Jeffrey E Burgoyne wrote:
>
> Actually I think the behavior is the same, but the entry in
> the logs is different. I know in 1.3 it was chronological,
> which leads me to believe it was actually the finish time not
> the end time.
Where is the difference between the finish time and the end time ? Isn't that
the same ?
> And yes you are correct about the ten hours, although that
> really seems odd if not downright impossible now that you
> point that out. I did not notice the time lag.
>
> I'd definitely use the %T to ensure those numbers are
> correct. Not saying they are incorrect, but they are well
> beyond anything I have seen or could imagine.
>
> >
I think i've been the victim of a DOS, realised with a SYN Flood. I'm not sure,
but if yes, that's the first time.
Currently i try to understand what happened. I have an entry in error_log which
hit me on that idea:
"[Sat Apr 23 15:19:02 2011] [error] server reached MaxClients setting, consider
raising the MaxClients setting"
This is strange because this server has very rare visits, normally just my
monitoring tool which checks the webserver every two minutes.
This tool (ServersAlive, a windows application) never caused any problems. And
beginning from saturday 15:30 the tool complains that it can't access the
webserver.
I had a lot of sockets on the webserver:
tcp 133 0 146.107.x.x:80 146.107.135.80:3134 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3370 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3102 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3351 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3083 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3333 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3170 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3152 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3393 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3247 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3218 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3059 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3312 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3293 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3030 CLOSE_WAIT -
tcp 133 0 146.107.x.x:80 146.107.135.80:3269 CLOSE_WAIT -
...
The IP 146.107.135.80 is the WinBox my monitoring tool is running on.
Also "top" on the linux box running the apache was very interesting:
top - 13:17:45 up 25 days, 23:40, 4 users, load average: 155.00, 155.01,
155.03
Tasks: 587 total, 1 running, 586 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2% us, 0.3% sy, 0.0% ni, 0.0% id, 99.5% wa, 0.0% hi, 0.0% si
Mem: 2075564k total, 1802740k used, 272824k free, 130936k buffers
Swap: 1028152k total, 0k used, 1028152k free, 914700k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
12820 root 17 0 2028 1236 1540 R 1.0 0.1 0:00.23 top
1 root 16 0 588 240 444 S 0.0 0.0 0:22.23 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.22 ksoftirqd/0
The load average is ... impressing. But working on the bash, the server reacted
normally.
Also the CPU time for IO-waiting (99.5% wa) was extremly high, although the led
for harddisk activity didn't flash often.
Bernd
> > Jeffrey E Burgoyne wrote:
> >
> >>
> >> The time listed is the time the request was received and
> the order is
> >> based on the time it finished is the most likely culprit. Requests
> >> taking longer will cause this.
> >>
> >> You can verify by adding %T parameter to your logging as
> that gives
> >> you the time it took to finish the request.
> >>
> >
> > Thanks for the explaination. I will add the %T in my logs. Is the
> > behaviour in Apache 1.3 and 2 the same ?
> > Concerning my requests that would mean that some requests needed
> > nearly 10 hours to be served, right ?
> >
> >>
> >>
> >
Helmholtz Zentrum München
Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe
Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum
Registergericht: Amtsgericht München HRB 6466
USt-IdNr: DE 129521671
