Packets being dropped

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
User avatar
BanditBBS
Posts: 2454
Joined: Tue May 31, 2011 12:57 pm
Location: Scio, OH
Contact:

Packets being dropped

Post by BanditBBS »

I have my infoblox DNS system sending logs to both Alientvault and NLS. NLS is missing many log entries that we can validate are being received by Alienvault. We changed the configuration and removed Alientvault to make sure it wasn't overloading the Infoblox, no luck. We did a TCPDump on the NLS node and validated the packets with the data we are expecting are not even in the TCPDump. I'm going to have my network team sniff the network and validate the packets are making it to NLS.

My team and I are very confident we've ruled out everything except a bizarre network issue or NLS somehow dropping the packets. Is there any process running on NLS that could drop the packets so that they wouldn't even be seen in a tcpdump?
2 of XI5.6.14 Prod/DR/DEV - Nagios LogServer 2 Nodes
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Packets being dropped

Post by ssax »

Nothing I'm aware of would stop it from showing in the tcpdump unless you have some form of host intrusion prevention that gets loaded before the network stack/driver and is blocking it before it's able to get to tcpdump (I've seen that in some HIPS implementations), it should still show them in tcpdump even if blocked by the local firewall so it's likely network/security software related external to the Log Server system.

Are you seeing any drops/errors on the LS interfaces?

Code: Select all

ethtool -S ens160
netstat -s
If there's an MTU mismatch somewhere in the path they may be getting dropped at the network layer because of that as well, something to keep in mind.
Locked