Re: Re: [users@httpd] weird httpd processes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If I understood what you said, you are able to get the client's IP address by using another resource, like netstat -a and you see the connection is in CLOSE_WAIT state for ever. CLOSE_WAIT takes 12 hours to timeout. It is a long while, but it happens. Maybe you could check something in your kernel configuration and put this value a little lower. 

Seeya,

Miguel.

kalin mintchev wrote:

i found a client connected to the process but could not find the client's
ip number in any of the logs of the server. so i assume its some remote
application that is hitting directly the offending script. but how do i
get to that?!? like somebody mentioned it's probably not written in the
logs until the file is served and the process finished but if the process
never finishes (CLOSE_WAIT) there is no trace in the log....

here is what's right now...

# top
 PID USERNAME      PRI NICE  SIZE    RES STATE    TIME   WCPU    CPU COMMAND
53452 nobody         55   0 15932K 10128K RUN    108:16 96.88% 96.88% httpd
56877 root           28   0  1996K  1100K RUN      0:00  0.89%  0.29% top
.............

# sockstat -4 | grep 53452
nobody   httpd    53452    4 tcp4   66.117.34.36:80      66.134.162.210:1625
nobody   httpd    53452  115 tcp4   *:443                 *:*
nobody   httpd    53452  116 tcp4   *:80                  *:*
nobody   httpd    53452  117 tcp4   66.117.34.36:80       *:*

# netstat -a
......
tcp4       0      0  server.http       h-66-134-162-210.1625   CLOSE_WAIT
.......

# grep -rl 66.134.162.210 /html/*/logs/*
#

there are about maybe 150 domains under /html....  so now what?

i guess i'd have to go through each and every one of them?!? - i know the
20 min time window when the process gets wild but i don't have much
else...

i'm going to turn the mod_status on - like suggested here - to see what it
will come up with but i'm not holding my breath....


thanks....








---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




.

--
Andre Miguel
Administrador de sistemas
e-mail: suporte@xxxxxxxxxx
GVI - Globalview Internet Services
www.gvi.com.br
Fone: 3351-4470
Fax: 3351-4488


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux