88 lines
2.2 KiB
Markdown
88 lines
2.2 KiB
Markdown
# 福建项目:安全日志pcap文件下载失败
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-488 | 2022-05-18T18:05:44.000+0800 | 窦凤虎 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
*背景:*
|
||
福建环境 目前安全日志中的pcap文件下载失败,故障原因与之前安全日志中Request Body下载失败相同(Hos有积压,该问题一直未解决)
|
||
|
||
*目标:*
|
||
为了使pcap能正常下载,可否考虑在现有的福州OLAP集群中增加hos节点(复用其他OLAP服务器)?让功能端的pcap文件上传到新的hos节点,这样即使Request Body使hos积压,也不会影响pcap文件。
|
||
|
||
目前安全策略中打开存pcap开关的策略,命中量都不是很大,3个日志24小时一共产生70w的日志
|
||
|
||
*链接为福州OLAP集群部署规划:*https://docs.geedge.net/pages/viewpage.action?pageId=58308114
|
||
**doufenghu** commented on *2022-05-19T09:02:43.305+0800*:
|
||
|
||
排查和分析下HoS服务端的吞吐量和运行状态。[~zhanghongqing]
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhanghongqing** commented on *2022-05-20T12:36:14.353+0800*:
|
||
|
||
目前安全策略未开pcap,hos两台(之前装了3台,宕机剔除一台)状态运行良好。已经配置上nezha监控,并联系工程部同事打开安全策略pcap,打开之后将继续监控hos状态。
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhangzhihan** commented on *2022-05-20T17:25:26.510+0800*:
|
||
|
||
*问题已解决*
|
||
*原因*:22.01中packet dump版本为2.1.1,配置文件中kafka地址相关的配置只支持单机配置,由于现场是集群环境,有3台kafka节点,导致配置不正确,packet dump未能正常启动
|
||
*解决方法*:修改packet dump配置,从3个ip改为1个ip,重启packet dump程序后恢复
|
||
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhanghongqing** commented on *2022-05-20T17:51:34.983+0800*:
|
||
|
||
当前hos性能监控
|
||
|
||
!微信截图_20220520172639.png!!QQ截图20220520172850.png!!QQ截图20220520173500.png!!QQ截图20220520174137.png!
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**28143/image-2022-05-20-12-30-51-551.png**
|
||
|
||
---
|
||
|
||
**28158/QQ截图20220520172850.png**
|
||
|
||
---
|
||
|
||
**28167/QQ截图20220520173500-2.png**
|
||
|
||
---
|
||
|
||
**28160/QQ截图20220520174137.png**
|
||
|
||
---
|
||
|
||
**28157/微信截图_20220520172639.png**
|
||
|
||
---
|
||
|
||
**28109/微信图片_20220518134712.jpg**
|
||
|
||
---
|
||
|
||
**28147/微信图片_20220520172852.png**
|
||
|
||
---
|
||
|