Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_filtration:filtration_info [2020/02/05 17:29] – ↷ Page moved from en:dpi:dpi_options:base_functionality:opt_filtration:filtration_info to en:dpi:dpi_options:opt_filtration:filtration_info lexx26
+++ en:dpi:dpi_options:opt_filtration:filtration_info [2024/09/26 15:29] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-====== 5 Diagnostics ======
+====== Diagnostics ======
+{{indexmenu_n>5}}
+The Stingray Service Gateway logs are placed to ///var/log/dpi//
+The file fastdpi_alert.log contains the information on errors and informative events. The first field denotes the message class. The diagnostic information and the message text or error text are placed next.
+The information on successful renewal of black lists from cloud service:
+<code>
+[INFO    ] bl_updater_thread : URL black list download with result, rc=1001 : Success.
+[INFO    ] bl_updater_thread : IP black list download with result, rc=1001 : Success.
+</code>
+The file fastdpi_stat.log contains statistical information.
+The number of verified and blocked URL (for HTTP protocol):
+<code>
+url/lock=881557942/644
+</code>
+The number of verified and blocked sessions by certificate (for HTTPS protocol):
+<code>
+ssl/lock=1656734322/58
+</code>
+The number of verified and blocked packets by IP (for HTTPS protocol):
+<code>
+https/lock=3021320891/3
+</code>
+Check that the lists are up to date, the date is usually not far in the past (a few hours):
+<code>
+ls -la /var/lib/dpi/blcache*
+</code>
+Check if [[en:dpi:dpi_components:platform:by_pass|mode bypass]] is active (if present):
+<code>
+bpctl_util all get_bypass
+Mistake:
+-bash: bpctl_util: command not found
+Means you don't have a bypass
+</code>
+Check if there is a service on the subscriber, if there is, whether it corresponds to the [[en:dpi:dpi_options:opt_filtration:filtration_ctrl|black_list_sm]] parameter:
+<code>
+looking for a login by IP (if logins are used)
+fdpi_ctrl list all --bind_multi | grep 192.168.1.100
+user_100:192.168.1.100
+check the status of the service:
+fdpi_ctrl list --service 4 --login user_100
+Autodetected fastdpi params : dev='eth5', port=29000
+connecting 192.168.0.2:29000 ...
+================================
+user_100 4 (0x8) default
+Result processing login=user_100 :
+/1/0
+Total: filtering service is active
+Checking the state of the parameter:
+service fastdpi reload
+grep black_list_sm /var/log/dpi/fastdpi_alert.log | tail-1
+black_list_sm : 0
+ATTENTION! The parameter is set by default, which means that the inversion works - the active service disables filtering on the subscriber.
+For details, see the section on filtering service management.
+</code>
+Check that the test subscriber's traffic goes through DPI:
+<code>
+check that the log files do not exceed 1GB:
+ls -la /var/log/dpi/fastdpi_slave_?.log
+if it exceeds then do:
+echo "" > /var/log/dpi/fastdpi_slave_0.log
+echo "" > /var/log/dpi/fastdpi_slave_1.log
+echo "" > /var/log/dpi/fastdpi_slave_2.log
+echo "" > /var/log/dpi/fastdpi_slave_3.log
+Set the IP address of the test computer in the /etc/dpi/fastdpi.conf configuration:
+trace_ip=<IP>
+After installation do:
+service fastdpi reload
+Sample verification for protonmail.com:
+. Request
+wget protonmail.com
+--2020-02-09 19:50:15-- http://protonmail.com/
+Resolving protonmail.com... 5.3.3.17, 2a02:2698:a002:1::3:17
+Connecting to protonmail.com|5.3.3.17|:80... connected.
+HTTP request sent, awaiting response... 302 Moved Temporarily
+Location: http://vasexperts.ru/test/blocked.php [following]
+--2020-02-09 19:50:16-- http://vasexperts.ru/test/blocked.php
+Resolving vasexperts.ru... 45.151.108.17
+Connecting to vasexperts.ru|45.151.108.17|:80... connected.
+HTTP request sent, awaiting response... 200 OK
+. checking log entries
+grep -E "proton" -A5 /var/log/dpi/fastdpi_slave_?.log
+/var/log/dpi/fastdpi_slave_1.log:HTTP_HOST=_protonmail.com_
+/var/log/dpi/fastdpi_slave_1.log-HTTP_REFERER(0)=_null_
+/var/log/dpi/fastdpi_slave_1.log-HTTP_USER-AGENT=_Wget/1.12 (linux-gnu)_
+/var/log/dpi/fastdpi_slave_1.log-HTTP_COOKIE=_null_
+/var/log/dpi/fastdpi_slave_1.log-[TRACE ][000000045177957936][0167666FC85BFC15] CHECK_HTTP 192.168.1.8:24359 --> 5.3.3.17:80 url_blocked=0x22, method=1 : URL=_/_
+/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_
+/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_
+/var/log/dpi/fastdpi_slave_1.log-       new_prg_id=0x0(0x0)
+/var/log/dpi/fastdpi_slave_1.log-       other_prg_id=0x0(0x0)
+/var/log/dpi/fastdpi_slave_1.log-       prof_idx={0,0,0,0,0,0}
+/var/log/dpi/fastdpi_slave_1.log-       ddos=0
+--
+/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_
+/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_
+/var/log/dpi/fastdpi_slave_1.log-       NEW_URL=http://vasexperts.ru/test/blocked.php_
+/var/log/dpi/fastdpi_slave_1.log-       NEW_REFERER=_null_
+The log shows that the resource is blocked:
+... url_blocked=0x22 ...
+and redirected to the blocking page:
+NEW_URL=http://vasexperts.ru/test/blocked.php_
+</code>

Profile

Settings

Differences