Good job Chris

Breno

On Mon, Feb 28, 2011 at 3:54 PM, Christian Bockermann <chris@jwall.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi George,

as the others already wrote this is a known issue. It has been around in mlogc
for a long time. Since it seems to be related to concurrency issues, it's hard
to reliably reproduce this.

I am currently working on a syslog- or netcat-receiver within the AuditConsole,
which allows for sending events to the console via a plain syslog command, e.g.
like:

   SecAuditLog "|logger -p local3.info"

Then you can set up syslog or syslog-ng to send events of facility local3 to
the AuditConsole.

Unfortunately, this does not do any buffering if the remote side (AuditConsole)
is temporarily not available. Also, it is in a very early state, but will hopefully
be included in the next release of the AuditConsole.


Best regards,

   Chris



Am 28.02.2011 um 19:39 schrieb George Kobiashvili:

> Hi all
>
> Sometimes webserver does not respond anymore. Everytime when I check it, there
> is one mlogc process using 1 cpu by 100% and running forever. Apache is
> completely blocked. When I kill the process everything is working normal
> again. The last messages in the mlogc-error.log are these:
>
> [Sat Feb 12 18:56:13 2011] [4] [23028/0] Queue locking thread mutex.
> [Sat Feb 12 18:56:13 2011] [4] [23028/0] Worker creation started.
> [Sat Feb 12 18:56:13 2011] [4] [23028/0] Destroying thread_pool.
> [Sat Feb 12 18:56:15 2011] [5] [23028/6d7ee0] Management thread: Processing
> [Sat Feb 12 18:56:15 2011] [4] [23028/6d7ee0] Management thread: Creating
> worker thread to catch up with the queue.
> [Sat Feb 12 18:56:15 2011] [4] [23028/0] Worker creation locking thread mutex.
> [Sat Feb 12 18:56:15 2011] [4] [23028/0] Worker creation waiting on thread
> mutex.
>
> This seems to be the known problem:
> http://comments.gmane.org/gmane.comp.apache.mod-security.user/7560
>
> but i could not find solution.
> Short description of my system:
>
> mlogc -v
> ModSecurity Log Collector (mlogc) v2.5.13
>   APR: compiled="1.3.8"; loaded="1.3.8"
>  PCRE: compiled="7.8"; loaded="7.8 2008-09-05"
>  cURL: compiled="7.19.7"; loaded="libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3
> libidn/1.15"
>
> System:         ubuntu 10.04.2 lts x64
> Apache:         2.2.14
> Modsecurity:    2.5.13
> Auditconsole:   0.4.2
>
>
> if you experienced the same how did you solve it?
>
> Best Regards
> George Kobiashvili
>
> ------------------------------------------------------------------------------
> Free Software Download: Index, Search & Analyze Logs and other IT data in
> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
> generated by your applications, servers and devices whether physical, virtual
> or in the cloud. Deliver compliance at lower cost and gain new business
> insights. http://p.sf.net/sfu/splunk-dev2dev
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> ModSecurity Services from Trustave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iD8DBQFNbBmlpc5/RcXDlTwRAv4gAKCCjC4sG6wPwXNvZ0Gu1K+VPURXYwCfRNlH
C3zNk+pxUKacL9fwVVGKiAs=
=udyu
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
ModSecurity Services from Trustave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php