| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 13:51 | |
| nowen | jlkinsel: any progress? | 15:04 |
|---|---|---|
| *** dystia (c7ff5332@gateway/web/freenode/ip.199.255.83.50) has joined #wikid | 15:45 | |
| dystia | yo nick. | 15:46 |
| nowen | hey | 15:46 |
| dystia | i need some guidance; | 15:46 |
| nowen | ok | 15:46 |
| dystia | this | 15:46 |
| dystia | ack | 15:46 |
| dystia | ok. /var/lib/pgsql/data/base/16817 has grown to 1.6gb | 15:47 |
| dystia | and it's filling the file system | 15:47 |
| dystia | what's the purpose of the file and can it be purged and how. | 15:47 |
| nowen | is your log page getting slow? | 15:47 |
| dystia | yes actually. i wasn't able to pull logs last night. | 15:48 |
| nowen | ok - go to that page, if you can and archive the logs | 15:48 |
| dystia | 842469 | 15:48 |
| dystia | misfire. | 15:48 |
| dystia | ok checking | 15:48 |
| dystia | slow like whoa. | 15:49 |
| dystia | Download Creation Date Size (bytes) Delete 1360252243595.zip2013-02-07 10:500[X] 1360252267823.zip2013-02-07 10:510[X] | 15:51 |
| dystia | showing as 0 when i click thearchive button - does that update as it runs the archive job/ | 15:51 |
| nowen | the size is 0? | 15:52 |
| dystia | yeah, it shows up in the Current archives on server: as 0 | 15:53 |
| dystia | but the dir contains 1.5gb of files | 15:53 |
| nowen | it should list a size | 15:53 |
| dystia | of 0 bytes, yes | 15:53 |
| dystia | where do these files get placed on the fs? | 15:54 |
| nowen | /opt/WiKID/tomcat/webapps/WiKIDAdmin/logArchive/ | 15:54 |
| dystia | i tried to download it and it said it was 0 bytes in the download window | 15:54 |
| dystia | they're showing as 0 on the fs. | 15:54 |
| nowen | maybe there's not enough disk space for it? | 15:55 |
| dystia | well i'd expect it to grow and then fail. | 15:55 |
| dystia | the files are staying at 0 | 15:55 |
| dystia | 340M is free on /opt | 15:55 |
| nowen | try older than 2 months or something | 15:56 |
| dystia | i tried older than 2 hours orig | 15:57 |
| dystia | and now i'm down to 4% free on the problem fs. | 15:57 |
| nowen | can you run 'yum clean all' | 15:57 |
| nowen | might free up some space | 15:57 |
| dystia | onesec. gotta file a emergency change | 15:58 |
| dystia | ok. looks like i have a few minutes on this one; it's not as full as it was for some reason. | 15:59 |
| dystia | hoping i didn't click delete logs w/out archiving. :) | 15:59 |
| dystia | and nope, it's full. :) | 16:00 |
| dystia | k. filing emergency change. | 16:00 |
| nowen | anything in /root/ ? old rpms that can be deleted? | 16:01 |
| dystia | it's not the same fs. | 16:01 |
| nowen | ok | 16:02 |
| dystia | var is on its' own partition | 16:02 |
| dystia | does yum keep it's files in /var | 16:03 |
| dystia | because 1.5gb of the files on var are in that one dir. | 16:03 |
| nowen | not sure, but I think so | 16:03 |
| dystia | yeah. /var/cache/yum is default | 16:04 |
| dystia | it freed up like 60mb | 16:27 |
| dystia | when i ran yum clean all. | 16:27 |
| dystia | what should I do next? | 16:27 |
| nowen | I think try to archive some lesser amount, like older than 4 months | 16:28 |
| dystia | another 0 byte file w/ that archive setting | 16:30 |
| nowen | is there an error message in the logs? | 16:30 |
| dystia | wikid-server-enterprise-3.5.0-b1342 is what version the server is on, btw | 16:33 |
| nowen | that's pretty up-to-date. | 16:33 |
| nowen | are the loggers set to debug? | 16:34 |
| dystia | set the query to debug | 16:34 |
| dystia | nowen@wikidsystems.com? | 16:34 |
| dystia | i'd rather email the log | 16:35 |
| nowen | is there an error? | 16:35 |
| dystia | there's stuff i don't understand. | 16:35 |
| dystia | but none is red | 16:35 |
| nowen | that's the email | 16:35 |
| dystia | HTTP Access Logger is warn | 16:36 |
| dystia | com.wikidsystems is info | 16:36 |
| dystia | com.wikidsystems.client.wClient is warn | 16:36 |
| dystia | com.wikidsystems.server.wAuth is info | 16:36 |
| dystia | org.apache is warn | 16:36 |
| nowen | ok, we can try vacumming the db | 16:37 |
| dystia | steps? | 16:38 |
| nowen | # su - postgres | 16:39 |
| nowen | $ psql -d wikid | 16:39 |
| nowen | wikid=# SELECT pg_database_size('wikid'); | 16:39 |
| nowen | that will show the size | 16:40 |
| nowen | wikid=# VACUUM FULL; | 16:40 |
| nowen | that will vacuum it | 16:40 |
| nowen | it should return VACUUM | 16:40 |
| nowen | then run the size command again | 16:40 |
| dystia | psql: could not connect to server: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/tmp/.s.PGSQL.5432"? | 16:41 |
| nowen | oh, are you running in replication? | 16:41 |
| dystia | yes | 16:41 |
| dystia | replicates to an -02 box | 16:41 |
| nowen | add -p 5434 | 16:42 |
| dystia | to? | 16:42 |
| dystia | syring | 16:42 |
| nowen | the psql -d wikid -p 5432 | 16:42 |
| dystia | psql -p 5434 -d wikid | 16:42 |
| dystia | kk | 16:42 |
| dystia | psql -d wikid -p 5432 | 16:42 |
| dystia | psql: could not connect to server: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/tmp/.s.PGSQL.5432"? | 16:43 |
| nowen | the server is up, right? | 16:43 |
| nowen | ctrl-d back to root and run 'netstat -anp | grep 543' and see what port it is on | 16:43 |
| dystia | check your email | 16:44 |
| nowen | ok - try using -p 5434 | 16:45 |
| nowen | my bad | 16:45 |
| dystia | ERROR: syntax error at or near "wikid" at character 1 LINE 1: wikid=# SELECT pg_database_size('wikid'); | 16:45 |
| dystia | postgres | postgres | UTF8 template0 | postgres | UTF8 template1 | postgres | UTF8 wikid | postgres | SQL_ASCII | 16:47 |
| dystia | are the dbs in the db | 16:47 |
| nowen | try the same command again | 16:47 |
| dystia | same error | 16:47 |
| nowen | hmm | 16:47 |
| nowen | the db is there | 16:48 |
| nowen | it is exactly thje command I'm using | 16:48 |
| nowen | wikid=# SELECT pg_database_size('wikid'); | 16:48 |
| nowen | pg_database_size | 16:48 |
| nowen | ------------------ | 16:48 |
| nowen | 5628552 | 16:48 |
| nowen | (1 row) | 16:48 |
| dystia | do you need to do a \connect wikid first | 16:49 |
| nowen | wair | 16:49 |
| nowen | wait | 16:49 |
| nowen | just type 'SELECT pg_database_size('wikid');' | 16:49 |
| nowen | ;-) | 16:49 |
| dystia | wikid=# 'SELECT pg_database_size('wikid');' wikid-# | 16:50 |
| nowen | if you do 'psql -d wikid -p 5434' then you are in wikid | 16:50 |
| dystia | ah. doh | 16:51 |
| nowen | lol | 16:51 |
| dystia | the query returned blank | 16:51 |
| dystia | i don't do dbs dude. :P | 16:51 |
| nowen | I hear ya | 16:52 |
| dystia | i hate them. i make the dbas do that. | 16:52 |
| nowen | this is the extent of mine | 16:52 |
| dystia | database security is always epic fail. | 16:52 |
| dystia | so i did a \d and got a list of tables | 16:52 |
| dystia | the pg_database_size was not a listed type/name/in the shcema | 16:52 |
| dystia | also when i run the query it returns blank | 16:52 |
| nowen | did the command not work? | 16:54 |
| dystia | wikid-# 'SELECT pg_database_size('wikid');' wikid-# | 16:54 |
| dystia | all it does is return to the next line | 16:54 |
| nowen | SELECT pg_database_size('wikid'); | 16:54 |
| dystia | it does not tell me anything. | 16:54 |
| nowen | is all you need | 16:54 |
| dystia | ERROR: syntax error at or near "'SELECT pg_database_size('" at character 1 LINE 1: 'SELECT pg_database_size('wikid');' ^ wikid=# SELECT pg_database_size('wikid'); pg_database_size ------------------ 1540738940 (1 row) | 16:54 |
| dystia | now we're talking. | 16:54 |
| dystia | and that size looks right for my problem. | 16:55 |
| nowen | ok | 16:55 |
| dystia | vaccuming | 16:55 |
| nowen | so now run VACUUM FULL; | 16:55 |
| dystia | k. is slow. | 16:56 |
| dystia | wikid=# VACUUM FULL; VACUUM wikid=# SELECT pg_database_size('wikid'); pg_database_size ------------------ 1534251012 (1 row) | 16:56 |
| dystia | is that nubmer supposed to be higher? | 16:57 |
| dystia | var has not gone down in utilization | 16:58 |
| nowen | hmm | 16:58 |
| dystia | my boss wants a root cause analysis when we're done, btw. | 16:59 |
| nowen | mine went down from 7578248 to 5628552 | 16:59 |
| dystia | i want to make sure the service is stable first obviously. | 16:59 |
| dystia | rerun vaccum? | 16:59 |
| nowen | you're sending radius account packets to the WiKID server and it's choking on them | 16:59 |
| nowen | yes | 17:00 |
| dystia | 1534251012 | 17:02 |
| dystia | what next? | 17:02 |
| nowen | how much space is on the fs? | 17:04 |
| dystia | after first vaccum | 17:04 |
| dystia | 2.1G 1.9G 131M 94% /var | 17:04 |
| dystia | after second vaccum | 17:04 |
| dystia | 2.1G 1.9G 113M 95% /var | 17:04 |
| nowen | try | 17:06 |
| nowen | REINDEX DATABASE wikid | 17:06 |
| nowen | ; | 17:06 |
| dystia | wikid=# SELECT pg_database_size('wikid'); pg_database_size ------------------ 1534316412 | 17:07 |
| dystia | i ran REINDEX DATABASE wikid | 17:07 |
| dystia | it didn't want a ; n the end of the line | 17:07 |
| dystia | returned a #wikid prompt | 17:07 |
| dystia | did it want the ; on the next line? | 17:07 |
| nowen | you can do it all on one line | 17:08 |
| nowen | or two | 17:08 |
| dystia | kk | 17:08 |
| dystia | its' running | 17:08 |
| dystia | yay learning stuff. | 17:08 |
| nowen | sorry you have to | 17:09 |
| dystia | me too. :) | 17:10 |
| dystia | ERROR: could not write block 1356 of relation 1663/16817/17506: No space left on device | 17:10 |
| nowen | damn | 17:10 |
| dystia | where next? | 17:10 |
| nowen | got any big log files in /var/log? | 17:11 |
| dystia | rw------- 1 root root 94M Jan 27 04:02 messages.2 -rw------- 1 root root 50M Jan 20 04:02 messages.3 -rw------- 1 root root 45M Feb 3 04:02 messages.1 -rw------- 1 root root 40M Feb 7 12:11 messages -rw------- 1 root root 2.1M Dec 23 04:02 messages.4.gz -rw------- 1 root root 1.8M Dec 30 04:02 messages.3.gz -rw------- 1 root root 1.4M Jan 6 04:02 messages.2.gz -rw------- 1 root root 1.3M Jan 13 04:02 messages.1.gz | 17:12 |
| dystia | not terribly | 17:12 |
| dystia | i have a snap - i can clean a few of the messages files without feeling too guilty | 17:12 |
| dystia | 2.1G 1.7G 264M 87% /var | 17:13 |
| dystia | rerun the reindex? | 17:13 |
| nowen | yeah | 17:14 |
| dystia | REINDEX wikid=# SELECT pg_database_size('wikid'); pg_database_size ------------------ 1483345924 (1 row) | 17:15 |
| nowen | ok | 17:15 |
| dystia | 2.1G 1.8G 191M 91% /var | 17:15 |
| dystia | where next? | 17:15 |
| nowen | try vacuuming again | 17:15 |
| dystia | kk | 17:15 |
| dystia | i have to do a vuln review at 1 that i cannot not go to | 17:15 |
| dystia | which means i may be handing you to someoen else, we'll see | 17:15 |
| dystia | pg_database_size ------------------ 1483272196 | 17:17 |
| dystia | no change | 17:17 |
| dystia | we are now at | 17:18 |
| dystia | 2.1G 1.8G 240M 89% /var | 17:18 |
| dystia | so a little bit more space. | 17:18 |
| nowen | gotta an idea | 17:19 |
| nowen | testing it now | 17:19 |
| dystia | is this going to take long enough for me to justifiably go to the restroom and smoke a cig? | 17:19 |
| nowen | sure | 17:20 |
| nowen | I don't want you jonesing! | 17:20 |
| dystia | kk brb | 17:20 |
| nowen | dystia: you know, the log zips are going to /opt/ not /var | 17:27 |
| dystia | sure but they were showing as 0 | 17:31 |
| dystia | so that wasn't what's killing /var | 17:31 |
| nowen | hmm, yeah, but if they get written, then the are removed from the db in /var | 17:31 |
| nowen | can you try archiving again? | 17:32 |
| dystia | 1360258311490.zip2013-02-07 12:310[X] | 17:32 |
| dystia | same issue | 17:32 |
| dystia | i can run a delete instead of a archive. | 17:32 |
| nowen | really? | 17:32 |
| dystia | had tried that w/ no results already. | 17:32 |
| nowen | try again | 17:33 |
| * nowen crosses finger | 17:33 | |
| dystia | 2.1G 2.0G 54M 98% /var | 17:33 |
| dystia | var is spiking again. | 17:33 |
| nowen | ok | 17:36 |
| nowen | let's delete some logs from the db directly | 17:36 |
| dystia | syntax | 17:37 |
| dystia | cus now var is 100% | 17:37 |
| dystia | wikid=# SELECT pg_database_size('wikid'); pg_database_size ------------------ 1483337596 (1 row) | 17:37 |
| dystia | and i can't get at the log page in the console. | 17:38 |
| nowen | delete from logging_event where logger_name = 'com.wikidsystems.radius.log.DBSvrLogImpl'; | 17:38 |
| dystia | k. running | 17:38 |
| dystia | you know this makes me nervous. | 17:38 |
| dystia | but i have a snap. | 17:38 |
| nowen | yeah. good idea | 17:38 |
| dystia | what are the implications for the replication server? | 17:39 |
| nowen | I think the best idea is to re-sync after this | 17:39 |
| dystia | wikid=# delete from logging_event where logger_name = 'com.wikidsystems.radius.log.DBSvrLogImpl'; DELETE 645701 | 17:39 |
| dystia | wikid=# SELECT pg_database_size('wikid'); pg_database_size ------------------ 1483337596 | 17:39 |
| nowen | vacuum again plz | 17:39 |
| dystia | 2.1G 1.8G 253M 88% /var | 17:39 |
| dystia | you were saying the accounting messages are whats' killing it? | 17:40 |
| nowen | that's what I think based on the log you sent me | 17:40 |
| nowen | you might also have radius set to debug | 17:41 |
| dystia | where would i find that? | 17:41 |
| dystia | i'm running AD to openvpn and wikid | 17:41 |
| nowen | configuration / enable protocols / radius | 17:41 |
| nowen | if you want to delete all the events in the logs: | 17:42 |
| nowen | delete from logging_event; | 17:42 |
| dystia | Use Accounting?: is checked | 17:43 |
| nowen | uncheck that | 17:43 |
| dystia | Debug Level: Normal High Debug is normal | 17:43 |
| dystia | what does unchecking that do? | 17:43 |
| nowen | you want Normal | 17:44 |
| dystia | pg_database_size ------------------ 447213436 | 17:44 |
| nowen | how is the fs? | 17:44 |
| dystia | 2.1G 758M 1.3G 38% /var | 17:44 |
| dystia | much better. | 17:44 |
| nowen | ok, try zipping the rest via the WiKIDAdmin | 17:45 |
| nowen | hopefully it is also fater | 17:45 |
| nowen | faster | 17:45 |
| dystia | what's the command to restart wikid? | 17:46 |
| dystia | sudo service wikid restart? | 17:46 |
| nowen | wikidctl restart | 17:46 |
| dystia | k | 17:46 |
| dystia | restarting to apply the accounting change | 17:46 |
| nowen | also, check to see of openvpn or anything is sending WiKID account packets | 17:47 |
| dystia | 2.1G 777M 1.2G 39% /var | 17:55 |
| dystia | looks like it's being stable for a minute, or at least not likely to fill up again in the next half hour | 17:55 |
| dystia | i need to run into this meeting; i'll check in w/ you once i'm out and make sure openvpn isn't killing it. | 17:55 |
| nowen | no, it most likely took awhile to get this way | 17:55 |
| dystia | it did. | 17:56 |
| dystia | kk. running tomeeting | 18:00 |
| nowen | later | 18:00 |
| *** dystia has quit (Ping timeout: 245 seconds) | 18:04 | |
| *** dystia (c7ff5332@gateway/web/freenode/ip.199.255.83.50) has joined #wikid | 20:15 | |
| dystia | yo | 20:16 |
| dystia | aight. out of meeting. | 20:16 |
| nowen | hey | 20:16 |
| dystia | so - impact of this. | 20:16 |
| dystia | i'm checking the host to see how disk is doing. | 20:16 |
| nowen | ok | 20:17 |
| dystia | wtf caused this? like - is this going to happen again, and is this a risk to my other systems. | 20:17 |
| dystia | that was my main production env; the only other way to get in is a trip to the datacenter. | 20:17 |
| nowen | I'm guessing that either the account on WiKID or accounting being sent to WiKID caused it | 20:17 |
| dystia | is the accounting normally an issue? | 20:18 |
| dystia | 'account on wikid'? | 20:18 |
| nowen | most people don't uses | 20:18 |
| nowen | is it | 20:18 |
| nowen | radius accounting, I mena | 20:18 |
| dystia | what's the purpose of radius accounting/ | 20:19 |
| nowen | not sure, extra logging, I guess? You would only really use it on a real radius server. I will probably remove it as an option | 20:20 |
| dystia | what did you mean by 'account on wikid'? | 20:21 |
| nowen | I meant accounting on wikid, which you turned oof | 20:21 |
| nowen | look at that log you sent me, it is almost all accounting | 20:22 |
| dystia | sure. | 20:22 |
| dystia | i'm pulling logs from the other two consoles. | 20:22 |
| nowen | what do you mean? | 20:23 |
| dystia | well. 1) | 20:23 |
| dystia | I need to be sure that if this is an issue in 1 environment, that it's really the issue, and that if so, we turn off accounting on the other two consoles to avoid replicating the issue. | 20:24 |
| dystia | because i don't want my OTHER prod env to have issues. | 20:24 |
| dystia | 2 is I need to understand how this affects us in a replication setup. | 20:24 |
| nowen | ahh - ok - I forget you have two | 20:24 |
| dystia | so i'm checking disk space and logs on the other two consoles. | 20:24 |
| dystia | i have 3. hence needign an IAM. | 20:24 |
| dystia | (no, a web portal is not going to work.) | 20:24 |
| nowen | you can look at Gluu, josso and CAS. we've integrated login with all of those. but not all the stuff you want. | 20:25 |
| dystia | whats' been integrated? | 20:25 |
| nowen | just login | 20:25 |
| dystia | not configuring someone/ | 20:25 |
| dystia | whats login? | 20:25 |
| nowen | gluu may have more as they did the scripting via the api. cas was radius, josso was login via wauth | 20:26 |
| nowen | entering a username and otp for validation | 20:26 |
| nowen | authenticating | 20:26 |
| dystia | so just logging into its console/ | 20:26 |
| dystia | not provisioning accounts. | 20:26 |
| nowen | login to whatever. not provisioning | 20:27 |
| dystia | check. | 20:27 |
| dystia | jesus nick. | 20:27 |
| dystia | this is killing me. | 20:27 |
| nowen | is it just because you have so much turn-over by consultants? | 20:28 |
| dystia | well, it's because the request process takes a while to complete. | 20:28 |
| dystia | like. AD account, THEN openvpn, THEN wikid | 20:28 |
| dystia | wikid involves generating a xlsx and puttign in fields in the right order (have horked before) and uploading as tab delinmited | 20:28 |
| nowen | do they need an account in openvpn? if you're using radius? | 20:28 |
| dystia | if someone botches it I have to save out hte info, clear the table, reinter it. | 20:28 |
| dystia | if someone fucks up their token I created w/ prereg and have a completed reg in the table, i have to save out the info, clear out the table, reupload the data. | 20:29 |
| dystia | if someone clicks clear the table w/out doig that it invalides all the prereg and its' not retreivable | 20:29 |
| dystia | and that's how Ian has it now - we use openvpn for authoirzation/vpn profiles. | 20:29 |
| dystia | not everyone gets the same profile. | 20:29 |
| dystia | consultant turnover is not my issue. my issue is that my company does not have the concept of 'hire a cheap bitch for that' and expects me to cover a helpdesk role, and it's complicated enough that it's hard to hand to an idiot. | 20:30 |
| dystia | there are systems that can crank people out by business role. i want push button based on ruleset and AD. | 20:30 |
| nowen | yeah, sounds like a confluence of a number of things. no one else even remotely has these issues | 20:31 |
| dystia | i need IAM regardless of wikid but having to do the wikid stuff is definitely a part of the process i dislike. | 20:31 |
| dystia | sure - so how do other people make it not suck | 20:31 |
| nowen | most use AD and WiKID. routing auth through AD and letting users reg themselves based on their AD creds | 20:32 |
| nowen | one prospect has written his own IAM and has his helpdesk adding users | 20:32 |
| dystia | i can't do firewall ruleset with AD - and not everyone should be able to go everywhere. | 20:33 |
| nowen | AD does authorization based on groups. | 20:33 |
| nowen | maybe it's openvpn. you might be too bog for it | 20:34 |
| dystia | absolutely. but it doesn't assign firewall rules. | 20:34 |
| nowen | where bog == big | 20:34 |
| nowen | not sure what happened to my fingers today | 20:34 |
| dystia | i can do that via groups/authorizations but i'd need a better vpn solution/ | 20:34 |
| dystia | yeah, ian has issues. <bitch> | 20:34 |
| dystia | the probelm is the amount of time it takes to rip stuff out. | 20:34 |
| dystia | 2013-02-07 12:48:43.514ERRORcom.wikidsystems.client.wClientERROR: java.net.SocketException: Broken pipe 2013-02-07 12:48:43.410ERRORcom.wikidsystems.server.wAuthCouldn't validate the client certificate. Verify the validity and dates of the client cert. | 20:36 |
| dystia | that's new. | 20:36 |
| nowen | run keytool on your certs: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid | 20:36 |
| dystia | k. if i leave it like htat for now is it likely to die/ | 20:40 |
| nowen | you can just create a new localhost cert | 20:41 |
| dystia | cus it neesd fixing but it looks like i need to turn off accounting for the other two consoles and another machine is having the same issue | 20:41 |
| dystia | yeah - i just hesitate to touch cacerts on a production server without talking to someone who plays w/ it more. | 20:41 |
| dystia | (not something i have a lot of experience w.) | 20:41 |
| nowen | are you able to login to openvpn using that server? | 20:42 |
| dystia | yeah auth is up. | 20:42 |
| dystia | is it likely to be a fire? | 20:42 |
| nowen | it would affect any service using the localhost cert such as example.jsp | 20:43 |
| dystia | k. | 20:55 |
| dystia | gr. :) | 20:55 |
| dystia | at least that's a fairly easy fix. i'll see if i can get it tasked. | 20:55 |
| dystia | tell your dude who wrote his own IAM that I'm adorable and buy beer and want his code. | 20:56 |
| nowen | lol | 20:56 |
| dystia | i use the adorable bit a lot. | 20:56 |
| dystia | frequently works. | 20:56 |
| dystia | oh. where on openvpn would i be seeing the accounting issue, or does it just pick up once it comes into wikid? | 20:56 |
| dystia | (is this something that cascades) | 20:56 |
| nowen | look under the radius authentication piece | 20:57 |
| dystia | i turned off accounting for the server that was having issues. | 21:11 |
| dystia | oh in vpn.checking | 21:11 |
| *** nowen has quit (Remote host closed the connection) | 21:15 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 21:16 | |
| nowen | hmm, random X reboots | 21:33 |
| *** Excid3LogBot (~Excid3Log@ec2-174-129-6-100.compute-1.amazonaws.com) has joined #wikid | 21:35 | |
| nowen | testing another bot | 21:35 |
| *** Excid3LogBot has quit (Read error: Connection reset by peer) | 21:37 | |
| *** Excid3LogBot (~Excid3Log@ec2-174-129-6-100.compute-1.amazonaws.com) has joined #wikid | 21:39 | |
| nowen | http://foo.com | 21:39 |
| dystia | so i need to talk to you about how wikid handles accounting | 21:40 |
| dystia | how does wikid handle logging accounting data and reporting it back to the radius server? | 21:40 |
| dystia | becuase my understanding is tha tkilling it loses me my logout tracking. | 21:41 |
| nowen | well, WiKID has no concept of when someone logs out | 21:41 |
| dystia | so why does it generate radius accounting data and where does it store it and where does it send it? | 21:42 |
| nowen | I don't think it stores it anywhere. that's why I want to remove it | 21:44 |
| dystia | then why is the DB filling up? | 21:47 |
| dystia | it shouldn't, iiuc appropriate radius behavior. | 21:47 |
| dystia | what is killing the log files? | 21:47 |
| nowen | well, I was wondering if the openvpn server is sending it radius accounting packets | 21:48 |
| nowen | can your run tcpdump on port 1813? | 21:48 |
| dystia | heh | 21:51 |
| dystia | theoretically. | 21:51 |
| dystia | onesec. i'm looking at the radius configs on the domain controllers. | 21:51 |
| dystia | if i'm not doing accounting logging there then its stupid to log it elsewhere. | 21:52 |
| nowen | the logs you sent say "Accounting packet receive from xxx on NAS 10.20.x.x." | 21:52 |
| nowen | I was assuming that the NAS was openvpn | 21:52 |
| dystia | Accounting packet receive from bleh on NAS | 21:54 |
| dystia | so what is wikid doing when it logs that? | 21:54 |
| nowen | just logging it | 21:54 |
| nowen | in the database | 21:54 |
| dystia | but what initiates the log message? | 21:55 |
| dystia | like. what is it logging the message in response to | 21:55 |
| nowen | when the NAS sends it the Accounting packets | 21:55 |
| nowen | is 10.20.2.21 your openvpn server? | 21:55 |
| dystia | no. :) | 21:59 |
| dystia | it is where ias lives. | 21:59 |
| nowen | so, you need to either stop it from sending packets or archive the logs every month or so | 22:00 |
| dystia | heheheh | 22:01 |
| dystia | yeah - it can be turned off. | 22:01 |
| nowen | did you archive the rest of the logs successfully? | 22:01 |
| dystia | honestly i'm not that worried about that part right now? I am going to have someone go in and fix the cacerts on the two boxes with problems and turn off accoutning on wikid and openvpn | 22:01 |
| nowen | btw - i'll be on email only tomorrow and very spotty coverage at that | 22:01 |
| dystia | so that'll reduce volume | 22:01 |
| dystia | when I do that i'll have them archive / clean the logs. | 22:01 |
| dystia | thanks. this has been very helpful. | 22:02 |
| dystia | go tell your dude i buy beer. plz. :) | 22:02 |
| dystia | and the cute. also single, if that helps. | 22:02 |
| nowen | well, he's on a different continent, so geographically undesirable may come into play | 22:02 |
| dystia | siiigh. | 22:03 |
| nowen | also, I'm guessing his company owns the code | 22:03 |
| nowen | but maybe you'd move to Jordan? | 22:03 |
| dystia | that would be an issue. he should opensource it. :) | 22:03 |
| dystia | No. not so much. :) | 22:03 |
| dystia | i'm a little spoiled by being able to walk around on the street w/out a guy - i don't think jourdan is one of the BAD ones, but like. spoiled american girl. | 22:03 |
| nowen | I hear ya | 22:03 |
| dystia | aight. i have a direction. | 22:04 |
| dystia | i'll email you if I need anything tommorow; i think we'll be ok. | 22:04 |
| dystia | thanks for your help. :) | 22:04 |
| nowen | my pleasure | 22:04 |
| dystia | ttyl | 22:04 |
| *** dystia has quit (Quit: Page closed) | 22:04 | |
| *** nowen has quit (Quit: Leaving.) | 22:22 | |
| *** Robinson (be1bfd83@gateway/web/freenode/ip.190.27.253.131) has joined #wikid | 22:35 | |
| Robinson | good afternoon | 22:35 |
| Robinson | I have a question about licesing | 22:36 |
| Robinson | anyone here | 22:37 |
| Robinson | ???? | 22:37 |
| Robinson | I think no one | 22:38 |
| Robinson | tks | 22:38 |
| *** Robinson has quit (Client Quit) | 22:38 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!