And now with V9.2-3 updated we ended up into problem again. This time also SECURITY_SERVER looping or rather using 100% of a cpu. Luckily i have 19 more to go..
Noted actually because login was slightly slower than usual. Then noted said 100% cpu activity using bare $MONI SYS.
And
Juhani> sho intr
%SECSRV-F-SERVERNOTACTIVE, security server is not active
Forced crashed but since dumping seemed to take much time I ended up sadly POWERING OFF and ON server in order to bring it up again fast
My daily activity doing $SHOW INTRUSION at 06:00 had ended up with
(06:00)$ show intrusion
Intrusion Type Count Expiration Source
--------- ---- ----- ---------- ------
NETWORK INTRUDER 8 13-JAN-2025 22:05:54.28 LOCAL:.JUHANI::HTTP$SERVER
NETWORK SUSPECT 1 5-JAN-2025 10:47:31.83 SSH_PASSWORD:1.12.254.218::JUHANI
..
NETWORK SUSPECT 2 5-JAN-2025 14:53:01.18 SSH_PASSWORD:130.250.134.35::VYOS
NETWORK INTRUDER 21 8-JAN-2025 11:45:07.46 SSH_PASSWORD:134.122.101.172::ROOT
NETWORK INTRUDER 7 8-JAN-2025 04:17:31.72 SSH_PASSWORD:134.122.103.105::ROOT
NETWORK INTRUDER 21 8-JAN-2025 07:06:17.07 SSH_PASSWORD:134.122.103.154::ROOT
NETWORK INTRUDER 20 9-JAN-2025 19:34:51.55 SSH_PASSWORD:134.122.103.1::ROOT
NETWORK INTRUDER 13 12-JAN-2025 02:44:37.44 SSH_PASSWORD:134.122.111.111::ROOT
NETWORK INTRUDER 16 11-JAN-2025 20:08:00.27 SSH_PASSWORD:134.122.12.213::ROOT
NETWORK INTRUDER 17 10-JAN-2025 05:55:04.60 SSH_PASSWORD:134.122.124.174::ROOT
NETWORK INTRUDER 52 5-JAN-2025 23:29:58.42 SSH_PASSWORD:134.122.49.252::ROOT
NETWORK INTRUDER 42 11-JAN-2025 16:47:28.57 SSH_PASSWORD:134.209.122.174::ROOT
NETWORK INTRUDER 4 12-JAN-2025 04:21:31.44 SSH_PASSWORD:134.209.123.225::MINECRAFT
NETWORK INTRUDER 7 11-JAN-2025 12:32:04.72 SSH_PASSWORD:134.209.123.225::ROOT
NETWORK INTRUDER 4 8-JAN-2025 18:49:43.37 SSH_PASSWORD:134.209.123.225::USER
%SECSRV-F-SRVREPLYTIMEOUT, timed out waiting for reply from security server
(06:00)$!
Sadly I dont have good crash dump.
Tyoically $SHOW INTRUSION lists something around 4000 lines but here we got just mere 899 lines
Previous night 4207 lines..
_veli
Added in 30 minutes 9 seconds:
The incomplete dump file that I have shows something like 3547 LNM type entries in paged pool with string SSH_PASSWORD. Presumably bein related to logical names of table LNM$CLUSTER_INTRUSION_TABLE
From SYS_CHECK.LOG files from recent days I see
Juhani> sear sys$logs:sys_Check.log;* security_server/noheader
00000411 SECURITY_SERVER HIB 10 713140 0 07:05:52.11 4252 4354 M
00000411 SECURITY_SERVER HIB 10 670432 0 05:39:54.67 682 784 M
00000411 SECURITY_SERVER HIB 10 603448 0 04:26:51.68 502 604 M
00000411 SECURITY_SERVER HIB 8 570458 0 03:45:53.34 464 566 M
00000411 SECURITY_SERVER HIB 10 526010 0 03:10:28.52 464 566 M
00000411 SECURITY_SERVER HIB 10 497570 0 02:47:52.71 464 566 M
00000411 SECURITY_SERVER CUR 17 16 469280 0 02:32:35.84 463 565 M
00000411 SECURITY_SERVER HIB 8 414802 0 02:04:04.19 463 565 M
00000411 SECURITY_SERVER HIB 10 294830 0 01:39:06.36 451 553 M
00000411 SECURITY_SERVER HIB 10 259278 0 01:21:19.69 451 553 M
00000411 SECURITY_SERVER HIB 10 193852 0 00:58:04.52 443 545 M
00000411 SECURITY_SERVER HIB 10 130744 0 00:44:30.16 443 545 M
00000411 SECURITY_SERVER HIB 10 98520 0 00:29:41.84 443 545 M
00000411 SECURITY_SERVER HIB 9 62748 0 00:11:52.23 443 545 M
00000411 SECURITY_SERVER HIB 10 30186 0 00:05:43.63 443 545 M
00000411 SECURITY_SERVER HIB 10 8066 0 00:00:49.30 438 540 M
00000411 SECURITY_SERVER HIB 10 173872 0 00:52:56.11 471 573 M
00000411 SECURITY_SERVER HIB 9 145672 0 00:36:55.97 448 550 M
00000411 SECURITY_SERVER HIB 10 115970 0 00:22:52.20 443 545 M
00000411 SECURITY_SERVER HIB 10 70536 0 00:16:04.49 443 545 M
The topmost line is today at 06:00 and from there downwards daily 06:00 a day prior downawads
So suddenly SECURITY_SERVER memory usage went quite upwards from 784 to 4354
_veli