Monday, November 22, 2021

High amounts of data transferred between Web and Database Server - how to identify source ?

I hope this is the right forum to post in ... apologies if it's not.

My IT infrastructure personnel showed firewall logs capturing huge amounts of data transfer between Webservers(2 Windows 2019 servers load balanced)and Database server (SQLServer 2019 with multiple databases). We are talking 500 GB, 900 GB data transfer spikes in 30 mins interval approximately once in 5 days at random (happened twice in one week). When there is a data transfer spikes like these eCommerce sites hosted on the web server go down and they recover automatically without any intervention.

CPU & Memory on both web server and database server looks fine when this happens. The eCommerce sites that are hosted on the web server are not very high traffic sites(max 700 users). Checked the event logs and database server logs nothing unusual that jumps. Same set of jobs run on the servers everyday. Total size of all databases combined is 200 GB.

So how to find what is causing the large data transfers between the database server and web server ? We have no visibility into what this data is other than total bytes sent and received through firewall log.

Any pointers would be highly appreciated. Have already checked for malicious activity - nothing we can find.



No comments:

Post a Comment