=========================================
There already were some posts on this topic:
- http://forums.untangle.com/hardware/...g-up-fast.html
-http://forums.untangle.com/feedback/...-since-v9.html
-http://forums.untangle.com/installat...d-80-free.html
- http://forums.untangle.com/web-filte...d-x-got-y.html
I decided to start new one with vital information in the topic
I'm not quite sure is it right forum for this topic, if no please move it.
=========================================
In my UT 9.02 I have also encountered the problem of rapid grow disk usage and sometimes also high CPU usage.
In my case the source was not Captive Portal, since It concerns UT9.1.
It came up it is from log files in /var/log/uvm:
nodes.log and node-4.log
Size of those files rising quick and stabilizes at about 22 gigs each !!!
Writing that amount of data consumes lot of CPU power.
As discovered by Merome in http://forums.untangle.com/web-filte...d-x-got-y.html, problematic event in the logs is:
It came up, that the source of the problem is option:Feb 3 08:41:52 localhost node-4: [HttpParser] <TCP125314711> WARN HttpParser server-side expected: 0 got: 72
Config => System => Protocol Settings => Http => Non Http Blocking, which I recently switched to “Stop non-Http traffic to travel over port 80.”
To be sure, I deleted the nodes.log and node-4.log (for clean start) and turn this option on and off several time.
When it is set to “Allow” (default position), that event comes up from time to time in bunch of aprox. 20 lines in few secs.
- Everything looks fine.
But, when switched to “Stop” - nightmare starts.
I thing it also starts from time to time, but the amount of events is overwhelming. I'll give an example:
Time => Line number in log file.
08:41:49 => 1109
08:41:50 => 4003
08:41:51 => 6782
08:41:52 => 8477
That gives over 2400 of lines “Feb 3 HH:MM:SS localhost node-4: [HttpParser] <TCP125314711> WARN HttpParser server-side expected: XX got: YY” per second !!!
On the forum I found that patch:
http://wiki.untangle.com/index.php/9...sive_logrotate
But I don't know it will solve the problem.
I think, best option would be stop logging that warning, is it possible ?
My UT config is:
- UT ver 9.02 in router mode,
- modules running: all free modules,
- approx 15 computers connected in one time.