snmp2rrd is a replacement for an */5 cron job which does SNMP polling for network interface graphs.
It features the old school select() based loop strategy where Interfaces are polled in a stateless fashion. One control flow sends probes periodically and another considers incoming answers. Once an answer arrives it is archived in RRD under its arrival time. Lost requests are left to RRD and will probably display as unknowns.
In order to increase graph updates and resolution of events (and spikes) default sampling interval is reduced to 20 seconds. Shorter changes in network traffic becomes more visible. Below are shown two DDoS attacks, the higher resolution shows the first attack to be a significant event though it has a short duration.
The increased resolution may also cause artifacts if polled equipment doesn't update counters that often.
Although not very polished the source is available:
git clone http://martin.topholm.eu/snmp2rrd.git
Currently hardcoded are community string and default oids are ifHCInOctets and ifHCOutOctets. To create a compatible RRD (1 hour full resolution, approx. 1830 days consolidated):
INTERVAL=20 MAX=1250000000 rrdtool create interface.rrd2 -s $INTERVAL \ DS:ifHCInOctets:COUNTER:60:0:$MAX \ DS:ifHCOutOctets:COUNTER:60:0:$MAX \ RRA:AVERAGE:0.5:1:180 \ RRA:AVERAGE:0.5:15:527040 \ RRA:MAX:0.5:15:527040
It may be desireable to increase $MAX a bit to compensate for polling artifacts.
192.168.1.1 .1 interface.rrd
SNMP2RRD(8) BSD System Manager's Manual SNMP2RRD(8) NAME snmp2rrd — Snmp based RRD updater tool SYNOPSIS snmp2rrd [-dhsvV] [-f configuration] [-i interval] [-p pidfile] [oid [...]] DESCRIPTION snmp2rrd is a SNMP based poller designed to extract statistics from net‐ work devices and place into RRD-files. snmp2rrd will read lines from configuration. Lines must consist of three whitespace seperated fields: hostname (or ip), interfaceindex and desti‐ nation datafile. Example: 192.168.5.35 .2 /tmp/asdf.rrd This will add the interfaceindex 2 on host 192.168.5.35 to the pollcycle. Each host will be polled with the given oid (or ifHCInOctets and ifH‐ COutOctets) with interfaceindex appended. In the above example ``192.168.5.35'' would be queried for two oids: IF-MIB::ifHCInOctets.2 IF-MIB::ifHCOutOctets.2 The results of these will be passed directly to librrd, equivalent to the following: rrdtool update 127.0.0.1_1.rrd N:aaaa:bbbb OPTIONS -d Don't fork off a daemon process. -h This option prints a usage summary and exits. -f configuration Specifies configuration file to read. -i interval Specifies polling cycle interval in seconds. Default is 20 sec‐ onds. -p pidfile snmp2rrd will write its PID to this file before starting to poll. Default is not to write a pidfile. -s snmp2rrd will use syslog(8) to log diagnostic messages using the LOG_USER facility. -v When logging to stderr (i.e. not syslog) include warnings in out‐ put. When specified twice will include further debug informa‐ tion. -V will echo its version number and exit. oid It is possible to specify up to MAXOIDS (5) to be polled instead of the default ifHCInOctets and ifHCOutOctets. It is importaint to note that the ifindex will be appended to the given oid. So polling regular non-table oids is kind of akward. DIAGNOSTICS readconfig: invalid oid given A given oid could not be parsed. readconfig: unable to resolve host in line %d A name resolution error. readconfig: unable to parse line %d Unable to parse line, most likely interfaceindex wasn't presented as expected. They should start with a period (.). netiorecv: unknown host %s A packet was received from an host not known. netiorecv: Invalid argument A malformed response was received. netiorecv: Input/output error Datagram wasn't sent in full. netiorecv: File exists An invalid or otherwise unworkable datafile was specified. Argument list too long Maximum number of oids exceeded. Can't open %s Pidfile wasn't accessible. AUTHORS snmp2rrd was written by Martin Topholm <firstname.lastname@example.org>. BUGS snmp2rrd is heavily dependant on RRD for storage. It would be useful for temporary setups to include ascii output for use with gnuplot or the likes. For larger amounts of polling the current STAILQ implementation may be insufficient. For short interval or large amounts of polling it is possible snmp2rrd will miss its schedule and complain. It could reschedule the pollings but it is likely to just happen again. No real good solution is available, but to handle this in the presentation layer (i.e. unknown data coloring or no points in gnuplot). Probably more. BSD September 21, 2008 BSD
snmp2rrd uses bsnmp for parsing and generating ASN1 and PDUs.