LFD message - Excessive resource usage: mysql

[bleenders]

Hi there,

Yesterday I installed a new webserver but I'm fairly new to DirectAdmin so I have some questions about messages I'm getting.
Every 30 minutes I get a message from lfd saying:

Time:         Tue Nov  1 10:00:11 2016 +0100
Account:      mysql
Resource:     Process Time
Exceeded:     48789 > 1800 (seconds)
Executable:   /usr/bin/bash
Command Line: /bin/sh /usr/bin/mysqld_safe --basedir=/usr
PID:          518580 (Parent PID:518580)
Killed:       No

I already added the following to csf.pignore on top of what was already there by default:
http://forum.directadmin.com/showthread.php?t=49424

exe:/usr/sbin/nginx
exe:/usr/selector/php
exe:/usr/selector/php-cli
exe:/usr/sbin/pure-ftpd
exe:/usr/local/bin/pureftpd_uploadscan.sh
exe:/usr/local/bin/clamd
exe:/usr/share/cagefs-skeleton/usr/selector/lsphp
exe:/usr/selector/lsphp
exe:/usr/local/bin/lsphp
pexe:/usr/local/php../bin/php_uploadscan\.sh
pexe:/opt/alt/php../usr/bin/php-cgi
pexe:/usr/local/php../sbin/php-fpm..
pexe:/usr/local/php../bin/php-cgi..
pexe:/usr/local/php../bin/php..
pexe:/opt/alt/php../usr/bin/lsphp
exe:/usr/local/bin/freshclam
exe:/usr/libexec/dovecot/managesieve-login
exe:/usr/sbin/rpcbind

What I don't understand is why I keep getting these messages. Even with exe:/usr/sbin/mysqld & exe:/usr/sbin/mysqld_safe already in the default csf.pignore list.
Do any of you know? Also I've seen dovecot or other programs report Exceeded: 1807 > 1800 (seconds) but Exceeded: 48789 > 1800 (seconds) of course is a lot more. Could there be something wrong there?

And then there are also some lines I don't understand when I type service lfd status

lfd.service - ConfigServer Firewall & Security - lfd
   Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-11-01 00:00:02 CET; 10h ago
  Process: 575949 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
 Main PID: 575952 (lfd - sleeping)
   CGroup: /system.slice/lfd.service
           ââ575952 lfd - sleeping

Nov 01 06:40:08 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [CSbsRwZTwmxjKOWJgh]
Nov 01 07:05:08 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [J2QSCTf8QjzPrX8o151emsLGbOs]
Nov 01 07:30:08 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [oW2Voz4h5l0bnHunetGx100]
Nov 01 07:55:09 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [u5IIOrqZG7BRwkS1TtA8SSxZWNd]
Nov 01 08:20:09 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [1w9cnaBGuYyWgp6I]
Nov 01 08:45:09 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [Zdnl9doMUnGZRJnkPZ88]
Nov 01 09:10:10 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [Qkbyf5XEYhg8XcjB6nEC0DYow]
Nov 01 09:35:10 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [uG5HYBX7NeSBLbvnDZvC1xj]
Nov 01 09:51:43 server1.kiwiwebgroep.nl systemd[1]: Started ConfigServer Firewall & Security - lfd.
Nov 01 10:00:10 server1.kiwiwebgroep.nl lfd[575952]: SYSLOG check [3B0SzdcLOvNNqr1Sh3mMfpGUG]

So I see it's running but what are these SYSLOG check messages I'm seeing?
And when I look at the Service Monitor in DA is see:

lfd	lfd (pid 575952 )	0 B	Start	Stop	Restart	Reload

It's using 0 bytes, that doesn't seem quite right.

As I said it's a clean install so there are no users or databases yet. I installed CloudLinux7, DirectAdmin(ngnix_apache,lsphp,mariadb10.1), KernelCare, CageFS, LVE Manager, PHP Selector, MySQL Governor.

Could anyone help me out with there questions?

Thanks,

Bas

 

[zEitEr]

Hello,

Make sure to restart lfd. If you really have:

exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe

in csf.pignore, then just make sure lfd restarted properly, and those emails are not sent from queue (check time of generation).

Read csf.conf or docs for CSF if you want to learn more about SYSLOG checks.