root using too much CPU due to netstat

[PvUtrix]

CPU usage for user "root" (in WHM>CPU/Memory/MySQL
Usage) has usually been below 6%, then it started climbing and when it hit 15% daily and it began to be highlighted in yellow and red, I decided to investigate...

Code:

User Domain   %CPU     %MEM    Mysql Processes 
root         13.82       0.51         1.8                <- This was highlighted yellow
Top Process %CPU 68.5 netstat -nlp 
Top Process %CPU 59.0 netstat -nlp 
Top Process %CPU 52.3 netstat -nlp

I contacted support and they told me that it's OK for "root" to use 15% CPU and told me to refer to VZPP's resource usage and look out for QoS alerts... i was not convinced however and continued my investigation


One of the programs running this process turned out to be LSM (It is a network socket monitor - http://www.rfxnetworks.com/lsm.php)
It runs as a cron job (/etc/cron.d/lsm) every 10 minutes
Changing it to run every 30 minutes solved the problem...

User root is back to its usual CPU consumption of around 3% and "netstat -nlp" is no longer among the top processes...

No yellow or red highlights make me more relaxed

P.S.
As for QoS alerts in VZPP, I've seen cpuunits hit the limit many times(see attachment) and it's hitting it right now, but it's not logged in QoS alerts.... why?

[BornOnline]

Hah.. I just changed my LSM cron today too. Was reading about it on cpanel forums.

Thanks for the info

wow, how are you using soo much CPU? I'm only using 20 units outta 1969. But I only run http/mysql/mail/dns on my box. It uses alot of memory rather CPU. I remember my CPU was at 100% when its backing up logs and rotating them. Also the time i didnt have an index on one of my tables which was 13,000 rows and couldnt figure out why it was slow for days.

[PvUtrix]

Quote:

Originally Posted by Hvu

wow, how are you using soo much CPU?

I have one busy forum.... it's not always like that, just a few times a day, but still I don't get how come it's not getting logged at VZPP's QoS?!

[PvUtrix]

Quote:

Originally Posted by BornOnline

Hah.. I just changed my LSM cron today too. Was reading about it on cpanel forums.

Thanks for the info

That's where I got the info also

Crazy how many hits per min? I get around 500 hits per min on http. But the site is highly optimized. Cache is my best friend (: Adodb works wonders caching the database queries.

[PvUtrix]

Quote:

Originally Posted by Hvu

Crazy how many hits per min? I get around 500 hits per min on http. But the site is highly optimized. Cache is my best friend (: Adodb works wonders caching the database queries.

I'm about at the same number at peak hours... the forum has about 80-100 users at that time...

Maybe I was a bit misleading in my previous post when I said "many times"... It doesn't stay at 100 for a long time, just a few seconds (and I am lucky to catch it sometimes ), bit it still hits the limit and I was wondering why it's not being logged...

I like adodb also and use it in all the new projects that I start...

[vps-vince]

Quote:

Originally Posted by BornOnline

Hah.. I just changed my LSM cron today too. Was reading about it on cpanel forums.

So from:

Quote:

MAILTO=
SHELL=/bin/sh
# */10 * * * * root /usr/local/sbin/lsm -c >> /dev/null 2>&1

To this right?

Quote:

MAILTO=
SHELL=/bin/sh
# */30 * * * * root /usr/local/sbin/lsm -c >> /dev/null 2>&1

Excuse the noob

[charles]

Just to clarify about CPU use. It is very possible to hit 100% cpu, since you can burst. Many customers spend more time getting over 100% most of the time. If its available and you need it, you will get it. The 100% is just your guarantee.

Vince, those LSM entries are commented out, so it doesn't make a difference in your case. Our default config is to have it commented out since our firewall thwarts an attack where a random executable tries to listen on some port (it can but wont get any traffic).

charles

[vps-vince]

Quote:

Originally Posted by charles

Vince, those LSM entries are commented out, so it doesn't make a difference in your case. Our default config is to have it commented out since our firewall thwarts an attack where a random executable tries to listen on some port (it can but wont get any traffic).

Gosh, how stupid of me not noticing the #
I'll get my coat ...