Re: [squid-users] Monitoring 407 authentications

From: Amos Jeffries <>
Date: Mon, 29 Nov 2010 23:19:43 +1300

On 28/11/10 23:56, Amos Jeffries wrote:
> On 25/11/10 21:13, Nick Cairncross wrote:
>> Hi List,
>> I have nailed a few niggles relating to extremely high CPU usage for
>> my authenticators, and I can now clearly look at the requests coming
>> in on the access.log. I use a combination of Kerb& NTLM helpers for
>> my 700 users - majority Kerberos.(70/30). I started tailing the log
>> yesterday and noticed some clients repeatedly attempting to
>> authenticate but failing due to no cred; Mac/Pc system or local and
>> not domain accounts The frequency of the requests is very high and
>> therefore hogging some helpers. I can increased the helper amounts
>> but there is a ratio (CPU/auth) that I need to bear in mind. The
>> clients are mainly trying to get out onto the internet to update
>> various software packages but don't have any credentials to do this,
>> hence the repeated, frequent 407s. Short of visiting these clients to
>> see what's going on (a possibility) is there a way to monitor for
>> these 407 auth requests and flag high-request users that are
>> constantly failing? Some clients occur VERY often and must be hogging
>> helpers maybe even multiple ones..
> The log tailing you have is already finding the problem. It sounds like
> you need to automate and add a notification or measure to that.
> Squid does not have anything directly applicable at this time. Ideas on
> what to look for and how to do it would be very welcome

Actually, thinking about this a bit more the clientdb may aready be able
to provide this info (but not specific to 407).

This shows some useful entries:
   squidclient mgr:client_list | \
     grep -E "Address:|TCP_DENIED" | \
     grep --before-context=1 "DENIED"

Requires clientdb built into your squid. That may be more easily
scripted for checking and alerting.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for
Received on Mon Nov 29 2010 - 10:19:57 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 29 2010 - 12:00:03 MST