"" wrote:
>
> Here is the cronjob that I use. Let me know if you have any questions. I
> run this every minute, because I want to catch an IKE problem ASAP. I am
> going to start testing running another one that will kill the daemon
> regardless at 3:30 in the morning, because the problem seems to be related
> to a memory leak with the daemon. If I kill daily, early in the morning, I
> am hoping to avoid problems occuring during the day, when everyone is
> connected. I have been killing it manually late at night, for the past
> couple of weeks, and haven't had the daemon crash since December 23.
>
> ############################################################################
> #
>
> #!/bin/sh
> . /var/etc/pm_profile
> date=`date +%U`
> isakmp_alert=70
> isakmp_pid=`ps -aux | grep isakmpd | grep -v grep | awk '{print $2}'`
> isakmp_cpu=`ps -aux | grep isakmpd | grep -v grep | awk '{print $3}'`
<petpeeve>
Piping grep to awk... Ahhhh, noooooo!
set -- `ps aux | awk '/isakmpd/ && ! /awk/ {print $2 " " $3}'`
isakmp_pid=$1
isakmp_cpu=$2
You can also do,
ps aux | awk '$11 ~ /^isakmpd/ {print $2 " " $3}'
</petpeeve>
Also not a fan of running ps twice. *shrug*
> cpu=`echo $isakmp_cpu | awk -F . '{print $1}'`
cpu=${isakmp_cpu%.*}
There're always a dozen ways to do it.
> echo "`date` ISAKMP_CPU at $isakmp_cpu" >> /var/log/isakmp.$date
>
> # Check to see what our %CPU is at for the isakmpd daemon
> if [ "$cpu" -gt "$isakmp_alert" ]
> then
> echo "`date` ALERT: ISAKMP_CPU at $isakmp_cpu." >> /var/log/isakmp.log
> echo "`date` ALERT: ISAKMP_CPU at $isakmp_cpu. Restarting..." >
> /tmp/isakmp.txt
> kill -9 $isakmp_pid
> for addr in [EMAIL PROTECTED]
> do
> mail $addr < /tmp/isakmp.txt
> done
> fi
>
> ############################################################################
> #####
>
> -----Original Message-----
> From: Zeltser, Roman [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 07, 2003 6:51 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [FW-1] Problem with isakmp dameon
>
> Aaron, can you post your cronjob script for killing this process?
>
> **********************************
> Roman Zeltser,
> @National Computer Center, DNE
> RS Information Systems
>
> -----Original Message-----
> From: <Aaron Reynolds> [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 06, 2003 7:21 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [FW-1] Problem with isakmp dameon
>
> This is a widely known bug in SP6. I have been fighting it for almost 6
> months now, since first going to SP6. The current solution recommended by
> Checkpoint/Nokia is to upgrade to NG, downgrade back to previous release, or
> live with it. I currently have a cronjob that watches the CPU utilization
> of the isakmpd daemon and kills it if it is over 70%. This has been
> working, but is a pain when it happens in the middle of the day. I have
> been doing some tests with killing it in the middle of the night, each
> night, to see if I can eliminate the problem from occuring during the day.
> Like with you, it happens with a policy push, or user database update. Ride
> support hard, and pressure them for a fix! Let me know if you have any
> other questions.
>
> -Aaron
>
> -----Original Message-----
> From: Matt Rossiter [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 06, 2003 4:52 PM
> To: [EMAIL PROTECTED]
> Subject: [FW-1] Problem with isakmp dameon
>
> I'm trying to figure out a problem with a Nokia firewall (IP650) running
> FW Version 4.1 SP-6, Chrysalis-ITS LunaVPN PCI driver version 4.27, IPSO
> 3.5. and has 320MB of memory
>
> The firewall currently has alot of VPN's to many different firewalls.
> One of the problems I'm seeing is when pushing a policy, the ISAKMP dameon
> will go into running mode and just hangs never returing to sleep
> mode. Sometimes I've seen other firewalls start a second isakmp process
> and cause problems.
>
> The only way to correct the problem is to kill the current process and
> restart isakmpd. I was once told that this is because the VPN portion of
> the firewall has run out of its allotment of memory and there is a way to
> configure the firewall to correct this problem. I can also put more
> memory into the firewall or reduce the number of VPNs.
>
> root 22976 0.1 4.2 21756 13488 ?? S 2:16PM 2:09.28 isakmpd (fw)
>
> Has anyone else run into this problem?
>
> Thanks,
>
> Matt
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.434 / Virus Database: 243 - Release Date: 12/25/2002
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.437 / Virus Database: 245 - Release Date: 1/6/2003
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
--
Crist J. Clark [EMAIL PROTECTED]
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact [EMAIL PROTECTED]
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
