Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 3 subscribers
  • Views 10388 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CPU Spike every 12 hours

Gnome
I have been running my Sophos UTM for a couple of months now and all seems to be working fine with one exception, every 12 hours (06:40 and 18:40) my CPU spikes to 100% with the consequence being that during this period the UTM does not allow any traffic through (see attached graphs).

I have looked through the system logs and the only thing that seems to correspond to these times is the cron job for "adbs-maintenance.plx", I believe that this is related to the reporting system but I  do not know how to diagnose further.  Any guidance would be appreciated.

Regards

Gnome

Firmware Version:  9.109-1
Memory: 2GBytes
Hardware: HP ProLiant G7 N54L 2.2GHz MicroServer


This thread was automatically locked due to age.
  • 0
    Hi, Gnome, glad to see you participating on the User BB!

    In 'Management >> Up2Date', what do you have configured for 'Pattern download/installation interval'?  If it's "Every 12 hours," do those spikes correspond to installations of new Avira patterns (Up2Date log)?  I started a thread about this issue: https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/29268

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I originally had those at 12 hours but as the issue got more intrusive I changed them, they are now at:

    Firmware download interval: 4 hours
    Pattern download/installation interval: 6 hours

    I set them with these times so that if either was causing the problem I would see the patten in the CPU profile, but no change, the problem is still at 12 hour invervals.

    Regards

      Gnome
  • 0
    Database is scheduled to housekeep at 06:40 and 18:40. It is a ram intensive process if your database is huge. As you found Swap spikes during that period

    You may try to reduce time period of reporting data in "Reporting Settings" to 1 week. 

    Regards,
    Siu
  • 0 in reply to siuswat
    Growing reporting files would explain why the problem has been getting progressively worse.  My Firewall and Web Filtering logs are the large ones (arround 20 to 30Meg a day) so I will experiment with those.

    I guess my other option is putting in some more RAM.

    Regards

    Gnome
  • 0
    Hi Gnome,

    Much of the reporting is based on the accounting system and not on the logs.

    Did you see the comment above about reducing the reporting time period?

    Barry
  • 0
    On the "Logging & Reporting -> Reporting Settings -> Settings" I have now reduced the Time period for the Firewall and Web protection (they were 3 months, I have set them to 1 month each).

    Is it those settings tht were being refered to ?

    Regards

    Gnome
  • 0
    At one client site, I had to disable all reporting as it appears that there's  glitch with pngquant.  It's apparently fixed in V9.2, but I don't know that it will get into 9.1.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Spike looks to have been aleviated a bit by reducing the Firewall and Web protection to 1 month but not been elliminated, so will reduce to 2 weeks.

    Any know when 9.2 is going to be out for home use ?

    Regards

    Gnome
  • 0
    9.2 is already soft-released (that means you can download it and then manually upload it to the UTM).

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Cookie Information Banner