snmp2rrd - a simple poller

Introduction

snmp2rrd is a replacement for an */5 cron job which does SNMP polling for network interface graphs.

It features the old school select() based loop strategy where Interfaces are polled in a stateless fashion. One control flow sends probes periodically and another considers incoming answers. Once an answer arrives it is archived in RRD under its arrival time. Lost requests are left to RRD and will probably display as unknowns.

In order to increase graph updates and resolution of events (and spikes) default sampling interval is reduced to 20 seconds. Shorter changes in network traffic becomes more visible. Below are shown two DDoS attacks, the higher resolution shows the first attack to be a significant event though it has a short duration.

The increased resolution may also cause artifacts if polled equipment doesn't update counters that often.

Although not very polished the source is available:

git clone http://martin.topholm.eu/snmp2rrd.git

Currently hardcoded are community string and default oids are ifHCInOctets and ifHCOutOctets. To create a compatible RRD (1 hour full resolution, approx. 1830 days consolidated):

INTERVAL=20
MAX=1250000000
rrdtool create interface.rrd2 -s $INTERVAL \
    DS:ifHCInOctets:COUNTER:60:0:$MAX \
    DS:ifHCOutOctets:COUNTER:60:0:$MAX \
    RRA:AVERAGE:0.5:1:180 \
    RRA:AVERAGE:0.5:15:527040 \
    RRA:MAX:0.5:15:527040

It may be desireable to increase $MAX a bit to compensate for polling artifacts.

Sample configuration:

192.168.1.1    .1    interface.rrd

Manual page - snmp2rrd(8)

SNMP2RRD(8)               BSD System Manager's Manual              SNMP2RRD(8)

NAME
     snmp2rrd — Snmp based RRD updater tool

SYNOPSIS
     snmp2rrd [-dhsvV] [-f configuration] [-i interval] [-p pidfile]
              [oid [...]]

DESCRIPTION
     snmp2rrd is a SNMP based poller designed to extract statistics from net‐
     work devices and place into RRD-files.

     snmp2rrd will read lines from configuration.  Lines must consist of three
     whitespace seperated fields: hostname (or ip), interfaceindex and desti‐
     nation datafile. Example:
           192.168.5.35 .2 /tmp/asdf.rrd

     This will add the interfaceindex 2 on host 192.168.5.35 to the pollcycle.

     Each host will be polled with the given oid (or ifHCInOctets and ifH‐
     COutOctets) with interfaceindex appended. In the above example
     ``192.168.5.35'' would be queried for two oids:

           IF-MIB::ifHCInOctets.2
           IF-MIB::ifHCOutOctets.2

     The results of these will be passed directly to librrd, equivalent to the
     following:

           rrdtool update 127.0.0.1_1.rrd N:aaaa:bbbb


OPTIONS
     -d      Don't fork off a daemon process.

     -h      This option prints a usage summary and exits.

     -f configuration
             Specifies configuration file to read.

     -i interval
             Specifies polling cycle interval in seconds. Default is 20 sec‐
             onds.

     -p pidfile
             snmp2rrd will write its PID to this file before starting to poll.
             Default is not to write a pidfile.

     -s      snmp2rrd will use syslog(8) to log diagnostic messages using the
             LOG_USER facility.

     -v      When logging to stderr (i.e. not syslog) include warnings in out‐
             put.  When specified twice will include further debug informa‐
             tion.

     -V      will echo its version number and exit.

     oid     It is possible to specify up to MAXOIDS (5) to be polled instead
             of the default ifHCInOctets and ifHCOutOctets. It is importaint
             to note that the ifindex will be appended to the given oid. So
             polling regular non-table oids is kind of akward.

DIAGNOSTICS
     readconfig: invalid oid given
             A given oid could not be parsed.

     readconfig: unable to resolve host in line %d
             A name resolution error.

     readconfig: unable to parse line %d
             Unable to parse line, most likely interfaceindex wasn't presented
             as expected. They should start with a period (.).

     netiorecv: unknown host %s
             A packet was received from an host not known.

     netiorecv: Invalid argument
             A malformed response was received.

     netiorecv: Input/output error
             Datagram wasn't sent in full.

     netiorecv: File exists
             An invalid or otherwise unworkable datafile was specified.

     Argument list too long
             Maximum number of oids exceeded.

     Can't open %s
             Pidfile wasn't accessible.

AUTHORS
     snmp2rrd was written by Martin Topholm <mph@hoth.dk>.

BUGS
     snmp2rrd is heavily dependant on RRD for storage. It would be useful for
     temporary setups to include ascii output for use with gnuplot or the
     likes.

     For larger amounts of polling the current STAILQ implementation may be
     insufficient.

     For short interval or large amounts of polling it is possible snmp2rrd
     will miss its schedule and complain. It could reschedule the pollings but
     it is likely to just happen again. No real good solution is available,
     but to handle this in the presentation layer (i.e. unknown data coloring
     or no points in gnuplot).

     Probably more.

BSD                           September 21, 2008                           BSD

References

snmp2rrd uses bsnmp for parsing and generating ASN1 and PDUs.