I've receive Overhead Protection is Active alert, when I tried to find the problem in server log, it show: 2013-08-02 00:00:49 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=sflowheader&filter_type=sflowcustom&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:01:52 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=snmptraffic&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:02:55 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=virtuozzonetwork&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:03:58 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_type=wminetwork&filter_type=wmihypervvirtualnetworkadapter&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:05:02 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(cpuloadsensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:06:05 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(diskspacesensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:07:08 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(memorysensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:08:11 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_status=4&filter_status=5&filter_status=10&filter_status=13&filter_status=14&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:09:14 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_status=7&filter_status=1&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:10:17 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_status=3&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:11:20 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_tags=@tag(esx)&filter_tags=@tag(esxserverhosthealthsensor)&filter_tags=@tag(esxserverhostsensor)&filter_tags=@tag(esxserversensor)&filter_tags=@tag(esxservervmsensor)&filter_tags=@tag(esxshealthsensor)&filter_tags=@tag(esxvmsensor)&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:12:24 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=5&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:13:27 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=4&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:14:30 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=3&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:15:33 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=2&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)" 2013-08-02 00:16:36 127.0.0.1 "anonymous-admin-login_failed_and_delayed_120_seconds" 127.0.0.1 8085 GET /api/table.csv id=0&count=1000&noraw=1&content=sensorxref&columns=objid&filter_basetype=sensor&filter_priority=1&login=admin&passhash=* 200 "Mozilla/3.0 (compatible; Indy Library)"
I've no idea about this, how can I solve the problem?
Article Comments
I'm afraid only by comparing the "History" on the Libraries to see which Library was created by the same user, that occurs in these webserver log entries.
Aug, 2013 - Permalink
Hello,
thank you very much for your KB-Post. The protection is indeed caused by those requests.
If entries like this one are about once every minute, it's very likely at least one library causing this. Please check the libraries, if there is one (or more) created by a user that was deleted, or whose password was changed, but did not login since.
best regards.
Aug, 2013 - Permalink