Diagnostics [Документация VAS Experts]

Diagnostics

The Stingray Service Gateway logs are placed to /var/log/dpi

The file fastdpi_alert.log contains the information on errors and informative events. The first field denotes the message class. The diagnostic information and the message text or error text are placed next.

The information on successful renewal of black lists from cloud service:

[INFO    ] bl_updater_thread : URL black list download with result, rc=1001 : Success.
[INFO    ] bl_updater_thread : IP black list download with result, rc=1001 : Success.

The file fastdpi_stat.log contains statistical information.

The number of verified and blocked URL (for HTTP protocol):

url/lock=881557942/644 

The number of verified and blocked sessions by certificate (for HTTPS protocol):

ssl/lock=1656734322/58

The number of verified and blocked packets by IP (for HTTPS protocol):

https/lock=3021320891/3

Check that the lists are up to date, the date is usually not far in the past (a few hours):

ls -la /var/lib/dpi/blcache*

Check if mode bypass is active (if present):

bpctl_util all get_bypass

Mistake:
-bash: bpctl_util: command not found
Means you don't have a bypass

Check if there is a service on the subscriber, if there is, whether it corresponds to the black_list_sm parameter:

looking for a login by IP (if logins are used)
fdpi_ctrl list all --bind_multi | grep 192.168.1.100
user_100:192.168.1.100

check the status of the service:
fdpi_ctrl list --service 4 --login user_100
Autodetected fastdpi params : dev='eth5', port=29000
connecting 192.168.0.2:29000 ...

================================

user_100 4 (0x8) default
Result processing login=user_100 :
1/1/0
Total: filtering service is active

Checking the state of the parameter:
service fastdpi reload
grep black_list_sm /var/log/dpi/fastdpi_alert.log | tail-1
black_list_sm : 0

ATTENTION! The parameter is set by default, which means that the inversion works - the active service disables filtering on the subscriber.
For details, see the section on filtering service management.

Check that the test subscriber's traffic goes through DPI:

check that the log files do not exceed 1GB:
ls -la /var/log/dpi/fastdpi_slave_?.log
if it exceeds then do:
echo "" > /var/log/dpi/fastdpi_slave_0.log
echo "" > /var/log/dpi/fastdpi_slave_1.log
echo "" > /var/log/dpi/fastdpi_slave_2.log
echo "" > /var/log/dpi/fastdpi_slave_3.log

Set the IP address of the test computer in the /etc/dpi/fastdpi.conf configuration:
trace_ip=<IP>
After installation do:
service fastdpi reload

Sample verification for protonmail.com:
1. Request
wget protonmail.com
--2020-02-09 19:50:15-- http://protonmail.com/
Resolving protonmail.com... 5.3.3.17, 2a02:2698:a002:1::3:17
Connecting to protonmail.com|5.3.3.17|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://vasexperts.ru/test/blocked.php [following]
--2020-02-09 19:50:16-- http://vasexperts.ru/test/blocked.php
Resolving vasexperts.ru... 45.151.108.17
Connecting to vasexperts.ru|45.151.108.17|:80... connected.
HTTP request sent, awaiting response... 200 OK

2. checking log entries
grep -E "proton" -A5 /var/log/dpi/fastdpi_slave_?.log
/var/log/dpi/fastdpi_slave_1.log:HTTP_HOST=_protonmail.com_
/var/log/dpi/fastdpi_slave_1.log-HTTP_REFERER(0)=_null_
/var/log/dpi/fastdpi_slave_1.log-HTTP_USER-AGENT=_Wget/1.12 (linux-gnu)_
/var/log/dpi/fastdpi_slave_1.log-HTTP_COOKIE=_null_
/var/log/dpi/fastdpi_slave_1.log-[TRACE ][000000045177957936][0167666FC85BFC15] CHECK_HTTP 192.168.1.8:24359 --> 5.3.3.17:80 url_blocked=0x22, method=1 : URL=_/_
/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_
/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_
/var/log/dpi/fastdpi_slave_1.log-       new_prg_id=0x0(0x0)
/var/log/dpi/fastdpi_slave_1.log-       other_prg_id=0x0(0x0)
/var/log/dpi/fastdpi_slave_1.log-       prof_idx={0,0,0,0,0,0}
/var/log/dpi/fastdpi_slave_1.log-       ddos=0
--
/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_
/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_
/var/log/dpi/fastdpi_slave_1.log-       NEW_URL=http://vasexperts.ru/test/blocked.php_
/var/log/dpi/fastdpi_slave_1.log-       NEW_REFERER=_null_

The log shows that the resource is blocked:
... url_blocked=0x22 ...
and redirected to the blocking page:
NEW_URL=http://vasexperts.ru/test/blocked.php_