I ended up SNMP polling my Aruba controllers for their stat information. As I don’t run our RADIUS systems, getting comparable stats from them is a bit challanging. The RADIUS server stats I have access to are in number of requests, where the Aruba MIB offers stats by complete auth.
You can see the results of the collection at [0], and if you are interest, the code is at [1]. [0] - http://drahtlos.dccs.upenn.edu/localhost/localhost/index.html#wireless [1] - https://bitbucket.org/TallWireless/randomscripts/src/096bc66f00d1/auth-stats-poll/?at=master > On Oct 19, 2015, at 10:51 AM, Matthew Newton <[email protected]> wrote: > > Hi Charles, > > On Thu, Oct 15, 2015 at 09:08:33PM +0000, Charles Rumford wrote: >> I’m currently embarking on a project to determine the number of >> RADIUS auths per minute each one of my controllers is generating >> to plan for the capacity I need for my RADIUS servers. >> >> I was curious if anyone has embarked on a similar journey and >> tried to measure auth rates coming from their controllers? > > We feed our RADIUS logs into elasticsearch, which you can then > query with kibana to get nice graphs of pretty much whatever you > want from the logs, which of course includes requests, auth > success, failures per second/minute, hour etc. We have several > plots, one of which shows auths per sec for each controller in a > stacked graph, as well as controller SNMP traps for RADIUS errors > (so we can see when MSCHAP/Samba/AD is becoming overloaded...!). > > I bundled the basic config for detail files into the FreeRADIUS > source: > > > https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/doc/schemas/logstash > > but that should work with any RADIUS server that writes out detail > logs. > > The only downside to this approach as it stands is that it stores > complete logs, so you probably want to rotate them out after a few > months for privacy reasons, so you then lose the graphs. I've not > looked yet but it should be easy in logstash to output the stats > as well to graphite or similar to keep the basic counters around > for longer. But this "downside" is of course a great benefit when > you want to search for logs, as the result is nearly > instantaneous. > > (Also feeding FreeRADIUS auth logs, Wireless Controller TRAPS and > logs, and DHCP logs all in to the same elasticsearch index means > you can get an excellent view across all your wireless logs when > something goes wrong with a client.) > > As you're using FreeRADIUS you can also use the "status" virtual > server to get stats out - see sites-available/status. You drive it > by feeding RADIUS packets into the server (e.g. with radclient) on > the status port and it responds with the data. Examples in the > server file. They can then be plotted with $GRAPHER_OF_CHOICE. > > Cheers, > > Matthew > > > -- > Matthew Newton, Ph.D. <[email protected]> > > Systems Specialist, Infrastructure Services, > I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom > > For IT help contact helpdesk extn. 2253, <[email protected]> > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ---- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746-2808 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
signature.asc
Description: Message signed with OpenPGP using GPGMail
