forum.bitel.ru :: Просмотр темы - Огромный трафик за оч короткое время...

ERROR 26.11.2007 10:51:07 [pool-1-thread-4] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 10:51:10 [pool-1-thread-4] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 10:53:13 [pool-1-thread-6] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 10:53:15 [pool-1-thread-8] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 10:53:25 [pool-1-thread-10] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 10:54:00 [pool-1-thread-5] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 10:54:02 [pool-1-thread-2] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 10:54:21 [pool-1-thread-6] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 10:54:34 [pool-1-thread-2] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 10:55:39 [pool-1-thread-9] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 10:55:48 [pool-1-thread-3] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 10:57:14 [pool-1-thread-10] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 10:57:25 [pool-1-thread-1] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 10:57:31 [pool-1-thread-3] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 10:58:22 [pool-1-thread-5] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 10:58:24 [pool-1-thread-3] Service not found for direct=1; IP:0.0.1.156; port:80
ERROR 26.11.2007 10:58:29 [pool-1-thread-7] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 11:00:18 [pool-1-thread-5] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 11:00:19 [pool-1-thread-4] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:00:25 [pool-1-thread-5] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 11:00:27 [pool-1-thread-10] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:01:05 [pool-1-thread-8] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 11:01:11 [pool-1-thread-4] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 11:02:51 [pool-1-thread-6] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:03:17 [pool-1-thread-1] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 11:03:24 [pool-1-thread-1] Service not found for direct=1; IP:0.159.15.0; port:80
ERROR 26.11.2007 11:03:44 [pool-1-thread-1] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 11:05:56 [pool-1-thread-4] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:06:00 [pool-1-thread-1] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:06:12 [pool-1-thread-3] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 11:06:18 [pool-1-thread-9] Service not found for direct=1; IP:0.108.16.0; port:80
ERROR 26.11.2007 11:08:48 [pool-1-thread-5] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:08:59 [pool-1-thread-5] Service not found for direct=1; IP:0.109.16.0; port:80
ERROR 26.11.2007 11:11:42 [pool-1-thread-10] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:11:49 [pool-1-thread-8] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:14:08 [pool-1-thread-8] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:14:13 [pool-1-thread-6] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:16:20 [pool-1-thread-10] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:22 [pool-1-thread-3] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:30 [pool-1-thread-8] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:44 [pool-1-thread-7] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:45 [pool-1-thread-9] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:49 [pool-1-thread-10] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:16:50 [pool-1-thread-6] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:50 [pool-1-thread-6] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:50 [pool-1-thread-1] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:51 [pool-1-thread-3] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:16:52 [pool-1-thread-3] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:17:01 [pool-1-thread-4] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:17:01 [pool-1-thread-4] Service not found for direct=1; IP:0.0.0.11; port:22
ERROR 26.11.2007 11:19:27 [pool-1-thread-2] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:19:35 [pool-1-thread-4] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:21:54 [pool-1-thread-6] Service not found for direct=1; IP:0.75.226.0; port:80
ERROR 26.11.2007 11:24:34 [pool-1-thread-10] Service not found for direct=1; IP:0.75.226.0; port:80

Автор:	Akhmat [ 23 ноя 2007, 23:37 ]
Заголовок сообщения:	Огромный трафик за оч короткое время...
Добрый день! Появились сессии, короткие, длительностью порядка минуты, и с нереальным для этого времени трафиком. Вот, последняя сессия: Вот лог сессии 23 13:19:15 Type=AUTHENTICATION_REQUEST Attributes: User-Name=mosagin NAS-Identifier=core-global-01 NAS-Port-Id=Uniq-Sess-ID1210 CHAP-Password=\u1\u63\u63ULI\u63\u60l\u63\u63P46\u63mK NAS-IP-Address=172.24.26.5 NAS-Port=1210 Service-Type=2 Framed-Protocol=1 Calling-Station-Id=172.24.26.5 NAS-Port-Type=5 23 13:19:15 Type=AUTHENTICATION_ACCEPT Process time:110 Attributes: Acct-Interim-Interval=60 Service-Type=2 Framed-Protocol=1 23 13:19:15 Type=ACCOUNTING_REQUEST Attributes: User-Name=mosagin NAS-Identifier=core-global-01 NAS-IP-Address=172.24.26.5 Tunnel-Medium-Type= NAS-Port=1210 Service-Type=2 Tunnel-Client-Endpoint=172.24.26.5 Tunnel-Server-Endpoint=10.14.14.1 Framed-Protocol=1 Framed-IP-Address=81.176.6.159 Acct-Status-Type=1 Acct-Delay-Time=0 Acct-Session-Id=00060BB7 Acct-Authentic=1 NAS-Port-Id=Uniq-Sess-ID1210 Tunnel-Assignment-ID=1 Calling-Station-Id=172.24.26.5 NAS-Port-Type=5 cisco-avpair=connect-progress\u61LAN Ses Up 23 13:20:25 Type=ACCOUNTING_REQUEST Attributes: User-Name=mosagin NAS-Identifier=core-global-01 NAS-IP-Address=172.24.26.5 NAS-Port=1210 Tunnel-Medium-Type= Service-Type=2 Tunnel-Client-Endpoint=172.24.26.5 Tunnel-Server-Endpoint=10.14.14.1 Framed-Protocol=1 Framed-IP-Address=81.176.6.159 Acct-Input-Octets=15690 Acct-Output-Octets=60427 Acct-Status-Type=2 Acct-Delay-Time=0 Acct-Session-Time=70 Acct-Input-Packets=144 Acct-Session-Id=00060BB7 Acct-Authentic=1 NAS-Port-Id=Uniq-Sess-ID1210 Acct-Terminate-Cause=6 Acct-Output-Packets=163 Tunnel-Assignment-ID=1 Calling-Station-Id=172.24.26.5 NAS-Port-Type=5 cisco-avpair=disc-cause-ext\u61SNMP Disc cisco-avpair=connect-progress\u61LAN Ses Up За 1 мин. невозможно скачать почти 500 МБ внешнего трафика! Вот ещё пример: и лог сессии: 22 13:15:07 Type=AUTHENTICATION_REQUEST Attributes: User-Name=gabeev NAS-Identifier=core-global-01 NAS-Port-Id=Uniq-Sess-ID838 CHAP-Password=\u1\u63\u63\u63O\u173\u63\u63\u16\u8\u63\u63X\u63Q\u634 NAS-IP-Address=172.24.3.11 NAS-Port=838 Service-Type=2 Framed-Protocol=1 Calling-Station-Id=172.24.3.11 NAS-Port-Type=5 22 13:15:07 Type=AUTHENTICATION_ACCEPT Process time:141 Attributes: Acct-Interim-Interval=60 Service-Type=2 Framed-Protocol=1 22 13:15:07 Type=ACCOUNTING_REQUEST Attributes: User-Name=gabeev NAS-Identifier=core-global-01 NAS-IP-Address=172.24.3.11 Tunnel-Medium-Type= NAS-Port=838 Service-Type=2 Tunnel-Client-Endpoint=172.24.3.11 Tunnel-Server-Endpoint=10.14.14.1 Framed-Protocol=1 Framed-IP-Address=81.176.6.14 Acct-Status-Type=1 Acct-Delay-Time=0 Acct-Session-Id=0005BD5C Acct-Authentic=1 NAS-Port-Id=Uniq-Sess-ID838 Tunnel-Assignment-ID=1 Calling-Station-Id=172.24.3.11 NAS-Port-Type=5 cisco-avpair=connect-progress\u61LAN Ses Up 22 13:16:06 Type=ACCOUNTING_REQUEST Attributes: User-Name=gabeev NAS-Identifier=core-global-01 NAS-IP-Address=172.24.3.11 NAS-Port=838 Tunnel-Medium-Type= Service-Type=2 Tunnel-Client-Endpoint=172.24.3.11 Tunnel-Server-Endpoint=10.14.14.1 Framed-Protocol=1 Framed-IP-Address=81.176.6.14 Acct-Input-Octets=79769 Acct-Output-Octets=553395 Acct-Status-Type=2 Acct-Delay-Time=0 Acct-Session-Time=59 Acct-Input-Packets=435 Acct-Session-Id=0005BD5C Acct-Authentic=1 NAS-Port-Id=Uniq-Sess-ID838 Acct-Terminate-Cause=6 Acct-Output-Packets=661 Tunnel-Assignment-ID=1 Calling-Station-Id=172.24.3.11 NAS-Port-Type=5 cisco-avpair=disc-cause-ext\u61SNMP Disc cisco-avpair=connect-progress\u61LAN Ses Up тут трафика почти 300 метров! Предыстория 22 числа, обновил радиус сервер, потому как в старом не работал необходимый для работы узел "зона". После этого начались такие косяки. В чём может быть причина? Подозреваю баги изза обновления радиус сервера Благодарю!

Автор:	Akhmat [ 24 ноя 2007, 22:26 ]
Заголовок сообщения:
При этом в таблице log_session, число input_octets для этих сессий маленькое

Автор:	Администратор [ 26 ноя 2007, 13:42 ]
Заголовок сообщения:
Считаете по данным NetFlow? Логи есть первичные?

Автор:	Akhmat [ 26 ноя 2007, 16:04 ]
Заголовок сообщения:
Да есть! А чем их просматривать? Куда отправить?

Автор:	Администратор [ 26 ноя 2007, 17:56 ]
Заголовок сообщения:
Формат какой? Наш коллектор?

forum.bitel.ru http://forum.bitel.ru/

Огромный трафик за оч короткое время... http://forum.bitel.ru/viewtopic.php?f=5&t=571	Страница 1 из 1

Автор:	Akhmat [ 26 ноя 2007, 18:38 ]
Заголовок сообщения:
сори, спутал логи, IPN логи смотрел)) встроенный нетфлоу коллектор используется. а в нетфлоу лог таки ошибки: это мусор так понимаю, или как? Код: ERROR 26.11.2007 10:51:07 [pool-1-thread-4] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 10:51:10 [pool-1-thread-4] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 10:53:13 [pool-1-thread-6] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 10:53:15 [pool-1-thread-8] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 10:53:25 [pool-1-thread-10] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 10:54:00 [pool-1-thread-5] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 10:54:02 [pool-1-thread-2] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 10:54:21 [pool-1-thread-6] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 10:54:34 [pool-1-thread-2] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 10:55:39 [pool-1-thread-9] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 10:55:48 [pool-1-thread-3] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 10:57:14 [pool-1-thread-10] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 10:57:25 [pool-1-thread-1] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 10:57:31 [pool-1-thread-3] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 10:58:22 [pool-1-thread-5] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 10:58:24 [pool-1-thread-3] Service not found for direct=1; IP:0.0.1.156; port:80 ERROR 26.11.2007 10:58:29 [pool-1-thread-7] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 11:00:18 [pool-1-thread-5] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 11:00:19 [pool-1-thread-4] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:00:25 [pool-1-thread-5] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 11:00:27 [pool-1-thread-10] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:01:05 [pool-1-thread-8] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 11:01:11 [pool-1-thread-4] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 11:02:51 [pool-1-thread-6] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:03:17 [pool-1-thread-1] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 11:03:24 [pool-1-thread-1] Service not found for direct=1; IP:0.159.15.0; port:80 ERROR 26.11.2007 11:03:44 [pool-1-thread-1] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 11:05:56 [pool-1-thread-4] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:06:00 [pool-1-thread-1] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:06:12 [pool-1-thread-3] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 11:06:18 [pool-1-thread-9] Service not found for direct=1; IP:0.108.16.0; port:80 ERROR 26.11.2007 11:08:48 [pool-1-thread-5] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:08:59 [pool-1-thread-5] Service not found for direct=1; IP:0.109.16.0; port:80 ERROR 26.11.2007 11:11:42 [pool-1-thread-10] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:11:49 [pool-1-thread-8] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:14:08 [pool-1-thread-8] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:14:13 [pool-1-thread-6] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:16:20 [pool-1-thread-10] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:22 [pool-1-thread-3] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:30 [pool-1-thread-8] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:44 [pool-1-thread-7] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:45 [pool-1-thread-9] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:49 [pool-1-thread-10] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:16:50 [pool-1-thread-6] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:50 [pool-1-thread-6] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:50 [pool-1-thread-1] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:51 [pool-1-thread-3] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:16:52 [pool-1-thread-3] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:17:01 [pool-1-thread-4] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:17:01 [pool-1-thread-4] Service not found for direct=1; IP:0.0.0.11; port:22 ERROR 26.11.2007 11:19:27 [pool-1-thread-2] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:19:35 [pool-1-thread-4] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:21:54 [pool-1-thread-6] Service not found for direct=1; IP:0.75.226.0; port:80 ERROR 26.11.2007 11:24:34 [pool-1-thread-10] Service not found for direct=1; IP:0.75.226.0; port:80 Скажите, что показать...

Автор:	Akhmat [ 26 ноя 2007, 18:40 ]
Заголовок сообщения:
вот, в радиус.аут вот что нашёл, а эту ошибку как понимать? Код: Type=ACCOUNTING_REQUEST Attributes: User-Name=mosagin NAS-Identifier=core-global-01 NAS-IP-Address=172.24.26.58 NAS-Port=833 Tunnel-Medium-Type= ? Service-Type=2 Tunnel-Client-Endpoint=172.24.26.58 Tunnel-Server-Endpoint=10.14.14.1 Framed-Protocol=1 Framed-IP-Address=81.176.6.218 Acct-Input-Octets=614 Acct-Output-Octets=174 Acct-Status-Type=2 Acct-Delay-Time=0 Acct-Session-Time=0 Acct-Input-Packets=9 Acct-Session-Id=0006D3DF Acct-Authentic=1 NAS-Port-Id=Uniq-Sess-ID833 Acct-Terminate-Cause=1 Acct-Output-Packets=7 Tunnel-Assignment-ID=1 Calling-Station-Id=172.24.26.58 NAS-Port-Type=5 cisco-avpair=connect-progress=LAN Ses Up cisco-avpair=disc-cause-ext=PPP Receive Term Stop without start! Stop without start! Спасибо!

Автор:	Администратор [ 27 ноя 2007, 15:14 ]
Заголовок сообщения:
Цитата: сори, спутал логи, IPN логи смотрел)) встроенный нетфлоу коллектор используется. а в нетфлоу лог таки ошибки: это мусор так понимаю, или как Не знаю даже, странные адреса какие-то.. Но вообще лучше их относить отлавливать в последней привязке 0.0.0.0-255.255.255.255 к внешнему. А в ИПН логах трафика с этого же источника нет?

Автор:	Akhmat [ 03 дек 2007, 23:16 ]
Заголовок сообщения:
Вернул старый радиус, а короткие сессии с большим трафом всё таки появляются, хотя по радиус пакетам там маленький траф у них(( Что вам показать? Используется встроенный нетфлоу коллектор для радиуса.

Страница 1 из 1	Часовой пояс: UTC + 5 часов [ Летнее время ]
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/