So many cpguard-job-logs::fetchlogs processes running

IPDB and Logging 

cPGuard has many components with logs enabled and IPDB is one of them. When you choose to enable IPDB logs, we will utilize the Syslog facility of iptables/ipset and write all attack blocks to the system log file in the specific format. This logs are useful to monitor the rate of attacks, IPs, etc IPDB are blocking and thus taking actions against specific IP blocks or countries.

To fetch, store and display these logs, we have an internal process running which is ‘cpguard-job-logs::fetchlogs’ . Ths collects many other logs as well but the major entries it collects is the IPDB logs from the system log file.

One of the disadvantages of this kind of logging on busy servers or servers that gets a lot of attack blocks in IPDB is that the system has to deal with thousands of log write and read. The count increases based on the rate of attack, and if it goes up to tens of thousands and if your disk cannot handle them…it may cause a disk IO spike, fetchlog processes will queue up and may cause some system load. 

So what we recommend you is  to disable IPDB logging option on such servers…that will silently drop attacks from all known IPs and protect your system even without logging.

How to fix so many cpguard-job-logs::fetchlogs processes running issue?

1. Initially, you need to disable IPDB logging to stop writing IPDB IP block logs. You can use the following command to disable IPDB logs

You can also do the same from UI ..go to Settings >> Security Tools >> Switch off “Enable IPDB Logging “.

2. Kill all existing processes which are stuck due to disk IO using the following command.

This will fix the job-logs::fetchlogs issues….please note that you should not disable IPDB as it is an important module for server protection. You only need to disable IPDB logging and let IPDB to block attacks without log.

Please feel free to contact support if you need any assistance related to this.