This is an informational post for others to pickup once Google indexes it and will serve as place for me to vent... Autodesk releases crap... I've said it... Their AutoCad suite is bloated beyond recognition and it is more of a PITA to install every year. But how does this apply to Internet Related/Filtering/Firewall do you ask? Well, our students go through an internal Squid proxy for traffic logging before hitting the outside content filters. This proxy uses NTLM and by now enterprise level software should know what the hell this is. I come into work this morning to find the student proxy not passing traffic anymore and upon further inspection the volume I have setup to hold logs (30GB mind you) is freaking full. After purging some older logs and getting it working again I began to investigate.
This lists all current IP connections to every interface and there was 40,000 of them for a district with 1/10th the amount of students. And only a third of the student body is computers at any given time. So I dumped the entire output to a file in the home directory.
Once I fetched and opened it in Excel I was able to sort it out. I was finding machines with thousands of idle connections, all coming from the CAD lab.
netstat -nat > ~/connections.txt
Now I could parse the Squid access log; which was already bloated out to 2GB by mid morning (this typically doesn't exceed 300MB for an entire day).
tcp6 0 0 10.1.xxx.xxx:3128 10.1.xxx.xxx:63325 TIME_WAIT
Upon opening this 230MB txt file up in Excel and sorting by outgoing connection I find 2,000 GETS to here:
less /var/log/squid3/access.log | grep 10.1.xxx.xxx > ~/moreconnections.txt
Whatever AutoDesk app is running it's trying to get out to the web, getting hit with a challenge response for credentials, ignoring the challenge, and requesting the resource over, and over, and over again; thus filling the logs to oblivion with junk.
10.1.xxx.xxx TCP_DENIED/407 5100 GET http://autodesk-exchange-apps-v-1-5-staging.s3.amazonaws.com/data/content/fil
I'm going to try white listing the domain so connections to it don't have to provide credentials and see if that will calm it down. I'm so sick of this....
Looks like that did the trick. Log files are back to a normal size after a full day of using the Autodesk software. It still blows me away that they push off all this content from the local install to web based, and the dev team doesn't have enough foresight to think that organizations that use their software would be doing it from behind a proxy. Unbelievable....
Are you using the network version?
This certainly is odd, we use a lot of Autodesk software, Inventor, 3DS Max, Autocad but I can't say I've ever seen it do anything like that before.
What content are you talking about when you say "they push off all this content from the local install to web based" If you mean things like the Help, its online yes but there is an offline version which you need to download but the kicker is that this only works when you're offline, if you're online then it will use the online version, but I think you can force it to use the offline help not that you would want to because it doesnt include any of the tutorial videos.
It's the stand alone version. I'm fairly certain the content that it was trying to pull was from the help section. It was connections outgoing to Amazon's cloud service AmazonAWS. Anyways, the logs returned to a normal size once I added the amazonaws.com and autodesk.com domains to an ACL that allows connections through Squid to bypass authentication.