Seeya, Miguel. kalin mintchev wrote:
i found a client connected to the process but could not find the client's ip number in any of the logs of the server. so i assume its some remote application that is hitting directly the offending script. but how do i get to that?!? like somebody mentioned it's probably not written in the logs until the file is served and the process finished but if the process never finishes (CLOSE_WAIT) there is no trace in the log.... here is what's right now... # top PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 53452 nobody 55 0 15932K 10128K RUN 108:16 96.88% 96.88% httpd 56877 root 28 0 1996K 1100K RUN 0:00 0.89% 0.29% top ............. # sockstat -4 | grep 53452 nobody httpd 53452 4 tcp4 66.117.34.36:80 66.134.162.210:1625 nobody httpd 53452 115 tcp4 *:443 *:* nobody httpd 53452 116 tcp4 *:80 *:* nobody httpd 53452 117 tcp4 66.117.34.36:80 *:* # netstat -a ...... tcp4 0 0 server.http h-66-134-162-210.1625 CLOSE_WAIT ....... # grep -rl 66.134.162.210 /html/*/logs/* # there are about maybe 150 domains under /html.... so now what? i guess i'd have to go through each and every one of them?!? - i know the 20 min time window when the process gets wild but i don't have much else... i'm going to turn the mod_status on - like suggested here - to see what it will come up with but i'm not holding my breath.... thanks.... --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
. -- Andre Miguel Administrador de sistemas e-mail: suporte@xxxxxxxxxx GVI - Globalview Internet Services www.gvi.com.br Fone: 3351-4470 Fax: 3351-4488 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx