Hi
I have an Astaro Cluster with two nodes (asg320).
swap partition on the first node is 100% full.
I guess snort is using the most, also 44% memory.
Swap usage:@see pid 25154
I found other strange things too:
Why there are 370 iplocators running?
And is the snort usage a common problem or just on my cluster?
Thanks
Version: 8.202
I have an Astaro Cluster with two nodes (asg320).
swap partition on the first node is 100% full.
I guess snort is using the most, also 44% memory.
Code:
25154 snort 19 -1 2004m 810m 1248 S 5 41.0 735:07.30 snort_inline
4543 root 20 0 70540 52m 3992 S 2 2.7 0:23.11 confd.plx
11656 postgres 20 0 49756 37m 35m S 2 1.9 96:50.57 postgres
10972 root 20 0 17632 9604 3348 S 1 0.5 1:40.28 pfilter-reporte
12372 postgres 20 0 50072 37m 35m S 1 1.9 148:46.47 postgresCode:
PID=1 - Swap used: 44 - (init )
PID=3170 - Swap used: 228 - (udevd )
PID=4543 - Swap used: 124 - (confd.plx )
PID=4594 - Swap used: 80 - (acpid )
PID=4609 - Swap used: 68 - (dbus-daemon )
PID=4815 - Swap used: 160 - (postgres )
PID=4870 - Swap used: 200 - (hald )
PID=4871 - Swap used: 88 - (hald-runner )
PID=4881 - Swap used: 228 - (hald-addon-inpu )
PID=4895 - Swap used: 476 - (httpd )
PID=4897 - Swap used: 228 - (hald-addon-acpi )
PID=4931 - Swap used: 68 - (lcd4linux )
PID=4986 - Swap used: 68 - (logger )
PID=5025 - Swap used: 2084 - (sysmond )
PID=5115 - Swap used: 6912 - (aua.bin )
PID=5166 - Swap used: 168 - (postgres )
PID=5303 - Swap used: 5808 - (notifier.plx )
PID=5363 - Swap used: 128 - (atd )
PID=5449 - Swap used: 484 - (httpd )
PID=5511 - Swap used: 32 - (csync2 )
PID=5526 - Swap used: 24 - (ha_sysmond )
PID=5670 - Swap used: 1832 - (slon_control )
PID=5783 - Swap used: 280 - (postgres )
PID=5949 - Swap used: 7308 - (mdw.plx )
PID=6006 - Swap used: 2580 - (selfmonng.plx )
PID=6067 - Swap used: 20 - (daemon-watcher )
PID=6068 - Swap used: 128 - (mingetty )
PID=6069 - Swap used: 112 - (mingetty )
PID=6070 - Swap used: 108 - (mingetty )
PID=6071 - Swap used: 108 - (mingetty )
PID=6072 - Swap used: 100 - (mingetty )
PID=6073 - Swap used: 100 - (mingetty )
PID=6074 - Swap used: 20 - (logger )
PID=6082 - Swap used: 6340 - (selfmonng.plx )
PID=6092 - Swap used: 132 - (ulogd )
PID=6098 - Swap used: 68 - (logger )
PID=6490 - Swap used: 1364 - (conntrackd )
PID=6557 - Swap used: 64 - (logger )
PID=7457 - Swap used: 2832 - (named )
PID=7535 - Swap used: 68 - (cron )
PID=7561 - Swap used: 224 - (sshd )
PID=7711 - Swap used: 248 - (syslog-ng )
PID=7712 - Swap used: 456 - (syslog-ng )
PID=7933 - Swap used: 10072 - (index.plx )
PID=8153 - Swap used: 4612 - (master )
PID=8357 - Swap used: 364 - (clamd )
PID=8367 - Swap used: 1548 - (ctipd.bin )
PID=8383 - Swap used: 64 - (logger )
PID=8503 - Swap used: 64 - (logger )
PID=8590 - Swap used: 64 - (logger )
PID=8591 - Swap used: 1032 - (ctasd )
PID=8592 - Swap used: 7484 - (ctasd )
PID=8776 - Swap used: 196 - (confd.plx )
PID=8900 - Swap used: 184 - (postgres )
PID=9103 - Swap used: 92 - (starter )
PID=9105 - Swap used: 472 - (pluto )
PID=9221 - Swap used: 64 - (logger )
PID=9232 - Swap used: 72 - (_pluto_adns )
PID=9239 - Swap used: 64 - (logger )
PID=9298 - Swap used: 64 - (logger )
PID=9391 - Swap used: 64 - (logger )
PID=9461 - Swap used: 24 - (logger )
PID=9742 - Swap used: 68 - (logger )
PID=10093 - Swap used: 68 - (logger )
PID=10182 - Swap used: 140 - (confd.plx )
PID=10223 - Swap used: 204 - (confd.plx )
PID=10411 - Swap used: 16 - (snmpd )
PID=10440 - Swap used: 64 - (logger )
PID=10443 - Swap used: 1304 - (dhcpd )
PID=10453 - Swap used: 24 - (confd-sync )
PID=10528 - Swap used: 64 - (logger )
PID=10706 - Swap used: 1912 - (ha_proxy )
PID=10707 - Swap used: 1924 - (ha_proxy )
PID=10802 - Swap used: 64 - (logger )
PID=10825 - Swap used: 748 - (dns-resolver.pl )
PID=10875 - Swap used: 12392 - (smtpd.bin )
PID=10886 - Swap used: 12040 - (smtpd.bin )
PID=10949 - Swap used: 396 - (postgres )
PID=10957 - Swap used: 684 - (httpd )
PID=10959 - Swap used: 20 - (logger )
PID=10960 - Swap used: 684 - (httpd )
PID=11047 - Swap used: 256 - (service_monitor )
PID=11057 - Swap used: 416 - (postgres )
PID=11321 - Swap used: 64 - (logger )
PID=11656 - Swap used: 476 - (postgres )
PID=11670 - Swap used: 64 - (logger )
PID=11769 - Swap used: 76 - (slon )
PID=11770 - Swap used: 80 - (slon )
PID=11771 - Swap used: 76 - (slon )
PID=11874 - Swap used: 432 - (postgres )
PID=11875 - Swap used: 484 - (postgres )
PID=11876 - Swap used: 416 - (postgres )
PID=11878 - Swap used: 120 - (slon )
PID=11882 - Swap used: 500 - (postgres )
PID=11887 - Swap used: 416 - (postgres )
PID=11888 - Swap used: 488 - (postgres )
PID=11889 - Swap used: 592 - (postgres )
PID=11894 - Swap used: 124 - (slon )
PID=11898 - Swap used: 524 - (postgres )
PID=11903 - Swap used: 612 - (postgres )
PID=11904 - Swap used: 672 - (postgres )
PID=11905 - Swap used: 592 - (postgres )
PID=11922 - Swap used: 116 - (slon )
PID=11926 - Swap used: 500 - (postgres )
PID=11931 - Swap used: 592 - (postgres )
PID=11932 - Swap used: 564 - (postgres )
PID=11933 - Swap used: 492 - (postgres )
PID=11934 - Swap used: 524 - (postgres )
PID=11946 - Swap used: 440 - (postgres )
PID=12016 - Swap used: 64 - (logger )
PID=12274 - Swap used: 64 - (logger )
PID=12372 - Swap used: 392 - (postgres )
PID=12550 - Swap used: 68 - (logger )
PID=12884 - Swap used: 68 - (logger )
PID=13401 - Swap used: 64 - (logger )
PID=13746 - Swap used: 64 - (logger )
PID=14102 - Swap used: 68 - (logger )
PID=14301 - Swap used: 68 - (logger )
PID=14628 - Swap used: 68 - (logger )
PID=14840 - Swap used: 12160 - (index.plx )
PID=15172 - Swap used: 64 - (logger )
PID=15447 - Swap used: 20 - (cron )
PID=15464 - Swap used: 160 - (postgres )
PID=15518 - Swap used: 68 - (logger )
PID=15864 - Swap used: 68 - (logger )
PID=16286 - Swap used: 64 - (logger )
PID=16406 - Swap used: 152 - (confd.plx )
PID=16540 - Swap used: 188 - (postgres )
PID=16541 - Swap used: 188 - (postgres )
PID=16630 - Swap used: 64 - (logger )
PID=16644 - Swap used: 10788 - (smtpd.bin )
PID=16645 - Swap used: 188 - (postgres )
PID=16649 - Swap used: 188 - (postgres )
PID=20471 - Swap used: 544 - (irqd )
PID=23067 - Swap used: 456 - (postgres )
PID=24523 - Swap used: 256 - (postgres )
PID=24524 - Swap used: 288 - (postgres )
PID=24525 - Swap used: 264 - (postgres )
PID=24526 - Swap used: 304 - (postgres )
PID=25154 - Swap used: 928900 - (snort_inline )
PID=27520 - Swap used: 524 - (postgres )
PID=28799 - Swap used: 14704 - (acc-agent.plx )
PID=32251 - Swap used: 68 - (logger )
Overall swap used: 1083972Code:
fw-master001:/home/login # ps aux | grep iplocator.plx | nl | tail
358 root 32145 0.0 0.0 0 0 ? Z Apr20 0:00 [iplocator.plx] <defunct>
359 root 32177 0.0 0.0 0 0 ? Z May05 0:00 [iplocator.plx] <defunct>
360 root 32183 0.0 0.0 0 0 ? Z May10 0:00 [iplocator.plx] <defunct>
361 root 32186 0.0 0.0 0 0 ? Z May04 0:00 [iplocator.plx] <defunct>
362 root 32220 0.0 0.0 0 0 ? Z Apr17 0:00 [iplocator.plx] <defunct>
363 root 32221 0.0 0.0 0 0 ? Z Apr06 0:00 [iplocator.plx] <defunct>
364 root 32260 0.0 0.0 0 0 ? Z May08 0:00 [iplocator.plx] <defunct>
365 root 32288 0.0 0.0 0 0 ? Z Apr02 0:00 [iplocator.plx] <defunct>
366 root 32393 0.0 0.0 0 0 ? Z Apr13 0:00 [iplocator.plx] <defunct>
367 root 32463 0.0 0.0 0 0 ? Z Apr12 0:00 [iplocator.plx] <defunct>And is the snort usage a common problem or just on my cluster?
Thanks
Version: 8.202