On 25/11/10 21:13, Nick Cairncross wrote:
Hi List, I have nailed a few niggles relating to extremely high CPU usage for my authenticators, and I can now clearly look at the requests coming in on the access.log. I use a combination of Kerb& NTLM helpers for my 700 users - majority Kerberos.(70/30). I started tailing the log yesterday and noticed some clients repeatedly attempting to authenticate but failing due to no cred; Mac/Pc system or local and not domain accounts The frequency of the requests is very high and therefore hogging some helpers. I can increased the helper amounts but there is a ratio (CPU/auth) that I need to bear in mind. The clients are mainly trying to get out onto the internet to update various software packages but don't have any credentials to do this, hence the repeated, frequent 407s. Short of visiting these clients to see what's going on (a possibility) is there a way to monitor for these 407 auth requests and flag high-request users that are constantly failing? Some clients occur VERY often and must be hogging helpers maybe even multiple ones..
The log tailing you have is already finding the problem. It sounds like you need to automate and add a notification or measure to that.
Squid does not have anything directly applicable at this time. Ideas on what to look for and how to do it would be very welcome
Appreciate this is probably more of a *nix question but any help or pointers would be great. Nick
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
