| Linode Forum https://forum.linode.com/ |
|
| Spikes in traffic every 6 hours - how do I log them? https://forum.linode.com/viewtopic.php?f=19&t=9196 |
Page 1 of 1 |
| Author: | cwt99 [ Thu Jul 26, 2012 8:23 pm ] |
| Post subject: | Spikes in traffic every 6 hours - how do I log them? |
My server is seeing regular spikes in traffic every 6 hours  . This has been going on for some months now, regular as clockwork -  I'm trying to find out what it is, but there is nothing in the website logs (apache). It's not a cron job (not one of mine anyway) How can I log this network traffic? Thanks William |
|
| Author: | obs [ Fri Jul 27, 2012 3:40 am ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
I wouldn't exactly call that a spike, it looks a lot due to the scale on the graph but it's still very low. However to log it ntop is a nice tool it logs traffic in/out and where it's coming from/going to. |
|
| Author: | cwt99 [ Sat Jul 28, 2012 5:43 am ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
Thanks. Couldn't get much detail from ntop, but added some logging in the iptables and found a whole bunch of traffic from a couple of canonical servers. Obviously some ubuntu updates or something happening every 6 hours... |
|
| Author: | chesty [ Sat Jul 28, 2012 6:00 am ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
it's not package updates, the spikes wouldn't be so uniform in height, i would look into it further. |
|
| Author: | obs [ Sat Jul 28, 2012 6:52 am ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
Do you have cron apt installed that would check the repos for updates and if some are available and it downloaded them that would explain the peaks. |
|
| Author: | sweh [ Sat Jul 28, 2012 7:38 am ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
cwt99 wrote: Thanks. Couldn't get much detail from ntop, but added some logging in the iptables and found a whole bunch of traffic from a couple of canonical servers. Obviously some ubuntu updates or something happening every 6 hours... It's probably doing the equivalent of "apt-get update" to refresh the repo data. |
|
| Author: | cwt99 [ Sat Jul 28, 2012 10:44 pm ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
obs wrote: Do you have cron apt installed that would check the repos for updates and if some are available and it downloaded them that would explain the peaks. chesty wrote: it's not package updates, the spikes wouldn't be so uniform in height, i would look into it further. sweh wrote: It's probably doing the equivalent of "apt-get update" to refresh the repo data. Thanks for the pointers. Yes, the traffic is coming from 91.189.91.28 and 91.189.92.181 which are the ubuntu repos. And the files in /var/lib/apt/lists were updated at around the same time as the traffic (actually a few minutes earlier) There is a cron.daily job for apt, but haven't figured out why it would be happening every 6 hours. I haven't set any periodic options in /etc/apt/apt.conf.d |
|
| Author: | glg [ Sun Jul 29, 2012 11:17 am ] |
| Post subject: | Re: Spikes in traffic every 6 hours - how do I log them? |
It might be update-motd, it updates apt to show you the packages updated in the motd |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|