Alto tráfego/consumo Disco I/O Trava servidor.

1. Alto tráfego/consumo Disco I/O Trava servidor.

cajuninho
(usa Outra)

Enviado em 06/07/2015 - 10:41h

Boa dia sou novo com administração de servidores linux, estou com um problema e gostaria de saber como identificar a causa.

Após a instalação de um site em wordpress no servidor ele esta travando por conta do uso do disco, no gráfico de disco entrada e saida sempre ficou abaixo de 2% após a instalação do wordpress fica nesse mesmo nivel porem da um determinado momento que sobe pra 60% e se mantem constante e trava, após travamento reinicio o servidor ele normaliza.

Acredito que seja algum tipo de ataque porque após reiniciar o servidor ele se mantem normal, ai sem explicação (ataque) ele sobe pra 60 e trava novamente até reiniciar.

Exite algum log que eu vejo o que acontece? Como faço pra identificar se realmente é algum ataque?

Obrigado.

0 0

Quote

2. Re: Alto tráfego/consumo Disco I/O Trava servidor.

zhushazang
(usa Gentoo)

Enviado em 06/07/2015 - 11:23h

Achei no google,

https://nacin.com/2010/04/23/5-ways-to-debug-wordpress/
https://www.elegantthemes.com/blog/tips-tricks/using-the-wordpress-debug-log

Fora da aplicação, todos os logs provavelmente estarão de forma recursiva em /var/log.

Ferramentas como htop, atop, ps ax, lsof podem te ajudar.

Qual a configuração deste servidor em relação ao hardware, está bem dimensionado?
Em relação a ataque, o que te diz o tcpdump? Se tem dúvidas quanto a integridade do servidor, coloque um IDS na frente dele.

Atenciosamente
---
Hail Hydra!

1 0

Quote

3. Re: Alto tráfego/consumo Disco I/O Trava servidor.

removido
(usa Nenhuma)

Enviado em 06/07/2015 - 12:46h

Tente montar as partições em modo síncrono (veja man fstab).

Verifique na BIOS eventuais configurações de disco que possam ser modificadas.

Teste seus discos com fsck.

0 0

Quote

4. Re: Alto tráfego/consumo Disco I/O Trava servidor.

cajuninho
(usa Outra)

Enviado em 06/07/2015 - 17:19h

zhushazang escreveu:

Achei no google,

https://nacin.com/2010/04/23/5-ways-to-debug-wordpress/
https://www.elegantthemes.com/blog/tips-tricks/using-the-wordpress-debug-log

Fora da aplicação, todos os logs provavelmente estarão de forma recursiva em /var/log.

Ferramentas como htop, atop, ps ax, lsof podem te ajudar.

Qual a configuração deste servidor em relação ao hardware, está bem dimensionado?
Em relação a ataque, o que te diz o tcpdump? Se tem dúvidas quanto a integridade do servidor, coloque um IDS na frente dele.

Atenciosamente
---
Hail Hydra!

Obrigado pela resposta!

Estou sofrendo ataque de alguém, não sei como identificar, sofri um ataque agora pouco as 16h, meu site fica usando o Disco 1 a 2 % ai chega de uma vez e sobe pra 100% a leitura, não sei como identificar como estão me atacando tem mais de 6 meses funcionando corretamente.

Eu uso uol cloud computing

0 0

Quote

5. Re: Alto tráfego/consumo Disco I/O Trava servidor.

anewvision
(usa Debian)

Enviado em 06/07/2015 - 18:23h

Amigo tu precisa primeiro identificar se é ataque de fato. Tu faz esta medição local? se for, desconecta a rede e ver se ocorre o problema. Eu duvido que seja. Aparentemente não está consultando o cache de disco, esta indo direto ler nos discos. Outra possibilitade é de os HDs ou outro item de hardware estarem com defeito. Faça também o que o colega sugeriu. Execute # tail -f /var/log/messages e vê o retorno.
http://informatica.anewvision.com.br/

0 0

Quote

6. Re: Alto tráfego/consumo Disco I/O Trava servidor.

cajuninho
(usa Outra)

Enviado em 06/07/2015 - 18:47h

anewvision escreveu:

Amigo tu precisa primeiro identificar se é ataque de fato. Tu faz esta medição local? se for, desconecta a rede e ver se ocorre o problema. Eu duvido que seja. Aparentemente não está consultando o cache de disco, esta indo direto ler nos discos. Outra possibilitade é de os HDs ou outro item de hardware estarem com defeito. Faça também o que o colega sugeriu. Execute # tail -f /var/log/messages e vê o retorno.
http://informatica.anewvision.com.br/

Este é meu syslog após travamento/ataque

Jul  6 09:29:47 meu-ip CRON[30443]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:30:40 meu-ip CRON[30448]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:30:42 meu-ip CRON[30449]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:30:42 meu-ip CRON[30450]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:30:53 meu-ip kernel: [129150.665896] ata2: soft resetting link

Jul  6 09:30:53 meu-ip kernel: [129150.666154] ata1: soft resetting link

Jul  6 09:30:53 meu-ip kernel: [129150.829440] ata1: EH complete

Jul  6 09:30:53 meu-ip kernel: [129150.840317] ata2: EH complete

Jul  6 09:31:29 meu-ip vmsvc[1085]: [ warning] [vmsvc] Error in the RPC receive loop: RpcIn: Unable to send.

Jul  6 09:31:59 meu-ip CRON[30455]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:31:59 meu-ip CRON[30454]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:31:59 meu-ip CRON[30456]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:32:10 meu-ip kernel: [129228.542918] ata1: soft resetting link

Jul  6 09:32:10 meu-ip kernel: [129228.543388] ata2: soft resetting link

Jul  6 09:32:10 meu-ip kernel: [129228.706265] ata1: EH complete

Jul  6 09:32:10 meu-ip kernel: [129228.717385] ata2: EH complete

Jul  6 09:32:50 meu-ip CRON[30460]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:32:51 meu-ip CRON[30462]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:32:51 meu-ip CRON[30461]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:32:59 meu-ip kernel: [129277.572632] ata1: soft resetting link

Jul  6 09:32:59 meu-ip kernel: [129277.739495] ata1: EH complete

Jul  6 09:33:01 meu-ip kernel: [129279.464968] ata2: soft resetting link

Jul  6 09:33:01 meu-ip kernel: [129279.628178] ata2: EH complete

Jul  6 09:33:25 meu-ip kernel: [129303.932666] ata2: soft resetting link

Jul  6 09:33:25 meu-ip kernel: [129303.933281] ata1: soft resetting link

Jul  6 09:33:26 meu-ip kernel: [129304.099033] ata2: EH complete

Jul  6 09:33:26 meu-ip kernel: [129304.110193] ata1: EH complete

Jul  6 09:33:26 meu-ip CRON[30467]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:33:26 meu-ip CRON[30469]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:33:26 meu-ip CRON[30468]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:34:36 meu-ip kernel: [129369.734692] apache2 invoked oom-killer: gfp_mask=0x200da, order=0, oom_adj=0, oom_score_adj=0

Jul  6 09:34:38 meu-ip kernel: [129369.734702] apache2 cpuset=/ mems_allowed=0

Jul  6 09:34:38 meu-ip kernel: [129369.734708] Pid: 19957, comm: apache2 Not tainted 3.5.0-23-generic #35~precise1-Ubuntu

Jul  6 09:34:38 meu-ip kernel: [129369.734710] Call Trace:

Jul  6 09:34:38 meu-ip kernel: [129369.734726]  [<ffffffff810c7a0d>] ? cpuset_print_task_mems_allowed+0x9d/0xb0

Jul  6 09:34:38 meu-ip kernel: [129369.734736]  [<ffffffff816882ce>] dump_header+0x86/0xc0

Jul  6 09:34:38 meu-ip kernel: [129369.734740]  [<ffffffff816883bf>] oom_kill_process.part.9+0x55/0x264

Jul  6 09:34:38 meu-ip kernel: [129369.734746]  [<ffffffff8112b248>] ? select_bad_process+0x118/0x190

Jul  6 09:34:38 meu-ip kernel: [129369.734749]  [<ffffffff8112b2f4>] oom_kill_process+0x34/0x40

Jul  6 09:34:38 meu-ip kernel: [129369.734752]  [<ffffffff8112b69f>] out_of_memory+0xff/0x230

Jul  6 09:34:38 meu-ip kernel: [129369.734757]  [<ffffffff8113123a>] __alloc_pages_nodemask+0x91a/0x930

Jul  6 09:34:38 meu-ip kernel: [129369.734762]  [<ffffffff8108f1b8>] ? update_cfs_shares+0x78/0x90

Jul  6 09:34:38 meu-ip kernel: [129369.734767]  [<ffffffff8116b8f3>] alloc_pages_vma+0xb3/0x190

Jul  6 09:34:38 meu-ip kernel: [129369.734772]  [<ffffffff811608b2>] read_swap_cache_async+0xf2/0x160

Jul  6 09:34:38 meu-ip kernel: [129369.734776]  [<ffffffff811609ae>] swapin_readahead+0x8e/0xd0

Jul  6 09:34:38 meu-ip kernel: [129369.734780]  [<ffffffff8114df7c>] do_swap_page.isra.51+0x10c/0x620

Jul  6 09:34:38 meu-ip kernel: [129369.734783]  [<ffffffff811272a7>] ? unlock_page+0x27/0x30

Jul  6 09:34:39 meu-ip kernel: [129369.734787]  [<ffffffff8114c4a1>] ? __do_fault+0x421/0x520

Jul  6 09:34:39 meu-ip kernel: [129369.734790]  [<ffffffff8114fbb1>] handle_pte_fault+0x1a1/0x200

Jul  6 09:34:39 meu-ip kernel: [129369.734794]  [<ffffffff81150d69>] handle_mm_fault+0x269/0x340

Jul  6 09:34:39 meu-ip kernel: [129369.734799]  [<ffffffff816a25b0>] do_page_fault+0x150/0x520

Jul  6 09:34:39 meu-ip kernel: [129369.734805]  [<ffffffff810135fa>] ? __switch_to+0x17a/0x410

Jul  6 09:34:39 meu-ip kernel: [129369.734808]  [<ffffffff8108e590>] ? set_next_entity+0xa0/0xc0

Jul  6 09:34:39 meu-ip kernel: [129369.734812]  [<ffffffff81085f3a>] ? finish_task_switch+0x4a/0xf0

Jul  6 09:34:39 meu-ip kernel: [129369.734816]  [<ffffffff8169d264>] ? __schedule+0x3c4/0x700

Jul  6 09:34:39 meu-ip kernel: [129369.734820]  [<ffffffff8169ef25>] page_fault+0x25/0x30

Jul  6 09:34:39 meu-ip kernel: [129369.734822] Mem-Info:

Jul  6 09:34:39 meu-ip kernel: [129369.734826] Node 0 DMA per-cpu:

Jul  6 09:34:39 meu-ip kernel: [129369.734830] CPU    0: hi:    0, btch:   1 usd:   0

Jul  6 09:34:39 meu-ip kernel: [129369.734832] CPU    1: hi:    0, btch:   1 usd:   0

Jul  6 09:34:39 meu-ip kernel: [129369.734833] Node 0 DMA32 per-cpu:

Jul  6 09:34:39 meu-ip kernel: [129369.734835] CPU    0: hi:  186, btch:  31 usd:  30

Jul  6 09:34:40 meu-ip kernel: [129369.734837] CPU    1: hi:  186, btch:  31 usd:   0

Jul  6 09:34:40 meu-ip kernel: [129369.734842] active_anon:99377 inactive_anon:99423 isolated_anon:2149

Jul  6 09:34:40 meu-ip kernel: [129369.734842]  active_file:257 inactive_file:388 isolated_file:0

Jul  6 09:34:40 meu-ip kernel: [129369.734842]  unevictable:0 dirty:0 writeback:251 unstable:0

Jul  6 09:34:40 meu-ip kernel: [129369.734842]  free:12223 slab_reclaimable:3560 slab_unreclaimable:8740

Jul  6 09:34:40 meu-ip kernel: [129369.734842]  mapped:264 shmem:13 pagetables:21516 bounce:0

Jul  6 09:34:40 meu-ip kernel: [129369.734845] Node 0 DMA free:4624kB min:680kB low:848kB high:1020kB active_anon:4944kB inactive_anon:4960kB active_file:76kB inac$

Jul  6 09:34:40 meu-ip kernel: [129369.734851] lowmem_reserve[]: 0 992 992 992

Jul  6 09:34:40 meu-ip kernel: [129369.734856] Node 0 DMA32 free:44268kB min:44372kB low:55464kB high:66556kB active_anon:392564kB inactive_anon:392732kB active_fi$

Jul  6 09:34:40 meu-ip kernel: [129369.734862] lowmem_reserve[]: 0 0 0 0

Jul  6 09:34:40 meu-ip kernel: [129369.734865] Node 0 DMA: 26*4kB 13*8kB 8*16kB 14*32kB 7*64kB 7*128kB 2*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 4688kB

Jul  6 09:34:40 meu-ip kernel: [129369.734876] Node 0 DMA32: 251*4kB 295*8kB 1813*16kB 243*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB = 44244kB

Jul  6 09:34:40 meu-ip kernel: [129369.734885] 64881 total pagecache pages

Jul  6 09:34:40 meu-ip kernel: [129369.734887] 64227 pages in swap cache

Jul  6 09:34:40 meu-ip kernel: [129369.734889] Swap cache stats: add 109628974, delete 109564747, find 14519248/26790974

Jul  6 09:34:40 meu-ip kernel: [129369.734891] Free swap  = 4kB

Jul  6 09:34:40 meu-ip kernel: [129369.734892] Total swap = 3905532kB

Jul  6 09:34:40 meu-ip kernel: [129369.738994] 262128 pages RAM

Jul  6 09:34:40 meu-ip kernel: [129369.739003] 7639 pages reserved

Jul  6 09:34:40 meu-ip kernel: [129369.739009] 22084 pages shared

Jul  6 09:34:40 meu-ip kernel: [129369.739015] 238532 pages non-shared

Jul  6 09:34:41 meu-ip kernel: [129369.739021] [ pid ]   uid  tgid total_vm      rss cpu oom_adj oom_score_adj name

Jul  6 09:34:41 meu-ip kernel: [129369.739041] [  327]     0   327     4308        0   1       0             0 upstart-udev-br

Jul  6 09:34:41 meu-ip kernel: [129369.739051] [  329]     0   329     5425        1   0     -17         -1000 udevd

Jul  6 09:34:41 meu-ip kernel: [129369.739057] [  433]     0   433     5424        0   1     -17         -1000 udevd

Jul  6 09:34:41 meu-ip kernel: [129369.739062] [  434]     0   434     5424        0   0     -17         -1000 udevd

Jul  6 09:34:41 meu-ip kernel: [129369.739067] [  472]     0   472    12509       23   0     -17         -1000 sshd

Jul  6 09:34:41 meu-ip kernel: [129369.739072] [  475]   101   475    62465      102   0       0             0 rsyslogd

Jul  6 09:34:41 meu-ip kernel: [129369.739078] [  585]   102   585     5991        0   0       0             0 dbus-daemon

Jul  6 09:34:41 meu-ip kernel: [129369.739082] [  597]     0   597     3797        0   0       0             0 upstart-socket-

Jul  6 09:34:41 meu-ip kernel: [129369.739087] [  635]     0   635    19759        0   1       0             0 modem-manager

Jul  6 09:34:41 meu-ip kernel: [129369.739091] [  660]     0   660    56243       52   1       0             0 NetworkManager

Jul  6 09:34:41 meu-ip kernel: [129369.739095] [  671]     0   671    46647        0   0       0             0 polkitd

Jul  6 09:34:41 meu-ip kernel: [129369.739100] [  722]     0   722     3946        1   0       0             0 getty

Jul  6 09:34:41 meu-ip kernel: [129369.739104] [  729]     0   729     3946        1   1       0             0 getty

Jul  6 09:34:41 meu-ip kernel: [129369.739109] [  736]     0   736     3946        1   1       0             0 getty

Jul  6 09:34:42 meu-ip kernel: [129369.739113] [  738]     0   738     3946        1   1       0             0 getty

Jul  6 09:34:42 meu-ip kernel: [129369.739117] [  745]     0   745     3946        1   1       0             0 getty

Jul  6 09:34:42 meu-ip kernel: [129369.739122] [  768]   103   768    46916        0   1       0             0 whoopsie

Jul  6 09:34:42 meu-ip kernel: [129369.739126] [  770]     0   770     1082        0   1       0             0 acpid

Jul  6 09:34:42 meu-ip kernel: [129369.739131] [  778]     0   778     3996       22   0       0             0 irqbalance

Jul  6 09:34:42 meu-ip kernel: [129369.739135] [  789]     0   789     1816        0   1       0             0 dhclient

Jul  6 09:34:42 meu-ip kernel: [129369.739140] [  796]     0   796     4778       23   1       0             0 cron

Jul  6 09:34:42 meu-ip kernel: [129369.739143] [  797]     0   797     4227        0   1       0             0 atd

Jul  6 09:34:42 meu-ip kernel: [129369.739147] [ 1085]     0  1085    41868       94   1       0             0 vmtoolsd

Jul  6 09:34:42 meu-ip kernel: [129369.739151] [ 1121] 65534  1121     7205        0   0       0             0 dnsmasq

Jul  6 09:34:42 meu-ip kernel: [129369.739155] [ 1247]     0  1247    82712       60   1       0             0 apache2

Jul  6 09:34:42 meu-ip kernel: [129369.739159] [ 1275]     0  1275     3946        1   0       0             0 getty

Jul  6 09:34:42 meu-ip kernel: [129369.739164] [ 2093]     0  2093   260764        0   0       0             0 console-kit-dae

Jul  6 09:34:42 meu-ip kernel: [129369.739168] [13316]     0 13316    23661       26   1       0             0 proftpd

Jul  6 09:34:42 meu-ip kernel: [129369.739172] [19443]    33 19443    92205      865   1       0             0 apache2

Jul  6 09:34:42 meu-ip kernel: [129369.739177] [19664]    33 19664    91392      861   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739180] [19665]    33 19665    88555      903   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739184] [19666]    33 19666    91395      779   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739189] [19670]    33 19670    91916     1181   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739193] [19672]    33 19672    91565      683   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739197] [19679]    33 19679    91380      855   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739201] [19683]    33 19683    91379      874   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739205] [19685]    33 19685    93489     2022   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739209] [19686]    33 19686    91371      896   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739213] [19695]    33 19695    91698      949   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739217] [19697]    33 19697    91565      818   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739221] [19698]    33 19698    94320     1094   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739225] [19703]    33 19703    87970     1082   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739229] [19706]    33 19706    91575      770   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739234] [19711]    33 19711    91566      993   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739237] [19712]    33 19712    91577      895   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739241] [19717]    33 19717    86181     1094   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739245] [19728]    33 19728    86553     1528   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739248] [19731]    33 19731    89004      852   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739252] [19735]    33 19735    91559     1093   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739256] [19739]    33 19739    93455     1833   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739259] [19750]    33 19750    91376     1051   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739263] [19752]    33 19752    91566      967   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739267] [19797]    33 19797    94305     1026   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739270] [19866]    33 19866    86065      890   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739274] [19870]    33 19870    92074      926   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739277] [19872]    33 19872    92457      761   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739281] [19892]    33 19892    89050     1253   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739284] [19900]    33 19900    92273      707   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739288] [19903]    33 19903    86250      899   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739292] [19915]    33 19915    85893      936   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739295] [19918]    33 19918    88366      959   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739299] [19924]    33 19924    89006     1036   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739302] [19925]    33 19925    92463      743   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739306] [19936]    33 19936    88361      876   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739310] [19937]    33 19937    88366      892   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739313] [19938]    33 19938    88395      859   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739317] [19940]    33 19940    88370      996   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739321] [19941]    33 19941    88892      779   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739325] [19942]    33 19942    88361      943   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739340] [19943]    33 19943    94510     1136   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739345] [19944]    33 19944    88368      865   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739349] [19945]    33 19945    88361      857   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739353] [19946]    33 19946    88370      898   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739357] [19948]    33 19948    88361      867   1       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739360] [19949]    33 19949    88366      926   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739364] [19950]    33 19950    88368      963   0       0             0 apache2

Jul  6 09:34:43 meu-ip kernel: [129369.739368] [19953]    33 19953    88361      700   0       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739372] [19955]    33 19955    88370      843   0       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739375] [19957]    33 19957    88366      980   0       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739379] [19958]    33 19958    88371      880   0       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739382] [19959]    33 19959    88361      911   1       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739386] [19962]    33 19962    88366      949   1       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739389] [19963]    33 19963    92276      881   1       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739393] [19964]    33 19964    88378      954   1       0             0 apache2

Jul  6 09:34:44 meu-ip kernel: [129369.739397] [19967]    33 19967    92285      795   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739401] [19968]    33 19968    89151     1025   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739405] [19969]    33 19969    88368     1010   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739409] [19971]    33 19971    88368      850   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739413] [19972]    33 19972    88372      928   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739417] [19973]    33 19973    88361     1037   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739421] [19974]    33 19974    88366      786   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739425] [19975]    33 19975    94183     1079   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739429] [19977]    33 19977    92273      790   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739433] [19978]    33 19978    94956      933   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739438] [19979]    33 19979    88376      807   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739442] [19980]    33 19980    94187     1430   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739446] [19983]    33 19983    92980      954   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739469] [19984]    33 19984    88371      930   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739474] [19987]    33 19987    88366      999   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739478] [19988]    33 19988    88374     1037   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739482] [19989]    33 19989    88376      824   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739487] [19990]    33 19990    86861      801   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739491] [19991]    33 19991    87076      941   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739494] [19992]    33 19992    88368      830   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739498] [20121]    33 20121    86300     1115   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739502] [20129]    33 20129    86178      836   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739506] [20143]    33 20143    94396      920   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739510] [20144]    33 20144    86508     1066   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739514] [20232]    33 20232    95035      802   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739517] [20250]    33 20250    94391     1072   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739521] [20287]    33 20287    85984      829   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739524] [20378]    33 20378    94380      676   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739528] [20573]    33 20573    92284      671   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739532] [20597]    33 20597    92276      866   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739535] [20642]    33 20642    92285      828   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739539] [20703]    33 20703    92280      932   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739543] [20720]    33 20720    91369      846   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739546] [20744]    33 20744    92272      778   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739550] [20778]    33 20778    91374      865   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739554] [20876]    33 20876    91376      803   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739558] [20908]    33 20908    93481     1840   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739561] [20984]    33 20984    94450      978   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739565] [21009]    33 21009    85968     1001   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739568] [21046]    33 21046    91369      793   0       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739572] [21047]    33 21047    92282      772   1       0             0 apache2

Jul  6 09:34:45 meu-ip kernel: [129369.739575] [21079]    33 21079    86049      835   0       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739579] [21093]    33 21093    86117      906   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739583] [21119]    33 21119    94446     1203   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739587] [21142]    33 21142    94180     1208   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739590] [21157]    33 21157    89009     1023   0       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739594] [21213]    33 21213    86117     1134   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739598] [21235]    33 21235    88682      997   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739601] [21258]    33 21258    92268      941   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739605] [21271]    33 21271    88351     1107   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739609] [21310]    33 21310    86181      854   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739612] [21341]    33 21341    85587      892   0       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739616] [21390]    33 21390    94093     1116   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739619] [21442]    33 21442    85968      860   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739623] [21455]    33 21455    89057     1208   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739627] [21479]    33 21479    89026      795   1       0             0 apache2

Jul  6 09:34:46 meu-ip kernel: [129369.739631] [21569]    33 21569    85850     1012   1       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739634] [21574]    33 21574    87994     1038   0       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739638] [21652]    33 21652    89242     1625   0       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739642] [21704]    33 21704    94342     1044   0       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739646] [21758]    33 21758    86584     1285   1       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739650] [22100]    33 22100    86181      834   0       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739654] [22128]    33 22128    89119     1094   0       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739658] [22213]    33 22213    91185     1007   1       0             0 apache2

Jul  6 09:34:47 meu-ip kernel: [129369.739662] [22343]    33 22343    86557     1599   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739665] [22425]    33 22425    86873     1028   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739669] [22462]    33 22462    85932      970   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739672] [22681]    33 22681    86176      990   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739676] [22810]    33 22810    85904      860   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739679] [23357]    33 23357    94447      781   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739683] [23469]    33 23469    85324     1039   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739687] [23588]    33 23588    90909      931   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739691] [23725]    33 23725    87967      984   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739695] [24989]    33 24989    86114      928   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739698] [25115]    33 25115    85911      818   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739702] [25195]    33 25195    85259      864   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739706] [25709]    33 25709    86262     1018   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739710] [26136]    33 26136    86188      920   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739713] [26572]    33 26572    88852     1548   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739717] [26704]    33 26704    86559     1331   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739721] [26771]    33 26771    85827      974   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739725] [26938]    33 26938    89172     1675   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739729] [27041]    33 27041    87897     1816   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739732] [27144]    33 27144    87005     1130   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739736] [27278]    33 27278    88348      937   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739740] [27965]    33 27965    87061     1001   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739743] [27972]    33 27972    90724      932   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739748] [28398]    33 28398    90922     1198   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739751] [28686]    33 28686    93417      881   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739755] [28817]     0 28817    11133        3   0       0             0 cron

Jul  6 09:34:48 meu-ip kernel: [129369.739759] [28821]     0 28821     1100        0   0       0             0 sh

Jul  6 09:34:48 meu-ip kernel: [129369.739763] [28824]     0 28824     1075        0   0       0             0 run-parts

Jul  6 09:34:48 meu-ip kernel: [129369.739767] [28830]     0 28830     1100        0   0       0             0 apt

Jul  6 09:34:48 meu-ip kernel: [129369.739770] [28862]     0 28862    18592      312   0       0             0 apt-get

Jul  6 09:34:48 meu-ip kernel: [129369.739774] [28901]   106 28901   341400     1326   0       0             0 mysqld

Jul  6 09:34:48 meu-ip kernel: [129369.739778] [29164]    33 29164    88410     1464   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739781] [29458]    33 29458    88028     1139   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739785] [29627]    33 29627    88790      629   1       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739788] [29948]    33 29948    88607     1076   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739792] [30352]    33 30352    86992     2510   0       0             0 apache2

Jul  6 09:34:48 meu-ip kernel: [129369.739796] [30471]     0 30471     4779       35   1       0             0 cron

Jul  6 09:34:48 meu-ip kernel: [129369.739800] [30472]     0 30472     4779       36   1       0             0 cron

Jul  6 09:34:48 meu-ip kernel: [129369.739803] [30473]     0 30473     1809       22   0       0             0 sshd

Jul  6 09:34:48 meu-ip kernel: [129369.739807] [30474]     0 30474     4779       36   1       0             0 cron

Jul  6 09:34:49 meu-ip kernel: [129369.739810] Out of memory: Kill process 28901 (mysqld) score 11 or sacrifice child

Jul  6 09:34:49 meu-ip kernel: [129369.740011] Killed process 28901 (mysqld) total-vm:1365600kB, anon-rss:5304kB, file-rss:0kB

Jul  6 09:35:05 meu-ip CRON[30478]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:35:06 meu-ip kernel: [129404.274303] ata2: soft resetting link

Jul  6 09:35:06 meu-ip kernel: [129404.437408] ata2: EH complete

Jul  6 09:35:06 meu-ip CRON[30479]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:35:11 meu-ip CRON[30482]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:35:11 meu-ip kernel: [129409.518121] ata1: soft resetting link

Jul  6 09:35:11 meu-ip kernel: [129409.681420] ata1: EH complete

Jul  6 09:35:12 meu-ip CRON[30483]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:35:12 meu-ip kernel: [129410.764902] ata1: soft resetting link

Jul  6 09:35:13 meu-ip kernel: [129410.931686] ata1: EH complete

Jul  6 09:35:17 meu-ip CRON[30481]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:35:23 meu-ip kernel: [129421.744734] init: mysql main process (28901) killed by KILL signal

Jul  6 09:35:24 meu-ip kernel: [129422.265336] init: mysql main process ended, respawning

Jul  6 09:35:27 meu-ip CRON[30480]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:35:27 meu-ip kernel: [129425.283682] ata2: soft resetting link

Jul  6 09:35:27 meu-ip kernel: [129425.449690] ata2: EH complete

Jul  6 09:36:22 meu-ip kernel: [129480.170083] ata1: soft resetting link

Jul  6 09:36:22 meu-ip kernel: [129480.171385] ata2: soft resetting link

Jul  6 09:36:22 meu-ip kernel: [129480.333712] ata1: EH complete

Jul  6 09:36:22 meu-ip kernel: [129480.345082] ata2: EH complete

Jul  6 09:36:24 meu-ip CRON[30491]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:36:25 meu-ip CRON[30493]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:36:25 meu-ip CRON[30492]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:37:20 meu-ip kernel: [129536.160104] type=1400 audit(1436186238.576:21): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=30496 $

Jul  6 09:37:52 meu-ip CRON[30506]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:37:53 meu-ip CRON[30508]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:37:53 meu-ip CRON[30507]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:38:00 meu-ip kernel: [129578.298437] ata2: soft resetting link

Jul  6 09:38:00 meu-ip kernel: [129578.298960] ata1: soft resetting link

Jul  6 09:38:00 meu-ip kernel: [129578.463278] ata1: EH complete

Jul  6 09:38:00 meu-ip kernel: [129578.475118] ata2: EH complete

Jul  6 09:38:21 meu-ip kernel: [129599.231165] ata1: soft resetting link

Jul  6 09:38:21 meu-ip kernel: [129599.231931] ata2: soft resetting link

Jul  6 09:38:21 meu-ip kernel: [129599.395292] ata2: EH complete

Jul  6 09:38:21 meu-ip kernel: [129599.406404] ata1: EH complete

Jul  6 09:38:21 meu-ip CRON[30513]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:38:21 meu-ip CRON[30512]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:38:25 meu-ip CRON[30514]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:39:21 meu-ip CRON[30529]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -t$

Jul  6 09:39:21 meu-ip CRON[30530]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:39:23 meu-ip CRON[30532]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:39:23 meu-ip kernel: [129660.457744] ata1: soft resetting link

Jul  6 09:39:23 meu-ip kernel: [129660.458388] ata2: soft resetting link

Jul  6 09:39:23 meu-ip kernel: [129660.621675] ata1: EH complete

Jul  6 09:39:23 meu-ip kernel: [129660.632900] ata2: EH complete

Jul  6 09:39:24 meu-ip CRON[30533]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:40:15 meu-ip vmsvc[1085]: [ warning] [vmsvc] Error in the RPC receive loop: RpcIn: Unable to send.

Jul  6 09:40:34 meu-ip CRON[30551]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:40:35 meu-ip CRON[30553]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:40:35 meu-ip CRON[30552]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:40:39 meu-ip kernel: [129736.272269] ata1: soft resetting link

Jul  6 09:40:39 meu-ip kernel: [129736.273807] ata2: soft resetting link

Jul  6 09:40:39 meu-ip kernel: [129736.437929] ata1: EH complete

Jul  6 09:40:39 meu-ip kernel: [129736.449171] ata2: EH complete

Jul  6 09:41:27 meu-ip CRON[30566]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:41:27 meu-ip kernel: [129784.985841] ata1: soft resetting link

Jul  6 09:41:27 meu-ip kernel: [129785.151250] ata1: EH complete

Jul  6 09:41:28 meu-ip CRON[30567]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:41:29 meu-ip CRON[30568]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:41:29 meu-ip kernel: [129786.966139] ata2: soft resetting link

Jul  6 09:41:29 meu-ip kernel: [129787.132103] ata2: EH complete

Jul  6 09:42:34 meu-ip CRON[30585]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:42:34 meu-ip CRON[30586]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:42:34 meu-ip CRON[30587]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:42:35 meu-ip kernel: [129851.907178] ata2: soft resetting link

Jul  6 09:42:35 meu-ip kernel: [129851.907815] ata1: soft resetting link

Jul  6 09:42:35 meu-ip kernel: [129852.073251] ata2: EH complete

Jul  6 09:42:35 meu-ip kernel: [129852.084890] ata1: EH complete

Jul  6 09:43:30 meu-ip vmsvc[1085]: [ warning] [vmsvc] Error in the RPC receive loop: RpcIn: Unable to send.

Jul  6 09:43:39 meu-ip CRON[30600]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host2/scan)

Jul  6 09:43:40 meu-ip CRON[30601]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host1/scan)

Jul  6 09:43:42 meu-ip CRON[30602]: (root) CMD (echo "- - -" > /sys/class/scsi_host/host0/scan)

Jul  6 09:43:44 meu-ip kernel: [129921.817151] ata2: soft resetting link

Jul  6 09:43:44 meu-ip kernel: [129921.817680] ata1: soft resetting link

Jul  6 09:43:44 meu-ip kernel: [129921.982074] ata1: EH complete

Jul  6 09:43:45 meu-ip kernel: [129921.993369] ata2: EH complete

Jul  6 09:44:06 meu-ip kernel: [129938.736638] apache2 invoked oom-killer: gfp_mask=0x200da, order=0, oom_adj=0, oom_score_adj=0

Jul  6 09:44:07 meu-ip kernel: [129938.736644] apache2 cpuset=/ mems_allowed=0

Jul  6 09:44:07 meu-ip kernel: [129938.736648] Pid: 21704, comm: apache2 Not tainted 3.5.0-23-generic #35~precise1-Ubuntu

Jul  6 09:44:07 meu-ip kernel: [129938.736650] Call Trace:

Jul  6 09:44:07 meu-ip kernel: [129938.736681]  [<ffffffff810c7a0d>] ? cpuset_print_task_mems_allowed+0x9d/0xb0

Jul  6 09:44:07 meu-ip kernel: [129938.736705]  [<ffffffff816882ce>] dump_header+0x86/0xc0

Jul  6 09:44:07 meu-ip kernel: [129938.736710]  [<ffffffff816883bf>] oom_kill_process.part.9+0x55/0x264

Jul  6 09:44:07 meu-ip kernel: [129938.736724]  [<ffffffff8112b248>] ? select_bad_process+0x118/0x190

Jul  6 09:44:07 meu-ip kernel: [129938.736728]  [<ffffffff8112b2f4>] oom_kill_process+0x34/0x40

Jul  6 09:44:07 meu-ip kernel: [129938.736731]  [<ffffffff8112b69f>] out_of_memory+0xff/0x230

Jul  6 09:44:07 meu-ip kernel: [129938.736740]  [<ffffffff8113123a>] __alloc_pages_nodemask+0x91a/0x930

Jul  6 09:44:07 meu-ip kernel: [129938.736751]  [<ffffffff8116b8f3>] alloc_pages_vma+0xb3/0x190

Jul  6 09:44:07 meu-ip kernel: [129938.736756]  [<ffffffff811608b2>] read_swap_cache_async+0xf2/0x160

Jul  6 09:44:07 meu-ip kernel: [129938.736759]  [<ffffffff811609ae>] swapin_readahead+0x8e/0xd0

Jul  6 09:44:07 meu-ip kernel: [129938.736767]  [<ffffffff8114df7c>] do_swap_page.isra.51+0x10c/0x620

Jul  6 09:44:07 meu-ip kernel: [129938.736770]  [<ffffffff811272a7>] ? unlock_page+0x27/0x30

Jul  6 09:44:07 meu-ip kernel: [129938.736774]  [<ffffffff8114c4a1>] ? __do_fault+0x421/0x520

Jul  6 09:44:07 meu-ip kernel: [129938.736777]  [<ffffffff8114fbb1>] handle_pte_fault+0x1a1/0x200

Jul  6 09:44:07 meu-ip kernel: [129938.736781]  [<ffffffff81150d69>] handle_mm_fault+0x269/0x340

Jul  6 09:44:07 meu-ip kernel: [129938.736793]  [<ffffffff816a25b0>] do_page_fault+0x150/0x520

Jul  6 09:44:07 meu-ip kernel: [129938.736806]  [<ffffffff8108052a>] ? lg_local_unlock+0x1a/0x20

Jul  6 09:44:07 meu-ip kernel: [129938.736814]  [<ffffffff811a6556>] ? mntput_no_expire+0x46/0x160

Jul  6 09:44:07 meu-ip kernel: [129938.736817]  [<ffffffff811a6694>] ? mntput+0x24/0x40

Jul  6 09:44:07 meu-ip kernel: [129938.736826]  [<ffffffff81188bc9>] ? __fput+0x189/0x240

Jul  6 09:44:07 meu-ip kernel: [129938.736829]  [<ffffffff81188ca5>] ? fput+0x25/0x30

Jul  6 09:44:08 meu-ip kernel: [129938.736837]  [<ffffffff8169ef25>] page_fault+0x25/0x30

Jul  6 09:44:08 meu-ip kernel: [129938.736839] Mem-Info:

Jul  6 09:44:08 meu-ip kernel: [129938.736841] Node 0 DMA per-cpu:

Jul  6 09:44:08 meu-ip kernel: [129938.736844] CPU    0: hi:    0, btch:   1 usd:   0

Jul  6 09:44:08 meu-ip kernel: [129938.736845] CPU    1: hi:    0, btch:   1 usd:   0

Jul  6 09:44:08 meu-ip kernel: [129938.736846] Node 0 DMA32 per-cpu:

Jul  6 09:44:08 meu-ip kernel: [129938.736849] CPU    0: hi:  186, btch:  31 usd: 124

Jul  6 09:44:08 meu-ip kernel: [129938.736850] CPU    1: hi:  186, btch:  31 usd: 141

Jul  6 09:44:08 meu-ip kernel: [129938.736855] active_anon:98508 inactive_anon:98593 isolated_anon:2514

Jul  6 09:44:08 meu-ip kernel: [129938.736855]  active_file:111 inactive_file:151 isolated_file:64

Jul  6 09:44:08 meu-ip kernel: [129938.736855]  unevictable:0 dirty:0 writeback:154 unstable:0

Jul  6 09:44:08 meu-ip kernel: [129938.736855]  free:13874 slab_reclaimable:3565 slab_unreclaimable:8713

Jul  6 09:44:08 meu-ip kernel: [129938.736855]  mapped:148 shmem:14 pagetables:21566 bounce:0

Jul  6 09:44:08 meu-ip kernel: [129938.736858] Node 0 DMA free:4644kB min:680kB low:848kB high:1020kB active_anon:4976kB inactive_anon:5244kB active_file:16kB inac$

Jul  6 09:44:08 meu-ip kernel: [129938.736864] lowmem_reserve[]: 0 992 992 992

Jul  6 09:44:08 meu-ip kernel: [129938.736868] Node 0 DMA32 free:50852kB min:44372kB low:55464kB high:66556kB active_anon:389056kB inactive_anon:389128kB active_fi$

Jul  6 09:44:08 meu-ip kernel: [129938.736874] lowmem_reserve[]: 0 0 0 0

Jul  6 09:44:08 meu-ip kernel: [129938.736878] Node 0 DMA: 43*4kB 8*8kB 7*16kB 14*32kB 7*64kB 7*128kB 2*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 4700kB

Jul  6 09:44:08 meu-ip kernel: [129938.736886] Node 0 DMA32: 1855*4kB 273*8kB 1814*16kB 254*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB = 50852kB

Jul  6 09:44:08 meu-ip kernel: [129938.736895] 60437 total pagecache pages

Jul  6 09:44:11 meu-ip kernel: [129938.736896] 60078 pages in swap cache

Jul  6 09:44:11 meu-ip kernel: [129938.736899] Swap cache stats: add 110481416, delete 110421338, find 14627774/26996845

Jul  6 09:44:11 meu-ip kernel: [129938.736900] Free swap  = 0kB

Jul  6 09:44:11 meu-ip kernel: [129938.736901] Total swap = 3905532kB

Jul  6 09:44:11 meu-ip kernel: [129938.740185] 262128 pages RAM

Jul  6 09:44:11 meu-ip kernel: [129938.740188] 7639 pages reserved

Jul  6 09:44:11 meu-ip kernel: [129938.740189] 20075 pages shared

Jul  6 09:44:11 meu-ip kernel: [129938.740190] 236604 pages non-shared

Jul  6 09:44:11 meu-ip kernel: [129938.740191] [ pid ]   uid  tgid total_vm      rss cpu oom_adj oom_score_adj name

Jul  6 09:44:11 meu-ip kernel: [129938.740202] [  327]     0   327     4308        9   0       0             0 upstart-udev-br

Jul  6 09:44:11 meu-ip kernel: [129938.740205] [  329]     0   329     5425        1   0     -17         -1000 udevd

Jul  6 09:44:11 meu-ip kernel: [129938.740208] [  433]     0   433     5424        0   1     -17         -1000 udevd

Jul  6 09:44:11 meu-ip kernel: [129938.740211] [  434]     0   434     5424        0   0     -17         -1000 udevd

Jul  6 09:44:11 meu-ip kernel: [129938.740214] [  472]     0   472    12509       30   1     -17         -1000 sshd

Jul  6 09:44:11 meu-ip kernel: [129938.740217] [  475]   101   475    62465      114   1       0             0 rsyslogd

Jul  6 09:44:11 meu-ip kernel: [129938.740220] [  585]   102   585     5991       11   0       0             0 dbus-daemon

Jul  6 09:44:11 meu-ip kernel: [129938.740223] [  597]     0   597     3797        9   0       0             0 upstart-socket-

Jul  6 09:44:11 meu-ip kernel: [129938.740226] [  635]     0   635    19759        0   1       0             0 modem-manager

Jul  6 09:44:11 meu-ip kernel: [129938.740229] [  660]     0   660    56243       49   0       0             0 NetworkManager

0 0

Quote

7. Re: Alto tráfego/consumo Disco I/O Trava servidor.

zhushazang
(usa Gentoo)

Enviado em 06/07/2015 - 21:20h

Não é só disco. E talvez nem seja disco.

Jul 6 09:34:49 meu-ip kernel: [129369.739810] Out of memory: Kill process 28901 (mysqld) score 11 or sacrifice child
Jul 6 09:34:49 meu-ip kernel: [129369.740011] Killed process 28901 (mysqld) total-vm:1365600kB, anon-rss:5304kB, file-rss:0kB

Agora, você precisa confirmar se é ou não ataque

Qual a configuração desta máquina? disk/ram/proc ??

Atenciosamente

---
Hail Hydra!

0 0

Quote

8. Re: Alto tráfego/consumo Disco I/O Trava servidor.

cajuninho
(usa Outra)

Enviado em 07/07/2015 - 10:08h

zhushazang escreveu:

Não é só disco. E talvez nem seja disco.

Jul 6 09:34:49 meu-ip kernel: [129369.739810] Out of memory: Kill process 28901 (mysqld) score 11 or sacrifice child
Jul 6 09:34:49 meu-ip kernel: [129369.740011] Killed process 28901 (mysqld) total-vm:1365600kB, anon-rss:5304kB, file-rss:0kB

Agora, você precisa confirmar se é ou não ataque

Qual a configuração desta máquina? disk/ram/proc ??

Atenciosamente

---
Hail Hydra!

Opa! blz?!

Tenho certeza que é ataque... Estão atacando de 12 em 12 horas. em torno de 16 horas e 4 horas da manhã.

Se poder me ajudar a identificar e o que fazer pra me proteger eu ficaria feliz, ou algum tutorial que me ajude.

Hoje fui ataca de novo as 4 da manhã.

A configuração é essa:

Banda
4 Mb/s

Processamento
2 x de 1,4 GHz

Memória RAM
1 GB

Armazenamento
50 GB

Se esse site tiver 7 mil acessos por mês é muito.
Obrigado.

0 0

Quote

9. Re: Alto tráfego/consumo Disco I/O Trava servidor.

zhushazang
(usa Gentoo)

Enviado em 07/07/2015 - 10:52h

1GB é bem pouco hein.

Mas veja, como você sabe que é ataque. Mostre os logs que você conseguiu.

Se realmente for ataque, você precisa entrar em contato com o responsável pelo DC de hospedagem e solicitar proteção. É muito provável que te cobrem (e caro) por isso.

Ademais, o que você pode fazer, é garantir utilizando iptables que portas desnecessárias aos usuários externos estejam fechadas. Se bem que pelo tipo de comportamento, eles simplesmente miram na porta do serviço válido e te derrubam por DoS ou DDoS. Saída? Não há. A não ser a proteção a frente de seu servidor.

Sinceramente, você está no mato sem cachorro.

Atenciosamente

---
Hail Hydra!

0 0

Quote

10. Re: Alto tráfego/consumo Disco I/O Trava servidor.

cajuninho
(usa Outra)

Enviado em 07/07/2015 - 14:13h

zhushazang escreveu:

1GB é bem pouco hein.

Mas veja, como você sabe que é ataque. Mostre os logs que você conseguiu.

Se realmente for ataque, você precisa entrar em contato com o responsável pelo DC de hospedagem e solicitar proteção. É muito provável que te cobrem (e caro) por isso.

Ademais, o que você pode fazer, é garantir utilizando iptables que portas desnecessárias aos usuários externos estejam fechadas. Se bem que pelo tipo de comportamento, eles simplesmente miram na porta do serviço válido e te derrubam por DoS ou DDoS. Saída? Não há. A não ser a proteção a frente de seu servidor.

Sinceramente, você está no mato sem cachorro.

Atenciosamente

---
Hail Hydra!

Obrigado pela atenção.

Será que o log do mysql pode dizer algo também?

0 queries inside InnoDB, 0 queries in queue

1 read views open inside InnoDB

Main thread process no. 9078, id 139794093909760, state: waiting for server activity

Number of rows inserted 0, updated 0, deleted 0, read 16

0.00 inserts/s, 0.00 updates/s, 0.00 deletes/s, 0.34 reads/s

----------------------------

END OF INNODB MONITOR OUTPUT

============================

150707  9:08:44 [ERROR] /usr/sbin/mysqld: Incorrect key file for table './almanaque/wp_options.MYI'; try to repair it

150707  9:08:49 [ERROR] Got an error from thread_id=32, /build/buildd/mysql-5.5-5.5.38/storage/myisam/mi_write.c:226

150707  9:08:52 [ERROR] MySQL thread id 32, OS thread handle 0x7f2458bcb700, query id 171 localhost root update

INSERT INTO `wp_options` (`option_name`, `option_value`, `autoload`) VALUES ('_transient_doing_cron', '1436270725.0389060974121093750000', 'yes') ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`)

150707 10:03:46 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.

150707 10:03:46 [Note] Plugin 'FEDERATED' is disabled.

150707 10:03:46 InnoDB: The InnoDB memory heap is disabled

150707 10:03:46 InnoDB: Mutexes and rw_locks use GCC atomic builtins

150707 10:03:46 InnoDB: Compressed tables use zlib 1.2.3.4

150707 10:03:46 InnoDB: Initializing buffer pool, size = 128.0M

150707 10:03:46 InnoDB: Completed initialization of buffer pool

150707 10:03:46 InnoDB: highest supported file format is Barracuda.

InnoDB: The log sequence number in ibdata files does not match

InnoDB: the log sequence number in the ib_logfiles!

150707 10:03:46  InnoDB: Database was not shut down normally!

InnoDB: Starting crash recovery.

InnoDB: Reading tablespace information from the .ibd files...

InnoDB: Restoring possible half-written data pages from the doublewrite

InnoDB: buffer...

150707 10:03:47  InnoDB: Waiting for the background threads to start

150707 10:03:48 InnoDB: 5.5.38 started; log sequence number 33633950753

150707 10:03:48 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306

150707 10:03:48 [Note]   - '127.0.0.1' resolves to '127.0.0.1';

150707 10:03:48 [Note] Server socket created on IP: '127.0.0.1'.

150707 10:03:48 [Note] Event Scheduler: Loaded 0 events

150707 10:03:48 [Note] /usr/sbin/mysqld: ready for connections.

Version: '5.5.38-0ubuntu0.12.04.1'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  (Ubuntu)

150707 10:03:51 [ERROR] /usr/sbin/mysqld: Table './almanaque/wp_commentmeta' is marked as crashed and should be repaired

150707 10:03:51 [Warning] Checking table:   './almanaque/wp_commentmeta'

150707 10:03:51 [ERROR] /usr/sbin/mysqld: Table './almanaque/wp_comments' is marked as crashed and should be repaired

150707 10:03:51 [Warning] Checking table:   './almanaque/wp_comments'

150707 10:03:51 [ERROR] /usr/sbin/mysqld: Table './almanaque/wp_options' is marked as crashed and should be repaired

150707 10:03:51 [Warning] Checking table:   './almanaque/wp_options'

150707 10:03:51 [Warning] Recovering table: './almanaque/wp_options'

150707 10:03:51 [Note] Found 644 of 642 rows when repairing './almanaque/wp_options'

0 0

Quote

11. Re: Alto tráfego/consumo Disco I/O Trava servidor.

removido
(usa Nenhuma)

Enviado em 07/07/2015 - 14:26h

cajuninho escreveu:

Obrigado pela atenção.

Será que o log do mysql pode dizer algo também?

0 queries inside InnoDB, 0 queries in queue

1 read views open inside InnoDB

Main thread process no. 9078, id 139794093909760, state: waiting for server activity

Number of rows inserted 0, updated 0, deleted 0, read 16

0.00 inserts/s, 0.00 updates/s, 0.00 deletes/s, 0.34 reads/s

----------------------------

END OF INNODB MONITOR OUTPUT

============================

150707  9:08:44 [ERROR] /usr/sbin/mysqld: Incorrect key file for table './almanaque/wp_options.MYI'; try to repair it

150707  9:08:49 [ERROR] Got an error from thread_id=32, /build/buildd/mysql-5.5-5.5.38/storage/myisam/mi_write.c:226

150707  9:08:52 [ERROR] MySQL thread id 32, OS thread handle 0x7f2458bcb700, query id 171 localhost root update

INSERT INTO `wp_options` (`option_name`, `option_value`, `autoload`) VALUES ('_transient_doing_cron', '1436270725.0389060974121093750000', 'yes') ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`)

150707 10:03:46 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.

150707 10:03:46 [Note] Plugin 'FEDERATED' is disabled.

150707 10:03:46 InnoDB: The InnoDB memory heap is disabled

150707 10:03:46 InnoDB: Mutexes and rw_locks use GCC atomic builtins

150707 10:03:46 InnoDB: Compressed tables use zlib 1.2.3.4

150707 10:03:46 InnoDB: Initializing buffer pool, size = 128.0M

150707 10:03:46 InnoDB: Completed initialization of buffer pool

150707 10:03:46 InnoDB: highest supported file format is Barracuda.

InnoDB: The log sequence number in ibdata files does not match

InnoDB: the log sequence number in the ib_logfiles!

150707 10:03:46  InnoDB: Database was not shut down normally!

InnoDB: Starting crash recovery.

InnoDB: Reading tablespace information from the .ibd files...

InnoDB: Restoring possible half-written data pages from the doublewrite

InnoDB: buffer...

150707 10:03:47  InnoDB: Waiting for the background threads to start

150707 10:03:48 InnoDB: 5.5.38 started; log sequence number 33633950753

150707 10:03:48 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306

150707 10:03:48 [Note]   - '127.0.0.1' resolves to '127.0.0.1';

150707 10:03:48 [Note] Server socket created on IP: '127.0.0.1'.

150707 10:03:48 [Note] Event Scheduler: Loaded 0 events

150707 10:03:48 [Note] /usr/sbin/mysqld: ready for connections.

Version: '5.5.38-0ubuntu0.12.04.1'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  (Ubuntu)

150707 10:03:51 [ERROR] /usr/sbin/mysqld: Table './almanaque/wp_commentmeta' is marked as crashed and should be repaired

150707 10:03:51 [Warning] Checking table:   './almanaque/wp_commentmeta'

150707 10:03:51 [ERROR] /usr/sbin/mysqld: Table './almanaque/wp_comments' is marked as crashed and should be repaired

150707 10:03:51 [Warning] Checking table:   './almanaque/wp_comments'

150707 10:03:51 [ERROR] /usr/sbin/mysqld: Table './almanaque/wp_options' is marked as crashed and should be repaired

150707 10:03:51 [Warning] Checking table:   './almanaque/wp_options'

150707 10:03:51 [Warning] Recovering table: './almanaque/wp_options'

150707 10:03:51 [Note] Found 644 of 642 rows when repairing './almanaque/wp_options'

https://timnash.co.uk/using-fail2ban-wordpress/
http://www.fail2ban.org/wiki/index.php/HOWTOs

*Certeza que não existe nada agendado para estes horários (Backup, atualizações do ambiente ou mesmo de algo no site etc?), meio estranho um ataque com hora marcada. Seria obvio demais, mas...

Analise processos, a rede e os logs(Use os comando indicados pelo zhushazang ) e:

netstat, iotop, iptraf.

--------------------------------------------
povo@brasil ~$ sudo su -
root@brasil ~# find / -iname corrupção -exec rm -rfv {}\ ;

0 0

Quote

12. Re: Alto tráfego/consumo Disco I/O Trava servidor.

tonyhts
(usa Arch Linux)

Enviado em 07/07/2015 - 15:39h

Olá,

kd os logs do apache ?

abs
---
Eu Acredito, que ás vezes são as pessoas que ninguém espera nada que fazem as coisas que ninguém consegue imaginar.

--- Mestre dos Mestres - Alan Turing ---

0 0

Quote