Buckiejoe

Q: Strange traffic on http port in graphs

I have this strange traffic ratio and wonder if someone had already experienced a situation like that and found the root cause.

I have two servers, both mostly active on the http side of things, traffic wise. Normally a server gets small http request to pull some file and responds with a far larger reply, for example serving a jpeg file to a client. Therefore usually the ratio of incoming vs outgoing connections looks like this:

normal.png

 

However there's another web server that's doing a similar job, mostly serving http pages and its traffic looks like this:

strange.png

Something is definitely wrong but I don't see any strangeness in apache logs. This has been going for quite some time but hasn't been like that before. Also, turning off web service completely neutralizes that traffic, the graph would stay close to zero for both outbound and inbound data. Any ideas on what could be going on and what to check? Thanks.

Posted on Jan 24, 2015 2:19 PM

Close

Q: Strange traffic on http port in graphs

  • All replies
  • Helpful answers

  • by Buckiejoe,

    Buckiejoe Buckiejoe Jan 25, 2015 8:00 AM in response to Buckiejoe
    Level 1 (10 points)
    Jan 25, 2015 8:00 AM in response to Buckiejoe

    The network activity coincides with thousands of entries in LDAP log that go in circles:

     

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_is_member_cb sr_type[0] sr_err[5]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_is_member be_compare[0] ismember[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn_cb sr_type[3]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn_cb sr_type[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn be_search[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_is_member_cb sr_type[0] sr_err[5]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_is_member be_compare[0] ismember[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn_cb sr_type[3]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn_cb sr_type[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn be_search[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_is_member_cb sr_type[0] sr_err[5]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_is_member be_compare[0] ismember[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn_cb sr_type[3]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn_cb sr_type[0]

    Jan 25 10:36:23 myserver.com slapd[281]: nestedgroup_id_to_dn be_search[0]

  • by Steve Rhyne,

    Steve Rhyne Steve Rhyne May 27, 2016 5:01 PM in response to Buckiejoe
    Level 1 (49 points)
    Servers Enterprise
    May 27, 2016 5:01 PM in response to Buckiejoe

    Hello. After upgrading our server from 10.10 to 10.11, our slapd.log is being hammered with the same five lines being repeated countless times:

     

    May 27 16:48:47 servername slapd[48685]: nestedgroup_id_to_dn_cb sr_type[3]

    May 27 16:48:47 servername slapd[48685]: nestedgroup_id_to_dn_cb sr_type[0]

    May 27 16:48:47 servername slapd[48685]: nestedgroup_id_to_dn be_search[0]

    May 27 16:48:47 servername slapd[48685]: nestedgroup_is_member_cb sr_type[0] sr_err[5]

    May 27 16:48:47 servername slapd[48685]: nestedgroup_is _member be_compare[0] ismember[0]

     

    I'm not an Open Directory guru. I landed here on your discussion thread after searching Google for some answers. Did you ever discovered the cause of these messages or a way to stop them?

  • by Steve Rhyne,

    Steve Rhyne Steve Rhyne May 27, 2016 5:50 PM in response to Steve Rhyne
    Level 1 (49 points)
    Servers Enterprise
    May 27, 2016 5:50 PM in response to Steve Rhyne

    I think I may have figured it out:

     

    The errors appeared every time a user logged into a client OD-bound computer.

     

    I figured, naturally, that it had something to do with "nested groups", i.e. groups that were members of other groups.

     

    I double-checked in Server.app that I didn't have any nested groups. I didn't.

     

    I then opened Directory Utility and examined the guts of each Group record. (I only have a few groups so this wasn't hard.) Two groups had "NestedGroups" entries with GUIDs that were nonexistent in the directory: "Open Directory Administrators" and "Workgroup". I deleted those NestedGroups entries in each group within Directory Utility.

     

    I logged into a client and the errors did not reappear.

     

    This directory has been around since 10.3 or 10.4, so who knows if at one point there were nested groups that never got properly cleaned up...?