repeating nscd monitoring messages after update to 11.52.0.14

ladydi711

Well-Known Member
Sep 4, 2001
140
6
318
Hello,

After the update to 11.52.0.14 early yesterday, my /var/log/messages file has started logging repeated nscd monitoring messages. These go on and on..

Has anyone else seen this, or is there a solution?

Code:
messages:Oct 13 04:12:16 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:16 mic nscd: 13454 monitoring file `/etc/passwd` (1)
messages:Oct 13 04:12:16 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:17 mic nscd: 13454 monitoring file `/etc/group` (3)
messages:Oct 13 04:12:17 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:17 mic nscd: 13454 monitoring file `/etc/passwd` (1)
messages:Oct 13 04:12:17 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring file `/etc/group` (3)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring file `/etc/passwd` (1)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring file `/etc/group` (3)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring file `/etc/passwd` (1)
messages:Oct 13 04:12:19 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:21 mic nscd: 13454 monitoring file `/etc/group` (3)
messages:Oct 13 04:12:21 mic nscd: 13454 monitoring directory `/etc` (2)
messages:Oct 13 04:12:21 mic nscd: 13454 monitoring file `/etc/passwd` (1)
messages:Oct 13 04:12:21 mic nscd: 13454 monitoring directory `/etc` (2)
 

DJPRMF

Registered
Oct 14, 2015
4
2
3
Portugal
cPanel Access Level
Root Administrator
I notice this also in some of my servers.
The nscd was installed in the latest update...

I don't know if is safe to disable/stop it, but is filling the /var/log/messages almost every second...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

It's by design that NSCD is enabled on systems during the update to cPanel version 11.52. Here's some more information from the 11.52 Release Notes:

nscd daemon enabled during installation or upgrade
During the installation or upgrade process, systems with over 1,000 MiB in available memory will automatically enable the nameserver cache daemon (nscd). This daemon caches hosts, passwords, and groups, which improves performance of recurring nameserver requests and password and group lookups. It will also greatly improve your Exim mail server performance.
However, we do have internal case CPANEL-1966 open to ensure the NSCD service has it's own log file to avoid adding clutter to /var/log/messages. You can monitor our change log to see when this case has been implemented:

11.52 Change Log - Documentation - cPanel Documentation

Thank you.
 

DJPRMF

Registered
Oct 14, 2015
4
2
3
Portugal
cPanel Access Level
Root Administrator
Adding a little of info given by the cPanel support , the NSCD service can be disabled in the WHM >> Service Manager >> Name Service Cache Daemon .
Should be safe to disable while there is no solution for the problem...
 
  • Like
Reactions: ladydi711

Kobor

Member
Apr 5, 2012
6
1
53
cPanel Access Level
Root Administrator
I came here to see why suddenly i have nscd logging every 10 sec in my logs, and to my surprise cPanel is responsible again.

It seems to me that a lot of changes were made in 11.52 without much thinking, for example Exim 10 sec delay on SMTP connections, now this.
I don't really like when i have a working configured system, then over night the behavior of server changes ( like Exim change. or on all servers the log is full of nscd messages ).
Especially since both example i used is pretty much useless IMHO.
Like i don't really get how exactly will help exim, when exim pretty much doesn't user /etc/{passwd,shadow}, the hosts file contains one or maybe two line on 90% of the cpanel servers, and pretty much nobody uses netgroups ( Nscd is configured to cache these 4 files ).
And you may argument that it saves a tiny bit of microsecond, but we loose anyway much more with RBL checks, reverse DNS lookups, virus scanning , spam scanning . So pretty much nscd is useless. I'm handling and handled a couple big servers with considerable email traffic , but passwd/shadow file scanning was never the bottleneck.

I had a great respect over the years for the cpanel devs, but the past year you started loosing that.
Seems changes are pushed from people who never worked on real live systems.
 

Hedloff

Well-Known Member
Jun 7, 2004
175
9
168
Up north!
cPanel Access Level
DataCenter Provider
So nscd is Name Service Cache Daemon and not cPanel DNS Admin Cache.
Why have you enabled this automatically for all our servers after update to 11.52?
What does it do? I see it's taking some cpu/resources and logging all the time as mentioned earlier.

We have disabled cPanel DNS Admin Cache on the servers after testing that. It only caused issues.
Now it seems like we have to disable Name Service Cache Daemon also since it's just causing issues and taking resources.

I totally agree with you Kobor. cPanel is moving in the wrong direction the last 2-3 years.
Only crappy features are released! Nothing that is even usefull. And that you set them as active without letting customers to choose seems for me as pretty fu**ed up!
 
  • Like
Reactions: did-vmonroig

did-vmonroig

Well-Known Member
Feb 6, 2012
63
4
58
cPanel Access Level
Root Administrator
We've same problem. NSCD is flooding /var/log/messages:

Code:
[email protected] [~]# tail -f /var/log/messages
Oct 27 17:35:40 server nscd: 32707 monitoring file `/etc/passwd` (1)
Oct 27 17:35:40 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:40 server nscd: 32707 monitoring file `/etc/group` (3)
Oct 27 17:35:40 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:40 server nscd: 32707 monitoring file `/etc/passwd` (1)
Oct 27 17:35:40 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:40 server nscd: 32707 monitoring file `/etc/group` (3)
Oct 27 17:35:40 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:40 server nscd: 32707 monitoring file `/etc/passwd` (1)
Oct 27 17:35:40 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:41 server nscd: 32707 monitoring file `/etc/group` (3)
Oct 27 17:35:41 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:41 server nscd: 32707 monitoring file `/etc/group` (3)
Oct 27 17:35:41 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:41 server nscd: 32707 monitoring file `/etc/passwd` (1)
Oct 27 17:35:41 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:41 server nscd: 32707 monitoring file `/etc/passwd` (1)
Oct 27 17:35:41 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:42 server nscd: 32707 monitoring file `/etc/group` (3)
Oct 27 17:35:42 server nscd: 32707 monitoring directory `/etc` (2)
Oct 27 17:35:42 server nscd: 32707 monitoring file `/etc/passwd` (1)
Oct 27 17:35:42 server nscd: 32707 monitoring directory `/etc` (2)
We're going to disable the service while cPanel provides a solution.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Now it seems like we have to disable Name Service Cache Daemon also since it's just causing issues and taking resources
Could you elaborate on the additional issues, beyond the excessive logging in /var/log/messages so we can investigate those problems?

Thank you.
 

DJPRMF

Registered
Oct 14, 2015
4
2
3
Portugal
cPanel Access Level
Root Administrator
nscd will fill the logs pretty fast.... Even in is own log file (like what cpanel team is trying to do apparently), those entries (probably) will still be created, wasting CPU and I/O....

Don't to mention the log file size, that can be big (just search in the google and will find many reports of the nscd logfile HUGE sizes, or imagine those entries being replicated over and over again in another log).

I don't know if adding the nscd will help anything, comparing to the disadvantages...
 

feanorknd

Member
Sep 28, 2005
21
1
153
Hi...

I have seen /etc/nscd.conf is being used, as I tested paranoia mode to yes and it is ok at "nscd -g".

But if I try to enable "logfile /var/log/nscd.log", this is not running, because all debug messages are being directed to /var/log/messages in spite of any file specified at logfile line.

My intention is to redirect logfile to /dev/null directly ;)

But there is no way... I have also checked that nscd user has privileges at /var/log/nscd.log file, but no success...

There is almost documentation around this online... I cannot understand why nscd is always printing logs at /var/log/messages in spite of configuring logfile.

I think /dev/null logfile is a great idea for nscd.
 

feanorknd

Member
Sep 28, 2005
21
1
153
Ok........ fixed.....

I tried this:

Due to documentation:
logfile file
Specifies the name of the debug log-file that nscd(8) should use
if debug-level is higher than 0. If this option is not set,
nscd(8) will write its debug output to stderr.

debug-level level
If level is higher than 0, nscd(8) will create some debug
output. The higher the level, the more verbose the output.
So at nscd.conf.....

...
logfile /dev/null
debug-level 1
...
Result is nscd is sending log messages to /dev/null.... I think now there is not any IO or extra CPU proccessing... optimal? What do you think? :rolleyes:


But...... I keep preffering using own named service to cache DNS queries...

At /etc/resolv.conf
nameserver 127.0.0.1
nameserver 213.133.99.99
If named at 127.0.0.1 fails, there is always a second nameserver for queries...

Now, at named.conf, allow recursion only for internal and disable for external. Your named service will cache all queries done, and if not hit, recursion to the parent root servers to resolv.

In my case, it is running perfectly since years ago.
 
Last edited:

Serra

Well-Known Member
Oct 27, 2005
267
20
168
Florida
I have just noticed this on several hosts that have been recently updated. nscd is a noisy beast. It would be awesome if I didn't have to go into hundreds of hosts and kill it to make logs readable again.
I was able to turn off the noise on my logs, then a couple of days later, it came back. Thanks....
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
cPanel version 11.52.1.0 is now available on the "Current" build tier and includes an improvement to this issue:

Fixed case CPANEL-1966: Set nscd to log to /var/log/nscd.log.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Am still getting this problem, running WHM 11.52.1 (build 2) /var/log/nscd.log exists but nothing gets written to it.
Hello :)

To clarify, are you stating that information is still logged to /var/log/messages on your system, or is the issue now that no data is logged to /var/log/nscd.log? Did you make any previous changes to the /etc/nscd.conf file?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Correct, nscd information is still logged to /var/log/messages. No manual changes have been made.
Internal case CPANEL-2581 is open to report this behavior (on systems with the resolution from CPANEL-1966) to our developers. I will update this thread with more information as it becomes available.

Thank you.