I've receive Overhead Protection is Active alert, when I tried to find the problem in server log, it show: 2013-08-02 00:00:49 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=sflowheader&filter_type=sflowcustom&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:01:52 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=snmptraffic&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:02:55 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=virtuozzonetwork&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:03:58 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=wminetwork&filter_type=wmihypervvirtualnetworkadapter&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:05:02 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(cpuloadsensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:06:05 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(diskspacesensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:07:08 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(memorysensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:08:11 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_status=4&filter_status=5&filter_status=10&filter_status=13&filter_status=14&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:09:14 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_status=7&filter_status=1&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:10:17 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_status=3&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:11:20 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(esx)&filter_tags=@tag(esxserverhosthealthsensor)&filter_tags=@tag(esxserverhostsensor)&filter_tags=@tag(esxserversensor)&filter_tags=@tag(esxservervmsensor)&filter_tags=@tag(esxshealthsensor)&filter_tags=@tag(esxvmsensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:12:24 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=5&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:13:27 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=4&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:14:30 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=3&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:15:33 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=2&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:16:36 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=1&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)"
I've no idea about this, how can I solve the problem?
Article Comments
Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.
I'm afraid only by comparing the "History" on the Libraries to see which Library was created by the same user, that occurs in these webserver log entries.
Aug, 2013 - Permalink
Hello,
thank you very much for your KB-Post. The protection is indeed caused by those requests.
If entries like this one are about once every minute, it's very likely at least one library causing this. Please check the libraries, if there is one (or more) created by a user that was deleted, or whose password was changed, but did not login since.
best regards.
Aug, 2013 - Permalink