[mrtg] Large Master Config Vulnerability

Daniel J McDonald dan.mcdonald at austinenergy.com
Thu Apr 17 19:38:56 CEST 2008


On Thu, 2008-04-17 at 11:39 -0500, Brad Lodgen wrote:
> Hi everyone,
> 
> I'm running a master config with hundreds of include lines and
> thousands of targets. 

Ditto.

> This type of setup is vulnerable to errors in config files and/or
> changes made in the field not being immediately updated within the
> configs. If there are a few errors or changes out in the field to
> ports causing them to become 'unpollable', it causes the MRTG polling
> interval to go over five minutes because it's retrying those
> interfaces. 

What version are you running?  Dead host detection got noticeably better
in 2.15.1


> At the moment, with only about 30 error lines in my log(equating to
> about 15 interfaces/targets), it's causing MRTG to take 7-9 minutes to
> complete polling.

How many forks are you running?  More forks will help.  I also limit
retries.  e.g.:
Target[random-router.example.com.cpu1]:
cpmCPUTotal5secRev.1&cpmCPUTotal1minRev.1:public at random-router.example.com::2:1:1:3

::2:1:1 is read "try twice.  Wait 1 second after the first attempt, and
add a second for each subsequent attempt".  So, I have a maximum of 3
seconds.  The default is 3 polls with a 10 second timer, or 30 seconds.


>  As this is a very small percentage compared to the total amount of
> targets being polled, I'm trying to figure out a way to get around
> this, if possible, or at least to minimize the effects.
> 
> Is anyone else running a system like this or does anyone have 

> suggestions to try?

Yes.  Current code.  Plentiful forks.  Short timeouts.

That doesn't affect one other problem I have.  If I get an Include: line
without the file existing (it happens, particularly since I generate the
master file from a script reading a database...) then the whole thing
just stops.  I would like a "try to include" option that looks for the
file, but if it can't find it will still process the other 471 include
files...

I know, I know, I should just write it and submit the code....  Maybe in
August I might have a few days...

-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com



More information about the mrtg mailing list