Re: [mrtg] Large Master Config Vulnerability

This is a discussion on Re: [mrtg] Large Master Config Vulnerability within the MRTG forums, part of the Networking and Network Related category; On Thu, 2008-04-17 at 11:39 -0500, Brad Lodgen wrote: > Hi everyone, > > I'm running ...


Go Back   Usenet Forums > Networking and Network Related > MRTG

Reload this Page Re: [mrtg] Large Master Config Vulnerability

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-17-2008
Daniel J McDonald
 
Posts: n/a
Default Re: [mrtg] Large Master Config Vulnerability
On Thu, 2008-04-17 at 11:39 -0500, Brad Lodgen wrote:
> Hi everyone,
>
> I'm running a master config with hundreds of include lines and
> thousands of targets.

Ditto.

> This type of setup is vulnerable to errors in config files and/or
> changes made in the field not being immediately updated within the
> configs. If there are a few errors or changes out in the field to
> ports causing them to become 'unpollable', it causes the MRTG polling
> interval to go over five minutes because it's retrying those
> interfaces.

What version are you running? Dead host detection got noticeably better
in 2.15.1


> At the moment, with only about 30 error lines in my log(equating to
> about 15 interfaces/targets), it's causing MRTG to take 7-9 minutes to
> complete polling.

How many forks are you running? More forks will help. I also limit
retries. e.g.:
Target[random-router.example.com.cpu1]:
cpmCPUTotal5secRev.1&cpmCPUTotal1minRev.1:public@r andom-router.example.com::2:1:1:3

::2:1:1 is read "try twice. Wait 1 second after the first attempt, and
add a second for each subsequent attempt". So, I have a maximum of 3
seconds. The default is 3 polls with a 10 second timer, or 30 seconds.


> As this is a very small percentage compared to the total amount of
> targets being polled, I'm trying to figure out a way to get around
> this, if possible, or at least to minimize the effects.
>
> Is anyone else running a system like this or does anyone have

> suggestions to try?

Yes. Current code. Plentiful forks. Short timeouts.

That doesn't affect one other problem I have. If I get an Include: line
without the file existing (it happens, particularly since I generate the
master file from a script reading a database...) then the whole thing
just stops. I would like a "try to include" option that looks for the
file, but if it can't find it will still process the other 471 include
files...

I know, I know, I should just write it and submit the code.... Maybe in
August I might have a few days...

--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com

_______________________________________________
mrtg mailing list
mrtg@lists.oetiker.ch
https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:34 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0