sleep747
Jan 15 2005, 08:27 PM
I put in a ticket, and EV support does a memtest. Memtest comes back OK. ( suppor says "looks ok to me" )
But I get "egrep: Memory exhausted" messages on chkrootkit, and a few other scripts. & I didn't get these messages a couple weeks ago.
So, does anyone have any ideas on what else would be causing heavy swapping after a fresh reboot, and memory problems ????
SEAL31
Jan 16 2005, 02:11 AM
Have you checked to see how much memory is actually being used? You may want to look into what would be using all that memory, assuming your system is Linux, type "ps aux" and look to see what's using a lot of MEM%. If nothing is high, then I have no clue, something may be keeping stuff in memory and not clearing it.
eth00
Jan 16 2005, 03:03 AM
What does "free -m" show when you are getting those errors. Bad ram is usually causes server crashing and such. That sounds like you might be running out of swap which just means you need more ram or atleast more swap.
sleep747
Jan 16 2005, 10:16 AM
I should clarify - The server doesn't crash, and generaly the loads are fairly stable for the amount of traffic to my sites.
I didn't think anything was wrong until I noticed 2 nights ago that chkrootkit hungup while searching for "aliens".
Then I got this after several minutes of it running up the loads -
"Checking `aliens'... egrep: Memory exhausted
no suspect files
My tops look like this -
Before running chkrootkit -----
65 processes: 63 sleeping, 2 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 0.2% 0.2% 0.0% 0.0% 0.0% 0.6% 99.0%
Mem: 505400k av, 119668k used, 385732k free, 0k shrd, 9576k buff
99232k active, 6452k inactive
Swap: 2048276k av, 0k used, 2048276k free 47900k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
4467 admin-user 15 0 2252 2252 1856 R 0.1 0.4 0:00 0 sshd
1 root 15 0 512 512 452 S 0.0
Run chkrootkit - wait till it hangs -
*********
10:50:27 up 14 min, 2 users, load average: 2.03, 0.55, 0.24
72 processes: 69 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 22.0% 0.0% 10.2% 3.2% 0.2% 64.4% 0.0%
Mem: 505400k av, 500088k used, 5312k free, 0k shrd, 508k buff
392420k actv, 47036k in_d, 7080k in_c
Swap: 2048276k av, 163272k used, 1885004k free 96872k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
5331 root 20 0 466M 353M 160 R 30.7 71.6 0:36 0 egrep
********************
10:52:14 up 16 min, 2 users, load average: 1.60, 0.83, 0.37
72 processes: 70 sleeping, 2 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 39.4% 0.0% 4.8% 1.4% 0.0% 54.4% 0.0%
Mem: 505400k av, 500084k used, 5316k free, 0k shrd, 668k buff
390032k actv, 47648k in_d, 6828k in_c
Swap: 2048276k av, 722232k used, 1326044k free 3428k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
5331 root 25 0 933M 418M 192 D 42.7 84.6 0:59 0 egrep
********************
10:57:07 up 21 min, 2 users, load average: 2.05, 1.67, 0.82
51 processes: 48 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 5.4% 0.0% 10.6% 3.8% 0.0% 80.2% 0.0%
Mem: 505400k av, 499872k used, 5528k free, 0k shrd, 868k buff
389868k actv, 48112k in_d, 6588k in_c
Swap: 2048276k av, 1024176k used, 1024100k free 3100k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
5331 root 18 0 1399M 423M 184 R 12.2 85.7 2:16 0 egrep
And free -m reads -
total used free shared buffers cached
Mem: 493 488 5 0 0 4
-/+ buffers/cache: 483 10
Swap: 2000 978 1021
I can understand if this was always the case, BUT it has not been. I run thru my server and check thing 5-6 times a week. and chkrootkit is run everytime I am on the server. It just started doing this a couple days ago. :confused:
eth00
Jan 16 2005, 10:21 AM
try using rkhunter to see if it finds anything. Rkhunter is updated more often and may give different results.
sleep747
Jan 16 2005, 10:33 AM
I did, and it found nothing.
I had both chkrootkit and rkhunter on the server from day 1.
I even rebuilt both yesterday, and re-ran them.
rkhunter doesn't hang up at all, but chkrootkit hangs on aliens, and "Egrep" seems to be running wild.
kamihacker
Jan 17 2005, 02:03 AM
open a trouble ticket at EV1 for hardware check, so they can test your memory and perhaps your hard disk... too much paging there seems really odd
maybe egrep is going wild on some very big file lists somewhere, do you have lots of files per directory somewhere?
regards
sleep747
Jan 17 2005, 01:50 PM
QUOTE
open a trouble ticket at EV1 for hardware check, so they can test your memory and perhaps your hard disk... too much paging there seems really odd
If you read my first post, I already did that.