On 28/11/10 23:56, Amos Jeffries wrote:
> On 25/11/10 21:13, Nick Cairncross wrote:
>> Hi List,
>>
>> I have nailed a few niggles relating to extremely high CPU usage for
>> my authenticators, and I can now clearly look at the requests coming
>> in on the access.log. I use a combination of Kerb& NTLM helpers for
>> my 700 users - majority Kerberos.(70/30). I started tailing the log
>> yesterday and noticed some clients repeatedly attempting to
>> authenticate but failing due to no cred; Mac/Pc system or local and
>> not domain accounts The frequency of the requests is very high and
>> therefore hogging some helpers. I can increased the helper amounts
>> but there is a ratio (CPU/auth) that I need to bear in mind. The
>> clients are mainly trying to get out onto the internet to update
>> various software packages but don't have any credentials to do this,
>> hence the repeated, frequent 407s. Short of visiting these clients to
>> see what's going on (a possibility) is there a way to monitor for
>> these 407 auth requests and flag high-request users that are
>> constantly failing? Some clients occur VERY often and must be hogging
>> helpers maybe even multiple ones..
>
> The log tailing you have is already finding the problem. It sounds like
> you need to automate and add a notification or measure to that.
>
> Squid does not have anything directly applicable at this time. Ideas on
> what to look for and how to do it would be very welcome
Actually, thinking about this a bit more the clientdb may aready be able
to provide this info (but not specific to 407).
This shows some useful entries:
squidclient mgr:client_list | \
grep -E "Address:|TCP_DENIED" | \
grep --before-context=1 "DENIED"
Requires clientdb built into your squid. That may be more easily
scripted for checking and alerting.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Mon Nov 29 2010 - 10:19:57 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 29 2010 - 12:00:03 MST