SRX Services Gateway
Highlighted
SRX Services Gateway

idle

‎07-10-2019 04:17 AM

Hi all,

I am trying to understand about why output of >sh chassis routing-engine on 650srx is strange? Please see attachment...

multiple times I checked "idle" is ziro percent. why?

Attachments

17 REPLIES 17
Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:22 AM

Hi, 

 

This means the RE CPU is 100% in use and no CPU cycle is available for other processes.

 

To further troubleshoot it, please share "show system processes extensive" output from the device.

 

Thanks

Shina

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:22 AM

Hi Arix,

 

This indicates that some process is utilizing the CPU cycles. Can you share the output of "show system processes extensive | no-more".

 

Regards,

Pradeep.

 

 

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:23 AM

It means that RE CPU utilization is 100%. Please check which process is utilizing more  CPU using below commands:

show system process extensive

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:26 AM

Also share the output of top -H

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:27 AM

start shell

top -H

 

Regards,

Pradeep.

Highlighted
SRX Services Gateway

Re: idle

[ Edited ]
‎07-10-2019 04:29 AM

attached.

Attachments

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:32 AM

process eventd seems to be running high at 74%.

 

This process handles the events on the Juniper device itself which includes:

  • Storing internal syslog messages
  • Sending syslog messages to another system
  • Sending/responding to SNMP traps/polls
  • Sampling handling
  • Traceoptions handling

If this is running high check if any of the above are turned on a little too high. Perhaps too many traceoptions are on, or too much sampling is turned on. Try turning these off and see if the CPU goes back to normal.

There are two modes for syslogs, event and stream. Perhaps changing it to stream will reduce the CPU utilization.

 

Regards,

Pradeep.

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:54 AM

Hi Arix,

 

There are 2 major reason I have seen "eventd" and "rtlogd" high on a branch device.

 

1. External syslog configured with log level as "any any" and not in stream mode i.e. logging via RE.

 Also sometimes multiple syslog configured with same settings

Ex.
set groups node0 system syslog host x.x.x.x any any set groups node0 system syslog host x.x.x.x authorization any set groups node0 system syslog host x.x.x.x security any set groups node0 system syslog host x.x.x.x firewall any

2. Security Policies configured for log level "session-init" and "session-close"

Ex.
set security policies from-zone A to-zone B policy abc then log session-init set security policies from-zone A to-zone B policy abc then log session-close set security policies from-zone A to-zone B policy defaultLog then log session-init set security policies from-zone A to-zone B policy defaultLog then log session-close
...

Try to,

 

deactivate the syslog for testing

remove session-init/session-close from a policy used very often or atleast remove session-init

 

-Rahul

Regards,
Rahul
Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 04:55 AM

No any  traceoption is turned on.

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 05:02 AM

There is no any any but

set groups sys system syslog user * any emergency
set groups sys system syslog host x.x.x.x any emergency
set groups sys system syslog host x.x.x.x authorization info
set groups sys system syslog host x.x.x.x firewall any
set groups sys system syslog host x.x.x.x interactive-commands info

Highlighted
SRX Services Gateway

Re: idle

‎07-10-2019 05:23 AM

Hi Arix,

 

I would suggest to configure logging in stream mode. Event mode is the one by default. When the logging mode is set to stream, security logs generated in the data plane are streamed out a revenue traffic port directly to a remote server. 

 

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-stream-s...

 

Hope this helps.

 

Regards,

Pradeep.

Highlighted
SRX Services Gateway

Re: idle

‎07-11-2019 04:48 AM

globally disabling whole syslog didn't make a different, result is the same... Any other ideas please?

Highlighted
SRX Services Gateway

Re: idle

‎07-11-2019 04:58 AM

Hi Arix,

 

Do you see a differnce in the utilization?

#1 Assist to gather "show system process extensive | except 0.0" to check for any changes to the contributors?

 

#2 Do you see any specific log in messages "show log messages | last 50 " ?

 

-Rahul

Regards,
Rahul
Highlighted
SRX Services Gateway

Re: idle

‎07-11-2019 05:04 AM
eventd is responsible for logging. Normally this process utilization goes high when excessive policy logging is enabled. Please disable policy logging (session-init and close) for top 10 policies and check the status.
show security policies hit-count descending
Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: idle

[ Edited ]
‎07-13-2019 07:20 AM

Arix,

I have checked the attached image and I can see that Routing Engine CPU is High. That's the reason youre using Idle value as zero.

 

Also, it seems like Users are utilizing 88% of the CPU. So, could you please type the below commands and logout other users except you.

 

user@host> show system users

user@host> request system logout user <user-name>


 



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: idle

‎07-13-2019 08:31 AM

Hi Arix,

 

If you have globally disabled syslog, can you please provide the outputs of 'show system syslog', 'show security log' and 'show groups' on here?

 

I suspect that the 'log mode' under security is still event.

Also, what is the route to your host servers?

 

Cheers

Pooja

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

Highlighted
SRX Services Gateway

Re: idle

‎07-22-2019 02:34 PM

Arix,

 

Eventd could also indicate you have some scripting events enabled as well.  Could you please look under [event-options] and check if there are any?  If so, could you try deactivating it?

 

Regards,

Dion

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback