|
Background:
Conserve mode occurs when memory utilization exceeds the configured value under set memory-use-threshold-red 88, typically caused by insufficient memory capacity, unintended software behaviors, or memory-intensive processes. Long-term monitoring of memory consumption trends is essential for identifying memory leaks and preventing conserve mode activation
For more information, see Technical Tip: Memory Management: A Long-Term Strategy to Prevent Conserve Mode.
Fortinet identified a memory leak in the NODE on versions 7.4.8 and 7.6.3 that can be identified through regular monitoring using these commands:
Identifying the Memory Leak Pattern:
Step 1: Monitor process memory consumption.
F2 # diag sys top-mem 5
node (2093): 328733kB <----- Increases.
wad (2198): 192759kB
wad (2199): 106893kB
ipsengine (2445): 97662kB
ipsengine (2444): 95252kB
Top-5 memory used: 821299kB
Step 2: Check overall memory utilization.
F2 # get sys performance status | grep Mem
Memory: 4041524k total, 2511412k used (62.1%), 1065808k free (26.4%), 464304k freeable (11.5%) ß Total utilization increases
If memory increases consistently over time (several days), it is likely that a memory leak pattern has been identified.
Contributing Factors:
External management tools such as security fabric, FortiManager etc, that query the FortiGate can trigger increased node process activity.
Workaround:
Restart the NODE process. Follow these steps to do so:
- Identify the process ID. This information can be viewed with the following command:
F2 #diagnose sys process pidof node
2093
Or it can be viewed with this command:
F2 # diag sys top-mem 5
node (2093) 328733kB
- Restart the process with the following parameter:
F2 # diag sys kill 11 2093
This temporarily resolves the memory leak by releasing the memory that was held by the process.
|
