On 28/11/10 23:56, Amos Jeffries wrote:
On 25/11/10 21:13, Nick Cairncross wrote:
Hi List,
I have nailed a few niggles relating to extremely high CPU usage for
my authenticators, and I can now clearly look at the requests coming
in on the access.log. I use a combination of Kerb& NTLM helpers for
my 700 users - majority Kerberos.(70/30). I started tailing the log
yesterday and noticed some clients repeatedly attempting to
authenticate but failing due to no cred; Mac/Pc system or local and
not domain accounts The frequency of the requests is very high and
therefore hogging some helpers. I can increased the helper amounts
but there is a ratio (CPU/auth) that I need to bear in mind. The
clients are mainly trying to get out onto the internet to update
various software packages but don't have any credentials to do this,
hence the repeated, frequent 407s. Short of visiting these clients to
see what's going on (a possibility) is there a way to monitor for
these 407 auth requests and flag high-request users that are
constantly failing? Some clients occur VERY often and must be hogging
helpers maybe even multiple ones..
The log tailing you have is already finding the problem. It sounds like
you need to automate and add a notification or measure to that.
Squid does not have anything directly applicable at this time. Ideas on
what to look for and how to do it would be very welcome
Actually, thinking about this a bit more the clientdb may aready be able
to provide this info (but not specific to 407).
This shows some useful entries:
squidclient mgr:client_list | \
grep -E "Address:|TCP_DENIED" | \
grep --before-context=1 "DENIED"
Requires clientdb built into your squid. That may be more easily
scripted for checking and alerting.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3