PDA

View Full Version : Memory leak



huynq
2011-02-09, 22:40
I have a UTM 572 box with 1GB memory.
It used to be normal with free real memory keep up at approximative 500 MB.

Then from SmartDashboard, I create some user authenticated via TACACS+ server.
After that, the real memory consumption increases regularly everyday. Sometimes it increase with a large amount unexpectedly.
And the free real memory is 300 MB after two weeks.

May my new configuration (user authentication) cause the issue? How can I solve the issue?
Pls help me. Thanks

ShadowPeak.com
2011-02-09, 23:06
Where are you seeing that the free real memory is 300MB? In the SmartView Monitor? You'll need to run a "free -m" from a firewall command prompt in expert mode to get a better look at what is really going on. Check this post out for an explanation of the output:

http://www.cpug.org/forums/check-point-utm-1-appliances/14819-utm-free-memory.html#post65132

huynq
2011-02-10, 00:47
I saw that in SmartView Monitor.

Pls see the output of my "free -m" command:

total used free shared buffers cached
Mem: 1001 967 33 0 163 106
-/+ buffers/cache: 698 303
Swap: 2047 440 1606

So what happened to my system?

ShadowPeak.com
2011-02-10, 01:42
698MB of your core RAM is in use for execution, 303MB is in use for caching. Normally this would be considered OK, however you are 440MB into swap space which is not the end of the world but will impact your performance. Look at the output of "ps -auxw" run on the firewall in expert mode, what are the 5 processes with the largest VSZ values and what are the VSZ amounts for those processes?

huynq
2011-02-10, 03:49
Hi ShadowPeak,

I used "ps -auxw", then 5 processes with the largest VSZ are:
%MEM VSZ COMMAND
43.1 12116320 fwm
0.8 455972 /opt/CPrt-R70/Database/bin/mysqld --default-file=/opt/CPrt-R70/Dat
5.2 393568 fwd
5.6 188940 cpd
3.0 187708 in.asessiond 0

Pls continue to help me.

ShadowPeak.com
2011-02-10, 12:37
Looks like fwm is consuming almost half of all virtual memory. What is the uptime of the system and firewall version? Exit all Smartconsole applications and kill fwm with this command:

cpwd_admin stop -name FWM -path "$FWDIR/bin/fwm" -command "fwm"

Make sure it is dead (kill -9 it if you have to) and restart it by issuing this command:

cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"

Then check the memory usage again with free -m and ps -aux. Not necessarily a memory leak in fwm but the amount of memory it is using is awfully high.

huynq
2011-02-10, 21:32
The uptime is 31 days, and firewall version is R70 HFA_10, Hotfix 610.

But I don't understand why the memory consumption increase abnormal.

May you guide me to find out the cause ?

Thank you so much.

ShadowPeak.com
2011-02-10, 21:37
See if fwm is spewing any errors in $FWDIR/log/fwm.elg on the Security Management Server. Beyond that it is hard to tell what fwm is using all that memory for without getting Check Point support involved.

huynq
2011-02-10, 22:42
I see some error messages in $FWD/log/fwm.elg:

Security Management Server is running
cpfile_copy: failed to open /opt/CPsuite-R70/fw1/conf/fwauthsav.NDB: No such file or directory
cpfile_rename: failed to move /opt/CPsuite-R70/fw1/conf/fwauthsav.NDB to /opt/CPsuite-R70/fw1/conf/fwauth.NDB: No such file or directory
ClearTable: Failed to get container
ClearTable: Failed to get container

I am the beginner using Check Point product.
May you help me to explain that ? Thanks.

ShadowPeak.com
2011-02-11, 11:51
None of those messages appear to be significant. You'll need to open a case with Check Point support.

huynq
2011-02-13, 01:27
Thanks a lot. I'll do it.

RobertD
2011-09-08, 14:58
Hi. Check if you got coreXL enabeled together with QoS.
This is not supported and will cause memory leakage.

RobertD

serlud
2011-09-09, 12:47
Hi. Check if you got coreXL enabeled together with QoS.
This is not supported and will cause memory leakage.

RobertD

CoreXL on single Celeron 1500Mhz ? Seems to be not possible..

Regarding Memory Leak - It is very common CP issue, will be improved with any HFA ..but .. no success till now.
That is why we are using Open Server with 4Gb (since 2008) or more RAM - we should not reboot or restart our FWs every 30 days..