High CPU usage due to whois process

We have seen some of the PBX experience high CPU usage due to spinning whois process.

If you received a notification form our staff that your PBX use higher than normal cpu time,  you may want to check for this issue.  You can login to your ssh console and type top.  Please observe whether one whois or multiple whois process it consuming your CPU.

The high CPU usage may impact your call quality.  Therefore,  you may want to take care of this issue as soon as possible.

You can stop the whois process by typing killall whois at your ssh console.  There is no need to reboot your PBX.

The whois is used by fail2ban to help you translate an attacking IP address to a human readable host name or other information.  This is an confinience feature that fail2ban do when it send an email notification of an attack incident.

Moving forward, I would defer to your own judgement to consider the benefit and the inconvinience of using whois on your fail2ban.  If you do not want to have whois to translate the attacking ip,  you can rename any reference in the /etc/fail2ban/jail.conf of sendmail-whois to sendmail.  You can do it with your favorite text editor.  You will need to restart your fail2ban after making changes.

Byla tato odpověď nápomocná?

 Tisknout tento článek

Také čtěte

How to ssh and change root password

If you're on windows, you can use putty, download hereOnce donwloaded, you just open it, and...

How to manage fail2ban

From...

Firewall Configuration

All of our installation, except for the PBX in a Flash, comes with apf firewall pre-installed....

How to troubleshoot emails not sending out

First thing to check when no emails are being sent or you're not getting any emails from your...

Dahdi Detected time shift in /var/log/message

If you find a lot of message " dahdi detected time shift" in /var/log/message, please...