Just in the past probably two weeks, the memory, CPU usage, and disk activity
on my server have sky rocketed. My average memory usage has gone from
around 500MB to nearly 1.5GB! The CPU usage has gone from one or two
percent to nearly 20%. The disk activity has gone from nil to 2800 on the
I've had efw 2.2r3 running for 2 months for a customer that
has about 30 users. The cpu use in those two months averages
about 3.4%
The script for rrdfix.sh is pretty simple, and seems to
mainly being trying to delete files associated with system
graphs:
#!/bin/sh
DIRS=/var/log/rrd/ /var/ntop/
That should be a fine cpu for ewf.
I have no files in /var/ntop/rrd/flows/
Open rrdfix.sh with an editor. Is it the same as mine?
Try these commands:
cd /var/ntop/rrd
ls -al
total 20
drwxr-xr-x 5 ntop ntop 4096 Oct 14 08:01 .
drwxr-xr-x 4 ntop ntop 4096 Nov 27 16:51 ..
drwx-- 2 ntop
This is the contents so it appears to be:
#!/bin/sh
DIRS=/var/log/rrd/ /var/ntop/
rm /home/httpd/html/graphs/*.png /dev/null
find $DIRS -name *.rrd | \
while read F; do
NOW=$(date +%s)
LAST=$(rrdtool last $F)
if [ $LAST -gt $NOW ]; then
echo rrd file $F contains
Are there files in files in /var/ntop/rrd/flows/ ?
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is
This is all that is in there:
[EMAIL PROTECTED]:/var/ntop/rrd/flows # ls
Host Last Seen ICMP Watch NetFlow PDA Remote Round-Robin Databases
compdoc wrote:
Are there files in files in /var/ntop/rrd/flows/ ?
I don't understand that. I have nothing in there. What are
those directories?
Have you installed any rpms? Maybe you have something
enabled in efw that I don't, which causes those to be
created...
-Original Message-
From: danodemano [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
Nope, I don't have any RPMs installed at allthough I do have some of the
plugins for ntop enabled.
This is what is in them:
[EMAIL PROTECTED]:/var/ntop/rrd/flows/Host Last Seen # ls
bytes.rrd packets.rrd
(nothing in ICMP Watch)
(nothing in NetFlow)
(nothing in PDA)
(Nothing in Remote)
Well, I'm guessing those plugins you've enabled have created
those directories.
It sounds like rrdfix is trying to delete those directories,
but not being able to.
Can you tell ntop to place those files somewhere else?
-
Not that I am aware of but since I had really just enabled them because I
could, I just shut them all off and removed those directories myself as
root. I rebooted the box to make sure that everything was take care of.
As soon as rrdfix.sh fires back up, my CPU and memory usage still jump back
The other main command in rrdfix.sh is:
find $DIRS -name *.rrd
When I run that command by hand, I get the stuff listed
below. Do you have other directories or files than that
showing up?
./var/log/rrd/cpu.rrd
./var/log/rrd/mem.rrd
./var/log/rrd/disk.rrd
./var/log/rrd/GREEN.rrd
LOL, I think maybe we've found the problem.running that command took a
FULL minute listing out what I can only guess is tens of thousands of
files
Most of them looks like this:
/var/ntop/rrd/interfaces/br0/hosts/145/24/143/222/pktSent.rrd
The permissions are as such:
[EMAIL PROTECTED]:/var/ntop/rrd/flows # ls -al
total 8
drwx-- 2 ntop ntop 4096 Dec 3 12:17 .
drwxr-xr-x 5 ntop ntop 4096 Nov 15 14:10 ..
I'm not really sure how to resolve it honestlyI'm sure that there would
be an easy way to fix it all and wipe all those
How's this look?
We'll create a backup to our current directory so if things blow up we
can put them back:
tar zcvf rrd_files.tar.gz `find $DIRS -name *.rrd`
One we've got that we'll remove them:
find $DIRS -name *.rrd | xargs rm
Michael J. Knisely
-Original Message-
From: danodemano
Well, that isn't the info for the directories you deleted,
so it's not useful.
How about the ownership of the other directories:
/var/ntop/rrd/interfaces/br0/hosts
/var/ntop/rrd/interfaces/br0/hosts/145
/var/ntop/rrd/interfaces/br0/hosts/145/24/143
Etc?
All rrdfix.sh wants to do is delete all
Just one quick question:
When enabling a proxy, the firewall will create the proper rules.
I've noticed on 2.2 that the rules for SIPROXDPORTFW have nothing at all
in them.
Could this be because the outgoing firewall is disabled at this time?
If not, is anyone else using 2.2 with siproxd and
LOL, well it would have worked greatexcept for this:
-bash: /bin/tar: Argument list too long
Any way around this??
compdoc, ntop is the owner on all files and folders.
Mike Knisely wrote:
How's this look?
We'll create a backup to our current directory so if things blow up we
can
I'm sure you are all tired of hearing from me today, but I had one more
little problem. Sometime this morning, I noticed that I could no longer
access a web site on my server that is NATed behind my Endian box. The
server is up and there is a port forward set up, but I still get this when I
try
In the spirit of finding an answer... I went to one of the oldest
crustiest Linux guy I know. Here's this thought:
Here's what I'd try:
find $DIRS -name *.rrd | xargs tar cvzf rrd_files.tar.gz find $DIRS
-name *.rrd | xargs rm
So, we're creating the list and feeding it into xargs. Xargs will
I actually ended up just TARing the whole directorywhich took somewhere
around 20 minutes to do (and spiked the load average out to around 2.5).
Yes, I know, I took the easy way outI can hear the booing from the
crowd. I figured that it made it not only easier to tar, but also easier to
HA! What!?!? You don't want to hose a production box? ;0) Where the
adventurous spirit?
Mike K.
-Original Message-
From: danodemano [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2008 4:14 PM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] rrdfix.sh VERY high CPU
Here's another response from my Old Crusty Linux guy:
###
Here's a better answer (one that accounts for spaces in file names):
find $DIRS -name *.rrd -print0 | xargs -0 tar cvzf rrd_files.tar.gz
find $DIRS -name *.rrd -print0 | xargs -0 rm
###
Mike
-Original Message-
Hi, just wondering if anyone has info on this... I am looking at offering a
commercial managed service to one of my customers, and would like to use EFW
Community as part of the solution, running on my hardware.
1. Are there any licensing issues with this? the Snort ruleset is about the
only
23 matches
Mail list logo
