[mrtg] Re: ip-filter & mrtg (was Re: Please, help)

Brian Hechinger wonko at entropy.tmok.com
Thu Nov 9 21:13:36 MET 2000

Richard Johnson drunkenly mumbled...
> I use scripts rather than an snmp daemon to gather stats from ipfilter
> because scripts don't listen for connections from outsiders.

and neither does snmp if you don't let it.

> I don't have the time (and most would say I don't have the ability :-) to
> make sure that ucd-snmp is free of buffer overflows.  If you're pulling
> stats off a secure box, you might want to keep that issue in mind.

stats can only be pulled from another "secured" machine, so snmp is probably
not the weak link in my security chain.

> Of course, I'm not trying to count traffic on reallybigpipes or a large
> number of interfaces.  The script support in MRTG seems to use signed
> integers, so it goes negative rather than rolling when dealing with large
> numbers between manual counter resets.  Also, firing up a whole bunch of
> copies of a Perl script, one per interface or value you wish to count, is
> almost certainly going to be slower than a direct SNMP query.

this isn't a matter of you MUST DO IT MY WAY OR ELSE!  i'd like to use snmp.
i'm sure others would as well.  so i'd like to take a stab at it.  if scripts
work for you, by all means, use them.  mrtg isn't the only thing i use that
needs SNMP, so it benefits me to use SNMP where i can so i can use it every-

anyway, i've got ucd-snmp installed on my machine, but what am i supposed to be
looking for?  i did an snmpwalk of my "public" community, and, sure, i see lots
os network stuff, but none of it seems to be ipf related.  anyone know what
i should be looking for?



Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list