How to disable Lfd excessive resource usage alert

By -

LFD : is the abbreviation of Login Failure Daemon. It is a daemon process running on a server which has CSF for server security. LFD scans the server logs files periodically (every X seconds) for resent login failures and consider such attepts like “Brute Force Attacks” and block that IPs with the help of CSF.

In some strange situations you may get some alert emails from server for excessive resource usage. In LFD we can set resource usage limit. You can refer here for more details on Process tracking with the help of csf.

How to disable Lfd excessive resource usage alert?

Example email alert from LFD.

Time: Tue Nov 25 09:15:10 2012 +0520
Account: crybit
Resource: Virtual Memory Size
Exceeded: 205 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/crybit/public_html/index.php
PID: 11254 (Parent PID:11254)
Killed: No

From the above email example you can see that, here the alert is for excessive memory usage from the server for a particular user. You can avoid this email alert by different ways.

Method I
You can disable this particular feature from CSF configuration. That’s not a good method to solve this issue. This email alert is actually much useful for monitoring user’s resource usage under your server.
How to disable it?
Step 1: Login to your server via SSH as root user.
Step 2: Open the CSF configuration file (/etc/csf/csf.conf) with your favorite editor and search the directive ‘PT_USERMEM’. By considering the above example, the PT_USERMEM is 200. You can set the value of PT_USERMEM to ‘0’ to disable this feature from CSF.

[root@server #] vim /etc/csf/csf.conf
-----
# This User Process Tracking option sends an alert if any linux user process
# exceeds the memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set to 0 to disable this feature
PT_USERMEM = "200"
-----

Method II
You can increase the PT_USERMEM limit. By setting the value of PT_USERMEM to a higher value than 200 may help you.

Method III
This is the simplest and standard way to stop such alerts from CSF and LFD. There is a file in csf directory ‘csf.pignore’. You can add the process or the user which you want to ignore this type of alert in to this file.
File location:

[root@server #] vim /etc/csf/csf.pignore

Note:

This type of alerts are useful for monitoring your server. 

Restart the services CSF and LFD

csf -r

That’s it. :-)

Related topics:
Install and configure csf on CentOS
CSF commands for Unix/Linux servers

Linux Server Admin, Infopark, Cochin, Kerala. Contact me : arun(at)crybit.com

11 Comments to How to disable Lfd excessive resource usage alert

  1. It was nice…. and worked…. Thank you.

    As a suggestion please restart the lfd and csf after the tweak

  2. Very useful post. However did spend quite some time because changes were not taking effect. In my case I had restart lfd service as well in order to stop the high resource e-mails coming; type “service lfd restart” in linux without quotes. PS. I went for method II, and set up 400 MB limit.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *