----- "Amos Jeffries" <squid3_at_treenet.co.nz> wrote:
> On Wed, 3 Feb 2010 20:14:36 -0800 (GMT-08:00), Shawn Wright
> <swright_at_shawnigan.ca> wrote:
> > On Monday, our usually very stable Squid 2.6stable20 server acted up,
> due
> > to what appears to be a problem with the ntlm_auth helpers. No changes
> have
> > been made to the system recently, with the exception of recompiling to
> > allow for logs >2Gb last month. Prior to that, the system had been
> stable
> > since Mar 2008. The logs below show a FATAL stop after too many queued
> > auths, which could be due to slow AD DCs combined with spyware on
> clients
> > hammering the proxy. But the odd thing is after the restart at 19:36 on
> Feb
> > 1, our MRTG snmp stats showed a gradual decline in active clients from a
> > normal 650 down to 0, over a period of 24 hours. All other snmp stats
> > appear normal.
> >
> > These two events appear to be related, but I'm not sure how or where to
> > look next.
>
> Do the logs over that 24 hr period confirm the loss of client connections?
> They should at least have clues as to what the last action each client did
> was. The final interaction between a client and the proxy might be
> significant if it was repeated many times across the client base.
That's the odd part. After the restart, all activity appeared to continue as normal - stats showed 25mbps traffic and ~100rps as we'd normally see, and logs indicated lots of authenticated users (nearly all access except windows updates, etc. require auth). The only clue that a problem exists is the zero counter on the snmp data for active clients.
> Bumping the number of helpers up a bit will raise the ceiling on that
> happening again.
I'll give that a try, and also look at our DCs to see if any clues lie there.
> This is just Squid axing away at the helpers. They were actually busy
> doing what they are supposed to do without any problem, so they complain
> when aborted. Not their fault squid did not have enough running to cope
> with the load.
Thanks for the info!
Received on Thu Feb 04 2010 - 15:52:23 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 12:00:04 MST