Perfect, could do the same bit when you are in top hit the key “c” that will develop the processes behind the perl process.
Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Feb 1, 2024, at 1:28 PM, David Moore <dave.mo...@outlook.com> wrote: > > <image.png> > > The perl process comes and goes, it will show up at the top between 60-90+ > percent and then disappear > > > From: Zammit, Ludovic > Sent: Thursday, February 1, 2024 1:15 PM > To: David Moore > Cc: PacketFence-users > Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage > question > > Hello David, > > Can you show the output of the top command and show it here? > > Thanks > > Ludovic Zammit > Product Support Engineer Principal Lead > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4olNaxh4$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4N72Q2c0$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4M8K_2u8$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SK8ElMqBa22TwKyQnwTbNdGwtIvgKEXNCqU5VeejryhIzb0uJ_hSGRidiZ-op74mQ2Gn61OyvbQ4xCiMhuA$> > > On Jan 29, 2024, at 5:49 PM, David Moore <dave.mo...@outlook.com> wrote: > > 13.0, before that I'm not sure, but it was 12.x > > Get Outlook for Android > <https://urldefense.com/v3/__https://aka.ms/AAb9ysg__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKtBonPiU$> > > From: Zammit, Ludovic <luza...@akamai.com> > Sent: Monday, January 29, 2024 4:27:55 PM > To: PacketFence-users <packetfence-users@lists.sourceforge.net> > Cc: David Moore <dave.mo...@outlook.com> > Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage > question > > Hello David, > > What was the previous PF version before the upgrade? > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal Lead > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK0citiyA$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKmB9CJFY$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK82QPJ78$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKcEpHcjA$> > > On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > I recently upgraded to PF 13.1 and have had a few issues, most of which I > have been able to resolve. The only lingering issue I'm aware of is with IP > Tables, but I'm not positive it's something to be concerned about because PF > is working. > > My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of > RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 > nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD > devices) memory and disk space are fine but the CPU is constantly at 5Ghz of > consumption (is that normal for the processor?) > > Please see the details from packetfence.log and from systemctl status > packetfence-iptables below: > > packetfence.log: > Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: > [mac:[undef]] getting security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) INFO: > [mac:[undef]] processed 0 security_events during security_event maintenance > (1706193787.30847 1706193787.36479) > (pf::security_event::security_event_maintenance) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing > iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using > IPSET (pf::ipset::iptables_generate) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing iptables > (pf::ipset::iptables_flush_mangle) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward > rules to allow connections to the OAuth2 Providers and passthrough. > (pf::iptables::generate_passthrough_rules) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based > passthrough forconnectivitycheck.gstatic.com > <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$> > (pf::iptables::generate_passthrough_rules) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT > Masquerade statement. (pf::iptables::generate_passthrough_rules) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring > iptables from /usr/local/pf/var/conf/iptables.conf > (pf::iptables::iptables_restore) > Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: Problem trying to > run command: LANG=C /sbin/iptables-restore < > /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child > exited with non-zero value 2 (pf::util::pf_run) > Jan 25 09:44:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(19) INFO: > [mac:[undef]] processed 0 security_events during security_event maintenance > (1706193846.10912 1706193846.12021) > (pf::security_event::security_event_maintenance) > Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: > [mac:[undef]] Using 300 resolution threshold > (pf::pfcron::task::cluster_check::run) > Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: > [mac:[undef]] getting security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: > [mac:[undef]] All cluster members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: saving existing > iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: We are using > IPSET (pf::ipset::iptables_generate) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: flushing iptables > (pf::ipset::iptables_flush_mangle) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding Forward > rules to allow connections to the OAuth2 Providers and passthrough. > (pf::iptables::generate_passthrough_rules) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding IP based > passthrough forconnectivitycheck.gstatic.com > <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$> > (pf::iptables::generate_passthrough_rules) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding NAT > Masquerade statement. (pf::iptables::generate_passthrough_rules) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: restoring > iptables from /usr/local/pf/var/conf/iptables.conf > (pf::iptables::iptables_restore) > Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: Problem trying to > run command: LANG=C /sbin/iptables-restore < > /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child > exited with non-zero value 2 (pf::util::pf_run) > Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: > [mac:[undef]] processed 0 security_events during security_event maintenance > (1706193906.17069 1706193906.18816) > (pf::security_event::security_event_maintenance) > Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(12) INFO: > [mac:[undef]] getting security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: > [mac:[undef]] Using 300 resolution threshold > (pf::pfcron::task::cluster_check::run) > Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: > [mac:[undef]] All cluster members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Jan 25 09:45:16 fence packetfence[562283]: -e(562283) INFO: saving existing > iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) > Jan 25 09:45:16 fence packetfence[562283]: -e(562283) WARN: We are using > IPSET (pf::ipset::iptables_generate) > Jan 25 09:45:16 fence packetfence[562283]: -e(562283) INFO: flushing iptables > (pf::ipset::iptables_flush_mangle) > Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding Forward > rules to allow connections to the OAuth2 Providers and passthrough. > (pf::iptables::generate_passthrough_rules) > Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding IP based > passthrough forconnectivitycheck.gstatic.com > <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$> > (pf::iptables::generate_passthrough_rules) > Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding NAT > Masquerade statement. (pf::iptables::generate_passthrough_rules) > Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: restoring > iptables from /usr/local/pf/var/conf/iptables.conf > (pf::iptables::iptables_restore) > Jan 25 09:45:17 fence packetfence[562283]: -e(562283) WARN: Problem trying to > run command: LANG=C /sbin/iptables-restore < > /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child > exited with non-zero value 2 (pf::util::pf_run) > Jan 25 09:46:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: > [mac:[undef]] processed 0 security_events during security_event maintenance > (1706193966.18047 1706193966.2038) > (pf::security_event::security_event_maintenance) > Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: > [mac:[undef]] getting security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(16) INFO: > [mac:[undef]] Using 300 resolution threshold > (pf::pfcron::task::cluster_check::run) > Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(16) INFO: > [mac:[undef]] All cluster members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Jan 25 09:46:17 fence packetfence[562283]: -e(562283) INFO: saving existing > iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) > > > systemctl status packetfence-iptables: > ● packetfence-iptables.service - PacketFence Iptables configuration > Loaded: loaded (/lib/systemd/system/packetfence-iptables.service; > enabled; vendor preset: enabled) > Active: active (running) since Wed 2024-01-24 14:15:55 EST; 1h 17min ago > Main PID: 562283 (perl) > Tasks: 1 (limit: 38474) > Memory: 188.3M > CPU: 46.312s > CGroup: /packetfence.slice/packetfence-iptables.service > └─562283 /usr/bin/perl -I/usr/local/pf/lib > -I/usr/local/pf/lib_perl/lib/perl5 -Mpf::db -Mpf::services::manager::iptables > -e my $db ; while(!$db) { eval { $db = db_ping() } ; sleep 1 } ; > pf::services::manager::iptables->new()->startAndCheck() > > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > sudo[752059]: pam_unix(sudo:session): session closed for user root > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > sudo[752062]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/ipset --add > pfsession_passthrough 172.217.13.99,443 > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > sudo[752062]: pam_unix(sudo:session): session opened for user root(uid=0) by > (uid=0) > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > sudo[752062]: pam_unix(sudo:session): session closed for user root > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > packetfence[562283]: -e(562283) INFO: Adding NAT Masquerade statement. > (pf::iptables::generate_passthrough_rules) > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > packetfence[562283]: -e(562283) INFO: restoring iptables from > /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > perl[752066]: iptables-restore v1.8.7 (nf_tables): invalid port/service > `%%httpd_collector_port%%' specified > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > perl[752066]: Error occurred at line: 62 > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > perl[752066]: Try `iptables-restore -h' or 'iptables-restore --help' for > more information. > Jan 24 15:33:11 fence.sixmoore.com > <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> > packetfence[562283]: -e(562283) WARN: Problem trying to run command: LANG=C > /sbin/iptables-restore < /usr/local/pf/var/conf/iptables.conf called from > iptables_restore. Child exited with non-zero value 2 (pf::util::pf_run) > > I looked at the /usr/local/pf/var/conf/iptables.conf file and line 62 reads: > -A input-management-if --protocol tcp --match tcp --dport > %%httpd_collector_port%% --jump ACCEPT > > > Thanks > Dave > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!W7iDMR4-NGQYg2tqf9z2ToridNJj_dYDYn6ZAwKwbiwCtAc3O0rHn0tkPtUi9_h6LVad5cCvHyzMhFsldRoPu-QPOgTOHIeR8hJNXQ$
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
