Hi Guys,
On a limited number of CentOS & Ubuntu machines we are monitoring with Observium we are seeing dozens of SNMP queries from Observium in a very short window (10-20 seconds).
Snip of the logs from /var/logs/messages
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:55776->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
We are trying to understand why Observium would be sending so many queries back to back as well as why we are seeing this on some machines, but not others.
Thanks!
-Lane
Hi Lane,
Obviously Observium will make a few hundred SNMP queries to every monitored device, in rapid succession, as you obviously want your poller to be as fast as possible.
As to why you're not seeing it, that's most likely because you're not using a packet sniffer and have snmpd configured differently on some machines.
Tom
On 21/11/2014 17:20, Lane Eckley wrote:
Hi Guys,
On a limited number of CentOS & Ubuntu machines we are monitoring with Observium we are seeing dozens of SNMP queries from Observium in a very short window (10-20 seconds).
Snip of the logs from /var/logs/messages
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:55776->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
We are trying to understand why Observium would be sending so many queries back to back as well as why we are seeing this on some machines, but not others.
Thanks!
-Lane
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
There is nothing to see here. Disable that shit in the /etc/defaults/snmpd.conf file. Stupid net-snmp has batshit-crazy defaults.
adam.
------ Original Message ------ From: "Lane Eckley" lane@staff.hypernia.com To: "Observium Network Observation System" observium@observium.org Sent: 11/21/2014 10:20:28 AM Subject: [Observium] Multiple SNMP Queries
Hi Guys,
On a limited number of CentOS & Ubuntu machines we are monitoring with Observium we are seeing dozens of SNMP queries from Observium in a very short window (10-20 seconds).
Snip of the logs from /var/logs/messages
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:55776->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
Nov 21 14:43:52 hostname snmpd[22648]: Connection from UDP: [xxx.xxx.xxx.xxx]:37575->[xxx.xxx.xxx.xxx]
We are trying to understand why Observium would be sending so many queries back to back as well as why we are seeing this on some machines, but not others.
Thanks!
-Lane
participants (3)
-
Adam Armstrong
-
Lane Eckley
-
Tom Laermans