[mrtg] Large Master Config Vulnerability

Anson Rinesmith arinesmith at bigrivertelephone.com
Thu Apr 17 19:32:25 CEST 2008

>From the cfgmaker manual.

The next example demonstrates how to use the --community, --snmp-options and
--dns-domain to make the command line simpler. All the equipment will use
the community hidden, except for the ppp-server which use community access.
All equipment uses these SNMP options: 1s timeout, 1 retry and SNMP version
cfgmaker --global "WorkDir: /home/tobi"           \
          --global "Options[_]: growright,bits"    \
          --dns-domain=place.xyz                   \
          --community=hidden                       \



So you can limit your retries and the timeout. The cfgmaker default is

>From the references manual.


initial timeout for SNMP queries, in seconds (default: 2.0)


number of times a timed-out request will be retried (default: 5)


factor by which the timeout is multiplied on every retry (default: 1.0).




From: Mersberger, Robert [mailto:robert.mersberger at goldenliving.com] 
Sent: Thursday, April 17, 2008 12:12 PM
To: Anson Rinesmith; Brad Lodgen; mrtg at lists.oetiker.ch
Subject: RE: [mrtg] Large Master Config Vulnerability


I have all my configs in one directory and run mrtg as a cron job with the
following script.


#! /bin/bash


for fn in /etc/mrtg/*.cfg; do
        env LANG=C /usr/bin/mrtg "$fn" &


Maybe this will would for you.  I have been down the include route and I
agree it does cause problems.




From: mrtg-bounces at lists.oetiker.ch [mailto:mrtg-bounces at lists.oetiker.ch]
On Behalf Of Anson Rinesmith
Sent: Thursday, April 17, 2008 11:47 AM
To: 'Brad Lodgen'; mrtg at lists.oetiker.ch
Subject: Re: [mrtg] Large Master Config Vulnerability

You could always limit the number of retries.

A second option is to break up the master config file into other smaller
files, and therefore when something breaks only that smaller portion is
broken and the rest of your polls proceed without error.



From: mrtg-bounces at lists.oetiker.ch [mailto:mrtg-bounces at lists.oetiker.ch]
On Behalf Of Brad Lodgen
Sent: Thursday, April 17, 2008 11:39 AM
To: mrtg at lists.oetiker.ch
Subject: [mrtg] Large Master Config Vulnerability


Hi everyone,

I'm running a master config with hundreds of include lines and thousands of
targets. This type of setup is vulnerable to errors in config files and/or
changes made in the field not being immediately updated within the configs.
If there are a few errors or changes out in the field to ports causing them
to become 'unpollable', it causes the MRTG polling interval to go over five
minutes because it's retrying those interfaces. At the moment, with only
about 30 error lines in my log(equating to about 15 interfaces/targets),
it's causing MRTG to take 7-9 minutes to complete polling. As this is a very
small percentage compared to the total amount of targets being polled, I'm
trying to figure out a way to get around this, if possible, or at least to
minimize the effects.

Is anyone else running a system like this or does anyone have suggestions to

Thanks in advance for any help!

Please consider the environment before printing this e-mail. 

This e-mail message and any attachment(s) (collectively, this 'Email') are
only for the confidential use of the recipient(s) named above. If the reader
of this 
message is not the intended recipient named above or an agent responsible
delivering it to the intended recipient named above, you have received this
Email in error. 
Please notify the sender immediately and permanently delete this Email and
any copies thereof.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oetiker.ch/pipermail/mrtg/attachments/20080417/17f86725/attachment-0001.html 

More information about the mrtg mailing list