Drill Down Facility in APAN

Jamie Baddeley jamie.baddeley at vpc.co.nz
Fri Apr 25 09:08:07 CEST 2003


Hi Jim,

Thanks for your thoughts. Great stuff.

Yup, SNMP (which really is a oxymoronic acronym) sure is the key element of 
the RRDworld stuff. No surprises really, all the interface bytes/errors etc 
are accessed via snmp.

In the case of traffic thresholds being breached (and us knowing about it), 
we need to decide who the chicken is and who the egg is.

My view is that in the case of traffic analysis the RRDtool is the chicken 
and nagios is the egg. Why? Because I survey the crap out of all interfaces 
in the network with an RRDtool, because I need to have a "global" view of the 
state of traffic flows and trends. So my snmp based RRDtool is going out and 
getting info on everything. all the time.

Where Nagios comes in is when I've got key points in the network that I want 
to keep an eye on. Main peering points, third party transit, dodgy customer 
etc etc. It's simply not practical to apply a critical and warning thresholds 
to every point in the network. Things change too much. If I applied Nagios 
traffic alarms on every point, I'd be changing the thresholds every day 
because the damn customers went and did something that I wasn't expecting.

What's my point? -In the case of traffic the RRDtool is looking at most 
things, and nagios is looking at some things. This means that Nagios should 
leverage what the RRDtool is doing. Not the other way round.

This means we should use the RRDtool to do the "grunt" retrieval work, and 
Nagios to query what's been got.

As for your concern over snmp security, I say Neh! In your general direction! 
(monty python fans take note). Seriously, I think the concerns over snmp here 
are not really that relevant. You should treat snmp community names like 
passwords. you should ensure that only the network management netblock can 
talk snmp to the nodes (via acl's). SNMP is reasonably secure. As usual it's 
what we do with it that makes the difference.

Personally speaking I use Cricket. Extensible, stable, lots of community 
provided add-ons. It's all good. I tried NRG, but the automation was both a 
hindrance and a help. I looked at the other stuff, and it took me too long to 
"get it" so I went to something that I "got" pretty much straight away.

As for integration issues..I think it'll be a balance of functionality and 
code cleanliness. The beauty of OpenSource is we can hack the code to fit. We 
may as well find some good code to hack.

Noting the eminent Mr Hopcroft's comments, I agree with most. Although hey, 
ease up on the email client stuff huh Stan! :-)

I'm guessing that it'll be wrapper around rrdtool fetch that'll end up being 
the catalyst for what we are talking about....

http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/manual/rrdfetch.html


peace.

Jamie


On Fri, 25 Apr 2003 13:54, Carroll, Jim P [Contractor] wrote:
> I spent some time (once again; definitely not my first time) browsing the
> various RRD solutions.  And yes, I agree that picking from one of the
> canned RRD solutions would save many gyrations attempting to make Nagios do
> this.
>
> I ask that you consider the following and give me some idea of what I might
> be up against:
>
> - as near as I can tell, just about all of the RRDworld solutions either
> look at the local host, or require that you use SNMP (cacti is possibly the
> one exception, allowing you to leverage scripts... however, it also
> requires MySQL)
>
> - all roads lead to SNMP
>
> - Nagios already queries the various services on the various hosts; if an
> RRDworld type solution cannot leverage the data already collected by
> Nagios, that means either a) leveraging the Nagios plugins, b) writing a
> custom script, or c) leveraging SNMP
>
> - all roads lead to SNMP
>
> - one of my peers has expressed concern over the security (or lack thereof)
> in SNMP; I'd be curious how to 'lock down' SNMP; I'm already aware of the
> need to change the read-only community name, and I'd like to disable the
> read-write community altogether; I'd also like to be able to say, "unless
> the query is originating from an authorized IP (or subnet), drop the packet
> on the floor"; I'd be interested in hearing about any other ways to tighten
> things up more, without inadvertently causing myself a major headache
>
> - all roads lead to SNMP, provided this hurdle can be overcome
>
> Assuming I can meet the above objectives, my sense is that I'll have a
> fairly large project ahead of me (correct me if I'm wrong).  Target hosts
> include:  Solaris8, RH Linux and Win2k.
>
> Another big question is, which RRDworld tool to implement?
>
> Based on all the above, all should feel free to send me (on the list) your
> comments and recommendations.  :)
>
> jc


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list