Resolving Too many differnet filenames for detail log file
zwlu at ucdavis.edu
Wed Sep 13 17:38:39 CEST 2017
Hi FreeRadius experts,
I would like to seek advice at configuring freeradius to overcome an issue that we had encountered recently. We noticed recently that login into our switches/routers took considerably longer than before.
The VM (CentOS 7, with freeradius 3.04) didn't have much load at all:
load average: 0.00, 0.01, 0.05
After some more trouble shooting, I realized that the problem was related to writing detail accounting files:
Wed Sep 6 13:22:38 2017 : ERROR: (219185) ERROR: detail : Couldn't open file /var/log/radius/radacct/10.1.1.26/detail-20170906: Too many different filenames
By searchin online, it appears that there is a hard coded limit of 64 files in log.c
lf->max_entries = 64;
When we hit that limit, login into our switches/routers become slow.
Our normal work load usually does not trig this problem. A handful of network admins log into switches and routers when we need to until we examine switch issue by using a script via cron (with ~40 parallel login into different switches at a time every 10 minutes), then we started to encounter slow login while these jobs were busy.
Now that we know the root cause of the problem, we could mitigate the problem by
1. recompile the code with high max_entries number.
2. add more radius servers and randomize switch radius server configuration.
3. optizime freeradius configuration.
Our current setup is very basic, unix (nis) authentication, detail file accounting. I would like to hear recommendations of resolving \
this accounting issue, preferably not patching/recompiling code from time to time.
Shall we configure MySQL/PostgreSQL database for accounting only?
Thank you very much for your help.
IET-CR-Network Operations Center
University of California, Davis
More information about the Freeradius-Users