Page 1 of 1
Our cxswatch service keeps failing, how to troubleshoot?
Posted: 07 Jul 2016, 15:49
by bblsystems
I've started getting a report from chkservd multiple times per minute that our cxswatch service is down.
How can I troubleshoot this to see why it's crashing and fix it?
I can post the emailed report, if that helps.
Re: Our cxswatch service keeps failing, how to troubleshoot?
Posted: 07 Jul 2016, 16:07
by Sarah
Have you checked the cxswatch log to verify whether cxswatch is actually running or if there are any errors? If cxswatch is running and there are no errors in the cxswatch log, then it sounds like a problem with chkservd rather than cxswatch.
Re: Our cxswatch service keeps failing, how to troubleshoot?
Posted: 07 Jul 2016, 17:20
by bblsystems
The alerts stopped on their own since I made that initial post. The only thing I noticed the log was the following sequence repeated over and over, every 7 minutes or so for about 18 hours
Jul 6 15:10:15 host1 cxswatch[645986]: daemon stopped
Jul 6 15:10:15 host1 cxswatch[645987]: daemon stopped
Jul 6 15:10:15 host1 cxswatch[645988]: daemon stopped
Jul 6 15:15:53 host1 cxswatch[2523]: Startup...
Jul 6 15:15:53 host1 cxswatch[2523]: (/usr/sbin/cxs --allusers --nobayes --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:15:53 host1 cxswatch[2523]: Starting 3 children...
Jul 6 15:15:53 host1 cxswatch[2524]: Child 1 running
Jul 6 15:15:53 host1 cxswatch[2525]: Child 2 running
Jul 6 15:15:53 host1 cxswatch[2523]: Setting up Watch Points...
Jul 6 15:15:53 host1 cxswatch[2527]: Child 3 running
Jul 6 15:22:11 host1 cxswatch[3675]: Startup...
Jul 6 15:22:11 host1 cxswatch[3675]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:22:11 host1 cxswatch[3675]: Starting 3 children...
Jul 6 15:22:11 host1 cxswatch[3676]: Child 1 running
Jul 6 15:22:11 host1 cxswatch[3677]: Child 2 running
Jul 6 15:22:11 host1 cxswatch[3675]: Setting up Watch Points...
Jul 6 15:22:11 host1 cxswatch[3678]: Child 3 running
(REPEATS)
Jul 7 09:07:18 host1 cxswatch[143047]: Startup...
Jul 7 09:07:18 host1 cxswatch[143047]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 7 09:07:18 host1 cxswatch[143047]: Starting 3 children...
Jul 7 09:07:18 host1 cxswatch[143048]: Child 1 running
Jul 7 09:07:18 host1 cxswatch[143049]: Child 2 running
Jul 7 09:07:18 host1 cxswatch[143047]: Setting up Watch Points...
Jul 7 09:07:18 host1 cxswatch[143050]: Child 3 running
Jul 7 09:12:58 host1 cxswatch[143621]: Startup...
Jul 7 09:12:58 host1 cxswatch[143621]: (/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 7 09:12:58 host1 cxswatch[143621]: Starting 3 children...
Jul 7 09:12:58 host1 cxswatch[143622]: Child 1 running
Jul 7 09:12:58 host1 cxswatch[143623]: Child 2 running
Jul 7 09:12:58 host1 cxswatch[143621]: Setting up Watch Points...
Jul 7 09:12:58 host1 cxswatch[143624]: Child 3 running
Jul 7 09:12:59 host1 cxswatch[143621]: ....(46) admin (/home/admin/public_html) start
Jul 7 09:13:00 host1 cxswatch[143621]: ....(46) admin (/home/admin/public_html) finish (317 watches)
Jul 7 09:13:00 host1 cxswatch[143621]: ....(45) bbl (/home/bbl/public_html) start
Re: Our cxswatch service keeps failing, how to troubleshoot?
Posted: 28 Sep 2016, 09:18
by Strats
bblsystems wrote:
Jul 6 15:15:53 host1 cxswatch[2523]: (/usr/sbin/cxs --allusers --nobayes --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Jul 6 15:15:53 host1 cxswatch[2523]: Starting 3 children...
Jul 6 15:15:53 host1 cxswatch[2524]: Child 1 running
Jul 6 15:15:53 host1 cxswatch[2525]: Child 2 running
Jul 6 15:15:53 host1 cxswatch[2523]: Setting up Watch Points...
Jul 6 15:15:53 host1 cxswatch[2527]: Child 3 running
Jul 6 15:22:11 host1 cxswatch[3675]: Startup...
I had the exact same problem last night after the last upcp in some servers, same error as above and if has been fixed on its own after some hours. Did you find any more info on this please?