From owner-freebsd-stable  Thu Aug  9 20:15: 0 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mikea.ath.cx (okc-65-26-223-53.mmcable.com [65.26.223.53])
	by hub.freebsd.org (Postfix) with ESMTP id D0DCC37B401
	for <stable@FreeBSD.ORG>; Thu,  9 Aug 2001 20:14:56 -0700 (PDT)
	(envelope-from mikea@mikea.ath.cx)
Received: (from mikea@localhost)
	by mikea.ath.cx (8.11.5/8.11.1) id f7A3Etl01198
	for stable@FreeBSD.ORG; Thu, 9 Aug 2001 22:14:55 -0500 (CDT)
	(envelope-from mikea)
Date: Thu, 9 Aug 2001 22:14:53 -0500
From: mikea <mikea@mikea.ath.cx>
To: stable@FreeBSD.ORG
Subject: Re: Strange I/O behavior
Message-ID: <20010809221453.A1165@mikea.ath.cx>
References: <15218.65134.426946.295368@nomad.yogotech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <15218.65134.426946.295368@nomad.yogotech.com>; from nate@yogotech.com on Thu, Aug 09, 2001 at 03:19:42PM -0600
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Thu, Aug 09, 2001 at 03:19:42PM -0600, Nate Williams wrote:
> I've got a dual-CPU box that's acting very strangely.  At various times
> throughout the day, the box starts to crawl.
> 
> In analyzing it, the only thing that jumps out at me is that the first
> fixed disk is running a huge number of I/O transactions, to the point
> that it's almost saturating the disk.
> 
> However, the amount transferred is almost nil, but since this disk
> contains / and /usr (which means all the files are on it), interactive
> performance goes to the dump during these sessions.
> 
> The box is an all SCSI system, with the first disk being a 17GB
> Seagate.  The dmesg is below.
> 
> Here's the output of iostat 2, which shows alot of transactions going
> on.  However, there are no active users doing anything as far as I can
> see, and top shows the system as being mostly idle.
> 
> Any ideas how I can determine which application(s) are causing the huge
> I/O loads?

Try fstat and lsof to see what programs have what files open,
for a start. Is there _any_ chance you've been cracked and the
cracker had a tool running that spawned a few zillion telnet
sessions? That happened to me last week, causing a rebuild from
CDROM and some rethinking on my firewall rules. 

The symptoms were one CPU 97% busy with a program I didn't
recognize, and some hundreds of telnet sessions outbound.

-- 
Mike Andrews
mikea@mikea.ath.cx
Tired old sysadmin since 1964

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message