How to check the client ip for insert operation into a specific set

udf

#1

Hi All,

we are using a cluster of aeropike with bunch of microservices that uses aerospike for caching. Earlier we were using a set for caching some configuration but due to some requirement changes we created a new set with diff name and now our all services are using new set.

As per the eviction policy our Old set data should have been gone but looks like one service is still using old set data and the data is still there.

Is there any way that we can detect the ip of a node if that service is using old set data.

Thanks Akash


#2

any clue guys?


#3

tcpdump should have the setname in plaintext.

ex…

$ sudo tcpdump -n -K -vvv -XX -s0 port 3000 and not port 22 -i any | head -n 30 tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 15:13:26.604992 IP (tos 0x0, ttl 64, id 42080, offset 0, flags [DF], proto TCP (6), length 151) 172.28.128.7.37460 > 172.28.128.6.hbci: Flags [P.], seq 3924378877:3924378976, ack 1751575339, win 58, options [nop,nop,TS val 35197971 ecr 35216639], length 99 0x0000: 0004 0001 0006 0800 2729 8644 0000 0800 …’).D… 0x0010: 4500 0097 a460 4000 4006 3dba ac1c 8007 E…`@.@.=… 0x0020: ac1c 8006 9254 0bb8 e9e9 44fd 6866 eb2b …T…D.hf.+ 0x0030: 8018 003a 58d0 0000 0101 080a 0219 1413 …:X… 0x0040: 0219 5cff 0203 0000 0000 005b 1600 0100 …[… 0x0050: 0000 0000 0000 0000 0000 0000 0000 0003 … 0x0060: 0001 0000 0005 0074 6573 7400 0000 0801 …test… 0x0070: 7465 7374 7365 7400 0000 1504 798b b775 testset……y…u 0x0080: 99e0 5851 0b71 7e5a af0e dcb0 2607 a47c …XQ.q~Z…&…| 0x0090: 0000 0013 0201 0007 7465 7374 6269 6e00 …testbin. 0x00a0: 0000 005e f9da 3a …^…: 15:13:26.605193 IP (tos 0x0, ttl 64, id 22048, offset 0, flags [DF], proto TCP (6), length 82) 172.28.128.7.hbci > 172.28.128.7.42460: Flags [P.], seq 1266266586:1266266616, ack 1604480882, win 256, options [nop,nop,TS val 35197971 ecr 35197970], length 30 0x0000: 0000 0304 0006 0000 0000 0000 0000 0800 … 0x0010: 4500 0052 5620 4000 4006 8c3e ac1c 8007 E…RV.@.@…>… 0x0020: ac1c 8007 0bb8 a5dc 4b79 b1da 5fa2 6f72 …Ky…_.or 0x0030: 8018 0100 588c 0000 0101 080a 0219 1413 …X… 0x0040: 0219 1412 0203 0000 0000 0016 1600 0000 … 0x0050: 0000 0000 0002 11f4 a316 0000 0000 0000 … 0x0060: 0000 … 15:13:26.605211 IP (tos 0x0, ttl 64, id 31065, offset 0, flags [DF], proto TCP (6), length 105) 172.28.128.6.hbci > 172.28.128.7.37496: Flags [P.], seq 3470476189:3470476242, ack 2651934030, win 57, options [nop,nop,TS val 35216640 ecr 35197970], length 53 0x0000: 0000 0001 0006 0800 2750 86c4 0000 0800 …'P… 0x0010: 4500 0069 7959 4000 4006 68ef ac1c 8006 E…iyY@.@.h… 0x0020: ac1c 8007 0bb8 9278 cedb 439d 9e11 4d4e …x…C…MN 0x0030: 8018 0039 51e4 0000 0101 080a 0219 5d00 …9Q…]. 0x0040: 0219 1412 0203 0000 0000 002d 1600 0000 …-… 0x0050: 0000 0000 0016 11f4 a2fb 0000 0000 0000 … 11 packets captured


#4

alternatively you can enable audit logging, but it requires a restart and has a performance cost


#5

Thanks Albot


#6

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.