Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dilian_Chernev
Collaborator
Jump to solution

Strange processes in R80.10 GW

Hi, 

I saw these processes eating my CPU, but didn't have idea what they are doing on the GW:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5215 admin 25 0 660 180 144 R 94 0.0 20198:16 /bin/cat /dev/urandom
5216 admin 18 0 1592 432 360 S 4 0.0 778:04.27 /usr/bin/tr -dc a-zA-Z0-9
5217 admin 18 0 1580 432 360 S 3 0.0 414:26.27 /usr/bin/fold -w 32

It seems they are working since from the installation. 

I made clean install of R80.10 GW 9 days ago and patched to Take 15.

Do you have any idea what these processes are doing?

Thanks

1 Solution

Accepted Solutions
Dilian_Chernev
Collaborator

Thanks Tim, Andrej

Here is the pstree

It seems that scrubd is responsible for these processes, and scrubd is related to Threat Extraction blade. 

There is sk118353 which describes how to deal with this issue and solves my problem.

 

Thanks to Bogdan Tatomir for sharing resolution in this thread : https://community.checkpoint.com/thread/5144-r8010-threat-extraction-high-cpu-usage 

BR,

Dilian

View solution in original post

4 Replies
Timothy_Hall
Champion
Champion

Need to see the Parent Process ID (PPID) of those strange processes to help figure out what they are, easiest way is to post output of command "pstree".

Or you can run "ps -ef", the first number shown is Process ID, second number shown is Parent Process ID (PPID).  Once you have PPID of the mysterious process try "ps -ef | grep PPID", then look at the parent process ID of that process, rinse, repeat...

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Andrejs__Андрей
Contributor

or use other keys for ps command:

ps axwf -o pid,comm

--

ak.

0 Kudos
Dilian_Chernev
Collaborator

Thanks Tim, Andrej

Here is the pstree

It seems that scrubd is responsible for these processes, and scrubd is related to Threat Extraction blade. 

There is sk118353 which describes how to deal with this issue and solves my problem.

 

Thanks to Bogdan Tatomir for sharing resolution in this thread : https://community.checkpoint.com/thread/5144-r8010-threat-extraction-high-cpu-usage 

BR,

Dilian

Andrejs__Андрей
Contributor

Thank You, Dilian!

excellent work!

--

ak.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events