Em Ter, 2005-05-24 às 16:21 -0300, Hugo Rebello escreveu: > Quando eu comentei a acl dos blackurls o servidor começou a utilizar > somente 20% de processamento. > Você acha que 22848 linhas é muito para um black list ? hehehehe pelo visto é muito para sua máquina ou usando as acl com regex do jeito que vc está usando...80) eu trabalho na minha maq atual com +-1.300.000 sites em um k6-2-300 com 256MRAm...80) > E se eu tirar a opção -i do url_regex, será que isso muda alguma coisa ? nunca tentei. o -i significa case insensitive, ou seja Porn,porn,PORN ele analisa da mesma maneiro. Se vc tirar o -i pode ser que vc deixe passar alguma url que começe com letra maiúscula. Mas toda tentativa é valida... []s > > Abs., > Hugo > > > > Paulo Ricardo Bruck wrote: > > >Em Ter, 2005-05-24 às 15:37 -0300, Hugo Rebello escreveu: > > > > > >>No arquivo /etc/squid/porn.txt eu tenho 224 linhas > >>No arquivo squidguard/blackurls eu já tenho 22848 linhas :-P > >> > >> > >> > > > >humm pouco para dar tanto processamento extra assim. > > > >Vc já experimentou comentar as acl de bloqueio para ver se o consumo > >diminui????? > > > >outro ponto, vc pode colar o ntop ?? ele ajuda a visualizar a sua > >máquina. > > > >[]s > > > > > >>Paulo Ricardo Bruck wrote: > >> > >> > >> > >>>Em Ter, 2005-05-24 às 14:59 -0300, Hugo Rebello escreveu: > >>> > >>> > >>> > >>> > >>>>A máquina tem 512Mb de memória. > >>>> > >>>> > >>>> > >>>> > >>>humm isto indica que vc poderia ter um cache de até +-23000 no cache, ou > >>>seja está sobrando memória. > >>> > >>>Bem como o cache está em 98/99% de cpu, isto nos leva a pensar que sua > >>>listas estão muito grandes ( o porcesso de url_regex e urlpath deve > >>>estar comendo bastante processamento.) > >>> > >>>quantas linhas vc tem , por exemplo no : > >>>squidguard/blackurls > >>>/etc/squid/porn.txt > >>> > >>> > >>>com um wc -l resolve...80) > >>> > >>>[]s > >>> > >>> > >>> > >>> > >>> > >>> > >>>>Obrigado, > >>>> > >>>>Abs., > >>>>Hugo > >>>> > >>>> > >>>>Paulo Ricardo Bruck wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Em Ter, 2005-05-24 às 13:55 -0300, Hugo Rebello escreveu: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Paulo, > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>Olá Hugo > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Eu estou usando um HDD 16Gb SCSI com 52% de espaço livre. > >>>>>>54% de memória está sendo usado para o Squid, mas o grande problema é > >>>>>>que o Squid está consumindo 95% á 99% de processamento. > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>ok, mas quanto de memória vc tem na maq. ? > >>>>>tem outros processos rodando nela??? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Abaixo está a configuração do meu squid.conf. > >>>>>>***************** > >>>>>>http_port 8080 > >>>>>>cache_peer proxy.teste.com parent 8080 3130 > >>>>>>hierarchy_stoplist cgi-bin ? > >>>>>>acl QUERY urlpath_regex cgi-bin \? > >>>>>>no_cache deny QUERY > >>>>>>cache_mem 30 MB > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>aqui vc pode diminuir para 16MB > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>cache_swap_low 90 > >>>>>>cache_swap_high 95 > >>>>>>maximum_object_size 3072 KB > >>>>>>cache_dir ufs /var/spool/squid 9000 16 256 > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> ^^^ ^^^ > >>>>>humm aqui vc pode mudar para aufs > >>>>> > >>>>>o 9000 so consigo responder depois de saber o quanto de memoria vc tem > >>>>>na maquina....8-) > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>cache_access_log /var/log/squid/access.log > >>>>>>ftp_user Squid@ > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>que tal colocar o seu dominio depois do @ ?? 8) > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>auth_param basic children 5 > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>para 650 usuários 5 children é pouco.. aumente um pouco ou vc poderá ter > >>>>>problemas quando todos tentarem para acessar ao mesmo tempo... > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>auth_param basic realm Squid proxy-caching web server > >>>>>>auth_param basic credentialsttl 2 hours > >>>>>>auth_param basic casesensitive off > >>>>>>refresh_pattern ^ftp: 1440 20% 10080 > >>>>>>refresh_pattern ^gopher: 1440 0% 1440 > >>>>>>refresh_pattern . 0 20% 4320 > >>>>>>acl dhl_network src "/etc/squid/dhl_network" > >>>>>>acl dhl_hosts src "/etc/squid/dhl_hosts" > >>>>>>acl apro_sites url_regex -i "/etc/squid/apro_sites" > >>>>>>acl part_sites url_regex -i "/etc/squid/part_sites" > >>>>>>acl dhl_proi src "/etc/squid/dhl_proi" > >>>>>>acl pro_domain dstdomain "/etc/squid/pro_domain" > >>>>>>acl black_domain dstdomain "/var/lib/squidguard/blackdomains" > >>>>>>acl pro_sites url_regex -i "/etc/squid/pro_sites" > >>>>>>acl black_sites url_regex -i "/var/lib/squidguard/blackurls" > >>>>>>acl porn url_regex "/etc/squid/porn.txt" > >>>>>>acl mpeg urlpath_regex .mpeg$ > >>>>>>acl avi urlpath_regex .avi$ > >>>>>>acl mov urlpath_regex .mov$ > >>>>>>acl screen urlpath_regex .src$ > >>>>>>acl mp3 urlpath_regex .mp3$ > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>em geral regras de url_regex e urlpath sobrecarregam o squid e o deixam > >>>>>lento. quantas linhas tem cada regra desta??? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>acl all src 0.0.0.0/0.0.0.0 > >>>>>>acl manager proto cache_object > >>>>>>acl localhost src 127.0.0.1/255.255.255.255 > >>>>>>acl to_localhost dst 127.0.0.0/8 > >>>>>>acl SSL_ports port 443 563 > >>>>>>acl Safe_ports port 80 # http > >>>>>>acl Safe_ports port 21 # ftp > >>>>>>acl Safe_ports port 443 563 # https, snews > >>>>>>acl Safe_ports port 70 # gopher > >>>>>>acl Safe_ports port 210 # wais > >>>>>>acl Safe_ports port 1025-65535 # unregistered ports > >>>>>>acl Safe_ports port 280 # http-mgmt > >>>>>>acl Safe_ports port 488 # gss-http > >>>>>>acl Safe_ports port 591 # filemaker > >>>>>>acl Safe_ports port 777 # multiling http > >>>>>>acl CONNECT method CONNECT > >>>>>>http_access allow manager localhost > >>>>>>http_access deny manager > >>>>>>http_access deny !Safe_ports > >>>>>>http_access deny CONNECT !SSL_ports > >>>>>>http_access allow apro_sites > >>>>>>http_access allow dhl_hosts part_sites > >>>>>>http_access deny pro_domain > >>>>>>http_access deny black_domain > >>>>>>http_access deny pro_sites > >>>>>>http_access deny black_sites > >>>>>>http_access deny mpeg > >>>>>>http_access deny avi > >>>>>>http_access deny mov > >>>>>>http_access deny mp3 > >>>>>>http_access deny screen > >>>>>>http_access deny porn > >>>>>>http_access deny dhl_proi > >>>>>>http_access allow dhl_network > >>>>>>http_access deny all > >>>>>> > >>>>>>http_reply_access allow all > >>>>>>icp_access allow all > >>>>>>icp_access allow all > >>>>>>cache_effective_user squid > >>>>>>visible_hostname on > >>>>>>httpd_accel_with_proxy on > >>>>>>never_direct allow all > >>>>>>coredump_dir /var/spool/squid > >>>>>>************************* > >>>>>> > >>>>>>Obrigado, > >>>>>>Hugo > >>>>>> > >>>>>> > >>>>>> > >>>>>>Paulo Ricardo Bruck wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>Em Ter, 2005-05-24 às 13:23 -0300, Hugo Rebello escreveu: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Pessoal, > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>olá 80) > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Estou com um proxy Squid configurado no meu Debian com 650 usuários > >>>>>>>>e conexões simultaneas. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>ok > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Agora o proxy está ficando lento para abrir as páginas, gostaria de > >>>>>>>>saber como eu faço para melhorar a performance do mesmo ? > >>>>>>>>Existe alguma coisa de configuração que eu possa fazer isso ? > >>>>>>>>A máquina é um servidor Compaq Pentium III 800MHZ com 512Mb de memória. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>bem sem maiores infs sobre HD que vc está usando ou o seu squid.conf > >>>>>>>fica difícil. Em geral o squid necessita de memoria e disco rapido > >>>>>>>( SCSI) > >>>>>>> > >>>>>>>Vc pode comecar colocando mais memória ou diminuir o tamanho do seu > >>>>>>>cache para usar menos memoria..... > >>>>>>>ou trocar o seu hd por um mais rapido entre outros... > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Obrigado, > >>>>>>>>Hugo > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>> > >>>> > >>>> > >>>> > >> > >> > > -- Paulo Ricardo Bruck - consultor Contato Global Solutions tel 011 5031-4932 fone/fax 011 5034-1732 cel 011 9235-4327
Attachment:
signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente