Siege FAQ
Why Do I Need It? ▲
Siege was designed to stress-test and benchmark web servers. You need to examine the performance and efficiency of your code under duress. Siege provides mechanisms to control the number of simulated hits to a web server over a specified period. Use siege to avoid future embarrassment.
Where is the latest version? ▲
The latest version of Siege is available on this site:
https://download.joedog.org/siege/siege-latest.tar.gz
What platforms does it run on? ▲
Siege has been compiled and run on AIX 4.x, GNU/Linux 2.2.x, HP-UX 11.x, and Solaris 2.x. Siege relies on UNIX-centric functionality. As a result, it will not run natively on Microsoft Windows. No problem. You can run it under cygwin. Here's a “cheat sheet” to help get you started on Cygwin. It’s a quick reference to help get you started.
Hey! I tried running it, but it doesn't work… ▲
‘man siege’ is a good place to start. You probably have a configuration problem. Run “siege -C” to view your current working configuration. If the output of that command indicates that you do not have a resource file, .siegerc, then run “siege.config” to generate one. You can configure Siege to run properly by setting command-line options or editing the resource file.
What’s the Bulldog’s name? ▲
The original spokes model for http://www.joedog.org was Limey Tango Jones. Sadly, he passed away in 2008. He was nearly thirteen years old. He left some mighty big shoes to fill … The newest spokes model is Pommie Tango Jones. He never met a tennis ball he didn’t like. If YOU have an English bulldog, please send us a link to his pictures. (We know you have some…)
Can I stress cgi-bin programs? ▲
Yes. If they accept GET, you can build your URLs with the form values like this:
http://www.hjs.com/cgi-bin/doh.cgi?name=homer&last=simpson
If they accept POST, then you have to construct your URL with the POST directive like this:
www.bart.com/cgi-bin/aye.pl POST name=bart&last=simpson
If you are using the POST directive at the command line, you will have to put quotes ("”) around it. Quotes are unnecessary if the URL is in the urls.txt file.
Does Siege support HTTP/1.1? ▲
Mostly. Support for protocol 1.1 has trickled in gradually. Starting with v2.03, an option was added to .siegerc to enable the 1.1 protocol. Over time, protocol features have steadily been incorporated into the program. The default protocol is now 1.1. To switch to the 1.0 protocol, add the following directive to your .siegerc file: protocol = HTTP/1.0.
Features of 1.1 protocol not yet supported by Siege:
- Pipelined connections
- 100 Continue
- Support for persistent connections is poor. Siege prefers Connection: close.
I chose the HTTP/1.0 protocol, but Siege is reporting 1.1 ▲
Several HTTP/1.1-compliant servers return HTTP/1.1 headers even when the client requested HTTP/1.0. Don’t worry, the server is executing the selected protocol, even though it is reporting otherwise. (Bug? Feature? Who knows?)
If Siege supports HTTP/1.1, why would I choose HTTP/1.0? ▲
There are numerous reasons, actually. Perhaps the biggest reason for choosing 1.0 is to avoid skewing benchmarks. Some HTTP servers ignore the client's Close directive during a redirect. If this occurs, the siege instance will “hang” with an open socket until the server finally closes it. This could take up to 30 seconds, which obviously skews your benchmark. If you notice siege instances hanging for extended periods, you may want to switch to the 1.0 protocol. For the most part, you probably want to use 1.1
Does Siege support the POST directive ▲
Yes. As of siege-2.06, the POST directive is supported. You will need to construct your URLs in the following manner:
www.lisa.com/cgi-bin/haha.cgi POST first=lisa&last=simpson
http://www.whoohoo.com/Auth POST user=home&password=secret
Siege 2.65 added support for posting file contents. To post a file, use the redirect character:
http://www.haha.com/reader.php POST < /path/to/file
NOTE: this is not a multi-part file POST. Siege does not currently support that feature. Versions before 2.67 sent “application/x-www-form-urlencoded” as the default Content-Type; newer versions map file extensions to the appropriate content types. In the example above, Siege will send the header “Content-Type: text/xml”. The complete map is in src/load.c.
If you run POSTS from the command line, make sure you wrap the URL with quotes.
siege -g “http://www.haha.com/reader.php POST user=howard&pass=stern”
DO NOT quote URLs in the urls.txt file!!!!
Why doesn't my POST work? ▲
The most common mistake we see occurs when people post to the file rather than to the FORM action. In other words, if haha.jsp contains a FORM whose action is the servlet UserAuth, then you must construct your URL to post to UserAuth, NOT haha.jsp.
Why does Siege POST data that is smaller than the size of my post file? ▲
Siege chomps excessive white space, carriage returns, and newlines from the POST data contained within a post file that has been fed to the application with a redirect character: “http://www.joedog.org/haha.php POST < /my/file.txt” Therefore, Siege may post less data to the server than it has read from the file.
Does Siege support the HTTPS protocol? ▲
Yes, it does. But it requires additional work on your part. You have to download OpenSSL from http://www.openssl.org, compile it, and install it on your system. You will need to reconfigure and rebuild Siege to use OpenSSL. Consult the installation instructions for more details. In a nutshell, if you have SSL installed, then build Siege like this: ./configure --prefix=/some/dir --with-ssl=/path/to/ssl make
make install
NOTE: If your OpenSSL libraries were installed via a package, --with-ssl= is likely unnecessary. The configure script will find them.
Is the siege HTTPS support secure? ▲
It is not as secure as it could be. Not all systems have /dev/random, so I've chosen to seed the entropy pool in a highly portable manner. Technically, the method used is not as secure as it could have been. But Siege was developed as a pre-production testing tool. It is not intended to handle sensitive data transactions. Use Siege to test your https code in development, not in production.
Can I run Siege for a predetermined period? ▲
Yes. The frequency of this question has waned, which I hope means that this option is no longer confusing. The format for time-based testing is -tNUMm, where NUM is an integer and "m" is the modifier H, M, or S for hours, minutes, or seconds. Therefore, if you want to run Siege for two hours, you could invoke it in any of the following ways:
-t2H -t120M -t7200S
NOTE: The modifier is NOT case sensitive, therefore -t2H is the same as -t2h.
How many concurrent users should I use? ▲
Integrity testing: I can count on one hand the number of issues I found with 800 simulated users that I wouldn't have found with 25. If your programmers aren't reclaiming resources such as database connections, you will identify the problem by seeing repeated hits on the troublesome application. Do yourself a favor: during integrity testing, keep the users under 100. You're more likely to create a mess than identify a problem. Capacity testing: Regression testing is an effective method for measuring your web server's load capacity. Bombard is a siege wrapper that stair-steps through increasing load and charts the results. Increase the number of concurrent users gradually. Too frequently, we receive complaints from people who’ve created issues with high levels of simultaneous users. If you schedule more users than your web server is configured to handle, then of course you’ll make a mess. An HTTP server handles a fixed number of incoming requests. A pre-forking server has a limited number of child processes (MaxClients), and a threaded server has a fixed number of threads (MaxThreads). A server can handle up to its maximum number of handlers, no more. Once its handlers are exhausted, socket connections are queued by the OS. They wait for the next available handler. If the httpd server is overwhelmed by more users than it can handle, sockets will time out before they receive a handler. Siege reports a timeout, and the browser reports “Connection refused.” If the server is completely inundated, the OS may not have enough resources even to create a socket. If you scheduled so many siege clients that you've reached this point, then you've made a complete mess. Congratulations. Please don't email us with complaints.
If you want to measure your code under load that reflects your site's traffic, schedule concurrent users based on current traffic levels. An access log analyzer, such as Webalizer (free) or WebTrends (expensive), can help you determine the load. If your site peaks at 100 hits per second, use these parameters to run siege: -c100 -d5. For 50 hits per second, run it like this: -c50 -d1. We’ve had people ask about configurations like -c1000 -d1. A single pre-forking Apache server cannot handle such a load without modification. It has a hardcoded limit of 256.
What does “Error: system resources exhausted” mean? ▲
This error occurs when you’ve selected several simulated users, which is greater than your system can handle, i.e., you've run out of memory. The other likely scenario is that you've selected several simulated users, which exceeds the number of processes your UNIX account is allowed to run. This is likely when a non-root user attempts to run more than 256 siege users on most commercial UNIX systems. You can run Siege as root to work around this issue, or have your administrator increase the number of processes you are allowed to run. Keep in mind that -c256 -d1 translates to roughly 47,000 unique visitors per day.
How Does Siege Calculate Concurrency? ▲
Concurrency is the total number of transactions divided by the total elapsed time. If we completed 100 transactions in 10 seconds, our concurrency was 10.00. This blog entry provides additional details to help you understand this metric.
Does Siege support cookies? ▲
Netscape cookie support was added to siege-2.00; it does not support RFC 2965 cookies. Cookies are accepted and used on a per-thread basis. If you schedule 10 Siege users, you'll receive 10 site cookies.
Cookies are persisted in $HOME/.siege/cookies.txt. They stored with associated thread IDs. If the number of users in your next run exceeds that in the previous run, it will start reusing cookies. If you had 10 users on the first run and 12 on the next run, user 11 will pick up cookie 1, user 12 will use cookie 2, and so on.
Can I run Siege with multiple resource files? ▲
Yes. The siege resource file is located in your home directory.
$HOME/.siege/siege.conf
If you don’t have a resource file, you can run “siege.config” to generate one. This file contains a runtime configuration. You can run Siege with an alternative resource file in one of two ways: via a command-line argument or an environment variable.
At runtime, Siege searches for a resource file as follows. It checks whether one was named with the “-R filename” argument. If that argument was not invoked, Siege will check for a SIEGERC environment variable. Finally, it will rely on a $HOME/.siegerc file. You may set an environment variable like so:
export SIEGERC=/home/jeff/etc/siege.conf
To make sure Siege is using that file, run “siege -C” to view the configuration. You can set up several sieges with shell wrappers:
#!/bin/sh
export SIEGERC=/home/jeff/etc/siege_one.conf /home/jeff/bin/siege
export SIEGERC=/home/jeff/etc/siege_two.conf /home/jeff/bin/siege
export SIEGERC=/home/jeff/etc/siege_thr.conf /home/jeff/bin/siege
Can I run Siege with multiple IP addresses from the same machine? ▲
Yes. The best solution we’ve found comes from Robert Hartman, but it is GNU/Linux-specific and requires IP tables support. Basically, there are two steps.
1.) Add IP aliases. Example:
#!/bin/sh
for i in `seq 1 254` do
ifconfig eth0:$i 192.168.1.$i
done
2.) Reverse NAT with iptables. To enable the Linux kernel to act as a client from multiple IP addresses, use iptables to perform reverse NAT. Example:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT –to 192.168.1.1-192.168.1.254
NOTES: This method can also be used for Class B address spaces, provided proper masking is applied to the eth0 interface. Robert tested this to work with 2500+ IPs on a single Ethernet card. You can contact Robert via email: “robert at roberthartman dot net.”
What is the easiest way to build a urls.txt file? ▲
Two supported utilities can help you build a urls.txt file. One is sproxy, a functional HTTP proxy server that collects URLs, including POST and GET data, in a “siege-friendly” format. The second is logparse, which parses URLs from an Apache-style access_log and builds a siege-style urls.txt file. NOTE: logparse will build one URL for each entry in the access_log. It is recommended that you run logparse on a subset of access_log. Another unsupported utility is available. Scout surveys a web server and prepares the urls.txt file for a siege.
Where is the license information? ▲
Siege is published under the GPL, the GNU Public License. A copy of that license is included in every siege distribution in the file called “COPYING.” Click here for more information about the GPL.
Are siege binaries available? ▲
Yes. On Ubuntu systems connected to the Internets, you should be able to run “apt-get install siege” to install the software. Debian also makes Siege available in its networked repositories. AIX binaries are available from the Public Domain Software Library for AIX. Less recent binaries are also available for Solaris 2.5.1, 2.6, 7, 8/SPARC; HP-UX 10.20, 11.00; Tru64 UNIX 4.0D, 5.1; IRIX 6.5; and AIX 4.3.2 from The Written Word.
