Re: [squid-users] Monitoring 407 authentications

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 28 Nov 2010 23:56:52 +1300

On 25/11/10 21:13, Nick Cairncross wrote:
> Hi List,
>
> I have nailed a few niggles relating to extremely high CPU usage for
> my authenticators, and I can now clearly look at the requests coming
> in on the access.log. I use a combination of Kerb& NTLM helpers for
> my 700 users - majority Kerberos.(70/30). I started tailing the log
> yesterday and noticed some clients repeatedly attempting to
> authenticate but failing due to no cred; Mac/Pc system or local and
> not domain accounts The frequency of the requests is very high and
> therefore hogging some helpers. I can increased the helper amounts
> but there is a ratio (CPU/auth) that I need to bear in mind. The
> clients are mainly trying to get out onto the internet to update
> various software packages but don't have any credentials to do this,
> hence the repeated, frequent 407s. Short of visiting these clients to
> see what's going on (a possibility) is there a way to monitor for
> these 407 auth requests and flag high-request users that are
> constantly failing? Some clients occur VERY often and must be hogging
> helpers maybe even multiple ones..

The log tailing you have is already finding the problem. It sounds like
you need to automate and add a notification or measure to that.

Squid does not have anything directly applicable at this time. Ideas on
what to look for and how to do it would be very welcome

>
> Appreciate this is probably more of a *nix question but any help or
> pointers would be great.
>
> Nick

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.3
Received on Sun Nov 28 2010 - 10:56:55 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 29 2010 - 12:00:03 MST