I've started getting a report from chkservd multiple times per minute that our cxswatch service is down.
How can I troubleshoot this to see why it's crashing and fix it?
I can post the emailed report, if that helps.
Our cxswatch service keeps failing, how to troubleshoot?
-
bblsystems
- Junior Member
- Posts: 2
- Joined: 07 Jul 2016, 15:39
Re: Our cxswatch service keeps failing, how to troubleshoot?
Have you checked the cxswatch log to verify whether cxswatch is actually running or if there are any errors? If cxswatch is running and there are no errors in the cxswatch log, then it sounds like a problem with chkservd rather than cxswatch.
-
bblsystems
- Junior Member
- Posts: 2
- Joined: 07 Jul 2016, 15:39
Re: Our cxswatch service keeps failing, how to troubleshoot?
The alerts stopped on their own since I made that initial post. The only thing I noticed the log was the following sequence repeated over and over, every 7 minutes or so for about 18 hours
Jul 6 15:10:15 host1 cxswatch[645986]: daemon stopped
Jul 6 15:10:15 host1 cxswatch[645987]: daemon stopped
Jul 6 15:10:15 host1 cxswatch[645988]: daemon stopped
Jul 6 15:15:53 host1 cxswatch[2523]: Startup...
Jul 6 15:15:53 host1 cxswatch[2523]: (/usr/sbin/cxs --allusers --nobayes --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:15:53 host1 cxswatch[2523]: Starting 3 children...
Jul 6 15:15:53 host1 cxswatch[2524]: Child 1 running
Jul 6 15:15:53 host1 cxswatch[2525]: Child 2 running
Jul 6 15:15:53 host1 cxswatch[2523]: Setting up Watch Points...
Jul 6 15:15:53 host1 cxswatch[2527]: Child 3 running
Jul 6 15:22:11 host1 cxswatch[3675]: Startup...
Jul 6 15:22:11 host1 cxswatch[3675]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:22:11 host1 cxswatch[3675]: Starting 3 children...
Jul 6 15:22:11 host1 cxswatch[3676]: Child 1 running
Jul 6 15:22:11 host1 cxswatch[3677]: Child 2 running
Jul 6 15:22:11 host1 cxswatch[3675]: Setting up Watch Points...
Jul 6 15:22:11 host1 cxswatch[3678]: Child 3 running
(REPEATS)
Jul 7 09:07:18 host1 cxswatch[143047]: Startup...
Jul 7 09:07:18 host1 cxswatch[143047]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 7 09:07:18 host1 cxswatch[143047]: Starting 3 children...
Jul 7 09:07:18 host1 cxswatch[143048]: Child 1 running
Jul 7 09:07:18 host1 cxswatch[143049]: Child 2 running
Jul 7 09:07:18 host1 cxswatch[143047]: Setting up Watch Points...
Jul 7 09:07:18 host1 cxswatch[143050]: Child 3 running
Jul 7 09:12:58 host1 cxswatch[143621]: Startup...
Jul 7 09:12:58 host1 cxswatch[143621]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 7 09:12:58 host1 cxswatch[143621]: Starting 3 children...
Jul 7 09:12:58 host1 cxswatch[143622]: Child 1 running
Jul 7 09:12:58 host1 cxswatch[143623]: Child 2 running
Jul 7 09:12:58 host1 cxswatch[143621]: Setting up Watch Points...
Jul 7 09:12:58 host1 cxswatch[143624]: Child 3 running
Jul 7 09:12:59 host1 cxswatch[143621]: ....(46) admin (/home/admin/public_html) start
Jul 7 09:13:00 host1 cxswatch[143621]: ....(46) admin (/home/admin/public_html) finish (317 watches)
Jul 7 09:13:00 host1 cxswatch[143621]: ....(45) bbl (/home/bbl/public_html) start
Jul 6 15:10:15 host1 cxswatch[645986]: daemon stopped
Jul 6 15:10:15 host1 cxswatch[645987]: daemon stopped
Jul 6 15:10:15 host1 cxswatch[645988]: daemon stopped
Jul 6 15:15:53 host1 cxswatch[2523]: Startup...
Jul 6 15:15:53 host1 cxswatch[2523]: (/usr/sbin/cxs --allusers --nobayes --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:15:53 host1 cxswatch[2523]: Starting 3 children...
Jul 6 15:15:53 host1 cxswatch[2524]: Child 1 running
Jul 6 15:15:53 host1 cxswatch[2525]: Child 2 running
Jul 6 15:15:53 host1 cxswatch[2523]: Setting up Watch Points...
Jul 6 15:15:53 host1 cxswatch[2527]: Child 3 running
Jul 6 15:22:11 host1 cxswatch[3675]: Startup...
Jul 6 15:22:11 host1 cxswatch[3675]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:22:11 host1 cxswatch[3675]: Starting 3 children...
Jul 6 15:22:11 host1 cxswatch[3676]: Child 1 running
Jul 6 15:22:11 host1 cxswatch[3677]: Child 2 running
Jul 6 15:22:11 host1 cxswatch[3675]: Setting up Watch Points...
Jul 6 15:22:11 host1 cxswatch[3678]: Child 3 running
(REPEATS)
Jul 7 09:07:18 host1 cxswatch[143047]: Startup...
Jul 7 09:07:18 host1 cxswatch[143047]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 7 09:07:18 host1 cxswatch[143047]: Starting 3 children...
Jul 7 09:07:18 host1 cxswatch[143048]: Child 1 running
Jul 7 09:07:18 host1 cxswatch[143049]: Child 2 running
Jul 7 09:07:18 host1 cxswatch[143047]: Setting up Watch Points...
Jul 7 09:07:18 host1 cxswatch[143050]: Child 3 running
Jul 7 09:12:58 host1 cxswatch[143621]: Startup...
Jul 7 09:12:58 host1 cxswatch[143621]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 7 09:12:58 host1 cxswatch[143621]: Starting 3 children...
Jul 7 09:12:58 host1 cxswatch[143622]: Child 1 running
Jul 7 09:12:58 host1 cxswatch[143623]: Child 2 running
Jul 7 09:12:58 host1 cxswatch[143621]: Setting up Watch Points...
Jul 7 09:12:58 host1 cxswatch[143624]: Child 3 running
Jul 7 09:12:59 host1 cxswatch[143621]: ....(46) admin (/home/admin/public_html) start
Jul 7 09:13:00 host1 cxswatch[143621]: ....(46) admin (/home/admin/public_html) finish (317 watches)
Jul 7 09:13:00 host1 cxswatch[143621]: ....(45) bbl (/home/bbl/public_html) start
Re: Our cxswatch service keeps failing, how to troubleshoot?
I had the exact same problem last night after the last upcp in some servers, same error as above and if has been fixed on its own after some hours. Did you find any more info on this please?bblsystems wrote: Jul 6 15:15:53 host1 cxswatch[2523]: (/usr/sbin/cxs --allusers --nobayes --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:15:53 host1 cxswatch[2523]: Starting 3 children...
Jul 6 15:15:53 host1 cxswatch[2524]: Child 1 running
Jul 6 15:15:53 host1 cxswatch[2525]: Child 2 running
Jul 6 15:15:53 host1 cxswatch[2523]: Setting up Watch Points...
Jul 6 15:15:53 host1 cxswatch[2527]: Child 3 running
Jul 6 15:22:11 host1 cxswatch[3675]: Startup...