home server debugging issues

Alan DeKok aland at deployingradius.com
Thu Nov 26 18:17:29 CET 2009 

Josip Rodin wrote:
> I upgraded one of our proxy servers from 2.0.4 to 2.1.7, and noticed that
> the proxying changed in a way that "status_check = request" logic started
> being critical, so this kind of stuff:
> 
> Sun Nov 22 09:25:56 2009 : Error: Rejecting request 70011 due to lack of any response from home server X port 1812
> 
> ...was replaced, without a change in home server configuration, with:

  It wasn't replaced, it just happens less often.

> It was unclear to me why didn't FreeRADIUS notice this as soon as it first
> happened, and when it eventually happened, why didn't it explicate the
> rationale. So I looked and found these in src/main/event.c:

  Odds are your config handles the "no response" packets.  So the above
message happens less often.

>         RDEBUG2("No response to status check %d from home server %s port %d",
>         RDEBUG2("Proxying request %d to home server %s port %d",
>         RDEBUG2("ERROR: Failed to find live home server for realm %s",
>         RDEBUG2("Failed to find live home server for request %d", request->number);
> 
> It doesn't make sense for both error and debug messages to be displayed on
> the same debug level. The error messages need to have priority, so that the
> admin actually has a chance to see them.

  Some errors shouldn't be printed to the logs.  i.e. "no response to
request".  If you're proxying 100's of packets/s and the home server
dies, you are going to get a LOT of messages in the log.  This isn't
desirable.

  Instead, various state changes (home server up / down) are logged.

> In this particular situation, when I move from debug level 0 to 2 in order
> to oversee these events, I get not only these messages, but gobs of rlm_sql
> expansions, unlang processing logs, etc.
> 
> It would be better if some of those error messages were upgraded to L_ERR,
> or L_PROXY, while keeping the truely informational messages as L_DBG.
> In fact it looks like there's only a single reference to L_PROXY in the
> entire file.
> 
> Does this make sense, can I submit patches?

  I've committed a bunch of changes to the logging in src/main/event.c.
 More events are logged, and there's a lot more use of L_PROXY.

  Alan DeKok.

More information about the Freeradius-Users mailing list