Re: [mrtg] Large Master Config Vulnerability

This is a discussion on Re: [mrtg] Large Master Config Vulnerability within the MRTG forums, part of the Networking and Network Related category; This is a multi-part message in MIME format. --===============2054609588== Content-class: urn:content-classes:message Content-Type: multipart/alternative; ...


Go Back   Usenet Forums > Networking and Network Related > MRTG

Reload this Page Re: [mrtg] Large Master Config Vulnerability

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-17-2008
Steve Shipway
 
Posts: n/a
Default Re: [mrtg] Large Master Config Vulnerability
This is a multi-part message in MIME format.

--===============2054609588==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C8A0D3.5D3EA484"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8A0D3.5D3EA484
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

There are several things to try, some have already been mentioned. We
have >4500 targets being polled at the moment and so have had to do all
of them.

=20

1) Set lower SNMP timeout and retry options as other people have said

2) Use the Forks: option to create multiple polling threads. This does
not work in Windows, I think. You need to set a Forks level appropriate
for your system, which depends on the available memory and CPU.

3) Run multiple instances of MRTG by having more than one master.cfg
file. We actually do this by using a home-grown scheduler which builds
the master.cfg files on the fly and takes care of multithreading, and
also temporarily disabled a CFG file if the host/device is down.

4) Get a more powerful polling machine! We use a 2x3GHz Xeon with 6Gb
memory.

5) Split your MRTG over multiple servers. You can get an integrated
frontend if you use the distributed MRTG feature in routers2=20

6) Get faster disks. MRTG also bottlenecks on disk IO, so faster disks
can help the processing finish sooner. We installed an Adaptec SAS
array with multiple spindles.

7) Upgrade MRTG and RRDTool to the latest versions. Apparently they can
handle errors and IO better now.

=20

Steve

=20

=20

________________________________

From: mrtg-bounces@lists.oetiker.ch
[mailto:mrtg-bounces@lists.oetiker.ch] On Behalf Of Brad Lodgen
Sent: Friday, 18 April 2008 04:39
To: mrtg@lists.oetiker.ch
Subject: [mrtg] Large Master Config Vulnerability

=20

Hi everyone,

I'm running a master config with hundreds of include lines and thousands
of targets. This type of setup is vulnerable to errors in config files
and/or changes made in the field not being immediately updated within
the configs. If there are a few errors or changes out in the field to
ports causing them to become 'unpollable', it causes the MRTG polling
interval to go over five minutes because it's retrying those interfaces.
At the moment, with only about 30 error lines in my log(equating to
about 15 interfaces/targets), it's causing MRTG to take 7-9 minutes to
complete polling. As this is a very small percentage compared to the
total amount of targets being polled, I'm trying to figure out a way to
get around this, if possible, or at least to minimize the effects.

Is anyone else running a system like this or does anyone have
suggestions to try?

Thanks in advance for any help!
Brad


------_=_NextPart_001_01C8A0D3.5D3EA484
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
..shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:-132;
mso-list-type:simple;
mso-list-template-ids:631774748;}
@list l0:level1
{mso-level-tab-stop:74.6pt;
mso-level-number-position:left;
margin-left:74.6pt;
text-indent:-18.0pt;}
@list l1
{mso-list-id:-131;
mso-list-type:simple;
mso-list-template-ids:-836054518;}
@list l1:level1
{mso-level-tab-stop:60.45pt;
mso-level-number-position:left;
margin-left:60.45pt;
text-indent:-18.0pt;}
@list l2
{mso-list-id:-130;
mso-list-type:simple;
mso-list-template-ids:1039178634;}
@list l2:level1
{mso-level-tab-stop:46.3pt;
mso-level-number-position:left;
margin-left:46.3pt;
text-indent:-18.0pt;}
@list l3
{mso-list-id:-129;
mso-list-type:simple;
mso-list-template-ids:-423709948;}
@list l3:level1
{mso-level-tab-stop:32.15pt;
mso-level-number-position:left;
margin-left:32.15pt;
text-indent:-18.0pt;}
@list l4
{mso-list-id:-128;
mso-list-type:simple;
mso-list-template-ids:-2140095206;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:74.6pt;
mso-level-number-position:left;
margin-left:74.6pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l5
{mso-list-id:-127;
mso-list-type:simple;
mso-list-template-ids:272678392;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:60.45pt;
mso-level-number-position:left;
margin-left:60.45pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l6
{mso-list-id:-126;
mso-list-type:simple;
mso-list-template-ids:-1702063472;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:46.3pt;
mso-level-number-position:left;
margin-left:46.3pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l7
{mso-list-id:-125;
mso-list-type:simple;
mso-list-template-ids:711862966;}
@list l7:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:32.15pt;
mso-level-number-position:left;
margin-left:32.15pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l8
{mso-list-id:-120;
mso-list-type:simple;
mso-list-template-ids:257733280;}
@list l8:level1
{mso-level-tab-stop:18.0pt;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;}
@list l9
{mso-list-id:-119;
mso-list-type:simple;
mso-list-template-ids:-1624455672;}
@list l9:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:18.0pt;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>

</head>

<body lang=3DEN-GB link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>There are several things to try, =
some have
already been mentioned.&nbsp; We have &gt;4500 targets being polled at =
the moment
and so have had to do all of them.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>1) Set lower SNMP timeout and retry
options as other people have said<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>2) Use the Forks: option to create
multiple polling threads.&nbsp; This does not work in Windows, I =
think.&nbsp; You need to
set a Forks level appropriate for your system, which depends on the =
available
memory and CPU.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>3) Run multiple instances of MRTG =
by
having more than one master.cfg file.&nbsp; We actually do this by using =
a
home-grown scheduler which builds the master.cfg files on the fly and =
takes
care of multithreading, and also temporarily disabled a CFG file if the =
host/device
is down.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>4) Get a more powerful polling =
machine!&nbsp;
We use a 2x3GHz Xeon with 6Gb memory.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>5) Split your MRTG over multiple =
servers.&nbsp;
You can get an integrated frontend if you use the distributed MRTG =
feature in
routers2 <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>6) Get faster disks.&nbsp; MRTG =
also
bottlenecks on disk IO, so faster disks can help the processing finish =
sooner.&nbsp;
We installed an Adaptec SAS array with multiple =
spindles.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>7) Upgrade MRTG and RRDTool to the =
latest
versions.&nbsp; Apparently they can handle errors and IO better =
now.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Steve<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm =
0cm 4.0pt'>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span lang=3DEN-US style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</spa=
n></font></b><font
size=3D2 face=3DTahoma><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:Tahoma'>
mrtg-bounces@lists.oetiker.ch [mailto:mrtg-bounces@lists.oetiker.ch] =
<b><span
style=3D'font-weight:bold'>On Behalf Of </span></b>Brad Lodgen<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Friday, 18 April =
2008 04:39<br>
<b><span style=3D'font-weight:bold'>To:</span></b> =
mrtg@lists.oetiker.ch<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [mrtg] Large =
Master
Config Vulnerability</span></font><span =
lang=3DEN-US><o:p></o:p></span></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>Hi everyone,<br>
<br>
I'm running a master config with hundreds of include lines and thousands =
of
targets. This type of setup is vulnerable to errors in config files =
and/or
changes made in the field not being immediately updated within the =
configs. If
there are a few errors or changes out in the field to ports causing them =
to
become 'unpollable', it causes the MRTG polling interval to go over five
minutes because it's retrying those interfaces. At the moment, with only =
about
30 error lines in my log(equating to about 15 interfaces/targets), it's =
causing
MRTG to take 7-9 minutes to complete polling. As this is a very small
percentage compared to the total amount of targets being polled, I'm =
trying to
figure out a way to get around this, if possible, or at least to =
minimize the
effects.<br>
<br>
Is anyone else running a system like this or does anyone have =
suggestions to
try?<br>
<br>
Thanks in advance for any help!<br>
Brad<o:p></o:p></span></font></p>

</div>

</div>

</body>

</html>

------_=_NextPart_001_01C8A0D3.5D3EA484--


--===============2054609588==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
mrtg mailing list
mrtg@lists.oetiker.ch
https://lists.oetiker.ch/cgi-bin/listinfo/mrtg

--===============2054609588==--

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:40 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0