Load average élevé et traffic faible

WRInaute occasionnel
Bonjour,

j'ai une dédibox sous ubuntu (Apache 2, PHP5 et Mysql), et assez régulireement machine est quasiment inaccessible (http, ssh).
Je n'ai qu'un seul site dessus, qui ne fait que 200 VU jours.

Et pourtant j'ai souvent un gros load average :

Code:
uptime :
21:19:28 up 27 days, 22:27,  1 user,  load average: 13.18, 11.62, 5.12

Je ne sais pas trop d'ou cela vient (j ai viré tous les scripts Cron).
Mes scripts sont optimisés (requêtes, cache, etc...) et les connexions à la bd sont toujours bien fermées.

la conf d'apache 2 :
Code:

ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#</IfModule>
#</IfModule>

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /var/run/apache2.pid

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

##
## Server-Pool Size Regulation (MPM specific)
## 

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
#<IfModule mpm_prefork_module>
#    StartServers         10 
#    MinSpareServers      10
#    MaxSpareServers      20
#    MaxClients          250
#    MaxRequestsPerChild   3000
#</IfModule>


<IfModule mpm_prefork_module>
    StartServers         5
    MinSpareServers      5
    MaxSpareServers     30
    MaxClients          50 
    MaxRequestsPerChild  0
</IfModule>



# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
    StartServers          2
    MaxClients          150
    MinSpareThreads      25
    MaxSpareThreads      75 
    ThreadsPerChild      25
    MaxRequestsPerChild   0
</IfModule>

User www-data
Group www-data

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

TypesConfig /etc/mime.types

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf

# Include all the user configurations:
Include /etc/apache2/httpd.conf

# Include ports listing
Include /etc/apache2/ports.conf

# Include generic snippets of statements
Include /etc/apache2/conf.d/

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory 
# listings, mod_status and mod_info output etc., but not CGI generated 
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

<IfModule alias_module>
    #
    # Aliases: Add here as many aliases as you need (with no limit). The format is 
    # Alias fakename realname
    #
    # Note that if you include a trailing / on fakename then the server will
    # require it to be present in the URL.  So "/icons" isn't aliased in this
    # example, only "/icons/".  If the fakename is slash-terminated, then the 
    # realname must also be slash terminated, and if the fakename omits the 
    # trailing slash, the realname must also omit it.
    #
    # We include the /icons/ alias for FancyIndexed directory listings.  If
    # you do not use FancyIndexing, you may comment this out.
    #
    Alias /icons/ "/usr/share/apache2/icons/"

    <Directory "/usr/share/apache2/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

</IfModule>

#
# Directives controlling the display of server-generated directory listings.
#
<IfModule mod_autoindex.c>

    #
    # IndexOptions: Controls the appearance of server-generated directory
    # listings.
    #
    IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=*

    #
    # AddIcon* directives tell the server which icon to show for different
    # files or filename extensions.  These are only displayed for
    # FancyIndexed directories.
    #
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^

    #
    # DefaultIcon is which icon to show for files which do not have an icon
    # explicitly set.
    #
    DefaultIcon /icons/unknown.gif

    #
    # AddDescription allows you to place a short description after a file in
    # server-generated indexes.  These are only displayed for FancyIndexed
    # directories.
    # Format: AddDescription "description" filename
    #
    #AddDescription "GZIP compressed document" .gz
    #AddDescription "tar archive" .tar
    #AddDescription "GZIP compressed tar archive" .tgz

    #
    # ReadmeName is the name of the README file the server will look for by
    # default, and append to directory listings.
    #
    # HeaderName is the name of a file which should be prepended to
    # directory indexes. 
    ReadmeName README.html
    HeaderName HEADER.html

    #
    # IndexIgnore is a set of filenames which directory indexing should ignore
    # and not include in the listing.  Shell-style wildcarding is permitted.
    #
    IndexIgnore .??* *~ *# RCS CVS *,v *,t 
</IfModule>

<IfModule mod_mime.c>

    #
    # AddType allows you to add to or override the MIME configuration
    # file mime.types for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    # Despite the name similarity, the following Add* directives have
    # nothing to do with the FancyIndexing customization directives above.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # DefaultLanguage and AddLanguage allows you to specify the language of 
    # a document. You can then use content negotiation to give a browser a 
    # file in a language the user can understand.
    #
    # Specify a default language. This means that all data
    # going out without a specific language tag (see below) will 
    # be marked with this one. You probably do NOT want to set
    # this unless you are sure it is correct for all cases.
    #
    # * It is generally better to not mark a page as 
    # * being a certain language than marking it with the wrong
    # * language!
    #
    # DefaultLanguage nl
    #
    # Note 1: The suffix does not have to be the same as the language
    # keyword --- those with documents in Polish (whose net-standard
    # language code is pl) may wish to use "AddLanguage pl .po" to
    # avoid the ambiguity with the common suffix for perl scripts.
    #
    # Note 2: The example entries below illustrate that in some cases 
    # the two character 'Language' abbreviation is not identical to 
    # the two character 'Country' code for its country,
    # E.g. 'Danmark/dk' versus 'Danish/da'.
    #
    # Note 3: In the case of 'ltz' we violate the RFC by using a three char
    # specifier. There is 'work in progress' to fix this and get
    # the reference data for rfc1766 cleaned up.
    #
    # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
    # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
    # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
    # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
    # Norwegian (no) - Polish (pl) - Portugese (pt)
    # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
    # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
    #
    AddLanguage ca .ca
    AddLanguage cs .cz .cs
    AddLanguage da .dk
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage en .en
    AddLanguage eo .eo
    AddLanguage es .es
    AddLanguage et .et
    AddLanguage fr .fr
    AddLanguage he .he
    AddLanguage hr .hr
    AddLanguage it .it
    AddLanguage ja .ja
    AddLanguage ko .ko
    AddLanguage ltz .ltz
    AddLanguage nl .nl
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddLanguage pt .pt
    AddLanguage pt-BR .pt-br
    AddLanguage ru .ru
    AddLanguage sv .sv
    AddLanguage zh-CN .zh-cn
    AddLanguage zh-TW .zh-tw
</IfModule>

<IfModule mod_negotiation.c>
    #
    # LanguagePriority allows you to give precedence to some languages
    # in case of a tie during content negotiation.
    #
    # Just list the languages in decreasing order of preference. We have
    # more or less alphabetized them here. You probably want to change this.
    #
    LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

    #
    # ForceLanguagePriority allows you to serve a result page rather than
    # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
    # [in case no accepted languages matched the available variants]
    #
    ForceLanguagePriority Prefer Fallback

</IfModule>

<IfModule mod_mime.c>
    #
    # Specify a default charset for all pages sent out. This is
    # always a good idea and opens the door for future internationalisation
    # of your web site, should you ever want it. Specifying it as
    # a default does little harm; as the standard dictates that a page
    # is in iso-8859-1 (latin1) unless specified otherwise i.e. you
    # are merely stating the obvious. There are also some security
    # reasons in browsers, related to javascript and URL parsing
    # which encourage you to always set a default char set.
    #
    #AddDefaultCharset ISO-8859-1

    #
    # Commonly used filename extensions to character sets. You probably
    # want to avoid clashes with the language extensions, unless you
    # are good at carefully testing your setup after each change.
    # See http://www.iana.org/assignments/character-sets for the
    # official list of charset names and their respective RFCs.
    #
    AddCharset us-ascii    .ascii .us-ascii
    AddCharset ISO-8859-1  .iso8859-1  .latin1
    AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
    AddCharset ISO-8859-3  .iso8859-3  .latin3
    AddCharset ISO-8859-4  .iso8859-4  .latin4
    AddCharset ISO-8859-5  .iso8859-5  .cyr .iso-ru
    AddCharset ISO-8859-6  .iso8859-6  .arb .arabic
    AddCharset ISO-8859-7  .iso8859-7  .grk .greek
    AddCharset ISO-8859-8  .iso8859-8  .heb .hebrew
    AddCharset ISO-8859-9  .iso8859-9  .latin5 .trk
    AddCharset ISO-8859-10  .iso8859-10  .latin6
    AddCharset ISO-8859-13  .iso8859-13
    AddCharset ISO-8859-14  .iso8859-14  .latin8
    AddCharset ISO-8859-15  .iso8859-15  .latin9
    AddCharset ISO-8859-16  .iso8859-16  .latin10
    AddCharset ISO-2022-JP .iso2022-jp .jis
    AddCharset ISO-2022-KR .iso2022-kr .kis
    AddCharset ISO-2022-CN .iso2022-cn .cis
    AddCharset Big5        .Big5       .big5 .b5
    AddCharset cn-Big5     .cn-big5
    # For russian, more than one charset is used (depends on client, mostly):
    AddCharset WINDOWS-1251 .cp-1251   .win-1251
    AddCharset CP866       .cp866
    AddCharset KOI8      .koi8
    AddCharset KOI8-E      .koi8-e
    AddCharset KOI8-r      .koi8-r .koi8-ru
    AddCharset KOI8-U      .koi8-u
    AddCharset KOI8-ru     .koi8-uk .ua
    AddCharset ISO-10646-UCS-2 .ucs2
    AddCharset ISO-10646-UCS-4 .ucs4
    AddCharset UTF-7       .utf7
    AddCharset UTF-8       .utf8
    AddCharset UTF-16      .utf16
    AddCharset UTF-16BE    .utf16be
    AddCharset UTF-16LE    .utf16le
    AddCharset UTF-32      .utf32
    AddCharset UTF-32BE    .utf32be
    AddCharset UTF-32LE    .utf32le
    AddCharset euc-cn      .euc-cn
    AddCharset euc-gb      .euc-gb
    AddCharset euc-jp      .euc-jp
    AddCharset euc-kr      .euc-kr
    #Not sure how euc-tw got in - IANA doesn't list it???
    AddCharset EUC-TW      .euc-tw
    AddCharset gb2312      .gb2312 .gb
    AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
    AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
    AddCharset shift_jis   .shift_jis .sjis

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    #
    # For files that include their own HTTP headers:
    #
    #AddHandler send-as-is asis

    #
    # For server-parsed imagemap files:
    #
    #AddHandler imap-file map

    #
    # For type maps (negotiated resources):
    # (This is enabled by default to allow the Apache "It Worked" page
    #  to be distributed in multiple languages.)
    #
    AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections.  We use 
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
#   Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, 
# even on a per-VirtualHost basis.  The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation.  To activate them, uncomment the following 30 lines.

#    Alias /error/ "/usr/share/apache2/error/"
#
#    <Directory "/usr/share/apache2/error">
#        AllowOverride None
#        Options IncludesNoExec
#        AddOutputFilter Includes html
#        AddHandler type-map var
#        Order allow,deny
#        Allow from all
#        LanguagePriority en cs de es fr it nl sv pt-br ro
#        ForceLanguagePriority Prefer Fallback
#    </Directory>
#
#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
#    ErrorDocument 410 /error/HTTP_GONE.html.var
#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

<IfModule mod_setenvif.c>
    #
    # The following directives modify normal HTTP response behavior to
    # handle known problems with browser implementations.
    #
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0

    #
    # The following directive disables redirects on non-GET requests for
    # a directory that does not include the trailing slash.  This fixes a 
    # problem with Microsoft WebFolders which does not appropriately handle 
    # redirects for folders with DAV methods.
    # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
    #
    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
    BrowserMatch "MS FrontPage" redirect-carefully
    BrowserMatch "^WebDrive" redirect-carefully
    BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
    BrowserMatch "^gnome-vfs/1.0" redirect-carefully
    BrowserMatch "^XML Spy" redirect-carefully
    BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
</IfModule>

<IfModule mod_status.c>
    
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    # Change the ".example.com" to match your domain to enable.
    <Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </Location>
    ExtendedStatus On    
</IfModule>

#<IfModule mod_info.c>
    #
    # Allow remote server configuration reports, with the URL of
    #  http://servername/server-info (requires that mod_info.c be loaded).
    # Change the ".example.com" to match your domain to enable.
    #
    #<Location /server-info>
    #    SetHandler server-info
    #    Order deny,allow
    #    Deny from all
    #    Allow from .example.com
    #</Location>
#</IfModule>

<Location />
    SetOutputFilter DEFLATE
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    Header append Vary User-Agent env=!dont-vary
</Location>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

AddDefaultCharset ISO-8859-1
DefaultLanguage fr

ServerSignature Off
ServerTokens Prod

<Directory /var/www/phpmyadmin>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
</Directory>
<Directory /var/www/touteslesmiss>
    Options -Indexes
</Directory>

NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.touteslesmiss.com
ServerAlias touteslesmiss.com *.touteslesmiss.com
DocumentRoot /var/www/touteslesmiss

ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/touteslesmiss.log combined
</VirtualHost>
J'ai touché au mpm_prefork_module en changeant les valeurs, mais cela n'a pas l'air d'avoir changé grand chose.
Comment determiner lors des pics de load average les processus qui bouffent "tout" ?

Merci pour le coup de main.
 
WRInaute accro
Il faut que tu regardes tes logs : log mail, apache pour s'assurer qu'il n'y a pas d'activité suspecte

Ton formulaire de contact est sécurisé ?

ps -aux pour voir tous les processus
 
WRInaute occasionnel
Je me demande si je n'ai pas des DDOS attack par hasard :

Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
      1 Address
      1 servers)
      1 81.50.137.15
      1 88.164.208.169
      2 80.8.204.33
     31 41.204.103.182
    127 89.159.91.205

127 fois l'ip 89.159.91.205... louche non ?

mahefarivony > pas facile de faire un ps -aux au bon moment... pour les logs mails je ne sais pas, il y en a du monde dans /var/log/mail.log. Il y aurait-il une commande permettant d'analyser cela rapidement ?
 
Nouveau WRInaute
salut,


j'ai eu un probleme similaire. j'ai désactivé APC (cache php) et tout a bien fonctionné, j'ai bien sûr réactivé APC pour voir et bing load average de 200 parfoit.
J'ai donc par la suite installé eaccelerator (à la place de APC, faut le desinstaller avt) et depuis aucun probleme de load average.

j'avais lu que APC pouvait causer des problemes avec php5.

je ne sais pas si ça peut t'aider mais ça ne coute rien d'essayer.
olive
 
WRInaute accro
link182 a dit:
... pour les logs mails je ne sais pas, il y en a du monde dans /var/log/mail.log. Il y aurait-il une commande permettant d'analyser cela rapidement ?
je ne connais pas la dedibox mais des fois que t'aurais webmin, tu peux accéder aux logs systemes en affichant les n dernieres lignes de logs. on peut aussi filtrer en affichant les n dernieres lignes contenant "xxxx"... si tu mets le mot sent par exemple, tu peux voir les derniers mails que ton systeme a envoyé. et si tu vois que 100 mails ont été balancés en moins de quelques secondes il ne faut pas chercher plus loin.

oui le ddos est aussi une possibilité. tu as un bon firewall ?
 
WRInaute occasionnel
jsutement pas de firewall (je n'ai pas configuré Iptable)

Code:
top - 22:46:52 up 27 days, 23:55,  1 user,  load average: 5.92, 1.65, 0.60
Tasks:  90 total,   2 running,  88 sleeping,   0 stopped,   0 zombie
Cpu(s): 53.2%us, 20.7%sy,  0.0%ni,  0.0%id, 24.1%wa,  0.0%hi,  2.0%si,  0.0%st
Mem:   1018244k total,  1006352k used,    11892k free,      620k buffers
Swap:  1044216k total,  1044196k used,       20k free,    11900k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
21917 www-data  18   0 70508  29m 1248 D 35.9  3.0   0:03.06 apache2
21945 www-data  18   0  179m 141m 1236 D 16.3 14.2   0:02.08 apache2
21918 www-data  18   0 1412m 409m 1248 D  9.6 41.2   0:19.51 apache2
   65 root      10  -5     0    0    0 D  8.3  0.0 141:25.16 kswapd0
21922 www-data  18   0  399m 356m 1248 D  3.7 35.9   0:05.36 apache2
22203 root      18   0 20388 5304 3560 D  1.3  0.5   0:00.17 php
10828 mysql     15   0  144m 3184 1432 S  0.3  0.3   2:12.48 mysqld
21920 www-data  18   0 42100 1580 1248 D  0.3  0.2   0:00.33 apache2
    1 root      18   0  2908   36   32 S  0.0  0.0   0:01.14 init
 
WRInaute occasionnel
Je ne pense pas que cela vienne du mail :
j'ai actuellement un load average élevé (39.69 !) et pas de chose anormale dans /var/log/mail.log :

Code:
 22:04:50 sd-12369 postfix/smtp[19023]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25)
Dec 27 22:04:50 sd-12369 postfix/smtp[19026]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25)
Dec 27 22:04:50 sd-12369 postfix/smtp[19025]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25)
Dec 27 22:04:50 sd-12369 postfix/smtp[19026]: 65B9510C0012: to=<freaks_frog@breakthru.org>, relay=none, delay=152364, delays=152364/0.03/0.15/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused)
Dec 27 22:04:50 sd-12369 postfix/smtp[19023]: ACA5E10C0011: to=<freaks_frog@breakthru.org>, relay=none, delay=152367, delays=152366/0.14/0.18/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused)
Dec 27 22:04:50 sd-12369 postfix/smtp[19025]: 7B19710C000F: to=<freaks_frog@breakthru.org>, relay=none, delay=152368, delays=152368/0.06/0.15/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused)
Dec 27 22:04:56 sd-12369 postfix/smtp[19021]: connect to postbox.fabulous.com[128.242.120.13]: Connection refused (port 25)
Dec 27 22:04:56 sd-12369 postfix/smtp[19021]: DA20D10C0016: to=<gtbso@livel.com>, relay=none, delay=152233, delays=152226/0.15/6.5/0, dsn=4.4.1, status=deferred (connect to postbox.fabulous.com[128.242.120.13]: Connection refused)
Dec 27 22:38:10 sd-12369 postfix/qmgr[2431]: C3EC110C0013: from=<www-data@sd-12369.dedibox.fr>, size=4930, nrcpt=1 (queue active)
Dec 27 22:38:10 sd-12369 postfix/qmgr[2431]: CDD3F10C0014: from=<www-data@sd-12369.dedibox.fr>, size=4940, nrcpt=1 (queue active)
Dec 27 22:38:10 sd-12369 postfix/qmgr[2431]: 7E15910C0017: from=<www-data@sd-12369.dedibox.fr>, size=4930, nrcpt=1 (queue active)
Dec 27 22:38:10 sd-12369 postfix/smtp[21981]: connect to breakthru.org[82.98.86.162]: Connection refused (port 25)
Dec 27 22:38:10 sd-12369 postfix/smtp[21981]: CDD3F10C0014: to=<freaks_frog@breakthru.org>, relay=none, delay=154362, delays=154362/0.04/0.12/0, dsn=4.4.1, status=deferred (connect to breakthru.org[82.98.86.162]: Connection refused)
Dec 27 22:38:10 sd-12369 postfix/smtp[21980]: connect to postbox.fabulous.com[128.242.120.13]: Connection refused (port 25)
Dec 27 22:38:10 sd-12369 postfix/smtp[21980]: C3EC110C0013: to=<gtbso@livel.com>, relay=none, delay=154223, delays=154223/0.1/0.42/0, dsn=4.4.1, status=deferred (connect to postbox.fabulous.com[128.242.120.13]: Connection refused)
Dec 27 22:38:10 sd-12369 postfix/smtp[21982]: connect to postbox.fabulous.com[128.242.120.13]: Connection refused (port 25)
Dec 27 22:38:10 sd-12369 postfix/smtp[21982]: 7E15910C0017: to=<gtbso@livel.com>, relay=none, delay=154225, delays=154225/0.02/0.41/0, dsn=4.4.1, status=deferred (connect to postbox.fabulous.com[128.242.120.13]: Connection refused)

Code:
 uptime
 22:53:34 up 28 days, 1 min,  1 user,  load average: 39.69, 24.30, 10.89
 
WRInaute accro
euh si c'est chaud quand meme ! T'as vu toutes ces cochonneries à 22:38:10 ?

tapes en root :
postsuper -d ALL pour voir ?

Essayes d'installer arnoiptables firewall de base il est très bien

et lors des grosses montées ramene nous le resultat du ps -aux
 
WRInaute occasionnel
9 connexions a 22:38:10, c'est énorme, si ?

avec vraiment du mal :
Code:
root@sd-12369:/etc/nagios/conf.d# uptime
 23:01:21 up 28 days, 9 min,  1 user,  load average: 35.23, 34.56, 21.55

ps -aux

Code:
root@sd-12369:/etc/nagios/conf.d# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   2908     4 ?        Ss   Nov29   0:01 /sbin/init
root         2  0.0  0.0      0     0 ?        SN   Nov29   0:00 [ksoftirqd/0]
root         3  0.0  0.0      0     0 ?        S<   Nov29   0:00 [events/0]
root         4  0.0  0.0      0     0 ?        S<   Nov29   0:00 [khelper]
root         5  0.0  0.0      0     0 ?        S<   Nov29   0:00 [kthread]
root        28  0.0  0.0      0     0 ?        S<   Nov29   0:00 [kblockd/0]
root        29  0.0  0.0      0     0 ?        S<   Nov29   0:00 [ata/0]
root        30  0.0  0.0      0     0 ?        S<   Nov29   0:00 [ata_aux]
root        31  0.0  0.0      0     0 ?        S<   Nov29   0:00 [kseriod]
root        65  0.3  0.0      0     0 ?        S<   Nov29 142:29 [kswapd0]
root        66  0.0  0.0      0     0 ?        S<   Nov29   0:00 [aio/0]
root        67  0.0  0.0      0     0 ?        S<   Nov29   0:00 [jfsIO]
root        68  0.0  0.0      0     0 ?        S<   Nov29   0:00 [jfsCommit]
root        69  0.0  0.0      0     0 ?        S<   Nov29   0:00 [jfsSync]
root        70  0.0  0.0      0     0 ?        S<   Nov29   0:00 [xfslogd/0]
root        71  0.0  0.0      0     0 ?        S<   Nov29   0:00 [xfsdatad/0]
root       684  0.0  0.0      0     0 ?        S<   Nov29   0:00 [scsi_eh_0]
root       685  0.0  0.0      0     0 ?        S<   Nov29   0:00 [scsi_eh_1]
root       708  0.0  0.0      0     0 ?        S<   Nov29   0:00 [kcryptd/0]
root       717  0.0  0.0      0     0 ?        S<   Nov29   0:32 [kjournald]
root       848  0.0  0.0   2300     4 ?        S<s  Nov29   0:00 /sbin/udevd --daemon
root      1777  0.0  0.0      0     0 ?        S<   Nov29   0:00 [kjournald]
root      2046  0.0  0.0   1648     0 tty4     Ss+  Nov29   0:00 /sbin/getty 38400 tty4
root      2047  0.0  0.0   1652     0 tty5     Ss+  Nov29   0:00 /sbin/getty 38400 tty5
root      2050  0.0  0.0   1648     0 tty2     Ss+  Nov29   0:00 /sbin/getty 38400 tty2
root      2051  0.0  0.0   1652     0 tty3     Ss+  Nov29   0:00 /sbin/getty 38400 tty3
root      2058  0.0  0.0   1648     0 tty1     Ss+  Nov29   0:00 /sbin/getty 38400 tty1
root      2059  0.0  0.0   1652     0 tty6     Ss+  Nov29   0:00 /sbin/getty 38400 tty6
root      2081  0.0  0.0   1704    68 ?        Ds   Nov29   7:40 /sbin/syslogd
root      2099  0.0  0.0   1792    16 ?        Ds   Nov29   1:19 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg
klog      2101  0.0  0.0   2612   204 ?        Ss   Nov29   1:04 /sbin/klogd -P /var/run/klogd/kmsg
root      2265  0.0  0.0   1824     0 ?        S    Nov29   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier
root      2266  0.0  0.0   4296     8 ?        S    Nov29   0:38 /usr/lib/courier/courier-authlib/authdaemond
root      2281  0.0  0.0   1828     0 ?        S    Nov29   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/courier
root      2282  0.0  0.0   1932     0 ?        S    Nov29   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /
root      2301  0.0  0.0   1828     4 ?        S    Nov29   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin
root      2302  0.0  0.0   1932     4 ?        S    Nov29   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 /
root      2323  0.0  0.0   1928     4 ?        S    Nov29   0:00 /usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger
root      2327  0.0  0.0   1824     4 ?        S    Nov29   0:00 /usr/sbin/courierlogger courierpop3login
root      2336  0.0  0.0   4340    24 ?        S    Nov29   0:53 /usr/lib/courier/courier-authlib/authdaemond
root      2337  0.0  0.0   4340    16 ?        S    Nov29   0:47 /usr/lib/courier/courier-authlib/authdaemond
root      2338  0.0  0.0   4340     8 ?        S    Nov29   1:03 /usr/lib/courier/courier-authlib/authdaemond
root      2339  0.0  0.0   4340    20 ?        S    Nov29   0:59 /usr/lib/courier/courier-authlib/authdaemond
root      2340  0.0  0.0   4340    20 ?        S    Nov29   0:50 /usr/lib/courier/courier-authlib/authdaemond
root      2351  0.0  0.0   1824     0 ?        S    Nov29   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin
root      2352  0.0  0.0   1928     0 ?        S    Nov29   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /u
root      2427  0.0  0.0   4956   180 ?        Ss   Nov29   9:03 /usr/lib/postfix/master
postfix   2431  0.0  0.0   5300   116 ?        S    Nov29   3:15 qmgr -l -t fifo -u
root      2468  0.0  0.0   6472     0 ?        Ss   Nov29   0:00 /usr/sbin/saslauthd -a pam
root      2469  0.0  0.0   6472     0 ?        S    Nov29   0:00 /usr/sbin/saslauthd -a pam
root      2470  0.0  0.0   6472     0 ?        S    Nov29   0:00 /usr/sbin/saslauthd -a pam
root      2472  0.0  0.0   6472     0 ?        S    Nov29   0:00 /usr/sbin/saslauthd -a pam
root      2473  0.0  0.0   6472     0 ?        S    Nov29   0:00 /usr/sbin/saslauthd -a pam
root      2493  0.0  0.0   5088     0 ?        Ss   Nov29   0:05 /usr/sbin/sshd
nobody    2545  0.0  0.0   2744    72 ?        Ds   Nov29  20:22 proftpd: (accepting connections)
daemon    2561  0.0  0.0   1908     0 ?        Ss   Nov29   0:11 /usr/sbin/atd
root      2611  0.0  0.0   7080   384 ?        Ds   Nov29  16:02 /usr/bin/perl /usr/local/webmin/miniserv.pl /etc/webmin/miniserv.conf
postfix   2779  0.0  0.0   5012   104 ?        D    Nov29   1:50 tlsmgr -l -t unix -u -c
snmp      5021  0.0  0.0   7276   700 ?        S    Dec24   1:29 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1
mysql    10828  0.4  0.5 149520  5852 ?        Sl   09:38   3:21 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/my

Je vais regarder du coté de arno iptable.
 
WRInaute occasionnel
Je viens d'installer arno-iptables-firewall.(via apt-get)
Par contre, aurais un tuto sur la configuration du firewall ? (le fichier /etc/arno-iptables-firewall/firewall.conf je suppose)
Car une fois activé, arno iptable ne laisse rien passer...

Merci
 
WRInaute accro
c'est bon signe, ça veut dire qu'on n'utilise pas ton serveur comme relay spam mail, c'est déjà ça.

apache semble etre hors de cause sur le dernier ps -aux

bon, on va s'interesser un peu aussi à mysql : installes un utilitaire qui s'appelle mtop qui nous permettra de surveiller un peu les eventuels embouteillages au niveau de mysql
 
WRInaute accro
pas grand chose a configurer dans arno iptables, il y a juste cette partie a bien renseigner
Code:
EXT_IF="eth0"
...
EXT_IF_DHCP_IP=0
...
FULL_ACCESS_HOSTS="192.168.1.0/24"
...
FIREWALL_LOG=/var/log/firewall
...
#LOGLEVEL=info #mode normal
LOGLEVEL=debug #pour voir si ça marche
...
OPEN_TCP="21 22 80 443" #exemple pour un serveur: ftp, ssh, http et ssl
OPEN_UDP="21 22 80 443" #exemple pour un serveur: ftp, ssh, http et ssl

Vérifie que ca correspond a ta config et rajoutes les autres ports si besoin (webmin, ....)
 
WRInaute accro
Quelques autres conseils en vrac aussi avant d'aller se coucher :

- vérifier les cron. pas seulement les cron utilisateurs (crontab -e) mais aussi les autres : cron.hourly, .daily, ....

- changer les mots de passe d'accès système : mdp root, webmin... Mettre des mots de passe lourds : 15 caractères

- changer le port de ssh, qui est 22 par défaut. Attention, manip un peu délicate, toujours conserver une session ouverte pour refaire machine arrière en cas de blocage de connexion. Ne pas oublier de laisser passer le nouveau port dans arno.

- Checker la liste des utilisateurs du systeme et supprimer les comptes suspects

- Checker la liste des utilisateurs de mysql : attention au compte root sans mot de passe

- installer le module de surveillance du systeme qui t'enverra quotidiennement un rapport détaillé des activités effectuées sur le systeme. Désolé j'ai oublié son nom :-(

voilou
 
WRInaute passionné
Dans ton fichier conf apache, tu as :

Code:
KeepAlive Off

Ce qui veut dire que chaque processus apache ne sert qu'une seule requete avant de mourrir. Rien que ta page d'accueil en contient prés de 80 !!!

Je te conseille de mettre KeepAlive On et MaxKeepAliveRequests 500

ça ira nettement mieux ! :wink:
 
WRInaute occasionnel
Ok pour le KeepAlive On et MaxKeepAliveRequests --> 500, je vais changer cela.

Load average de 80 hier soir (pas de cron) !


Je viens de mettre en place arno-iptables-firewall, et je n'ai laissé que les ports dont j'ai besoin d'ouvert.

Le port de SSH avait déjà été changé, et j'ai mis fail2ban.

Chkrootkit ne détecte rien :

Code:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not found
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... nothing found
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted

Je vais attendre un peu et voir si arno iptable fait son boulot (si cela vient de là). Merci
 
WRInaute occasionnel
J'ai pas suivi toute la convers mais déja est tu sur que c'est apache qui bouffe des ressources ?


A tu fait un "top" pour voir quels processus étaient gourmands ? (commande top)
 
WRInaute occasionnel
Pas simple à analyser, car je ne suis pas toujours devant la console quand le load average s'emballe ! (regarde els resultats de mes précédentes commandes)
 
WRInaute accro
chez moi j'ai:

KeepAlive on
MaxKeepAliveRequests 90
KeepAliveTimeout 2
MinSpareServers 1
MaxSpareServers 8
StartServers 5
MaxClients 165
MaxRequestsPerChild 1
(ne pas oublier de faire un apache reload)

Avec cette config, les process apache se recyclent très vite et le serveur conserve une charge raisonnable : jamais plus de 4 en load.

et n'oublies pas d'installer logwatch, ça permet de détecter les "acharnés" sur ton serveur.

Peux tu aussi nous indiquer le nombre de process quand le serveur s'emballe vraiment ? ( Load > 10 )

a lire aussi l'article de fandecine qui avait fait un dossier sur ce sujet httpd.conf
 
WRInaute occasionnel
Elle est là ta solution !!!
Oui je les avais bien a ces valeurs la.

Je viens de nouveau de changer les valeurs comme ceci :

Code:
Timeout 300
KeepAlive On
MaxKeepAliveRequests 90
KeepAliveTimeout 2

<IfModule mpm_prefork_module>
    StartServers         5
    MinSpareServers      1
    MaxSpareServers      8
    MaxClients          50
    MaxRequestsPerChild  1
</IfModule>
 
WRInaute accro
Quid de MaxRequestsPerChild ?

MaxRequestsPerChild 2 c'est le nombre de requetes fait sur un slot après lesquels un slot sera tué. une petite explication: rarement vous aurez sur votre machine (superplan par exemple) plus que 30 connexions simu. donc ce n'est pas la peine de mettre des chiffres genre 100. si vous le faites qu'est-ce qui va se passer ? vous allez swapper pour rien puisqu'apache creera des slots pour une ou 2 connexions et ne pourra jamais les tuer rapidement (à cause de MaxRequestsPerChild). vous allez vous retrouver avec une ram explosé. et si je laisse 30 ça va rammer ? non, car apache gera et devra utiliser les slots libres encore (!!!) au lieu d'en créer des slots pour rien. oui c'est un peu bizarre mais c'est comme ça. concernant MaxRequestsPerChild, ça permet de proteger apache pourqu'il ne prenne pas trop de ram. si MaxRequestsPerChild est très grand qu'est-ce qui se passe ? vous allez swapper. exemple precis avec MaxRequestsPerChild 300000: 1ere connexion sur un slot, un fichier html (ça va) 2ème connexion sur ce même slot, un php qui va prendre 8Mo à partir de ce moment là ce slot va prendre 8Mo pour TOUTES les connexions suivantes même s'il en a pas besoins. 29999 connexion votre slot prend le MAX(ram de toutes les connexions) 30000 il est tué et libere toute la ram si MaxRequestsPerChild est très très petit genre 1 ça voudra dire que à chaque connexion au slot juste après slot est tué. vous allez bouffer un peu plus de CPU. si vous faites moins de 20 req/sec on s'en fout car c'est pas assez pour voir la difference.
 
WRInaute accro
c'est fou qu'on arrive pas à identifier clairement la source de ta surcharge ! Et pourtant, il n'y a pas 36 millions de possibilités :
- apache
- mail
- mysql
- (d)dos

allez, courage :-)
 
WRInaute occasionnel
Ok merci.

Arno-iptables-firewall protege-t-il bien des attaques DDOS ?

Sinon, y a t-il un moyen de mieux surveiller ce soucis de load average ? J'utilise Cacti qui polle le daemon snmp toutes les 5 minutes, et je n'arrive pas a changer cette cette valeur. donc ce n'est pas tres précis. J'aimerais avoir des stats de mon load average toutes les 1 minutes par exemple.
 
WRInaute occasionnel
mahefarivony a dit:
chez moi j'ai:

KeepAlive on
MaxKeepAliveRequests 90
KeepAliveTimeout 2
MinSpareServers 1
MaxSpareServers 8
StartServers 5
MaxClients 165
MaxRequestsPerChild 1
(ne pas oublier de faire un apache reload)

Avec cette config, les process apache se recyclent très vite et le serveur conserve une charge raisonnable : jamais plus de 4 en load.

et n'oublies pas d'installer logwatch, ça permet de détecter les "acharnés" sur ton serveur.

Peux tu aussi nous indiquer le nombre de process quand le serveur s'emballe vraiment ? ( Load > 10 )

a lire aussi l'article de fandecine qui avait fait un dossier sur ce sujet httpd.conf

C'est déja un bon serveur non ? moi sur des serveurs du type kimsufi c'est MaxClients 40 :roll:

Sinon webmaster@lemarchedutimbr a tu tenu compte de la remarque de fandecine ?
 
WRInaute occasionnel
Oui concernant la remarque de Fancedine, j'ai mis le KeepAlive On et el MaxKeepAliveRequests 500, ensuite à 90.

Voici le contenu de mon apache2.conf actuel :

Code:
ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#</IfModule>
#</IfModule>

PidFile /var/run/apache2.pid

Timeout 300
KeepAlive On
MaxKeepAliveRequests 90
KeepAliveTimeout 2

<IfModule mpm_prefork_module>
    StartServers         5
    MinSpareServers      1
    MaxSpareServers      8
    MaxClients          50 
    MaxRequestsPerChild  1
</IfModule>



# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
    StartServers          2
    MaxClients          150
    MinSpareThreads      25
    MaxSpareThreads      75 
    ThreadsPerChild      25
    MaxRequestsPerChild   0
</IfModule>

User www-data
Group www-data

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

TypesConfig /etc/mime.types

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf

# Include all the user configurations:
Include /etc/apache2/httpd.conf

# Include ports listing
Include /etc/apache2/ports.conf

# Include generic snippets of statements
Include /etc/apache2/conf.d/

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory 
# listings, mod_status and mod_info output etc., but not CGI generated 
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

<IfModule alias_module>
    #
    # Aliases: Add here as many aliases as you need (with no limit). The format is 
    # Alias fakename realname
    #
    # Note that if you include a trailing / on fakename then the server will
    # require it to be present in the URL.  So "/icons" isn't aliased in this
    # example, only "/icons/".  If the fakename is slash-terminated, then the 
    # realname must also be slash terminated, and if the fakename omits the 
    # trailing slash, the realname must also omit it.
    #
    # We include the /icons/ alias for FancyIndexed directory listings.  If
    # you do not use FancyIndexing, you may comment this out.
    #
    Alias /icons/ "/usr/share/apache2/icons/"

    <Directory "/usr/share/apache2/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

</IfModule>

#
# Directives controlling the display of server-generated directory listings.
#
<IfModule mod_autoindex.c>

    #
    # IndexOptions: Controls the appearance of server-generated directory
    # listings.
    #
    IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=*

    #
    # AddIcon* directives tell the server which icon to show for different
    # files or filename extensions.  These are only displayed for
    # FancyIndexed directories.
    #
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^

    #
    # DefaultIcon is which icon to show for files which do not have an icon
    # explicitly set.
    #
    DefaultIcon /icons/unknown.gif

    #
    # AddDescription allows you to place a short description after a file in
    # server-generated indexes.  These are only displayed for FancyIndexed
    # directories.
    # Format: AddDescription "description" filename
    #
    #AddDescription "GZIP compressed document" .gz
    #AddDescription "tar archive" .tar
    #AddDescription "GZIP compressed tar archive" .tgz

    #
    # ReadmeName is the name of the README file the server will look for by
    # default, and append to directory listings.
    #
    # HeaderName is the name of a file which should be prepended to
    # directory indexes. 
    ReadmeName README.html
    HeaderName HEADER.html

    #
    # IndexIgnore is a set of filenames which directory indexing should ignore
    # and not include in the listing.  Shell-style wildcarding is permitted.
    #
    IndexIgnore .??* *~ *# RCS CVS *,v *,t 
</IfModule>

<IfModule mod_mime.c>

    #
    # AddType allows you to add to or override the MIME configuration
    # file mime.types for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    # Despite the name similarity, the following Add* directives have
    # nothing to do with the FancyIndexing customization directives above.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # DefaultLanguage and AddLanguage allows you to specify the language of 
    # a document. You can then use content negotiation to give a browser a 
    # file in a language the user can understand.
    #
    # Specify a default language. This means that all data
    # going out without a specific language tag (see below) will 
    # be marked with this one. You probably do NOT want to set
    # this unless you are sure it is correct for all cases.
    #
    # * It is generally better to not mark a page as 
    # * being a certain language than marking it with the wrong
    # * language!
    #
    # DefaultLanguage nl
    #
    # Note 1: The suffix does not have to be the same as the language
    # keyword --- those with documents in Polish (whose net-standard
    # language code is pl) may wish to use "AddLanguage pl .po" to
    # avoid the ambiguity with the common suffix for perl scripts.
    #
    # Note 2: The example entries below illustrate that in some cases 
    # the two character 'Language' abbreviation is not identical to 
    # the two character 'Country' code for its country,
    # E.g. 'Danmark/dk' versus 'Danish/da'.
    #
    # Note 3: In the case of 'ltz' we violate the RFC by using a three char
    # specifier. There is 'work in progress' to fix this and get
    # the reference data for rfc1766 cleaned up.
    #
    # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
    # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
    # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
    # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
    # Norwegian (no) - Polish (pl) - Portugese (pt)
    # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
    # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
    #
    AddLanguage ca .ca
    AddLanguage cs .cz .cs
    AddLanguage da .dk
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage en .en
    AddLanguage eo .eo
    AddLanguage es .es
    AddLanguage et .et
    AddLanguage fr .fr
    AddLanguage he .he
    AddLanguage hr .hr
    AddLanguage it .it
    AddLanguage ja .ja
    AddLanguage ko .ko
    AddLanguage ltz .ltz
    AddLanguage nl .nl
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddLanguage pt .pt
    AddLanguage pt-BR .pt-br
    AddLanguage ru .ru
    AddLanguage sv .sv
    AddLanguage zh-CN .zh-cn
    AddLanguage zh-TW .zh-tw
</IfModule>

<IfModule mod_negotiation.c>
    #
    # LanguagePriority allows you to give precedence to some languages
    # in case of a tie during content negotiation.
    #
    # Just list the languages in decreasing order of preference. We have
    # more or less alphabetized them here. You probably want to change this.
    #
    LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

    #
    # ForceLanguagePriority allows you to serve a result page rather than
    # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
    # [in case no accepted languages matched the available variants]
    #
    ForceLanguagePriority Prefer Fallback

</IfModule>

<IfModule mod_mime.c>
    #
    # Specify a default charset for all pages sent out. This is
    # always a good idea and opens the door for future internationalisation
    # of your web site, should you ever want it. Specifying it as
    # a default does little harm; as the standard dictates that a page
    # is in iso-8859-1 (latin1) unless specified otherwise i.e. you
    # are merely stating the obvious. There are also some security
    # reasons in browsers, related to javascript and URL parsing
    # which encourage you to always set a default char set.
    #
    #AddDefaultCharset ISO-8859-1

    #
    # Commonly used filename extensions to character sets. You probably
    # want to avoid clashes with the language extensions, unless you
    # are good at carefully testing your setup after each change.
    # See http://www.iana.org/assignments/character-sets for the
    # official list of charset names and their respective RFCs.
    #
    AddCharset us-ascii    .ascii .us-ascii
    AddCharset ISO-8859-1  .iso8859-1  .latin1
    AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
    AddCharset ISO-8859-3  .iso8859-3  .latin3
    AddCharset ISO-8859-4  .iso8859-4  .latin4
    AddCharset ISO-8859-5  .iso8859-5  .cyr .iso-ru
    AddCharset ISO-8859-6  .iso8859-6  .arb .arabic
    AddCharset ISO-8859-7  .iso8859-7  .grk .greek
    AddCharset ISO-8859-8  .iso8859-8  .heb .hebrew
    AddCharset ISO-8859-9  .iso8859-9  .latin5 .trk
    AddCharset ISO-8859-10  .iso8859-10  .latin6
    AddCharset ISO-8859-13  .iso8859-13
    AddCharset ISO-8859-14  .iso8859-14  .latin8
    AddCharset ISO-8859-15  .iso8859-15  .latin9
    AddCharset ISO-8859-16  .iso8859-16  .latin10
    AddCharset ISO-2022-JP .iso2022-jp .jis
    AddCharset ISO-2022-KR .iso2022-kr .kis
    AddCharset ISO-2022-CN .iso2022-cn .cis
    AddCharset Big5        .Big5       .big5 .b5
    AddCharset cn-Big5     .cn-big5
    # For russian, more than one charset is used (depends on client, mostly):
    AddCharset WINDOWS-1251 .cp-1251   .win-1251
    AddCharset CP866       .cp866
    AddCharset KOI8      .koi8
    AddCharset KOI8-E      .koi8-e
    AddCharset KOI8-r      .koi8-r .koi8-ru
    AddCharset KOI8-U      .koi8-u
    AddCharset KOI8-ru     .koi8-uk .ua
    AddCharset ISO-10646-UCS-2 .ucs2
    AddCharset ISO-10646-UCS-4 .ucs4
    AddCharset UTF-7       .utf7
    AddCharset UTF-8       .utf8
    AddCharset UTF-16      .utf16
    AddCharset UTF-16BE    .utf16be
    AddCharset UTF-16LE    .utf16le
    AddCharset UTF-32      .utf32
    AddCharset UTF-32BE    .utf32be
    AddCharset UTF-32LE    .utf32le
    AddCharset euc-cn      .euc-cn
    AddCharset euc-gb      .euc-gb
    AddCharset euc-jp      .euc-jp
    AddCharset euc-kr      .euc-kr
    #Not sure how euc-tw got in - IANA doesn't list it???
    AddCharset EUC-TW      .euc-tw
    AddCharset gb2312      .gb2312 .gb
    AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
    AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
    AddCharset shift_jis   .shift_jis .sjis

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    #
    # For files that include their own HTTP headers:
    #
    #AddHandler send-as-is asis

    #
    # For server-parsed imagemap files:
    #
    #AddHandler imap-file map

    #
    # For type maps (negotiated resources):
    # (This is enabled by default to allow the Apache "It Worked" page
    #  to be distributed in multiple languages.)
    #
    AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections.  We use 
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
#   Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, 
# even on a per-VirtualHost basis.  The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation.  To activate them, uncomment the following 30 lines.

#    Alias /error/ "/usr/share/apache2/error/"
#
#    <Directory "/usr/share/apache2/error">
#        AllowOverride None
#        Options IncludesNoExec
#        AddOutputFilter Includes html
#        AddHandler type-map var
#        Order allow,deny
#        Allow from all
#        LanguagePriority en cs de es fr it nl sv pt-br ro
#        ForceLanguagePriority Prefer Fallback
#    </Directory>
#
#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
#    ErrorDocument 410 /error/HTTP_GONE.html.var
#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

<IfModule mod_setenvif.c>
    #
    # The following directives modify normal HTTP response behavior to
    # handle known problems with browser implementations.
    #
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0

    #
    # The following directive disables redirects on non-GET requests for
    # a directory that does not include the trailing slash.  This fixes a 
    # problem with Microsoft WebFolders which does not appropriately handle 
    # redirects for folders with DAV methods.
    # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
    #
    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
    BrowserMatch "MS FrontPage" redirect-carefully
    BrowserMatch "^WebDrive" redirect-carefully
    BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
    BrowserMatch "^gnome-vfs/1.0" redirect-carefully
    BrowserMatch "^XML Spy" redirect-carefully
    BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
</IfModule>

<IfModule mod_status.c>
    
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    # Change the ".example.com" to match your domain to enable.
	<Location /server-status>
	SetHandler server-status
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
	</Location>
	ExtendedStatus On    
</IfModule>

<IfModule mod_dosevasive20.c>
	DOSHashTableSize 3097
	DOSPageCount 2
	DOSSiteCount 5
	DOSPageInterval 1
	DOSSiteInterval 1
	DOSBlockingPeriod 10
</IfModule>

#<IfModule mod_info.c>
    #
    # Allow remote server configuration reports, with the URL of
    #  http://servername/server-info (requires that mod_info.c be loaded).
    # Change the ".example.com" to match your domain to enable.
    #
    #<Location /server-info>
    #    SetHandler server-info
    #    Order deny,allow
    #    Deny from all
    #    Allow from .example.com
    #</Location>
#</IfModule>

<Location />
	SetOutputFilter DEFLATE
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
	SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
	Header append Vary User-Agent env=!dont-vary
</Location>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

AddDefaultCharset ISO-8859-1
DefaultLanguage fr

ServerSignature Off
ServerTokens Prod

<Directory /var/www/phpmyadmin>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
</Directory>
<Directory /var/www/touteslesmiss>
	Options -Indexes
</Directory>


NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.touteslesmiss.com
ServerAlias touteslesmiss.com *.touteslesmiss.com
DocumentRoot /var/www/touteslesmiss

ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/touteslesmiss.log combined
</VirtualHost>
 
WRInaute impliqué
change de box, ma première je l'ai gardé deux jours, elle frisait malgré que le test etait ok
sinon est-ce que cela est venu subitement ou est-ce que cela a toujours été ainsi ?
 
WRInaute occasionnel
C'est ce que je vais faire.
J'etait sous ubuntu feisty. Vous me conseillez une ancienne version ou alors une debian (jamais tenté...) ?
 
WRInaute passionné
La meilleure approche c'est de desactiver tous les services sauf le serveur web. Si ton probléme persiste, cela vient d'apache, sinon, tu recommence en ne laissant actif que le mail etc etc...

Une fois le service incriminé trouvé, il te sera plus facile de régler le problème.

Mais si tu veux changer de distrib, prends une Debian, plus stable ça n'existe pas :wink:
 
WRInaute occasionnel
Je viens de changer de dédibox, + réinstall de Debian Etch (au lieu d'Ubuntu), on va donc voir...

j'ai fais un script bash s'executant toutes les minutes me donnant les processus en cours si le load average est trop élévé :

Code:
#!/bin/bash
NOW="$(date +'%d-%m-%Y')"

TEST="$(echo $rload | sed s/,//g | awk '{ print $2}')"

if [[ "$TEST" > "10.00" ]]; then
        echo -e "load average" "$TEST" " > 10.00 ($NOW)"
        ps aux
fi
 
WRInaute occasionnel
Le problème semble toujours subvenir.
Par moment mon serveur est difficilement accessible. C'est le cas il y a quelques minutes ou j'ai mis du temps a avoir la main en ssh et afficher la page de mon site (cf sreens)

Si quelqu'un pouvait m'aider à analyser le probleme et me dire d'où cela pourrais venir...





Code:
ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   1844    72 ?        Ss   Jan06   0:04 init [2]
root         2  0.0  0.0      0     0 ?        SN   Jan06   0:00 [ksoftirqd/0]
root         3  0.0  0.0      0     0 ?        S<   Jan06   0:00 [events/0]
root         4  0.0  0.0      0     0 ?        S<   Jan06   0:00 [khelper]
root         5  0.0  0.0      0     0 ?        S<   Jan06   0:00 [kthread]
root        28  0.0  0.0      0     0 ?        S<   Jan06   0:00 [kblockd/0]
root        29  0.0  0.0      0     0 ?        S<   Jan06   0:00 [ata/0]
root        30  0.0  0.0      0     0 ?        S<   Jan06   0:00 [ata_aux]
root        31  0.0  0.0      0     0 ?        S<   Jan06   0:00 [kseriod]
root        65  0.0  0.0      0     0 ?        S<   Jan06   0:17 [kswapd0]
root        66  0.0  0.0      0     0 ?        S<   Jan06   0:00 [aio/0]
root        67  0.0  0.0      0     0 ?        S<   Jan06   0:00 [jfsIO]
root        68  0.0  0.0      0     0 ?        S<   Jan06   0:00 [jfsCommit]
root        69  0.0  0.0      0     0 ?        S<   Jan06   0:00 [jfsSync]
root        70  0.0  0.0      0     0 ?        S<   Jan06   0:00 [xfslogd/0]
root        71  0.0  0.0      0     0 ?        S<   Jan06   0:00 [xfsdatad/0]
root       684  0.0  0.0      0     0 ?        S<   Jan06   0:00 [scsi_eh_0]
root       685  0.0  0.0      0     0 ?        S<   Jan06   0:00 [scsi_eh_1]
root       708  0.0  0.0      0     0 ?        S<   Jan06   0:00 [kcryptd/0]
root       717  0.0  0.0      0     0 ?        S<   Jan06   0:04 [kjournald]
root       832  0.0  0.0   2176     4 ?        S<s  Jan06   0:00 udevd --daemon
root      1736  0.0  0.0      0     0 ?        S<   Jan06   0:00 [kjournald]
root      2005  0.0  0.0   1624   252 ?        Ss   Jan06   0:02 /sbin/syslogd
root      2011  0.0  0.0   1576   200 ?        Ss   Jan06   0:03 /sbin/klogd -x
root      2078  0.0  0.0   1744     4 ?        Ss   Jan06   0:00 /usr/sbin/inetd
daemon    2125  0.0  0.0   1828     4 ?        Ss   Jan06   0:00 /usr/sbin/atd
root      2159  0.0  0.0   1568     4 tty1     Ss+  Jan06   0:00 /sbin/getty 38400 tty1
root      2160  0.0  0.0   1572     4 tty2     Ss+  Jan06   0:00 /sbin/getty 38400 tty2
root      2161  0.0  0.0   1568     4 tty3     Ss+  Jan06   0:00 /sbin/getty 38400 tty3
root      2162  0.0  0.0   1572     4 tty4     Ss+  Jan06   0:00 /sbin/getty 38400 tty4
root      2163  0.0  0.0   1568     4 tty5     Ss+  Jan06   0:00 /sbin/getty 38400 tty5
root      2166  0.0  0.0   1572     4 tty6     Ss+  Jan06   0:00 /sbin/getty 38400 tty6
root      3488  0.0  0.0   4920     4 ?        Ss   Jan06   0:00 /usr/sbin/sshd
root      4044  0.0  0.0   3660   544 ?        S    Jan06   0:00 /bin/sh /usr/bin/mysqld_safe
nobody    4666  0.0  0.0   2652   240 ?        Ss   Jan06   0:06 proftpd: (accepting connections)
root      7805  0.0  0.0   1852     4 ?        S    Jan06   0:00 /usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/u
root      7809  0.0  0.0   1620     4 ?        S    Jan06   0:00 /usr/sbin/courierlogger courierpop3login
root      7863  0.0  0.0   1752     4 ?        S    Jan06   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -na
root      7864  0.0  0.0   1848     4 ?        S    Jan06   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup
root      7935  0.0  0.0   1752     4 ?        S    Jan06   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=i
root      7936  0.0  0.0   1848     4 ?        S    Jan06   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslooku
root      7984  0.0  0.0   1748     4 ?        S    Jan06   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -na
root      7985  0.0  0.0   1848     4 ?        S    Jan06   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslooku
root      8327  0.0  0.0   3732     4 ?        S    18:40   0:00 /USR/SBIN/CRON
root      8328  0.0  0.0   3612     8 ?        Ss   18:40   0:00 /bin/sh -c wget --user=administrateur --password= http://www.t
root      8329  0.0  0.0   5060     8 ?        S    18:40   0:00 wget --user=administrateur --password= http://www.touteslesmis
root      8533  0.0  0.0   3732     4 ?        S    19:40   0:00 /USR/SBIN/CRON
root      8534  0.0  0.0   3612     8 ?        Ss   19:40   0:00 /bin/sh -c wget --user=administrateur --password= http://www.t
root      8535  0.0  0.0   5060     8 ?        S    19:40   0:00 wget --user=administrateur --password= http://www.touteslesmis
www-data  8748  0.0  0.0  40024   908 ?        S    20:02   0:04 /usr/sbin/apache2 -k start
root      8779  0.0  0.0   7692     8 ?        Ss   20:07   0:00 sshd: link182 [priv]
link182   8783  0.0  0.0   7844   316 ?        S    20:07   0:02 sshd: link182@pts/0
link182   8784  0.0  0.0   5616     4 pts/0    Ss   20:07   0:00 -bash
root      8866  0.0  0.0   3708     4 pts/0    S    20:09   0:00 su
root      8867  0.0  0.0   4268   672 pts/0    S    20:09   0:00 bash
www-data  8931  0.0  0.0  40372   924 ?        S    20:15   0:03 /usr/sbin/apache2 -k start
root      8988  0.0  0.0   3732     4 ?        S    20:40   0:00 /USR/SBIN/CRON
root      8989  0.0  0.0   3612     8 ?        Ss   20:40   0:00 /bin/sh -c wget --user=administrateur --password= http://www.t
root      8990  0.0  0.0   5060     8 ?        S    20:40   0:00 wget --user=administrateur --password= http://www.touteslesmis
www-data  9005  0.0  0.0  40024   884 ?        S    20:46   0:05 /usr/sbin/apache2 -k start
www-data  9038  0.0  0.4  39780  4080 ?        S    21:05   0:03 /usr/sbin/apache2 -k start
www-data  9062  0.0  0.0  40040   928 ?        S    21:11   0:04 /usr/sbin/apache2 -k start
root      9110  0.0  0.0   3732     4 ?        S    21:40   0:00 /USR/SBIN/CRON
root      9111  0.0  0.0   3612     8 ?        Ss   21:40   0:00 /bin/sh -c wget --user=administrateur --password= http://www.t
root      9112  0.0  0.0   5060     8 ?        S    21:40   0:00 wget --user=administrateur --password= http://www.touteslesmis
www-data  9153  0.0  0.4  39784  4256 ?        S    21:48   0:02 /usr/sbin/apache2 -k start
www-data  9154  0.0  0.0  40016   880 ?        S    21:48   0:04 /usr/sbin/apache2 -k start
www-data  9156  0.0  0.0  40024   904 ?        S    21:48   0:05 /usr/sbin/apache2 -k start
www-data  9192  0.0  0.0  40048   844 ?        S    21:56   0:03 /usr/sbin/apache2 -k start
www-data  9215  0.0  0.4  39760  4112 ?        S    22:00   0:04 /usr/sbin/apache2 -k start
www-data  9243  0.0  0.0  40008   892 ?        S    22:10   0:03 /usr/sbin/apache2 -k start
www-data  9291  0.0  0.0  40004   920 ?        S    22:34   0:02 /usr/sbin/apache2 -k start
www-data  9292  0.0  0.0  40028   928 ?        S    22:34   0:03 /usr/sbin/apache2 -k start
www-data  9299  0.0  0.0  40004   924 ?        S    22:34   0:00 /usr/sbin/apache2 -k start
www-data  9300  0.0  0.0  40004   928 ?        S    22:34   0:02 /usr/sbin/apache2 -k start
www-data  9329  0.0  0.0  39996   928 ?        S    22:35   0:00 /usr/sbin/apache2 -k start
www-data  9330  0.1  0.0  40000   840 ?        S    22:35   0:04 /usr/sbin/apache2 -k start
root      9345  0.0  0.0   3732     4 ?        S    22:40   0:00 /USR/SBIN/CRON
root      9346  0.0  0.0   3612     8 ?        Ss   22:40   0:00 /bin/sh -c wget --user=administrateur --password= http://www.t
root      9347  0.0  0.0   5060     8 ?        S    22:40   0:00 wget --user=administrateur --password= http://www.touteslesmis
www-data  9365  0.1  0.0  39996   924 ?        S    22:49   0:04 /usr/sbin/apache2 -k start
www-data  9378  0.0  0.0  39996   920 ?        S    22:49   0:02 /usr/sbin/apache2 -k start
postfix   9417  0.0  0.0   4820   168 ?        S    22:53   0:00 pickup -l -t fifo -u -c
www-data  9426  0.0  0.0  40004   904 ?        S    22:56   0:02 /usr/sbin/apache2 -k start
www-data  9435  0.2  0.4  39772  4288 ?        S    22:57   0:05 /usr/sbin/apache2 -k start
www-data  9453  0.3  0.0  39996   808 ?        S    23:16   0:04 /usr/sbin/apache2 -k start
www-data  9464  0.3  0.0  40032   876 ?        S    23:23   0:03 /usr/sbin/apache2 -k start
www-data  9469  0.4  0.0  39988   884 ?        S    23:26   0:03 /usr/sbin/apache2 -k start
www-data  9472  0.3  0.4  39748  4112 ?        S    23:26   0:02 /usr/sbin/apache2 -k start
www-data  9475  0.1  0.4  39728  4112 ?        S    23:28   0:00 /usr/sbin/apache2 -k start
www-data  9479  0.8  0.4  39728  4196 ?        S    23:34   0:02 /usr/sbin/apache2 -k start
www-data  9481  0.7  0.4  39636  4356 ?        S    23:34   0:02 /usr/sbin/apache2 -k start
www-data  9483  0.8  0.4  39736  4388 ?        S    23:34   0:02 /usr/sbin/apache2 -k start
root      9490  0.0  0.0      0     0 ?        S    23:34   0:00 [pdflush]
www-data  9492  0.3  0.4  39636  4180 ?        S    23:35   0:00 /usr/sbin/apache2 -k start
www-data  9494  1.0  0.5  39636  5284 ?        S    23:35   0:02 /usr/sbin/apache2 -k start
root      9509  0.0  0.0      0     0 ?        S    23:36   0:00 [pdflush]
www-data  9515  0.0  0.5  39636  5488 ?        S    23:38   0:00 /usr/sbin/apache2 -k start
www-data  9517  0.6  0.6  39736  6696 ?        S    23:38   0:00 /usr/sbin/apache2 -k start
www-data  9519  0.0  0.5  39740  6080 ?        S    23:38   0:00 /usr/sbin/apache2 -k start
mysql     9531  2.8  1.6 127248 16852 ?        Sl   23:38   0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql
root      9532  0.0  0.0   2740   560 ?        S    23:38   0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld
root      9558  0.0  0.0   3424   984 pts/0    R+   23:39   0:00 ps aux
root     13484  0.0  0.0   6292     4 ?        Ss   Jan06   0:00 /usr/sbin/saslauthd -a pam
root     13485  0.0  0.0   6292     4 ?        S    Jan06   0:00 /usr/sbin/saslauthd -a pam
root     13486  0.0  0.0   6292     4 ?        S    Jan06   0:00 /usr/sbin/saslauthd -a pam
root     13487  0.0  0.0   6292     4 ?        S    Jan06   0:00 /usr/sbin/saslauthd -a pam
root     13488  0.0  0.0   6292     4 ?        S    Jan06   0:00 /usr/sbin/saslauthd -a pam
root     13597  0.0  0.0   4808   196 ?        Ss   Jan06   0:02 /usr/lib/postfix/master
postfix  13599  0.0  0.0   5204   280 ?        S    Jan06   0:03 qmgr -l -t fifo -u
postfix  13607  0.0  0.0   4868     4 ?        S    Jan06   0:00 tlsmgr -l -t unix -u -c
root     13757  0.0  0.0   1748     4 ?        S    Jan06   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /u
root     13758  0.0  0.0   4164     8 ?        S    Jan06   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     13763  0.0  0.0   4208    20 ?        S    Jan06   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     13764  0.0  0.0   4164    12 ?        S    Jan06   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     13765  0.0  0.0   4164     8 ?        S    Jan06   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     13766  0.0  0.0   4208     4 ?        S    Jan06   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     13767  0.0  0.0   4208    44 ?        S    Jan06   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     14204  0.0  0.0   3396   220 ?        Ss   Jan06   0:00 /usr/sbin/cron
root     31590  0.0  0.0  39104   276 ?        Ss   Jan06   0:02 /usr/sbin/apache2 -k start
www-data 31657  0.0  0.0   4348    76 ?        S    Jan06   0:07 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

Merci.

PS : Concernant les lignes ou il y Lighttpd : Lighty tourne sur le port 81 juste pour le teste, c'est apache2 qui tourne actuellement.
 
WRInaute impliqué
Bonjour,

Je dispose d'une dedibox (en raid1) et la personne qui gere le serveur me dit que le load average est egalement anormalement elevé, j'ai tres peu de traffic 400 personnes max par jour. L'outil Cacti me donne comme valeur des montées à 4, à la lecture de ce post et des chiffres annoncés par link182 je vous pose cette question quelle est la valeur moyenne qui indique une fonctionnement normal du serveur ,a partir de quand on peut s'inquieter d'une surcharge. Merci

Florent
 
WRInaute occasionnel
Bonjour
j'ai une question , apres quelle valeur on doit s'inquité pour le load average?

> 10 , > 5 ???
 
WRInaute discret
Un load average de manière permente supérieure à N fois le nombre de coeurs de processeurs dans la bécane n'est pas tout a fait normal.

@+
 
Nouveau WRInaute
link182 a dit:
ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 8329 0.0 0.0 5060 8 ? S 18:40 0:00 wget http://www....
root 8534 0.0 0.0 3612 8 ? Ss 19:40 0:00 /bin/sh -c wget http://www....
root 8535 0.0 0.0 5060 8 ? S 19:40 0:00 wget http://www....

bonsoir,

Est ce toi qui est à l'origine de ces lignes dans ces processus?
si non, il faudrait trouver ce qui fait des téléchargement.

si ce n'est pas toi, il y a peut etre une faille dans l'un des logiciels web qui sont installé sur ton serveur. il existe des "robots" qui tentent toutes les failles de sécurité possibles, et qui peuvent générer des 10aines/100aines de connexions par secondes sur un meme site.

voila, j'espere que ca pourra t'aider.

courage et tient nous au courant.

EM.
 
WRInaute occasionnel
Oui les WGET sont des tâches cron que j'execute, mais c'est juste quelques requetes PHP.

je ne sais pas si faire une alerte sur le load average est utile (style if load average > 10 alors print ps -aux dans un fichier), sachant que ce n'est pas une valeur instantanée mais une moyenne...
 
Nouveau WRInaute
Active le slow guery log sur ton mysql: http://dev.mysql.com/doc/refman/5.0/en/ ... y-log.html , c'est une option a passer au binaire de mysql pour lui dire de logguer toutes les requettes qui prennent trop de temps, il est reglé par defaut a 10 secondes, personnelement je le descend a 2 secondes.

Une fois cette option activée, laisse tourner ta base 1 ou 2 jours et utilise la commande mysqldumpslow pour obtenir les requettes les plus lentes par temps somme du temps consommé.

Execute ces requettes avec un explain pour comprendre pourquoi elles prenent autant de temps (ex: oublis d'un index sur une jointure). Il arrive de maniere fréquente que mysql fasse monter la charge trés vite (surment des requettes d'un de tes scripts cron)
 
WRInaute passionné
heu une remarque comme ça

- tu as une dédibox, sur laquelle tourne un site/apache pas trop chargé en VU mais loadaverage délirante

Es tu sûr que ce soit bien de toi qu'il s'agit ??

Je veux dire, est ce que ce n'est pas un autre utilisateur de la dédibox qui surcharge le système ??
 
WRInaute occasionnel
Crazypops > j'avais déja activé le slow guery log, et corrigé les éventuels problemes de requetes (principalement des oublis d'index)

tofm2 > je suis le seul utilisateur

Depuis que j'ai changé de dédibox et fais une réinstall sous Debian Etch, et non Ubuntu, on dirait que ca se passe mieux. Mes sites sont réactifs, et j'ai la main rapidement en SSH à n'importe quel moment de la journée. Mais je suis pas devant toute la journée pour surveiller le load average...
 
WRInaute occasionnel
J'ai installé MRTG sur mon serveur et apparement le loas average ne dépasse jamais 1 (surveillance depuis 3 jours).

Le changement de dédibox + passage sous Debian Etch doit y être pour quelque chose :)
 
WRInaute impliqué
clap, clap, :D

mes recherches sur le meme probleme m'ont souvent amené sur wri et d'autres sites a lire tes longs posts desesperés, ca me donne un espoir car je vais migrer le site sur un autre serveur.

Florent
 
WRInaute impliqué
Et bien voila, j'ai migré sur un autre serveur qui n'est plus dedibox et cela tourne bien. J'ai meme constaté un load average elevé sur la dedibox lors que j'avais migré le site. Fin de l'aventure Dedibox.

F
 
Nouveau WRInaute
bonjour, je remarque que ce topic est vieux d'il y a plus de 5 ans!!
cependant, aujourd'hui je rencontre le même problème, et je n'ai pas trouvé de forum récent parlant de ça!!!
quelqu'un aurait une idée de réponse! ???????????
 
WRInaute passionné
abdeslem.menacere a dit:
bonjour, je remarque que ce topic est vieux d'il y a plus de 5 ans!!
cependant, aujourd'hui je rencontre le même problème, et je n'ai pas trouvé de forum récent parlant de ça!!!
quelqu'un aurait une idée de réponse! ???????????
Ca peut-être une boucle infini, un raid qui se reconstruit (ça peut être très long si tu as des gros disques).
Il faut aussi savoir que "élevé" ne veut rien dire :P
Des fois j'ai des pointes à 200 pendant quelques minutes, mais c'est prévu pour ;)
 
Discussions similaires
Haut