/ Register

Discover Centmin Mod today
Register Now

CSF Disable lfd server load email

Discussion in 'Other Centmin Mod Installed software' started by BamaStangGuy, Aug 6, 2017.

Tags:
Previous Thread Next Thread
Loading...
  1. Aug 6, 2017 #1
    BamaStangGuy

    BamaStangGuy Active Member

    537
    163
    43
    May 25, 2014
    Ratings:
    +216
    Local Time:
    9:01 PM
    How can I disable the email alerting me to server load average being high? We are running CPU intensive software on some of our servers and its getting annoying have the emails streaming in.
     
  2. Aug 6, 2017 #2
    eva2000

    eva2000 Administrator Staff Member

    36,877
    8,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,433
    Local Time:
    1:01 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    You can also setup email filters to group and manage these alerts which is better than disabling all alerts.

    Also check CSF Firewall's config /etc/csf/csf.conf and official docs/readme linked at bottom of CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS ? hint custom via csf.pignore ;)
    another hint check options related to LF_ALERT_*, PT_LOAD* and references to csf.pignore
    Code (Text):
    egrep -C5  'LF_ALERT_|PT_LOAD|csf.pignore' /etc/csf/csf.conf

    Code (Text):
    egrep -C5  'LF_ALERT_|PT_LOAD|csf.pignore' /etc/csf/csf.conf

# By default, lfd will send alert emails using the relevant alert template to
# the To: address configured within that template. Setting the following
# option will override the configured To: field in all lfd alert emails
#
# Leave this option empty to use the To: field setting in each alert template
LF_ALERT_TO = ""

# By default, lfd will send alert emails using the relevant alert template from
# the From: address configured within that template. Setting the following
# option will override the configured From: field in all lfd alert emails
#
# Leave this option empty to use the From: field setting in each alert template
LF_ALERT_FROM = ""

# By default, lfd will send all alerts using the SENDMAIL binary. To send using
# SMTP directly, you can set the following to a relaying SMTP server, e.g.
# "127.0.0.1". Leave this setting blank to use SENDMAIL
LF_ALERT_SMTP = ""

# Block Reporting. lfd can run an external script when it performs and IP
# address block following for example a login failure. The following setting
# is to the full path of the external script which must be executable. See
# readme.txt for format details
--
#
# While enabling this setting will reduce false-positives, having it set to 0
# does provide better checking for exploits running on the server
PT_SKIP_HTTP = "0"

# lfd will report processes, even if they're listed in csf.pignore, if they're
# tagged as (deleted) by Linux. This information is provided in Linux under
# /proc/PID/exe. A (deleted) process is one that is running a binary that has
# the inode for the file removed from the file system directory. This usually
# happens when the binary has been replaced due to an upgrade for it by the OS
# vendor or another third party (e.g. cPanel). You need to investigate whether
--
PT_DELETED_ACTION = ""

# User Process Tracking. This option enables the tracking of the number of
# process any given account is running at one time. If the number of processes
# exceeds the value of the following setting an email alert is sent with
# details of those processes. If you specify a user in csf.pignore it will be
# ignored
#
# Set to 0 to disable this feature
PT_USERPROC = "0"

# This User Process Tracking option sends an alert if any user process exceeds
# the virtual memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set to 0 to disable this feature
PT_USERMEM = "512"

# This User Process Tracking option sends an alert if any user process exceeds
# the RSS memory usage set (MB) - RAM used, not virtual. To ignore specific
# processes or users use csf.pignore
#
# Set to 0 to disable this feature
PT_USERRSS = "256"

# This User Process Tracking option sends an alert if any linux user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
#
# Set to 0 to disable this feature
PT_USERTIME = "0"

# If this option is set then processes detected by PT_USERMEM, PT_USERTIME or
--
# process(es) in a comma separated list.
#
# The action script must have the execute bit and interpreter (shebang) set
PT_USER_ACTION = ""

# Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and
# defaults to 5 if set otherwise) on the server every PT_LOAD seconds. If the
# load average is greater than or equal to PT_LOAD_LEVEL then an email alert is
# sent. lfd then does not report subsequent high load until PT_LOAD_SKIP
# seconds has passed to prevent email floods.
#
# Set PT_LOAD to "0" to disable this feature
PT_LOAD = "600"
PT_LOAD_AVG = "15"
PT_LOAD_LEVEL = "8"
PT_LOAD_SKIP = "3600"

# This is the Apache Server Status URL used in the email alert. Requires the
# Apache mod_status module to be installed and configured correctly
PT_APACHESTATUS = "http://127.0.0.1/server-status"

# If a PT_LOAD event is triggered, then if the following contains the path to
# a script, it will be run in a child process. For example, the script could
# contain commands to terminate and restart httpd, php, exim, etc incase of
# looping processes. The action script must have the execute bit an
# interpreter (shebang) set
PT_LOAD_ACTION = ""

# Fork Bomb Protection. This option checks the number of processes with the
# same session id and if greater than the value set, the whole session tree is
# terminated and an alert sent
#
--
#
# On cPanel servers, PT_ALL_USERS should be enabled to use this option
# effectively
#
# This option will check root owned processes. Session id 0 and 1 will always
# be ignored as they represent kernel and init processes. csf.pignore will be
# honoured, but bear in mind that a session tree can contain a variety of users
# and executables
#
# Care needs to be taken to ensure that this option only detects runaway fork
# bombs, so should be set higher than any session tree is likely to get (e.g.

    Default /etc/csf/csf.pignore setup by Centmin Mod for custom CSF pignore.
    Code (Text):
    ###############################################################################
# Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: [email protected]
###############################################################################
# The following is a list of executables (exe) command lines (cmd) and
# usernames (user) that lfd process tracking will ignore.
#
# You must use the following format:
#
# exe:/full/path/to/file
# user:username
# cmd:command line
#
# Or, perl regular expression matching (regex):
#
# pexe:/full/path/to/file as a perl regex[*]
# puser:username as a perl regex[*]
# pcmd:command line as a perl regex[*]
#
# [*]You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi
# puser:bob\d.*
# pcmd:/home/.*/command\s\to\smatch\s\.pl\s.*
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt

exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/lsmd
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/polkit-1/polkitd
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/mysqld
exe:/usr/local/apache/bin/httpd
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/sbin/chronyd
exe:/usr/sbin/exim
exe:/usr/sbin/exim4
exe:/usr/sbin/named
exe:/usr/sbin/nscd
exe:/usr/sbin/ntpd
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/sshd
pexe:/usr/local/lsws/bin/lshttpd.*
pexe:/usr/local/lsws/fcgi-bin/lsphp.*
exe:/usr/local/bin/memcached
cmd:/usr/local/bin/memcached
user:mysql
exe:/usr/sbin/mysqld
cmd:/usr/sbin/mysqld
user:varnish
exe:/usr/sbin/varnishd
cmd:/usr/sbin/varnishd
exe:/sbin/portmap
cmd:portmap
exe:/usr/libexec/gdmgreeter
cmd:/usr/libexec/gdmgreeter
exe:/usr/sbin/avahi-daemon
cmd:avahi-daemon
exe:/sbin/rpc.statd
cmd:rpc.statd
exe:/usr/libexec/hald-addon-acpi
cmd:hald-addon-acpi
user:nsd
user:nginx
user:ntp
user:dbus
user:smmsp
user:postfix
user:dovecot
user:www-data
user:spamfilter
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/auth
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/postfix
exe:/usr/libexec/postfix/bounce
exe:/usr/libexec/postfix/discard
exe:/usr/libexec/postfix/error
exe:/usr/libexec/postfix/flush
exe:/usr/libexec/postfix/local
exe:/usr/libexec/postfix/smtp
exe:/usr/libexec/postfix/smtpd
exe:/usr/libexec/postfix/pickup
exe:/usr/libexec/postfix/tlsmgr
exe:/usr/libexec/postfix/qmgr
exe:/usr/libexec/postfix/virtual
exe:/usr/libexec/postfix/proxymap
exe:/usr/libexec/postfix/anvil
exe:/usr/libexec/postfix/lmtp
exe:/usr/libexec/postfix/scache
exe:/usr/libexec/postfix/cleanup
exe:/usr/libexec/postfix/trivial-rewrite
exe:/usr/libexec/postfix/master
     
Previous Thread Next Thread
Loading...
..

.