Skip to main content
dan
dan
Explorer II
December 10, 2021
Solved

Restarting httpsd without knowing PID?

  • December 10, 2021
  • 4 replies
  • 13781 views

Just looking through the 6.4.8 Known Issues and found this:

721487

FortiGate often enters conserve mode due to high memory usage by httpsd process.

 

This seems to be similar to the WAD issue:

712584

WAD memory leak causes device to go into conserve mode.

 

I have a (sad) workaround for the WAD issue by regularily issuing diagnose test application wad 99 with auto-script.

 

However, there is no similar way for the httpsd.

It looks like I'd need to ssh into the box and first identify the httpsd PID with diagnose system top and afterwards issue diag sys kill 11 <process-Id>

 

  • Is there a better, automated way?
  • When there is no active Web-GUI session, is httpsd restarted?
  • In your experience, when does the httpsd high memory usage comes up?

 

Conserve mode scares me off, since I already had twice to drive to client locations to get an FG-60 and an FG-61 working again.

 

Thanks

Daniel

Best answer by pavankr5

Hello @dan,

 

Please check this article on Technical-Tip-How-to-restart-kill-all-processes
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-restart-kill-all-processes-with-fnsysctl/ta-p/194434
let us know if this helps 

Thanks,

Pavan

4 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
December 10, 2021

Fortunately I didn't have to do this for quite some time but "fnsysctl killall" still seems to work according to this post.
https://github.com/bluecmd/fortigate_exporter/issues/62

 

Toshi

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    December 12, 2021

    Sadly, one FG-200E has had exactly the same memory leak issue running on v6.2.9 a couple of weeks ago.

     

    What I did (from advice from TAC supporter) was write a script with "fnsysctl killall httpsd" and create an automation stitch which was triggered by the even "enter conserve mode". Worked like a charm - the instant the log message was written, the script ran and reduce memory usage by 40%.

    (The ultimate fix was to upgrade to v6.4.8. Good that I didn't know about the "Known issue" you cited.)

     

    config system automation-trigger
       edit "enter_conserve_mode"
          set event-type low-memory
       next
    end

    config system automation-action
       edit "release_memory"
          set action-type cli-script
          set required enable
          set script "fnsysctl killall httpsd"
          set accprofile "super_admin"
       next
       edit "auto_high_memory_email"
          set action-type email
          set email-to "monitor@mysite.de"
          set email-subject "myFGT: stitch alert: conserve mode"
       next
    end

    config system automation-stitch
       edit "auto_high_memory"
          set trigger "enter_conserve_mode"
          set action "release_memory" "auto_high_memory_email"
       next
    end

     

    dan
    danAuthor
    Explorer II
    December 12, 2021

    Thanks to @ede_pfau  and @Toshi_Esumi . I will try fnsysctl killall httpsd.

    It did not show any effect while manually testing, but I believe I will implement the given script. 

    Better sure than sorry..

    Dan

     

    pavankr5
    Staff
    pavankr5Answer
    Staff
    August 15, 2023

    Hello @dan,

     

    Please check this article on Technical-Tip-How-to-restart-kill-all-processes
    https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-restart-kill-all-processes-with-fnsysctl/ta-p/194434
    let us know if this helps 

    Thanks,

    Pavan

      Terms & ConditionsAccessibility statement