A non-perl ( yes, I know ) possibility is Sun's SymbEL release 3 out on http://www.sunfreeware.com, which our webmaster runs on his Solaris boxen. He did this due to a custom bit of Java that leaks bad. He is quite taken with it, tho I admit to not playing w/ it. YMMV.

For point 2, that's a beauty idea, even if you only use it to give you a heads up of impending doom!

I'd also, on the point one above, check the firewall and IDS logs to see if anything less-than-tasty is coming from outside.

Lastlly, check out Sun's Sun Performance and Tuning Techniques doc ( you may have to register w/ http://sunsolve.sun.com ). The techniques are pretty light ( I run them from time to time on my heavily utilized firewalls - no perl - w/ negligable additional load ).

As an aside, sysadmins who hang their hopes on patches and new releases exclusively w/o understanding what is *actually* wrong have, IME & IMHO, very short tenures in quality IT staffs. SysAdmins who can diagnose, provide evidence, and occasionally cruft a work-around, thrive - w/ little REM sleep, tho.

UPDATE: My sysadmin comments were directed toward jlongino's web admin, and not at jlongino. jlongino++ for taking this on.

HTH
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.

~ Shunryu Suzuki