Hi all, > So try these things: > 1. Look at the logs/pfqueue.log and see what errors there may be. > Please post them here for our enlightenment. There are three different ERROR: messages in the log 1. Use of uninitialized value.... 2. Can't bind : IO::Socket::INET: connect: Interrupted system call 3. Can't bind : IO::Socket::INET: connect: Connection refused
Here is a short section of the pfqueue.log Dec 09 17:00:00 pfqueue(13611) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:00:00 pfqueue(13609) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:00:01 pfqueue(13611) ERROR: [mac:00:1c:c5:74:db:c0] Can't bind : IO::Socket::INET: connect: Interrupted system call Dec 09 17:00:22 pfqueue(13604) INFO: [mac:5c:8d:4e:27:73:a1] Node 5c:8d:4e:27:73:a1 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:00:22 pfqueue(13607) INFO: [mac:5c:8d:4e:27:73:a1] Node 5c:8d:4e:27:73:a1 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:01:09 pfqueue(13607) INFO: [mac:38:0f:4a:28:a7:a3] Node 38:0f:4a:28:a7:a3 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:01:09 pfqueue(13608) INFO: [mac:38:0f:4a:28:a7:a3] Node 38:0f:4a:28:a7:a3 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:01:22 pfqueue(13604) INFO: [mac:cc:3a:61:dd:6f:f5] Node cc:3a:61:dd:6f:f5 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:01:22 pfqueue(13606) INFO: [mac:cc:3a:61:dd:6f:f5] Node cc:3a:61:dd:6f:f5 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:02 pfqueue(13606) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:02 pfqueue(13604) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:03 pfqueue(13611) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:03 pfqueue(13609) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:27 pfqueue(13609) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:27 pfqueue(13611) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:29 pfqueue(13609) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:29 pfqueue(13604) INFO: [mac:d0:a6:37:eb:45:ed] Node d0:a6:37:eb:45:ed registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:02:41 pfqueue(13611) ERROR: [mac:d0:a6:37:eb:45:ed] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:02:41 pfqueue(13611) ERROR: [mac:d0:a6:37:eb:45:ed] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:02:41 pfqueue(13611) ERROR: [mac:00:1c:c5:75:e0:80] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:02:58 pfqueue(13607) ERROR: [mac:00:1c:c5:75:e0:80] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:02:58 pfqueue(13607) ERROR: [mac:00:1c:c5:75:e0:80] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:02:58 pfqueue(13607) ERROR: [mac:00:1c:c5:74:db:c0] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:03:20 pfqueue(13605) ERROR: [mac:00:1c:c5:74:db:c0] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:03:20 pfqueue(13605) ERROR: [mac:00:1c:c5:74:db:c0] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:03:20 pfqueue(13605) ERROR: [mac:00:1c:c5:75:e0:80] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:03:29 pfqueue(13606) ERROR: [mac:34:4d:f7:7f:f5:a6] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:03:33 pfqueue(13607) ERROR: [mac:34:4d:f7:7f:f5:a6] Can't bind : IO::Socket::INET: connect: Connection refused Dec 09 17:03:37 pfqueue(13598) INFO: [mac:[undef]] stopping pfqueue (main::END) <--snip--> Dec 09 17:29:17 pfqueue(4346) INFO: [mac:54:40:ad:be:91:f3] Node 54:40:ad:be:91:f3 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:29:17 pfqueue(4351) INFO: [mac:54:40:ad:be:91:f3] Node 54:40:ad:be:91:f3 registered and allowed to pass the Firewall (pf::firewallsso::FortiGate::action) Dec 09 17:29:36 pfqueue(4350) WARN: [mac:00:19:77:73:72:40] Unable to perform a Fingerbank lookup for device with MAC address '00:19:77:73:72:40' (pf::fingerbank::process) Dec 09 17:29:37 pfqueue(4353) WARN: [mac:00:19:77:73:72:40] Unable to perform a Fingerbank lookup for device with MAC address '00:19:77:73:72:40' (pf::fingerbank::process) Dec 09 17:29:37 pfqueue(4348) WARN: [mac:00:19:77:73:72:40] Unable to perform a Fingerbank lookup for device with MAC address '00:19:77:73:72:40' (pf::fingerbank::process) Dec 09 17:29:37 pfqueue(4352) WARN: [mac:00:19:77:73:72:40] Unable to perform a Fingerbank lookup for device with MAC address '00:19:77:73:72:40' (pf::fingerbank::process) Dec 09 17:33:28 pfqueue(4351) WARN: [mac:d8:54:a2:35:e1:80] Unable to perform a Fingerbank lookup for device with MAC address 'd8:54:a2:35:e1:80' (pf::fingerbank::process) Dec 09 17:33:28 pfqueue(4346) WARN: [mac:d8:54:a2:35:e1:80] Unable to perform a Fingerbank lookup for device with MAC address 'd8:54:a2:35:e1:80' (pf::fingerbank::process) Dec 09 17:33:28 pfqueue(4347) WARN: [mac:d8:54:a2:35:e1:80] Unable to perform a Fingerbank lookup for device with MAC address 'd8:54:a2:35:e1:80' (pf::fingerbank::process) Dec 09 17:33:28 pfqueue(4350) WARN: [mac:d8:54:a2:35:e1:80] Unable to perform a Fingerbank lookup for device with MAC address 'd8:54:a2:35:e1:80' (pf::fingerbank::process) Dec 09 17:35:46 pfqueue(4347) WARN: [mac:d8:54:a2:35:e1:80] Unable to match MAC address to IP '172.31.18.2' (pf::iplog::ip2mac) Dec 09 17:35:46 pfqueue(4350) WARN: [mac:34:4d:f7:7f:f5:a6] Unable to match MAC address to IP '172.31.18.2' (pf::iplog::ip2mac) Dec 09 17:35:46 pfqueue(4347) ERROR: [mac:00:1c:c5:75:e0:80] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/dhcp/processor.pm line 528. (pf::dhcp::processor::update_iplog) Dec 09 17:35:46 pfqueue(4350) ERROR: [mac:00:1c:c5:75:e0:80] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/dhcp/processor.pm line 528. (pf::dhcp::processor::update_iplog) Dec 09 17:35:46 pfqueue(4350) INFO: [mac:00:1c:c5:75:e0:80] oldip (172.31.19.134) and newip (172.31.18.2) are different for 00:1c:c5:75:e0:80 - closing iplog entry (pf::api::update_iplog) Dec 09 17:35:46 pfqueue(4347) INFO: [mac:00:1c:c5:75:e0:80] oldip (172.31.19.134) and newip (172.31.18.2) are different for 00:1c:c5:75:e0:80 - closing iplog entry (pf::api::update_iplog) Dec 09 17:36:24 pfqueue(4353) WARN: [mac:34:4d:f7:7f:f5:a6] Unable to match MAC address to IP '172.31.19.134' (pf::iplog::ip2mac) Dec 09 17:36:24 pfqueue(4352) WARN: [mac:34:4d:f7:7f:f5:a6] Unable to match MAC address to IP '172.31.19.134' (pf::iplog::ip2mac) Dec 09 17:36:24 pfqueue(4353) ERROR: [mac:00:1c:c5:75:e0:80] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/dhcp/processor.pm line 528. (pf::dhcp::processor::update_iplog) Dec 09 17:36:24 pfqueue(4352) ERROR: [mac:00:1c:c5:75:e0:80] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/dhcp/processor.pm line 528. (pf::dhcp::processor::update_iplog) Dec 09 17:36:24 pfqueue(4353) INFO: [mac:00:1c:c5:75:e0:80] oldip (172.31.18.2) and newip (172.31.19.134) are different for 00:1c:c5:75:e0:80 - closing iplog entry (pf::api::update_iplog) Dec 09 17:36:24 pfqueue(4352) INFO: [mac:00:1c:c5:75:e0:80] oldip (172.31.18.2) and newip (172.31.19.134) are different for 00:1c:c5:75:e0:80 - closing iplog entry (pf::api::update_iplog) Dec 09 17:38:23 pfqueue(4349) WARN: [mac:34:4d:f7:7f:f5:a6] Unable to match MAC address to IP '192.168.2.14' (pf::iplog::ip2mac) Dec 09 17:38:23 pfqueue(4347) WARN: [mac:00:1c:c5:75:e0:80] Unable to match MAC address to IP '192.168.2.14' (pf::iplog::ip2mac) Dec 09 17:38:23 pfqueue(4348) WARN: [mac:34:4d:f7:7f:f5:a6] Unable to match MAC address to IP '192.168.2.14' (pf::iplog::ip2mac) Dec 09 17:38:23 pfqueue(4353) ERROR: [mac:9c:c1:72:bf:6e:f7] Can't bind : IO::Socket::INET: connect: Interrupted system call (pf::iplog::_get_lease_from_omapi) > 2. Look at /usr/local/fingerbank/logs/fingerbank.log. Are there any errors? There are no ERROR: messages. Here is a very short section from log. Dec 14 08:51:26 httpd.portal(25897) WARN: [mac:08:11:96:4e:37:28] Cannot find any combination ID in any schemas (fingerbank::Source::LocalDB::_getCombinationID) Dec 14 08:51:26 httpd.portal(25897) INFO: [mac:08:11:96:4e:37:28] Upstream is configured and unable to fullfil an exact match locally. Will ignore result from local databas Dec 14 08:51:26 httpd.portal(25897) INFO: [mac:08:11:96:4e:37:28] Found device : 1 through p0f. (fingerbank::Source::TCPFingerprinting::match) Dec 14 08:51:26 httpd.portal(25624) WARN: [mac:08:11:96:4e:37:28] Cannot find any combination ID in any schemas (fingerbank::Source::LocalDB::_getCombinationID) Dec 14 08:51:26 httpd.portal(25624) INFO: [mac:08:11:96:4e:37:28] Upstream is configured and unable to fullfil an exact match locally. Will ignore result from local databas Dec 14 08:51:26 httpd.portal(25624) INFO: [mac:08:11:96:4e:37:28] Found device : 1 through p0f. (fingerbank::Source::TCPFingerprinting::match) Dec 14 08:51:30 httpd.portal(25588) WARN: [mac:d0:59:e4:78:b7:93] Cannot find any combination ID in any schemas (fingerbank::Source::LocalDB::_getCombinationID) Dec 14 08:51:30 httpd.portal(25588) INFO: [mac:d0:59:e4:78:b7:93] Upstream is configured and unable to fullfil an exact match locally. Will ignore result from local databas Dec 14 08:51:30 httpd.portal(25588) INFO: [mac:d0:59:e4:78:b7:93] Found device : 5 through p0f. (fingerbank::Source::TCPFingerprinting::match) > 3. Please report the output to these : # rpm -qa fingerbank fingerbank-2.1.0-5.1.noarch # cat conf/pfqueue.conf [consumer] redis_server=127.0.0.1:6380 redis_reconnect=1 redis_every=100 [queue general] workers=4 has_delayed_queue=enabled delayed_queue_batch=100 delayed_queue_sleep=100 delayed_queue_workers=1 [queue pfdhcplistener] workers=8 # cat conf/chi.conf [storage DEFAULT] storage=redis [storage ldap_auth] expires_in=10m [storage httpd.admin] expires_in=1d [storage httpd.portal] expires_in=6h [storage redis] driver = Redis redis_class = Redis::Fast server = 127.0.0.1:6379 prefix = pf expires_on_backend = 1 reconnect=60 #[storage file] #driver=File #root_dir=/usr/local/pf/var/cache # cat /usr/local/fingerbank/conf/fingerbank.conf [upstream] api_key=8829e1c497e6070c9089c0c19fa5289e22****** # redis-cli -p 6380 llen Queue:general (integer) 0 # redis-cli -p 6380 llen Queue:pfdhcplistener (integer) 486642 I have stopped the pfqueue service, which returned the CPUload and log growth to more normal values. Not sure about the consequences, but for now everything runs fine. > 4. Please post your conf/pf.conf (suitably trimmed of passwords). [general] # # general.domain # # Domain name of PacketFence system. domain=piusx-college.nl # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pf # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=172.31.8.13,172.31.8.14 # # general.locale1 # # Locale used for message translation # more than 1 can be specified #locale=nl_NL # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Amsterdam [network] # # network.rogue_dhcp_detection # # Tries to identify Rogue DHCP Servers and triggers the 1100010 violation if one is found. # This feature is only available if the dhcpdetector is activated. rogue_dhcp_detection=disabled # # network.rogueinterval # # When rogue DHCP server detection is enabled, this parameter defines how often to email administrators. With its default # setting of 10, it will email administrators the details of the previous 10 DHCP offers. rogueinterval=100 [trapping] # # trapping.redirtimer # # How long to display the progress bar during trap release. Default value is # based on VLAN enforcement techniques. Inline enforcement only users could # lower the value. redirtimer=30s # # trapping.redirecturl # # Default URL to redirect to on registration/mitigation release. # moved to profiles.conf in 4.0.6 #redirecturl=http://www.piusx-college.nl/ # # trapping.detection_engine # # Let you choose from our supported IDS: snort or suricata # detection_engine=suricata # # trapping.passthrough # # When enabled, pfdns will resolve the real IP addresses of passthroughs and add them in the ipset session to give access # to trapped devices. DonĀ“t forget to enable ip_forward on your server. passthrough=enabled # # trapping.passthroughs # # Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs to web sites. # passthroughs=http://crl.geotrust.com/,http://ocsp.geotrust.com/ # # guests_self_registration.mandatory_fields # # Fields required to be filled in the self-registration form. Valid values are: # firstname, lastname, organization, phone, mobileprovider, email, # sponsor_email. Basic validation of minimally required values per guest mode # is provided by default. # Moved to profiles.conf in 4.2.0 #mandatory_fields=firstname,lastname,email [guests_admin_registration] # # guests_admin_registration.access_duration_choices # # These are all the choices offered in the guest management interface as # possible access duration values for a given registration. access_duration_choices=12h, 1D, 1W, 1Y, 2Y # # guests_admin_registration.default_access_duration # # This is the default access duration value selected in the dropdown on the # guest management interface. default_access_duration=1Y [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. emailaddr=******@piusx-college.nl, ******@piusx-college.nl # # alerting.fromaddr # # Source email address for email notifications. Empty means root@<server-domain-name>. fromaddr=******@piusx-college.nl # # alerting.smtpserver # # Server through which to send messages to the above emailaddr. The default is localhost - be sure you're running an SMTP # host locally if you don't change it! smtpserver=****** [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=****** [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=100D # # expire.iplog # # Time which you would like to keep logs on IP/MAC information. # A value of 0D disables expiration. # example: # iplog=180D iplog=1M # # expire.traplog # # Time which you would like to keep logs on trap information. # A value of 0D disables expiration. # example: # traplog=180D traplog=2M # # expire.locationlog # # Time which you would like to keep logs on location information # Please note that this table should not become too big since it # could degrade pfsetvlan performance. # A value of 0D disables expiration. # example: # locationlog=180D locationlog=1M [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # # services.pfqueue # # Should pfqueue be managed by PacketFence? pfqueue=disabled [vlan] # # # vlan.nbtraphandlerthreads # # Number of trap handler threads pfsetvlan should start nbtraphandlerthreads=10 # # vlan.trap_limit_action # # Action that PacketFence will take if the vlan.trap_limit_threshold is reached. # Defaults to none. email will send an email every hour if the limit's still reached. # shut will shut the port on the switch and will also send an email even if email is not # specified. trap_limit_action=email [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled # # captive_portal.wispr_redirection # # Enable or disable WISPr redirection capabilities on the captive-portal wispr_redirection=disabled # captive_portal.httpd_mod_qos # # Enable mod_qos for the captive-portal httpd_mod_qos=enabled [webservices] # # webservices.user # # username to use to connect to the webAPI user=suricata # # webservices.pass # # password of the username pass=****** [maintenance] # # maintenance.iplog_cleanup_batch # # iplog cleanup batch iplog_cleanup_batch=500 # # maintenance.iplog_cleanup_timeout # # iplog cleanup timeout iplog_cleanup_timeout=25s # # maintenance.locationlog_cleanup_batch # # locationlog cleanup batch locationlog_cleanup_batch=500 # # maintenance.locationlog_cleanup_timeout # # locationlog cleanup timeout locationlog_cleanup_timeout=25s # # maintenance.violation_maintenance_timeout # # violation maintenance timeout violation_maintenance_timeout=25s [interface eth0] ip=172.31.26.3 type=management,portal mask=255.255.255.0 vip=172.31.26.9 [interface eth1] enforcement=vlan ip=172.31.52.9 type=internal mask=255.255.255.0 [interface eth2] enforcement=vlan ip=172.31.54.9 type=internal mask=255.255.254.0 [interface eth3] type=high-availability ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
