ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

lfd memory & performance issues

https://mail.forum.configserver.com/viewtopic.php?t=10072

Page 1 of 1

lfd memory & performance issues

Posted: 22 Feb 2017, 12:46
by sozotech
For the last week or so a server has had a very high load. The server has 4G of RAM and only has 6 websites on it and they are very low usage. When viewing the top processes LFD is always the top process and throughout the day, I get email notices from the server that it is out of memory and has killed and restarted lfd. Here is the top process on the server currently showing it using 60% of memory and 100% CPU.

Code: Select all

PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

 293818 root      20   0 2453m 2.2g  628 R 100.0 60.3   0:08.68 lfd - (child) Stats Report...
In monitoring the lfd.log it appears the server is mainly blocking port scans. I don't really see much else in terms of other failed service logins blocked.

Code: Select all

Feb 22 07:40:28 fre-he-ds10 lfd[498049]: *Port Scan* detected from 65.48.199.128 (BB/Barbados/-). 1 hits in the last 72 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]
Feb 22 07:40:28 fre-he-ds10 lfd[498076]: *, at line 65.48.199.128
Feb 22 07:40:29 fre-he-ds10 lfd[498080]: Incoming IP 116.101.156.10 temporary block removed
Feb 22 07:40:29 fre-he-ds10 lfd[498080]: Incoming IP 189.14.60.246 temporary block removed
Feb 22 07:40:51 fre-he-ds10 lfd[498094]: *Port Scan* detected from 85.96.203.135 (TR/Turkey/85.96.203.135.dynamic.ttnet.com.tr). 1 hits in the last 97 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]
Feb 22 07:40:51 fre-he-ds10 lfd[498108]: *, at line 85.96.203.135
Feb 22 07:40:53 fre-he-ds10 lfd[498096]: *Port Scan* detected from 171.235.143.158 (VN/Vietnam/-). 1 hits in the last 97 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]
Feb 22 07:40:53 fre-he-ds10 lfd[498110]: *, at line 171.235.143.158
Feb 22 07:40:54 fre-he-ds10 lfd[498111]: Incoming IP 117.87.251.62 temporary block removed
Feb 22 07:40:55 fre-he-ds10 lfd[498111]: Incoming IP 112.93.254.20 temporary block removed
If I restart LFD the load goes down temporarily but then continues to climb. I am somewhat at a loss as to what to do to correct this issue. Can anyone give me tips or pointers on how to address this issue?

Thanks in advance,
Eric

Re: lfd memory & performance issues

Posted: 22 Feb 2017, 13:10
by sozotech
Hate to reply to my own post, but I think the PS_LIMIT was set too low basically blocking almost everything and thus causing the load issue. I am going to monitor it but it looks good after changing it to around 20.

Eric

Re: lfd memory & performance issues

Posted: 11 Mar 2017, 12:29
by pelligrag
Hello,

try to set RESTRICT_SYSLOG to 3, this should help you.

Best Regards

Re: lfd memory & performance issues

Posted: 14 Mar 2017, 16:21
by pelligrag
Update: set ST_ENABLE=0 to disable lfd report statistic and restart csf & lfs
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited