jeremy1701 Posted July 13, 2005 Report Share Posted July 13, 2005 History: I've had MDK 10.1 Running on this sytem for about six months, never had any problems. About a month ago, I upgraded to Mandriva 2005LE. Re-started, ran fine. I had 18 days of uptime with no issues. Then one day I came home, and the box was froze solid. No combo of keys would work, couldn't ssh in from anywhere, nothing... Did the hard reset. I got an error that my hd was full. That's odd, I thought. I reparition and give / another 1Gb so I can boot. Once I'm in, I see that the file /var/log/messages is about 2Gb. That's *really* weird, I didn't even think I could have files that big! The file is full, as in every single line, with messages from my firewall. I block the addy, and another appears, and another and another. Finally, after blocking about ten or so addy's, the messages stop appearing so fast, although they still appear quite frequently now. The problem: Since this event, I've been unable to maintain any sort of uptime. My box freezes solid *everytime* after about two hours. I can't figure it out. There's nothing out of the ordinary in any logs that I've looked in. Here's what I've tried: noapic, nolapic boot option removing all sorts of services including power management uninstalling the nvidia drivers (NForce MB only, not the Gforece video drivers) running memtest86 for hours blowing air conditioned air directly from my AC vent to the open box via a 15" fan (in case it was over heating) and finally, I tried every cron job on it's own to make sure those weren't doing it. I'm running out of things to try. Short of completely re-installing the OS, I don't know what to do. At this point, I'm pretty much willing to try anything. Anyone have any ideas? Thanks, Jeremy Link to comment Share on other sites More sharing options...
devries Posted July 13, 2005 Report Share Posted July 13, 2005 I once had logs eat my / diskspace. Only solution was to disable the syslog service. Link to comment Share on other sites More sharing options...
jeremy1701 Posted July 13, 2005 Author Report Share Posted July 13, 2005 I once had logs eat my / diskspace. Only solution was to disable the syslog service. <{POST_SNAPBACK}> I no longer have the problem of the syslogs getting to large. That was just the catalyst that started this whole adventure. Jeremy Link to comment Share on other sites More sharing options...
ianw1974 Posted July 13, 2005 Report Share Posted July 13, 2005 From what you mention, it seems that your system is logging a load of messages relating to your firewall. Is this the shorewall firewall on the Mandriva box, that is causing the 2GB log files? If so, I'd be inclined to take a look, and see why they're being generated so regularly, and tone down the firewall settings so it's not logging stuff that's unimportant. You mention blocking the address has helped to stop most of it, but what was it you were blocking? Link to comment Share on other sites More sharing options...
jeremy1701 Posted July 13, 2005 Author Report Share Posted July 13, 2005 ianw1974, I'm actually using Firestarter at the moment. I was blocking the address of several sites that seemed to be requesting port access to any open port on system, the only ones of which are open are www, ftp and ssh. Some of the requests were for ports like > 4,000, which I'm sure were closed. They all appeared to be from the same source. As soon as I blocked one source, another one quickly appeared. I can give you the list of sources if you'd like. Jeremy Link to comment Share on other sites More sharing options...
ianw1974 Posted July 13, 2005 Report Share Posted July 13, 2005 I had loads of this on my hardware firewall at one point. I'm not sure if this helps, but you could do what I did. I enabled intrusion detection blocking, which let them try once or twice, then it automatically blocks them. Whilst this can work really well, ie: if they have a static IP address, it can be a pain, if their ISP gives out DHCP. Effectively, if they disconnected and reconnected, they would have a different IP, and therefore be able to try again. However, then they'd get blocked again if they tried too many times. On my firewall, I set it to allow them two attempts, and then it was blocked. I'm not sure if this may help you any, but would at least save you having to block them manually. Or, does the firewall allow you to choose which events to log. As you know the only ports open are what you've mentioned above, so you can disregard any other type of failed attempt, since the port is closed anyway. Link to comment Share on other sites More sharing options...
ianw1974 Posted July 13, 2005 Report Share Posted July 13, 2005 Another thought.....can the firewall log size be limited, so that it doesn't use all your free space and crash your system? And, maybe limit what it's logging as well, so as not to overwrite the events logged that might be important! Link to comment Share on other sites More sharing options...
jeremy1701 Posted July 13, 2005 Author Report Share Posted July 13, 2005 Firewall just uses syslog.conf to know how much to log. I'll significantly lower the level, since my logs just keep getting filled up. Any idea's about the freezes? Could it be the amount of CPU time coming from generating the logs? Jeremy Link to comment Share on other sites More sharing options...
ianw1974 Posted July 13, 2005 Report Share Posted July 13, 2005 Changing the sensitivity should be enough just to log what's important, then it'll disregard everything else that's irrellevant. Or whatever the equivalent option is in your firewall software. The freezes could be a number of things, one thing I've noticed on my system is that when Firefox clears it's cache, my system tends to freeze up. That would point to high disk usage causing the hang of the system. Although this is Firefox, so not necessarily relevant, but might be. I've even had my system freeze just by moving the mouse! But, I could switch to a terminal screen and reboot there without a hard reset. :P Link to comment Share on other sites More sharing options...
jeremy1701 Posted July 13, 2005 Author Report Share Posted July 13, 2005 That's funny you mention that... I've noticed since this who fiasco started that my LED indicating HD activity never goes off. I know top monitors CPU usage, is there something similar for HD usage? BTW... I am getting an average of anywhere from 1 to 10 lines per second in /var/log/messages. Jeremy Link to comment Share on other sites More sharing options...
DragonMage Posted July 15, 2005 Report Share Posted July 15, 2005 Gkrellm is usually the one I use to monitor hd usage. Anyway, what kind of messages does your firewall give you? If you are being DOS'ed, then maybe your networking/security problem is bigger than your Mandrake problem. If it is just bandwidth log, then maybe you can disable it. Link to comment Share on other sites More sharing options...
jeremy1701 Posted July 19, 2005 Author Report Share Posted July 19, 2005 UPDATE: I reformated my HD and re-installed Mandriva 2005 LE. It froze within the hour. Froze again several times. Y'arg. I'll try re-installing Mandrake. That ran fine for months. Hopefully, it's just Mandriva. Jeremy Link to comment Share on other sites More sharing options...
jeremy1701 Posted July 20, 2005 Author Report Share Posted July 20, 2005 Well, I re-installed MDK 10.1 and everything seems to be running fine again. Must be Mandriva. I'll report the bug to them. Jeremy Link to comment Share on other sites More sharing options...
AussieJohn Posted July 21, 2005 Report Share Posted July 21, 2005 I hate to tell you the bad news but if you reformatted and reinstalled Mandriva 2005-LE and you still got the freeze problem then it is NOT Mandriva at fault. Especially since your original Mandriva worked AOK for those past months. The fact that you reformatted then again and reinstalled Mandriva OK does not change a thing. Some of your hardware is faulty, albeit intermittently, but faulty never the less. Could be Power Supply, memory, Hard Drive, Main Board in that order. Your problem definitely is hardware so prepare for more trouble ahead. You can forget about Mandriva being at fault so you will be wasting your, and Mandrivas time by sending a ¨bug¨ report. John. Link to comment Share on other sites More sharing options...
arctic Posted July 21, 2005 Report Share Posted July 21, 2005 umm... john, he said that everything works okay when he uses mandrake 10.1 but not when using mandriva le2005, so i guess that this is really a bug in le2005. general rule of thumb: if it worked in previous versions, it should work in later versions, too, otherwise the coder/packager made a mistake. sounds logical, right? :) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now