This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Undo Local Content Cache = MEM Steps

Hi

- Quite sometime ago I followed some command prompts to enable the Astaro to download Local Cache for Content Filering to be stored locally and loaded into RAM.

- Seriously it is GOOD !

- Now I need to Consider to "Undo" the changes because

1) My HP Server has 3GB, now a days it hits about 60% RAM but the SWAP keeps going Higher and Higher to the point it is significantly slow.

I rememeber reading somewhere the Software Version is limited to 1.5GB to force people buy the Appliance thus even if I have 3GB it would not use it.

I did install the 64-BIT version hoping to get it use the addtional ram but it did not.

I do not understand (My ASG is configured to the point I kept it the same for months) but the recent RAM and SWAP usage is forcing me to reboot weekly whereby the RAM hits about 50% and Swap is Zero but it simply grows steadily constantly .

Thus I plan to Undo this Local Cache = MEM to reduce the RAM usage.

2) Another reason to UNDO this specific modification is to prepare my system back to "Standard Configuration" so that I can Upgrade to the upcoming UTM9 in the next few weeks.

Do you all know if this Local Cache is available in UTM 9?

This thread was automatically locked due to age.

0 wingman over 12 years ago

output of /proc/cpuinfo

******:/root # cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 28
model name	: Intel(R) Atom(TM) CPU N450   @ 1.66GHz
stepping	: 10
microcode	: 0x107
cpu MHz		: 1000.000
cache size	: 512 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 1
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl aperfmperf pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm movbe lahf_lm dts
bogomips	: 3333.35
clflush size	: 64
cache_alignment	: 64
address sizes	: 32 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 28
model name	: Intel(R) Atom(TM) CPU N450   @ 1.66GHz
stepping	: 10
microcode	: 0x107
cpu MHz		: 1000.000
cache size	: 512 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 1
apicid		: 1
initial apicid	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl aperfmperf pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm movbe lahf_lm dts
bogomips	: 3333.35
clflush size	: 64
cache_alignment	: 64
address sizes	: 32 bits physical, 48 bits virtual
power management:

will check the case tomorrow and post back [:)]

0 William Warren over 12 years ago

n450 max ram is 2 gig.
ARK | Intel® Atom
Cancel
Vote Up 0 Vote Down

Cancel
0 wingman over 12 years ago in reply to William Warren

n450 max ram is 2 gig.
ARK | Intel® Atom

Thanks Wiliam for checking. I will have to find the root cause of the CPU spikes and high swap/memory

Sent from my iPhone using Astaro.org
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 12 years ago

take http proxy back to none and make sure you are running one snort.
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 12 years ago in reply to trollvottel

While we have a 64bit Kernel available for UTM, for compatibility reasons and porting efforts, all userspace programs are still 32bit at the moment. That means not a single program (e.g. proxy) is able to access more than 4GB, but in sum more than 4GB could be used.

50% swap usage is *no* problem if there still is *free RAM* available. That swapped stuff is accessed very rarely (if at all) and therefore has been swapped 'out if the way'. That's a good thing!

I can confirm UTM has growing swap usage for several days, but at some point the curve becomes more and more flat. This behaviour is the same with other OSes having high uptimes and is no problem at all.

Attached memory usage of my Home-ASG (ASG120 rev.4 upgraded to 2GB RAM & SSD with sc_local_db = disk):

The drops are because of reboots or firmware U2D installs. Give it 2-3 weeks to settle down.

yes it is. no properly tuned linux box should swap 50%. Your performance WILL crater once those files are needed. The number of v9 threads about swapping and the resultant performance hit have slowly been increasing.
Cancel
Vote Up 0 Vote Down

Cancel
0 wingman over 12 years ago
Thanks William. I am only running one instance of snort as per output below

/root # ps aux | grep -i snort
snort 5520 1.7 2.7 386776 55524 ? S
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 12 years ago in reply to wingman
What functions do you use?

I have attached mine (UTM 120 Rev5 with sc_local_db = disk)
I use standard proxy (4 users)
IPS
Wireless (Internal and Guest)
POP3/SMTP/FTP proxy
Application control
Endpoint protection (2 users)
Remote Access
Email Encryption (2 users)

Maybe I need to check whether I should be upgrading the RAM to 4G?

Highest processes CPU/mem

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root     30039  300  0.0   2696   956 ?        R    12:28   0:00      |   \_ ps auxwf
root     25766  2.8 13.8 329740 283452 ?       Ssl  12:04   0:41 /usr/bin/cssd -d
810      28489  6.7 15.2 1070516 312988 ?      Ssl  12:18   0:39 /var/chroot-http/usr/bin/httpproxy -f -c /var/chroot-http -u httppr

wow i'm not sure you can run all of that inside of 2 gigs in v8..you won't be able to do it in v9.  The only thing i could say is put the http database back to none.. make sure you are running only one snort...and then try my vm.swappiness=0 trick.  After that you still might not get everything to fit without massive swappage..at that point your only choice is 4 gigs....which means a new box.

Honestly for anything v8.3 or greater 4 gigs is the best way to go..then you don't have to go through all of these gryations...it's too bad sophos is doing what they are doing because it is a diservice to themselves and their clients.
Cancel
Vote Up 0 Vote Down

Cancel
0 Wolf12 over 12 years ago

is it mybe possibel that the Enpoint Protection need a lot of Power? I have also only a 2GB Atom Computer. The Internet feeling is very bad. Have long Page loads.. now i switch of and on diffrent things to test. Tonight i switch IPS off and the Endpoint. I have 3 Clients with Firewall Http Proxy with difrent Profiles..for  my Son. Antivirus and Spy ware are running.
fw01:/root # free
             total       used       free     shared    buffers     cached
Mem:       2047480    1463960     583520          0      92352     524236
-/+ buffers/cache:     847372    1200108
Swap:      1048572       9572    1039000

login as: root
Authenticating with public key "rsa-key-20121126"
Passphrase for key "rsa-key-20121126":
Last login: Tue Nov 27 21:34:10 2012 from 192.168.178.10

Sophos UTM
(C) Copyrights by Astaro and by others 2000-2012.
For more copyright information look at /doc/astaro-license.txt
or http://www.astaro.com/doc/astaro-license.txt

NOTE: Any modifications done by root will void your support.
      Please use WebAdmin for any configuration changes.

fw01:/root # free
             total       used       free     shared    buffers     cached
Mem:       2047480    1463960     583520          0      92352     524236
-/+ buffers/cache:     847372    1200108
Swap:      1048572       9572    1039000
fw01:/root #
fw01:/root #
fw01:/root # fw01:/root # free
-bash: fw01:/root: No such file or directory
fw01:/root #              total       used       free     shared    buffers     cached
-bash: total: command not found
fw01:/root # Mem:       2047480    1463960     583520          0      92352     524236
-bash: Mem:: command not found
fw01:/root # -/+ buffers/cache:     847372    1200108
-bash: -/+: No such file or directory
fw01:/root # Swap:      1048572       9572    1039000
-bash: Swap:: command not found
fw01:/root # top
top - 22:42:12 up 1 day,  1:11,  1 user,  load average: 1.11, 1.03, 0.88
Tasks: 144 total,   1 running, 141 sleeping,   0 stopped,   2 zombie
Cpu(s):  6.9%us,  1.6%sy,  0.0%ni, 90.5%id,  0.6%wa,  0.0%hi,  0.5%si,  0.0%st
Mem:   2047480k total,  1466208k used,   581272k free,    92936k buffers
Swap:  1048572k total,     9572k used,  1039000k free,   525252k cached

  PID USER      PR  NI  VIRT  RES  SHR S   %CPU %MEM    TIME+  COMMAND
16126 root      20   0     0    0    0 Z     19  0.0   0:00.57 confd.p
4191 root      20   0  9968 7640 1956 S      3  0.4   2:02.88 dns-resolver.pl
4664 httpprox  20   0 1233m 306m  12m S      2 15.3   9:40.03 httpproxy
3827 root      20   0 11528 9636 2460 S      2  0.5  21:42.82 selfmonng.plx
15819 root      20   0 47268  32m 2148 S      2  1.6   0:06.27 confd.plx
15816 wwwrun    20   0 56576  52m 7456 S      1  2.7   0:14.41 webadmin.plx
15989 postgres  20   0 49296 4816 3564 S      1  0.2   0:00.41 postgres
2814 root      20   0  7300 3284 1700 S      1  0.2   2:20.85 syslog-ng
16079 root      20   0  2680 1172  868 R      1  0.1   0:00.28 top
22697 root      20   0 13436  11m 2832 S      1  0.6   1:24.67 websec-reporter
3438 root      20   0 44876  28m 1348 S      0  1.4   0:17.98 confd.plx
4197 root      20   0  7160 5124 1760 S      0  0.3   0:28.95 named
4549 root      19  -1  4408 1828 1112 S      0  0.1   1:12.33 ulogd
4551 postgres  20   0 49684 7824 6376 S      0  0.4   1:36.98 postgres
5004 root      20   0 30784  22m 2612 S      0  1.1   5:07.98 smtpd.bin
15814 wwwrun    20   0  8928 3668 2156 S      0  0.2   0:00.17 httpd
    1 root      20   0  1896  556  520 S      0  0.0   0:02.14 init
Cancel
Vote Up 0 Vote Down

Cancel