Search Results

Search found 32568 results on 1303 pages for 'linux pwns mac'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 497/1303 | < Previous Page | 493 494 495 496 497 498 499 500 501 502 503 504  | Next Page >

  • FFMPEG Segfault Solutions

    - by Brentley_11
    I'm trying to convert a bunch of movies into h.264 mp4's using FFMPEG. These movies are sourced from various portable camcorders such as the Flip Mino HD and the Kodak ZI8. One issue I'm having with video from the ZI8 is it seems to be causing FFMPEG to segfault. Here is my command: ffmpeg -i 'XmasSailor720p60fps.MOV' -threads 2 -acodec libfaac -ab 96kb -vcodec libx264 -vpre hq -b 500kb -s 484x272 XmasSailor.mp4 Here is the output: FFmpeg version SVN-r20668, Copyright (c) 2000-2009 Fabrice Bellard, et al. built on Dec 2 2009 18:37:34 with gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu4) configuration: --enable-libfaac --enable-libfaad --enable-libmp3lame --enable-libx264 --enable-gpl --enable-nonfree --enable-postproc --enable-pthreads --enable-shared libavutil 50. 5. 1 / 50. 5. 1 libavcodec 52.42. 0 / 52.42. 0 libavformat 52.39. 2 / 52.39. 2 libavdevice 52. 2. 0 / 52. 2. 0 libswscale 0. 7. 2 / 0. 7. 2 libpostproc 51. 2. 0 / 51. 2. 0 Seems stream 0 codec frame rate differs from container frame rate: 59.94 (60000/1001) -> 29.97 (30000/1001) Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'XmasSailor720p60fps.MOV': Duration: 00:00:05.37, start: 0.000000, bitrate: 12021 kb/s Stream #0.0(eng): Video: h264, yuv420p, 1280x720 [PAR 1:1 DAR 16:9], 11994 kb/s, 29.97 tbr, 90k tbn, 59.94 tbc Stream #0.1(eng): Audio: aac, 48000 Hz, stereo, s16, 128 kb/s Metadata major_brand : qt minor_version : 0 compatible_brands: qt comment : KODAK Zi8 Pocket Video Camera comment-eng : KODAK Zi8 Pocket Video Camera [libx264 @ 0x99e1020]using SAR=1/1 [libx264 @ 0x99e1020]using cpu capabilities: MMX2 SSE2Fast SSSE3 FastShuffle SSE4.1 Cache64 [libx264 @ 0x99e1020]profile High, level 2.1 Output #0, mp4, to 'XmasSailor.mp4': Stream #0.0(eng): Video: libx264, yuv420p, 484x272 [PAR 1:1 DAR 121:68], q=10-51, 500 kb/s, 30k tbn, 29.97 tbc Stream #0.1(eng): Audio: aac, 48000 Hz, stereo, s16, 96 kb/s Metadata comment : Encoded with the Statusfirm Video Transcoder Stream mapping: Stream #0.0 -> #0.0 Stream #0.1 -> #0.1 Press [q] to stop encoding [h264 @ 0x99de950]B picture before any references, skipping [h264 @ 0x99de950]decode_slice_header error [h264 @ 0x99de950]no frame! Error while decoding stream #0.0 [h264 @ 0x99de950]B picture before any references, skipping [h264 @ 0x99de950]decode_slice_header error [h264 @ 0x99de950]no frame! Error while decoding stream #0.0 frame= 20 fps= 0 q=13797729.0 size= 0kB time=0.66 bitrate= 0.6kbits/s frame= 39 fps= 37 q=13797729.0 size= 0kB time=1.30 bitrate= 0.3kbits/s frame= 48 fps= 30 q=33.0 size= 11kB time=0.10 bitrate= 903.0kbits/s frame= 58 fps= 27 q=31.0 size= 22kB time=0.43 bitrate= 421.0kbits/s frame= 67 fps= 25 q=29.0 size= 41kB time=0.73 bitrate= 462.6kbits/s frame= 75 fps= 23 q=29.0 size= 59kB time=1.00 bitrate= 486.7kbits/s frame= 83 fps= 22 q=29.0 size= 81kB time=1.27 bitrate= 521.9kbits/s frame= 90 fps= 21 q=29.0 size= 97kB time=1.50 bitrate= 530.1kbits/s frame= 98 fps= 20 q=29.0 size= 114kB time=1.77 bitrate= 526.9kbits/s frame= 106 fps= 20 q=29.0 size= 134kB time=2.04 bitrate= 537.7kbits/s frame= 114 fps= 19 q=29.0 size= 150kB time=2.30 bitrate= 533.7kbits/s frame= 122 fps= 19 q=29.0 size= 172kB time=2.57 bitrate= 547.8kbits/s frame= 130 fps= 19 q=29.0 size= 193kB time=2.84 bitrate= 557.5kbits/s frame= 136 fps= 18 q=29.0 size= 211kB time=3.04 bitrate= 570.0kbits/s frame= 144 fps= 18 q=29.0 size= 242kB time=3.30 bitrate= 599.5kbits/s frame= 152 fps= 17 q=30.0 size= 261kB time=3.57 bitrate= 598.6kbits/s frame= 157 fps= 15 q=-1.0 Lsize= 368kB time=5.21 bitrate= 579.3kbits/s video:302kB audio:61kB global headers:0kB muxing overhead 1.416371% [libx264 @ 0x99e1020]frame I:1 Avg QP:27.22 size: 8720 [libx264 @ 0x99e1020]frame P:48 Avg QP:25.15 size: 3759 [libx264 @ 0x99e1020]frame B:108 Avg QP:30.10 size: 1105 [libx264 @ 0x99e1020]consecutive B-frames: 0.6% 11.5% 28.8% 59.0% [libx264 @ 0x99e1020]mb I I16..4: 28.5% 47.6% 23.9% [libx264 @ 0x99e1020]mb P I16..4: 0.8% 1.3% 0.5% P16..4: 50.6% 17.7% 13.1% 0.0% 0.0% skip:15.9% [libx264 @ 0x99e1020]mb B I16..4: 0.2% 0.3% 0.1% B16..8: 44.0% 1.2% 2.6% direct: 5.1% skip:46.5% L0:45.5% L1:51.0% BI: 3.5% [libx264 @ 0x99e1020]final ratefactor: 23.51 [libx264 @ 0x99e1020]8x8 transform intra:49.9% inter:67.9% [libx264 @ 0x99e1020]direct mvs spatial:98.1% temporal:1.9% [libx264 @ 0x99e1020]coded y,uvDC,uvAC intra: 54.7% 76.1% 41.4% inter: 17.1% 24.4% 7.8% [libx264 @ 0x99e1020]i16 v,h,dc,p: 18% 52% 5% 25% [libx264 @ 0x99e1020]i8 v,h,dc,ddl,ddr,vr,hd,vl,hu: 12% 22% 9% 7% 10% 10% 9% 8% 13% [libx264 @ 0x99e1020]i4 v,h,dc,ddl,ddr,vr,hd,vl,hu: 13% 18% 8% 8% 10% 13% 10% 9% 12% [libx264 @ 0x99e1020]Weighted P-Frames: Y:10.4% [libx264 @ 0x99e1020]ref P L0: 60.2% 15.3% 11.0% 7.6% 5.2% 0.7% [libx264 @ 0x99e1020]ref B L0: 72.6% 15.6% 11.8% [libx264 @ 0x99e1020]kb/s:471.17 Segmentation fault I'm wondering if anyone else has ran into similar issues. I wasn't able to find anything helpful via Google. Another question I have is if anyone knows of a company that offers paid support for FFMPEG. Thank you for your time.

    Read the article

  • Why would one of my servers stop being able to access other servers by FQDN?

    - by Newlyn Erratt
    I have a number of servers on our local network and our debian server has suddenly stopped being able to access the other servers via their FQDN. Initial symptom was inability to login with Active Directory accounts. On further inspection, this machine, porkbelly, was unable to access our other servers (e.g. bacon and albert) via their FQDN. That is, they can ping albert by running ping albert but not by running ping albert.domain.local though when running ping albert it will be expanded to albert.domain.local. The server is still accessible from other servers via both porkbelly and porkbelly.domain.local. Upon examination of hosts information and running hostname its hostname and FQDN are correct. The resolv.conf appears correct. It contains: domain domain.local search domain.local nameserver 192.168.0.xxx (the nameserver) The dns server is also our Windows AD server. I'm not even sure where to go from here or why dns seems to be partially working though I don't have much experience. Where should I go from here? What might be causing this issue where machines are visible via their hostname but not their FQDN?

    Read the article

  • Set Users as chrooted for sftp, but allow user to login in SSH

    - by Eghes
    I have setup a ssh server on debian 7, to use sftp connection. I chrooted some user, with this config: Match Group sftpusers ChrootDirectory /sftp/%u ForceCommand internal-sftp But if i want login with one of this chrooted users in ssh console, they get logged, but autoclose the connection. In logs I see: Oct 17 13:39:32 xxxxxx sshd[31100]: Accepted password for yyyyyy from zzz.zzz.zzz.zzz port 7855 ssh2 Oct 17 13:39:32 xxxxxx[31100]: pam_unix(sshd:session): session opened for user yyyyyyyyyyyy by (uid=0) Oct 17 13:39:32 d00hyr-ea1 sshd[31100]: pam_unix(sshd:session): session closed for user yyyyyyyyyyyy How can I chroot a user only for sftp, and use it as a normal user for ssh?

    Read the article

  • How do I securely execute commands as root via a web control panel?

    - by Chris J
    I would like to build a very simple PHP based web based control panel to add and remove users to/from and add and remove sections to/from nginx config files on my linode vps (Ubuntu 8.04 LTS). What is the most secure way of executing commands as root based on input from a web based control panel? I am loathe to run PHP as root (even if behind an IP tables firewall) for the obvious reasons. Suggestions welcome. It must be possible as several commercial (and bloated, for my needs) control panels offer similar functionality. Thanks

    Read the article

  • How to find date/time used by Cassandra

    - by JDI Lloyd
    Earlier this morning I noticed that one of the nodes in our Cassandra cluster is writing logs an hour in the future, despite the date/time being correct on the OS. A couple of other nodes I checked via logs appear to be writing logs at the correct time. I now need to go through and check each node in our 80 node cluster and ensure cassandra is running on the correct time, problem being is some of the nodes don't write to the logs very often as they aren't doing much... the question is, is there some form of tool/utility (ie nodetool) that can tell me the time that cassandra is running on? All the systems date/times are correct, ntpdate cron in place has been for a while. Servers are set to Belize timezone to avoid DST changes so its nothing to do with that.

    Read the article

  • Editing .bash_profile file not taking effect

    - by Sandeepan Nath
    I need to put export PATH=$PATH:/opt/lampp/bin to my ~/.bash_profile file so that mysql from command line works on my system. Please check mysql command line not working for further details on that. I am working on a fedora system and logged in as root user. If I run locate .bash_profile then I get these:- /etc/skel/.bash_profile /home/sam/.bash_profile /home/sohil/.bash_profile /home/windows/.bash_profile /root/.bash_profile So, I modified the /root/.bash_profile file like this:- from PATH=$PATH:$HOME/bin export PATH to PATH=$PATH:/opt/lampp/bin export PATH But, still the change is not taking effect - Opening a new console and running mysql again says bash: mysql: command not found. However running export PATH=$PATH:/opt/lampp/bin in console makes it work for that session. So, I am doing something wrong with the .bash_profile file. May be editing incorrect one or doing the edit incorrectly.

    Read the article

  • Installing Git on Ubuntu 12.04

    - by Sven Jung
    I installed git with gitolite on my vserver using this tutorial. But I've got a problem to clone the gitolite-admin repo to my computer. The user is created with the option --disabled-password But if I try to clone with git clone git@<server>:gitolite-admin.git he asks not only for the passphrase of my rsa_key but also for the password of the gituser. Anyone an idea? I thought the user is created without password and I don't know what to type in

    Read the article

  • FreeRADIUS Default Answer

    - by jinanwow
    We are using FreeRADIUS with a MySQL database, authenticating users. We ran into an issue where are MySQL database was slow causing the max number of threads to be reached. The issue with this is, when the server couldn't answer the requests as there were no threads avaiable, it sent the response of Access-Reject to the clients. Our devices cache client connections and periodically checks with the server to see if they should still be allowed or to remove them. The equipment is designed that if there is no response from the server and a client is connected it will remain connected. The issue is, when the radius server is at its max threads, its default answer is to send access-reject (verified via packet capture), however we would like to change the default behavior to just ignore the request (keeping the clients connected). We have fixed the MySQL database issue for now, but I would like to change the default from Access-Reject, to just ignore the client altogeather. I have done research, but not able to find an answer to the question. Thanks in Advance.

    Read the article

  • Postfix count relayed messages per user

    - by Martino Dino
    I would like to know if it's possible to count the outgoing (relayed) messages on a per user basis in postfix. I'm managing a small commercial SMTP relay and decided that it would be nice to have a detailed daily report on how much mail a single user have sent (and eventually enforce some limits) possibly in realtime. I've looked almost everywhere and started to think that writing my own milter would be the way to go... Are you aware of anything that already exists for postfix that can count and report relayed mail for authenticated users (a script, milter or whatever)?

    Read the article

  • FTP Server vsftpd change ftp:nogroup

    - by pygorex1
    I'm running vsftpd using the Debian Lenny package. ftp:nogroup is the user/group that uploads files and owns uploaded files. However, a problem is arising - another process is also writing files to the FTP directory as myprocess:mygroup with restrictive file permissions, preventing vsftpd from overwriting the myprocess authored files. Is it possible to tell vsftpd to use a different user/group for uploading files? (preferably as myprocess:mygroup or ftp:mygroup)

    Read the article

  • Cannot install CentOS 6.5 using UEFI usb boot

    - by Vaindil
    I am trying to dual-boot CentOS 6.5 on my desktop that is currently running Windows 8.1. I have two storage devices: an SSD that has my Windows installation, and an HDD that has all of my data. Both are formatted using GPT, and Windows boots using UEFI. I used the CentOS 6.5 live DVD (CentOS-6.5-x86_64-LiveDVD.iso) to create an EFI-bootable flash drive (it does boot properly in EFI mode). I receive an error, however, when CentOS is booting (error is below). I have a 6.4 boot DVD which boots as expected, but it does not boot in UEFI mode and therefore doesn't play nicely with my Windows installation (I have no way to access it, even using rEFInd or any other similar tools). What do I need to do to get the device to boot properly in UEFI mode? Kernel panic - not syncing: Attempted to kill init! Pid: 1, comm: init Not tainted 2.6.32-431.el6.x86_64 #1 Call Trace: [<ffffffff815271fa>] ? panic+0xa7/0x16f [<ffffffff81077622>] ? do_exit+0x862/0x870 [<ffffffff8118a865>] ? fput+0x25/0x30 [<ffffffff81077688>] ? do_group_exit+0x58/0xd0 [<ffffffff81077717>] ? sys_exit_group+0x17/0x20 [<ffffffff8100b072>] ? system_call_fastpath+0x16/0x1b drm_kms_helper: panic occurred, switching back to text console

    Read the article

  • Gedit opens on all workspaces?

    - by debug
    Im using Fedora 10 with XFCE. Every time I open Gedit, it opens a instance on every workspace. The circle icon on my window border is selected (meaning, enabled on all workspaces). When I disable it to appear on one workspace, then close and restart, Gedit opens normal (current workspace). Question is: How to keep this current configuration? If I restart my system, and start up Gedit, it appears on all workspaces again.

    Read the article

  • Nginx and automatic updates

    - by Desmond Hume
    I'm on Ubuntu 12.04.1 with unattended-upgrades configured for automatic security updates, and I installed Nginx by first adding deb http://nginx.org/packages/ubuntu/ lucid nginx deb-src http://nginx.org/packages/ubuntu/ lucid nginx to /etc/apt/sources.list file, just as was suggested by the official wiki, and then by sudo apt-get update sudo apt-get install nginx which installed Nginx with all the standard modules. But now I think I could make good use of one or two of the Nginx optional modules, like the gzip precompression module or some security-related one. So far, I see two ways of adding an optional module to Nginx, one is compiling and installing from the source code and the other is described in this article. So, which of the ways should I choose so that automatic updates still run for and apply to Nginx and its optional modules? Or should I create a cron job with a command/script specific for Nginx instead of using unattended-upgrades utility? Can I choose between volume updates and security-only updates to be automatically applied to the standard and optional modules? And finally, is there a possibility to automatically update Nginx's modules on the fly (without any connections having been dropped), like the documentation suggests it's possible with sudo kill -USR2 $( cat /run/nginx.pid ) P.S. Actually I'm not certain if unattended-upgrades utility would automatically update the standard modules in the first place, not enough time has passed since Nginx was installed to say for sure.

    Read the article

  • not able to register sip user on red5server, using red5phone

    - by sunil221
    I start the red5, and then i start red5phone i try to register sip user , details i provide are username = 999999 password = **** ip = asteriskserverip and i got --- Registering contact -- sip:[email protected]:5072 the right contact could be --- sip :99999@asteriskserverip this is the log: SipUserAgent - listen -> Init... Red5SIP register [SIPUser] register RegisterAgent: Registering contact <sip:[email protected]:5072> (it expires in 3600 secs) RegisterAgent: Registration failure: No response from server. [SIPUser] SIP Registration failure Timeout RegisterAgent: Failed Registration stop try. Red5SIP Client leaving app 1 Red5SIP Client closing client 35C1B495-E084-1651-0C40-559437CAC7E1 Release ports: sip port 5072 audio port 3002 Release port number:5072 Release port number:3002 [SIPUser] close1 [SIPUser] hangup [SIPUser] closeStreams RTMPUser stopStream [SIPUser] unregister RegisterAgent: Unregistering contact <sip:[email protected]:5072> SipUserAgent - hangup -> Init... SipUserAgent - closeMediaApplication -> Init... [SIPUser] provider.halt RegisterAgent: Registration failure: No response from server. [SIPUser] SIP Registration failure Timeout please let me know if i am doing anything wrong. regards Sunil

    Read the article

  • Pgpool-regclass gives error when installling

    - by user119720
    I have a problem when installing the pgpool-regclass. When I'm running 'Make',it shows me this kind of error : p,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/include/et -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -fpic -I. -I. -I/usr/pgsql-9.2/include/server -I/usr/pgsql-9.2/include/internal -I/usr/include/et -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/include -c -o pgpool-regclass.o pgpool-regclass.c pgpool-regclass.c:99:37: error: macro "RangeVarGetRelid" requires 3 arguments, but only 2 given pgpool-regclass.c: In function âpgpool_regclassâ: pgpool-regclass.c:99: error: âRangeVarGetRelidâ undeclared (first use in this function) pgpool-regclass.c:99: error: (Each undeclared identifier is reported only once pgpool-regclass.c:99: error: for each function it appears in.) make: *** [pgpool-regclass.o] Error 1 Can anyone help me to sort this things out?I really appreciate it. Thanks.

    Read the article

  • DRBD not syncing between my nodes when IP is reset

    - by ramdaz
    I am trying to setup DRBD by following the article at http://www.howtoforge.com/setting-up-network-raid1-with-drbd-on-ubuntu-11.10-p2 I am using Ubuntu 10.04 DRBD - 8.3.11 In the first run I had everything working perfectly and when shifting the systems to a production environment I decided to restart the Meta Data creation part and start from scratch. The IPs had changed entirely in the production environment. Issuing drdbadm create-md r0 in both the servers runs successfully. But when I do "drbdadm -- --overwrite-data-of-peer primary all" on the primary it fails to start the re sync. My config file is as given below resource r0 { protocol C; syncer { rate 50M; } startup { wfc-timeout 15; degr-wfc-timeout 60; } net { cram-hmac-alg sha1; shared-secret "aklsadkjlhdbskjndsf8738734jkfkjfkjf"; } on primaryds { device /dev/drbd0; disk /dev/md2; address 172.16.7.1:7788; meta-disk internal; } on secondaryds { device /dev/drbd0; disk /dev/md2; address 172.16.7.3:7788; meta-disk internal; } } Status on primary root at primaryds:~# cat /proc/drbd version: 8.3.7 (api:88/proto:86-91) GIT-hash: ea9e28dbff98e331a62bcbcc63a6135808fe2917 build by root at primaryds, 2012-05-12 15:08:01 0: cs:WFBitMapS ro:Primary/Secondary ds:UpToDate/Inconsistent C r---- ns:0 nr:0 dw:0 dr:200 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:5690352828 Status on secondary root at secondaryds:/etc/drbd.d# cat /proc/drbd version: 8.3.7 (api:88/proto:86-91) GIT-hash: ea9e28dbff98e331a62bcbcc63a6135808fe2917 build by root at secondaryds, 2012-05-12 15:25:25 0: cs:WFBitMapT ro:Secondary/Primary ds:Inconsistent/UpToDate C r---- ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:5690352828 Log of Primary May 30 13:42:23 primaryds kernel: [ 1584.057076] block drbd0: role( Secondary -> Primary ) disk( Inconsistent -> UpToDate ) May 30 13:42:23 primaryds kernel: [ 1584.086264] block drbd0: Forced to consider local data as UpToDate! May 30 13:42:23 primaryds kernel: [ 1584.086303] block drbd0: Creating new current UUID May 30 13:42:26 primaryds kernel: [ 1586.405551] block drbd0: drbd_sync_handshake: May 30 13:42:26 primaryds kernel: [ 1586.405564] block drbd0: self E8A075F378173D4B:0000000000000004:0000000000000000:0000000000000000 bits:1422588207 flags:0 May 30 13:42:26 primaryds kernel: [ 1586.405574] block drbd0: peer 0000000000000004:0000000000000000:0000000000000000:0000000000000000 bits:1422588207 flags:0 May 30 13:42:26 primaryds kernel: [ 1586.405582] block drbd0: uuid_compare()=2 by rule 30 May 30 13:42:26 primaryds kernel: [ 1586.405587] block drbd0: Becoming sync source due to disk states. May 30 13:42:26 primaryds kernel: [ 1586.405592] block drbd0: Writing the whole bitmap, full sync required after drbd_sync_handshake. May 30 13:42:27 primaryds kernel: [ 1588.171638] block drbd0: 5427 GB (1422588207 bits) marked out-of-sync by on disk bit-map. May 30 13:42:27 primaryds kernel: [ 1588.172769] block drbd0: conn( Connected -> WFBitMapS ) Log in Secondary May 30 13:42:24 secondaryds kernel: [ 1563.304894] block drbd0: peer( Secondary - Primary ) pdsk( Inconsistent - UpToDate ) May 30 13:42:24 secondaryds kernel: [ 1563.339674] block drbd0: drbd_sync_handshake: May 30 13:42:24 secondaryds kernel: [ 1563.339685] block drbd0: self 0000000000000004:0000000000000000:0000000000000000:0000000000000000 bits:1422588207 flags:0 May 30 13:42:24 secondaryds kernel: [ 1563.339695] block drbd0: peer E8A075F378173D4B:0000000000000004:0000000000000000:0000000000000000 bits:1422588207 flags:0 May 30 13:42:24 secondaryds kernel: [ 1563.339703] block drbd0: uuid_compare()=-2 by rule 20 May 30 13:42:24 secondaryds kernel: [ 1563.339709] block drbd0: Becoming sync target due to disk states. May 30 13:42:24 secondaryds kernel: [ 1563.339714] block drbd0: Writing the whole bitmap, full sync required after drbd_sync_handshake. May 30 13:42:26 secondaryds kernel: [ 1565.652342] block drbd0: 5427 GB (1422588207 bits) marked out-of-sync by on disk bit-map. May 30 13:42:26 secondaryds kernel: [ 1565.652965] block drbd0: conn( Connected - WFBitMapT ) The serves are not responding once it reaches this stage. Tried redoing it couple of time but noting happens. Why could the resync not be taking place? I would like some advice? Directions?

    Read the article

  • "Possible SYN flooding" in log despite low number of SYN_RECV connections

    - by al4
    Recently we had an apache server which was responding very slowly due to SYN flooding. The workaround for this was to enable tcp_syncookies (net.ipv4.tcp_syncookies=1 in /etc/sysctl.conf). I posted a question about this here if you want more background. After enabling syncookies we started seeing the following message in /var/log/messages approximately every 60 seconds: [84440.731929] possible SYN flooding on port 80. Sending cookies. Vinko Vrsalovic informed me that this means the syn backlog is getting full, so I raised tcp_max_syn_backlog to 4096. At some point I also lowered tcp_synack_retries to 3 (down from the default of 5) by issuing sysctl -w net.ipv4.tcp_synack_retries=3. After doing this, the frequency seemed to drop, with the interval of the messages varying between roughly 60 and 180 seconds. Next I issued sysctl -w net.ipv4.tcp_max_syn_backlog=65536, but am still getting the message in the log. Throughout all this I've been watching the number of connections in SYN_RECV state (by running watch --interval=5 'netstat -tuna |grep "SYN_RECV"|wc -l'), and it never goes higher than about 240, much much lower than the size of the backlog. Yet I have a Red Hat server which hovers around 512 (limit on this server is the default of 1024). Are there any other tcp settings which would limit the size of the backlog or am I barking up the wrong tree? Should the number of SYN_RECV connections in netstat -tuna correlate to the size of the backlog? Update As best I can tell I'm dealing with legitimate connections here, netstat -tuna|wc -l hovers around 5000. I've been researching this today and found this post from a last.fm employee, which has been rather useful. I've also discovered that the tcp_max_syn_backlog has no effect when syncookies are enabled (as per this link) So as a next step I set the following in sysctl.conf: net.ipv4.tcp_syn_retries = 3 # default=5 net.ipv4.tcp_synack_retries = 3 # default=5 net.ipv4.tcp_max_syn_backlog = 65536 # default=1024 net.core.wmem_max = 8388608 # default=124928 net.core.rmem_max = 8388608 # default=131071 net.core.somaxconn = 512 # default = 128 net.core.optmem_max = 81920 # default = 20480 I then setup my response time test, ran sysctl -p and disabled syncookies by sysctl -w net.ipv4.tcp_syncookies=0. After doing this the number of connections in the SYN_RECV state still remained around 220-250, but connections were starting to delay again. Once I noticed these delays I re-enabled syncookies and the delays stopped. I believe what I was seeing was still an improvement from the initial state, however some requests were still delayed which is much worse than having syncookies enabled. So it looks like I'm stuck with them enabled until we can get some more servers online to cope with the load. Even then, I'm not sure I see a valid reason to disable them again as they're only sent (apparently) when the server's buffers get full. But the syn backlog doesn't appear to be full with only ~250 connections in the SYN_RECV state! Is it possible that the SYN flooding message is a red herring and it's something other than the syn_backlog that's filling up? If anyone has any other tuning options I haven't tried yet I'd be more than happy to try them out, but I'm starting to wonder if the syn_backlog setting isn't being applied properly for some reason.

    Read the article

  • How can I log all traffic with its exact length?

    - by Legate
    I want to process all packets with their size going through our gateway server (running Debian 4.0). My idea is to use tcpdump, but I have two questions. The command I'm currently thinking of is tcpdump -i iface -n -t -q. Is it guaranteed that tcpdump will process all packets? What happens if the CPU is working to full capacity? The format of the output lines is IP ddd.ddd.ddd.ddd.port > ddd.ddd.ddd.ddd.port: tcp 1260. What exactly is 1260? I have the suspicion that it is the payload in bytes of the packet, which would be exactly what I need, but I'm not sure. It might be the TCP Window Size. Or perhaps there is an even better way of doing this? I thought about a LOG rule in iptables, but tcpdump seems easier and I don't know whether iptables can log the packet lengths.

    Read the article

  • Difference between tcp recv buffer and tcp receive window size?

    - by pradeepchhetri
    The command shows the tcp receive buffer size in bytes. $ cat /proc/sys/net/ipv4/tcp_rmem 4096 87380 4001344 where the three values signifies the min, default and max values respectively. Then I tried to find the tcp window size using tcpdump command. $ sudo tcpdump -n -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-ack) == tcp-syn and port 80 and host google.com' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:15:41.465037 IP 172.16.31.141.51614 > 74.125.236.73.80: Flags [S], seq 3661804272, win 14600, options [mss 1460,sackOK,TS val 4452053 ecr 0,nop,wscale 6], length 0 I got the window size to be 14600 which is 10 times the size of MSS. Can anyone please tell me the relationship between the two.

    Read the article

  • --prefix to /usr/local or /opt?

    - by Paul Alexander
    For building apps from source like git or rails I've seen recommendations to install in both /opt or /usr/local. From what I've read so for, the designated use for both is about the same and it amounts to merely a style issue. Is there any practical difference? Best practices?

    Read the article

  • Basic clarification about Limited FTP/sFTP users

    - by mattewre
    I would like to get some clarification about the correct way to create limited users to access to my VPS user as WEBSERVER with Nginix. I'm used to NOT install FTP and access via SFTP only. It is ok for every set up? this is what I usually do from to create a limited user called "admin" that should be able to have access via SFTP to the folder with the website data mkdir -p /var/www/mysite.com/ adduser admin adduser admin www-data chown -R root:root /var/www chmod -R 755 /var/www chmod -R 755 /var/www/mysite.com chown -R admin:www-data /var/www/mysite.com/ It seems not to be the correct way, I always have problems with permission when I upload some files (for example with Wordpress in general). I would like to create an user that does work exactly as the one that the "provides" give to their client when they buy an Hosting service (that is a FTP, I would prefer SFTP access). It is for personal user, but I think that a limited user is a lot safer to use then the "root" via SFTP.

    Read the article

  • How to allow writing to a mounted NFS partition

    - by Cerin
    How do you allow a specific user permission to write to an NFS partition? I've mounted an NFS share on my localhost (a Fedora install), and I can read and write as root, but I'm unable to write as the apache user, even though all the files and directories in the share on my localhost and remote host are owned by apache. For example, I've mounted it via this line in my /etc/fstab: remotehost:/data/media /data/media nfs _netdev,soft,intr,rw,bg 0 0 And both locations are owned by apache: [root@remotehost ~]# ls -la /data total 24 drwxr-xr-x. 6 root root 4096 Jan 6 2011 . dr-xr-xr-x. 28 root root 4096 Oct 31 2011 .. drwxr-xr-x 4 apache apache 4096 Jan 14 2011 media [root@localhost ~]# ls -la /data total 16 drwxr-xr-x 4 apache apache 4096 Dec 7 2011 . dr-xr-xr-x. 27 root root 4096 Jun 11 15:51 .. drwxrwxrwx 5 apache apache 4096 Jan 31 2011 media However, when I try and write as the apache user, I get a "Permission denied" error. [root@localhost ~]# sudo -u apache touch /data/media/test.txt' touch: cannot touch `/data/media/test.txt': Permission denied But of course it works fine as root. What am I doing wrong?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 493 494 495 496 497 498 499 500 501 502 503 504  | Next Page >