cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Strange processes in R80.10 GW

Jump to solution

Hi, 

I saw these processes eating my CPU, but didn't have idea what they are doing on the GW:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5215 admin 25 0 660 180 144 R 94 0.0 20198:16 /bin/cat /dev/urandom
5216 admin 18 0 1592 432 360 S 4 0.0 778:04.27 /usr/bin/tr -dc a-zA-Z0-9
5217 admin 18 0 1580 432 360 S 3 0.0 414:26.27 /usr/bin/fold -w 32

It seems they are working since from the installation. 

I made clean install of R80.10 GW 9 days ago and patched to Take 15.

Do you have any idea what these processes are doing?

Thanks

1 Solution

Accepted Solutions

Re: Strange processes in R80.10 GW

Jump to solution

Thanks Tim, Andrej

Here is the pstree

It seems that scrubd is responsible for these processes, and scrubd is related to Threat Extraction blade. 

There is sk118353 which describes how to deal with this issue and solves my problem.

 

Thanks to Bogdan Tatomir for sharing resolution in this thread : https://community.checkpoint.com/thread/5144-r8010-threat-extraction-high-cpu-usage 

BR,

Dilian

4 Replies

Re: Strange processes in R80.10 GW

Jump to solution

Need to see the Parent Process ID (PPID) of those strange processes to help figure out what they are, easiest way is to post output of command "pstree".

Or you can run "ps -ef", the first number shown is Process ID, second number shown is Parent Process ID (PPID).  Once you have PPID of the mysterious process try "ps -ef | grep PPID", then look at the parent process ID of that process, rinse, repeat...

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Strange processes in R80.10 GW

Jump to solution

or use other keys for ps command:

ps axwf -o pid,comm

--

ak.

0 Kudos

Re: Strange processes in R80.10 GW

Jump to solution

Thanks Tim, Andrej

Here is the pstree

It seems that scrubd is responsible for these processes, and scrubd is related to Threat Extraction blade. 

There is sk118353 which describes how to deal with this issue and solves my problem.

 

Thanks to Bogdan Tatomir for sharing resolution in this thread : https://community.checkpoint.com/thread/5144-r8010-threat-extraction-high-cpu-usage 

BR,

Dilian

Re: Strange processes in R80.10 GW

Jump to solution

Thank You, Dilian!

excellent work!

--

ak.

0 Kudos