[mrtg] Large Master Config Vulnerability
Daniel J McDonald
dan.mcdonald at austinenergy.com
Thu Apr 17 19:38:56 CEST 2008
On Thu, 2008-04-17 at 11:39 -0500, Brad Lodgen wrote:
> Hi everyone,
>
> I'm running a master config with hundreds of include lines and
> thousands of targets.
Ditto.
> This type of setup is vulnerable to errors in config files and/or
> changes made in the field not being immediately updated within the
> configs. If there are a few errors or changes out in the field to
> ports causing them to become 'unpollable', it causes the MRTG polling
> interval to go over five minutes because it's retrying those
> interfaces.
What version are you running? Dead host detection got noticeably better
in 2.15.1
> At the moment, with only about 30 error lines in my log(equating to
> about 15 interfaces/targets), it's causing MRTG to take 7-9 minutes to
> complete polling.
How many forks are you running? More forks will help. I also limit
retries. e.g.:
Target[random-router.example.com.cpu1]:
cpmCPUTotal5secRev.1&cpmCPUTotal1minRev.1:public at random-router.example.com::2:1:1:3
::2:1:1 is read "try twice. Wait 1 second after the first attempt, and
add a second for each subsequent attempt". So, I have a maximum of 3
seconds. The default is 3 polls with a 10 second timer, or 30 seconds.
> As this is a very small percentage compared to the total amount of
> targets being polled, I'm trying to figure out a way to get around
> this, if possible, or at least to minimize the effects.
>
> Is anyone else running a system like this or does anyone have
> suggestions to try?
Yes. Current code. Plentiful forks. Short timeouts.
That doesn't affect one other problem I have. If I get an Include: line
without the file existing (it happens, particularly since I generate the
master file from a script reading a database...) then the whole thing
just stops. I would like a "try to include" option that looks for the
file, but if it can't find it will still process the other 471 include
files...
I know, I know, I should just write it and submit the code.... Maybe in
August I might have a few days...
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
More information about the mrtg
mailing list