Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Nearly Random, Uncorrelated Server Load Average Spikes
Top Forums UNIX for Advanced & Expert Users Nearly Random, Uncorrelated Server Load Average Spikes Post 303044138 by Neo on Saturday 15th of February 2020 02:28:08 AM
Old 02-15-2020
Next:

I have some old "cyberspace situational awareness" PHP code I used for a visualization project a few years ago, which captures and stores details information on web session activity; this code has proven handy identifying rouge bots in the past.

So, I have modified that code to capture and store detailed session information, including the number of hits per IP address, the user agent string, country code, etc. when the 1 minute load average is above 20 and less than 50.

Code:
$theload = getLoadAvg();
if (floatval($theload) > 20.0 && floatval($theload) < 50.0) 
{
  /// the old CSA code to parse web session activity and store the results in the DB
}

So, let's see what happens the next time we get a spike... this should be interesting.


Code:
mysql> describe neo_csa_session_manager;
+--------------+------------------+------+-----+---------+----------------+
| Field        | Type             | Null | Key | Default | Extra          |
+--------------+------------------+------+-----+---------+----------------+
| id           | int(11) unsigned | NO   | PRI | NULL    | auto_increment |
| user_id      | int(11)          | NO   | MUL | 0       |                |
| session_id   | varchar(255)     | NO   |     | NULL    |                |
| url          | text             | NO   |     | NULL    |                |
| ip_address   | varchar(45)      | NO   | MUL | NULL    |                |
| user_agent   | varchar(255)     | NO   |     | NULL    |                |
| bot_flag     | tinyint(1)       | NO   |     | 0       |                |
| robot_txt    | mediumint(6)     | NO   |     | 0       |                |
| sitemap      | mediumint(6)     | NO   |     | 0       |                |
| riskscore    | int(11)          | NO   |     | 0       |                |
| country_iso2 | varchar(2)       | NO   |     | UN      |                |
| country      | varchar(50)      | NO   |     | UNKNOWN |                |
| hitcount     | int(10) unsigned | NO   |     | 1       |                |
| firstseen    | bigint(11)       | NO   |     | NULL    |                |
| unixtime     | bigint(11)       | YES  |     | NULL    |                |
| longitude    | float            | NO   |     | 0       |                |
| latitude     | float            | NO   |     | 0       |                |
+--------------+------------------+------+-----+---------+----------------+
17 rows in set (0.00 sec)

This User Gave Thanks to Neo For This Post:
vbe
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

load average

we have an unix system which has load average normally about 20. but while i am running a particular unix batch which performs heavy operations on filesystem and database average load reduces to 15. how can we explain this situation? while running that batch idle cpu time is about %60-65... (0 Replies)
Discussion started by: gfhgfnhhn
0 Replies

2. UNIX for Dummies Questions & Answers

Load Average

Hello all, I have a question about load averages. I've read the man pages for the uptime and w command for two or three different flavors of Unix (Red Hat, Tru64, Solaris). All of them agree that in the output of the 2 aforementioned commands, you are given the load average for the box, but... (3 Replies)
Discussion started by: Heathe_Kyle
3 Replies

3. UNIX for Dummies Questions & Answers

top - Load average

Hello, Here is the output of top command. My understanding here is, the load average 0.03 in last 1 min, 0.02 is in last 5 min, 0.00 is in last 15 min. By seeing this load average, When can we say that, the system load averge is too high? When can we say that, load average is medium/low??... (8 Replies)
Discussion started by: govindts
8 Replies

4. Solaris

load average query.

Hi, i have installed solaris 10 on t-5120 sparc enterprise. I am little surprised to see load average of 2 or around on this OS. when checked with ps command following process is using highest CPU. looks like it is running for long time and does not want to stop, but I do not know... (5 Replies)
Discussion started by: upengan78
5 Replies

5. UNIX for Dummies Questions & Answers

Please Help me in my load average

Hello AlL,.. I want from experts to help me as my load average is increased and i dont know where is the problem !! this is my top result : root@a4s # top top - 11:30:38 up 40 min, 1 user, load average: 3.06, 2.49, 4.66 Mem: 8168788k total, 2889596k used, 5279192k free, 47792k... (3 Replies)
Discussion started by: black-code
3 Replies

6. UNIX for Advanced & Expert Users

Load average in UNIX

Hi , I am using 48 CPU sunOS server at my work. The application has facility to check the current load average before starting a new process to control the load. Right now it is configured as 48. So it does mean that each CPU can take maximum one proces and no processe is waiting. ... (2 Replies)
Discussion started by: kumaran_5555
2 Replies

7. Solaris

Load Average and Lwps

NPROC USERNAME SWAP RSS MEMORY TIME CPU 320 oracle 23G 22G 69% 582:55:11 85% 47 root 148M 101M 0.3% 99:29:40 0.3% 53 rafmsdb 38M 60M 0.2% 0:46:17 0.1% 1 smmsp 1296K 5440K 0.0% 0:00:08 0.0% 7 daemon ... (2 Replies)
Discussion started by: snjksh
2 Replies

8. UNIX for Dummies Questions & Answers

Load average spikes once an hour

Hi, I am getting a high load average, around 7, once an hour. It last for about 4 minutes and makes things fairly unusable for this time. How do I find out what is using this. Looking at top the only thing running at the time is md5sum. I have looked at the crontab and there is nothing... (10 Replies)
Discussion started by: sm9ai
10 Replies

9. UNIX for Dummies Questions & Answers

Help with load average?

how load average is calculated and what exactly is it difference between cpu% and load average (9 Replies)
Discussion started by: robo
9 Replies

10. Programming

ESP32 (ESP-WROOM-32) as an MQTT Client Subscribed to Linux Server Load Average Messages

Here we go.... Preface: ..... so in a galaxy far, far, far away from commercial, data sharing corporations..... For this project, I used the ESP-WROOM-32 as an MQTT (publish / subscribe) client which receives Linux server "load averages" as messages published as MQTT pub/sub messages.... (6 Replies)
Discussion started by: Neo
6 Replies

LEARN ABOUT DEBIAN

apache::dbilogger

DBILogger(3pm)						User Contributed Perl Documentation					    DBILogger(3pm)

NAME

       Apache::DBILogger - Tracks what's being transferred in a DBI database

SYNOPSIS

	 # Place this in your Apache's httpd.conf file
	 PerlLogHandler Apache::DBILogger

	 PerlSetVar DBILogger_data_source    DBI:mysql:httpdlog
	 PerlSetVar DBILogger_username	     httpduser
	 PerlSetVar DBILogger_password	     secret
	 PerlSetvar DBILogger_table	     requests

       Create a database with a table named requests like this:

       CREATE TABLE requests (
	 server varchar(127) DEFAULT '' NOT NULL,
	 bytes mediumint(9) DEFAULT '0' NOT NULL,
	 user varchar(15) DEFAULT '' NOT NULL,
	 filename varchar(200) DEFAULT '' NOT NULL,
	 remotehost varchar(150) DEFAULT '' NOT NULL,
	 remoteip varchar(15) DEFAULT '' NOT NULL,
	 status smallint(6) DEFAULT '0' NOT NULL,
	 timeserved datetime DEFAULT '0000-00-00 00:00:00' NOT NULL,
	 contenttype varchar(50) DEFAULT '' NOT NULL,
	 urlpath varchar(200) DEFAULT '' NOT NULL,
	 referer varchar(250) DEFAULT '' NOT NULL,
	 useragent varchar(250) DEFAULT '' NOT NULL,
	 usertrack varchar(100) DEFAULT '' NOT NULL,
	 KEY server_idx (server),
	 KEY timeserved_idx (timeserved) );

       Please note that for some databases (notably, PostgreSQL) you will need to double-quote the user column name (that is, to specify it as
       ""user" varchar(15)") in order for the database not to mistake it with a keyword.

       Its recommended that you include

       use Apache::DBI; use DBI; use Apache::DBILogger;

       in your startup.pl script. Please read the Apache::DBI documentation for further information.

DESCRIPTION

       This module tracks what's being transfered by the Apache web server in a SQL database (everything with a DBI/DBD driver). This allows one
       to get statistics (of almost everything) without having to parse the log files (like the Apache::Traffic module, just in a "real" database,
       and with a lot more logged information).

       Apache::DBILogger will track the cookie from 'mod_usertrack' if it's there.

       After installation, follow the instructions in the synopsis and restart the server.

       The statistics are then available in the database. See the section VIEWING STATISTICS for more details.

PREREQUISITES

       You need to have compiled mod_perl with the LogHandler hook in order to use this module. Additionally, the following modules are required:

	       o DBI
	       o Date::Format

INSTALLATION

       To install this module, move into the directory where this file is located and type the following:

	       perl Makefile.PL
	       make
	       make test
	       make install

       This will install the module into the Perl library directory.

       Once installed, you will need to modify your web server's configuration file so it knows to use Apache::DBILogger during the logging phase.

VIEWING STATISTICS

       Please see the bin/ directory in the distribution for a statistics script.

       Some funny examples on what you can do might include:

       hit count and total bytes transfered from the virtual server www.company.com
	       select count(id),sum(bytes) from requests
	       where server="www.company.com"

       hit count and total bytes from all servers, ordered by number of hits
	       select server,count(id) as hits,sum(bytes) from requests
	       group by server order by hits desc

       count of hits from macintosh users
	       select count(id) from requests where useragent like "%Mac%"

       hits and total bytes in the last 30 days select count(id),sum(bytes) from requests where server="www.company.com" and TO_DAYS(NOW()) -
       TO_DAYS(timeserved) <= 30
	   This is pretty unoptimal.  It would be faster to calculate the dates in perl and write them in the sql query using f.x. Date::Format.

       hits and total bytes from www.company.com on mondays.
	       select count(id),sum(bytes) from requests where
	       server="www.company.com" and dayofweek(timeserved) = 2

       It's often pretty interesting to view the referer info too.

       See your sql server documentation of more examples. I'm a happy mySQL user, so I would continue on

       http://www.tcx.se/Manual_chapter/manual_toc.html

LOCKING ISSUES

       MySQL 'read locks' the table when you do a select. On a big table (like a large httpdlog) this might take a while, where your httpds can't
       insert new logentries, which will make them 'hang' until the select is done.

       One way to work around this is to create another table (f.x. requests_insert) and get the httpd's to insert to this table.

       Then run a script from crontab once in a while which does something like this:

	 LOCK TABLES requests WRITE, requests_insert WRITE
	 insert into requests select * from requests_insert
	 delete from requests_insert
	 UNLOCK TABLES

       You can use the moverows.pl script from the bin/ directory.

       Please note that this won't work if you have any unique id field!  You'll get duplicates and your new rows won't be inserted, just deleted.
       Be careful.

TRAPS

       I've experienced problems with 'Packets too large' when using Apache::DBI, mysql and DBD::mysql 2.00 (from the Msql-mysql 1.18x packages).
       The DBD::mysql module from Msql-mysql 1.19_17 seems to work fine with Apache::DBI.

       You might get problems with Apache 1.2.x. (Not supporting post_connection?)

MOD_PERL 2 SUPPORT
       The official version of this module, as Ask Bjoern Hansen last modified it, lacks support for the API changes introduced with Apache 2.x
       and the corresponding mod_perl 2.x - Of course, this is quite understandable as this module was last updated in 1998 ;-) But anyway, the
       module does its job still quite fine, and users still require its functionality.

       For any help requests regarding this module on Apache 2 systems, contact Gunnar Wolf <gwolf@debian.org> directly. If your system is based
       on Debian GNU/Linux, you can use the regular Debian bugtracking facilities, as the multi-API patch was introduced specifically for Debian.

SUPPORT

       This module is supported via the mod_perl mailinglist (modperl@apache.org, subscribe by sending a mail to modperl-request@apache.org).

       I would like to know which databases this module have been tested on, so please mail me if you try it.

       The latest version can be found on your local CPAN mirror or at "ftp://ftp.netcetera.dk/pub/perl/"

AUTHOR

       Copyright (C) 1998, Ask Bjoern Hansen <ask@netcetera.dk>. All rights reserved. This module is free software; you may redistribute it and/or
       modify it under the same terms as Perl itself.

SEE ALSO

       perl(1), mod_perl(3)

perl v5.12.3							    2011-06-16							    DBILogger(3pm)
All times are GMT -4. The time now is 06:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy