Hello, In a part of my / var / log / messages I see the lines ... I do not understand. My server "freeze" in a very RANDOMLY (Debian 7) Code: Oct 30 10:39:56 neo rsyslogd-2177: imuxsock lost 106 messages from pid 32075 due to rate-limiting Oct 30 10:39:56 neo rsyslogd-2177: imuxsock begins to drop messages from pid 32029 due to rate-limiting Oct 30 10:39:59 neo rsyslogd-2177: imuxsock lost 37 messages from pid 32434 due to rate-limiting Oct 30 10:40:01 neo rsyslogd-2177: imuxsock lost 58 messages from pid 32029 due to rate-limiting Oct 30 10:40:12 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:40:12 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:40:13 neo rsyslogd-2177: imuxsock lost 3402 messages from pid 31635 due to rate-limiting Oct 30 10:40:25 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:40:25 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:40:26 neo rsyslogd-2177: imuxsock lost 28 messages from pid 32102 due to rate-limiting Oct 30 10:42:01 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:42:01 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:43:01 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:43:01 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:44:14 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:44:14 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:45:05 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:45:05 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:47:35 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:47:35 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:48:06 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:48:06 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:49:50 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:49:56 neo rsyslogd-2177: imuxsock lost 6528 messages from pid 2380 due to rate-limiting Oct 30 10:49:56 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:50:02 neo rsyslogd-2177: imuxsock lost 5330 messages from pid 2380 due to rate-limiting Oct 30 10:50:02 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:50:08 neo rsyslogd-2177: imuxsock lost 5787 messages from pid 2380 due to rate-limiting Oct 30 10:50:08 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:50:25 neo rsyslogd-2177: imuxsock lost 809 messages from pid 2380 due to rate-limiting Oct 30 10:50:37 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:50:43 neo rsyslogd-2177: imuxsock lost 144 messages from pid 2380 due to rate-limiting Oct 30 10:51:05 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:51:07 neo rsyslogd-2177: imuxsock lost 21 messages from pid 2380 due to rate-limiting Oct 30 10:51:14 neo rsyslogd-2177: imuxsock begins to drop messages from pid 2380 due to rate-limiting Oct 30 10:51:19 neo rsyslogd-2177: imuxsock lost 85 messages from pid 2380 due to rate-limiting Oct 30 10:53:02 neo pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 30 10:53:02 neo pure-ftpd: (?@::1) [INFO] Logout. Oct 30 10:54:01 neo pure-ftpd: (?@::1) [INFO] New connection from ::1
Did you have a look what programs these "pids" are? Oct 30 10:50:25 neo rsyslogd-2177: imuxsock lost 809 messages from pid 2380 due to rate-limiting Check command Code: ps ax | grep '2380 ' to get the program that causes this message flood.
Similar issue here: I've read up a bit and apparently one should not use fail2ban to block these DNS "attacks" Any other opinion on this? I am being flooded with these errors and then after a while imuxsock cuts them off...
