carmik 0 Posted January 9, 2020 Posted January 9, 2020 (edited) I'm running ESMC 7.x as a virtual appliance and have the Apache proxy enabled. I think I saw somewhere that the VA is pre-configured to do Apache HTTP cache housecleaning (using htcacheclean perhaps). I've SSH'ed to the VA and did a "du -sk /var/cache/httpd/proxy" to check how much data are used. Executed that command some 5 minutes ago and I'm still waiting for a result... 😕 Bottomline: is apache proxy cache auto-cleaning enabled by default? If so how can I check that it does what it is supposed to do? if not, how can I configure auto-cleaning (presume a cron job, but I'd appreciated the specifics for ESET themselves) EDIT: The du command finished, the cache directory contains more than 11Gb ... Edited January 9, 2020 by carmik
carmik 0 Posted January 9, 2020 Author Posted January 9, 2020 (edited) Found this article: https://help.eset.com/esmc_deploy_va/70/en-US/enable_apache_http_proxy.html TBH, when I initially configured ESMC there were no ESET instructions on configuring this thing, only the generic VA installation instructions. Oh, well. EDIT: These instructions might be a bit "flawed". I believe that step 5 should read: 5. systemctl start htcacheclean Edited January 9, 2020 by carmik
carmik 0 Posted January 10, 2020 Author Posted January 10, 2020 I need some feedback on this. After cleaning up my VA apache setup (htcacheclean ran for the first time), the following was logged: Cleaned /var/cache/httpd/proxy. Statistics: size limit 10000.0M inodes limit 12000 total size was 9709.7M, total size now 173.4M total inodes was 1058531, total inodes now 11996 total entries was 209920, total entries now 1268 208652 entries deleted (399 from future, 206503 expired, 1750 fresh) The cache is now only 170Mb. What good is a cache that small? It seems that the reason for the cache being that small is the inode limit (by default, as per ESET KB instructions, set to 12000). Notice that that "total inodes now" is 11996, just a bit below that limit. Either I'm missing something profound here, or the ESET defaults for the proxy are not quite suitable for the purpose? Your help will be appreciated.
ESET Staff MartinK 384 Posted January 10, 2020 ESET Staff Posted January 10, 2020 8 hours ago, carmik said: Either I'm missing something profound here, or the ESET defaults for the proxy are not quite suitable for the purpose? Your help will be appreciated. I think that crucial part of log is 206503 expired which indicates that most of the entries were removed as they were considered as expired. If I recall correctly, most of the files ara cached for 7 days, and if not used, they are considered as expired. Only exceptions are results of EDTD analysis (is used at all) where much more files is cached.
carmik 0 Posted January 13, 2020 Author Posted January 13, 2020 Thanks for the clarifications, so the story here is that this is short-term caching in essence, and the inode default limit is ok.
ESET Staff MartinK 384 Posted January 13, 2020 ESET Staff Posted January 13, 2020 2 hours ago, carmik said: Thanks for the clarifications, so the story here is that this is short-term caching in essence, and the inode default limit is ok. Yes, inode limit is fine until you are not using EDTD. We have significantly increased some time ago so you are probably using older appliance (deployed more than year ago) but there will be no problem, as there is not much files cached otherwise. I am little confused by fact that there is much much more inodes than cached files, which makes no sense for me, but this is something that can be changed in configuration of htcacheclean service. In this case it seems that cleanup was not running for very long time and thus so many removed files.
Recommended Posts