Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
 Post subject: Munin Firewall Alerts
PostPosted: Fri May 06, 2011 4:56 pm 
Offline
Senior Newbie

Joined: Wed Mar 09, 2011 5:40 pm
Posts: 18
Hi all,

I have munin running a while and the odd time I was getting an email alert about connections through my firewall but today I'm getting them every couple of minutes.

the email has the following contents

ocaldomain :: localhost.localdomain :: Connections through firewall
CRITICALs: Total is 11.91 (outside range [:5]).

Any idea what Munin is trying to tell me??


Top
   
 Post subject:
PostPosted: Fri May 06, 2011 5:05 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:18 am
Posts: 681
It's a bug (or at least a bad interaction) with a difference in behavior of some shells when performing a read on the /proc filesystem. It affects (perhaps among others) recent Ubuntu and Debian releases that switched the system shell to dash.

See http://www.munin-monitoring.org/ticket/1025 - if you correct the two lines in fw_conntrack per the diff in the ticket it should fix the problem, or upgrade to a corrected version if available in your preferred installation approach.

-- David


Top
   
 Post subject:
PostPosted: Fri May 06, 2011 5:26 pm 
Offline
Senior Newbie

Joined: Wed Mar 09, 2011 5:40 pm
Posts: 18
db3l wrote:
It's a bug (or at least a bad interaction) with a difference in behavior of some shells when performing a read on the /proc filesystem. It affects (perhaps among others) recent Ubuntu and Debian releases that switched the system shell to dash.

See http://www.munin-monitoring.org/ticket/1025 - if you correct the two lines in fw_conntrack per the diff in the ticket it should fix the problem, or upgrade to a corrected version if available in your preferred installation approach.

-- David


Thanks a mill for catching that David so quickly. I'll see if I can apply the diff fix.


Top
   
 Post subject:
PostPosted: Fri May 06, 2011 5:35 pm 
Offline
Senior Newbie

Joined: Wed Mar 09, 2011 5:40 pm
Posts: 18
hmmm.
weird one.
the diff suggests replacing 2 lines of code that my version looks like it already has.

This is the relevant snippet from my

/usr/share/munin/plugins/fw_conntrack

Code:
        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            read MAX </proc/sys/net/ipv4/ip_conntrack_max
        elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
             read MAX < /proc/sys/net/ipv4/netfilter/ip_conntrack_max


Maybe a new bug?


Top
   
 Post subject:
PostPosted: Fri May 06, 2011 5:49 pm 
Offline
Senior Newbie

Joined: Wed Mar 09, 2011 5:40 pm
Posts: 18
actually ignore my last comment
I found another thread suggesting I switch the line of code I have.
I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!

http://bugs.debian.org/cgi-bin/bugrepor ... =594695#24

Code:
Fix was to modify these lines:

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            read MAX </proc/sys/net/ipv4/ip_conntrack_max
        elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
             read MAX < /proc/sys/net/ipv4/netfilter/ip_conntrack_max
        fi

With:

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            MAX=$(cat /proc/sys/net/ipv4/ip_conntrack_max)
        elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
             MAX=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max)
        fi


Top
   
 Post subject:
PostPosted: Fri May 06, 2011 7:08 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:18 am
Posts: 681
edbloom wrote:
I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!

Hmm, red should in fact be remove and green add. At least when viewing repository commit diffs.

Ah, unless you're talking about viewing the patch itself. Looking at the actual patch file, it appears to be a diff from local working copy to repository, so when viewed with the default trac view will appear backwards.

But if you click on the actual committed change to the repository it shows up correctly. I should have specifically mentioned viewing the committed change to avoid confusion, sorry.

-- David


Top
   
 Post subject:
PostPosted: Fri May 06, 2011 7:17 pm 
Offline
Senior Newbie

Joined: Wed Mar 09, 2011 5:40 pm
Posts: 18
db3l wrote:
edbloom wrote:
I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!

Hmm, red should in fact be remove and green add. At least when viewing repository commit diffs.

Ah, unless you're talking about viewing the patch itself. Looking at the actual patch file, it appears to be a diff from local working copy to repository, so when viewed with the default trac view will appear backwards.

But if you click on the actual committed change to the repository it shows up correctly. I should have specifically mentioned viewing the committed change to avoid confusion, sorry.

-- David


:) No worries David - I figured as much in the end.

Anyway I applied the patch just over an hour ago and no more emails. Fingers crossed!


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group