Jeffrey Ng wrote:
I recompiled squid and re-installed, and cahce log showed the 2048 file descriptors there, but z19 still didnt work quite right - showed about 1400 network conenctions. so i rebuilt for 25088 file descriptors (way over kill hehe). recompiled again and now its live, i dont know if its perfect but right now there are (and im not kidding) its now showing 29322 network sockets open right now. Im baffled. Somethign doesnt jive. And the cpu spike to 6.0, with that many sockets opened. so i set ulimit to 999999 (1 million basicaly) and rebuild squid again. According ot cache.log it locks at 32768 file descriptors, it wont load the 9999999, it appears a hard limit in deed! Anyway netstat -vatn shows only 3352 open sockets right now but z19 isnt repsonding well, and within a few minutes i stoped it and went back to http mode... what should i do the next?
Do an analysis of usage and find out who is abusing your service. It sounds like you are either under a DoS attack or someone has some really popular content on your servers (like porn).
I've encountered something similar in the past and found out some users were giving porn sites access to webspace on my servers in exchange for porn accounts. 10 users (out of 200,000) accounted for 75% of my bandwidth.
-- Robert Borkowski