Other than cranking up logging to debug2, is there a way to better tune logging on a server to see if I am running into max sessions ? On FreeBSD RELENG11 I am periodically seeing connections being refused- 3way handshake not completing or completing and then FINs. Typically, I have a hundred or so connections at one time, but they can bounce up to a few hundred on occasion. Without leaving the server at debug2 logging level, is there a way to find out if I am hitting application limits vs OS limits ? Also, are there any guides out there on tuning an sshd (sftp actually) server to handle a large number of concurrent sessions ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Mike Tancsa wrote:> Without leaving the server at debug2 logging level, is there a way > to find out if I am hitting application limits vs OS limits ?If you run sshd under ktrace maybe you can spot resource limit errors for relevant syscalls in the kdump output. //Peter
On 9/26/2017 9:07 PM, Peter Stuge wrote:> Mike Tancsa wrote: >> Without leaving the server at debug2 logging level, is there a way >> to find out if I am hitting application limits vs OS limits ? > > If you run sshd under ktrace maybe you can spot resource limit errors > for relevant syscalls in the kdump output.Thanks! Although in this case, the measurement seems pretty resource intensive. I increased the MaxSessions and as well as MaxStartups and I have the failure rate down to under 10 per day. So it seems based on changing that, it is application limits ? I added MaxSessions 920 ClientAliveInterval 15 # get rid of procs sitting arround MaxStartups 30:50:500 Most of the clients come behind a single natted IP. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/