[mrtg] Large Master Config Vulnerability
Anson Rinesmith
arinesmith at bigrivertelephone.com
Thu Apr 17 19:32:25 CEST 2008
>From the cfgmaker manual.
The next example demonstrates how to use the --community, --snmp-options and
--dns-domain to make the command line simpler. All the equipment will use
the community hidden, except for the ppp-server which use community access.
All equipment uses these SNMP options: 1s timeout, 1 retry and SNMP version
2
cfgmaker --global "WorkDir: /home/tobi" \
--global "Options[_]: growright,bits" \
--dns-domain=place.xyz \
--community=hidden \
--snmp-options=::1:1::2
So you can limit your retries and the timeout. The cfgmaker default is
:::::2.
>From the references manual.
timeout
initial timeout for SNMP queries, in seconds (default: 2.0)
retries
number of times a timed-out request will be retried (default: 5)
backoff
factor by which the timeout is multiplied on every retry (default: 1.0).
_____
From: Mersberger, Robert [mailto:robert.mersberger at goldenliving.com]
Sent: Thursday, April 17, 2008 12:12 PM
To: Anson Rinesmith; Brad Lodgen; mrtg at lists.oetiker.ch
Subject: RE: [mrtg] Large Master Config Vulnerability
I have all my configs in one directory and run mrtg as a cron job with the
following script.
#! /bin/bash
for fn in /etc/mrtg/*.cfg; do
env LANG=C /usr/bin/mrtg "$fn" &
done
Maybe this will would for you. I have been down the include route and I
agree it does cause problems.
_____
From: mrtg-bounces at lists.oetiker.ch [mailto:mrtg-bounces at lists.oetiker.ch]
On Behalf Of Anson Rinesmith
Sent: Thursday, April 17, 2008 11:47 AM
To: 'Brad Lodgen'; mrtg at lists.oetiker.ch
Subject: Re: [mrtg] Large Master Config Vulnerability
You could always limit the number of retries.
A second option is to break up the master config file into other smaller
files, and therefore when something breaks only that smaller portion is
broken and the rest of your polls proceed without error.
_____
From: mrtg-bounces at lists.oetiker.ch [mailto:mrtg-bounces at lists.oetiker.ch]
On Behalf Of Brad Lodgen
Sent: Thursday, April 17, 2008 11:39 AM
To: mrtg at lists.oetiker.ch
Subject: [mrtg] Large Master Config Vulnerability
Hi everyone,
I'm running a master config with hundreds of include lines and thousands of
targets. This type of setup is vulnerable to errors in config files and/or
changes made in the field not being immediately updated within the configs.
If there are a few errors or changes out in the field to ports causing them
to become 'unpollable', it causes the MRTG polling interval to go over five
minutes because it's retrying those interfaces. At the moment, with only
about 30 error lines in my log(equating to about 15 interfaces/targets),
it's causing MRTG to take 7-9 minutes to complete polling. As this is a very
small percentage compared to the total amount of targets being polled, I'm
trying to figure out a way to get around this, if possible, or at least to
minimize the effects.
Is anyone else running a system like this or does anyone have suggestions to
try?
Thanks in advance for any help!
Brad
Please consider the environment before printing this e-mail.
CONFIDENTIAL NOTICE:
This e-mail message and any attachment(s) (collectively, this 'Email') are
intended
only for the confidential use of the recipient(s) named above. If the reader
of this
message is not the intended recipient named above or an agent responsible
for
delivering it to the intended recipient named above, you have received this
Email in error.
Please notify the sender immediately and permanently delete this Email and
any copies thereof.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oetiker.ch/pipermail/mrtg/attachments/20080417/17f86725/attachment-0001.html
More information about the mrtg
mailing list