Hello everyone,
We have web server (apache22) that is working more than year stable without any problem.
Last week I have observed big increse in web connection count.
In the same moment if I check with sockstat, picture is different.
Apache processess:
Also netstat show some info, but I dont understand the message (some coloumn are ommited):
System is stable:
The IPFW have rule:
What can be the cause of information difference and what can be done to prevent any service disturbance?
ps: sorry for long netstat output
We have web server (apache22) that is working more than year stable without any problem.
Last week I have observed big increse in web connection count.
Code:
/usr/bin/netstat -an | /usr/bin/grep ".80 " | /usr/bin/grep "ESTABLISHED" | /usr/bin/wc -l
134In the same moment if I check with sockstat, picture is different.
Code:
sockstat -4c | grep www | wc -l
19Apache processess:
Code:
#ps auxwww | grep httpd
www 48988 9.0 1.4 308620 44448 ?? S 11:35AM 0:01.35 /usr/local/sbin/httpd
www 48956 2.0 1.4 308620 44528 ?? S 11:35AM 0:00.53 /usr/local/sbin/httpd
www 48976 2.0 1.4 308620 42872 ?? S 11:35AM 0:00.58 /usr/local/sbin/httpd
www 48949 1.0 1.4 308620 43604 ?? S 11:35AM 0:00.69 /usr/local/sbin/httpd
root 5562 0.0 0.5 300428 16084 ?? Ss 7:41PM 0:57.60 /usr/local/sbin/httpd
www 48857 0.0 1.5 308620 47096 ?? S 11:33AM 0:02.24 /usr/local/sbin/httpd
www 48914 0.0 1.4 308620 44332 ?? S 11:34AM 0:00.71 /usr/local/sbin/httpd
www 48926 0.0 1.5 308620 46792 ?? S 11:34AM 0:01.62 /usr/local/sbin/httpd
www 48940 0.0 1.4 308620 44608 ?? S 11:35AM 0:01.73 /usr/local/sbin/httpd
www 48945 0.0 1.4 308620 44036 ?? S 11:35AM 0:00.34 /usr/local/sbin/httpd
www 48964 0.0 1.4 308620 42988 ?? S 11:35AM 0:00.16 /usr/local/sbin/httpd
www 48970 0.0 1.5 312900 47628 ?? S 11:35AM 0:00.52 /usr/local/sbin/httpd
www 48972 0.0 1.4 308620 44304 ?? S 11:35AM 0:00.29 /usr/local/sbin/httpd
www 48974 0.0 1.4 308620 44244 ?? S 11:35AM 0:00.33 /usr/local/sbin/httpd
www 48982 0.0 0.5 300428 16564 ?? S 11:35AM 0:00.03 /usr/local/sbin/httpd
www 48987 0.0 1.4 308620 43208 ?? S 11:35AM 0:00.30 /usr/local/sbin/httpd
www 48990 0.0 1.4 308620 43988 ?? S 11:35AM 0:00.31 /usr/local/sbin/httpd
www 49009 0.0 0.5 300428 16112 ?? S 11:36AM 0:00.00 /usr/local/sbin/httpd
root 49011 0.0 0.0 16424 1540 1 S+ 11:36AM 0:00.00 grep httpd
#Also netstat show some info, but I dont understand the message (some coloumn are ommited):
Code:
# netstat -anx
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address R-LOWA S-LOWA R-BCNT S-BCNT R-BMAX S-BMAX rexmt persist keep 2msl delack rcvtime
tcp4 0 1497 WEB-SERVER-IP.80 x.x.x.x33974 16652 0 6656 532864 266432 0.23 0.00 7199.96 0.00 0.00 0.04
tcp4 0 24 WEB-SERVER-IP.80 x.x.x.x1767 2048 0 4352 525600 268640 0.53 0.00 7199.99 0.00 0.00 0.01
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.4052 2048 0 0 525600 268640 0.00 0.00 7197.07 0.00 0.00 2.93
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.46688 2048 0 0 532864 266432 0.00 0.00 0.00 0.00 0.00 0.00
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.46685 2048 0 0 532864 266432 0.00 0.00 0.00 0.00 0.00 0.00
...
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.46687 2048 0 0 532864 266432 0.00 0.00 0.00 0.00 0.00 0.00
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x0.33269 2048 0 0 525648 268416 0.00 0.00 7193.47 45.40 0.00 6.53
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.3902 2048 0 0 525600 268640 0.00 0.00 7157.92 19.91 0.00 42.08
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x901 2048 0 0 525600 268640 0.00 0.00 6875.73 0.00 0.00 324.27
...
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x6.19208 2048 0 0 525888 262944 0.00 0.00 6223.68 0.00 0.00 976.32
...
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x0189 2048 0 0 525600 268640 0.00 0.00 6212.61 0.00 0.00 987.39
...
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x4.7194 2048 0 0 525600 268640 0.00 0.00 4608.83 0.00 0.00 2591.17
...
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.49227 2048 0 0 525600 268640 0.00 0.00 682.35 0.00 0.00 6517.65
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.17870 2048 0 0 525888 262944 0.00 0.00 183.50 0.00 0.00 7016.50
...
tcp4 0 0 WEB-SERVER-IP.80 x.x.x.x.42691 2048 0 0 525600 268640 0.00 0.00 7123.30 0.00 0.00 76.70
...System is stable:
Code:
last pid: 49416; load averages: 0.56, 0.43, 0.36 up 71+01:34:36 11:42:56
80 processes: 1 running, 78 sleeping, 1 zombie
CPU: 0.5% user, 0.0% nice, 4.5% system, 0.0% interrupt, 95.0% idle
Code:
# uname -a
FreeBSD esx3.mydomain.com 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 02:52:29 UTC 2012
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64The IPFW have rule:
Code:
$cmd 01080 allow tcp from any to me 80 in via $extern setup limit src-addr 20What can be the cause of information difference and what can be done to prevent any service disturbance?
ps: sorry for long netstat output
