The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanellogd Service

Discussion in 'General Discussion' started by egsi, Nov 2, 2009.

  1. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I'm running CSF + LFD and I've been getting the following message since around the 24 of October (see below).

    I've gone through and checked the cPanel update logs (sent via email) however don't see any updates that have come through for the cpanellogd service.

    Should I be concerned or just restart the service and be done with it? My only concern is the fact that I don't see any updates made for this service.

    Also what's the best way to restart this service. There isn't an entry in WHM and I'm thinking it needs to be restarted via a script with SSH access ?

    Thanks

    Code:
    Time:    Fri Oct 23 16:55:25 2009 +1100
    PID:     16797
    Account: <AccntName>
    Uptime:  65 seconds
    
    
    Executable:
    
    /usr/bin/perl\00#prelink#.agVWAa (deleted)
    
    The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.
    
    
    Command Line (often faked in exploits):
    
    cpanellogd - http logs for <AccntName>
    
    
    Network connections by the process (if any):
    
    
    
    Files open by the process (if any):
    
    /dev/null
    /usr/local/cpanel/logs/stats_log
    /usr/local/cpanel/logs/stats_log
    /usr/local/cpanel/logs/stats_log
    
    
    Memory maps by the process (if any):
    
    0022c000-00246000 r-xp 00000000 fd:00 6455360    /lib/ld-2.5.so
    00246000-00247000 r-xp 00019000 fd:00 6455360    /lib/ld-2.5.so
    00247000-00248000 rwxp 0001a000 fd:00 6455360    /lib/ld-2.5.so
    0024a000-0024c000 r-xp 00000000 fd:00 6459054    /lib/libdl-2.5.so
    0024c000-0024d000 r-xp 00001000 fd:00 6459054    /lib/libdl-2.5.so
    0024d000-0024e000 rwxp 00002000 fd:00 6459054    /lib/libdl-2.5.so
    00250000-00263000 r-xp 00000000 fd:00 6459053    /lib/libpthread-2.5.so
    00263000-00264000 r-xp 00012000 fd:00 6459053    /lib/libpthread-2.5.so
    00264000-00265000 rwxp 00013000 fd:00 6459053    /lib/libpthread-2.5.so
    00265000-00267000 rwxp 00265000 00:00 0
    00269000-0028e000 r-xp 00000000 fd:00 6455505    /lib/libm-2.5.so
    0028e000-0028f000 r-xp 00024000 fd:00 6455505    /lib/libm-2.5.so
    0028f000-00290000 rwxp 00025000 fd:00 6455505    /lib/libm-2.5.so
    00314000-00327000 r-xp 00000000 fd:00 6457535    /lib/libnsl-2.5.so
    00327000-00328000 r-xp 00012000 fd:00 6457535    /lib/libnsl-2.5.so
    00328000-00329000 rwxp 00013000 fd:00 6457535    /lib/libnsl-2.5.so
    00329000-0032b000 rwxp 00329000 00:00 0
    00339000-00477000 r-xp 00000000 fd:00 6455503    /lib/libc-2.5.so
    00477000-00479000 r-xp 0013e000 fd:00 6455503    /lib/libc-2.5.so
    00479000-0047a000 rwxp 00140000 fd:00 6455503    /lib/libc-2.5.so
    0047a000-0047d000 rwxp 0047a000 00:00 0
    0047f000-00488000 r-xp 00000000 fd:00 6459062    /lib/libcrypt-2.5.so
    00488000-00489000 r-xp 00008000 fd:00 6459062    /lib/libcrypt-2.5.so
    00489000-0048a000 rwxp 00009000 fd:00 6459062    /lib/libcrypt-2.5.so
    0048a000-004b1000 rwxp 0048a000 00:00 0
    00553000-00562000 r-xp 00000000 fd:00 6459069    /lib/libresolv-2.5.so
    00562000-00563000 r-xp 0000e000 fd:00 6459069    /lib/libresolv-2.5.so
    00563000-00564000 rwxp 0000f000 fd:00 6459069    /lib/libresolv-2.5.so
    00564000-00566000 rwxp 00564000 00:00 0
    005a6000-005ab000 r-xp 00000000 fd:00 11583907   /usr/lib/libXdmcp.so.6.0.0
    005ab000-005ac000 rwxp 00004000 fd:00 11583907   /usr/lib/libXdmcp.so.6.0.0
    005ae000-005d3000 r-xp 00000000 fd:00 11588461   /usr/lib/libpng12.so.0.10.0
    005d3000-005d4000 rwxp 00024000 fd:00 11588461   /usr/lib/libpng12.so.0.10.0
    005e8000-006e7000 r-xp 00000000 fd:00 11583908   /usr/lib/libX11.so.6.2.0
    006e7000-006eb000 rwxp 000ff000 fd:00 11583908   /usr/lib/libX11.so.6.2.0
    0073d000-00869000 r-xp 00000000 fd:00 11581734   /usr/lib/libxml2.so.2.6.26
    00869000-0086e000 rwxp 0012c000 fd:00 11581734   /usr/lib/libxml2.so.2.6.26
    0086e000-0086f000 rwxp 0086e000 00:00 0
    00bc6000-00bc8000 r-xp 00000000 fd:00 6459225    /lib/libutil-2.5.so
    00bc8000-00bc9000 r-xp 00001000 fd:00 6459225    /lib/libutil-2.5.so
    00bc9000-00bca000 rwxp 00002000 fd:00 6459225    /lib/libutil-2.5.so
    00bcc000-00cf7000 r-xp 00000000 fd:00 11665879   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
    00cf7000-00cfc000 rwxp 0012a000 fd:00 11665879   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
    00cfc000-00cfe000 rwxp 00cfc000 00:00 0
    00d3e000-00d54000 r-xp 00000000 fd:00 6456142    /lib/libselinux.so.1
    00d54000-00d56000 rwxp 00015000 fd:00 6456142    /lib/libselinux.so.1
    00d58000-00d6a000 r-xp 00000000 fd:00 11579817   /usr/lib/libz.so.1.2.3
    00d6a000-00d6b000 rwxp 00011000 fd:00 11579817   /usr/lib/libz.so.1.2.3
    00d6d000-00da8000 r-xp 00000000 fd:00 6455553    /lib/libsepol.so.1
    00da8000-00da9000 rwxp 0003b000 fd:00 6455553    /lib/libsepol.so.1
    00da9000-00db3000 rwxp 00da9000 00:00 0
    00df9000-00dfb000 r-xp 00000000 fd:00 11575224   /usr/lib/libXau.so.6.0.0
    00dfb000-00dfc000 rwxp 00001000 fd:00 11575224   /usr/lib/libXau.so.6.0.0
    08048000-0804b000 r-xp 00000000 fd:00 11575961   /usr/bin/perl
    0804b000-0804c000 rwxp 00002000 fd:00 11575961   /usr/bin/perl
    09f39000-0a7e7000 rwxp 09f39000 00:00 0          [heap]
     
  2. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Any ideas from anyone?
     
  3. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    This will do the trick :

    killall -9 cpanellogd;/usr/local/cpanel/cpanellogd
     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Via root SSH access, here is a safe method to stop and restart cpanellogd:
    Code:
    # /scripts/restartsrv_cpanellogd --stop
    # /scripts/restartsrv_cpanellogd
     
  5. some1512

    some1512 Member

    Joined:
    Mar 25, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    The same trouble occured with my servers.

    If I don't need Statistics, can I turn off cpanellogd to solve this trouble??
     
  6. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    It will not help to disable cpanellogd. The message received via e-mail from CSF/LFD running on the server is related to normal behavior of other software that came with the operating system; this is unrelated to cpanellogd. The details appear normal on a system with the software package "prelink" installed and where the daily cron job for "prelink" runs as scheduled.

    I would consider revising the exclude list(s) in your CSF/LFD software configuration; here is the path to at least one of the relevant configuration files for CSF that will help:
    Code:
    /etc/csf/csf.pignore
    For in-depth assistance with CSF, I recommend referring to the vendor's official web site and their available support channels:
    http://www.configserver.com/cp/csf.html
    http://forum.configserver.com/
    http://www.configserver.com/contact.html
    http://www.configserver.com/support.html
     
Loading...

Share This Page