Re: Duplicate accounting log entries
Hi again,
Thanks a stack for your responses, I have a much better understanding of
how it works now! Yes I do have the acct_unique_id setup as below, and
have managed to weed out a lot of the duplication now.
Dennis Skinner wrote:
No. Look in the radius.conf for a section that looks like this:
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
That creates the second key (the one that doesn't come from the NAS)
that is based on the first one. Notice the User-Name is part of the
mix, hence Alan's question about how they could be the same.
After further investigation with my newly gained knowledge, I have been
able to find in more detail what the problems are.
In 1 instance, I have 2 accounting start's for the same username at the
same time, but from 2 DIFFERENT NAS'! Which then results in 2 different
unique id's, as the client-ip is different...
I have now sent a query to the maintainers of the NAS, as I feel this is
a valid query, but if anyone could verify for me that this should NOT be
happening?
My second worry is this. If a dsl user connects multiple times on the
same line, what is the typical NAS behaviour for accounting?
Does the NAS combine the traffic of all the connections and send that,
or does it monitor each connection seperately.
I am getting duplicate update's for that user from the NAS, where
everything is identical including the input and output octets, which
leads me to believe that the traffic is being combined and I actually
only need 1 of the records.
If I then make my unique_id column unique I will prevent this duplication.
Thanks again guys, as always any input is much appreciated!
Patrick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Patric wrote: I am getting duplicate update's for that user from the NAS, where everything is identical including the input and output octets, which leads me to believe that the traffic is being combined and I actually only need 1 of the records. If I then make my unique_id column unique I will prevent this duplication. I can't comment on DSL, but just as some general knowledge... RADIUS is UDP, so if reply packets from your system are lost, then the NAS will resend and you will have 2 copies. This can also happen if your radius server is being slow (perhaps due to SQL inserts) and not responding in time. You should try to optimize your database tables for best performance first (if MySQL, you prob want to use the InnoDB table engine at least for the radacct table). You will also want to archive that table on a regular basis. For our system, I found a significant slowdown on inserts when the table got above about 5 million records. If you are still getting a lot of duplicates, then you may want to work with the ppl who own the NAS's to adjust the timeouts. They may have then set too low for some reason. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Hi guys, The NAS maintainer was nice enough to get back to me, and problem has been sorted out. This is what was happening: Their proxy servers are behind a load sharing device, which is why the retransmission of one of the records had a different client_ip_address, but both entries came from the same NAS-ip-address. I have removed the client_ip_address from the unique_id declaration, and made the unique_id column unique in my database, so this should solve all my problems :] Thanks so much for your time and help! Patrick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Patric wrote: made the unique_id column unique in my database Careful with that last bit. Some NAS's can and do reuse their unique_id's. Especially if they are reloaded. Making sure the port is part of the key will help some, but I was still getting dupes in my db after several months of data. You may not see this as often as I do b/c I reload my pools fairly often, but making that db column unique is absolute and those NAS's will be reloaded at some point. Just FYI. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate accounting log entries
Hi guys, Hope someone can help, as this has me banging my head on the wall :] I am getting duplicate updates from my NAS, and Im trying to figure out how to prevent them from being written to my accounting logs table. I unfortunately have absolutely no control over the NAS, so thats not even an option. What I want to do is make the acct_session_id or acct_unique_id fields unique, or even make a composite key of them both, but I have found entries in my table where the following happens: This scenario is with DSL accounts: I have 3 records for 3 different users all with the same acct_session_id. 2 of these records have the same acct_unique_id, and the 3rd has a different acct_unique_id. Everything else in the records is identical. If I make a composite key combining the session and unique id's I will get rid 1 of the 2 records that have the same unique id, but I will still be sitting with 2 duplicate entries, each with a different unique id. I then thought to make the acct_session_id unique, which would solve the above scenario, but then I came across another problem. This scenario deals with dialup accounts: I have 2 records with the same acct_session_id but they are for 2 different users. Each record has a different acct_unique_id though. So if I make a composite key combining the session and unique id's both these records will exist, which is correct as they are for 2 different users. If I make only the acct_session_id unique to solve the DSL problem above, then one of these records wont be inserted, and an update will occur instead, as per the alternate accounting query. Am I missing something? Is there any other way to do this? I do not know why I am getting duplicate acct_session_id's from my NAS, but as I said there is no way for me to go that route... Any help or guidance would REALLY be appreciated! Thanks Patrick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
My apologies, a piece of my explanation is not right... please see below. Sorry, bit of a complex explanation... :] Hi guys, Hope someone can help, as this has me banging my head on the wall :] I am getting duplicate updates from my NAS, and Im trying to figure out how to prevent them from being written to my accounting logs table. I unfortunately have absolutely no control over the NAS, so thats not even an option. What I want to do is make the acct_session_id or acct_unique_id fields unique, or even make a composite key of them both, but I have found entries in my table where the following happens: This scenario is with DSL accounts: I have 3 records for the SAME user, all with the same acct_session_id. 2 of these records have the same acct_unique_id, and the 3rd has a different acct_unique_id. Everything else in the records is identical. If I make a composite key combining the session and unique id's I will get rid 1 of the 2 records that have the same unique id, but I will still be sitting with 2 duplicate entries, each with a different unique id. I then thought to make the acct_session_id unique, which would solve the above scenario, but then I came across another problem. This scenario deals with dialup accounts: I have 2 records with the same acct_session_id but they are for 2 different users. Each record has a different acct_unique_id though. So if I make a composite key combining the session and unique id's both these records will exist, which is correct as they are for 2 different users. If I make only the acct_session_id unique to solve the DSL problem above, then one of these records wont be inserted, and an update will occur instead, as per the alternate accounting query. Am I missing something? Is there any other way to do this? I do not know why I am getting duplicate acct_session_id's from my NAS, but as I said there is no way for me to go that route... Any help or guidance would REALLY be appreciated! Thanks Patrick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Patric wrote: I have 3 records for 3 different users all with the same acct_session_id. Your NAS is broken. Knowing that doesn't help much, but your NAS is definitely broken. 2 of these records have the same acct_unique_id, How? The default configuration of the server includes User-Name in the unique ID calculation. So unless you've edited the configuration to *remove* that, I don't see how its possible. I have 2 records with the same acct_session_id but they are for 2 different users. Each record has a different acct_unique_id though. So if I make a composite key combining the session and unique id's Why? I don't understand. The whole point of the unique ID created by the acct_unique module in FreeRADIUS is to have *it* create the unique ID's. Hacking extra keys on top of it is pointless work. Am I missing something? Is there any other way to do this? I do not know why I am getting duplicate acct_session_id's from my NAS, but as I said there is no way for me to go that route... Your NAS is broken. It happens. i.e. It's likely working as the manufacturer intended, but not as the customer needs. Any help or guidance would REALLY be appreciated! Post the key for the acct_unique module. Explain how two different User-Names can result in the same key. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Alan DeKok wrote: Your NAS is broken. Knowing that doesn't help much, but your NAS is definitely broken. I suspected as much. Unfortunately it is a huge company whose NAS it is, and it is doubtful that the would notice my little squeek from down here... :] 2 of these records have the same acct_unique_id, How? The default configuration of the server includes User-Name in the unique ID calculation. So unless you've edited the configuration to *remove* that, I don't see how its possible. Is my understanding correct that the NAS generates the unique ID? Because it exists in the detail files that I get from the NAS... In which case I dont know if they removed it... Post the key for the acct_unique module. Explain how two different User-Names can result in the same key. I couldnt begin to explain if I tried! lol I guess Im going to HAVE to try get some results from the people that control the NAS. Thanks for your help, much appreciated. Patrick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Patric wrote:
Post the key for the acct_unique module. Explain how two different
User-Names can result in the same key.
I couldnt begin to explain if I tried! lol
I guess Im going to HAVE to try get some results from the people that
control the NAS.
No. Look in the radius.conf for a section that looks like this:
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
That creates the second key (the one that doesn't come from the NAS)
that is based on the first one. Notice the User-Name is part of the
mix, hence Alan's question about how they could be the same.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting log entries
Patric wrote: I suspected as much. Unfortunately it is a huge company whose NAS it is, and it is doubtful that the would notice my little squeek from down here... :] They may listen to me. After doing this for nearly a decade, I have contacts at all of the big companies that matter. The ones I don't have contacts for at least recognize my name, and are willing to listen. Email me privately with the company name, product, and version. I'll see what I can do. Is my understanding correct that the NAS generates the unique ID? As Dennis pointed out, no. Because it exists in the detail files that I get from the NAS... In which case I dont know if they removed it... The detail files log what the server says to log. Some of which is from the NAS, some of which is generated by the server. Post the key for the acct_unique module. Explain how two different User-Names can result in the same key. I couldnt begin to explain if I tried! lol Please read radiusd.conf. Look for acct_unique. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
