On 26/06/11 21:24, Go Wow wrote:
Hi,

  I'm using squid 3.1.8 on centos 5.4 with 3.8GB RAM and Dual Core
Processor. My swap is been used and 50% of RAM is used by cache&
buffers. Below link has one week's memory&  CPU utilization
information in form of graph.

Memory usage -->  http://img.myph.us/Cr8.jpg
CPU usage -->  http://img.myph.us/PgM.jpg

I'm worried as to why the usage of swap is coming into picture,
logically if Swap is used then I need to increase the RAM but this
machine is serving only 12 users.

  My squid.conf is here

auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 10
auth_param negotiate keep_alive on
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 8
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic credentialsttl 4 hour
auth_param basic casesensitive off
auth_param basic children 7
auth_param basic realm DOMAINNAME
authenticate_cache_garbage_interval 10 seconds
authenticate_ttl 0 seconds
acl ad-auth proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl allow_localnet dst 192.168.110.0/24 192.168.188.0/24
acl allow_localdomain dstdomain .domain.com
acl local_net_dst dst  192.168.117.0/24
acl local_net_src src  192.168.117.0/24
acl Unsafe_Ports port 5050 843 5100 5101 5000-5010 9085
acl Unsafe_Ports port 1863
acl Unsafe_Ports port 5222
acl SSL_ports port 443
acl Safe_ports port 80 53 3268 88 5060 5061 5062 5075 5076 5077 50636
587 50389 58941 110 995 993 143 389 636 119 25 465 135 102 3000  #
http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow localhost allow_localnet allow_localdomain
http_access allow manager localhost
http_access allow ad-auth

http_access deny manager
http_access deny Unsafe_Ports !Safe_ports

That wont work. Please see:
 http://wiki.squid-cache.org/SquidFaq/SquidAcls#Common_Mistakes

http_access deny CONNECT !SSL_ports

None of these security checks will have any effect. You have placed all
of the allows above them to happen first.

http_access deny all
redirect_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
redirect_children 15
icp_access deny all
htcp_access deny all
http_port 3128
cache_mem 128 MB
cache_dir aufs /var/squid/cache 128 16 256
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0

Broken pattern. Use this instead:
  -i (/cgi-bin/|\?)

refresh_pattern .               0       20%     4320
icp_port 3130
pipeline_prefetch off
#delay_pools 2
#delay_class 1 4
#delay_class 2 4
#delay_access 1 allow local_net_src
#delay_access 2 allow local_net_dst
#delay_parameters 1 -1/-1 -1/-1 -1/-1 51200/51200
#delay_parameters 2 -1/-1 -1/-1 -1/-1 -1/-1
#delay_initial_bucket_level 75
httpd_suppress_version_string on
forwarded_for off
hosts_file /etc/hosts
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 50 KB
memory_pools off
maximum_object_size 50 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off


I had delay pools but I later disabled them as well.

Are you sure it is Squid consuming that memory? Its possibly another application. If you are sure it is Squid please upgrade to a later version. There were some memory overuse issues fixed between 3.1.8 and 3.1.11.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.9 and 3.1.12.3

Reply via email to