Skip to main content

Nginx Worker - Network Traffic

Posted by AdrianSimpson on Wed, 12/18/2019

Hi All,

we noticed unusually high network traffic on our instance:

13984 - nginx - nginx: worker process - eth0 - 44.179 - 20.604 KB/sec

It doesnt seem like much up and down but over the course of a day or 2 it amounts to MANY GBs.

We are on the latest version of webmin 1.930 - i didnt noticed the Nginx being used it quite an old version? has anyone else experienced this before?

Also when i kill the specific PID another starts up right away.

I am in the process of installing all the package updates and and will reboot later on.

Any help appreciated.

Kind Regards
Adrian


Submitted by volodya on Wed, 12/18/2019 Permalink

Hello Adrian,

Can you see any suspicious activity in /var/log/nginx/access.log and /var/log/nginx/error.log log files?

Submitted by AdrianSimpson on Wed, 12/18/2019 Permalink

Thanks Volodya, Im going to get all the updates applied tonight and rebooted - but the funny thing is, i cannot open the log file as any program i try to open it in says the file is too large!

I have tried
Notepad
Notepad ++
Wordpad
Word
CSV Viewer (clutching straws!)

Any recommendations?

Kind regards

Submitted by volodya on Wed, 12/18/2019 Permalink

You can use vi, vim, nano or any other text editor right from the system. Please note that this may hurt system performance if it's in production.

You can also get a fragment trom the bottom of the file like so:
tail -100000 /var/log/nginx/access > /trimmed_access

Submitted by AdrianSimpson on Mon, 12/23/2019 Permalink

Hi Chris,

Well we found that multiple of our instances were communicating with numerous Azurecloud servers in poland & germany.

After finding that out I reached out to Azurecloud support, as we dont have an account with them and there was no reason for the to be an active connection to thier servers. The next day, all connections had dropped.

I havent had any word back from them at all though.

The main tools used we used were 'nethogs' and 'iftop'

Cheers