The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanellogd - http logs exceeding limits

Discussion in 'General Discussion' started by dlsweb, Feb 24, 2013.

  1. dlsweb

    dlsweb Member

    Joined:
    Jun 17, 2004
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Recently I began receiving a couple of these each morning for many different accounts.

    Time: Sun Feb 24 07:16:56 2013 -0500
    Account: xxxxxxxx
    Resource: Process Time
    Exceeded: 93452875 > 1800 (seconds)
    Executable: /usr/local/cpanel/3rdparty/perl/514/bin/perl
    Command Line: cpanellogd - http logs for xxxxxxxx
    PID: 4977 (Parent PID:4734)
    Killed: No

    This morning my customer stated his site timed out when he tried to access.
    Can someone let me know what I need to do?
     
  2. noox

    noox Active Member

    Joined:
    Mar 19, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I've the same for the last 3 days now.

    Time: Tue Mar 12 13:10:12 2013 +0100
    Account: xxxxxx
    Resource: Process Time
    Exceeded: 7277999 > 1800 (seconds)
    Executable: /usr/local/cpanel/3rdparty/perl/514/bin/perl
    Command Line: cpanellogd - http logs for xxxxxxx
    PID: 28697 (Parent PID:28663)
    Killed: No

    I've found how to disable this mail, but I'd rather like to know why suddenly the execution time for log processing is so long.
     
  3. dlsweb

    dlsweb Member

    Joined:
    Jun 17, 2004
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I agree with that
     
  4. pmkenney

    pmkenney Registered

    Joined:
    Mar 15, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    How did you disable these notifications? I realize the notifications are being generated by CSF/LFD ...and that it's likely I need to add a line or two to csf.pignore, but I can't tell which process is triggering the alert. I suspect the warnings are related to a recent cPanel update to version 11.36:
    Internal Perl Modules
    Odd that the messages are coming in once every 24 hours at roughly the same time each morning.
     
  5. dlsweb

    dlsweb Member

    Joined:
    Jun 17, 2004
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Shouldn't the question "why the notifications" be answered first?
    Out of sight doesn't mean all is OK. I don't want to assume there is no problem, thus my original question.
     
  6. pmkenney

    pmkenney Registered

    Joined:
    Mar 15, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Larry,

    Yes - good point. Are you still receiving the alerts...roughly the same time every 24 hours?
     
  7. dlsweb

    dlsweb Member

    Joined:
    Jun 17, 2004
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Every morning- Command Line: cpanellogd - http logs for (several accounts)
     
  8. djjelly

    djjelly Registered

    Joined:
    Mar 14, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Personally I am getting worried about this norifications as my server was hacked earlier this month and even though I cleaned up extensively the compromised accounts, I am still very very paranoid.

    However I went through LFD/CSF and followed most recomendations for securitn the server and I wander if that's why I am now receiving all the notifications that I wasn't receiving before.

    It would be nice to get a reply from someone that knows if those alerts are false positives.


    In addition and to what it's worth I am also receiving the below:
    Subject: lfd on [ServerName] Suspicious process running under user [username]Executable:

    /usr/bin/php


    Command Line (often faked in exploits):

    /usr/bin/php


    Network connections by the process (if any):

    udp: [My Server IP]:49371 -> [DNS Server IP]:53


    Files open by the process (if any):

    /usr/local/apache/logs/error_log
    /usr/local/apache/logs/error_log
     
    #8 djjelly, Mar 16, 2013
    Last edited: Mar 16, 2013
  9. MarkDalton

    MarkDalton Active Member

    Joined:
    Mar 16, 2013
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi Larry,

    I have exactly the same issue. I don't really want to add the ignore as this will block all process notifications from perl.
     
  10. rhm.geerts

    rhm.geerts Active Member

    Joined:
    Jul 29, 2008
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
    I also have the same and am curious to a solution to this.
    I already started a thread about this with cpanellogd in the title but will point to this one. It's the same time but not all domains/accounts are giving this error.
     
  11. pcgh

    pcgh Active Member

    Joined:
    Jun 25, 2003
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Count me in as another seeing this same problem. Occurs in the mornings when logs are being processed and lasts for a couple of hours with multiple notifications. Started with the most recent update. It does appear to be impacting server performance and response time so appears to be a very real issue. Any help would be greatly appreciated.

    Tony
     
  12. yitwail

    yitwail Registered

    Joined:
    Mar 17, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The exact same thing happened this morning. Either a whole bunch of servers have been simultaneously compromised by a new exploit, or there's a bug in the latest cpanel.
     
  13. pixelaté

    pixelaté Registered

    Joined:
    May 21, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Same here. Been happening for a few days now.

    I'd like an answer as to why it's just started occurring.
     
  14. Kurieuo

    Kurieuo Well-Known Member

    Joined:
    Dec 13, 2002
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    I was informed elsewhere that the location was changed of cpanellogd, so you'll need to manually re-add it to be ignored.
     
  15. pcgh

    pcgh Active Member

    Joined:
    Jun 25, 2003
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    The location of Webalizer did change and the csf.pignore does need to be updated accordingly. However that does not address the primary issue discussed here of cpanellogd seeming to create an undue load.

     
  16. Kurieuo

    Kurieuo Well-Known Member

    Joined:
    Dec 13, 2002
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    Are you experiencing higher loads, or you meaning just the running time? I'm not cpanel dev but I hasn't noticed increased loads pre/after updating. So its probably always run similarly?? Just that it was already ignored. Running time doesn't necessarily affect server load as it could be sleeping/idle for much of the time. But I too would be interested in a definitive response.
     
  17. planetjoin

    planetjoin Active Member

    Joined:
    Oct 14, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello

    is happening the same in one of my servers..

    Cpanel people have any clue about this?

    Regards
    Fabian
     
  18. rhm.geerts

    rhm.geerts Active Member

    Joined:
    Jul 29, 2008
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
    What exactly should the new one be then? And should this symlink stay?
    Code:
    lrwxrwxrwx 1 root root    9 Dec 18 13:11 webazolver -> webalizer
    Next to that I wonder if webalizer is indeed the only thing triggering these messages.
     
  19. Kurieuo

    Kurieuo Well-Known Member

    Joined:
    Dec 13, 2002
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    Open WHM -> ConfigServer Security&Firewall

    Edit "csf.pignore, Process Tracking"

    Add lines:

    exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
    pcmd:cpanellog.*
     
  20. rhm.geerts

    rhm.geerts Active Member

    Joined:
    Jul 29, 2008
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
    Thank you, however, I leave cpanellog.* out of there because I like to get notices if things go wrong.

    Do you know the answer to the question about the old symlink too?
     
Loading...

Share This Page