Apache running at Cardiff went into self destruct mode again a few
moments ago.
I managed to catch it this time by having a cron job check the size of
the error_log every minute and do a sighup if it grew too big and send me
the last 100 lines of the log before it got zapped.
The problem this time originated from 155.207.1.25 (philippos.ccf.auth.gr)
for which the access log reports,
grep 155.207.1.25 access_log
155.207.1.25 - - [14/Nov/1995:20:59:18 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:20:59:35 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:20:59:50 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:00 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:10 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:22 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:38 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:01:20 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:01:31 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:01:59 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:02:17 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:02:29 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:05:46 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:06:09 +0000] "NULL" 200 53
155.207.1.25 - - [14/Nov/1995:21:06:58 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:07:21 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:07:34 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:07:44 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:08:04 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:08:10 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:09:48 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:09:58 +0000] "NULL" 200 3807
155.207.1.25 - - [14/Nov/1995:21:10:39 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:12:33 +0000] "NULL" 200 3153
155.207.1.25 - - [14/Nov/1995:21:24:22 +0000] "NULL" 200 871
Whether this is a cause or a symptom I don't know.
I've seen "NULL" in the logs before.
Could it be Apache reacting badly to an invalid request?
Anyone have any ideas?
rob
moments ago.
I managed to catch it this time by having a cron job check the size of
the error_log every minute and do a sighup if it grew too big and send me
the last 100 lines of the log before it got zapped.
The problem this time originated from 155.207.1.25 (philippos.ccf.auth.gr)
for which the access log reports,
grep 155.207.1.25 access_log
155.207.1.25 - - [14/Nov/1995:20:59:18 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:20:59:35 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:20:59:50 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:00 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:10 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:22 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:00:38 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:01:20 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:01:31 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:01:59 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:02:17 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:02:29 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:05:46 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:06:09 +0000] "NULL" 200 53
155.207.1.25 - - [14/Nov/1995:21:06:58 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:07:21 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:07:34 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:07:44 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:08:04 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:08:10 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:09:48 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:09:58 +0000] "NULL" 200 3807
155.207.1.25 - - [14/Nov/1995:21:10:39 +0000] "NULL" 200 225
155.207.1.25 - - [14/Nov/1995:21:12:33 +0000] "NULL" 200 3153
155.207.1.25 - - [14/Nov/1995:21:24:22 +0000] "NULL" 200 871
Whether this is a cause or a symptom I don't know.
I've seen "NULL" in the logs before.
Could it be Apache reacting badly to an invalid request?
Anyone have any ideas?
rob