[squid-users] squid and netdata causes squid to drop SYN?
Amish
anon.amish at gmail.com
Tue Jan 21 04:28:15 UTC 2020
Hello,
Recently, I started using netdata to monitor various system functions
(which also monitors squid)
I am using squid (v4.9) with transparent (NAT) as well as Proxy mode (on
different ports). Network has 10-15 users. Some on transparent proxy
(redirection to port 3128) and some via proxy setting (port 8080) in
browser.
Netdata calls squidclient every second to fetch squid statistics. (for
generating per second graphs / statistics)
After I started using netdata, everything worked fine for a while. But
then many users started complaining that they are not able to access
sites. (Sometimes it worked and sometimes not.)
I could see SYN packets coming in but there were no SYN,ACK going back.
I quickly went through cache.log but did not find anything. (searched
for descriptors). I believe (but not 100% sure) that this happened only
with those on transparent proxy. (again not sure)
Then I restarted the squid and all was well. But then issue happened
again and I disabled netdata's squid module and now all is working fine
from few days.
So I suspect that netdata calling squidclient every second is not a
right thing to do. Its probably causing denial-of-service on squid.
So:
1) Is there any squid setting which I can adjust? (File descriptors
available is 16384)
2) Is calling squidclient so frequently a right thing to do by netdata?
Its probably over loading squid. (I will report to netdata if not)
Please guide,
Thank you,
Regards,
Amish
More information about the squid-users
mailing list