60 lines
1.7 KiB
Markdown
60 lines
1.7 KiB
Markdown
|
# 【M22项目】日志中packet capture file无法下载
|
|||
|
|
|
|||
|
|
| ID | Creation Date | Assignee | Status |
|
|||
|
|
|----|----------------|----------|--------|
|
|||
|
|
| OMPUB-1480 | 2024-09-25T18:54:04.000+0800 | 王成成 | 处理中 |
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
经排查,点击日志产生的packet capture file报错:Not Found
|
|||
|
|
|
|||
|
|
!image-2024-09-25-17-23-34-931.png|width=530,height=263!
|
|||
|
|
|
|||
|
|
!image-2024-09-25-17-23-19-263.png|width=533,height=265!**wangchengcheng** commented on *2024-09-26T19:34:43.988+0800*:
|
|||
|
|
|
|||
|
|
经排查,截止当地时间17:40分,会话日志中还标注了已删除的监测策略ID(3705, 3707, 3709等)并且字段pcap_capture_file有文件名称,并还有file chunk 写入 需功能端排查下。
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**doufenghu** commented on *2024-10-08T09:48:44.048+0800*:
|
|||
|
|
|
|||
|
|
# File Chunk Combiner 超出摄入阈值限制,出现OOM并重启。会话相关pcap文件在各个分中心存储 ,24.05可分别对各个分中心的Firewall producer生产速率对其限流,避免策略命中产生过多的chunks导致OLAP 过载。
|
|||
|
|
# 已删除的策略,在24小时内,还有文件产生。其中大部分只在日志中发送文件名称,未发送chunks。
|
|||
|
|
# 会话命中多条策略时,pcap文件归属会产生歧义,建议在pcap 文件头描述命中的策略。
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**liuxueli** commented on *2024-10-08T09:56:06.633+0800*:
|
|||
|
|
|
|||
|
|
* 功能端命中监测策略需等待流结束时才能发送日志,监测策略删除功能端无感,当流结束时间晚于监测策略删除时间会出现上述现象,属于正常现象。
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
## Attachments
|
|||
|
|
|
|||
|
|
**63320/image-2024-09-25-17-23-01-492.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**63319/image-2024-09-25-17-23-19-263.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**63318/image-2024-09-25-17-23-34-931.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**63350/企业微信截图_17273454373446.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|