What does this event log entry mean: "Session Monitor: RADIUS attribute too short, packet dropped"?


Article ID: 167229


Updated On:


ProxySG Software - SGOS


This error message is benign and misleading. Although it says "packet dropped," the Session Monitor doesn't actually drop the packet. Instead, it discards the attribute and continues processing the rest of the packet. The message is triggered by an attribute that does not have a value. For example, a vendor specific attribute. Vendor specific attribute is laid out like this:

Type (1 byte) : Length (1 byte) : Vendor-ID (4 bytes) : Vendor Type (1 byte) Vendor Length (1 byte) : Value (variable)
The header (that is, all of the above fields except the payload), is 8 bytes long. So if your Radius server is sending this vendor specific attribute without any value, this will be no use to the ProxySG appliance's session monitor. The Session Monitor can't store the value for an attribute when there is no value. The Session Monitor is logging this anomaly with the event log message, but it is NOT dropping the packet. After the error is logged, the Session Monitor continues processing the packet as normal.
The packet capture below shows an example where the attribute has no value:
Note: The 'Attribute' and 'Attribute-Name' are arbitrary names; it can be any other name.
The packet capture below shows an example where the attribute has a value: