cancel
Showing results for 
Search instead for 
Did you mean: 
DBO
Level 9

How to identified the connected sessions / Thread to a Webwasher 6.9.6 proxy

We still have an old WebWasher 6.9.6 Proxy (to be migrated in 4 weeks) that suddently since last week jump in overcharge at period of time where trafic show be very low.

We don't see change in Proxy Request, ICAP Server Request, System Load, Memory

We see spike in Nb Thread (from 1.5k to 7.5k), Open Connection (from 1.6k to 6.7k) and served Connections (240 to 1.2)

Anybody seen this before?  It look like something is either opening a lot of connection or generation a lot of internal connection...

Is there commands in CLI that could show the list of external connection, who's own those threads?  Basically that would allow us to pin point what is appening?????

0 Kudos
2 Replies
McAfee Employee

Re: How to identified the connected sessions / Thread to a Webwasher 6.9.6 proxy

Hi DBO,

Sorry for the delay!

There is a special diagnostic dashboard:

https://x.x.x.x/dbinfo

This will show you the active connections to the Webwasher under the threads info page.

If you have multi-process on, this is not available, and can only be found in the feedback file.

Best Regards,

Jon

0 Kudos
DBO
Level 9

Re: How to identified the connected sessions / Thread to a Webwasher 6.9.6 proxy

We are in multi-process mode but there is still some data but, the timestamp look weird

ThreadID      Started      Type      Description

6015920 (954) 26 Oct 2015 05:02:46 -0400Process Communication Thread
11959216 (1539) 26 Oct 2015 05:02:52 -0400ICAP Server verification
132025264 (3794) 26 Oct 2015 13:29:36 -0400HTTPS ProxyDate/Time=2015/10/26 14:10:49, Last request=CONNECT 3-edge-chat.facebook.com:443 HTTP/1.1, Status=SSL: Tunnel Wait
133532592 (5720) 26 Oct 2015 05:05:04 -0400Persistent FTP Socket
52304816 (8589) 26 Oct 2015 09:22:24 -0400HTTP ProxyDate/Time=2015/10/26 09:25:44, Last request=POST http://fiji-production-ws.use1.huffpo.net/socket/699/oqj0diy3/xhr_streaming HTTP/1.1, Status=kDoRESPMOD
14113712 (5717) 26 Oct 2015 05:05:04 -0400Socket Forwarding
71285680 (11099) 26 Oct 2015 05:08:39 -0400Socket Forwarding
8846256 (1538) 26 Oct 2015 05:02:52 -0400HTTP ProxyDate/Time=2015/10/26 14:11:08, Last request=GET http://159.8.209.219/din.aspx?s=31708859&client=DynGate&p=10001333 HTTP/1.1, Status=kParseResponse
48335792 (1541) 26 Oct 2015 05:02:52 -0400CPersistHostData
157662128 (1553) 26 Oct 2015 05:02:52 -0400WCCP UDP Communication thread 2
101329840 (1552) 26 Oct 2015 05:02:52 -0400WCCP Communication thread
10013616 (4403) 26 Oct 2015 05:03:08 -0400Socket Forwarding Control
41860016 (6068) 26 Oct 2015 05:32:58 -0400Socket Forwarding
131279792 (15487) 26 Oct 2015 05:39:09 -0400Socket Forwarding
2683304880 (31842) 26 Oct 2015 12:16:40 -0400Socket Forwarding
13847472 (8355) 26 Oct 2015 05:06:49 -0400Socket Forwarding
44829616 (16420) 26 Oct 2015 05:39:54 -0400Socket Forwarding
14904240 (8174) 26 Oct 2015 05:06:42 -0400Socket Forwarding
40176560 (17729) 26 Oct 2015 05:14:11 -0400Socket Forwarding
52411312 (18103) 26 Oct 2015 08:28:17 -0400HTTP ProxyDate/Time=2015/10/26 08:28:17, Last request=POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/3ubzrvi9hginqy7x6taqf... HTTP/1.0, Status=kReadClientData
43932592 (978) 26 Oct 2015 05:28:43 -0400Socket Forwarding
37743536 (15980) 26 Oct 2015 05:12:35 -0400Socket Forwarding
2270362544 (5744) 26 Oct 2015 14:09:32 -0400HTTPS ProxyDate/Time=2015/10/26 14:09:38, Last request=CONNECT clients6.google.com:443 HTTP/1.0, Status=SSL: Tunnel Wait
44456880 (1129) 26 Oct 2015 05:28:48 -0400Socket Forwarding
52784048 (7112) 26 Oct 2015 13:58:10 -0400HTTPS ProxyDate/Time=2015/10/26 14:11:30, Last request=CONNECT 2-edge-chat.facebook.com:443 HTTP/1.1, Status=SSL: Tunnel Wait
77638576 (26378) 26 Oct 2015 14:11:03 -0400HTTPS ProxyDate/Time=2015/10/26 14:11:03, Last request=CONNECT mts0.google.com:443 HTTP/1.0, Status=SSL: Tunnel Wait
0 Kudos