ok, i never seen such message befor.
Can anyone please tell me what this messages below means and what is to do?
---------
IMPORTANT: Do not ignore this email.
>Apache has reached the MaxClients
>limit. cPanel has increased the MaxClients limit to 200 (10 higher).
>
>You may wish to suspend the user with the largest access log as they
>are generally the person using up all of the avalible connections. However,
>your should
>have your system admin verify this first.
>
>Top 3 Largest access logs
>====================================
>339564 /usr/local/apache/domlogs/domainname.com
>126480 /usr/local/apache/domlogs/domainname.com
>119336 /usr/local/apache/domlogs/domainname.com
------------------------

Think yep no problem i will go to clean domlog.... but.....
seems really there is no way to clean domlogs via SSH ...or, in other words cleaning it out , all data are still there... they are also there afhter restart the server.... :(

This is not the firts time i clean domlogs... so nothing new .. but now... what is to do?

Can anyone tell me also how to clean definitly domlogs?


Thanks

Cleaning the logs is not cleaning up the problem.

Your getting too many connections to apache. You need to increase your maxclients setting (httpd.conf, I believe), or if the server is too busy as it is (shouldn't be) then move clients off of it.

server has not a high CPUsage. Generally it's about 0.30- 0.70
but nothing more....


will go around httpd.conf and check it.

Thanks

Then, yeah, I would say up your maxclients.

Mike

Do you have a firewall installed?

It might be some type of attack -or as I learned - archive.org.

Seems they don't check ips of the sites they are archiving and they can attack a server pretty hard as they archive multiple sites on one server, and not look like anything much is happening processor wise. I don't think they shut down their http connection when they are done, so they can end up tying up your server.

Bastille would take care of this for you and limit the number of connections archive.org could open.

Chet

I bet your apache has a low limit off clients....


If i was you i wold put 1.000 clients.... you might set some clients to have that limited 200 conections ....

Put at least 1.000 our 500 clients...


:)

Apache, by default, (without custom editing) cannot be set to higher than 256 maxclients.

If you set the value in httpd.conf to 256, you'll most likely be fine.

This is what you will want to look for:
#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 256

hostingsp: PLEASE read up on some of these subjects before advising people. People listen to advice around here and it's not a good idea to be feeding them misinformation.

As mccuem said, the domlogs are not your problem. However you can use logrotate to rotate the domlogs.

Simply edit:

/etc/logrotate.d/apache

If this file does not exist, you can create one. :)


Here are the contents of one of ours:


/usr/local/apache/logs/access_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2> /dev/null || true
endscript
}

/usr/local/apache/logs/agent_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2> /dev/null || true
endscript
}

/usr/local/apache/logs/error_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2> /dev/null || true
endscript
}

/usr/local/apache/logs/referer_log {
missingok
postrotate
/usr/bin/killall -HUP httpd 2> /dev/null || true
endscript
}

/usr/local/apache/domlogs/* {
missingok
postrotate
/usr/bin/killall -HUP httpd 2> /dev/null || true
endscript
}

OK. Thanks to ALL for help ! :)



Happy Cristmas
:santa:

Check your Apache error log.

I bet you will find hundreds of connections from the code red worm.
This is a WIn32 worm so it does not hurt your machine but they attack trying to find a vunerablity and use up all the connections. triggering that message. Even once you increase MaxClients to teh full 256 they will still bring Apache to it's knees.

To stop it and make Apache stable again add this to the top of your httpd.conf file.

RedirectMatch ^.*\.(dll|ida).* > /dev/null
RedirectMatch ^.*\cmd\.* > /dev/null
RedirectMatch ^.*\root\.* > /dev/null

Then change your timeout from 300 to 30 and keepalive from "on" to "off"

Do that and you will stop getting the messages and they will no longer crash Apache.