Hi Amos, Thanks for your time and nice comments on the config file It is impossible for me to use "debug_options ALL,6" under such load. log file grows wildly and easily eats the whole hard disk ! Any other solutions to capture the log? Yours Faithfully, --- Amir H Shenavandeh On 11 June 2011 10:35, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 11/06/11 05:39, Shenavandeh wrote: >> >> Hi, >> >> I have a squid installation that crashes twice a day under the load of >> 7 Mbps bandwidth with the following message in squid.out with no >> specific traces in cache.log >> >> Startup: Fri Jun 10 15:46:20 >> dying from an unhandled exception: !theConsumer >> terminate called after throwing an instance of 'TextException' >>  what(): Â!theConsumer >> Startup: Fri Jun 10 19:55:29 >> >> It is compiled using following options: >> Âsbin]# ./squid -v >> Squid Cache: Version 3.1.12.1 >> configure options: Â'--enable-linux-netfilter' >> '--enable-storeio=ufs,aufs' '--enable-poll' >> '--enable-x-accelerator-vary' '--enable-follow-x-forwarded-for' >> '--enable-ssl' '--enable-snmp' '--enable-removal-policies' >> '--enable-gnuregex' '--with-large-files' '--enable-async-io' >> 'CFLAGS=-DNUMTHREADS=300' --with-squid=/root/squid-3.1.12.1 >> --enable-ltdl-convenience >> >> the platform is as follows: >> >> CPU :4 cores of ÂIntel(R) Xeon(R) CPU      E5504 Â@ 2.00GHz >> RAM : 8GB >> OS: CentOS 5.6 : >> Kernel: Linux version 2.6.25 compiled with tproxy option. >> >> the Squid configuration: >> >> cache_mem 4000 MB >> >> dead_peer_timeout 30 seconds >> hierarchy_stoplist cgi-bin ? >> acl QUERY urlpath_regex cgi-bin \? >> no_cache deny QUERY > > hierarchy_stoplist and the QUERY bits are outdated. It is worth removing > these. > >> >> maximum_object_size 50 MB >> maximum_object_size_in_memory 500 KB >> minimum_object_size 0 KB >> >> cache_replacement_policy heap LFUDA >> memory_replacement_policy heap LRU >> >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 ::1 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >> >> >> acl localnet src 10.0.0.0/8  Â# RFC1918 possible internal network >> acl localnet src 172.16.0.0/12  Â# RFC1918 possible internal network >> acl localnet src 192.168.0.0/16  Â# RFC1918 possible internal network >> acl localnet src fc00::/7    # RFC 4193 local private network range >> acl localnet src fe80::/10   Â# RFC 4291 link-local (directly >> plugged) machines >> >> acl SSL_ports port 443 >> acl Safe_ports port 80    Â# http >> acl Safe_ports port 21    Â# ftp >> acl Safe_ports port 443    Â# https >> acl Safe_ports port 70    Â# gopher >> acl Safe_ports port 210    Â# wais >> acl Safe_ports port 1025-65535  Â# unregistered ports >> acl Safe_ports port 280    Â# http-mgmt >> acl Safe_ports port 488    Â# gss-http >> acl Safe_ports port 591    Â# filemaker >> acl Safe_ports port 777    Â# multiling http >> acl CONNECT method CONNECT >> >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access allow to_localhost > > This is dangerous. > Âto_localhost is designed to match a class of attack signatures and prevent > DoS. It is intended for use in a "deny" line. > >> >> >> http_access allow localhost >> http_access allow localnet >> http_access allow to_localhost > > A second "allow to_localhost" is useless. The first will stop processing > when it gets tested and matches. > >> >> http_access deny all >> >> http_port 3128 tproxy >> >> hierarchy_stoplist cgi-bin ? > > repeat directive, worth removing. > >> >> cache_dir aufs /cache 24000 16 256 >> >> coredump_dir cache >> >> # Add any of your own refresh_pattern entries above these. >> refresh_pattern ^ftp:    Â1440  Â20%  Â10080 >> refresh_pattern ^gopher:  Â1440  Â0%  Â1440 >> refresh_pattern -i (/cgi-bin/|\?) 0  Â0%  Â0 >> refresh_pattern .    Â0  Â20%  Â4320 >> >> cache_effective_user squid >> cache_effective_group squid >> >> half_closed_clients off >> buffered_logs on >> client_db off >> quick_abort_max 0 KB >> quick_abort_min 0 KB >> memory_pools off >> >> cache_swap_high 95% >> cache_swap_low 90 >> logfile_rotate 10% > > logfile_rotate is not a percentage. It is a count of many log files to keep. > A new one is generated ever time you run "squid -k rotate" > >> >> visible_hostname    ÂCache > > Interesting FQDN. > > The admin@Cache contact address for example, does not resolve here. > >> >> quick_abort_min 32 KB >> quick_abort_max 32 KB >> quick_abort_pct 95 >> >> negative_ttl 3 minutes >> positive_dns_ttl 6 hours >> >> pipeline_prefetch on >> >> acl snmpkey snmp_community public >> snmp_port 3401 >> snmp_access allow snmpkey localhost >> snmp_access deny all >> >> refresh_pattern -i >> \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$ >> 260000 90% 260009 override-expire >> refresh_pattern -i >> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 260000 >> 90% 260009 override-expire > > These refresh_pattern lines are useless. The query and dot patterns above > catch all URL in existence. Squid never gets past them to match these. > >> >> >> I would be most grateful if somebody helps me out. >> Yours Faithfully, >> --- >> Amir H Sh > > A few seconds search in bugzilla shows this: > Âhttp://bugs.squid-cache.org/show_bug.cgi?id=3117 > > Perhapse you can help provide a trace (debug_options ALL,6) and help track > down where it is coming from. > > Amos > -- > Please be using > ÂCurrent Stable Squid 2.7.STABLE9 or 3.1.12 > ÂBeta testers wanted for 3.2.0.8 and 3.1.12.2 >
