Content Cache Charm

Add a juju action to report on top visits by IP

Bug #1916747 reported by Tom Haddon on 2021-02-24

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Content Cache Charm	Confirmed	Low	Unassigned

Bug Description

During a potential DoS attack it's useful to quickly retrieve a list of most visits by IP. During a recent issue, an SRE ran the following:

juju run --application content-cache-1ss,content-cache-gs2 -- "awk '/Feb 24 11:/{print \$6}' /var/log/haproxy.log | cut -d ':' -f 1 | sort | uniq -c | sort -rn | head " | pp

This should really be a juju action so it's very obvious and easy for anyone to do this.

Related branches

~ballot/content-cache-charm/+git/content-cache-charm:request_per_ip_action

On hold for merging into content-cache-charm:master

Content Cache Charmers: Pending requested 2021-03-08

Revision history for this message

Haw Loeung (hloeung) wrote on 2021-02-25:

This command would be better as it supports IPv6 as well as includes the sites or listen stanzas being hit:

| awk '/Feb 25 06:/ && $6 !~ /127.0.0.1/ {print $6 " " $8 }' /var/log/haproxy.log | sed -e 's/:[0-9]* / /' | sort | uniq -c | sort -k1 -n -r | head

We also want to replace the date/time "Feb 25 06:" with the last 20 mins or so.

Tom Haddon (mthaddon) on 2021-02-26

Changed in content-cache-charm:
status:	New → Confirmed
importance:	Undecided → Medium

Haw Loeung (hloeung) on 2021-11-26

Changed in content-cache-charm:
importance:	Medium → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.