Memory glut issues

[The Doctor]

All right.

Using 4GB RAM on a bsd/OS 4.3 i386 system.

Recently

clamd and perl are experiencing not enough memory to operate with.

What do I need to do to determine the culprit?
--
Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Merry Christmas and Happy New Year!

[DoN. Nichols]

On 2013-12-16, The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> All right.
>
> Using 4GB RAM on a bsd/OS 4.3 i386 system.

Rather heavily cross-posted. Which BSD flavor?

comp.unix.bsd.bsdi.misc
comp.unix.bsd.freebsd.misc
comp.unix.bsd.openbsd.misc
comp.unix.bsd.netbsd.misc
comp.unix.bsd.misc

> Recently
>
> clamd and perl are experiencing not enough memory to operate with.
>
> What do I need to do to determine the culprit?

Start with top(1), which will list the N most resource hungry
programs. The value of 'N' will depend on how many lines the window in
which you run it offers.

Here is an example from a system which happens to be a web
server on OpenBSD:

I used the "-o res" option to have it sort on memory usage, instead of CPU percentage.

======================================================================
load averages: 3.47, 3.41, 3.40 Popocat.d-and-d.com 00:03:44
43 processes: 1 running, 40 idle, 1 zombie, 1 on processor
CPU states: 5.1% user, 0.0% nice, 41.5% system, 1.7% interrupt, 51.7% idle
Memory: Real: 29M/162M act/tot Free: 833M Swap: 0K/6146M used/tot

PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
27153 root 28 0 5048K 5376K run - 0:07 0.05% sshd
10518 root 2 0 3448K 3856K idle select 0:00 0.00% sshd
1927 root 2 0 3480K 3848K idle select 0:05 0.00% sshd
28366 www 2 0 1768K 3264K sleep select 10:44 0.00% httpd
27366 www 2 0 2016K 2648K idle netcon 12:15 0.00% httpd
9725 www 2 0 1984K 2616K idle netcon 12:39 0.00% httpd
20739 www 2 0 1984K 2616K idle netcon 12:27 0.00% httpd
30635 www 2 0 1984K 2616K idle netcon 12:24 0.00% httpd
25899 www 2 0 1984K 2616K idle netcon 12:21 0.00% httpd
5627 www 2 0 1984K 2616K idle netcon 12:09 0.00% httpd
11465 www 2 0 1984K 2608K idle netcon 12:18 0.00% httpd
15214 www 2 0 1952K 2584K idle netcon 12:06 0.00% httpd
1007 www 2 0 1952K 2576K idle netcon 12:19 0.00% httpd
6795 www 2 0 1952K 2576K idle netcon 12:16 0.00% httpd
2482 root 18 0 1560K 2560K sleep pause 0:01 0.00% tcsh
14735 root 3 0 1552K 2512K idle ttyin 0:01 0.00% tcsh
8566 root 3 0 1416K 2472K idle ttyin 0:01 0.00% tcsh
======================================================================

Note the "SIZE" and "RES" columns. they will show you how much memory
is being consumed. And you can sort on either with the proper "-o "
option. ("res" or "size"). "res" means how much memory is currently
being allocated to that task, while "size" is how much total memory the
process takes if it doesn't have to share virtual memory with other
processes.

Perhaps you should start out with:

"ps -ax | wc -l"

to find out how many processes are actually running, as there may be a
lot of relatively small processes adding up, instead of a few real
memory hogs.

All of the above will probably work on any current version of
BSD. Once you find what is hogging the memory, you then have the fun of
deciding whether you actually *need* to run that program. :-)

Good Luck,
DoN.

--
Remove oil spill source from e-mail
Email: <BPdnic...@d-and-d.com> | (KV4PH) Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---

[The Doctor]

In article <slrnlavnac.n0...@Katana.d-and-d.com>,

DoN. Nichols <BPdnic...@d-and-d.com> wrote:
>On 2013-12-16, The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
>> All right.
>>
>> Using 4GB RAM on a bsd/OS 4.3 i386 system.
>
> Rather heavily cross-posted. Which BSD flavor?
>
> comp.unix.bsd.bsdi.misc
> comp.unix.bsd.freebsd.misc
> comp.unix.bsd.openbsd.misc
> comp.unix.bsd.netbsd.misc
> comp.unix.bsd.misc
>

BSD/OS is bsdi , however bsd's are similar in flavour.

I will try.

I might have to get the lastest to so that I can get -o functioning properly.

>--
> Remove oil spill source from e-mail
>Email: <BPdnic...@d-and-d.com> | (KV4PH) Voice (all times): (703) 938-4564
> (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
> --- Black Holes are where God is dividing by zero ---

[DoN. Nichols]

On 2013-12-17, The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> In article <slrnlavnac.n0...@Katana.d-and-d.com>,
> DoN. Nichols <BPdnic...@d-and-d.com> wrote:
>>On 2013-12-16, The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
>>> All right.
>>>
>>> Using 4GB RAM on a bsd/OS 4.3 i386 system.
>>
>> Rather heavily cross-posted. Which BSD flavor?
>>
>> comp.unix.bsd.bsdi.misc
>> comp.unix.bsd.freebsd.misc
>> comp.unix.bsd.openbsd.misc
>> comp.unix.bsd.netbsd.misc
>> comp.unix.bsd.misc
>>
>
> BSD/OS is bsdi , however bsd's are similar in flavour.

Actually -- for *this* question, pretty much all unix variants
are similar enough. The primary difference between Sun's Solaris-10 and
OpenBSD (which is the BD flavor which I use) is in the "ps" command I
suggested at the end, you would use "-ae" instead of "-ax".

[ ... ]

>> Start with top(1), which will list the N most resource hungry
>>programs. The value of 'N' will depend on how many lines the window in
>>which you run it offers.
>>
>> Here is an example from a system which happens to be a web
>>server on OpenBSD:
>>
>> I used the "-o res" option to have it sort on memory usage, instead of CPU percentage.

[ ... ]

>>Note the "SIZE" and "RES" columns. they will show you how much memory
>>is being consumed. And you can sort on either with the proper "-o "
>>option. ("res" or "size"). "res" means how much memory is currently
>>being allocated to that task, while "size" is how much total memory the
>>process takes if it doesn't have to share virtual memory with other
>>processes.
>>
>> Perhaps you should start out with:
>>
>> "ps -ax | wc -l"
>>
>>to find out how many processes are actually running, as there may be a
>>lot of relatively small processes adding up, instead of a few real
>>memory hogs.
>>
>> All of the above will probably work on any current version of
>>BSD. Once you find what is hogging the memory, you then have the fun of
>>deciding whether you actually *need* to run that program. :-)
>>

> I will try.

> I might have to get the lastest to so that I can get -o functioning properly.

Even the top in Solaris 2.6 (whichever version I compiled some
time ago) observes the "-o res" option. It did not come with Solaris
2.6, but was easy to download and compile. That one happens to be
"version 3.5beta8".

However, linux (at least the ubuntu versions which I have),
doesn't have the "-o" option. A different branch of the top source tree,
I guess.

BTW Have you tried disconnecting from the net and seeing what
happens? Wait a half hour or so. It may be someone trying to
break in via sshd. (I presume that you have rlogin disabled).

If someone is beating on it, and you don't need sshd logins from
outside, but do need them from inside), go into
/etc/ssh/sshd_config and look at the "ListenAddress" option. By
default, it is set to 0.0.0.0, and you can change it to the IP
address of the NIC facing into your private net, so it allows
logins only via that.

I don't know what firewall options are present on your flavor of
BSD (BSDi) (or whether you are running one), but with OpenBSD's
PF, it is possible to set it up to block automatically after a
certain number of failed logins, or a certain number in a
particularly short time -- and usually keep it blocked for
something like 24 hours.

This keeps your system from being brought to its knees by
repeated login attempts.

It certainly sounds like something is spawning a lot of
processes -- or consuming a lot of memory.

Do you have incoming e-mail allowed? If so, with what? If
sendmail, that might be the point of attack.

Do you have another system on the local net which can be used to
look at net connection attempts via the ethernet? You may find
that someone is beating on the system trying to log in.

Or -- you may find that someone has gotten into the system and is
using it to send out massive amounts of spam, or to run attacks
against other systems.

Good Luck,
DoN.

[The Doctor]

In article <slrnlb25o6.2g...@Katana.d-and-d.com>,

Will try.

>
>--
> Remove oil spill source from e-mail
>Email: <BPdnic...@d-and-d.com> | (KV4PH) Voice (all times): (703) 938-4564
> (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
> --- Black Holes are where God is dividing by zero ---