Problems with trial ASL

argosmedia · **Posted:** Mon May 21, 2012 9:19 am

I have several problems with my trial ASL webGUI:

1. Adding an IP to the blacklist by clicking in on the event details in the Security Events panel takes several minutes. Doing it by adding it manually in the Blocking panel takes "only" about 10 seconds, which is still very long in my opinion.

2. I don't see any way to have blocked IP's added to the blacklist automatically. Do I realay need to add all bad IP's to the blacklist manually all the time?

3. Both the ASL Configuration panel and the ASL Web Settings panel take between 30 seconds to several minutes to load, sometimes fail to load completely, and sometimes fail to save changed settings.

4. The options within the Security Events panel don't work. None of the buttons for pagination and filtering work.

5. None of the Reports work (the green section in the menu).

mikeshinn · **Posted:** Tue May 22, 2012 4:58 pm

Quote:

1. Adding an IP to the blacklist by clicking in on the event details in the Security Events panel takes several minutes. Doing it by adding it manually in the Blocking panel takes "only" about 10 seconds, which is still very long in my opinion.

It shouldnt take that long, that could happen I suppose if your system mas overloaded. Could you post your sysstat data for your system?

Quote:

2. I don't see any way to have blocked IP's added to the blacklist automatically. Do I realay need to add all bad IP's to the blacklist manually all the time?

ASL will automatically block attackers IPs. You do not need to add attackers IPs to the blacklist.

Quote:

3. Both the ASL Configuration panel and the ASL Web Settings panel take between 30 seconds to several minutes to load, sometimes fail to load completely, and sometimes fail to save changed settings.

See issue 1, thats load and database related. Can you send the output of mysqltuner for your system?

Quote:

4. The options within the Security Events panel don't work. None of the buttons for pagination and filtering work.

Wow, that would mean your system is really hammered. Please post your sysstat and mysqltuner data for us to look at.

Quote:

5. None of the Reports work (the green section in the menu).

Assuming ASL had time to run and generate data to report, those are generated in real time. How long was ASL running when you tried to run a report, and how many security events did ASL display in the Security Events Window?

This might be a load issue too, if there was data to work with. See above, please post your sysstat and mysqltuner data so we can see whats going on with your system.

argosmedia · **Posted:** Tue May 22, 2012 6:24 pm

Thanks for your reply. Right now the reports work, within seconds. Also the Security Events panel options work fine now. Maybe updating ASL to the latest version helped? Or is that coincidence?

As a server managing newbie I'm not familiar with sysstat and mysqltuner. I looked them up, and installed them. The use of mysqltuner seems easy, and the output is:

Code:

./mysqltuner.pl

 >>  MySQLTuner 1.2.0 - Major Hayden <major@mhtx.net>
 >>  Bug reports, feature requests, and downloads at http://mysqltuner.com/
 >>  Run with '--help' for additional options and output filtering

-------- General Statistics --------------------------------------------------
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.1.61
[OK] Operating on 64-bit architecture

-------- Storage Engine Statistics -------------------------------------------
[--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 33M (Tables: 789)
[--] Data in InnoDB tables: 7M (Tables: 199)
[!!] Total fragmented tables: 222

-------- Security Recommendations  -------------------------------------------
[OK] All database users have passwords assigned

-------- Performance Metrics -------------------------------------------------
[--] Up for: 8d 23h 32m 53s (2M q [2.597 qps], 70K conn, TX: 1B, RX: 225M)
[--] Reads / Writes: 91% / 9%
[--] Total buffers: 34.0M global + 2.7M per thread (151 max threads)
[OK] Maximum possible memory usage: 449.2M (11% of installed RAM)
[OK] Slow queries: 0% (6/2M)
[OK] Highest usage of available connections: 59% (90/151)
[OK] Key buffer size / total MyISAM indexes: 8.0M/17.6M
[OK] Key buffer hit rate: 99.8% (17M cached / 34K reads)
[!!] Query cache is disabled
[OK] Sorts requiring temporary tables: 0% (0 temp sorts / 124K sorts)
[!!] Joins performed without indexes: 4443
[!!] Temporary tables created on disk: 39% (63K on disk / 161K total)
[!!] Thread cache is disabled
[!!] Table cache hit rate: 0% (64 open / 84K opened)
[OK] Open file limit used: 11% (118/1K)
[OK] Table locks acquired immediately: 99% (1M immediate / 1M locks)
[OK] InnoDB data size / buffer pool: 7.2M/8.0M

-------- Recommendations -----------------------------------------------------
General recommendations:
    Run OPTIMIZE TABLE to defragment tables for better performance
    Enable the slow query log to troubleshoot bad queries
    Adjust your join queries to always utilize indexes
    When making adjustments, make tmp_table_size/max_heap_table_size equal
    Reduce your SELECT DISTINCT queries without LIMIT clauses
    Set thread_cache_size to 4 as a starting value
    Increase table_cache gradually to avoid file descriptor limits
Variables to adjust:
    query_cache_size (>= 8M)
    join_buffer_size (> 128.0K, or always use indexes with joins)
    tmp_table_size (> 16M)
    max_heap_table_size (> 16M)
    thread_cache_size (start at 4)
    table_cache (> 64)

The use of sysstat is very technical and complex and I don't really know what to do to provide you with the requested information. Could you tell me what commands I need to run?

scott · **Posted:** Wed May 23, 2012 8:35 am

[!!] Query cache is disabled <- enable that and your db will fly. I have no idea why its off by default, its silly

mikeshinn · **Posted:** Wed May 23, 2012 9:23 am

[!!] Thread cache is disabled <- and the thread cache should be disabled, which will also speed up mysql

I'd recommend you tune mysql, starting with the recommendations from mysqltuner. Keep in mind that those are recommendations, and should not be taken as gospel. They may not be appropriate for your system, so if you arent sure what they do definitely research them and also engage experts on mysql too. Your defaults are definitely sub-optimal, so your web sites are also much slower than they need to be because mysql is dragging them down.

argosmedia · **Posted:** Wed May 23, 2012 12:29 pm

I tuned mySQL, with this output from mysqltuner:

Code:

./mysqltuner.pl

 >>  MySQLTuner 1.2.0 - Major Hayden <major@mhtx.net>
 >>  Bug reports, feature requests, and downloads at http://mysqltuner.com/
 >>  Run with '--help' for additional options and output filtering

-------- General Statistics --------------------------------------------------
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.1.61-log
[OK] Operating on 64-bit architecture

-------- Storage Engine Statistics -------------------------------------------
[--] Status: -Archive -BDB -Federated -InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 34M (Tables: 789)
[!!] Total fragmented tables: 22

-------- Security Recommendations  -------------------------------------------
[OK] All database users have passwords assigned

-------- Performance Metrics -------------------------------------------------
[--] Up for: 8m 46s (5K q [9.700 qps], 62 conn, TX: 2M, RX: 592K)
[--] Reads / Writes: 77% / 23%
[--] Total buffers: 1.5G global + 2.7M per thread (500 max threads)
[OK] Maximum possible memory usage: 2.8G (72% of installed RAM)
[OK] Slow queries: 4% (221/5K)
[OK] Highest usage of available connections: 0% (3/500)
[OK] Key buffer size / total MyISAM indexes: 1.3G/18.1M
[OK] Key buffer hit rate: 99.7% (152K cached / 465 reads)
[OK] Query cache efficiency: 88.6% (3K cached / 3K selects)
[OK] Query cache prunes per day: 0
[OK] Sorts requiring temporary tables: 0% (0 temp sorts / 56 sorts)
[OK] Temporary tables created on disk: 8% (18 on disk / 204 total)
[OK] Thread cache hit rate: 95% (3 created / 62 connections)
[OK] Table cache hit rate: 56% (60 open / 106 opened)
[OK] Open file limit used: 0% (123/65K)
[OK] Table locks acquired immediately: 100% (545 immediate / 545 locks)

-------- Recommendations -----------------------------------------------------
General recommendations:
    Run OPTIMIZE TABLE to defragment tables for better performance
    MySQL started within last 24 hours - recommendations may be inaccurate

It seems the problems are over, and my cms sites are indeed faster. Thanks guys!!

mikeshinn · **Posted:** Wed May 23, 2012 2:34 pm

Quote:

It seems the problems are over, and my cms sites are indeed faster. Thanks guys!!

Our pleasure. Not sure why those caches are disabled by default with some mysql implementations, but as you can see enabling them definitely makes things a lot faster.

breun · **Posted:** Wed May 23, 2012 6:00 pm

argosmedia wrote:

Code:

./mysqltuner.pl

Looks like you downloaded the script yourself. It'll work fine, but I recommend installing the package from the Atomic repository:

Code:

yum install mysqltuner

Having software installed via your package manager makes life (and staying up-to-date) easier.

argosmedia · **Posted:** Wed May 23, 2012 6:34 pm

Hm... that doesn't seem to work:

Code:

# yum install mysqltuner
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: ftp.nluug.nl
 * extras: ftp.nluug.nl
 * updates: ftp.nluug.nl
38 packages excluded due to repository priority protections
Setting up Install Process
No package mysqltuner available.
Error: Nothing to do

mikeshinn · **Posted:** Wed May 23, 2012 10:40 pm

That can happen if you dont have the atomic respository setup on your system. If you havent run this command as root:

wget -q -O - http://www.atomicorp.com/installers/atomic | sh

Then you dont have that repository setup on your system. Run that command as root (not via sudo) and you'll be able to install mysqltuner.

breun · **Posted:** Thu May 24, 2012 4:19 am

If you don't have the Atomic repository configured (or another repository that happens to contain a mysqltuner package), then it won't work. Note that the Atomic repository also contains PHP and MySQL packages that replace your distribution's packages, which may or may not be what you want. You can exclude those of course, or only explicitly include mysqltuner.

argosmedia · **Posted:** Thu May 24, 2012 4:34 am

This is my first unmanaged server. After having used only managed Virtuozzo/Plesk VPS's for about 6 years, managing my own (KVM) VPS is a whole new ball game :-)

I have installed Centos6, Plesk 10.4, and ASL. I've got several dozens of sites running on the server for about a month now, and so far everything is doing fine. I'm not sure what to do after reading the last post about excluding/including packages. I had just executed the given commands, before reading that last post. What should I do? I don't notice anything different on the sites, so I guess it's allright to use the Atomic repository?

breun · **Posted:** Thu May 24, 2012 5:28 am

We use the Atomic repository on all of our servers, I just wanted to warn you that by using it you'll also be switching to its PHP and MySQL packages instead of the ones from CentOS (they're different versions) if you run 'yum update' afterwards and accept all updates. This is not really a problem, but it may or may not be what you want, so I just wanted to inform you about that. You can also use a repository, but not use all of its packages via excludes or includes. If this all sounds complicated to you I recommend reading up on using Yum and managing repository configuration.

argosmedia · **Posted:** Thu May 24, 2012 5:33 am

I understand, I will read about it. Thanks breun!

Problems with trial ASL

Who is online