I don't wish to flood the list, but I have some additional information that I think may be relevant.
I see that periodically, usually spaced by hours, the dhcp listener log is written to, when that occurs the PF admin/queue display shows that the number for the queue count "pfdhcplisten" will drop to zero, often from the thousands. At that moment the outstanding task counter for pfdhcplisten also drops, but only to 56, this number seems to always be 56 greater than the queue count, but clearly must grow over time. The expired task counter for the pfdhcplistener is over 37 million and increases slowly. I have also seen the listener queue reach only hundreds before being processed. I suspect unprocessed/expired and/or outstanding tasks might explain why I have some items that are clearly showing in the pf log, in the dhcp log on the dhcp server but only have MAC and location information in the Packetfence database. Suspect what I'm seeing is abnormal and wanted to present the information to the more experienced group. The log is empty, the old log rolled to a .gz file and the new log isn't being written to. Restarting the dhcp listener service did redirect the logging but did not cause the queue to flush. Should I be concerned about this behavior and what action(s) should I take? Thank you, Brian -----Original Message----- From: Cuttler, Brian R (HEALTH) Sent: Thursday, August 4, 2022 2:52 PM To: packetfence-users@lists.sourceforge.net Subject: FW: [PacketFence-users] fail conect with new SSID -----Original Message----- From: Cuttler, Brian R (HEALTH) Sent: Thursday, August 4, 2022 10:40 AM To: Zammit, Ludovic <luza...@akamai.com> Subject: RE: [PacketFence-users] fail conect with new SSID Can I use udp-reflector to send to both? We were running it and sending to management port 1443, I have started a second instance sending to 767 and on the PF server I see traffic to both ports using tcpdump. And I do see that we did log some traffic in the pfdhcplistener.log but it is not updating much, certainly not at the rate that we see incoming traffic via tcpdump, I had thought it was not updating at all. Which is the correct socket to forward to, or should I always send to both? I do see MAC addresses for dhcp clients that have no IP in PF in the dhcp log, so I know the clients have been active in the last day or so and can currently ping the IP. Does the log only update when the information is new, or for all traffic? Tail of log reads [root@pkfn7 logs]# tail -f pfdhcplistener.log Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] Updating iplog and SSO for b0:a8:6e:4c:f5:c0 -> 10.50.172.27 (pf::dhcp::processor::handle_new_ip) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] DHCPREQUEST from a8:d0:e5:32:64:00 (10.50.172.25) (pf::dhcp::processor::parse_dhcp_request) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor::pf_is_dhcp) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] Updating iplog and SSO for a8:d0:e5:32:64:00 -> 10.50.172.25 (pf::dhcp::processor::handle_new_ip) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] DHCPREQUEST from ac:4b:c8:07:df:00 (10.49.65.250) (pf::dhcp::processor::parse_dhcp_request) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor::pf_is_dhcp) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] Updating iplog and SSO for ac:4b:c8:07:df:00 -> 10.49.65.250 (pf::dhcp::processor::handle_new_ip) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] DHCPREQUEST from b0:a8:6e:47:ee:c0 (10.50.172.28) (pf::dhcp::processor::parse_dhcp_request) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor::pf_is_dhcp) Aug 04 07:20:44 pfqueue(45717) INFO: [mac:unknown] Updating iplog and SSO for b0:a8:6e:47:ee:c0 -> 10.50.172.28 (pf::dhcp::processor::handle_new_ip) Thank you, Brian -----Original Message----- From: Zammit, Ludovic <luza...@akamai.com> Sent: Thursday, August 4, 2022 10:15 AM To: Cuttler, Brian R (HEALTH) <brian.cutt...@health.ny.gov> Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] fail conect with new SSID [You don't often get email from luza...@akamai.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
