Christian Klossek | 5 Jun 12:05 2010
Picon

mlogc problem

Hi,

I use mlogc on a few webserver to collect all modsecurity logs and
transfer those to a backend server running Christian Bockermann's
AuditConsole (jwall.org). Sometimes one of those webservers does not
respond anymore. Everytime when I check it, there is one mlogc process
using 1 cpu (of 4) by 100% and running forever. Apache is completely
blocked. When I kill the process everything is working normal again. The
last messages in the mlogc-error.log are these:

[Fri Jun 04 12:46:46 2010] [4] [2629/0] Worker creation locking thread
mutex.
[Fri Jun 04 12:46:46 2010] [4] [2629/0] Worker creation waiting on
thread mutex.
[Fri Jun 04 18:17:47 2010] [3] [2629/0] Caught SIGTERM, shutting down.

Hopefully someone knows what the problem is.

By the way, I'm using the following versions:

System: Debian Lenny
Apache: 2.2.9-10+lenny7
Modsecurity: 2.5.12
Core Rule Set: 2.0.6
AuditConsole: 0.3.3

Thanks for reading

Christian

(Continue reading)

Brian Rectanus | 5 Jun 19:45 2010

Re: mlogc problem

Mlogc is also v2.5.12 (mlogc -v)? There were some locking issues with older mlogc.

-B

--
Brian Rectanus
Breach Security

-----Original Message-----
From: Christian Klossek [c.klossek <at> apo-discounter.de]
Received: 6/5/10 3:39 AM
To: mod-security-users <at> lists.sourceforge.net [mod-security-users <at> lists.sourceforge.net]
Subject: [mod-security-users] mlogc problem

Hi,

I use mlogc on a few webserver to collect all modsecurity logs and
transfer those to a backend server running Christian Bockermann's
AuditConsole (jwall.org). Sometimes one of those webservers does not
respond anymore. Everytime when I check it, there is one mlogc process
using 1 cpu (of 4) by 100% and running forever. Apache is completely
blocked. When I kill the process everything is working normal again. The
last messages in the mlogc-error.log are these:

[Fri Jun 04 12:46:46 2010] [4] [2629/0] Worker creation locking thread
mutex.
[Fri Jun 04 12:46:46 2010] [4] [2629/0] Worker creation waiting on
thread mutex.
[Fri Jun 04 18:17:47 2010] [3] [2629/0] Caught SIGTERM, shutting down.

Hopefully someone knows what the problem is.

By the way, I'm using the following versions:

System: Debian Lenny
Apache: 2.2.9-10+lenny7
Modsecurity: 2.5.12
Core Rule Set: 2.0.6
AuditConsole: 0.3.3

Thanks for reading

Christian

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit.  See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Christian Klossek | 6 Jun 21:42 2010
Picon

Re: mlogc problem

Yes mlogc is also 2.5.12

ModSecurity Log Collector (mlogc) v2.5.12
   APR: compiled="1.2.12"; loaded="1.2.12"
  PCRE: compiled="7.8"; loaded="7.8 2008-09-05"
  cURL: compiled="7.18.2"; loaded="libcurl/7.18.2 GnuTLS/2.4.2
zlib/1.2.3.3 libidn/1.8"

Christian

Brian Rectanus wrote:
> Mlogc is also v2.5.12 (mlogc -v)? There were some locking issues with older mlogc.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Brian Rectanus | 7 Jun 00:20 2010

Re: mlogc problem

Use libcurl compiled with openssl, not gnutls. There are separate packages for each on debian/ubuntu. There are known issues with gnutls (it should give you a warning on configure, actually).

-B

--
Brian Rectanus
Breach Security

-----Original Message-----
From: Christian Klossek [c.klossek <at> apo-discounter.de]
Received: 6/6/10 12:46 PM
To: mod-security-users <at> lists.sourceforge.net [mod-security-users <at> lists.sourceforge.net]
Subject: Re: [mod-security-users] mlogc problem

Yes mlogc is also 2.5.12

ModSecurity Log Collector (mlogc) v2.5.12
   APR: compiled="1.2.12"; loaded="1.2.12"
  PCRE: compiled="7.8"; loaded="7.8 2008-09-05"
  cURL: compiled="7.18.2"; loaded="libcurl/7.18.2 GnuTLS/2.4.2
zlib/1.2.3.3 libidn/1.8"

Christian

Brian Rectanus wrote:
> Mlogc is also v2.5.12 (mlogc -v)? There were some locking issues with older mlogc.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit.  See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Gmane