Just the fingerbank.log? It looks like it's a couple mb compressed. Can
I email it to you as an attachment?
On 6/26/2018 4:31 PM, Julien Semaan wrote:
Can you post the logs that you're seeing for this MAC
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2018-06-26 04:02 PM, Steve Pfister wrote:
Still seems strange.... another example:
MAC: e8:39:35:40:48:1c
log file occurrences:
fingerbank.log - 2881
pfdhcplistener.log - 10
packetfence.org - 7
On 6/26/2018 3:32 PM, Julien Semaan wrote:
I'd check in the pfdhcplistener.log and packetfence.log if you see
multiple occurrences of this MAC address and what type of traffic is
driving this high usage of Fingerbank. Very likely to be this device
performing DHCP extremelly often.
Cheers!
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2018-06-26 03:22 PM, Steve Pfister wrote:
If we end up putting this in production use, and it looks like that
may be likely, we'll most likely be getting a support contract.
On the device profiling, the only thing I'm not clear on is this.
Here is an example line:
Jun 26 19:10:45 PacketFence-ZEN fingerbank-collector: [GIN]
2018/06/26 - 19:10:45 | 200 | 118.321µs | 127.0.0.1 | GET
/endpoint_data/b4:b5:2f:d4:be:8d
The end of the GET statement appears to be a MAC address. If you
search this one log file, I find 35129 occurrences in this one log
file alone. Should there be that many?
On 6/26/2018 2:44 PM, Julien Semaan wrote:
Likely, PacketFence is seeing DHCP traffic from your production
networks which trigger device profiling.
You could obtain unlimited access to the API by having a valid
support contract with Inverse
The available options are documented here:
http://inverse.ca/#support-plans
It is recommended to have one if you're using PacketFence on a
production network, and it does also encourage the project to have
one.
Best Regards,
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2018-06-26 02:07 PM, Steve Pfister wrote:
I see... thank you. Do you know why we're getting frequent emails
about exceeding the API hourly limit? The server isn't in
production use yet, just a test user or two. The fingerbank.log
file for today has 235K lines in it already, after around 14 hours.
On 6/26/2018 1:56 PM, Julien Semaan wrote:
Ownership is fine this way, pf is part of the fingerbank group
so when the PacketFence processes start writing/updating the
files after they're installed, it takes ownership of them.
As for the Local DB, it contains the overrides you create, so
unless you're creating Fingerbank combinations on your PF server
to override what Fingerbank would return, then this will not see
much action.
Best Regards,
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2018-06-26 01:53 PM, Steve Pfister wrote:
Thank you for your response. All the *.db files in that
directory are updating now, except for fingerbank_Local.db.
That file is the only *.db files with owner and group set to
fingerbank. Should that be the way its set, or should it be
root or pf, like the others?
On 6/26/2018 11:53 AM, Julien Semaan wrote:
Hi Steve,
We managed to track this down to a recent issue with the
update of api.fingerbank.org
We have corrected the issue upstream, it should start updating
again automatically.
Also, I confirmed I'm able to get a confirmation email, in the
event its not working for you, I would say your PF server
isn't configured correctly to send emails. Note that these are
sent to the alerting email address in PacketFence.
Best Regards,
- Julien
On 2018-06-26 10:13 AM, Steve Pfister via PacketFence-users
wrote:
The Fingerbank settings have an option 'Update Fingerbank
DB'. This doesn't appear to be doing anything. It says
something about an email which is never received and our
/usr/local/fingerbank/db directory looks like:
drwxrwxr-x. 3 fingerbank fingerbank 264 Jun 26 14:11 .
drwxrwxr-x. 9 fingerbank fingerbank 150 Jun 26 13:55 ..
-rw-r--r-- 1 root root 4541212 Jun 26 14:11
collector_endpoints.db
-rw-r--r-- 1 root root 123381 Jun 26 14:11
collector_ip_maps.db
-rw-rw-r--. 1 fingerbank fingerbank 33792 May 9 18:14
fingerbank_Local.db
-rw-rw-r-- 1 fingerbank fingerbank 21027840 Apr 25 21:54
fingerbank_Upstream.db
-rw-r--r-- 1 pf pf 23364608 Jun 8 13:29
fingerbank_Upstream.db_20180608_132952
-rw-r--r-- 1 pf pf 23364608 Jun 8 13:38
fingerbank_Upstream.db_20180608_133816
-rw-rw-r-- 1 fingerbank fingerbank 98 Apr 25 21:54
.gitignore
drwxrwsr-x. 2 fingerbank fingerbank 4096 Jun 26 13:55
upgrade
-rwxrwxr-x 1 fingerbank fingerbank 2253 Apr 25 21:54
upgrade.pl
Does this look normal?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
