You are not logged in.
After running for 3 days now my archlinux server acts strange. I have over 100 UDP Ports open for my httpd process.
netstat -lpn | grep httpd | nl
1 tcp 0 0 :::80 :::* LISTEN 17182/httpd
2 udp 0 0 0.0.0.0:60289 0.0.0.0:* 27734/httpd
3 udp 0 0 0.0.0.0:38658 0.0.0.0:* 27734/httpd
4 udp 0 0 0.0.0.0:33155 0.0.0.0:* 22821/httpd
5 udp 0 0 0.0.0.0:52997 0.0.0.0:* 27734/httpd
6 udp 0 0 0.0.0.0:59525 0.0.0.0:* 27734/httpd
7 udp 0 0 0.0.0.0:54662 0.0.0.0:* 27734/httpd
8 udp 0 0 0.0.0.0:60295 0.0.0.0:* 27734/httpd
9 udp 0 0 0.0.0.0:41869 0.0.0.0:* 27734/httpd
10 udp 0 0 0.0.0.0:51471 0.0.0.0:* 27734/httpd
11 udp 0 0 0.0.0.0:34703 0.0.0.0:* 27734/httpd
12 udp 0 0 0.0.0.0:33168 0.0.0.0:* 22821/httpd
13 udp 0 0 0.0.0.0:54418 0.0.0.0:* 27734/httpd
14 udp 0 0 0.0.0.0:47635 0.0.0.0:* 27734/httpd
15 udp 0 0 0.0.0.0:34963 0.0.0.0:* 27734/httpd
16 udp 0 0 0.0.0.0:35860 0.0.0.0:* 27734/httpd
17 udp 0 0 0.0.0.0:46229 0.0.0.0:* 27734/httpd
18 udp 0 0 0.0.0.0:55189 0.0.0.0:* 27734/httpd
19 udp 0 0 0.0.0.0:51478 0.0.0.0:* 27734/httpd
20 udp 0 0 0.0.0.0:39190 0.0.0.0:* 27734/httpd
21 udp 0 0 0.0.0.0:56343 0.0.0.0:* 27734/httpd
22 udp 0 0 0.0.0.0:40855 0.0.0.0:* 27734/httpd
23 udp 0 0 0.0.0.0:50458 0.0.0.0:* 27734/httpd
24 udp 0 0 0.0.0.0:50330 0.0.0.0:* 27734/httpd
25 udp 0 0 0.0.0.0:47386 0.0.0.0:* 27734/httpd
26 udp 0 0 0.0.0.0:50332 0.0.0.0:* 27734/httpd
27 udp 0 0 0.0.0.0:40605 0.0.0.0:* 27734/httpd
28 udp 0 0 0.0.0.0:60702 0.0.0.0:* 27734/httpd
29 udp 0 0 0.0.0.0:50591 0.0.0.0:* 27734/httpd
30 udp 0 0 0.0.0.0:43551 0.0.0.0:* 27734/httpd
31 udp 0 0 0.0.0.0:58144 0.0.0.0:* 27734/httpd
32 udp 0 0 0.0.0.0:43425 0.0.0.0:* 27734/httpd
33 udp 0 0 0.0.0.0:40353 0.0.0.0:* 27734/httpd
34 udp 0 0 0.0.0.0:50467 0.0.0.0:* 27734/httpd
35 udp 0 0 0.0.0.0:57637 0.0.0.0:* 27734/httpd
36 udp 0 0 0.0.0.0:33957 0.0.0.0:* 27734/httpd
37 udp 0 0 0.0.0.0:58918 0.0.0.0:* 27734/httpd
38 udp 0 0 0.0.0.0:35113 0.0.0.0:* 27734/httpd
39 udp 0 0 0.0.0.0:48298 0.0.0.0:* 27734/httpd
40 udp 0 0 0.0.0.0:42411 0.0.0.0:* 27734/httpd
41 udp 0 0 0.0.0.0:33195 0.0.0.0:* 27734/httpd
42 udp 0 0 0.0.0.0:35883 0.0.0.0:* 27734/httpd
43 udp 0 0 0.0.0.0:39085 0.0.0.0:* 22797/httpd
44 udp 0 0 0.0.0.0:54958 0.0.0.0:* 27734/httpd
45 udp 0 0 0.0.0.0:59439 0.0.0.0:* 27734/httpd
46 udp 0 0 0.0.0.0:39089 0.0.0.0:* 27734/httpd
47 udp 0 0 0.0.0.0:58675 0.0.0.0:* 27734/httpd
48 udp 0 0 0.0.0.0:44852 0.0.0.0:* 27734/httpd
49 udp 0 0 0.0.0.0:51893 0.0.0.0:* 27734/httpd
50 udp 0 0 0.0.0.0:53689 0.0.0.0:* 27734/httpd
51 udp 0 0 0.0.0.0:48825 0.0.0.0:* 27734/httpd
52 udp 0 0 0.0.0.0:42681 0.0.0.0:* 27734/httpd
53 udp 0 0 0.0.0.0:54332 0.0.0.0:* 27734/httpd
54 udp 0 0 0.0.0.0:49852 0.0.0.0:* 27734/httpd
55 udp 0 0 0.0.0.0:40509 0.0.0.0:* 27734/httpd
56 udp 0 0 0.0.0.0:53697 0.0.0.0:* 27734/httpd
57 udp 0 0 0.0.0.0:48194 0.0.0.0:* 27734/httpd
58 udp 0 0 0.0.0.0:43844 0.0.0.0:* 27734/httpd
59 udp 0 0 0.0.0.0:55621 0.0.0.0:* 27734/httpd
60 udp 0 0 0.0.0.0:43334 0.0.0.0:* 27734/httpd
61 udp 0 0 0.0.0.0:53830 0.0.0.0:* 27734/httpd
62 udp 0 0 0.0.0.0:38088 0.0.0.0:* 27734/httpd
63 udp 0 0 0.0.0.0:59215 0.0.0.0:* 27734/httpd
64 udp 0 0 0.0.0.0:33616 0.0.0.0:* 27734/httpd
65 udp 0 0 0.0.0.0:36432 0.0.0.0:* 27734/httpd
66 udp 0 0 0.0.0.0:39120 0.0.0.0:* 27734/httpd
67 udp 0 0 0.0.0.0:49233 0.0.0.0:* 27734/httpd
68 udp 0 0 0.0.0.0:59218 0.0.0.0:* 27734/httpd
69 udp 0 0 0.0.0.0:47954 0.0.0.0:* 27734/httpd
70 udp 0 0 0.0.0.0:54611 0.0.0.0:* 27734/httpd
71 udp 0 0 0.0.0.0:55379 0.0.0.0:* 27734/httpd
72 udp 0 0 0.0.0.0:45652 0.0.0.0:* 27734/httpd
73 udp 0 0 0.0.0.0:52180 0.0.0.0:* 27734/httpd
74 udp 0 0 0.0.0.0:50647 0.0.0.0:* 27734/httpd
75 udp 0 0 0.0.0.0:59223 0.0.0.0:* 27734/httpd
76 udp 0 0 0.0.0.0:46552 0.0.0.0:* 27734/httpd
77 udp 0 0 0.0.0.0:48859 0.0.0.0:* 27734/httpd
78 udp 0 0 0.0.0.0:56156 0.0.0.0:* 27734/httpd
79 udp 0 0 0.0.0.0:60893 0.0.0.0:* 22789/httpd
80 udp 0 0 0.0.0.0:45022 0.0.0.0:* 27734/httpd
81 udp 0 0 0.0.0.0:47967 0.0.0.0:* 27734/httpd
82 udp 0 0 0.0.0.0:56159 0.0.0.0:* 27734/httpd
83 udp 0 0 0.0.0.0:43360 0.0.0.0:* 27734/httpd
84 udp 0 0 0.0.0.0:57698 0.0.0.0:* 27734/httpd
85 udp 0 0 0.0.0.0:35811 0.0.0.0:* 27734/httpd
86 udp 0 0 0.0.0.0:35299 0.0.0.0:* 27734/httpd
87 udp 0 0 0.0.0.0:36708 0.0.0.0:* 27734/httpd
88 udp 0 0 0.0.0.0:51685 0.0.0.0:* 27734/httpd
89 udp 0 0 0.0.0.0:51942 0.0.0.0:* 22797/httpd
90 udp 0 0 0.0.0.0:40295 0.0.0.0:* 27734/httpd
91 udp 0 0 0.0.0.0:47082 0.0.0.0:* 27734/httpd
92 udp 0 0 0.0.0.0:34923 0.0.0.0:* 27734/httpd
93 udp 0 0 0.0.0.0:47083 0.0.0.0:* 27734/httpd
94 udp 0 0 0.0.0.0:43756 0.0.0.0:* 27734/httpd
95 udp 0 0 0.0.0.0:39916 0.0.0.0:* 27734/httpd
96 udp 0 0 0.0.0.0:34669 0.0.0.0:* 27734/httpd
97 udp 0 0 0.0.0.0:49774 0.0.0.0:* 27734/httpd
98 udp 0 0 0.0.0.0:34930 0.0.0.0:* 27734/httpd
99 udp 0 0 0.0.0.0:58226 0.0.0.0:* 27734/httpd
100 udp 0 0 0.0.0.0:47860 0.0.0.0:* 22797/httpd
101 udp 0 0 0.0.0.0:38134 0.0.0.0:* 27734/httpd
102 udp 0 0 0.0.0.0:54262 0.0.0.0:* 27734/httpd
103 udp 0 0 0.0.0.0:44023 0.0.0.0:* 27734/httpd
104 udp 0 0 0.0.0.0:56440 0.0.0.0:* 27734/httpd
105 udp 0 0 0.0.0.0:50937 0.0.0.0:* 27734/httpd
106 udp 0 0 0.0.0.0:44028 0.0.0.0:* 27734/httpd
107 udp 0 0 0.0.0.0:38140 0.0.0.0:* 27734/httpd
108 udp 0 0 0.0.0.0:56189 0.0.0.0:* 27734/httpd
109 udp 0 0 0.0.0.0:56445 0.0.0.0:* 27734/httpd
110 udp 0 0 0.0.0.0:60926 0.0.0.0:* 22789/httpd
111 udp 0 0 0.0.0.0:50943 0.0.0.0:* 27734/httpd
When I restart httpd all is normal again, but after a couple of days I have the same problem again. The server is acting fine and I can see no performance loss but I don't think this is normal. Any suggestions?
Last edited by TheGrudge (2008-03-11 08:19:05)
digiKam developer - www.digikam.org
Offline
Strange, I only got the following output:
1 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 18294/httpd
2 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 18294/httpd
Offline
Most definitely NOT normal...what other services are you running? Anything that uses Apache specifically? Unless you are using an advanced configuration, you would most likely only be using port 80 or 443 (for https).
Offline
I'm using Django (Python web framework), maybe this is the reason... now (without restarting httpd) I'm only running one instance of apache... seems to be normal. Hmm... I had this so many times now but after a while everything was normal again.
OK here are all services I'm running:
ntpd
mysqld
svnserve
postfix
sshd
portmap
digiKam developer - www.digikam.org
Offline
I just checked again for the apache problem, I have still a lot of UDP-ports open after a while. When I restart apache, all connections are gone, but every website access creates a new UDP port, so that after running for an hour there are over 300 UDP ports open. I just don't know what's wrong... maybe because Arch is running on a vmware server?? If I don't restart Apache after some time, the server just dies (maybe because of all the connections established?)...
Last edited by TheGrudge (2008-01-25 12:24:59)
digiKam developer - www.digikam.org
Offline
Are you running any bittorrent web apps or bittorrent web based controllers?
That is about the only thing I could think of that would do something like that. very weird indeed.
always a good idea to check your apache logs. maybe you have a vulnerability vector in some web app you are running, that is allowing process spawning that someone is using nefariously.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
This server is not running bittorrent stuff.
Also the server is in our local network only and has no connection to the internet itself, it can't be hacked or used by any other people...
the apache logfiles look normal...
Last edited by TheGrudge (2008-01-25 16:40:12)
digiKam developer - www.digikam.org
Offline
well most of those udp ports look like they belong to one apache process.
I would attach to it with strace, and see what kind of system calls it is performing. Maybe you can get an idea about what is happening.
strace -p 27734
where 27734 is the significant <apache_pid> from the list.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Ok, I restarted apache 8 hours ago and now there are over 250 UDP ports open...
I checked with
ps aux | grep httpd
for all running httpd processes...
root 4109 0.0 0.6 22332 10112 ? Ss 13:17 0:00 /usr/sbin/httpd -k start
nobody 4133 0.0 2.2 51064 36352 ? S 13:18 0:12 /usr/sbin/httpd -k start
nobody 4134 0.0 2.1 49600 35064 ? S 13:18 0:13 /usr/sbin/httpd -k start
nobody 4135 0.0 2.5 56172 41336 ? S 13:18 0:13 /usr/sbin/httpd -k start
nobody 4180 0.0 2.5 55488 40860 ? S 13:19 0:12 /usr/sbin/httpd -k start
nobody 6759 0.0 1.3 37692 22592 ? S 16:55 0:00 /usr/sbin/httpd -k start
nobody 6761 0.0 1.4 38716 23488 ? S 16:55 0:00 /usr/sbin/httpd -k start
nobody 18241 0.0 2.1 50168 35328 ? S 13:48 0:07 /usr/sbin/httpd -k start
nobody 18270 0.0 1.9 46472 31792 ? S 13:48 0:07 /usr/sbin/httpd -k start
nobody 19438 0.0 1.3 37336 21952 ? S 17:21 0:00 /usr/sbin/httpd -k start
nobody 19439 0.0 1.3 37336 21952 ? S 17:21 0:00 /usr/sbin/httpd -k start
But when I use strace on one of these processes, I can see nothing special... maybe mod_python is doing this stuff??
digiKam developer - www.digikam.org
Offline
Unless your django code is doing something goofy, I hightly doubt it.
I have a few django apps running mod_python, and have never noticed the behavior you are seeing.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
just thought of something..
do you have 'resolve hostnames' or whatever that is called turned on in your apache config, so it logs hostnames to the logfiles instead of just client ip addresses?
That requires dns lookups, and each lookup opens a listening socket so it can get the response udp packet back. I think that happens `in process` for apache.
EDIT: config value is "HostnameLookups"
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Hmm I don't know this option and I can't find it in the config file so I guess it is turned off :-)
Right now all UDP ports are gone, strange... but the list is getting longer again... hmmm but resolving hostnames gives me an idea:
The server is running cacti, a network monitoring tool based on SNMP. Maybe this program is responsible for that?
Another strange thing is that if I connect to the webpage of the server (not cacti), every hit on this page creates a new port. Maybe I have to check the default settings of my apache to override these resolve hostname options...
digiKam developer - www.digikam.org
Offline
I would suggest "lsof -i -P" to see which program is responsible.
Offline
Another strange thing is that if I connect to the webpage of the server (not cacti), every hit on this page creates a new port. Maybe I have to check the default settings of my apache to override these resolve hostname options...
interesting.
as for the hostnamelookups in apache, the default should be off, so if you dont have it explicitly turned on in your config file anywhere, you should be fine.
$ grep -Ri hostnamelookups /etc/httpd/conf/
/etc/httpd/conf/extra/httpd-default.conf: HostnameLookups Off
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
I don't know where to look anymore... right now there are 1754!!! ports open... poor server
I don't have hostnamelookups set anywhere, so I guess it is disabled.
Maybe VMware ESX3 is messing things up?
digiKam developer - www.digikam.org
Offline
Today the server died, it didn't respond to anything, whether SSH nor keyboard input. So I had to cut the power connection. Yesterday apache had 3450 UDP ports open, I don't get it. I have not changed anything in the default configuration file, just added some folder aliases, that's all. I will post my config here, maybe you find something that is responsible for this behavior. I removed all comments from the file to shorten it a bit.
ServerRoot "/etc/httpd"
Listen 80
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule status_module modules/mod_status.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule python_module modules/mod_python.so
LoadModule php5_module modules/libphp5.so<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
User nobody
Group log
</IfModule>
</IfModule>ServerAdmin andi.clemens@one2one-it.de
DocumentRoot "/home/httpd/html/webtools"<Directory "/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory><Directory "/home/httpd/html/webtools">
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory><IfModule dir_module>
<IfModule mod_php5.c>
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
DirectoryIndex index.html
</IfModule><FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>ErrorLog /var/log/httpd/error_log
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>CustomLog /var/log/httpd/access_log combined
</IfModule><IfModule alias_module>
ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
</IfModule><IfModule cgid_module>
</IfModule><Directory "/home/httpd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>DefaultType text/plain
<IfModule mime_module>
TypesConfig /etc/httpd/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>Include /etc/httpd/conf/extra/httpd-multilang-errordoc.conf
Include /etc/httpd/conf/extra/httpd-autoindex.conf
Include /etc/httpd/conf/extra/httpd-languages.conf
Include /etc/httpd/conf/extra/httpd-userdir.conf
Include /etc/httpd/conf/extra/httpd-default.conf
Alias /phpmyadmin /home/httpd/html/phpMyAdmin
<Directory "/home/httpd/html/phpMyAdmin">
Options Indexes FollowSymLinks
AllowOverride None
Order Deny,Allow
Order Allow,Deny
Allow from all
</Directory>Alias /cacti /home/httpd/html/cacti
<Directory "/home/httpd/html/cacti">
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>Alias /cacti-test /home/httpd/html/cacti-test
<Directory "/home/httpd/html/cacti-test">
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>Alias /icons /home/httpd/icons
<Directory "/home/httpd/icons">
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>Alias /info /home/httpd/html/info
<Directory "/home/httpd/html/info">
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>Alias /mymedia /home/httpd/html/webtools/templates/media
<Directory "/home/httpd/html/webtools/templates/media">
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory><Location "/">
SetHandler python-program
PythonHandler django.core.handlers.modpython
PythonPath "['/home/httpd/html'] + sys.path"
SetEnv DJANGO_SETTINGS_MODULE webtools.settings
PythonDebug On
</Location><Location "/cacti">
SetHandler none
</Location><Location "/cacti-test">
SetHandler none
</Location><Location "/mymedia">
SetHandler none
</Location><Location "/media">
SetHandler none
</Location><Location "/phpmyadmin">
SetHandler none
</Location><Location "/icons">
SetHandler none
</Location><Location "/info">
SetHandler none
</Location><IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
digiKam developer - www.digikam.org
Offline
interesting. are you using cactid or the php-poller for cacti?
How many devices are you polling?
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
I am using spined (cactid), but it also happened with the poller.php before. I am monitoring 244 devices and 1003 data sources.
digiKam developer - www.digikam.org
Offline
hmm. i am thinking it may have to do with cacti then.
if they are all snmp (or largely) sources, then that could explain your excessive amount of udp ports open (sockets waiting for return traffic).
make sure you dont happen to have a cron job still using the poller.php, even though you are using spined now (looks like you have a cacti-test site too).
Other than that, I have no idea. poke around your system some more...
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Hmm but the cacti manual says I should use the poller.php, even when using spined.
The test-site is not active, I use it when upgrading cacti or when I install new plugins. If it is a problem with Cacti, why are those ports open for such a long time?
digiKam developer - www.digikam.org
Offline
i meant cmd.php, not poller.php.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Woohoo found the problem!!
I manage two packages in the AUR, pysnmp-devel and pyasn1, which I had not updated for a while (yes, shame on me).
I found out that the ports were only created when I called the website with my django site. When I called Cacti no ports were created. So the problem had to be something with Python.
After that I found out that my OnlineUserManager which is called on some websites, seems to create all that ports. When I called the manager from the console, no ports were assigned. Strange....
After a while I realized that the requests send by the manager only use SNMP, so updating pysnmp-devel and pyasn1 seemed to be the only solutions. Well now it is working... Roughly speaking I created this problem by myself... :-)
digiKam developer - www.digikam.org
Offline