Diagnostics [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    en:dpi:dpi_options:opt_filtration:filtration_info:start [2023/08/28 15:19] edrudichgmailcomen:dpi:dpi_options:opt_filtration:filtration_info:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
    Line 1: Line 1:
    -====== Diagnostics ====== 
    -{{indexmenu_n>5}} 
    -The Stingray Service Gateway logs are placed to ///var/log/dpi// 
      
    -The file fastdpi_alert.log contains the information on errors and informative events. The first field denotes the message class. The diagnostic information and the message text or error text are placed next. 
    - 
    -The information on successful renewal of black lists from cloud service: 
    -<code> 
    -[INFO    ] bl_updater_thread : URL black list download with result, rc=1001 : Success. 
    -[INFO    ] bl_updater_thread : IP black list download with result, rc=1001 : Success. 
    -</code> 
    - 
    -The file fastdpi_stat.log contains statistical information. 
    - 
    -The number of verified and blocked URL (for HTTP protocol): 
    -<code> 
    -url/lock=881557942/644  
    -</code> 
    - 
    -The number of verified and blocked sessions by certificate (for HTTPS protocol): 
    -<code> 
    -ssl/lock=1656734322/58 
    -</code> 
    - 
    -The number of verified and blocked packets by IP (for HTTPS protocol): 
    -<code> 
    -https/lock=3021320891/3 
    -</code> 
    - 
    -Check that the lists are up to date, the date is usually not far in the past (a few hours): 
    -<code> 
    -ls -la /var/lib/dpi/blcache* 
    -</code> 
    - 
    -Check if [[en:dpi:dpi_components:platform:by_pass:start|mode bypass]] is active (if present): 
    -<code> 
    -bpctl_util all get_bypass 
    - 
    -Mistake: 
    --bash: bpctl_util: command not found 
    -Means you don't have a bypass 
    -</code> 
    - 
    -Check if there is a service on the subscriber, if there is, whether it corresponds to the [[en:dpi:dpi_options:opt_filtration:filtration_ctrl:start|black_list_sm]] parameter: 
    -<code> 
    -looking for a login by IP (if logins are used) 
    -fdpi_ctrl list all --bind_multi | grep 192.168.1.100 
    -user_100:192.168.1.100 
    - 
    -check the status of the service: 
    -fdpi_ctrl list --service 4 --login user_100 
    -Autodetected fastdpi params : dev='eth5', port=29000 
    -connecting 192.168.0.2:29000 ... 
    - 
    -================================ 
    - 
    -user_100 4 (0x8) default 
    -Result processing login=user_100 : 
    -1/1/0 
    -Total: filtering service is active 
    - 
    -Checking the state of the parameter: 
    -service fastdpi reload 
    -grep black_list_sm /var/log/dpi/fastdpi_alert.log | tail-1 
    -black_list_sm : 0 
    - 
    -ATTENTION! The parameter is set by default, which means that the inversion works - the active service disables filtering on the subscriber. 
    -For details, see the section on filtering service management. 
    -</code> 
    - 
    -Check that the test subscriber's traffic goes through DPI: 
    -<code> 
    -check that the log files do not exceed 1GB: 
    -ls -la /var/log/dpi/fastdpi_slave_?.log 
    -if it exceeds then do: 
    -echo "" > /var/log/dpi/fastdpi_slave_0.log 
    -echo "" > /var/log/dpi/fastdpi_slave_1.log 
    -echo "" > /var/log/dpi/fastdpi_slave_2.log 
    -echo "" > /var/log/dpi/fastdpi_slave_3.log 
    - 
    -Set the IP address of the test computer in the /etc/dpi/fastdpi.conf configuration: 
    -trace_ip=<IP> 
    -After installation do: 
    -service fastdpi reload 
    - 
    -Sample verification for protonmail.com: 
    -1. Request 
    -wget protonmail.com 
    ---2020-02-09 19:50:15-- http://protonmail.com/ 
    -Resolving protonmail.com... 5.3.3.17, 2a02:2698:a002:1::3:17 
    -Connecting to protonmail.com|5.3.3.17|:80... connected. 
    -HTTP request sent, awaiting response... 302 Moved Temporarily 
    -Location: http://vasexperts.ru/test/blocked.php [following] 
    ---2020-02-09 19:50:16-- http://vasexperts.ru/test/blocked.php 
    -Resolving vasexperts.ru... 45.151.108.17 
    -Connecting to vasexperts.ru|45.151.108.17|:80... connected. 
    -HTTP request sent, awaiting response... 200 OK 
    - 
    -2. checking log entries 
    -grep -E "proton" -A5 /var/log/dpi/fastdpi_slave_?.log 
    -/var/log/dpi/fastdpi_slave_1.log:HTTP_HOST=_protonmail.com_ 
    -/var/log/dpi/fastdpi_slave_1.log-HTTP_REFERER(0)=_null_ 
    -/var/log/dpi/fastdpi_slave_1.log-HTTP_USER-AGENT=_Wget/1.12 (linux-gnu)_ 
    -/var/log/dpi/fastdpi_slave_1.log-HTTP_COOKIE=_null_ 
    -/var/log/dpi/fastdpi_slave_1.log-[TRACE ][000000045177957936][0167666FC85BFC15] CHECK_HTTP 192.168.1.8:24359 --> 5.3.3.17:80 url_blocked=0x22, method=1 : URL=_/_ 
    -/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_ 
    -/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_ 
    -/var/log/dpi/fastdpi_slave_1.log-       new_prg_id=0x0(0x0) 
    -/var/log/dpi/fastdpi_slave_1.log-       other_prg_id=0x0(0x0) 
    -/var/log/dpi/fastdpi_slave_1.log-       prof_idx={0,0,0,0,0,0} 
    -/var/log/dpi/fastdpi_slave_1.log-       ddos=0 
    --- 
    -/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_ 
    -/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_ 
    -/var/log/dpi/fastdpi_slave_1.log-       NEW_URL=http://vasexperts.ru/test/blocked.php_ 
    -/var/log/dpi/fastdpi_slave_1.log-       NEW_REFERER=_null_ 
    - 
    -The log shows that the resource is blocked: 
    -... url_blocked=0x22 ... 
    -and redirected to the blocking page: 
    -NEW_URL=http://vasexperts.ru/test/blocked.php_ 
    - 
    -</code>