Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Hangs, is it Chkservd?

Discussion in 'General Discussion' started by LordLiverpool, Feb 12, 2018.

  1. LordLiverpool

    LordLiverpool Well-Known Member

    Joined:
    Dec 27, 2014
    Messages:
    53
    Likes Received:
    9
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello cPanel.

    Roughly once every 7-14 days my server hangs, obviously all websites are affected.

    I get a rash of emails like this:

    cPanel.JPG

    I'm unable to determine the cause.

    Chkservd kills off processes usually always ClamD and Dovecot, sometime HTTPD.
    But chkservd itself usually hangs as well, (a false positive?)

    Has anyone else experienced this behaviour? If so what's the solution?

    My current chkservd settings are the default ones:

    chkservd.JPG

    Any help is greatly appreciated.

    Kind Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any error output in /var/log/exim_mainlog or /var/log/exim_paniclog at the times the clamd or spamd services fail?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. LordLiverpool

    LordLiverpool Well-Known Member

    Joined:
    Dec 27, 2014
    Messages:
    53
    Likes Received:
    9
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thanks for replying, I really appreciate your help.

    I looked in both those files:
    • exim_mainlog - only went back 3 days, so the log was lost.
    • exim_paniclog - was completely empty, file size of 0 bytes.
    Next time the server falls over I will check those 2 logs and report back here.

    Best Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. LordLiverpool

    LordLiverpool Well-Known Member

    Joined:
    Dec 27, 2014
    Messages:
    53
    Likes Received:
    9
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    As predicted it didn't take long for my server to fall over again.

    This is the contents of exim_paniclog

    '
    root@mail [~]# vi /var/log/exim_paniclog
    2018-02-25 16:19:35 1epz1S-0001ht-6W malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
    2018-02-25 16:19:41 1epz1Z-0001iH-7Z malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
    2018-02-25 16:23:54 1epz5d-0002Vd-L6 malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
    2018-02-25 16:26:36 1epz8F-0002iX-OT malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
    2018-02-25 16:29:36 1epzB9-0002s4-Ku malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
    2018-02-25 16:29:52 1epzBP-0002tG-VA malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
    '

    There are over 320 lines posted to exim_mainlog at the time(s) of the failure(s).

    Will I upload the file or is there something specific I should look for?

    Thanks in advance.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can try searching /var/log/chkservd.log for the time of the most recent service failures to see if any additional information is available. For instance, do any of the entries reference the server load? Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    LordLiverpool likes this.
  6. LordLiverpool

    LordLiverpool Well-Known Member

    Joined:
    Dec 27, 2014
    Messages:
    53
    Likes Received:
    9
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    @cPanelMichael

    Thanks for replying, I really do appreciate the help.

    OK I combed through /var/log/chkservd.log at the time of the outage and there was nothing.

    So thanks I will definitely open a ticket.

    Afterwards I will post back here the outcome to try and help future readers.

    Best Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice