南京环境：TSGX设备Firewall占用内存高，频繁触发OOM

ID	Creation Date	Assignee	Status
OMPUB-1194	2024-03-24T22:03:29.000+0800	刘学利	已解决

时间 ** 2024-03-25
故障描述 ** 现象：Firewall启动后占用内存上升，直至触发OOM，可持续运行的时间从30分钟到1小时不等 ** 范围：全部已部署的TSGX设备（8台） ** 原因：初步排查为dns业务命中后的日志缓存逻辑，具体原因待定位
临时解决方案 ** 关闭已部署的TSGX设备上的DNS decoder *** tsg-os-cli关闭liuxueli commented on 2024-03-25T00:15:05.217+0800:
问题原因：dns命中策略后缓存transaction较多导致内存占用极高
12.3已hoxfix，运行一晚上观察内存使用情况。

gitlab commented on 2024-03-25T10:44:23.999+0800:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|03b7f9b002] of [TSG Appliance / firewall|https://git.mesalab.cn/tango/firewall] on branch [bugfix-memory-high-usage-OMPUB-1194|https://git.mesalab.cn/tango/firewall/-/tree/bugfix-memory-high-usage-OMPUB-1194]:{quote}OMPUB-1194: Only cache transactions until the end of the stream when the deny rule is hit{quote}

gitlab commented on 2024-03-25T15:15:31.804+0800:

gitlab commented on 2024-03-25T15:16:20.742+0800:

gitlab commented on 2024-03-25T15:34:07.949+0800:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|c31108f762] of [TSG Appliance / firewall|https://git.mesalab.cn/tango/firewall]:{quote}OMPUB-1194: Only cache transactions until the end of the stream when the deny rule is hit{quote}

Attachments