LFD – High CPU Usage While Sleeping

After switching several servers over from APF to CSF, my colleagues and I noticed that there are times during the day that LFD just chews away CPU, even while the process claims it’s “sleeping”:

root 15785 35.6 0.1 194496 93104 ? Ss 00:00 474:54 lfd – sleeping

35.6% CPU? What is it possibly doing?

 

LF_DIRWATCH = “0″
CT_LIMIT = “0″
LF_HTACCESS = “0″
LF_MODSEC = “0″
LF_DIRWATCH_FILE = “0″
PT_LIMIT = “0″

Now, we already had these disabled – our use of LFD is limited to the downloading of global allow/deny lists only, as we don’t wish to use CSF for login failure detection at this time.  So it was a bit puzzling at why, even with the main functionality of LFD disabled, it was using so much CPU.

An strace against LFD’s PID gave us the answer – it showed that LFD was continually parsing the various log files on the server, seemingly in a never-ending loop.  This appeared to correlate with the “LD_PARSE” value of 5 seconds.  When your servers are as large and busy as ours, your log files tend to be huge – and there’s no way that CSF is parsing those logs in 5 seconds or less.

To resolve this, we set the LF_PARSE value a bit higher to allow it to rest a bit. Since we aren’t using LFD for login failure tracking, we essentially do not have a need for it to frequently scan the server’s logs. We haven’t had a problem with LFD since.

  • 5 Users Found This Useful
Was this answer helpful?

Related Articles

Nginx Admin (Stable version) v2.6

Install Instructions:cd /usr/local/srcwget http://nginxcp.com/nginxadmin2.6-stable.tartar xf...

rkhunter installation

wget -c http://dfn.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.8.tar.gz tar zxvf...

Python Upgrade

cd /usr/local/src wget http://python.org/ftp/python/2.5.6/Python-2.5.6.tgz tar -zxvf...

Atomic ModSecurity Rules

Assuming you have a modsecurity 2.5.12 rpm (or higher) installed from the atomic archives, you...

Account DNS Check plugin for cPanel/WHM

# cd /home # rm -f latest-accountdnscheck # wget...