NSCA daemon deactivated due to excessive incoi ng connections?

Gerald Wichmann gwichman at zantaz.com
Fri Feb 21 01:47:06 CET 2003


I might also add that the instances parameter had to be increased/set..
basically xinetd is thinking theres a Dos attack going on..
 
Gerald Wichmann
Senior Systems Development Engineer
Zantaz, Inc.
925.598.3099 (w)
 
-----Original Message-----
From: Gerald Wichmann 
Sent: Thursday, February 20, 2003 4:45 PM
To: Gerald Wichmann; Nagios (E-mail)
Subject: RE: [Nagios-users] NSCA daemon deactivated due to excessive incoing
connections?
 
Nevermind found the problem.. newer versions of xinetd have a "cps"
parameter that by default in xinetd.conf is set to "25 30".. this parameter
dictates the max # of connections per second (25) that a service can handle
before xinetd shuts it down (DOS attack protection).. the second argument
specifies how many seconds it waits before starting the service again (30)..
 
I just had to edit /etc/xinetd.d/nsca and add "cps 200 10" to increase the #
of connections per second it can handle.
 
Gerald Wichmann
Senior Systems Development Engineer
Zantaz, Inc.
925.598.3099 (w)
 
-----Original Message-----
From: Gerald Wichmann 
Sent: Thursday, February 20, 2003 2:37 PM
To: Nagios (E-mail)
Subject: [Nagios-users] NSCA daemon deactivated due to excessive incoing
connections?
 
I have 2 distributed servers and 1 central nagios server. The central nagios
server in /var/log/messages I see regular entries "xinetd[717]: Deactivating
service nsca due to excessive incoming connections. Restarting in 30
seconds." And then the service is activated again.
 
I'm rather surprised by it as I don't really have that many services that
I'm monitoring.. around 130 in total. Any ideas what I should look at to
rectify these messages?
 
Thanks,
Gerald
 


This e-mail has been captured and archived by the ZANTAZ Digital Safe(tm)
service. For more information, visit us at www.zantaz.com. 
IMPORTANT: This electronic mail message is intended only for the use of the
individual or entity to which it is addressed and may contain information
that is privileged, confidential or exempt from disclosure under applicable
law. If the reader of this message is not the intended recipient, or the
employee or agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender immediately by
telephone or directly reply to the original message(s) sent. Thank you.


This e-mail has been captured and archived by the ZANTAZ Digital Safe(tm)
service.  For more information, visit us at www.zantaz.com. 
IMPORTANT: This electronic mail message is intended only for the use of the
individual or entity to which it is addressed and may contain information
that is privileged, confidential or exempt from disclosure under applicable
law.  If the reader of this message is not the intended recipient, or the
employee or agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited.  If you have received
this communication in error, please notify the sender immediately by
telephone or directly reply to the original message(s) sent.  Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20030220/8d438e0b/attachment.html>


More information about the Users mailing list