LFD Alerts from CSF about php-fpm Excessive resource usage for Virtual Memory Size

[BlueSteam]

Hi All,

I am aware that the following alert is coming from CSF about the php-fpm pool:

Time: Wed Aug 18 18:09:32 2021 +0200
Account: userid
Resource: Virtual Memory Size
Exceeded: 558 > 512 (MB)
Executable: /opt/cpanel/ea-php74/root/usr/sbin/php-fpm
Command Line: php-fpm: pool domain.com
PID: 277686 (Parent PID:17624)
Killed: No

The server is a brand new installation of cPanel and this is the first account that has been loaded on to the server. All configs are default for cPanel and PHP as well as CSF.

Is this really actually something to worry about?? Why is it even exceeding the pool limit in the first place?

Can I safely ignore this or should I even do anything about it? Usually warnings are there for a reason or is this just a badly configured default limit in CSF?

 

[cPRex]

Hey there! It's fine to ignore this or configure CSF to not flag that process. It's important to note that CSF isn't provided or distributed by cPanel, so you'd need to adjust that tool to work with your server.

 

[BlueSteam]

Hey there! It's fine to ignore this or configure CSF to not flag that process. It's important to note that CSF isn't provided or distributed by cPanel, so you'd need to adjust that tool to work with your server.

Yh, I am aware its not a cPanel provided platform. What concerns me though is WHY it is even exceeding the limit by CSF. Why would CSF think that 512 is an acceptable limit if it is always going to be triggered?

 

[cPRex]

CSF has 512M set for the default of most process, if I'm remembering correctly. 512M would be a large amount for an individual process, but for an entire user or domain, that isn't much at all.

You might want to ask them directly, and we have a link to contact them in our guide here:

Why am I receiving "Excessive resource usage" notifications?

Question Why am I receiving email notifications with subjects such as the following? lfd on $hostname: Excessive resource usage: $username Answer These notifications are generated by the 3r...

support.cpanel.net

 

[BlueSteam]

Thanks @cPRex

I have simply increased the notification for now to 1024. I haven't received any further notices so lets hope this is the solution and there are no adverse affects by ignoring it.

 

[BlueSteam]

Ok, so as you know, I have increased the limit to 1024 instead and that excessive resource usage seems to have disappeared but another one cropped up here:

Time: Mon Aug 23 21:36:29 2021 +0200
Account: ######
Resource: Process Time
Exceeded: 69031 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/perl/532/bin/perl
Command Line: spamd child
PID: 1514763 (Parent PID:1512413)
Killed: No

So I did some research and found articles to advise me to modify the /etc/csf/csf.pignore file by removing this commented out line:

BEFORE:
#cmd:spamd child

AFTER
cmd:spamd child

Then I restarted LFD by executing: service lfd restart

next day the alert was back

more research suggested I use pcmd instead of cmd but that is for regex and "spamd child" has no regex formatting in it. This hasn't worked either.

what else can I try to do in order to ignore this alert?

 

[cPAdminsMichael]

I have observed this issue aswell. Not sure if it's a small bug somewhere. I have not digged that much into it, but a quickfix that works is adding pcmd:spamd.*child.* to the pignore file.

 

[BlueSteam]

I have observed this issue aswell. Not sure if it's a small bug somewhere. I have not digged that much into it, but a quickfix that works is adding pcmd:spamd.*child.* to the pignore file.

Well, many people advise you just to disable the alerts entirely. I opted to rather increase it to 1024M. At least this way I will catch a very high running process.

This is a personal server anyway. It's not shared with multiple clients. So a proces might run higher than normal seeing as though the server was bought and paid for specifically for dedicated purposes in order to do more work than a normal account. So I'm not too worried about that memory use.

My bigger concern is no matter what I have done to ignore the spamd child alerts, it hasn't stopped the alerts from being triggered.

I wil lapply your suggestion and see if the alert stops.

Thanks

 

[BlueSteam]

The alert has stopped since applying the following command:

pcmd:spamd.*child.*

Thanks for your help