On Dec 18, 2007 7:36 PM, Joshua Slive <[EMAIL PROTECTED]> wrote: > > The point of mod_log_forensic is to run it after an apache crash to > see what requests were in play at the time of the crash. One way for > you to do that would be to monitor memory usage on the apache box and > kill -9 the server when things look to be getting out of control. Then > you run check_forensic to see if you can find the cause.
Hi Joshua, Ok we got another crash and our shared web servers (running under UML) was unaccessible, however this time mod_forensic logging to a file. Below is the logs when httpd bring the vm to its knees then i have to restart it, i have replace the Host with 'xxx' just to protect our company hosting. Please let me know what would be action strategy now. +10d8:476979f0:39a|POST /forum/posting.php HTTP/1.0|Accept:*/*|User-Agent:Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)|Referer:http%3a//www.xxx.com/forum/posting.php?mode=newtopic&f=12&sid=dd4189290cb614c55071a463743df2cd|Content-Type:application/x-www-form-urlencoded|Host: www.xxx.com|Content-Length:59423|Pragma:no-cache|Cookie:phpbb2mysql_data=a%253A2%253A%257Bs%253A11%253A%2522autologinid%2522%253Bs%253A0%253A%2522%2522%253Bs%253A6%253A%2522userid%2522%253Bs%253A5%253A%252214567%2522%253B%257D; phpbb2mysql_sid=dd4189290cb614c55071a463743df2cd +133e:476c9678:3|GET /forum/viewtopic.php?p=51500&sid=578b164651a42205e13907ad29ee6c1f HTTP/1.1|Host:www.xxx.com|Connection:Keep-alive|Accept:*/*|From:googlebot(at)googlebot.com|User-Agent:Mozilla/5.0 (compatible; Googlebot/2.1; +http%3a//www.google.com/bot.html)|Accept-Encoding:gzip +1341:476c9629:1|GET /app/cs.php?c=gb&pno=0 HTTP/1.0|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host:www.xxx.com +13c0:476c96a0:0|GET /app/cs.php?c=gb&pno=0 HTTP/1.1|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host: www.xxx.com|Cache-Control:max-stale=0|Connection:close|X-BlueCoat-Via:3EFBBB6A4CC354A7 +1bd5:47697260:1b0|POST /forum/posting.php HTTP/1.0|Accept:*/*|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727 )|Referer:http%3a//www.xxx.com/forum/posting.php?mode=newtopic&f=12&sid=58b841154dc1bc186be53e6712dcf5d6|Content-Type:application/x-www-form-urlencoded|Host: www.xxx.com|Content-Length:56738|Pragma:no-cache|Cookie:phpbb2mysql_data=a%253A2%253A%257Bs%253A11%253A%2522autologinid%2522%253Bs%253A0%253A%2522%2522%253Bs%253A6%253A%2522userid%2522%253Bs%253A5%253A%252214564%2522%253B%257D; phpbb2mysql_sid=58b841154dc1bc186be53e6712dcf5d6 +30e0:476c95af:3f1|GET /app/cs.php?c=gb&pno=0 HTTP/1.0|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host:www.xxx.com +3751:476c9585:3a2|GET /app/cs.php?c=gb&pno=0 HTTP/1.0|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host:www.xxx.com +37b5:476c9681:3b9|GET / HTTP/1.1|Accept:*/*|Referer:http%3a//click.betafoxsearch.com/click/?dT0xNS4yMy45MzQ2ODgyLjI0NC4xJTdDNzY4NCU3QzE2OTk5JTdDMDAxMDg5Mjk0NjU4MjclN0MyNjAwOTAwMyU3QyU3QyU3QzU4JTdDJm51bWJlcj00JTNBNCZhZHRpdGxlPUNyZWF0ZSUyMGElMjBmcmVlJTIwbmV3c2xldHRlciUyMGZvciUyMHlvdXIlMjBjb25kbyUyMG9yJTIwY28tb3AmYWR1cmw9aHR0cCUzQSUyRiUyRnd3dy5teWNvbmRvbmV3c2xldHRlci5jb20mYWRib2R5PU15Q29uZG9OZXdzbGV0dGVyLmNvbSUyMGlzJTIwYSUyMGZyZWUlMjBzZXJ2aWNlJTIwZm9yJTIwY29uZG8lMjBhbmQlMjBjby1vcCUyMHJlc2lkZW50cyUyMHRvJTIwaW50ZXJhY3QlMjBvbmxpbmUuJTIwV2UlMjBwcm92aWRlJTIwYSUyMGZyZWUlMjBuZXdzbGV0dGVyJTIwYW55JTIwcmVzaWRlbnQlMjBjYW4lMjBhY2Nlc3MlMjB3aXRob3V0JTIwY2hhcmdlLiY=|Accept-Language:en-us|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322)|Connection:Keep-Alive|Host: www.mycondonewsletter.com +3adb:476c95a3:385|GET /app/cs.php?c=gb&pno=0 HTTP/1.0|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host:www.xxx.com +4e1c:47680f0e:18c|GET /app/cs.php?c=mpage&id=1125&catid=2&mid=113 HTTP/1.1|Host:www.xxx.com|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)|Accept:text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5|Connection:close +512b:47695866:464|POST /forum/posting.php HTTP/1.0|Accept:*/*|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)|Referer:http%3a//www.xxx.com/forum/posting.php?mode=newtopic&f=12&sid=dd19e39ca20bd404017e222fe1e06f04|Content-Type:application/x-www-form-urlencoded|Host: www.xxx.com|Content-Length:58997|Pragma:no-cache|Cookie:phpbb2mysql_data=a%253A2%253A%257Bs%253A11%253A%2522autologinid%2522%253Bs%253A0%253A%2522%2522%253Bs%253A6%253A%2522userid%2522%253Bs%253A5%253A%252214553%2522%253B%257D; phpbb2mysql_sid=dd19e39ca20bd404017e222fe1e06f04 +7e4e:476c95e5:c1|GET /app/cs.php?c=gb&pno=0 HTTP/1.1|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host: www.xxx.com|Cache-Control:max-stale=0|Connection:Keep-Alive|X-BlueCoat-Via:3EFBBB6A4CC354A7 +7f31:476c9682:b5|GET /app/cs.php?c=gb&pno=0 HTTP/1.0|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*|Accept-Language:en|Accept-Encoding:gzip, deflate|User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)|Host:www.xxx.com Thanks. Askar
