then type "k" + [Return] to sort by cpu-usage. But that's the default sort order anyway, so there's no need to do that [[;)]]
Well, "M" + "
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to thtran

It doesn't seem possible that the CPU load was caused by what you did two hours earlier. I'll be interested to learn what Astaro says is the fix for this.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 thtran over 16 years ago in reply to BAlfson
Update: I've found something else: Uptime of this machine is 8 days. I started top and sorted by CPU-time. It says:
660:06 mdw_daemon.plx
92:52 acc-agent.plx
81:06 dns-resolver.pl
57:30 snort_inline
47:14 confd.plx
44:20 aua_edirsync.pl
29:49 selfmonng.plx
19:34 syslog-ng
18:59 ulogd
12:21 confd.plx
11:10 httpproxy

I'll contact our Astaro-support. But I'd appreciate if some other Astaro-admins told me how much CPU-time your Astaros are using for "mdw_daemon.plx" and how many definitions you have.

Hon.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 16 years ago in reply to thtran

7.402, up 13 days, not many definitions, not using proxies except SOCKS, LOTS of P2P traffic:
649:37.64 afcd
311:48.95 snort_inline
135:30.79 selfmonng.plx
35:31.98 ulogd
32:08.89 smtpd.bin
12:39.13 dns-resolver.pl
9:18.73 postgres
...
0:47.69 mdw_daemon.plx

CPU is 1.6GHz single core Atom with HT on.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 16 years ago in reply to thtran

7.402, up 13 days, not many definitions, not using proxies except SOCKS, LOTS of P2P traffic:
649:37.64 afcd
311:48.95 snort_inline
135:30.79 selfmonng.plx
35:31.98 ulogd
32:08.89 smtpd.bin
12:39.13 dns-resolver.pl
9:18.73 postgres
...
0:47.69 mdw_daemon.plx

CPU is 1.6GHz single core Atom with HT on.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data