Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED]swatch/tail "/bin/tail: inotify resouces exhausted"
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
vivi131313
Tux's lil' helper
Tux's lil' helper


Joined: 11 May 2004
Posts: 108
Location: Folsom, CA
PostPosted: Fri Mar 25, 2011 3:30 am    Post subject: [SOLVED]swatch/tail "/bin/tail: inotify resouces exhaus Reply with quote
EDIT: Updating the file mentioned by Ant P in /proc/sys/fs/inotify/ things seems to be running.

After watching some Chinese and Philippino IP's try to brute force my root password through my open ssh port, I decided I needed to tighten up the security on my gentoo server(Don't want someone messing up my minecraft server :D ).

I started with a swatch/iptables tutorial that I found in the gentoo wiki. After learning a bit more about both of these tools and examining some other tuturials, I got a working setup running early this morning, which has already successfully blocked 2 IP addresses.

Anyway, on to the problem I'm hitting.
The original tutorial was using the code below for /etc/init.d/swatch(Found here http://en.gentoo-wiki.com/wiki/Swatch)
Code:

 #!/sbin/runscript
 # maat'092007
 depend() {
       use net
 }
 start() {
       ebegin "Starting swatch"
       start-stop-daemon --start --make-pidfile --pidfile /var/run/swatch.pid --background --exec /usr/bin/swatch -- --config-file=/etc/swatch.conf --pid-file=/var/run/swatch.pid
       eend $?
 }
 stop() {
       ebegin "Stopping swatch"
       start-stop-daemon --stop --name perl5.8.8 --user root
       start-stop-daemon --stop --pidfile /var/run/swatch.pid --user root
       eend $?
}


but it wasn't working particularly well, especially when killing the process. Swatch was successfully loading though.

After that I found this tutorial(http://www.gentoo-wiki.info/SSH/Swatch)
Code:

#!/sbin/runscript
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

opts="${opts} reload"

depend() {
   after logger
}

start() {
   ebegin "Starting Swatch"
   
   if [ ! -d ${SWATCH_SCRIPTDIR} ]; then
      mkdir ${SWATCH_SCRIPTDIR}
   fi
   
   swatch --script-dir=${SWATCH_SCRIPTDIR} \
      --tail-file=${SWATCH_TAILFILE} \
      --config-file=/etc/swatch.conf \
      --pid-file=/var/run/swatch.pid \
      --tail-args="${SWATCH_TAILARGS}" \
      --daemon \
      >> /var/log/swatch.log \
      2>> /var/log/swatch-err.log
   eend $?
}

stop() {
   ebegin "Stopping Swatch"
   kill `cat /var/run/swatch.pid`
   eend $?
}

restart() {
   svc_stop
   sleep 2
   svc_start
}

reload() {
   # Doesn't work !!! The signal must be sent to the monitor process, not to the script itself !
   kill -HUP `cat /var/run/swatch.pid`
}


I tweaked this slightly to get to my final setup:
/etc/init.d/swatch

Code:

#!/sbin/runscript
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

depend() {
        use net
   after logger
}

start() {
   ebegin "Starting Swatch"
   
   if [ ! -d ${SWATCH_SCRIPTDIR} ]; then
      mkdir ${SWATCH_SCRIPTDIR}
   fi
   
   swatch --script-dir=${SWATCH_SCRIPTDIR} \
      --tail-file=${SWATCH_TAILFILE} \
      --config-file=/etc/swatch/swatch.conf \
      --pid-file=/var/run/swatch.pid \
      --tail-args="${SWATCH_TAILARGS}" \
      --daemon \
      >> /var/log/swatch.log \
      2>> /var/log/swatch-err.log
   eend $?
}

stop() {
   ebegin "Stopping Swatch"
   kill `cat /var/run/swatch.pid`
   eend $?
}

restart() {
   svc_stop
   sleep 2
   svc_start
}



For reference here is my /etc/conf.d/swatch:

Code:

# Config file for /etc/init.d/swatch

# Location for temporary script generation
SWATCH_SCRIPTDIR="/var/tmp/swatch"

# File to monitor
SWATCH_TAILFILE="/var/log/messages"

# Tail arguments
SWATCH_TAILARGS="--follow=name -n 0"



So finally, when I run /etc/init.d/swatch start, it seems to start correctly, but the output in the log file is this:
Quote:

/bin/tail: inotify resources exhausted
/bin/tail: inotify cannot be used, reverting to polling


Once I saw this I decided to try to "tailf /var/log/messages", which dumped the last dozen lines of the log and then dumped the same messages as above.

Anyone familiar with this type of situation?

Thanks in advance.
TJ
_________________
Now I make the stuff you get pissed off at.

Last edited by vivi131313 on Sun Mar 27, 2011 3:20 am; edited 2 times in total
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Sat Mar 26, 2011 1:46 am    Post subject: Reply with quote
Run ssh on a non-default port. The number of login attempts I've seen in 7-8 years is zero.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
PostPosted: Sat Mar 26, 2011 1:57 am    Post subject: Reply with quote
or go with SSH keys, deny interactive logon
number of login attempts I've cared about in 7-8 years is 0^2 :lol:
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
vivi131313
Tux's lil' helper
Tux's lil' helper


Joined: 11 May 2004
Posts: 108
Location: Folsom, CA
PostPosted: Sat Mar 26, 2011 6:12 am    Post subject: Reply with quote
yes, I know either of those options would work, but now that I'm trying this method, I want to see it functional.

The whole tail inotify message just seems weird.
_________________
Now I make the stuff you get pissed off at.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Sat Mar 26, 2011 3:45 pm    Post subject: Reply with quote
Increase the values in /proc/sys/fs/inotify/ .
Back to top
View user's profile Send private message
vivi131313
Tux's lil' helper
Tux's lil' helper


Joined: 11 May 2004
Posts: 108
Location: Folsom, CA
PostPosted: Sun Mar 27, 2011 3:18 am    Post subject: Reply with quote
Weird stuff:

Code:
user@sompname ~ $ grep [0-9] /proc/sys/fs/inotify/*
/proc/sys/fs/inotify/max_queued_events:16384
/proc/sys/fs/inotify/max_user_instances:128
/proc/sys/fs/inotify/max_user_watches:8192


I tried writing to these files(just adding a 0 to each to see if it would fix the issue) and received an error writing to each file.
But after closing vim and reopening the files they had the updates.
tailf on /var/log/messages confirmed the issue was fixed.

I then tried singling out one of these as the variable I needed to adjust, but even after changing the numbers back, the tail still worked.

Then I rebooted, same issue came back. This time only complaining about simultaneous watches.
So I updated max_user_watched ad now I'm rebooting to see if the fix holds.
Well seems to be running at least, I guess I'll see if any new IP's are adding to my iptables.
Thanks!
_________________
Now I make the stuff you get pissed off at.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy