From owner-freebsd-questions@FreeBSD.ORG Wed Oct 21 14:58:35 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FD9C106566C for ; Wed, 21 Oct 2009 14:58:35 +0000 (UTC) (envelope-from paul.halliday@gmail.com) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.210.171]) by mx1.freebsd.org (Postfix) with ESMTP id BDFBE8FC18 for ; Wed, 21 Oct 2009 14:58:34 +0000 (UTC) Received: by yxe1 with SMTP id 1so5984520yxe.3 for ; Wed, 21 Oct 2009 07:58:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=vOs9sEk7gk/s+rhDQAN8w8AKp7Z0kFomgwShRZJHcMU=; b=Q6JuwA3nksobeKnIb3EhgKwcAY3R9hIpJaoFytE8SUDKuWZEx75OImiaKVrWTraRhr R9TrfCOPu0CUf4JF3EWPdYndpWLwxG3bPB8+nVvyE/VGhMgjE/e4cSpDFQGHgDDxbr// P9DxoRIKdmVqfK3dbuMKVWNc4nid5U4Ytoslc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=YDKLImfNL+ybNabXzLEP6Jiz8rZhEjJkiQDjWX3Z9AjIxL4j9EqLFkl7uWBz/2Zw+6 yMaOWlutNptAxKiRZ8vzRp3MhJUAA6ymxyEYhCcq565Y4QFiJxTD6RFwi4af3ARULFJR sRaC3saot3AyvyHeIaVkRW3FxtaTdKvuvEQlM= MIME-Version: 1.0 Received: by 10.150.183.4 with SMTP id g4mr13265459ybf.313.1256137114097; Wed, 21 Oct 2009 07:58:34 -0700 (PDT) Date: Wed, 21 Oct 2009 11:58:34 -0300 Message-ID: <2dab70a30910210758q616eb1e6sb42d5405f0ec9d1f@mail.gmail.com> From: Paul Halliday To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: Looking for troubleshooting tips. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2009 14:58:35 -0000 I use Freebsd as the base for my network monitoring sensors. These machines run a netflow probe, act as a netflow collector and spool full content data from a snort process FIFO that is bound to a span port. During peak hours this can be 100MB saturated, its connected to a GB intel NIC on the box (there is a separate uplink). In the background numerous little scripts run to produce summary data. The basic template for these systems has been the same for the past 4 years and things have worked great. Recently, one of these machines started to become a little laggy and I can't seem to identify the issue. This system has always seen a lot of packet loss, I expect this though as it is a busy site but this has never affected its performance. Can an overloaded NIC cause serious performance issues like those I am seeing? This is a recent top: last pid: 98870; load averages: 1.54, 1.41, 1.31 up 1+01:57:10 11:50:24 142 processes: 2 running, 139 sleeping, 1 zombie CPU states: 30.9% user, 0.0% nice, 15.0% system, 1.7% interrupt, 52.4% idle Mem: 450M Active, 328M Inact, 168M Wired, 33M Cache, 110M Buf, 3700K Free Swap: 2048M Total, 5112K Used, 2043M Free 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 To be honest, I don't know which counters are important. Is there anything specific I should be concentrating on to determine the cause? Thanks.