Request time out Error - Site running very slow

Prashanta_Mahato · July 13, 2019, 2:46pm

I am getting Request Time Out error while performing any action.I have found file2ban utilizing my 100% CPU. Kindly Help

VamYip · July 13, 2019, 2:52pm

Thats generally because of unrotated logs.

Prashanta_Mahato · July 13, 2019, 5:30pm

Thank you Vamyip.
this is my logrotate file:

/var/log/fail2ban.log {

weekly
rotate 4
compress

delaycompress
missingok
postrotate
    fail2ban-client flushlogs 1>/dev/null || true
endscript

# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root adm

}

is this is the reason for slow performance of my site?
Regards,

VamYip · July 14, 2019, 11:36am

No. Fail2Ban reads logs configured in for jails (generally nginx and ssh) to identify anomalous traffic. If logs of nginx and ssh are not rotated, they become large and fail2ban takes longer to read those logs.

First verify if any of logs are being rotated. If yes, then need to check why nginx’s logs are not rotated.

Prashanta_Mahato · July 16, 2019, 3:21pm

Thank You VamYip,
System is responding normally after clear my log files.
Thanks for your support.

nmami · July 16, 2019, 4:02pm

Hi,
Can you elaborate more, I have facing same issue, but how to verify this point first, plz detailed steps

then second part also I need a how to steps for that

Thanks a lot
Nofal

Prashanta_Mahato · July 16, 2019, 6:13pm

Manually deleted all older logs from system.

cd /home/var/log
ls -lah
find the large size file and clear the content with sudo echo > file name
cd ~/frappe-bench/logs
repeat no 3 (for all .log file)
Add the below line inside
cd etc/logrotate.d/
sudo nano fail2ban
add this line inside postrotate block
postrotate
fail2ban-client flushlogs 1>/dev/null || true
endscript

VamYip · January 5, 2022, 5:57am

Found the reason why Nginx (and most of the other logs) were not being rotated on the servers setup before March 2020. It was due to a bug in bench’s letsencrypt setup script causing crontab’s /etc/crontab config to break . So crontab ignored the file altogether and caused the standard cron jobs (cron.daily, cron.weekly, etc) to fail. Note that custom cron jobs that we setup (using crontab -e) continued to run because they are not referenced via /etc/crontab . This issue affects only those jobs which were referenced via /etc/crontab.

This also explains troublesome behavior of fail2ban upon server restart . Since nginx’s logs weren’t being rotated sometimes fail2ban attempted to read all the log since beginning which caused a prolonged CPU spike. Log Rotation will solve that also.

HTH,
Vamyip