I'm trying to help a buddy out and am completely stumped. Anyone have something I can try next?
Background:
Dual 1.8 PPC Mac Pro running Server 10.5. All patches and updates installed. One large (1TB) external firewire drive attached. Wired to an Airport Base Station with a SSH port forward rule in place pushing TCP port 22 traffic to the server.
He basically uses it solely as a file server. He copies a file from the external drive to his workstation, works on it, saves it, and copies it back to the external drive on the server. I have a cron'd rsync that runs nightly and syncs his external drive with his business partner's remote server. That's all it's used for: storing files and rsync'ing the stored files.
Problem:
Since yesterday, his system has slowed to a crawl. Doing anything on the server, especially file copies to/from the workstation, gives him a spinning beachball for 5 minutes before anything happens. Activity Monitor shows the CPU running full-throttle all the time.
I've SSH'ed in and run a top, the kernel_task process is constantly using 100.2% - 100.9% of the CPU. No other processes are using more than 3 or 4% CPU. Plenty of free memory, both physical and virtual.
I've had him unmount and disconnect his external drive, then reboot. Immediately kernel_task jumps back to 100%+ CPU Util. I've had him disable the SSH port forward rule, reboot the Airport, and reboot the server; kernel_task jumps right back to 100%+. As far as I can tell, it's not an IO problem with the external drive nor a DoS attempt. I've also had him repair permissions, which doesn't seem to have helped.
The only thing of note I see in /var/log/system.log are a bunch of afctl and emond messages but as far as I can tell they're just normal portscans and shenanigans from China/Russia:
I'm pretty much stumped. Anyone have any ideas or suggestions?
Background:
Dual 1.8 PPC Mac Pro running Server 10.5. All patches and updates installed. One large (1TB) external firewire drive attached. Wired to an Airport Base Station with a SSH port forward rule in place pushing TCP port 22 traffic to the server.
He basically uses it solely as a file server. He copies a file from the external drive to his workstation, works on it, saves it, and copies it back to the external drive on the server. I have a cron'd rsync that runs nightly and syncs his external drive with his business partner's remote server. That's all it's used for: storing files and rsync'ing the stored files.
Problem:
Since yesterday, his system has slowed to a crawl. Doing anything on the server, especially file copies to/from the workstation, gives him a spinning beachball for 5 minutes before anything happens. Activity Monitor shows the CPU running full-throttle all the time.
I've SSH'ed in and run a top, the kernel_task process is constantly using 100.2% - 100.9% of the CPU. No other processes are using more than 3 or 4% CPU. Plenty of free memory, both physical and virtual.
I've had him unmount and disconnect his external drive, then reboot. Immediately kernel_task jumps back to 100%+ CPU Util. I've had him disable the SSH port forward rule, reboot the Airport, and reboot the server; kernel_task jumps right back to 100%+. As far as I can tell, it's not an IO problem with the external drive nor a DoS attempt. I've also had him repair permissions, which doesn't seem to have helped.
The only thing of note I see in /var/log/system.log are a bunch of afctl and emond messages but as far as I can tell they're just normal portscans and shenanigans from China/Russia:
Code:
Jun 24 00:31:17 server emond[64]: Host at 201.230.18.187 will be blocked for at least 15.00 minutes
Jun 24 00:31:17 server emond[5826]: DoRunAction (child): setting the uid/gid to 0/0
Jun 24 00:31:18 server afctl[5826]: Firewall not running or managed by another entity, rule not added
I'm pretty much stumped. Anyone have any ideas or suggestions?