Portal Home > Knowledgebase > Articles Database > apace error_log unknown erros
apace error_log unknown erros
| Posted by clrockwell, 03-05-2008, 12:27 PM |
| Hello,
Lately our VPS has needed to be restarted frequently (1-2x daily for the past 5 or so days).
I have pulled our eror_log file and pasted below the last several days. I am hoping someone can take a look at it and point me in the right direction.
Because of limitations, I cannot post anything with urls, but the two errors that have been occuring most frequently are below
Thanks in advance for your help.
|
| Posted by Slidey, 03-05-2008, 12:56 PM |
| running out of memory?
when this is happening, run 'top' and see what the free memory includes (can also run the command 'free' which will tell the same)
|
| Posted by clrockwell, 03-05-2008, 01:03 PM |
| Thanks slidey,
I run 'top' often, and never seen anything over 4 in the %CPU or .1 in the %MEM
I have included the output of 'free' below, hoping it will give everyone a little more information as to what is going on.
Thanks again
|
| Posted by clrockwell, 03-18-2008, 12:56 PM |
| I'm bumping this because the issue is still around. Just today I had to restart the VPS and I have included the last 40 errors from apache/logs/error_log.
Can someone give me insight into this 'bad pid' error, there does not seem to be much explanation available.
named memory usage seems to be high (70336), is this common?
Thanks all
|
| Posted by JulesR, 03-18-2008, 02:59 PM |
| As already stated on this forum, and as the error logs state, you have run out of available RAM and disk swapping is now occuring. I'd strongly suggest upgrading your VPS with more RAM as soon as you possibly can.
You've mentioned that you've seen "4" for CPU in top? Is this 4.xx? If so, that's also incredibly bad unless you're running at least a quad/dual quad core VPS... which is unlikely for a VPS. If this 4.xx is accurate, I'd suggest switching to a dedicated.
|
| Posted by clrockwell, 03-18-2008, 04:48 PM |
| Thanks JulesR. Yes, the 4 is accurate, there is often 3-4 instances of httpd and all of them above 3 in the CPU column.
Because of a recent dos attack, I have taken some steps using iptables which doubled the available memory. My provider is now telling me they see roughly 10000 attempted logins via ssh. So I am changing the port for SSH to slow this down (hopefully).
Before i upgrade, I want to make sure I have everything correct, otherwise the problem will persist no matter how many resources I add on. Do you have any suggestions to get me closer to this point?
Thanks again
|
| Posted by JulesR, 03-18-2008, 05:03 PM |
| Ah my mistake, I thought you were confusing load average with individual CPU processor usage. Apologies.
If there's a 3 or 4 in the output of 'top' for the apache/httpd process - then that's pretty typical. It's the load average you really need to keep your eye on. What are your load averages?
iptables doubled the memory available? How did it magically do that? Do you mean you doubled the RAM with your provider? Either way, it looks like you're still running out, and presumably due to the DoS attack you're suffering. Changing the sshd port is a great idea, alternately see if your provider can do anything to help the DoS attack by blocking ports/sources on the network. This will certainly help alleviate the load on your server.
If you're under a DoS attack, there's little point upgrading anything right now. By the very definition of the term, it's intended to consume all available resources to take you offline - and it appears to be quite successful. If you're already utilising iptables to block offenders and ports, then that's pretty much the bulk of what you can do locally, bar installing a few other systems that rely on iptables to function.
My first port of call, however, is always the service provider. They (generally) have access to far greater things than iptables, so may be able to do most of your work for you. Unless they're Layeredtech
|
| Posted by clrockwell, 03-18-2008, 06:32 PM |
| Thanks again JulesR.
What happened with the iptables is that ips from 3 class C blocks were constantly hitting the server, so I blocked the blocks and the available memory shot through the roof.
Keep in mind I'm new to all this, so there could be other causes for this, but I have not added any resources.
Speaking with my provider - taking a moment to thank Spry for their continued support and patience - turned up that var/log/secure had over 28000 login attempts in a 2 day period.
I have read that you can limit the amount of ssh login attempts in a time period, but I feel the best way would just be to only allow a login attempt from a few different ips (the ones I would need to access from). Can this be done?
Thanks again for the help
|
Add to Favourites 
Print this Article
Also Read
