25 Oct
2012
25 Oct
'12
6:44 p.m.
GRSEC: causing a billion mailing list posts since 1998.
adam.
On 25/10/2012 08:59, Bruno Galeppe wrote:
Yeah \o/ I found what's wrong : my kernel is a grsec one, and prevent snmp to gatjer certain data :
/var/log/syslog : Oct 25 15:34:55 xxxxxx snmpd[17514]: snmpd: Cannot open /proc/net/arp
So I boot my monitored device on other kernel, and now the MIB is correctly updated.
Thanks everyone, cannot made it without your help, learn a lot.
2012/10/25 Bruno Galeppe <bgaleppe@adloox.com mailto:bgaleppe@adloox.com>
Ok so, I followed http://www.observium.org/wiki/NetSNMPd_Client_Configuration and take pieter snmpd conf file, and still have the same issue. When I restart snmpd service, i've got a big spike on the graph, but after that nothing else than 0 bit. 2012/10/25 pieter <pieter@insync.za.net <mailto:pieter@insync.za.net>> There was a request for "my basic snmpd.conf": <snip> com2sec readonly default public group MyROGroup v2c readonly view all included .1 80 access MyROGroup "" any noauth exact all none none syslocation I am hiding syscontact You #Distro Detection extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro sysObjectID .1.3.6.1.4.1.22736.1 </snip> On 25.10.2012 07:48, Adam Armstrong wrote: On Linux the counters are only updated every 30 seconds. adam. On 24/10/2012 13:47, Bruno Galeppe wrote: Several devices with the same snmp configuration. Le 24 oct. 2012 20:45, "Adam Armstrong" <adama@memetic.org <mailto:adama@memetic.org>> a écrit : This is on a *single* monitored device? Are you monitoring more than one device? adam. On 24/10/2012 13:42, Bruno Galeppe wrote: I got also that whith the poller -h <hostname> -d command : [4] => Array ( [ifIndex] => 4 [ifDescr] => eth2 [ifType] => ethernetCsmacd [ifMtu] => 1500 [ifSpeed] => 4294967295 [ifPhysAddress] => 0:25:90:25:ed:94 [ifAdminStatus] => up [ifOperStatus] => up [ifLastChange] => 0:0:00:00.00 [ifInOctets] => 2658142616 [ifInUcastPkts] => 350641961 [ifInNUcastPkts] => 30127 [ifInDiscards] => 776355 [ifInErrors] => 0 [ifInUnknownProtos] => 0 [ifOutOctets] => 2304886570 [ifOutUcastPkts] => 3859691055 <tel:3859691055> [5] [ifOutNUcastPkts] => 0 [ifOutDiscards] => 0 [ifOutErrors] => 0 [ifOutQLen] => 0 [ifSpecific] => zeroDotZero [ifName] => eth2 [ifInMulticastPkts] => 30127 [ifInBroadcastPkts] => 0 [ifOutMulticastPkts] => 0 [ifOutBroadcastPkts] => 0 [ifHCInOctets] => 964730816920 [ifHCInUcastPkts] => 4645609257 [ifHCInMulticastPkts] => 30127 [ifHCInBroadcastPkts] => 0 [ifHCOutOctets] => 796873836330 [ifHCOutUcastPkts] => 3859691055 <tel:3859691055> [4] [ifHCOutMulticastPkts] => 0 [ifHCOutBroadcastPkts] => 0 [ifHighSpeed] => 10000 [ifPromiscuousMode] => false [ifConnectorPresent] => true [ifAlias] => [ifCounterDiscontinuityTime] => 0:0:00:00.00 ) ifOutOctets and ifInOctets seem to have valid values But when i run the same command again, the values are exactly the same, althought this a server with huge traffic. MIB seems not been updated... 2012/10/24 Adam Armstrong <adama@memetic.org <mailto:adama@memetic.org>> Yeah, that doesn't help us see what was returned by SNMP, does it? On 24/10/2012 13:27, Bruno Galeppe wrote: For each interface got something like that : SQL[SELECT *, `ports`.`port_id` as `port_id` FROM `ports` LEFT JOIN `ports-state` ON `ports`.port_id = `ports-state`.port_id WHERE `device_id` = '2'] validvalidvalidvalidvalidvalidvalidvalidvalid Port lo(1) HC HC VLAN == ifInOctets (0 B) 0 Bps 10 secs ifOutOctets (0 B) 0 Bps 10 secs ifInErrors (0 B) 0 Bps 10 secs ifOutErrors (0 B) 0 Bps 10 secs ifInUcastPkts (0 B) 0 Bps 10 secs ifOutUcastPkts (0 B) 0 Bps 10 secs bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps)OK u:0.00 s:0.01 r:1.80 RRD[^[[32mupdate /opt/observium/rrd/xxxxxx.xxxxxx.com/port-1.rrd <http://xxxxxx.xxxxxx.com/port-1.rrd> [4] N:28330012544:28330012544:0:0:4273103:4273103:0:0:0:0:0:0:0:0:0^[[0m] SQL[INSERT INTO `ports-state` (`port_id`) VALUES ('1')] Warning: QDB - Insert failed. in /opt/observium/includes/dbFacile.php on line 81 state inserted SQL[UPDATE `ports-state` set `poll_time` ='1351102961',`poll_period` ='10',`ifInOctets` ='28330012544',`ifInOctets_rate` ='0',`ifInOctets_delta` ='0',`ifOutOctets` ='28330012544',`ifOutOctets_rate` ='0',`ifOutOctets_delta` ='0',`ifInErrors` ='0',`ifInErrors_rate` ='0',`ifInErrors_delta` ='0',`ifOutErrors` ='0',`ifOutErrors_rate` ='0',`ifOutErrors_delta` ='0',`ifInUcastPkts` ='4273103',`ifInUcastPkts_rate` ='0',`ifInUcastPkts_delta` ='0',`ifOutUcastPkts` ='4273103',`ifOutUcastPkts_rate` ='0',`ifOutUcastPkts_delta` ='0',`ifInOctets_perc` ='0',`ifOutOctets_perc` ='0',`ifOctets_rate` ='0',`ifUcastPkts_rate` ='0',`ifErrors_rate` ='0' WHERE `port_id` = '1'] 1 updated Port eth0(2) HC VLAN == ifInOctets (0 B) 0 Bps 10 secs ifOutOctets (0 B) 0 Bps 10 secs ifInErrors (0 B) 0 Bps 10 secs ifOutErrors (0 B) 0 Bps 10 secs ifInUcastPkts (0 B) 0 Bps 10 secs ifOutUcastPkts (0 B) 0 Bps 10 secs Warning: Division by zero in /opt/observium/includes/polling/ports.inc.php on line 304 Warning: Division by zero in /opt/observium/includes/polling/ports.inc.php on line 305 2012/10/24 Adam Armstrong <adama@memetic.org <mailto:adama@memetic.org>> try poller.php -h <hostname> -d adam. On 24/10/2012 13:08, Bruno Galeppe wrote: Hi, Tried "tcpdump -i eth2 -n port 161" -> nothing captured :/ Tried "php discovery.php -h all - iirc" and then "/opt/observium/poller.php -h all" still got : "Polling IP-MIB ipSystemStats Caching Oids: ifEntry ifXEntry dot3StatsDuplexStatusvalidvalidvalidvalidvalidvalidvalidvalidvalid Port lo(1) HC HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port eth0(2) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port eth1(3) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port eth2(4) HC HC HighSpeed VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port eth3(5) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port dummy0(6) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port tunl0(7) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port sit0(8) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps) Port ip6tnl0(9) HC VLAN == bps(0bps/0bps)bytes(0B/0B)pkts(0pps/0pps)" Can i have a paste of your snmpd.conf ? Thx. 2012/10/24 Pieter De Wit <pieter@insync.za.net <mailto:pieter@insync.za.net>> Hi, On your observium box, run "tcpdump -i eth"X" -n port 161" and see how much traffic is going to the machine monitored. It sounds like the initial SNMP check works, following which it dies. I saw this on a Ubuntu install where something (ufw, iirc) wasn't happy with the SNMP traffic. Perhaps you should also rediscover the machines (discovery -h all - iirc) OR Make sure that you have permission in SNMP to read that MIB. I have a very very very basic snmpd.conf that I deploy onto the machines. Cheers, Pieter On 25/10/2012 05:01, Bruno Galeppe wrote: :) I certainly did something wrong, but can't figure what I followed the Ubuntu SVN Installation instructions on a Ubuntu 12.04 system. In fact i got one big peak at initialisation (thought it was because the mib never been interrogated), but nothing else after that. 2012/10/24 Adam Armstrong <adama@memetic.org <mailto:adama@memetic.org>> Hrm. These things are quite difficult to diagnose. Did you follow the install instructions properly, and are using a supported OS? (hint: you didn't, otherwise it would work properly) adam. On 24/10/2012 10:51, Bruno Galeppe wrote: Other graph (cpu, ram, disk space...) are ok (except proccess graph which indicate always 1 process for all devices don't know why) 2012/10/24 Adam Armstrong <adama@memetic.org <mailto:adama@memetic.org>> What about the other graphs? adam. On 24/10/2012 10:46, Bruno Galeppe wrote: all the traffic graphs 2012/10/24 Adam Armstrong <adama@memetic.org <mailto:adama@memetic.org>> Is this just the device traffic graph, or all of the traffic graphs? adam. On 24/10/2012 10:43, Bruno Galeppe wrote: Hi, I set up several devices on Obervium, no problem so far, except for the Traffic Graphs which remain empty. For example : http://img4.hostingpics.net/pics/168961data.jpg [2] The RRD file exist, but the data always return 0.00 How can I debug that ? Is there an snmpwalk command to help understand the problem ? Regards, _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [3] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [2] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [2] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [2] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [2] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [2] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [2] _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium Links: ------ [1] http://img4.hostingpics.net/pics/168961data.jpg [2] http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [3] http://xxxxxx.xxxxxx.com/port-1.rrd [4] http://www.insync.za.net/tel:3859691055 _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium