Re: [CentOS] Find out which process consumed Network bandwidth
Take a look at Cacti, which is available in the EPEL repo: https://www.cacti.net/ It's not just for network accounting. It polls multiple hosts for all kinds of data and keeps RRD tables for display. Cacti provides a web interface that can display the data in charts. You'll need to install plugins for iptables to do the actual data collection. I've used this to track per-host Internet usage on my LAN by adding an iptables chain with one do-nothing rule per LAN host, just to maintain a counter for Cacti to poll. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On 9/13/21 18:47, MRob wrote: While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT OUTPUT and "-m owner" are only going to work for outgoing connections, initiated by nginx, which probably isn't much for most systems that aren't reverse proxies. Most of the time, if you want iptables to track the amount of traffic for a specific service, you'll need one or more rules inserted at the beginning of the INPUT chain, before the typical first rule that allows RELATED and ESTABLISHED packets. You could have one rule that allows all traffic to the service port (a stateless rule), or you could have one rule that allows ESTABLISHED traffic to the service port and one that allows NEW,UNTRACKED traffic to the port (stateful rules) That is nice solution! Why do you add a new output rule rather you can look at the existing port rule: # iptables -v -L | grep https xxx yyy ACCEPT tcp -- any any anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what is gained? Because the rule you're looking at only matches NEW and UNTRACKED packets, so it's usually only a record of the TCP SYN packets that initiated connections. If you want a byte count of the traffic for that service, this rule won't provide that. The nginx logs are the most detailed and usually the most useful record of traffic used, but accounting through iptables is also an option. Though, if you're interested in the sort of less detailed logs that you'll get from iptables, then I'd suggest what you want might be NetFlow data: https://www.linuxnetflow.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
See "man iptables-extensions" and "man iptables". I don't know how this works with firewall-cmd, but I imagine firewalld "just" manages iptables? Yes thats right I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT because now "iptables -L" will display a count of the packets that matched each rule and the number of bytes. By comparing with the total packets and bytes for a given time period, you can work out the share for nginx. You can also estimate packet and byte counts by IP and port using this method. You could run an hourly cronjob to log the stats. That is nice solution! Why do you add a new output rule rather you can look at the existing port rule: # iptables -v -L | grep https xxx yyy ACCEPT tcp -- anyany anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what is gained? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On Mon, 6 Sept 2021 at 14:24, Anand Buddhdev On 06/09/2021 19:35, Kaushal Shriyan wrote: Hi Kaushal, I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event Kaushal, While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT because now "iptables -L" will display a count of the packets that matched each rule and the number of bytes. By comparing with the total packets and bytes for a given time period, you can work out the share for nginx. You can also estimate packet and byte counts by IP and port using this method. You could run an hourly cronjob to log the stats. See "man iptables-extensions" and "man iptables". I don't know how this works with firewall-cmd, but I imagine firewalld "just" manages iptables? Good luck! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On Mon, 6 Sept 2021 at 14:24, Anand Buddhdev wrote: > > On 06/09/2021 19:35, Kaushal Shriyan wrote: > > Hi Kaushal, > > > I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find > > out which process consumed network bandwidth during a specific time period? > > > > For example, the Nginx process consumed how much network traffic on Sept > > 01, 2021. > > As far as I know, such accounting isn't done in a standard CentOS > system, so there's no way to determine such information about a past event. > Agreed. The best at this point is looking at the nginx logs and hope they are set up to show bits transferred or something similar to see what ip addresses and files were being used. > Regards, > Anand > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on a BBS... time to shutdown -h now. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On 06/09/2021 19:35, Kaushal Shriyan wrote: Hi Kaushal, > I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find > out which process consumed network bandwidth during a specific time period? > > For example, the Nginx process consumed how much network traffic on Sept > 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event. Regards, Anand ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Find out which process consumed Network bandwidth
Hi, I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. Best Regards, Kaushal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] find leave packages at CentOS-8
Hi: I use to find all the leave packages with "package-cleanup --leaves --all". but the "--all" parameter no longer valid under CentOS-8. is there alternative command I can use to find out all the leave packages? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On 2015-04-27, Les Mikesell wrote: --SNIP-- > And I guess the other piece of this would be finding individual > packages that are not encompassed by the groups - or pulled in by > dependencies.Is there some database-like approach to take the full > list of packages, then reduce it to the minimal list of groups and > top-level packages to pull the rest in? It probably will work to > hand the raw list to yum but I'd like to make an understandable list > in a script even if the packages had been added piecemeal in the first > place as someone noticed the need for them. The command 'package-cleanup --leaves --all' (from yum-utils) will help you. Leaf packages are those which are not relied upon by other packages. -- Liam ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On Mon, Apr 27, 2015 at 4:52 PM, Les Mikesell wrote: > On Mon, Apr 27, 2015 at 4:34 PM, Matthew Miller wrote: >> On Mon, Apr 27, 2015 at 04:04:41PM -0500, Les Mikesell wrote: >>> Interesting, but it seems to _only_ show groups that weren't included >>> in the anaconda install. For example where the saved anaconda-ks-cfg >>> shows @gnome-desktop and @development, 'yum grouplist' only shows >>> 'MATE Desktop' which was installed later. >> >> Does the "hidden" flag help here? > > Well it's different, but still doesn't seem right. That shows: > Installed environment groups: >MATE Desktop > and > Installed groups: >Core >Dial-up Networking Support >Fonts >Guest Desktop Agents >Input Methods >MATE >Multimedia > but still no mention of development or gnome. > And I guess the other piece of this would be finding individual packages that are not encompassed by the groups - or pulled in by dependencies.Is there some database-like approach to take the full list of packages, then reduce it to the minimal list of groups and top-level packages to pull the rest in? It probably will work to hand the raw list to yum but I'd like to make an understandable list in a script even if the packages had been added piecemeal in the first place as someone noticed the need for them. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On Mon, Apr 27, 2015 at 4:34 PM, Matthew Miller wrote: > On Mon, Apr 27, 2015 at 04:04:41PM -0500, Les Mikesell wrote: >> Interesting, but it seems to _only_ show groups that weren't included >> in the anaconda install. For example where the saved anaconda-ks-cfg >> shows @gnome-desktop and @development, 'yum grouplist' only shows >> 'MATE Desktop' which was installed later. > > Does the "hidden" flag help here? Well it's different, but still doesn't seem right. That shows: Installed environment groups: MATE Desktop and Installed groups: Core Dial-up Networking Support Fonts Guest Desktop Agents Input Methods MATE Multimedia but still no mention of development or gnome. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On Mon, Apr 27, 2015 at 04:04:41PM -0500, Les Mikesell wrote: > Interesting, but it seems to _only_ show groups that weren't included > in the anaconda install. For example where the saved anaconda-ks-cfg > shows @gnome-desktop and @development, 'yum grouplist' only shows > 'MATE Desktop' which was installed later. Does the "hidden" flag help here? -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On Mon, Apr 27, 2015 at 03:45:16PM -0500, Johnny Hughes wrote: > But, I think that is a YUM database and not based on the RPM database, > so it is possible that you can have all the RPMs for a group installed > and not actually have it listed as installed. > At least I sometimes find myself in that position. But I also wipe out > /var/cache/yum/ sometimes. I think the info of "what's in a group" comes from the yum cache, but yum uses the actual state of the system (the rpm database) for what's installed. That's what I think. I guess we could look. :) -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On Mon, Apr 27, 2015 at 1:47 PM, Matthew Miller wrote: > On Mon, Apr 27, 2015 at 11:58:08AM -0500, Les Mikesell wrote: >> Is there an 'after the fact' way to find what yum groups are >> installed, including ones that were added with 'yum groupinstall' >> instead of the initial anaconda install? > > Yes. "yum grouplist" will tell you the groups that are currently in the > installed state. Worth reading the manpage to see exactly what yum > thinks that "installed" means: > > Groups are marked as "installed" if all mandatory packages are > installed, or if a group doesn’t have any mandatory packages then > it is installed if any of the optional or default package are > installed. [...] Interesting, but it seems to _only_ show groups that weren't included in the anaconda install. For example where the saved anaconda-ks-cfg shows @gnome-desktop and @development, 'yum grouplist' only shows 'MATE Desktop' which was installed later. What I am looking for is a succinct way to duplicate the full installed package list that exists on an organically-developed developed system (that is, where people added things until it all worked), so equivalent systems can be created by a minimal install followed by a scripted yum install 'big list of stuff'. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On 04/27/2015 01:47 PM, Matthew Miller wrote: > On Mon, Apr 27, 2015 at 11:58:08AM -0500, Les Mikesell wrote: >> Is there an 'after the fact' way to find what yum groups are >> installed, including ones that were added with 'yum groupinstall' >> instead of the initial anaconda install? > > Yes. "yum grouplist" will tell you the groups that are currently in the > installed state. Worth reading the manpage to see exactly what yum > thinks that "installed" means: > > Groups are marked as "installed" if all mandatory packages are > installed, or if a group doesn’t have any mandatory packages then > it is installed if any of the optional or default package are > installed. [...] > But, I think that is a YUM database and not based on the RPM database, so it is possible that you can have all the RPMs for a group installed and not actually have it listed as installed. At least I sometimes find myself in that position. But I also wipe out /var/cache/yum/ sometimes. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find installed yum groups?
On Mon, Apr 27, 2015 at 11:58:08AM -0500, Les Mikesell wrote: > Is there an 'after the fact' way to find what yum groups are > installed, including ones that were added with 'yum groupinstall' > instead of the initial anaconda install? Yes. "yum grouplist" will tell you the groups that are currently in the installed state. Worth reading the manpage to see exactly what yum thinks that "installed" means: Groups are marked as "installed" if all mandatory packages are installed, or if a group doesn’t have any mandatory packages then it is installed if any of the optional or default package are installed. [...] -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Find installed yum groups?
Is there an 'after the fact' way to find what yum groups are installed, including ones that were added with 'yum groupinstall' instead of the initial anaconda install? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
On Sat, Jan 24, 2015 at 12:32:01PM -0600, Valeri Galtsev wrote: > One other thing I would try: disable selinux, and see if that lets > apache read file, e.g.: > > setenforce 0 Setting SELinux to permissive temporarily is a good start, although it's also helpful to check the audit logs, with: ausearch -m avc -ts today ...to see if SELinux prevented access today. It's quite likely SELinux preventing access, particularly if you're using PHP to read a file that's not in one of the standard WWW paths that the web server is allowed to access. SELinux prevents the web server from reading, writing or executing files outside of a fairly select few locations. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
On Sat, January 24, 2015 11:27 am, Tim Dunphy wrote: > Hey guys, > > Unless you're using auditd (or a similar service) to watch the file, > no. You could probably use the logs and `last` to see who was logged > in at the time and make a guess. > > > > Also, you can look into shell history files (though that might be cleaned > by users). Admin is allowed to do that when investigates incident. > One more thing: if "access" constitutes execution of that file, you can > use lastcomm (if process accounting is enabled on the system). This only > tells you the command name (not its arguments) - so if your file is > command and you are interested who executed it and when lastcomm is your > friend. > > > > Thanks for these suggestions! But one thing that I should have mentioned > is > that it's not a user logging into the system that's accessing that file. > It's actually a php script that's trying to read from it. The script is > failing to pull information from the file, and failing. It's trying to > access the file as a user account that exists on the system . And we're > seeing 'access denied' messages in the apache error logs. If it is php script that runs by web server then the user web server daemon runs as will be the one who needs access. On centos with apache web server it is usually unprivileged user "apache (as apache starts as privileges user root to read certificate secret key, then drops privileges). You need to have file in question be readable as apache. Easy debugging would be: get root shell, then su - apache cat /path/to/file/in/question (assuming it is ASCII text file). One other thing I would try: disable selinux, and see if that lets apache read file, e.g.: setenforce 0 Also: posting relevant "access denied" lines from web server logs may help other to spot something. Valeri > > An important difference, that I should have mentioned. Sorry about that! > So > I'm thinking if I can watch the file using auditd, I can see attempts by > the user the script runs as in accessing the file? > > Thanks > Tim > > On Fri, Jan 23, 2015 at 4:23 PM, Valeri Galtsev > > wrote: > >> >> On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote: >> > On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: >> >> Is there any way to find out the last user to access a file on a >> CentOS >> >> 6.5 system? >> > >> > Unless you're using auditd (or a similar service) to watch the file, >> > no. You could probably use the logs and `last` to see who was logged >> > in at the time and make a guess. >> > >> >> Also, you can look into shell history files (though that might be >> cleaned >> by users). Admin is allowed to do that when investigates incident. >> >> One more thing: if "access" constitutes execution of that file, you can >> use lastcomm (if process accounting is enabled on the system). This only >> tells you the command name (not its arguments) - so if your file is >> command and you are interested who executed it and when lastcomm is your >> friend. >> >> Good luck! >> >> Valeri >> >> >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
Hey guys, Unless you're using auditd (or a similar service) to watch the file, no. You could probably use the logs and `last` to see who was logged in at the time and make a guess. Also, you can look into shell history files (though that might be cleaned by users). Admin is allowed to do that when investigates incident. One more thing: if "access" constitutes execution of that file, you can use lastcomm (if process accounting is enabled on the system). This only tells you the command name (not its arguments) - so if your file is command and you are interested who executed it and when lastcomm is your friend. Thanks for these suggestions! But one thing that I should have mentioned is that it's not a user logging into the system that's accessing that file. It's actually a php script that's trying to read from it. The script is failing to pull information from the file, and failing. It's trying to access the file as a user account that exists on the system . And we're seeing 'access denied' messages in the apache error logs. An important difference, that I should have mentioned. Sorry about that! So I'm thinking if I can watch the file using auditd, I can see attempts by the user the script runs as in accessing the file? Thanks Tim On Fri, Jan 23, 2015 at 4:23 PM, Valeri Galtsev wrote: > > On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote: > > On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: > >> Is there any way to find out the last user to access a file on a CentOS > >> 6.5 system? > > > > Unless you're using auditd (or a similar service) to watch the file, > > no. You could probably use the logs and `last` to see who was logged > > in at the time and make a guess. > > > > Also, you can look into shell history files (though that might be cleaned > by users). Admin is allowed to do that when investigates incident. > > One more thing: if "access" constitutes execution of that file, you can > use lastcomm (if process accounting is enabled on the system). This only > tells you the command name (not its arguments) - so if your file is > command and you are interested who executed it and when lastcomm is your > friend. > > Good luck! > > Valeri > > > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote: > On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: >> Is there any way to find out the last user to access a file on a CentOS >> 6.5 system? > > Unless you're using auditd (or a similar service) to watch the file, > no. You could probably use the logs and `last` to see who was logged > in at the time and make a guess. > Also, you can look into shell history files (though that might be cleaned by users). Admin is allowed to do that when investigates incident. One more thing: if "access" constitutes execution of that file, you can use lastcomm (if process accounting is enabled on the system). This only tells you the command name (not its arguments) - so if your file is command and you are interested who executed it and when lastcomm is your friend. Good luck! Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: > Is there any way to find out the last user to access a file on a CentOS > 6.5 system? Unless you're using auditd (or a similar service) to watch the file, no. You could probably use the logs and `last` to see who was logged in at the time and make a guess. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find out who accessed a file
Hey guys, Is there any way to find out the last user to access a file on a CentOS 6.5 system? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find troubles
On 10/28/2014 5:32 PM, Robert Nichols wrote: On 10/28/2014 04:00 PM, Tim Dunphy wrote: Hey guys, Sorry not sure what's wrong with this statement. I've tried a few variations of trying to exclude the /var/www directory. [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name www \) /usr/lib/httpd /usr/lib64/httpd /var/www/vhosts/johnnyenglish/httpdocs /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd /var/www/lpaddevbkp/httpd Well, no name that matches "*httpd*" will also match "www", so that last term will never match. What you want is the "prune" action: find / -name www -prune -o -name "*httpd*" Or use -path instead of -name. Your original find statement should work with the -path test. find / -name "*httpd*" -type d \( ! -path /var/www \) but combining it with -prune is more efficient since it excludes the whole directory tree instead of individually excluding each file. find / -path /var/www -prune -o -name "*httpd*" -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find troubles
On 10/28/2014 04:00 PM, Tim Dunphy wrote: Hey guys, Sorry not sure what's wrong with this statement. I've tried a few variations of trying to exclude the /var/www directory. [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name www \) /usr/lib/httpd /usr/lib64/httpd /var/www/vhosts/johnnyenglish/httpdocs /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd /var/www/lpaddevbkp/httpd Well, no name that matches "*httpd*" will also match "www", so that last term will never match. What you want is the "prune" action: find / -name www -prune -o -name "*httpd*" -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find troubles
> > In centos, the apache package is named httpd, not apache. try removing the > packages first. (yum remove httpd) Yup! Already done. I did say I removed apache packages, realizing the name of the package is actually httpd in centos. My bad for not communicating clearly. This exercise is just to remove any stray bits of httpd that are left on the system before I do a source install. It's what the client wants. thanks tim On Tue, Oct 28, 2014 at 5:20 PM, Eero Volotinen wrote: > 2014-10-28 23:00 GMT+02:00 Tim Dunphy : > > > Hey guys, > > > > Sorry not sure what's wrong with this statement. I've tried a few > > variations of trying to exclude the /var/www directory. > > > > > > [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name > www > > \) > > /usr/lib/httpd > > /usr/lib64/httpd > > /var/www/vhosts/johnnyenglish/httpdocs > > /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd > > /var/www/lpaddevbkp/httpd > > > > > > The ultimate intention once I get a suitable find command is to delete > all > > references to httpd. I'm trying to do a clean install of apache 'the > > company way'. But before I do that I want to get rid of the apache that > was > > there. > > > > > > I've already queried the rpm database and did a yum remove of the apache > > packages. > > > > So where I'm I going wrong with the above statement? Looks right to me! > > > > In centos, the apache package is named httpd, not apache. try removing the > packages first. (yum remove httpd) > > -- > Eero > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find troubles
2014-10-28 23:00 GMT+02:00 Tim Dunphy : > Hey guys, > > Sorry not sure what's wrong with this statement. I've tried a few > variations of trying to exclude the /var/www directory. > > > [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name www > \) > /usr/lib/httpd > /usr/lib64/httpd > /var/www/vhosts/johnnyenglish/httpdocs > /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd > /var/www/lpaddevbkp/httpd > > > The ultimate intention once I get a suitable find command is to delete all > references to httpd. I'm trying to do a clean install of apache 'the > company way'. But before I do that I want to get rid of the apache that was > there. > > > I've already queried the rpm database and did a yum remove of the apache > packages. > > So where I'm I going wrong with the above statement? Looks right to me! > In centos, the apache package is named httpd, not apache. try removing the packages first. (yum remove httpd) -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find troubles
Hi find / -name "*httpd*" -type d |grep -v www\ Thanks.. Ideally I'd like to use the -delete flag to find once i have the right command. But with that I suppose I could use find / -name "*httpd*" -type d |grep -v www\ | xargs rm -rfv Assuming that the initial find doesn't do anything too scary. Thanks Tim On Tue, Oct 28, 2014 at 5:11 PM, Chris Geldenhuis wrote: > On 10/28/2014 11:00 PM, Tim Dunphy wrote: > >> Hey guys, >> >> Sorry not sure what's wrong with this statement. I've tried a few >> variations of trying to exclude the /var/www directory. >> >> >> [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name >> www \) >> /usr/lib/httpd >> /usr/lib64/httpd >> /var/www/vhosts/johnnyenglish/httpdocs >> /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd >> /var/www/lpaddevbkp/httpd >> >> >> The ultimate intention once I get a suitable find command is to delete all >> references to httpd. I'm trying to do a clean install of apache 'the >> company way'. But before I do that I want to get rid of the apache that >> was >> there. >> >> >> I've already queried the rpm database and did a yum remove of the apache >> packages. >> >> So where I'm I going wrong with the above statement? Looks right to me! >> >> Thanks >> Tim >> >> >> >> Hi, > > Try: > > find / -name "*httpd*" -type d |grep -v www > > Regards > > ChrisG > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find troubles
On 10/28/2014 11:00 PM, Tim Dunphy wrote: Hey guys, Sorry not sure what's wrong with this statement. I've tried a few variations of trying to exclude the /var/www directory. [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name www \) /usr/lib/httpd /usr/lib64/httpd /var/www/vhosts/johnnyenglish/httpdocs /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd /var/www/lpaddevbkp/httpd The ultimate intention once I get a suitable find command is to delete all references to httpd. I'm trying to do a clean install of apache 'the company way'. But before I do that I want to get rid of the apache that was there. I've already queried the rpm database and did a yum remove of the apache packages. So where I'm I going wrong with the above statement? Looks right to me! Thanks Tim Hi, Try: find / -name "*httpd*" -type d |grep -v www Regards ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find troubles
Hey guys, Sorry not sure what's wrong with this statement. I've tried a few variations of trying to exclude the /var/www directory. [root@224432-24 apr-1.5.1]# find / -name "*httpd*" -type d \( ! -name www \) /usr/lib/httpd /usr/lib64/httpd /var/www/vhosts/johnnyenglish/httpdocs /var/www/lpaddevbkp/alchemist/namespace/system-config-httpd /var/www/lpaddevbkp/httpd The ultimate intention once I get a suitable find command is to delete all references to httpd. I'm trying to do a clean install of apache 'the company way'. But before I do that I want to get rid of the apache that was there. I've already queried the rpm database and did a yum remove of the apache packages. So where I'm I going wrong with the above statement? Looks right to me! Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find disk / volume path for particular guest vm
Hi John, Thx, it works. On Fri, Jul 18, 2014 at 1:45 PM, John R Pierce wrote: > On 7/17/2014 6:32 PM, Benjamin Fernandis wrote: > > Is there any command or way to grab disk / storage /volume path for > > particular guest vm? > > # virsh domblklist kfat > Target Source > > hda/var/lib/libvirt/images/kfat.img > hdb/var/lib/libvirt/images/kfat-1.img > hdc- > > > shows the block devices defined for domain 'kfat' > > -- > john r pierce 37N 122W > somewhere on the middle of the left coast > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find disk / volume path for particular guest vm
On 7/17/2014 6:32 PM, Benjamin Fernandis wrote: > Is there any command or way to grab disk / storage /volume path for > particular guest vm? # virsh domblklist kfat Target Source hda/var/lib/libvirt/images/kfat.img hdb/var/lib/libvirt/images/kfat-1.img hdc- shows the block devices defined for domain 'kfat' -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find disk / volume path for particular guest vm
Hi, we use kvm based virtualization on centos 65.. Is there any command or way to grab disk / storage /volume path for particular guest vm? Thx Benjo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
don't forget to escape that exclamation point if typing on bash.
On Tue, May 13, 2014 at 1:50 AM, Nicolas Thierry-Mieg <
nicolas.thierry-m...@imag.fr> wrote:
> > On Mon, May 12, 2014 at 4:44 AM, Tim Dunphy
> wrote:
> >
> >> Thanks. But what if I want to turn that statement into one that will
> delete
> >> everything it finds? I need to preserve the contents of that directory.
> >>
> >> As in : find / -path '/usr/local/digitalplatform/*' -prune -o -name
> >> "*varnish*" -exec rm -rfv {} \;
> >>
>
> try something along the lines of:
>
> find / -regex '.*varnish.*' ! -regex '/usr/local/digitalplatform/.*'
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
> On Mon, May 12, 2014 at 4:44 AM, Tim Dunphy wrote:
>
>> Thanks. But what if I want to turn that statement into one that will delete
>> everything it finds? I need to preserve the contents of that directory.
>>
>> As in : find / -path '/usr/local/digitalplatform/*' -prune -o -name
>> "*varnish*" -exec rm -rfv {} \;
>>
try something along the lines of:
find / -regex '.*varnish.*' ! -regex '/usr/local/digitalplatform/.*'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
Why not copy the directory elsewhere, then delete the rest and move it
back? You'd take a copy of it anyway, if it is important, right?
Cheers,
Cliff
On Mon, May 12, 2014 at 4:44 AM, Tim Dunphy wrote:
> Thanks. But what if I want to turn that statement into one that will delete
> everything it finds? I need to preserve the contents of that directory.
>
> As in : find / -path '/usr/local/digitalplatform/*' -prune -o -name
> "*varnish*" -exec rm -rfv {} \;
>
> I'm thinking the grep -v would be a visual thing, but the above statement
> would delete everything including the varnish files in the digitalplatform
> directory.
>
>
>
>
> On Sun, May 11, 2014 at 12:39 PM, Hal Wigoda wrote:
>
> > Just grep it out.
> >
> > find . -print | grep -v digitalplatform
> >
> > -v excludes
> >
> > On Sun, May 11, 2014 at 11:33 AM, Tim Dunphy
> wrote:
> > > Hey all,
> > >
> > > I'm trying to do a find of all files with the phrase 'varnish' in the
> > > name, but want to exclude a user home directory called
> > > /usr/local/digitalplatform.
> > >
> > > Here's what I was able to come up with:
> > >
> > > find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*"
> > >
> > > Which results in this:
> > >
> > > [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*'
> > -prune
> > > -o -name "*varnish*" | grep digitalplatform
> > > /usr/local/digitalplatform/.bash_logout
> > > /usr/local/digitalplatform/varnish-2.1.5.tar.gz
> > > /usr/local/digitalplatform/.viminfo
> > > /usr/local/digitalplatform/.ssh
> > > /usr/local/digitalplatform/varnish-1360.tar.gz
> > > /usr/local/digitalplatform/.emacs
> > > /usr/local/digitalplatform/varnishncsa-init
> > > /usr/local/digitalplatform/varnish-sysconfig-stg
> > > /usr/local/digitalplatform/memcached-1.4.7.tar.gz
> > > /usr/local/digitalplatform/.bash_profile
> > > /usr/local/digitalplatform/.mozilla
> > > /usr/local/digitalplatform/.subversion
> > > /usr/local/digitalplatform/.bashrc
> > > /usr/local/digitalplatform/.zshrc
> > > /usr/local/digitalplatform/varnish-sysconfig
> > > /usr/local/digitalplatform/default.vcl
> > > /usr/local/digitalplatform/1360-apache-stage.tar.gz
> > > /usr/local/digitalplatform/.bash_history
> > > /usr/local/digitalplatform/memcached-1.4.7
> > > /usr/local/digitalplatform/httpd.conf
> > > /usr/local/digitalplatform/varnish-2.1.5
> > > /usr/local/digitalplatform/varnish_reload_vcl
> > > /usr/local/digitalplatform/varnish-prod.tar.gz
> > > /usr/local/digitalplatform/varnish-init
> > > /usr/local/digitalplatform/1360-stage-apache.tar.gz
> > >
> > >
> > > I'd like to know what I'm doing wrong, and how I can best achieve the
> > > desired results?
> > >
> > > Thanks
> > > Tim
> > >
> > >
> > >
> > > --
> > > GPG me!!
> > >
> > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > > ___
> > > CentOS mailing list
> > > CentOS@centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> >
> >
> >
> > --
> > -
> > Hal Wigoda
> > Chicago
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
On 05/11/2014 01:06 PM, Tim Dunphy wrote: > Hal & Jack > > Both are perfect! Thanks > > [root@uszmpwsls014lb ~]# find / -print | grep -v digitalplatform | grep > varnish > /var/lib/varnish > /var/lib/varnish/uszmpwsls014lb > /var/lib/varnish/uszmpwsls014lb/_.vsl > /var/lib/varnish/varnish_storage.bin > it might work reasonably for this particular case, but you should note the limitations of such an approach. specifically this would exclude both /path/you/want/to/ignore/digitalplatform/varnish and /path/you/want/to/find/digitalplatform/varnish I'd also suggest using find / -name varnish, dropping the second grep and possibly using anchors with egrep to be very specific (e.g. | egrep -v "^/ignore/this/path|^/ignore/another/path" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
On Sun, May 11, 2014 at 12:33:47PM -0400, Tim Dunphy wrote: > find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*" Try find / -path /usr/local/digitalplatform -prune -o name '*varnish*' -print Without the explicit -print, find will implicitly add one e.g find / \( -path -o -name ... \) -print -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
Hal & Jack
Both are perfect! Thanks
[root@uszmpwsls014lb ~]# find / -print | grep -v digitalplatform | grep
varnish
/var/lib/varnish
/var/lib/varnish/uszmpwsls014lb
/var/lib/varnish/uszmpwsls014lb/_.vsl
/var/lib/varnish/varnish_storage.bin
/usr/lib64/libvarnish.so.1
/usr/lib64/libvarnishapi.so.1.0.0
/usr/lib64/libvarnishcompat.so.1.0.0
/usr/lib64/libvarnishcompat.so.1
/usr/lib64/libvarnishapi.so.1
/usr/lib64/libvarnish.so.1.0.0
/usr/share/doc/varnish-libs-2.0.6
/usr/share/doc/varnish-libs-2.0.6/LICENSE
[root@uszmpwsls014lb ~]# find / -name "*varnish*" | sed
'/digitalplatform$/d' | head -5
find: /proc/4604: No such file or directory
/var/lib/varnish
/var/lib/varnish/varnish_storage.bin
/usr/lib64/libvarnish.so.1
/usr/lib64/libvarnishapi.so.1.0.0
/usr/lib64/libvarnishcompat.so.1.0.0
Brian, no that doesn't work. It returns nothing.
[root@uszmpwsls014lb ~]# find / -path /usr/local/digitalplatform -prune
-name \*varnish\*
[root@uszmpwsls014lb ~]#
But that's ok I think I'm all set with the above options.
Thanks!
Tim
On Sun, May 11, 2014 at 12:50 PM, Hal Wigoda wrote:
> find / -print | grep -v digitalplatform | grep varnish | xargs rm
>
> But test this first - you don't want to remove anything by accident.
>
>
> On Sun, May 11, 2014 at 11:44 AM, Tim Dunphy wrote:
> > Thanks. But what if I want to turn that statement into one that will
> delete
> > everything it finds? I need to preserve the contents of that directory.
> >
> > As in : find / -path '/usr/local/digitalplatform/*' -prune -o -name
> > "*varnish*" -exec rm -rfv {} \;
> >
> > I'm thinking the grep -v would be a visual thing, but the above statement
> > would delete everything including the varnish files in the
> digitalplatform
> > directory.
> >
> >
> >
> >
> > On Sun, May 11, 2014 at 12:39 PM, Hal Wigoda
> wrote:
> >
> >> Just grep it out.
> >>
> >> find . -print | grep -v digitalplatform
> >>
> >> -v excludes
> >>
> >> On Sun, May 11, 2014 at 11:33 AM, Tim Dunphy
> wrote:
> >> > Hey all,
> >> >
> >> > I'm trying to do a find of all files with the phrase 'varnish' in the
> >> > name, but want to exclude a user home directory called
> >> > /usr/local/digitalplatform.
> >> >
> >> > Here's what I was able to come up with:
> >> >
> >> > find / -path '/usr/local/digitalplatform/*' -prune -o -name
> "*varnish*"
> >> >
> >> > Which results in this:
> >> >
> >> > [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*'
> >> -prune
> >> > -o -name "*varnish*" | grep digitalplatform
> >> > /usr/local/digitalplatform/.bash_logout
> >> > /usr/local/digitalplatform/varnish-2.1.5.tar.gz
> >> > /usr/local/digitalplatform/.viminfo
> >> > /usr/local/digitalplatform/.ssh
> >> > /usr/local/digitalplatform/varnish-1360.tar.gz
> >> > /usr/local/digitalplatform/.emacs
> >> > /usr/local/digitalplatform/varnishncsa-init
> >> > /usr/local/digitalplatform/varnish-sysconfig-stg
> >> > /usr/local/digitalplatform/memcached-1.4.7.tar.gz
> >> > /usr/local/digitalplatform/.bash_profile
> >> > /usr/local/digitalplatform/.mozilla
> >> > /usr/local/digitalplatform/.subversion
> >> > /usr/local/digitalplatform/.bashrc
> >> > /usr/local/digitalplatform/.zshrc
> >> > /usr/local/digitalplatform/varnish-sysconfig
> >> > /usr/local/digitalplatform/default.vcl
> >> > /usr/local/digitalplatform/1360-apache-stage.tar.gz
> >> > /usr/local/digitalplatform/.bash_history
> >> > /usr/local/digitalplatform/memcached-1.4.7
> >> > /usr/local/digitalplatform/httpd.conf
> >> > /usr/local/digitalplatform/varnish-2.1.5
> >> > /usr/local/digitalplatform/varnish_reload_vcl
> >> > /usr/local/digitalplatform/varnish-prod.tar.gz
> >> > /usr/local/digitalplatform/varnish-init
> >> > /usr/local/digitalplatform/1360-stage-apache.tar.gz
> >> >
> >> >
> >> > I'd like to know what I'm doing wrong, and how I can best achieve the
> >> > desired results?
> >> >
> >> > Thanks
> >> > Tim
> >> >
> >> >
> >> >
> >> > --
> >> > GPG me!!
> >> >
> >> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> >> > ___
> >> > CentOS mailing list
> >> > CentOS@centos.org
> >> > http://lists.centos.org/mailman/listinfo/centos
> >>
> >>
> >>
> >> --
> >> -
> >> Hal Wigoda
> >> Chicago
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> >>
> >
> >
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
>
>
> --
> -
> Hal Wigoda
> Chicago
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.
Re: [CentOS] find with exclude directory
On Sun, 2014-05-11 at 12:33 -0400, Tim Dunphy wrote: > Hey all, > > I'm trying to do a find of all files with the phrase 'varnish' in the > name, but want to exclude a user home directory called > /usr/local/digitalplatform. find / -path /usr/local/digitalplatform -prune -name \*varnish\* doesn't work? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
find / -print | grep -v digitalplatform | grep varnish | xargs rm
But test this first - you don't want to remove anything by accident.
On Sun, May 11, 2014 at 11:44 AM, Tim Dunphy wrote:
> Thanks. But what if I want to turn that statement into one that will delete
> everything it finds? I need to preserve the contents of that directory.
>
> As in : find / -path '/usr/local/digitalplatform/*' -prune -o -name
> "*varnish*" -exec rm -rfv {} \;
>
> I'm thinking the grep -v would be a visual thing, but the above statement
> would delete everything including the varnish files in the digitalplatform
> directory.
>
>
>
>
> On Sun, May 11, 2014 at 12:39 PM, Hal Wigoda wrote:
>
>> Just grep it out.
>>
>> find . -print | grep -v digitalplatform
>>
>> -v excludes
>>
>> On Sun, May 11, 2014 at 11:33 AM, Tim Dunphy wrote:
>> > Hey all,
>> >
>> > I'm trying to do a find of all files with the phrase 'varnish' in the
>> > name, but want to exclude a user home directory called
>> > /usr/local/digitalplatform.
>> >
>> > Here's what I was able to come up with:
>> >
>> > find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*"
>> >
>> > Which results in this:
>> >
>> > [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*'
>> -prune
>> > -o -name "*varnish*" | grep digitalplatform
>> > /usr/local/digitalplatform/.bash_logout
>> > /usr/local/digitalplatform/varnish-2.1.5.tar.gz
>> > /usr/local/digitalplatform/.viminfo
>> > /usr/local/digitalplatform/.ssh
>> > /usr/local/digitalplatform/varnish-1360.tar.gz
>> > /usr/local/digitalplatform/.emacs
>> > /usr/local/digitalplatform/varnishncsa-init
>> > /usr/local/digitalplatform/varnish-sysconfig-stg
>> > /usr/local/digitalplatform/memcached-1.4.7.tar.gz
>> > /usr/local/digitalplatform/.bash_profile
>> > /usr/local/digitalplatform/.mozilla
>> > /usr/local/digitalplatform/.subversion
>> > /usr/local/digitalplatform/.bashrc
>> > /usr/local/digitalplatform/.zshrc
>> > /usr/local/digitalplatform/varnish-sysconfig
>> > /usr/local/digitalplatform/default.vcl
>> > /usr/local/digitalplatform/1360-apache-stage.tar.gz
>> > /usr/local/digitalplatform/.bash_history
>> > /usr/local/digitalplatform/memcached-1.4.7
>> > /usr/local/digitalplatform/httpd.conf
>> > /usr/local/digitalplatform/varnish-2.1.5
>> > /usr/local/digitalplatform/varnish_reload_vcl
>> > /usr/local/digitalplatform/varnish-prod.tar.gz
>> > /usr/local/digitalplatform/varnish-init
>> > /usr/local/digitalplatform/1360-stage-apache.tar.gz
>> >
>> >
>> > I'd like to know what I'm doing wrong, and how I can best achieve the
>> > desired results?
>> >
>> > Thanks
>> > Tim
>> >
>> >
>> >
>> > --
>> > GPG me!!
>> >
>> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > http://lists.centos.org/mailman/listinfo/centos
>>
>>
>>
>> --
>> -
>> Hal Wigoda
>> Chicago
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
-
Hal Wigoda
Chicago
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
Thanks. But what if I want to turn that statement into one that will delete
everything it finds? I need to preserve the contents of that directory.
As in : find / -path '/usr/local/digitalplatform/*' -prune -o -name
"*varnish*" -exec rm -rfv {} \;
I'm thinking the grep -v would be a visual thing, but the above statement
would delete everything including the varnish files in the digitalplatform
directory.
On Sun, May 11, 2014 at 12:39 PM, Hal Wigoda wrote:
> Just grep it out.
>
> find . -print | grep -v digitalplatform
>
> -v excludes
>
> On Sun, May 11, 2014 at 11:33 AM, Tim Dunphy wrote:
> > Hey all,
> >
> > I'm trying to do a find of all files with the phrase 'varnish' in the
> > name, but want to exclude a user home directory called
> > /usr/local/digitalplatform.
> >
> > Here's what I was able to come up with:
> >
> > find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*"
> >
> > Which results in this:
> >
> > [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*'
> -prune
> > -o -name "*varnish*" | grep digitalplatform
> > /usr/local/digitalplatform/.bash_logout
> > /usr/local/digitalplatform/varnish-2.1.5.tar.gz
> > /usr/local/digitalplatform/.viminfo
> > /usr/local/digitalplatform/.ssh
> > /usr/local/digitalplatform/varnish-1360.tar.gz
> > /usr/local/digitalplatform/.emacs
> > /usr/local/digitalplatform/varnishncsa-init
> > /usr/local/digitalplatform/varnish-sysconfig-stg
> > /usr/local/digitalplatform/memcached-1.4.7.tar.gz
> > /usr/local/digitalplatform/.bash_profile
> > /usr/local/digitalplatform/.mozilla
> > /usr/local/digitalplatform/.subversion
> > /usr/local/digitalplatform/.bashrc
> > /usr/local/digitalplatform/.zshrc
> > /usr/local/digitalplatform/varnish-sysconfig
> > /usr/local/digitalplatform/default.vcl
> > /usr/local/digitalplatform/1360-apache-stage.tar.gz
> > /usr/local/digitalplatform/.bash_history
> > /usr/local/digitalplatform/memcached-1.4.7
> > /usr/local/digitalplatform/httpd.conf
> > /usr/local/digitalplatform/varnish-2.1.5
> > /usr/local/digitalplatform/varnish_reload_vcl
> > /usr/local/digitalplatform/varnish-prod.tar.gz
> > /usr/local/digitalplatform/varnish-init
> > /usr/local/digitalplatform/1360-stage-apache.tar.gz
> >
> >
> > I'd like to know what I'm doing wrong, and how I can best achieve the
> > desired results?
> >
> > Thanks
> > Tim
> >
> >
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
>
>
> --
> -
> Hal Wigoda
> Chicago
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
So: find / -print | grep -v digitalplatform | grep varnish On Sun, May 11, 2014 at 11:39 AM, Hal Wigoda wrote: > Just grep it out. > > find . -print | grep -v digitalplatform > > -v excludes > > On Sun, May 11, 2014 at 11:33 AM, Tim Dunphy wrote: >> Hey all, >> >> I'm trying to do a find of all files with the phrase 'varnish' in the >> name, but want to exclude a user home directory called >> /usr/local/digitalplatform. >> >> Here's what I was able to come up with: >> >> find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*" >> >> Which results in this: >> >> [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*' -prune >> -o -name "*varnish*" | grep digitalplatform >> /usr/local/digitalplatform/.bash_logout >> /usr/local/digitalplatform/varnish-2.1.5.tar.gz >> /usr/local/digitalplatform/.viminfo >> /usr/local/digitalplatform/.ssh >> /usr/local/digitalplatform/varnish-1360.tar.gz >> /usr/local/digitalplatform/.emacs >> /usr/local/digitalplatform/varnishncsa-init >> /usr/local/digitalplatform/varnish-sysconfig-stg >> /usr/local/digitalplatform/memcached-1.4.7.tar.gz >> /usr/local/digitalplatform/.bash_profile >> /usr/local/digitalplatform/.mozilla >> /usr/local/digitalplatform/.subversion >> /usr/local/digitalplatform/.bashrc >> /usr/local/digitalplatform/.zshrc >> /usr/local/digitalplatform/varnish-sysconfig >> /usr/local/digitalplatform/default.vcl >> /usr/local/digitalplatform/1360-apache-stage.tar.gz >> /usr/local/digitalplatform/.bash_history >> /usr/local/digitalplatform/memcached-1.4.7 >> /usr/local/digitalplatform/httpd.conf >> /usr/local/digitalplatform/varnish-2.1.5 >> /usr/local/digitalplatform/varnish_reload_vcl >> /usr/local/digitalplatform/varnish-prod.tar.gz >> /usr/local/digitalplatform/varnish-init >> /usr/local/digitalplatform/1360-stage-apache.tar.gz >> >> >> I'd like to know what I'm doing wrong, and how I can best achieve the >> desired results? >> >> Thanks >> Tim >> >> >> >> -- >> GPG me!! >> >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > > > > -- > - > Hal Wigoda > Chicago -- - Hal Wigoda Chicago ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
Just grep it out. find . -print | grep -v digitalplatform -v excludes On Sun, May 11, 2014 at 11:33 AM, Tim Dunphy wrote: > Hey all, > > I'm trying to do a find of all files with the phrase 'varnish' in the > name, but want to exclude a user home directory called > /usr/local/digitalplatform. > > Here's what I was able to come up with: > > find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*" > > Which results in this: > > [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*' -prune > -o -name "*varnish*" | grep digitalplatform > /usr/local/digitalplatform/.bash_logout > /usr/local/digitalplatform/varnish-2.1.5.tar.gz > /usr/local/digitalplatform/.viminfo > /usr/local/digitalplatform/.ssh > /usr/local/digitalplatform/varnish-1360.tar.gz > /usr/local/digitalplatform/.emacs > /usr/local/digitalplatform/varnishncsa-init > /usr/local/digitalplatform/varnish-sysconfig-stg > /usr/local/digitalplatform/memcached-1.4.7.tar.gz > /usr/local/digitalplatform/.bash_profile > /usr/local/digitalplatform/.mozilla > /usr/local/digitalplatform/.subversion > /usr/local/digitalplatform/.bashrc > /usr/local/digitalplatform/.zshrc > /usr/local/digitalplatform/varnish-sysconfig > /usr/local/digitalplatform/default.vcl > /usr/local/digitalplatform/1360-apache-stage.tar.gz > /usr/local/digitalplatform/.bash_history > /usr/local/digitalplatform/memcached-1.4.7 > /usr/local/digitalplatform/httpd.conf > /usr/local/digitalplatform/varnish-2.1.5 > /usr/local/digitalplatform/varnish_reload_vcl > /usr/local/digitalplatform/varnish-prod.tar.gz > /usr/local/digitalplatform/varnish-init > /usr/local/digitalplatform/1360-stage-apache.tar.gz > > > I'd like to know what I'm doing wrong, and how I can best achieve the > desired results? > > Thanks > Tim > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- - Hal Wigoda Chicago ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find with exclude directory
Hey all, I'm trying to do a find of all files with the phrase 'varnish' in the name, but want to exclude a user home directory called /usr/local/digitalplatform. Here's what I was able to come up with: find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*" Which results in this: [root@uszmpwsls014lb ~]# find / -path '/usr/local/digitalplatform/*' -prune -o -name "*varnish*" | grep digitalplatform /usr/local/digitalplatform/.bash_logout /usr/local/digitalplatform/varnish-2.1.5.tar.gz /usr/local/digitalplatform/.viminfo /usr/local/digitalplatform/.ssh /usr/local/digitalplatform/varnish-1360.tar.gz /usr/local/digitalplatform/.emacs /usr/local/digitalplatform/varnishncsa-init /usr/local/digitalplatform/varnish-sysconfig-stg /usr/local/digitalplatform/memcached-1.4.7.tar.gz /usr/local/digitalplatform/.bash_profile /usr/local/digitalplatform/.mozilla /usr/local/digitalplatform/.subversion /usr/local/digitalplatform/.bashrc /usr/local/digitalplatform/.zshrc /usr/local/digitalplatform/varnish-sysconfig /usr/local/digitalplatform/default.vcl /usr/local/digitalplatform/1360-apache-stage.tar.gz /usr/local/digitalplatform/.bash_history /usr/local/digitalplatform/memcached-1.4.7 /usr/local/digitalplatform/httpd.conf /usr/local/digitalplatform/varnish-2.1.5 /usr/local/digitalplatform/varnish_reload_vcl /usr/local/digitalplatform/varnish-prod.tar.gz /usr/local/digitalplatform/varnish-init /usr/local/digitalplatform/1360-stage-apache.tar.gz I'd like to know what I'm doing wrong, and how I can best achieve the desired results? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with -mtime and -print0 = inaccurate results
> Order of operations > find /path/to/files/ -type f -mtime -2 -name *.xml.gz -print0 Thanks! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with -mtime and -print0 = inaccurate results
On Thu, Oct 25, 2012 at 03:41:51PM -0500, Sean Carolan wrote: > If I run this: > find /path/to/files/ -type f -mtime -2 -name *.xml.gz > find /path/to/files/ -print0 -type f -mtime -2 -name *.xml.gz Order of operations find /path/to/files/ -type f -mtime -2 -name *.xml.gz -print0 -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find with -mtime and -print0 = inaccurate results
If I run this: find /path/to/files/ -type f -mtime -2 -name *.xml.gz I get the expected results, files with modify time less than two days old. But, if I run it like this, with the print0 flag: find /path/to/files/ -print0 -type f -mtime -2 -name *.xml.gz I get older files included as well. Anyone know why? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find errors in a directory of files
Am 05.08.2012 00:19, schrieb Tim Dunphy: > I'm trying to write a script that will search through a directory of trace > logs [...] and it's not possible to know the exact > names of the files before they are created. The purpose of this is to > create service checks in nagios. [...] > The problem with this script is that it is only able to detect one error in > the logs. If you echo more than one test phrase into a log file or into > multiple log files it still only picks up one error message. That is a consequence of using the variable=($(...)) + echo idiom. If you write your script as #!/bin/bash log1='/u01/app/oracle/admin/ecom/udump/*' grep -e 'ORA-00600' -e 'ORA-04031' -e 'ORA-07445' $log1 && status=2 echo $status exit $status sending the result of grep to standard output, you'll get a complete list of matches. (If you need a specific output format you can replace "grep" with "sed".) But I doubt that Nagios will be able to receive more than one error from a single plugin invocation. AFAIK it expects a single-line result. HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find errors in a directory of files
On Sat, Aug 04, 2012 at 06:19:39PM -0400, Tim Dunphy wrote:
> hello list,
>
> I'm trying to write a script that will search through a directory of trace
> logs for an oracle database. From what I understand new files are always
> being created in the directory and it's not possible to know the exact
> names of the files before they are created. The purpose of this is to
> create service checks in nagios. Because you don't know the names of the
> files ahead of time traditional plugins like check_logs or
> check_logfiles.plwon't work.
>
> Here's what I was able to come up with:
>
> #!/bin/bash
>
>
>
> log1='/u01/app/oracle/admin/ecom/udump/*'
> crit1=($(grep 'ORA-00600' $log1))
> crit2=($(grep 'ORA-04031' $log1))
> crit3=($(grep 'ORA-07445' $log1))
>
>
>
> if [ $crit1 ] ; then
>echo "$crit1 on ecom1"
>status=2
>
>
> elif [ $crit2 ]; then
> echo "$crit2 on ecom1"
> status=2
>
> elif [ $crit3 ]; then
> echo "$crit3 on ecom1"
> status=2
> fi
>
>
> echo $status
> exit $status
>
>
> This is a very early version of the scripts, so as you can see I'm echoing
> a test message at the end letting you know the exit status.
>
> The problem with this script is that it is only able to detect one error in
> the logs. If you echo more than one test phrase into a log file or into
> multiple log files it still only picks up one error message.
>
> I was just wondering if anyone on the list might have a suggestion on how
> best to accomplish this task?
>
> Thanks
> Tim
I'm not sure I understand the problem well. But, perhaps something like
this
#!/bin/sh
for log in /u01./udump/*
do
egrep -e 'ORA-00600|ORA-04031|ORA-07445' ${log}
done
this will find any line matching any of the ORA- keys. You can
capture the return code if you wish.
Output of egrep could be passed to wc to echo instead a count of the
errors. Filenames could be produced, too, with a bit more scripting,
which you can obviously handle.
Dave
--
The principles of accounting are not arbitrary. They are natural law.
-- Mencius Moldbug
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] find errors in a directory of files
hello list, I'm trying to write a script that will search through a directory of trace logs for an oracle database. From what I understand new files are always being created in the directory and it's not possible to know the exact names of the files before they are created. The purpose of this is to create service checks in nagios. Because you don't know the names of the files ahead of time traditional plugins like check_logs or check_logfiles.plwon't work. Here's what I was able to come up with: #!/bin/bash log1='/u01/app/oracle/admin/ecom/udump/*' crit1=($(grep 'ORA-00600' $log1)) crit2=($(grep 'ORA-04031' $log1)) crit3=($(grep 'ORA-07445' $log1)) if [ $crit1 ] ; then echo "$crit1 on ecom1" status=2 elif [ $crit2 ]; then echo "$crit2 on ecom1" status=2 elif [ $crit3 ]; then echo "$crit3 on ecom1" status=2 fi echo $status exit $status This is a very early version of the scripts, so as you can see I'm echoing a test message at the end letting you know the exit status. The problem with this script is that it is only able to detect one error in the logs. If you echo more than one test phrase into a log file or into multiple log files it still only picks up one error message. I was just wondering if anyone on the list might have a suggestion on how best to accomplish this task? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
On Fri, Dec 09, 2011 at 03:26:26PM +, Always Learning wrote: > > Its not intellectual enough and its too short and its also simple. You left out "incorrect". John -- Like its politicians and its wars, society has the teenagers it deserves. -- John Boynton Priestley (1894-1984), English playwright, novelist, and broadcaster pgpYAS9OihtoA.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
On Fri, Dec 09, 2011 at 10:09:27AM -0500, Windsor Dave L. (AdP/TEF7.1) wrote: > I like: > > find . -type f -printf '%TY/%Tm/%Td %TH:%TM:%TS %p\n' | sort -n | tail -1 > > which shows the last access date/time in a human-readable format that also > sorts nicely (/MM/DD HH:MM:SS). > > Note that some distros include fractional values with the seconds > (%TS), making it even more accurate. My CentOS 5.7 server does not, > my Kubuntu 11.10 desktop does. I considered that as well, but as you point out it will not properly order files due to lack of second resolution. One can stick an "-ls" on find to get human-readable timestamps on the returned file list if necessary. John -- Be in charge of your own destiny, or some one else will. -- John Francis "Jack" Welch, Jr. (1935-), past Chairman and CEO of General Electric pgptXJJUtKvzp.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
From: "m.r...@5-cent.us" > John R. Dennison wrote: >> On Fri, Dec 09, 2011 at 03:15:53PM +0100, Mogens Kjaer wrote: >>> >>> Try something like: >>> >>> find . -type f -printf '%A@ %p\n' | sort -n | tail -1 >> >> I believe you want %T@ instead of %A@ (modification time versus access >> time). I would also suggest sort -nr to sort from most recent to least >> recent. > > What's wrong with ls -laFrt? The OP said "in a directory hicharchy"... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
Always Learning wrote: > > On Fri, 2011-12-09 at 10:23 -0500, m.r...@5-cent.us wrote: > >> What's wrong with ls -laFrt? > > Everything ! > > Its not intellectual enough and its too short and its also simple. > Ok, then ls -ZlaFrt | tail -1 | sort | tail -1 That better? mark "is the obfuscated shell script contest next?" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
On Fri, 2011-12-09 at 10:23 -0500, m.r...@5-cent.us wrote: > What's wrong with ls -laFrt? Everything ! Its not intellectual enough and its too short and its also simple. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
John R. Dennison wrote: > On Fri, Dec 09, 2011 at 03:15:53PM +0100, Mogens Kjaer wrote: >> >> Try something like: >> >> find . -type f -printf '%A@ %p\n' | sort -n | tail -1 > > I believe you want %T@ instead of %A@ (modification time versus access > time). I would also suggest sort -nr to sort from most recent to least > recent. What's wrong with ls -laFrt? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
On 12/9/2011 9:27 AM, John R. Dennison wrote: > On Fri, Dec 09, 2011 at 03:15:53PM +0100, Mogens Kjaer wrote: >> >> Try something like: >> >> find . -type f -printf '%A@ %p\n' | sort -n | tail -1 > > I believe you want %T@ instead of %A@ (modification time versus access > time). I would also suggest sort -nr to sort from most recent to least > recent. > > > John I like: find . -type f -printf '%TY/%Tm/%Td %TH:%TM:%TS %p\n' | sort -n | tail -1 which shows the last access date/time in a human-readable format that also sorts nicely (/MM/DD HH:MM:SS). Note that some distros include fractional values with the seconds (%TS), making it even more accurate. My CentOS 5.7 server does not, my Kubuntu 11.10 desktop does. Best Regards, Dave Windsor Robert Bosch LLC Team Leader, MES Database Infrastructure Group (AdP/TEF7.1) Anderson, SC USA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
thank you! Helmut Am 09.12.2011 15:15, schrieb Mogens Kjaer: > find . -type f -printf '%A@ %p\n' | sort -n | tail -1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
On Fri, Dec 09, 2011 at 03:15:53PM +0100, Mogens Kjaer wrote: > > Try something like: > > find . -type f -printf '%A@ %p\n' | sort -n | tail -1 I believe you want %T@ instead of %A@ (modification time versus access time). I would also suggest sort -nr to sort from most recent to least recent. John -- Anybody can win unless there happens to be a second entry. -- George Ade (1866 - 1944), American writer, newspaper columnist, and playwright pgpO78QdnSD6Y.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find most recent file update in directory
On 12/09/2011 02:41 PM, Helmut Drodofsky wrote: > Hello, > > I try to find in a directory hicharchy the most recent time of file update. > > I think, there could be a solution with find? Try something like: find . -type f -printf '%A@ %p\n' | sort -n | tail -1 Mogens -- Mogens Kjaer, m...@lemo.dk http://www.lemo.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find most recent file update in directory
Hello, I try to find in a directory hicharchy the most recent time of file update. I think, there could be a solution with find? Thank you for help in advance Best regards Helmut Drodofsky ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
Its not a bug, its a feature ... and this is not a joke. You [de|re]fine the search with the suffices you supply making it possible to hand "find" a granularity mechanism that indeed makes find a very powerful utilitiy. Jobst s On Thu, Mar 25, 2010 at 06:16:40PM -0500, Les Mikesell (lesmikes...@gmail.com) wrote: > On 3/25/2010 6:07 PM, Jobst Schmalenbach wrote: > > On Thu, Mar 25, 2010 at 07:45:14AM +0100, Ala1n Sp1neu8 > > (aspin...@gmail.com) wrote: > >> Hello > >> find /etc -size -1G > > > > Very interesting way of finding all files with a file size of 0 ;-) > > What's interesting is that the program doesn't do the unit scale > multiply as the first math operation. I'd call that a bug. > > -- >Les Mikesell > lesmike...@gmail.com > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- It took the power of 3 Commodore 64's to go to the moon, but it takes a 2GHz Pentium 4 to run XP... Something is desperately wrong here! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
On 3/25/2010 6:07 PM, Jobst Schmalenbach wrote: > On Thu, Mar 25, 2010 at 07:45:14AM +0100, Ala1n Sp1neu8 (aspin...@gmail.com) > wrote: >> Hello >> find /etc -size -1G > > Very interesting way of finding all files with a file size of 0 ;-) What's interesting is that the program doesn't do the unit scale multiply as the first math operation. I'd call that a bug. -- Les Mikesell lesmike...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
On Thu, Mar 25, 2010 at 07:45:14AM +0100, Ala1n Sp1neu8 (aspin...@gmail.com) wrote: > Hello > find /etc -size -1G Very interesting way of finding all files with a file size of 0 ;-) Jobst > > should return all files less than 1Giga byte in /etc, but return a > list of empty file (size=0) > > find /etc -size -2G > > work fine and return all the files > > This works the same on my fedora11 and my centos 5 ! > > Did I miss something or is it a bug ? > > Regards > > -- > Alain Spineux | aspineux gmail com > Your email 100% available | http://www.emailgency.com > ntbackup and tar frontend sending mail report | > http://www.magikmon.com/mkbackup/ > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos -- "She said she loved my mind, though by most accounts I had already lost it." | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
Mike McCarty wrote: > Nicolas Thierry-Mieg wrote: >> Nicolas Thierry-Mieg wrote: >>> Ala1n Sp1neu8 wrote: Hello find /etc -size -1G should return all files less than 1Giga byte in /etc, but return a list of empty file (size=0) find /etc -size -2G work fine and return all the files This works the same on my fedora11 and my centos 5 ! Did I miss something or is it a bug ? >>> not sure, but: >>> -1 strictly less than one, being an int that has got to be zero. >>> G unit is GB. >> >> I'm sure now, a simple test confirms this. >> +n :>=n, so behaves as expected >> -n :> when you have a G behind that n. > > Interesting. The man page is somewhat ambiguous on this point, but > does hint at that when it mentions that it references a number of > units, the unit being changeable, and defaults to 512 bytes. > > So, then, > > -size -1024M > > should do what he wants, up to within 1MB blocks, but still > doesn't reference bytes. To do it exactly by the byte, one would > need > -size -1073741824b nitpicking, that should be -1073741825b and should be identical to -1025M or just use -2G: that's "up to 1GB", should be the same ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
Nicolas Thierry-Mieg wrote:
> Nicolas Thierry-Mieg wrote:
>> Ala1n Sp1neu8 wrote:
>>> Hello
>>> find /etc -size -1G
>>>
>>> should return all files less than 1Giga byte in /etc, but return a
>>> list of empty file (size=0)
>>>
>>> find /etc -size -2G
>>>
>>> work fine and return all the files
>>>
>>> This works the same on my fedora11 and my centos 5 !
>>>
>>> Did I miss something or is it a bug ?
>> not sure, but:
>> -1 strictly less than one, being an int that has got to be zero.
>> G unit is GB.
>
> I'm sure now, a simple test confirms this.
> +n : >=n, so behaves as expected
> -n : when you have a G behind that n.
Interesting. The man page is somewhat ambiguous on this point, but
does hint at that when it mentions that it references a number of
units, the unit being changeable, and defaults to 512 bytes.
So, then,
-size -1024M
should do what he wants, up to within 1MB blocks, but still
doesn't reference bytes. To do it exactly by the byte, one would
need
-size -1073741824b
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
Nicolas Thierry-Mieg wrote: > Ala1n Sp1neu8 wrote: >> Hello >> find /etc -size -1G >> >> should return all files less than 1Giga byte in /etc, but return a >> list of empty file (size=0) >> >> find /etc -size -2G >> >> work fine and return all the files >> >> This works the same on my fedora11 and my centos 5 ! >> >> Did I miss something or is it a bug ? > > not sure, but: > -1 strictly less than one, being an int that has got to be zero. > G unit is GB. I'm sure now, a simple test confirms this. +n : >=n, so behaves as expected -n : http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find /etc -size -1G return only empty files
Ala1n Sp1neu8 wrote: > Hello > find /etc -size -1G > > should return all files less than 1Giga byte in /etc, but return a > list of empty file (size=0) > > find /etc -size -2G > > work fine and return all the files > > This works the same on my fedora11 and my centos 5 ! > > Did I miss something or is it a bug ? not sure, but: -1 strictly less than one, being an int that has got to be zero. G unit is GB. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find /etc -size -1G return only empty files
Hello find /etc -size -1G should return all files less than 1Giga byte in /etc, but return a list of empty file (size=0) find /etc -size -2G work fine and return all the files This works the same on my fedora11 and my centos 5 ! Did I miss something or is it a bug ? Regards -- Alain Spineux | aspineux gmail com Your email 100% available | http://www.emailgency.com ntbackup and tar frontend sending mail report | http://www.magikmon.com/mkbackup/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find and excluding directory
> Your "-path" argument is wrong. Try this:
>
> find /var/data/foo -path '/var/data/foo/.snapshot' -prune -o -exec chown
> usera:groupb {} +
>
> You need the whole path, and there is no need to escape the '.' character.
> I've also used "+" as the terminator. That's just an efficiency issue. It
> makes 'find' build command lines with as many matches as will fit rather
> than invoking 'chown' separately for each one.
>
>
Hi Robert
many thanks - that resolved ths issue for me
tom
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find and excluding directory
Tom Brown wrote:
> Hi
>
> I have to use find to change the perms of a directory and files within
> that directory recursively but i need to exclude a directory within the
> top level directory, as its a netapp and so contains a read only
> .snapshot dir.
>
> I have tried...
>
> # find /var/data/foo -path '\.\/\.snapshot' -prune -o -exec chown
> usera:groupb {} \;
>
> but
>
> chown: changing ownership of `/var/data/foo/.snapshot': Read-only file
> system
> chown: changing ownership of `/var/data/foo/.snapshot/hourly.0':
> Read-only file system
> chown: changing ownership of
> `/var/data/foo/.snapshot/hourly.0/filename': Read-only file system
Your "-path" argument is wrong. Try this:
find /var/data/foo -path '/var/data/foo/.snapshot' -prune -o -exec chown
usera:groupb {} +
You need the whole path, and there is no need to escape the '.' character.
I've also used "+" as the terminator. That's just an efficiency issue. It
makes 'find' build command lines with as many matches as will fit rather
than invoking 'chown' separately for each one.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Find and excluding directory
Hi
I have to use find to change the perms of a directory and files within
that directory recursively but i need to exclude a directory within the
top level directory, as its a netapp and so contains a read only
.snapshot dir.
I have tried...
# find /var/data/foo -path '\.\/\.snapshot' -prune -o -exec chown
usera:groupb {} \;
but
chown: changing ownership of `/var/data/foo/.snapshot': Read-only file
system
chown: changing ownership of `/var/data/foo/.snapshot/hourly.0':
Read-only file system
chown: changing ownership of
`/var/data/foo/.snapshot/hourly.0/filename': Read-only file system
any clue ?
thanks
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
On 2009-12-31 15:13, Noob Centos Admin wrote: > Just an concluding update to anybody who might be interested :) > > My apologies for blaming spamassassin in the earlier email. It was > taking so long because of the real problem. > > Apparently the odd exim processes that was related to the mail loop > problem I nipped was still the culprit. I had overlooked the fact that > by the time I caught onto the mail loop issue, there were actually > hundreds if not thousands of bounced and rebounced messages in the > queue already. Attempting to deliver these messages queued before I > terminated the mail loop was what those exim processes were trying to > do. > > This would had been ok if not for the other problem. The user > apparently went on 2 week vacation since 15th and thought it was a > good idea to enlarge his mailbox before doing so. So there was this > 2.5GB mailbox choked full of both valid& rebounced mails, plus the > queue of more rebounced mails. So every time exim attempted to add the > queued mails to the user's account, the quota system rejected it. The > cpu load was probably due to this never ending ping pong match between > exim and the quota. > > Yeah, I can't help but feel this must be such a noob mistake allowing > that to develop without realizing it. > > Now that I've purged the queue of those bounced messages and other > housekeeping for that user, server load has finally gone back to the > expected sub 1.0 levels so I can finally go and enjoy my holiday :) > > > > On 1/1/10, Noob Centos Admin wrote: >> I initiated services shutdown as previously planned and once the >> external services like exim, dovecot, httpd, crond (because it kept >> restarting these services), the problem child stood out like a sore >> thumb. >> >> There was two exim instances that didn't go away despite service exim >> stop. Once I killed these two PID, the load average started dropping >> rapidly. After a minute or so, the server went back to a happy 0.2~0.3 >> load and disk activity became almost negligible. >> >> I think these, orphaned? zombied?, exim instances were related to a >> mail loop problem I discovered earlier today where one of my client on >> holiday had a full mailbox and keep bouncing mails from a contact >> whose site was suspended. Although I terminated that loop, it seemed >> that exim had gotten those two instances stuck in limbo sucking up >> processing power and hitting the disk somewhere unknown since they >> weren't showing up in my exim logs. >> >> After observing a while, I brought the services back and once exim got >> started, my load went back to 2.x ~ 3.x. Unfortunately while I was >> typing this email, I realize it didn't stop there. I'm up to 4.x ~ 5.x >> load level by now. >> >> So the application that is the cause of the load is definitely exim, >> more specifically I think it's spam assassin because now that the mail >> logs entries are slow, I can read the spamd details and mails are >> taking between 3 to 8 seconds to be checked. >> >> Thanks again to everybody who had offer suggestions and advice and do >> have a Happy New Year :) >> >> >> On 1/1/10, Noob Centos Admin wrote: >>> Hi, >>> I do not know about now but I had to unload the modules in question. Just clearing the rules was not enough to ensure that the netfilter connection tracking modules were not using any cpu at all. >>> >>> Thanks for pointing this out. Being a noob admin as my pseudonym >>> states, I'd assumed stopping apf and restarting iptables was >>> sufficient. I'll have to look up unloading module later. >>> /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging business now owned by IBM and called Lotus Live) spammers always ensured I got called. All they do is just press the big red button (aka start the script/system) and then go and play while I would have to deal with whatever was started. >>> >>> Based on the almost precise timing of around 9:30 to 5:30 India time, >>> I'm inclined to think in my case it wasn't so much a spammer pressing >>> a red button but a compromised machine in an office starting up when >>> the user gets into office and knocks off on time at 5:30 :D >>> I remember only one occasion when the spams were launched but neutralized very soon because they were pushing a website and I found a sample real early and so the anti spam system could just dump the spams and knock out accounts being used to send the crap. >>> >>> Could I ask how do I knock out the accounts sending the crap if they >>> are not within my systems? >>> First, try rmmod'ing the netfilter modules after you have cleared away the state related rules to make sure that you are only using static rules in netfilter...unless you have done that already.. >>> >>> I think I'm only using static rules because after I restart iptables, >>> I would then do a service iptables status to check my rules were in, >>> and that list was very short c
Re: [CentOS] Find reason for heavy load
Just an concluding update to anybody who might be interested :) My apologies for blaming spamassassin in the earlier email. It was taking so long because of the real problem. Apparently the odd exim processes that was related to the mail loop problem I nipped was still the culprit. I had overlooked the fact that by the time I caught onto the mail loop issue, there were actually hundreds if not thousands of bounced and rebounced messages in the queue already. Attempting to deliver these messages queued before I terminated the mail loop was what those exim processes were trying to do. This would had been ok if not for the other problem. The user apparently went on 2 week vacation since 15th and thought it was a good idea to enlarge his mailbox before doing so. So there was this 2.5GB mailbox choked full of both valid & rebounced mails, plus the queue of more rebounced mails. So every time exim attempted to add the queued mails to the user's account, the quota system rejected it. The cpu load was probably due to this never ending ping pong match between exim and the quota. Yeah, I can't help but feel this must be such a noob mistake allowing that to develop without realizing it. Now that I've purged the queue of those bounced messages and other housekeeping for that user, server load has finally gone back to the expected sub 1.0 levels so I can finally go and enjoy my holiday :) On 1/1/10, Noob Centos Admin wrote: > I initiated services shutdown as previously planned and once the > external services like exim, dovecot, httpd, crond (because it kept > restarting these services), the problem child stood out like a sore > thumb. > > There was two exim instances that didn't go away despite service exim > stop. Once I killed these two PID, the load average started dropping > rapidly. After a minute or so, the server went back to a happy 0.2~0.3 > load and disk activity became almost negligible. > > I think these, orphaned? zombied?, exim instances were related to a > mail loop problem I discovered earlier today where one of my client on > holiday had a full mailbox and keep bouncing mails from a contact > whose site was suspended. Although I terminated that loop, it seemed > that exim had gotten those two instances stuck in limbo sucking up > processing power and hitting the disk somewhere unknown since they > weren't showing up in my exim logs. > > After observing a while, I brought the services back and once exim got > started, my load went back to 2.x ~ 3.x. Unfortunately while I was > typing this email, I realize it didn't stop there. I'm up to 4.x ~ 5.x > load level by now. > > So the application that is the cause of the load is definitely exim, > more specifically I think it's spam assassin because now that the mail > logs entries are slow, I can read the spamd details and mails are > taking between 3 to 8 seconds to be checked. > > Thanks again to everybody who had offer suggestions and advice and do > have a Happy New Year :) > > > On 1/1/10, Noob Centos Admin wrote: >> Hi, >> >>> I do not know about now but I had to unload the modules in question. >>> Just clearing the rules was not enough to ensure that the netfilter >>> connection tracking modules were not using any cpu at all. >> >> Thanks for pointing this out. Being a noob admin as my pseudonym >> states, I'd assumed stopping apf and restarting iptables was >> sufficient. I'll have to look up unloading module later. >> >>> /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging >>> business now owned by IBM and called Lotus Live) spammers always ensured >>> I got called. All they do is just press the big red button (aka start >>> the script/system) and then go and play while I would have to deal with >>> whatever was started. >> >> Based on the almost precise timing of around 9:30 to 5:30 India time, >> I'm inclined to think in my case it wasn't so much a spammer pressing >> a red button but a compromised machine in an office starting up when >> the user gets into office and knocks off on time at 5:30 :D >> >>> I remember only one occasion when the spams were >>> launched but neutralized very soon because they were pushing a website >>> and I found a sample real early and so the anti spam system could just >>> dump the spams and knock out accounts being used to send the crap. >> >> Could I ask how do I knock out the accounts sending the crap if they >> are not within my systems? >> >>> First, try rmmod'ing the netfilter modules after you have cleared away >>> the state related rules to make sure that you are only using static >>> rules in netfilter...unless you have done that already.. >> >> I think I'm only using static rules because after I restart iptables, >> I would then do a service iptables status to check my rules were in, >> and that list was very short compared to when APF was active. >> >> The good news is, I think I've fixed the big problem after doing my >> shutdown tests and returned to the original problem. >> >
Re: [CentOS] Find reason for heavy load
I initiated services shutdown as previously planned and once the external services like exim, dovecot, httpd, crond (because it kept restarting these services), the problem child stood out like a sore thumb. There was two exim instances that didn't go away despite service exim stop. Once I killed these two PID, the load average started dropping rapidly. After a minute or so, the server went back to a happy 0.2~0.3 load and disk activity became almost negligible. I think these, orphaned? zombied?, exim instances were related to a mail loop problem I discovered earlier today where one of my client on holiday had a full mailbox and keep bouncing mails from a contact whose site was suspended. Although I terminated that loop, it seemed that exim had gotten those two instances stuck in limbo sucking up processing power and hitting the disk somewhere unknown since they weren't showing up in my exim logs. After observing a while, I brought the services back and once exim got started, my load went back to 2.x ~ 3.x. Unfortunately while I was typing this email, I realize it didn't stop there. I'm up to 4.x ~ 5.x load level by now. So the application that is the cause of the load is definitely exim, more specifically I think it's spam assassin because now that the mail logs entries are slow, I can read the spamd details and mails are taking between 3 to 8 seconds to be checked. Thanks again to everybody who had offer suggestions and advice and do have a Happy New Year :) On 1/1/10, Noob Centos Admin wrote: > Hi, > >> I do not know about now but I had to unload the modules in question. >> Just clearing the rules was not enough to ensure that the netfilter >> connection tracking modules were not using any cpu at all. > > Thanks for pointing this out. Being a noob admin as my pseudonym > states, I'd assumed stopping apf and restarting iptables was > sufficient. I'll have to look up unloading module later. > >> /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging >> business now owned by IBM and called Lotus Live) spammers always ensured >> I got called. All they do is just press the big red button (aka start >> the script/system) and then go and play while I would have to deal with >> whatever was started. > > Based on the almost precise timing of around 9:30 to 5:30 India time, > I'm inclined to think in my case it wasn't so much a spammer pressing > a red button but a compromised machine in an office starting up when > the user gets into office and knocks off on time at 5:30 :D > >> I remember only one occasion when the spams were >> launched but neutralized very soon because they were pushing a website >> and I found a sample real early and so the anti spam system could just >> dump the spams and knock out accounts being used to send the crap. > > Could I ask how do I knock out the accounts sending the crap if they > are not within my systems? > >> First, try rmmod'ing the netfilter modules after you have cleared away >> the state related rules to make sure that you are only using static >> rules in netfilter...unless you have done that already.. > > I think I'm only using static rules because after I restart iptables, > I would then do a service iptables status to check my rules were in, > and that list was very short compared to when APF was active. > > The good news is, I think I've fixed the big problem after doing my > shutdown tests and returned to the original problem. > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > I do not know about now but I had to unload the modules in question. > Just clearing the rules was not enough to ensure that the netfilter > connection tracking modules were not using any cpu at all. Thanks for pointing this out. Being a noob admin as my pseudonym states, I'd assumed stopping apf and restarting iptables was sufficient. I'll have to look up unloading module later. > /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging > business now owned by IBM and called Lotus Live) spammers always ensured > I got called. All they do is just press the big red button (aka start > the script/system) and then go and play while I would have to deal with > whatever was started. Based on the almost precise timing of around 9:30 to 5:30 India time, I'm inclined to think in my case it wasn't so much a spammer pressing a red button but a compromised machine in an office starting up when the user gets into office and knocks off on time at 5:30 :D > I remember only one occasion when the spams were > launched but neutralized very soon because they were pushing a website > and I found a sample real early and so the anti spam system could just > dump the spams and knock out accounts being used to send the crap. Could I ask how do I knock out the accounts sending the crap if they are not within my systems? > First, try rmmod'ing the netfilter modules after you have cleared away > the state related rules to make sure that you are only using static > rules in netfilter...unless you have done that already.. I think I'm only using static rules because after I restart iptables, I would then do a service iptables status to check my rules were in, and that list was very short compared to when APF was active. The good news is, I think I've fixed the big problem after doing my shutdown tests and returned to the original problem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Noob Centos Admin wrote: > Hi, > >> Yes, these figures indicate that you are fairly close to being cpu bound. >> >> What kind of filtering are you doing? If you have any connection >> tracking/state related rules set, you will need to be using a fair >> amount of cpu. > > Initially, when the load start going up, I had thought the APF > filtering rules were the problem since the Indian fellow is still > hammering away at the server even now. However, I've since taken the > risk of turning off APF and rely on static iptables rules, which adds > up to less than one screenful on SSH. I do not know about now but I had to unload the modules in question. Just clearing the rules was not enough to ensure that the netfilter connection tracking modules were not using any cpu at all. > > I also thought it might had to do with exim/spamassassin but making a > few changes to reduce the number of emails that goes to spamd doesn't > seem to be helping much. > > In fact as you can see from the stats, load has gone up even further > since. I've been averaging 10+ for the whole working day. At the > moment it's between 6 to 10 when it should be at 0.3 from past months > of logs. > > This is despite the fact most of my clients should be out celebrating > New Year's Eve. From weeks of logs, the Indian spammer is also a very > punctual fellow who should have knock off work about 17 minutes ago. > So there shouldn't be any heavy 'known' activities on the server at > this point. /me shrugs. When I was the mta admin at Outblaze Ltd. (messaging business now owned by IBM and called Lotus Live) spammers always ensured I got called. All they do is just press the big red button (aka start the script/system) and then go and play while I would have to deal with whatever was started. I remember only one occasion when the spams were launched but neutralized very soon because they were pushing a website and I found a sample real early and so the anti spam system could just dump the spams and knock out accounts being used to send the crap. > > So I'm quite stumped as to what's chewing up the CPU cycles. I am also > starting to worry if the server's been compromised and is now doing > something I don't want it to be. > > I'm probably going to shutdown the mail/httpd services after midnight > when the impact is the least and see how the server reacts for a > couple of minutes with everything else cut off. First, try rmmod'ing the netfilter modules after you have cleared away the state related rules to make sure that you are only using static rules in netfilter...unless you have done that already.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > Yes, these figures indicate that you are fairly close to being cpu bound. > > What kind of filtering are you doing? If you have any connection > tracking/state related rules set, you will need to be using a fair > amount of cpu. Initially, when the load start going up, I had thought the APF filtering rules were the problem since the Indian fellow is still hammering away at the server even now. However, I've since taken the risk of turning off APF and rely on static iptables rules, which adds up to less than one screenful on SSH. I also thought it might had to do with exim/spamassassin but making a few changes to reduce the number of emails that goes to spamd doesn't seem to be helping much. In fact as you can see from the stats, load has gone up even further since. I've been averaging 10+ for the whole working day. At the moment it's between 6 to 10 when it should be at 0.3 from past months of logs. This is despite the fact most of my clients should be out celebrating New Year's Eve. From weeks of logs, the Indian spammer is also a very punctual fellow who should have knock off work about 17 minutes ago. So there shouldn't be any heavy 'known' activities on the server at this point. So I'm quite stumped as to what's chewing up the CPU cycles. I am also starting to worry if the server's been compromised and is now doing something I don't want it to be. I'm probably going to shutdown the mail/httpd services after midnight when the impact is the least and see how the server reacts for a couple of minutes with everything else cut off. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Christoph Maser wrote: > Am Donnerstag, den 31.12.2009, 12:34 +0100 schrieb Chan Chung Hang > Christopher: Look at the first two columns. What column have higher numbers? If r, you're CPU-bound. If b, you're I/O bound. >>> procs ---memory-- ---swap-- -io --system-- >>> -cpu-- >>> r b swpd free buff cache si sobibo in cs us sy id >>> wa st >>> 8 1 3092 131460 100692 83366800402110 4 1 92 >>> 2 0 >>> 9 1 3092 130708 100700 83501600 578 206 577 1420 32 50 3 >>> 15 0 >>> 7 1 3092 128324 100716 83614800 546 2866 594 1465 31 44 7 >>> 18 0 >>> 4 1 3092 126860 100724 83726800 540 256 596 1505 28 43 6 >>> 23 0 >>> 7 2 3092 125600 100740 83856400 620 234 661 1442 30 41 2 >>> 26 0 >>> 5 1 3092 124028 100756 83975200 570 2692 635 1430 24 45 6 >>> 25 0 >>> 6 0 3092 122040 100784 84096400 584 1464 682 1434 27 44 2 >>> 28 0 >>> 6 1 3092 120588 100792 84223200 602 278 624 1562 32 46 2 >>> 20 0 >>> 2 3 3092 120556 100840 84306400 440 2908 603 1299 22 35 6 >>> 37 0 >>> 3 1 3092 119832 100876 84408800 430 1104 605 1348 23 36 1 >>> 40 0 >>> >>> According to this, am I correct to conclude that I'm CPU bound and the >>> system is busy doing some unknown processing? >> Yes, these figures indicate that you are fairly close to being cpu bound. > > > Really? 20-30% user and ~40% sys/wait look more like I/O to mee. > user accounts for processing done by processes while sys accounts for processing done by the kernel (like netfilter) and idle tells you what is left. idle numbers are below 10 and near 0, that would be what I'd call nearly cpu bound. If he has high idle scores and high wa scores, then he'd be completely i/o bound. The last line there, he got a idle score of 1 while wa was 40 which indicates that even though if there is some i/o waiting, it is not starving the cpus. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Am Donnerstag, den 31.12.2009, 12:34 +0100 schrieb Chan Chung Hang Christopher: > >> Look at the first two columns. What column have higher numbers? If r, > >> you're CPU-bound. If b, you're I/O bound. > > > > procs ---memory-- ---swap-- -io --system-- > > -cpu-- > > r b swpd free buff cache si sobibo in cs us sy id > > wa st > > 8 1 3092 131460 100692 83366800402110 4 1 92 > > 2 0 > > 9 1 3092 130708 100700 83501600 578 206 577 1420 32 50 3 > > 15 0 > > 7 1 3092 128324 100716 83614800 546 2866 594 1465 31 44 7 > > 18 0 > > 4 1 3092 126860 100724 83726800 540 256 596 1505 28 43 6 > > 23 0 > > 7 2 3092 125600 100740 83856400 620 234 661 1442 30 41 2 > > 26 0 > > 5 1 3092 124028 100756 83975200 570 2692 635 1430 24 45 6 > > 25 0 > > 6 0 3092 122040 100784 84096400 584 1464 682 1434 27 44 2 > > 28 0 > > 6 1 3092 120588 100792 84223200 602 278 624 1562 32 46 2 > > 20 0 > > 2 3 3092 120556 100840 84306400 440 2908 603 1299 22 35 6 > > 37 0 > > 3 1 3092 119832 100876 84408800 430 1104 605 1348 23 36 1 > > 40 0 > > > > According to this, am I correct to conclude that I'm CPU bound and the > > system is busy doing some unknown processing? > > Yes, these figures indicate that you are fairly close to being cpu bound. Really? 20-30% user and ~40% sys/wait look more like I/O to mee. Chris financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
>> Look at the first two columns. What column have higher numbers? If r, >> you're CPU-bound. If b, you're I/O bound. > > procs ---memory-- ---swap-- -io --system-- > -cpu-- > r b swpd free buff cache si sobibo in cs us sy id wa > st > 8 1 3092 131460 100692 83366800402110 4 1 92 2 > 0 > 9 1 3092 130708 100700 83501600 578 206 577 1420 32 50 3 15 > 0 > 7 1 3092 128324 100716 83614800 546 2866 594 1465 31 44 7 18 > 0 > 4 1 3092 126860 100724 83726800 540 256 596 1505 28 43 6 23 > 0 > 7 2 3092 125600 100740 83856400 620 234 661 1442 30 41 2 26 > 0 > 5 1 3092 124028 100756 83975200 570 2692 635 1430 24 45 6 25 > 0 > 6 0 3092 122040 100784 84096400 584 1464 682 1434 27 44 2 28 > 0 > 6 1 3092 120588 100792 84223200 602 278 624 1562 32 46 2 20 > 0 > 2 3 3092 120556 100840 84306400 440 2908 603 1299 22 35 6 37 > 0 > 3 1 3092 119832 100876 84408800 430 1104 605 1348 23 36 1 40 > 0 > > According to this, am I correct to conclude that I'm CPU bound and the > system is busy doing some unknown processing? Yes, these figures indicate that you are fairly close to being cpu bound. What kind of filtering are you doing? If you have any connection tracking/state related rules set, you will need to be using a fair amount of cpu. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > Dstat could at least tell you if your problem is CPU or I/O. This was the result of running the following command which I obtained from reading up about two weeks ago when I started trying to investigate the abnormal server behaviour. dstat -c --top-cpu -d --top-bio --top-latency usr sys idl wai hiq siq| cpu process | read writ| latency process 4 1 93 2 0 0|mysqld 0.0| 80k 82k|khelper 8 42 46 0 12 0 0|httpd 12| 648k0 |ksoftirqd/0 111 26 37 12 26 0 0|httpd1.5| 520k 11M|ksoftirqd/175 23 49 8 19 0 0|exim 1.0| 652k 16k|ksoftirqd/044 26 44 3 28 0 0|exim 1.0| 652k 1296k|ksoftirqd/044 32 41 4 23 0 0|exim 1.5| 620k 16k|ksoftirqd/050 28 52 3 16 0 0|exim 1.5| 700k0 |ksoftirqd/147 21 41 11 28 0 0|exim 1.0| 556k 11M|ksoftirqd/079 27 46 3 24 0 0|exim 1.5| 684k 16k|ksoftirqd/140 29 45 2 24 0 0|exim 1.0| 672k 944k|ksoftirqd/025 28 33 3 37 0 0|httpd 14| 852k 5992k|ksoftirqd/139 36 39 2 23 0 0|httpd5.0|1024k0 |ksoftirqd/084 > Even better, run > > vmstat 2 10 > > Look at the first two columns. What column have higher numbers? If r, > you're CPU-bound. If b, you're I/O bound. procs ---memory-- ---swap-- -io --system-- -cpu-- r b swpd free buff cache si sobibo in cs us sy id wa st 8 1 3092 131460 100692 83366800402110 4 1 92 2 0 9 1 3092 130708 100700 83501600 578 206 577 1420 32 50 3 15 0 7 1 3092 128324 100716 83614800 546 2866 594 1465 31 44 7 18 0 4 1 3092 126860 100724 83726800 540 256 596 1505 28 43 6 23 0 7 2 3092 125600 100740 83856400 620 234 661 1442 30 41 2 26 0 5 1 3092 124028 100756 83975200 570 2692 635 1430 24 45 6 25 0 6 0 3092 122040 100784 84096400 584 1464 682 1434 27 44 2 28 0 6 1 3092 120588 100792 84223200 602 278 624 1562 32 46 2 20 0 2 3 3092 120556 100840 84306400 440 2908 603 1299 22 35 6 37 0 3 1 3092 119832 100876 84408800 430 1104 605 1348 23 36 1 40 0 According to this, am I correct to conclude that I'm CPU bound and the system is busy doing some unknown processing? > Did you check if you have a defect disk or a rebuilding array? That > could be the cause. I usually run a "cat /proc/mdstat" whenever I log into the server to check my MD raid status. So far the array appears ok. There are no disk warning when I run "dmesg". smartctl also reports no error logged and passed for both disks, although no self test was ran. Would I be safe to conclude that the disks are OK and not part of the problem? Thanks again to everybody for the suggestions and help so far. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > You should also try out "atop" instead of just using top. The major > advantage is that it gives you more information about the disk and > network utilization. Thanks for the tip, I tried it and if the red lines are any indication, it seems that atop thinks my disks (md raid 1) are the problem being busy over 60~70% of the time. However that is sort of expected since most of the expected activity on the server is smtp/pop3. Unfortunately, I did not know about atop previously and don't have a baseline to compare against :( ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > > since initially it seems like the high load may be due to I/O wait > Maybe this will help you to identify the IO loading process: > > http://dag.wieers.com/blog/red-hat-backported-io-accounting-to-rhel5 Thanks for the suggestion, I did install dstat earlier while trying to figure things out on my own. However, I think my kernel being the older version does not support the latest feature the website was pointing out. Given that it's a live server not within physical touch, I'm a little wary of doing kernel updates that might just kill it :D I'll try other methods first and see if they help, if not, I'll probably have to bite the bullet and do it over a weekend where I get more time to repair any inadvertent damage. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
On 2009-12-29 23:44, Noob Centos Admin wrote: > My Centos 5 server has seen the average load jumped through the roof > recently despite having no major additional clients placed on it. > Previously, I was looking at an average of less than 0.6 load, I had a > monitoring script that sends an email warning me if the current load > stayed above 0.6 for more than 2 minutes. This script used to trigger > perhaps once an hour during peak periods. Even so, I seldom see numbers > higher than 1.x > > On 4th Dec, somebody from an Indian IP range started hammering my SMTP > service, attempting to use it as an open relay. Naturally that didn't > work and only end up budging my typical 400KB daily log report into > 2MB~4MB affairs. > > After observing a few days to determine the IP range, I started blocking > the Indian subnet with apf. Initially I had problems with getting apf to > wok properly but after a couple of days managed to get the block working > and my daily log went back down to expected size when all those > connection attempts disappear from exim's log. > > Now this is when my server load started to shoot through the roof with > figures like 8.64 5.90 3.62 being reported by my monitoring script, > triggering so often. I had to raise my threshold to 1.6 to keep my own > script from spamming myself. > > I've tried changing several things on the server, since initially it > seems like the high load may be due to I/O wait. So I turning off > non-essential services like OpenNMS to see if that had any effect. I > also turned off apf and inserted rules manually into iptables to reduce > the number of iptable rules the system has to process. > > All that doesn't seem to help much, I'm still getting consistent server > loads in the 2.x to 3.x range almost all the time. > > The problem is using top, none of my processes are showing abnormal > CPU%, most are well under 5%, manually adding them up doesn't equate the > 200% to 300% the load figures of 2.x and 3.x are indicating. > > Even top's own summary says CPU % is in the 20~30% range, what's > worrying is the System% is also in the same range. I have no idea what > is "system" doing since it appears that anything running inside the > kernel is lumped under "system". Or why even totalling both % up, I > would expect 50~60% to translate to the expected load of 0.5~0.6 yet > system load stats is 5x what's expected. > > I've installed utilities like dstat to try to see if I can figure out > which process is making the system calls that is clogging up the server > but either I don't understand it or it's not the right tool. > > So I'll appreciate some advice on how/what should I do next to identify > the cause. Thanks in advance! Dstat could at least tell you if your problem is CPU or I/O. Even better, run vmstat 2 10 Look at the first two columns. What column have higher numbers? If r, you're CPU-bound. If b, you're I/O bound. If you're I/O bound, I suggest you use atop to determine which processes take disk time. You can also use iostat -x 2 10. I really suggest you read on vmstat and iostat, they will always be helpful. Did you check if you have a defect disk or a rebuilding array? That could be the cause. Regards, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
On 12/29/2009 11:44 PM, Noob Centos Admin wrote: > My Centos 5 server has seen the average load jumped through the roof > recently despite having no major additional clients placed on it. > Previously, I was looking at an average of less than 0.6 load, I had a > monitoring script that sends an email warning me if the current load > stayed above 0.6 for more than 2 minutes. This script used to trigger > perhaps once an hour during peak periods. Even so, I seldom see numbers > higher than 1.x > You should also try out "atop" instead of just using top. The major advantage is that it gives you more information about the disk and network utilization. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Am Mittwoch, den 30.12.2009, 05:44 +0100 schrieb Noob Centos Admin: > since initially it seems like the high load may be due to I/O wait Maybe this will help you to identify the IO loading process: http://dag.wieers.com/blog/red-hat-backported-io-accounting-to-rhel5 Chris financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
On Dec 30, 2009, at 1:05 AM, Noob Centos Admin wrote: > Hi, > >> Try blocking the IPs on the router and see if that helps. > > Unfortunately the server's in a DC so the router is not under our > control. That sucks, oh well. >> You can also run iostat and look at the disk usage which also >> generates load. > > I did try iostat and its iowait% did coincide with top's report, which > is basically in the low 1~2%. > > However, iostat reports much lower %user and $system compared to top > running at the same time so I'm not quite sure if I can rely on its > figures. Yes, I'm not sure iostat's CPU numbers represent the full CPU utilization, or only the CPU utilization for IO. >> How many cores does your machine have? Load avg is calculated for a >> single core, so a quad core would reach 100% utilization at a load of >> 4, but high iowaits can generate an artificially high load avg as >> well >> (and why one sees greater than 100% utilization). > > It's a dual core that's why I was getting concerned since loads above > 2.0 would imply the system's processing capacity was apparently maxed. > However, load and percentages don't add up. They never do because of the time scaled averages. > For example, now I'm seeing > top - 14:04:30 up 171 days, 7:14, 1 user, load average: 3.33, > 3.97, 3.81 > Tasks: 246 total, 2 running, 236 sleeping, 0 stopped, 8 zombie > Cpu(s): 13.3%us, 16.0%sy, 0.0%ni, 67.5%id, 3.0%wa, 0.0%hi, > 0.2%si, 0.0%st > > iostat > Linux 2.6.18-128.1.16.el5xen 12/30/2009 > avg-cpu: %user %nice %system %iowait %steal %idle > 3.280.201.162.380.01 92.97 > > >> I really wish load would be broken down as CPU/memory/disk instead of >> the ambiguous load avg, and show network read/write utilization in >> ifconfig. > > Totally agreed. All the load number is doing is telling me something > is using up resources somewhere but not a single clue otherwise! > Confusing, frustrating and worrying at the same time :( Maybe someone could write a command-line utility that outputs the system load broken down into CPU/memory/disk/network. Call it 'sysload' and take the system configuration into account. Take a look at your iptables setup, make sure the blocked ip rules are checked first before any other and drop the packets without any icmp (give em a black hole to stare at). -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Noob Centos Admin wrote: > However, iostat reports much lower %user and $system compared to top > running at the same time so I'm not quite sure if I can rely on its > figures. > ... > iostat > Linux 2.6.18-128.1.16.el5xen 12/30/2009 > avg-cpu: %user %nice %system %iowait %steal %idle >3.280.201.162.380.01 92.97 > iostat, if run with no parameters shows the average since reboot or statistics reset. run `iostat -x 5` to a) show details on all devices, and B) show 5 second samples.ignore the first output as thats average. the 2nd and beyond outputs represent 5 second samples. note, btw, 'load average' isn't CPU usage, its the number of processes that are waiting to run. a load average of 8 means there are 8 processes waiting to use system resources. this does include processes in iowait, but doesn't include processes that are sleeping on semaphores and such, so it can be quite a lot higher than the cpu workload. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > Try blocking the IPs on the router and see if that helps. Unfortunately the server's in a DC so the router is not under our control. > You can also run iostat and look at the disk usage which also > generates load. I did try iostat and its iowait% did coincide with top's report, which is basically in the low 1~2%. However, iostat reports much lower %user and $system compared to top running at the same time so I'm not quite sure if I can rely on its figures. > How many cores does your machine have? Load avg is calculated for a > single core, so a quad core would reach 100% utilization at a load of > 4, but high iowaits can generate an artificially high load avg as well > (and why one sees greater than 100% utilization). It's a dual core that's why I was getting concerned since loads above 2.0 would imply the system's processing capacity was apparently maxed. However, load and percentages don't add up. For example, now I'm seeing top - 14:04:30 up 171 days, 7:14, 1 user, load average: 3.33, 3.97, 3.81 Tasks: 246 total, 2 running, 236 sleeping, 0 stopped, 8 zombie Cpu(s): 13.3%us, 16.0%sy, 0.0%ni, 67.5%id, 3.0%wa, 0.0%hi, 0.2%si, 0.0%st iostat Linux 2.6.18-128.1.16.el5xen 12/30/2009 avg-cpu: %user %nice %system %iowait %steal %idle 3.280.201.162.380.01 92.97 > I really wish load would be broken down as CPU/memory/disk instead of > the ambiguous load avg, and show network read/write utilization in > ifconfig. Totally agreed. All the load number is doing is telling me something is using up resources somewhere but not a single clue otherwise! Confusing, frustrating and worrying at the same time :( ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Hi, > last time I saw something like that, it was a bunch of chinese 'bots' > hammering on my public services like ssh. >another admin had turned > pop3 on too, this created a very heavy load yet they didn't show up in > top (bunches of pop3 and ssh processes showed up in ps -auxww, > however, plug netstat -an Unfortunately the server is meant for web/email purposes so I can't turn off pop3/smtp. Naturally ps shows up a lot of httpd/mysql & exim/dovecot processes but a cursory glance doesn't see any suspicious IPs. Similarly, I did a quick look at netstat -an and most of the IP are from local ISP that my clients are using. One thing that occurred to me is, does using iptables to block smtp attempt uses more "system" resources as opposed to letting the bot flood my smtp logs with pointless attempts? :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
On Dec 29, 2009, at 11:44 PM, Noob Centos Admin wrote: > My Centos 5 server has seen the average load jumped through the roof > recently despite having no major additional clients placed on it. > Previously, I was looking at an average of less than 0.6 load, I had > a monitoring script that sends an email warning me if the current > load stayed above 0.6 for more than 2 minutes. This script used to > trigger perhaps once an hour during peak periods. Even so, I seldom > see numbers higher than 1.x > > On 4th Dec, somebody from an Indian IP range started hammering my > SMTP service, attempting to use it as an open relay. Naturally that > didn't work and only end up budging my typical 400KB daily log > report into 2MB~4MB affairs. > > After observing a few days to determine the IP range, I started > blocking the Indian subnet with apf. Initially I had problems with > getting apf to wok properly but after a couple of days managed to > get the block working and my daily log went back down to expected > size when all those connection attempts disappear from exim's log. > > Now this is when my server load started to shoot through the roof > with figures like 8.64 5.90 3.62 being reported by my monitoring > script, triggering so often. I had to raise my threshold to 1.6 to > keep my own script from spamming myself. > > I've tried changing several things on the server, since initially it > seems like the high load may be due to I/O wait. So I turning off > non-essential services like OpenNMS to see if that had any effect. I > also turned off apf and inserted rules manually into iptables to > reduce the number of iptable rules the system has to process. > > All that doesn't seem to help much, I'm still getting consistent > server loads in the 2.x to 3.x range almost all the time. > > The problem is using top, none of my processes are showing abnormal > CPU%, most are well under 5%, manually adding them up doesn't equate > the 200% to 300% the load figures of 2.x and 3.x are indicating. > > Even top's own summary says CPU % is in the 20~30% range, what's > worrying is the System% is also in the same range. I have no idea > what is "system" doing since it appears that anything running inside > the kernel is lumped under "system". Or why even totalling both % > up, I would expect 50~60% to translate to the expected load of > 0.5~0.6 yet system load stats is 5x what's expected. > > I've installed utilities like dstat to try to see if I can figure > out which process is making the system calls that is clogging up the > server but either I don't understand it or it's not the right tool. > > So I'll appreciate some advice on how/what should I do next to > identify the cause. Thanks in advance! Try blocking the IPs on the router and see if that helps. You can also run iostat and look at the disk usage which also generates load. How many cores does your machine have? Load avg is calculated for a single core, so a quad core would reach 100% utilization at a load of 4, but high iowaits can generate an artificially high load avg as well (and why one sees greater than 100% utilization). I really wish load would be broken down as CPU/memory/disk instead of the ambiguous load avg, and show network read/write utilization in ifconfig. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find reason for heavy load
Noob Centos Admin wrote: > My Centos 5 server has seen the average load jumped through the roof > recently despite having no major additional clients placed on it. > Previously, I was looking at an average of less than 0.6 load, I had a > monitoring script that sends an email warning me if the current load > stayed above 0.6 for more than 2 minutes. This script used to trigger > perhaps once an hour during peak periods. Even so, I seldom see > numbers higher than 1.x > > On 4th Dec, somebody from an Indian IP range started hammering my SMTP > service, attempting to use it as an open relay. Naturally that didn't > work and only end up budging my typical 400KB daily log report into > 2MB~4MB affairs. > > After observing a few days to determine the IP range, I started > blocking the Indian subnet with apf. Initially I had problems with > getting apf to wok properly but after a couple of days managed to get > the block working and my daily log went back down to expected size > when all those connection attempts disappear from exim's log. > > Now this is when my server load started to shoot through the roof with > figures like 8.64 5.90 3.62 being reported by my monitoring script, > triggering so often. I had to raise my threshold to 1.6 to keep my own > script from spamming myself. > > I've tried changing several things on the server, since initially it > seems like the high load may be due to I/O wait. So I turning off > non-essential services like OpenNMS to see if that had any effect. I > also turned off apf and inserted rules manually into iptables to > reduce the number of iptable rules the system has to process. > > All that doesn't seem to help much, I'm still getting consistent > server loads in the 2.x to 3.x range almost all the time. > > The problem is using top, none of my processes are showing abnormal > CPU%, most are well under 5%, manually adding them up doesn't equate > the 200% to 300% the load figures of 2.x and 3.x are indicating. > > Even top's own summary says CPU % is in the 20~30% range, what's > worrying is the System% is also in the same range. I have no idea what > is "system" doing since it appears that anything running inside the > kernel is lumped under "system". Or why even totalling both % up, I > would expect 50~60% to translate to the expected load of 0.5~0.6 yet > system load stats is 5x what's expected. > > I've installed utilities like dstat to try to see if I can figure out > which process is making the system calls that is clogging up the > server but either I don't understand it or it's not the right tool. > > So I'll appreciate some advice on how/what should I do next to > identify the cause. Thanks in advance! last time I saw something like that, it was a bunch of chinese 'bots' hammering on my public services like ssh. another admin had turned pop3 on too, this created a very heavy load yet they didn't show up in top (bunches of pop3 and ssh processes showed up in ps -auxww, however, plug netstat -an ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Find reason for heavy load
My Centos 5 server has seen the average load jumped through the roof recently despite having no major additional clients placed on it. Previously, I was looking at an average of less than 0.6 load, I had a monitoring script that sends an email warning me if the current load stayed above 0.6 for more than 2 minutes. This script used to trigger perhaps once an hour during peak periods. Even so, I seldom see numbers higher than 1.x On 4th Dec, somebody from an Indian IP range started hammering my SMTP service, attempting to use it as an open relay. Naturally that didn't work and only end up budging my typical 400KB daily log report into 2MB~4MB affairs. After observing a few days to determine the IP range, I started blocking the Indian subnet with apf. Initially I had problems with getting apf to wok properly but after a couple of days managed to get the block working and my daily log went back down to expected size when all those connection attempts disappear from exim's log. Now this is when my server load started to shoot through the roof with figures like 8.64 5.90 3.62 being reported by my monitoring script, triggering so often. I had to raise my threshold to 1.6 to keep my own script from spamming myself. I've tried changing several things on the server, since initially it seems like the high load may be due to I/O wait. So I turning off non-essential services like OpenNMS to see if that had any effect. I also turned off apf and inserted rules manually into iptables to reduce the number of iptable rules the system has to process. All that doesn't seem to help much, I'm still getting consistent server loads in the 2.x to 3.x range almost all the time. The problem is using top, none of my processes are showing abnormal CPU%, most are well under 5%, manually adding them up doesn't equate the 200% to 300% the load figures of 2.x and 3.x are indicating. Even top's own summary says CPU % is in the 20~30% range, what's worrying is the System% is also in the same range. I have no idea what is "system" doing since it appears that anything running inside the kernel is lumped under "system". Or why even totalling both % up, I would expect 50~60% to translate to the expected load of 0.5~0.6 yet system load stats is 5x what's expected. I've installed utilities like dstat to try to see if I can figure out which process is making the system calls that is clogging up the server but either I don't understand it or it's not the right tool. So I'll appreciate some advice on how/what should I do next to identify the cause. Thanks in advance! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find latest version of rpms from a mirror
From: john blair > I want to write a script to find the latest version of rpm of a given package > available from a mirror for eg: > http://mirror.centos.org/centos/5/os/x86_64/CentOS/ > Is there any existing script that does this? Or can someone give me a general > idea on how to go about this? Example: URL='http://mirror.centos.org/centos/5/os/x86_64/CentOS/' PKG=... links -dump $URL | grep "$URL$PKG-[0-9]" | cut -f2 -d' ' Replace with 'cut -d'/' -f9' if you don't want the full URL... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find latest version of rpms from a mirror
I should have mentioned that I am looking for a solution that I can even run from my debian box (i.e no yum) --- On Thu, 12/10/09, john blair wrote: > From: john blair > Subject: [CentOS] find latest version of rpms from a mirror > To: centos@centos.org > Date: Thursday, December 10, 2009, 12:20 PM > I want to write a script to find the > latest version of rpm of a given package available from a > mirror for eg: http://mirror.centos.org/centos/5/os/x86_64/CentOS/ > Is there any existing script that does this? Or can someone > give me a general idea on how to go about this? > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find latest version of rpms from a mirror
john blair wrote: > I want to write a script to find the latest version of rpm of a given package > available from a mirror for eg: > http://mirror.centos.org/centos/5/os/x86_64/CentOS/ > Is there any existing script that does this? Or can someone give me a general > idea on how to go about this? > yum list packagename ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] find latest version of rpms from a mirror
I want to write a script to find the latest version of rpm of a given package available from a mirror for eg: http://mirror.centos.org/centos/5/os/x86_64/CentOS/ Is there any existing script that does this? Or can someone give me a general idea on how to go about this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out which website is used for sending email?
Lucian @ lastdot.org wrote: > What you need is this: > http://choon.net/php-mail-header.php > > But this requires recompiling PHP.. > you're assuming this is being done via PHP, it could as easily be coming from a bad perl CGI or another similar exploitable web service. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
