DDOS Violations Alarm
Moderators: scottr, Moderator Team
7 posts
• Page 1 of 1
DDOS Violations Alarm
by mka » Tue Mar 22, 2011 9:29 am
Several of the alarms on Flow Analytics will not activate, I'm running Scrutinizer 8.5, in particular i'm interested in activating DDos violations alarm. Pls help.
MK
MK
- mka
- Posts: 10
- Joined: Thu Feb 26, 2009 8:53 am
Re: DDOS Violations Alarm
by tomp » Wed Mar 23, 2011 5:20 am
Hi MK
I assume you have other FA algorithms that do work. In addition to DDOS, which other will not activate? Have you added devices to be monitored?
-Tom
I assume you have other FA algorithms that do work. In addition to DDOS, which other will not activate? Have you added devices to be monitored?
-Tom
-
tomp - Site Admin
- Posts: 289
- Joined: Wed Jul 27, 2005 9:53 am
- Location: Sunny Sanford Maine
Re: DDOS Violations Alarm
by mka » Wed Mar 23, 2011 6:11 am
Yes I do have devices added, alarm is working on Nefarious Activity, NULL Scan Violations, and FIN Violations. Other than DDoS, I also wanted alarm enabled on XMAS tree Violations, Breach Attempt Violations and ICMP Destinations Unreachable alarms. It lets me check on the alarm button on above choices and after i hit save, it tries to save, but I think it eventually times out. it does not show any errors.
- mka
- Posts: 10
- Joined: Thu Feb 26, 2009 8:53 am
Re: DDOS Violations Alarm
by pauld » Wed Mar 23, 2011 8:05 am
Hi mka,
What version of Scrutinizer are you running?
How many devices do you have enabled on the DDoS algorithm?
When you try and save the changes you're making, does it create an error in the apache log? ([homedir]\Scrutinizer\apache\logs\error.log)
Flow Analytics has 5 minutes to complete running all of the enabled algorithms and it sounds like it's taking longer than that to complete which causes high utilization the server.
Look in your Alarms tab and sort for "Watcher Task Errors". Do you see any errors related to Flow Analytics being timed out?
If it is being timed out it means that too many algorithms in Flow Analytics have been enabled.
Thanks,
Paul
What version of Scrutinizer are you running?
How many devices do you have enabled on the DDoS algorithm?
When you try and save the changes you're making, does it create an error in the apache log? ([homedir]\Scrutinizer\apache\logs\error.log)
Flow Analytics has 5 minutes to complete running all of the enabled algorithms and it sounds like it's taking longer than that to complete which causes high utilization the server.
Look in your Alarms tab and sort for "Watcher Task Errors". Do you see any errors related to Flow Analytics being timed out?
If it is being timed out it means that too many algorithms in Flow Analytics have been enabled.
Thanks,
Paul
-
pauld - Posts: 156
- Joined: Mon Jan 04, 2010 10:05 am
- Location: Sanford, Maine
Re: DDOS Violations Alarm
by mka » Wed Mar 23, 2011 9:47 am
What version of Scrutinizer are you running?
8.5
How many devices do you have enabled on the DDoS algorithm?
2 busy routers
When you try and save the changes you're making, does it create an error in the apache log? ([homedir]\Scrutinizer\apache\logs\error.log)
here is the last 3 lines on the apache error.log list
[Wed Mar 23 09:58:52 2011] [error] [client 127.0.0.1] Premature end of script headers: scrut_fa.cgi, referer: http://127.0.0.1/cgi-bin/myview.cgi?init=1
[Wed Mar 23 09:58:52 2011] [error] [client 127.0.0.1] DBD::mysql::st execute failed: FUNCTION plixer.stat_accum_int does not exist at scrut_fa.pl line 2297., referer: http://127.0.0.1/cgi-bin/myview.cgi?init=1
[Wed Mar 23 09:58:52 2011] [error] [client 127.0.0.1] DBD::mysql::st execute failed: FUNCTION plixer.stat_accum_int does not exist at scrut_fa.pl line 2297., referer: http://127.0.0.1/cgi-bin/myview.cgi?init=1
Flow Analytics has 5 minutes to complete running all of the enabled algorithms and it sounds like it's taking longer than that to complete which causes high utilization the server.
Server OS 2003, RAM 8gig, hard-drive 1TB
Look in your Alarms tab and sort for "Watcher Task Errors". Do you see any errors related to Flow Analytics being timed out?
There are no Watcher Task Errors
8.5
How many devices do you have enabled on the DDoS algorithm?
2 busy routers
When you try and save the changes you're making, does it create an error in the apache log? ([homedir]\Scrutinizer\apache\logs\error.log)
here is the last 3 lines on the apache error.log list
[Wed Mar 23 09:58:52 2011] [error] [client 127.0.0.1] Premature end of script headers: scrut_fa.cgi, referer: http://127.0.0.1/cgi-bin/myview.cgi?init=1
[Wed Mar 23 09:58:52 2011] [error] [client 127.0.0.1] DBD::mysql::st execute failed: FUNCTION plixer.stat_accum_int does not exist at scrut_fa.pl line 2297., referer: http://127.0.0.1/cgi-bin/myview.cgi?init=1
[Wed Mar 23 09:58:52 2011] [error] [client 127.0.0.1] DBD::mysql::st execute failed: FUNCTION plixer.stat_accum_int does not exist at scrut_fa.pl line 2297., referer: http://127.0.0.1/cgi-bin/myview.cgi?init=1
Flow Analytics has 5 minutes to complete running all of the enabled algorithms and it sounds like it's taking longer than that to complete which causes high utilization the server.
Server OS 2003, RAM 8gig, hard-drive 1TB
Look in your Alarms tab and sort for "Watcher Task Errors". Do you see any errors related to Flow Analytics being timed out?
There are no Watcher Task Errors
- mka
- Posts: 10
- Joined: Thu Feb 26, 2009 8:53 am
Re: DDOS Violations Alarm
by pauld » Wed Mar 23, 2011 9:53 am
Hi mka,
Your apache logs indicate this is an issue caused by a bad .dll file. I'll contact you directly with the procedure to get this resolved.
Thanks,
Paul
Your apache logs indicate this is an issue caused by a bad .dll file. I'll contact you directly with the procedure to get this resolved.
Thanks,
Paul
-
pauld - Posts: 156
- Joined: Mon Jan 04, 2010 10:05 am
- Location: Sanford, Maine
Re: DDOS Violations Alarm
by mka » Wed Mar 23, 2011 10:20 am
Paul, the dll fix did it, thanks for the quick response.
MK
MK
- mka
- Posts: 10
- Joined: Thu Feb 26, 2009 8:53 am
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests