Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Strange processes in R80.10 GW

Jump to solution

Hi, 

I saw these processes eating my CPU, but didn't have idea what they are doing on the GW:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5215 admin 25 0 660 180 144 R 94 0.0 20198:16 /bin/cat /dev/urandom
5216 admin 18 0 1592 432 360 S 4 0.0 778:04.27 /usr/bin/tr -dc a-zA-Z0-9
5217 admin 18 0 1580 432 360 S 3 0.0 414:26.27 /usr/bin/fold -w 32

It seems they are working since from the installation. 

I made clean install of R80.10 GW 9 days ago and patched to Take 15.

Do you have any idea what these processes are doing?

Thanks

1 Solution

Accepted Solutions
Highlighted

Re: Strange processes in R80.10 GW

Jump to solution

Thanks Tim, Andrej

Here is the pstree

It seems that scrubd is responsible for these processes, and scrubd is related to Threat Extraction blade. 

There is sk118353 which describes how to deal with this issue and solves my problem.

 

Thanks to Bogdan Tatomir for sharing resolution in this thread : https://community.checkpoint.com/thread/5144-r8010-threat-extraction-high-cpu-usage 

BR,

Dilian

View solution in original post

4 Replies
Highlighted

Re: Strange processes in R80.10 GW

Jump to solution

Need to see the Parent Process ID (PPID) of those strange processes to help figure out what they are, easiest way is to post output of command "pstree".

Or you can run "ps -ef", the first number shown is Process ID, second number shown is Parent Process ID (PPID).  Once you have PPID of the mysterious process try "ps -ef | grep PPID", then look at the parent process ID of that process, rinse, repeat...

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted

Re: Strange processes in R80.10 GW

Jump to solution

or use other keys for ps command:

ps axwf -o pid,comm

--

ak.

0 Kudos
Highlighted

Re: Strange processes in R80.10 GW

Jump to solution

Thanks Tim, Andrej

Here is the pstree

It seems that scrubd is responsible for these processes, and scrubd is related to Threat Extraction blade. 

There is sk118353 which describes how to deal with this issue and solves my problem.

 

Thanks to Bogdan Tatomir for sharing resolution in this thread : https://community.checkpoint.com/thread/5144-r8010-threat-extraction-high-cpu-usage 

BR,

Dilian

View solution in original post

Highlighted

Re: Strange processes in R80.10 GW

Jump to solution

Thank You, Dilian!

excellent work!

--

ak.

0 Kudos