Yes attachment is fine if its under 10MB
On 2018-06-26 04:35 PM, Steve Pfister wrote:
Just the fingerbank.log? It looks like it's a couple mb compressed.
Can I email it to you as an attachment?
On 6/26/2018 4:31 PM, Julien Semaan wrote:
Can you post the logs that you're seeing for this MAC
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2018-06-26 04:02 PM, Steve Pfister wrote:
Still seems strange.... another example:
MAC: e8:39:35:40:48:1c
log file occurrences:
fingerbank.log - 2881
pfdhcplistener.log - 10
packetfence.org - 7
On 6/26/2018 3:32 PM, Julien Semaan wrote:
I'd check in the pfdhcplistener.log and packetfence.log if you see
multiple occurrences of this MAC address and what type of traffic
is driving this high usage of Fingerbank. Very likely to be this
device performing DHCP extremelly often.
Cheers!
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2018-06-26 03:22 PM, Steve Pfister wrote:
If we end up putting this in production use, and it looks like
that may be likely, we'll most likely be getting a support contract.
On the device profiling, the only thing I'm not clear on is this.
Here is an example line:
Jun 26 19:10:45 PacketFence-ZEN fingerbank-collector: [GIN]
2018/06/26 - 19:10:45 | 200 | 118.321µs | 127.0.0.1 | GET
/endpoint_data/b4:b5:2f:d4:be:8d
The end of the GET statement appears to be a MAC address. If you
search this one log file, I find 35129 occurrences in this one log
file alone. Should there be that many?
On 6/26/2018 2:44 PM, Julien Semaan wrote:
Likely, PacketFence is seeing DHCP traffic from your production
networks which trigger device profiling.
You could obtain unlimited access to the API by having a valid
support contract with Inverse
The available options are documented here:
http://inverse.ca/#support-plans
It is recommended to have one if you're using PacketFence on a
production network, and it does also encourage the project to
have one.
Best Regards,
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2018-06-26 02:07 PM, Steve Pfister wrote:
I see... thank you. Do you know why we're getting frequent
emails about exceeding the API hourly limit? The server isn't in
production use yet, just a test user or two. The fingerbank.log
file for today has 235K lines in it already, after around 14 hours.
On 6/26/2018 1:56 PM, Julien Semaan wrote:
Ownership is fine this way, pf is part of the fingerbank group
so when the PacketFence processes start writing/updating the
files after they're installed, it takes ownership of them.
As for the Local DB, it contains the overrides you create, so
unless you're creating Fingerbank combinations on your PF
server to override what Fingerbank would return, then this will
not see much action.
Best Regards,
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2018-06-26 01:53 PM, Steve Pfister wrote:
Thank you for your response. All the *.db files in that
directory are updating now, except for fingerbank_Local.db.
That file is the only *.db files with owner and group set to
fingerbank. Should that be the way its set, or should it be
root or pf, like the others?
On 6/26/2018 11:53 AM, Julien Semaan wrote:
Hi Steve,
We managed to track this down to a recent issue with the
update of api.fingerbank.org
We have corrected the issue upstream, it should start
updating again automatically.
Also, I confirmed I'm able to get a confirmation email, in
the event its not working for you, I would say your PF server
isn't configured correctly to send emails. Note that these
are sent to the alerting email address in PacketFence.
Best Regards,
- Julien
On 2018-06-26 10:13 AM, Steve Pfister via PacketFence-users
wrote:
The Fingerbank settings have an option 'Update Fingerbank
DB'. This doesn't appear to be doing anything. It says
something about an email which is never received and our
/usr/local/fingerbank/db directory looks like:
drwxrwxr-x. 3 fingerbank fingerbank 264 Jun 26 14:11 .
drwxrwxr-x. 9 fingerbank fingerbank 150 Jun 26 13:55 ..
-rw-r--r-- 1 root root 4541212 Jun 26 14:11
collector_endpoints.db
-rw-r--r-- 1 root root 123381 Jun 26 14:11
collector_ip_maps.db
-rw-rw-r--. 1 fingerbank fingerbank 33792 May 9 18:14
fingerbank_Local.db
-rw-rw-r-- 1 fingerbank fingerbank 21027840 Apr 25 21:54
fingerbank_Upstream.db
-rw-r--r-- 1 pf pf 23364608 Jun 8 13:29
fingerbank_Upstream.db_20180608_132952
-rw-r--r-- 1 pf pf 23364608 Jun 8 13:38
fingerbank_Upstream.db_20180608_133816
-rw-rw-r-- 1 fingerbank fingerbank 98 Apr 25 21:54
.gitignore
drwxrwsr-x. 2 fingerbank fingerbank 4096 Jun 26 13:55
upgrade
-rwxrwxr-x 1 fingerbank fingerbank 2253 Apr 25 21:54
upgrade.pl
Does this look normal?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
