cancel
Showing results for 
Search instead for 
Did you mean: 

File system saturation in \opt for abnormal log activity StandardProxy_access.log

Hi all,

Since yesterday I have a problem in a node with 3 appliance MWG 7.2 in balancing with F5. We had a Filesystem usage on /opt exceeds selected limit (96% / 90%) and the system utilization is very high and hard disk is close to saturation.

I notice that we've a lot of request per second (espiacially in first of the 3 appliance), we have just deleted the older standardproxy_access.log in order to restore  the right amount of available disk space. Now we have around 800 request per second for each of the 3 appliances and got a standardprosy_access.log of 100Mb every 10 minutes!!!

Any suggestion???? Someone can tell me what is it happening??

I've attached a tcpdump, feedback and sample of log

Thanks a lot!!!

Andrea

0 Kudos
5 Replies
apellepa
Level 7

Re: File system saturation in \opt for abnormal log activity StandardProxy_access.log

We have similar situation few weeks ago.

One of our users visit some site, that frequently updates (few requests per second) so logs will grow very faster.

ps. MWG version 6 have much more free space (have another partitions) and such situation never happens.

I think you need to change setting for rotation and pushing logs.

Message was edited by: apellepa on 1/25/13 3:08:05 PM EET
0 Kudos
McAfee Employee

Re: File system saturation in \opt for abnormal log activity StandardProxy_access.log

I wouldnt post any of this data to the community, create a support case and upload it there.

If you have an SR #, please let me know and I can take a look.

Best,

Jon

0 Kudos

Re: File system saturation in \opt for abnormal log activity StandardProxy_access.log

Hi Jon

yes sure, first I'd want to attach this information but then I release that it was better to do not share it.

The SR is <3-2713175271>.

Thanks,

Andrea

0 Kudos
btlyric
Level 12

Re: File system saturation in \opt for abnormal log activity StandardProxy_access.log

IMHO, MWG 7.x has a ridiculously sub-optimal disk partitioning schema.

I am in the process of repartitioning all of our MWG systems so that they have a saner disk partitioning confiiguration. No doubt unsanctionad/unsupported by McAfee, but I don't have the time/energy to deal with things like subversion checkouts eating my file systems and the generic idiocy of the current disk schema.

Feel free to PM me if info about re-partitioning interests you. NOTE: I do not guarantee that any of my suggestions/recommendations will not result in sub-optimal results -- informaton suppied will be just that -- information, not recommendation.

Rgds

BTL

0 Kudos
McAfee Employee

Re: File system saturation in \opt for abnormal log activity StandardProxy_access.log

Hi btl,

This issue is related to a client machine gone wild. It's making tons of requests and generating a large volume of logs. So modifying the disk partitions would only mask the issue.

I do sympathize with the current disk partitioning schema being too small, I believe that should change in future versions (don't ask me when though). As such, I definitly would not recommend resizing the partitions.

Best,

Jon

0 Kudos