Load average élevé et traffic faible

le Jeu Déc 27, 2007 21:50

Bonjour,

j'ai une dédibox sous ubuntu (Apache 2, PHP5 et Mysql), et assez régulireement machine est quasiment inaccessible (http, ssh).
Je n'ai qu'un seul site dessus, qui ne fait que 200 VU jours.

Et pourtant j'ai souvent un gros load average :

Code: Tout sélectionner: uptime : 21:19:28 up 27 days, 22:27, 1 user, load average: 13.18, 11.62, 5.12 Je ne sais pas trop d'ou cela vient (j ai viré tous les scripts Cron). Mes scripts sont optimisés (requêtes, cache, etc...) et les connexions à la bd sont toujours bien fermées. la conf d'apache 2 : Code: ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # #<IfModule !mpm_winnt.c> #<IfModule !mpm_netware.c> LockFile /var/lock/apache2/accept.lock #</IfModule> #</IfModule> # # PidFile: The file in which the server should record its process # identification number when it starts. # PidFile /var/run/apache2.pid # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive Off # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves #<IfModule mpm_prefork_module> # StartServers 10 # MinSpareServers 10 # MaxSpareServers 20 # MaxClients 250 # MaxRequestsPerChild 3000 #</IfModule> <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 30 MaxClients 50 MaxRequestsPerChild 0 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_worker_module> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> User www-data Group www-data # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> TypesConfig /etc/mime.types # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog /var/log/apache2/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include /etc/apache2/mods-enabled/*.load Include /etc/apache2/mods-enabled/*.conf # Include all the user configurations: Include /etc/apache2/httpd.conf # Include ports listing Include /etc/apache2/ports.conf # Include generic snippets of statements Include /etc/apache2/conf.d/ # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minor | Minimal | Major | Prod # where Full conveys the most information, and Prod the least. # ServerTokens Full # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # ServerSignature On <IfModule alias_module> # # Aliases: Add here as many aliases as you need (with no limit). The format is # Alias fakename realname # # Note that if you include a trailing / on fakename then the server will # require it to be present in the URL. So "/icons" isn't aliased in this # example, only "/icons/". If the fakename is slash-terminated, then the # realname must also be slash terminated, and if the fakename omits the # trailing slash, the realname must also omit it. # # We include the /icons/ alias for FancyIndexed directory listings. If # you do not use FancyIndexing, you may comment this out. # Alias /icons/ "/usr/share/apache2/icons/" <Directory "/usr/share/apache2/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> </IfModule> # # Directives controlling the display of server-generated directory listings. # <IfModule mod_autoindex.c> # # IndexOptions: Controls the appearance of server-generated directory # listings. # IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* # # AddIcon* directives tell the server which icon to show for different # files or filename extensions. These are only displayed for # FancyIndexed directories. # AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ # # DefaultIcon is which icon to show for files which do not have an icon # explicitly set. # DefaultIcon /icons/unknown.gif # # AddDescription allows you to place a short description after a file in # server-generated indexes. These are only displayed for FancyIndexed # directories. # Format: AddDescription "description" filename # #AddDescription "GZIP compressed document" .gz #AddDescription "tar archive" .tar #AddDescription "GZIP compressed tar archive" .tgz # # ReadmeName is the name of the README file the server will look for by # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to # directory indexes. ReadmeName README.html HeaderName HEADER.html # # IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted. # IndexIgnore .??* *~ *# RCS CVS *,v *,t </IfModule> <IfModule mod_mime.c> # # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # #AddType application/x-gzip .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # Despite the name similarity, the following Add* directives have # nothing to do with the FancyIndexing customization directives above. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # DefaultLanguage and AddLanguage allows you to specify the language of # a document. You can then use content negotiation to give a browser a # file in a language the user can understand. # # Specify a default language. This means that all data # going out without a specific language tag (see below) will # be marked with this one. You probably do NOT want to set # this unless you are sure it is correct for all cases. # # * It is generally better to not mark a page as # * being a certain language than marking it with the wrong # * language! # # DefaultLanguage nl # # Note 1: The suffix does not have to be the same as the language # keyword --- those with documents in Polish (whose net-standard # language code is pl) may wish to use "AddLanguage pl .po" to # avoid the ambiguity with the common suffix for perl scripts. # # Note 2: The example entries below illustrate that in some cases # the two character 'Language' abbreviation is not identical to # the two character 'Country' code for its country, # E.g. 'Danmark/dk' versus 'Danish/da'. # # Note 3: In the case of 'ltz' we violate the RFC by using a three char # specifier. There is 'work in progress' to fix this and get # the reference data for rfc1766 cleaned up. # # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) # Norwegian (no) - Polish (pl) - Portugese (pt) # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) # AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw </IfModule> <IfModule mod_negotiation.c> # # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # # ForceLanguagePriority allows you to serve a result page rather than # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) # [in case no accepted languages matched the available variants] # ForceLanguagePriority Prefer Fallback </IfModule> <IfModule mod_mime.c> # # Specify a default charset for all pages sent out. This is # always a good idea and opens the door for future internationalisation # of your web site, should you ever want it. Specifying it as # a default does little harm; as the standard dictates that a page # is in iso-8859-1 (latin1) unless specified otherwise i.e. you # are merely stating the obvious. There are also some security # reasons in browsers, related to javascript and URL parsing # which encourage you to always set a default char set. # #AddDefaultCharset ISO-8859-1 # # Commonly used filename extensions to character sets. You probably # want to avoid clashes with the language extensions, unless you # are good at carefully testing your setup after each change. # See http://www.iana.org/assignments/character-sets for the # official list of charset names and their respective RFCs. # AddCharset us-ascii .ascii .us-ascii AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen AddCharset ISO-8859-3 .iso8859-3 .latin3 AddCharset ISO-8859-4 .iso8859-4 .latin4 AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru AddCharset ISO-8859-6 .iso8859-6 .arb .arabic AddCharset ISO-8859-7 .iso8859-7 .grk .greek AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk AddCharset ISO-8859-10 .iso8859-10 .latin6 AddCharset ISO-8859-13 .iso8859-13 AddCharset ISO-8859-14 .iso8859-14 .latin8 AddCharset ISO-8859-15 .iso8859-15 .latin9 AddCharset ISO-8859-16 .iso8859-16 .latin10 AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5 .Big5 .big5 .b5 AddCharset cn-Big5 .cn-big5 # For russian, more than one charset is used (depends on client, mostly): AddCharset WINDOWS-1251 .cp-1251 .win-1251 AddCharset CP866 .cp866 AddCharset KOI8 .koi8 AddCharset KOI8-E .koi8-e AddCharset KOI8-r .koi8-r .koi8-ru AddCharset KOI8-U .koi8-u AddCharset KOI8-ru .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-7 .utf7 AddCharset UTF-8 .utf8 AddCharset UTF-16 .utf16 AddCharset UTF-16BE .utf16be AddCharset UTF-16LE .utf16le AddCharset UTF-32 .utf32 AddCharset UTF-32BE .utf32be AddCharset UTF-32LE .utf32le AddCharset euc-cn .euc-cn AddCharset euc-gb .euc-gb AddCharset euc-jp .euc-jp AddCharset euc-kr .euc-kr #Not sure how euc-tw got in - IANA doesn't list it??? AddCharset EUC-TW .euc-tw AddCharset gb2312 .gb2312 .gb AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 AddCharset shift_jis .shift_jis .sjis # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi # # For files that include their own HTTP headers: # #AddHandler send-as-is asis # # For server-parsed imagemap files: # #AddHandler imap-file map # # For type maps (negotiated resources): # (This is enabled by default to allow the Apache "It Worked" page # to be distributed in multiple languages.) # AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> # # Action lets you define media types that will execute a script whenever # a matching file is called. This eliminates the need for repeated URL # pathnames for oft-used CGI file processors. # Format: Action media/type /cgi-script/location # Format: Action handler-name /cgi-script/location # # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html # # # Putting this all together, we can internationalize error responses. # # We use Alias to redirect any /error/HTTP_<error>.html.var response to # our collection of by-error message multi-language collections. We use # includes to substitute the appropriate text. # # You can modify the messages' appearance without changing any of the # default HTTP_<error>.html.var files by adding the line: # # Alias /error/include/ "/your/include/path/" # # which allows you to create your own set of files by starting with the # /usr/share/apache2/error/include/ files and copying them to /your/include/path/, # even on a per-VirtualHost basis. The default include files will display # your Apache version number and your ServerAdmin email address regardless # of the setting of ServerSignature. # # The internationalized error documents require mod_alias, mod_include # and mod_negotiation. To activate them, uncomment the following 30 lines. # Alias /error/ "/usr/share/apache2/error/" # # <Directory "/usr/share/apache2/error"> # AllowOverride None # Options IncludesNoExec # AddOutputFilter Includes html # AddHandler type-map var # Order allow,deny # Allow from all # LanguagePriority en cs de es fr it nl sv pt-br ro # ForceLanguagePriority Prefer Fallback # </Directory> # # ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var # ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var # ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var # ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var # ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var # ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var # ErrorDocument 410 /error/HTTP_GONE.html.var # ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var # ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var # ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var # ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var # ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var # ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var # ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var # ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var # ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var # ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var <IfModule mod_setenvif.c> # # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully </IfModule> <IfModule mod_status.c> # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Change the ".example.com" to match your domain to enable. <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location> ExtendedStatus On </IfModule> #<IfModule mod_info.c> # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # Change the ".example.com" to match your domain to enable. # #<Location /server-info> # SetHandler server-info # Order deny,allow # Deny from all # Allow from .example.com #</Location> #</IfModule> <Location /> SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary </Location> # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ AddDefaultCharset ISO-8859-1 DefaultLanguage fr ServerSignature Off ServerTokens Prod <Directory /var/www/phpmyadmin> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> <Directory /var/www/touteslesmiss> Options -Indexes </Directory> NameVirtualHost *:80 <VirtualHost *:80> ServerName www.touteslesmiss.com ServerAlias touteslesmiss.com *.touteslesmiss.com DocumentRoot /var/www/touteslesmiss ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/touteslesmiss.log combined </VirtualHost>

J'ai touché au mpm_prefork_module en changeant les valeurs, mais cela n'a pas l'air d'avoir changé grand chose.
Comment determiner lors des pics de load average les processus qui bouffent "tout" ?

Merci pour le coup de main.

le Jeu Déc 27, 2007 22:07

Il faut que tu regardes tes logs : log mail, apache pour s'assurer qu'il n'y a pas d'activité suspecte

Ton formulaire de contact est sécurisé ?

ps -aux pour voir tous les processus

le Jeu Déc 27, 2007 22:10

Je me demande si je n'ai pas des DDOS attack par hasard :

Code: Tout sélectionner: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n 1 Address 1 servers) 1 81.50.137.15 1 88.164.208.169 2 80.8.204.33 31 41.204.103.182 127 89.159.91.205

127 fois l'ip 89.159.91.205... louche non ?

mahefarivony > pas facile de faire un ps -aux au bon moment... pour les logs mails je ne sais pas, il y en a du monde dans /var/log/mail.log. Il y aurait-il une commande permettant d'analyser cela rapidement ?

le Jeu Déc 27, 2007 22:24

salut,

j'ai eu un probleme similaire. j'ai désactivé APC (cache php) et tout a bien fonctionné, j'ai bien sûr réactivé APC pour voir et bing load average de 200 parfoit.
J'ai donc par la suite installé eaccelerator (à la place de APC, faut le desinstaller avt) et depuis aucun probleme de load average.

j'avais lu que APC pouvait causer des problemes avec php5.

je ne sais pas si ça peut t'aider mais ça ne coute rien d'essayer.
olive

le Jeu Déc 27, 2007 22:30

Justement je n'ai pas APC mais eAccelerator...

le Jeu Déc 27, 2007 22:44

link182 a écrit:... pour les logs mails je ne sais pas, il y en a du monde dans /var/log/mail.log. Il y aurait-il une commande permettant d'analyser cela rapidement ?

je ne connais pas la dedibox mais des fois que t'aurais webmin, tu peux accéder aux logs systemes en affichant les n dernieres lignes de logs. on peut aussi filtrer en affichant les n dernieres lignes contenant "xxxx"... si tu mets le mot sent par exemple, tu peux voir les derniers mails que ton systeme a envoyé. et si tu vois que 100 mails ont été balancés en moins de quelques secondes il ne faut pas chercher plus loin.

oui le ddos est aussi une possibilité. tu as un bon firewall ?

le Jeu Déc 27, 2007 22:47

jsutement pas de firewall (je n'ai pas configuré Iptable)

Code: Tout sélectionner: top - 22:46:52 up 27 days, 23:55, 1 user, load average: 5.92, 1.65, 0.60 Tasks: 90 total, 2 running, 88 sleeping, 0 stopped, 0 zombie Cpu(s): 53.2%us, 20.7%sy, 0.0%ni, 0.0%id, 24.1%wa, 0.0%hi, 2.0%si, 0.0%st Mem: 1018244k total, 1006352k used, 11892k free, 620k buffers Swap: 1044216k total, 1044196k used, 20k free, 11900k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 21917 www-data 18 0 70508 29m 1248 D 35.9 3.0 0:03.06 apache2 21945 www-data 18 0 179m 141m 1236 D 16.3 14.2 0:02.08 apache2 21918 www-data 18 0 1412m 409m 1248 D 9.6 41.2 0:19.51 apache2 65 root 10 -5 0 0 0 D 8.3 0.0 141:25.16 kswapd0 21922 www-data 18 0 399m 356m 1248 D 3.7 35.9 0:05.36 apache2 22203 root 18 0 20388 5304 3560 D 1.3 0.5 0:00.17 php 10828 mysql 15 0 144m 3184 1432 S 0.3 0.3 2:12.48 mysqld 21920 www-data 18 0 42100 1580 1248 D 0.3 0.2 0:00.33 apache2 1 root 18 0 2908 36 32 S 0.0 0.0 0:01.14 init

le Jeu Déc 27, 2007 22:53

Je ne pense pas que cela vienne du mail :
j'ai actuellement un load average élevé (39.69 !) et pas de chose anormale dans /var/log/mail.log :

Code: Tout sélectionner: 22:04:50 sd-12369 postfix/smtp[19023]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25) Dec 27 22:04:50 sd-12369 postfix/smtp[19026]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25) Dec 27 22:04:50 sd-12369 postfix/smtp[19025]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25) Dec 27 22:04:50 sd-12369 postfix/smtp[19026]: 65B9510C0012: to=<freaks_frog@breakthru.org>, relay=none, delay=152364, delays=152364/0.03/0.15/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused) Dec 27 22:04:50 sd-12369 postfix/smtp[19023]: ACA5E10C0011: to=<freaks_frog@breakthru.org>, relay=none, delay=152367, delays=152366/0.14/0.18/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused) Dec 27 22:04:50 sd-12369 postfix/smtp[19025]: 7B19710C000F: to=<freaks_frog@breakthru.org>, relay=none, delay=152368, delays=152368/0.06/0.15/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused) Dec 27 22:04:56 sd-12369 postfix/smtp[19021]: connect to postbox.fabulous.com[128.242.120.13]: Connection refused (port 25) Dec 27 22:04:56 sd-12369 postfix/smtp[19021]: DA20D10C0016: to=<gtbso@livel.com>, relay=none, delay=152233, delays=152226/0.15/6.5/0, dsn=4.4.1, status=deferred (connect to postbox.fabulous.com[128.242.120.13]: Connection refused) Dec 27 22:38:10 sd-12369 postfix/qmgr[2431]: C3EC110C0013: from=<www-data@sd-12369.dedibox.fr>, size=4930, nrcpt=1 (queue active) Dec 27 22:38:10 sd-12369 postfix/qmgr[2431]: CDD3F10C0014: from=<www-data@sd-12369.dedibox.fr>, size=4940, nrcpt=1 (queue active) Dec 27 22:38:10 sd-12369 postfix/qmgr[2431]: 7E15910C0017: from=<www-data@sd-12369.dedibox.fr>, size=4930, nrcpt=1 (queue active) Dec 27 22:38:10 sd-12369 postfix/smtp[21981]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25) Dec 27 22:38:10 sd-12369 postfix/smtp[21981]: CDD3F10C0014: to=<freaks_frog@breakthru.org>, relay=none, delay=154362, delays=154362/0.04/0.12/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused) Dec 27 22:38:10 sd-12369 postfix/smtp[21980]: connect to postbox.fabulous.com[128.242.120.13]: Connection refused (port 25) Dec 27 22:38:10 sd-12369 postfix/smtp[21980]: C3EC110C0013: to=<gtbso@livel.com>, relay=none, delay=154223, delays=154223/0.1/0.42/0, dsn=4.4.1, status=deferred (connect to postbox.fabulous.com[128.242.120.13]: Connection refused) Dec 27 22:38:10 sd-12369 postfix/smtp[21982]: connect to postbox.fabulous.com[128.242.120.13]: Connection refused (port 25) Dec 27 22:38:10 sd-12369 postfix/smtp[21982]: 7E15910C0017: to=<gtbso@livel.com>, relay=none, delay=154225, delays=154225/0.02/0.41/0, dsn=4.4.1, status=deferred (connect to postbox.fabulous.com[128.242.120.13]: Connection refused)

Code: Tout sélectionner: uptime 22:53:34 up 28 days, 1 min, 1 user, load average: 39.69, 24.30, 10.89

le Jeu Déc 27, 2007 22:59

euh si c'est chaud quand meme ! T'as vu toutes ces cochonneries à 22:38:10 ?

tapes en root :
postsuper -d ALL pour voir ?

Essayes d'installer arnoiptables firewall de base il est très bien

et lors des grosses montées ramene nous le resultat du ps -aux

le Jeu Déc 27, 2007 23:02

ok ai pas vu le ps -aux

ouaip, 35% pour apache ça ressemble a une grosse attaque

le Jeu Déc 27, 2007 23:06

9 connexions a 22:38:10, c'est énorme, si ?

avec vraiment du mal :

Code: Tout sélectionner: root@sd-12369:/etc/nagios/conf.d# uptime 23:01:21 up 28 days, 9 min, 1 user, load average: 35.23, 34.56, 21.55

ps -aux

Code: Tout sélectionner: root@sd-12369:/etc/nagios/conf.d# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 2908 4 ? Ss Nov29 0:01 /sbin/init root 2 0.0 0.0 0 0 ? SN Nov29 0:00 [ksoftirqd/0] root 3 0.0 0.0 0 0 ? S< Nov29 0:00 [events/0] root 4 0.0 0.0 0 0 ? S< Nov29 0:00 [khelper] root 5 0.0 0.0 0 0 ? S< Nov29 0:00 [kthread] root 28 0.0 0.0 0 0 ? S< Nov29 0:00 [kblockd/0] root 29 0.0 0.0 0 0 ? S< Nov29 0:00 [ata/0] root 30 0.0 0.0 0 0 ? S< Nov29 0:00 [ata_aux] root 31 0.0 0.0 0 0 ? S< Nov29 0:00 [kseriod] root 65 0.3 0.0 0 0 ? S< Nov29 142:29 [kswapd0] root 66 0.0 0.0 0 0 ? S< Nov29 0:00 [aio/0] root 67 0.0 0.0 0 0 ? S< Nov29 0:00 [jfsIO] root 68 0.0 0.0 0 0 ? S< Nov29 0:00 [jfsCommit] root 69 0.0 0.0 0 0 ? S< Nov29 0:00 [jfsSync] root 70 0.0 0.0 0 0 ? S< Nov29 0:00 [xfslogd/0] root 71 0.0 0.0 0 0 ? S< Nov29 0:00 [xfsdatad/0] root 684 0.0 0.0 0 0 ? S< Nov29 0:00 [scsi_eh_0] root 685 0.0 0.0 0 0 ? S< Nov29 0:00 [scsi_eh_1] root 708 0.0 0.0 0 0 ? S< Nov29 0:00 [kcryptd/0] root 717 0.0 0.0 0 0 ? S< Nov29 0:32 [kjournald] root 848 0.0 0.0 2300 4 ? S<s Nov29 0:00 /sbin/udevd --daemon root 1777 0.0 0.0 0 0 ? S< Nov29 0:00 [kjournald] root 2046 0.0 0.0 1648 0 tty4 Ss+ Nov29 0:00 /sbin/getty 38400 tty4 root 2047 0.0 0.0 1652 0 tty5 Ss+ Nov29 0:00 /sbin/getty 38400 tty5 root 2050 0.0 0.0 1648 0 tty2 Ss+ Nov29 0:00 /sbin/getty 38400 tty2 root 2051 0.0 0.0 1652 0 tty3 Ss+ Nov29 0:00 /sbin/getty 38400 tty3 root 2058 0.0 0.0 1648 0 tty1 Ss+ Nov29 0:00 /sbin/getty 38400 tty1 root 2059 0.0 0.0 1652 0 tty6 Ss+ Nov29 0:00 /sbin/getty 38400 tty6 root 2081 0.0 0.0 1704 68 ? Ds Nov29 7:40 /sbin/syslogd root 2099 0.0 0.0 1792 16 ? Ds Nov29 1:19 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg klog 2101 0.0 0.0 2612 204 ? Ss Nov29 1:04 /sbin/klogd -P /var/run/klogd/kmsg root 2265 0.0 0.0 1824 0 ? S Nov29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier root 2266 0.0 0.0 4296 8 ? S Nov29 0:38 /usr/lib/courier/courier-authlib/authdaemond root 2281 0.0 0.0 1828 0 ? S Nov29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/courier root 2282 0.0 0.0 1932 0 ? S Nov29 0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 / root 2301 0.0 0.0 1828 4 ? S Nov29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin root 2302 0.0 0.0 1932 4 ? S Nov29 0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 / root 2323 0.0 0.0 1928 4 ? S Nov29 0:00 /usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger root 2327 0.0 0.0 1824 4 ? S Nov29 0:00 /usr/sbin/courierlogger courierpop3login root 2336 0.0 0.0 4340 24 ? S Nov29 0:53 /usr/lib/courier/courier-authlib/authdaemond root 2337 0.0 0.0 4340 16 ? S Nov29 0:47 /usr/lib/courier/courier-authlib/authdaemond root 2338 0.0 0.0 4340 8 ? S Nov29 1:03 /usr/lib/courier/courier-authlib/authdaemond root 2339 0.0 0.0 4340 20 ? S Nov29 0:59 /usr/lib/courier/courier-authlib/authdaemond root 2340 0.0 0.0 4340 20 ? S Nov29 0:50 /usr/lib/courier/courier-authlib/authdaemond root 2351 0.0 0.0 1824 0 ? S Nov29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin root 2352 0.0 0.0 1928 0 ? S Nov29 0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /u root 2427 0.0 0.0 4956 180 ? Ss Nov29 9:03 /usr/lib/postfix/master postfix 2431 0.0 0.0 5300 116 ? S Nov29 3:15 qmgr -l -t fifo -u root 2468 0.0 0.0 6472 0 ? Ss Nov29 0:00 /usr/sbin/saslauthd -a pam root 2469 0.0 0.0 6472 0 ? S Nov29 0:00 /usr/sbin/saslauthd -a pam root 2470 0.0 0.0 6472 0 ? S Nov29 0:00 /usr/sbin/saslauthd -a pam root 2472 0.0 0.0 6472 0 ? S Nov29 0:00 /usr/sbin/saslauthd -a pam root 2473 0.0 0.0 6472 0 ? S Nov29 0:00 /usr/sbin/saslauthd -a pam root 2493 0.0 0.0 5088 0 ? Ss Nov29 0:05 /usr/sbin/sshd nobody 2545 0.0 0.0 2744 72 ? Ds Nov29 20:22 proftpd: (accepting connections) daemon 2561 0.0 0.0 1908 0 ? Ss Nov29 0:11 /usr/sbin/atd root 2611 0.0 0.0 7080 384 ? Ds Nov29 16:02 /usr/bin/perl /usr/local/webmin/miniserv.pl /etc/webmin/miniserv.conf postfix 2779 0.0 0.0 5012 104 ? D Nov29 1:50 tlsmgr -l -t unix -u -c snmp 5021 0.0 0.0 7276 700 ? S Dec24 1:29 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 mysql 10828 0.4 0.5 149520 5852 ? Sl 09:38 3:21 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/my

Je vais regarder du coté de arno iptable.

le Jeu Déc 27, 2007 23:10

La commande "postsuper -d ALL" ne me retourne rien, normal ?

le Jeu Déc 27, 2007 23:25

Je viens d'installer arno-iptables-firewall.(via apt-get)
Par contre, aurais un tuto sur la configuration du firewall ? (le fichier /etc/arno-iptables-firewall/firewall.conf je suppose)
Car une fois activé, arno iptable ne laisse rien passer...

Merci

le Jeu Déc 27, 2007 23:27

c'est bon signe, ça veut dire qu'on n'utilise pas ton serveur comme relay spam mail, c'est déjà ça.

apache semble etre hors de cause sur le dernier ps -aux

bon, on va s'interesser un peu aussi à mysql : installes un utilitaire qui s'appelle mtop qui nous permettra de surveiller un peu les eventuels embouteillages au niveau de mysql

le Jeu Déc 27, 2007 23:37

pas grand chose a configurer dans arno iptables, il y a juste cette partie a bien renseigner

Code: Tout sélectionner: EXT_IF="eth0" ... EXT_IF_DHCP_IP=0 ... FULL_ACCESS_HOSTS="192.168.1.0/24" ... FIREWALL_LOG=/var/log/firewall ... #LOGLEVEL=info #mode normal LOGLEVEL=debug #pour voir si ça marche ... OPEN_TCP="21 22 80 443" #exemple pour un serveur: ftp, ssh, http et ssl OPEN_UDP="21 22 80 443" #exemple pour un serveur: ftp, ssh, http et ssl

Vérifie que ca correspond a ta config et rajoutes les autres ports si besoin (webmin, ....)

Load average élevé et traffic faible

Load average élevé et traffic faible

Formation recommandée sur ce thème :

Lectures recommandées sur ce thème :

Qui est en ligne