search cancel

Correlate DNS issues to proxy stop intercepting traffic.

book

Article ID: 173973

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

At some point if the DNS latency gets too high, due to proxy not being able to check the DNS server or other network issue proxy will stop intercepting traffic.

Resolution

You can check the sysinfo file and correlate the parameter between http:dwell:ms:dns with svc:ds:service:intercepted_server_bytes

 

On the DNS parameters it will show you the timings. The bigger the number the more delay it took, then you have to correlate that to the intercepted bytes.  If they drop to 0 it means the proxy stopped processing traffic and the delay was caused by a DNS latency.

 

For example:

 

svc:ds:service:[email protected], 24 Mar 2018 14:45:00 UTC[58](96, 900): 17779383 6510308 17614546 1926830 1300191 1546123 867818 910453 1081184 901165 1033288 5885032 817627 943680 851099 276965 199316 101735 331007 113725 85347 108015 131595 91068 27695 ***0 2175 0 0 0 0*** 1746432 609662 460312 168575 152949 103281 94815 114772 168709 109427 114752 113697 141057 117787 244217 123154 232515 155450 1211912 285451 195357 263431 822764 388462 2874742 152027 2077 0 1046 1041 1034 1029 1031 1026 0 0 0 2063 1331390 135205 635852 2147 0 42203367 22732998 24932034 5028932 5822181 3727079 4077478 4196942 4764000 8394108 6972947 4594156 17302561 301828451 43829644 19214266 20162748 211934382 33295770 51368039 41824154 26881038

 

 

http:dwell:ms:[email protected], 24 Mar 2018 14:45:00 UTC[58](96, 900): 17969 383 480 402 383 5620 529 389 603 588 322 620 390 757 283 508 386 428 230 748 351 286 345 406 506411 ***701289 2772199 933099 1829128 1880236 2082187 332904*** 345 286 762 449 291 410 461 348 413 568 228 504 282 290 667 347 413 545 414 442 685 631 555 838 727 574154 1622394 789778 1488024 1349372 981791 846539 911619 1192252 1198318 1333096 916629 1010803 631442 924371 773034 701229 424136 424 584 5375 15703 651 293 389 298 740 425 535 472 648 785 489 476 427 613 480 642 342

 

Please note that every data point is a snapshot of that moment in this case every 15 minutes.