:> :I'm sure by now Matt is gonna kill me. :)
:> :
:> :-current from 2 days ago.
:...
:
:> netstat -m -M vmcore.XX -N kernel.XX
:>
:
:1014/2144 mbufs in use:
: 714 mbufs allocated to data
: 300 mbufs allocated to packet headers
:638/1324/1536 mbuf clusters in use (current/peak/max)
:2916 Kbytes allocated to network (48% in use)
:0 requests for memory denied
:0 requests for memory delayed
:0 calls to protocol drain routines
:
:What does this tell you?
:
:Kevin
It tells me your userbase is out of control :-) From the looks
of it, hundreds of cron jobs are starting up simultaniously
and overloading some system resource.
I would also recommend:
vmstat -m -M vmcore.XX -N kernel.XX
It is possible that the machine was attacked from the outside since you
are allowing eggdrops to be run. An IP spoofing attack can eat a
considerable amount of KVM due to temporary routes and, in fact, run
it out, leaving no memory left for mbufs. If so, this will show up
in the vmstat.
A quick side note on eggdrops: We allowed them at BEST.COM, but
after four years our machines and networks were getting attacked
virtually every day by IRC bozos. Also, the users who tend to run
eggdrops also tend to be stupid - often logging in from compromised
machines, so we also had a huge problem with these user's accounts being
compromised. We eventually gave up and banned bots entirely. Things have
been a whole lot quieter since.
Another thing you can do in regards to the cron jobs is go through
all your user's crons, many of which are probably running bot check
scripts every 10 minutes, and adjust them to run only once an hour,
plus scramble the 'minute' so they do not all run simultaniously.
I've seen IRC bozos setup cron jobs that run botcheck once a minute.
We gave them one warning, and if they did not heed it we kicked them off.
-Matt
Matthew Dillon
<dil...@backplane.com>
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-current" in the body of the message
