Hi everyone, Quick question. We're currently using MRTG to monitor traffic on a number of cisco switches connected to various customers. Now, this is all great and everything, except there's no real way to monitor if a customer's traffic goes completely out of whack (i.e. they start hammering 20 mbps instead of 300kbps) without manually checking MRTG every few minutes (and that'd be kinda time-consuming, you'd think.) We also show individual MRTG pages to our customer base via some handy mods we made. So my question is...what's out there that will allow us to check thresholds on traffic, and notify us if needed? We do have monitoring stations, running CastleRock SNMPc software. We have it set up to tell us when there's broadcast storms and suff, but I've never seen anything for actual traffic monitoring. Thanks in advance! -Rob.
Rob Mitzel wrote:
So my question is...what's out there that will allow us to check thresholds on traffic, and notify us if needed?
RMON alarms and events for one. These are available on pretty much all recent versions of IOS. You can set a rising or falling threshhold on any MIB variable you like, and period of time between polls. This will generate a trap to a network management station, and you can choose to do what with you will the alarms. If you want to tie this stuff into scripts you can use the net-snmp trap daemon to call various trap handlers that could do something keep track of the duration of the spike or send an alert. Another thing that is out there in later releases is the EVENT MIB. This is probably overkill for what you want, and the only way to configure it is through SNMP. For all of this stuff there is documentation on CCO. For RMON alarms and events, see: http://www.cisco.com/warp/public/477/RMON/18.shtml For the EVENT MIB see: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121... The net-snmp package is available at SourceForge: http://sourceforge.net/projects/net-snmp Eliot
Hi Rob, Micromuse's Netcool/USM (Usage Service Monitors) will allow you to monitor traffic on a per user or per port (type) basis. The USMs allow you to monitor and generate notifications for defined thresholds and usage patterns. Here is a URL to a more complete spec sheet: http://www.micromuse.com/downloads/pdf_lit/USMs.pdf Note: I work for Micromuse as a systems engineer, managing the integration of our products at our customers' facilities. -Jim P.
-----Original Message----- From: owner- [mailto:owner-nanog@merit.edu]On Behalf Of Rob Mitzel Sent: Monday, August 26, 2002 2:54 AM To: nanog@merit.edu Subject: Traffic Threshold monitoring?
Hi everyone,
Quick question. We're currently using MRTG to monitor traffic on a number of cisco switches connected to various customers. Now, this is all great and everything, except there's no real way to monitor if a customer's traffic goes completely out of whack (i.e. they start hammering 20 mbps instead of 300kbps) without manually checking MRTG every few minutes (and that'd be kinda time-consuming, you'd think.) We also show individual MRTG pages to our customer base via some handy mods we made.
So my question is...what's out there that will allow us to check thresholds on traffic, and notify us if needed? We do have monitoring stations, running CastleRock SNMPc software. We have it set up to tell us when there's broadcast storms and suff, but I've never seen anything for actual traffic monitoring.
Thanks in advance!
-Rob.
## On 2002-08-25 23:54 -0700 Rob Mitzel typed: RM> RM> Hi everyone, RM> RM> Quick question. We're currently using MRTG to monitor traffic on a RM> number of cisco switches connected to various customers. Now, this is RM> all great and everything, except there's no real way to monitor if a RM> customer's traffic goes completely out of whack (i.e. they start RM> hammering 20 mbps instead of 300kbps) without manually checking MRTG RM> every few minutes (and that'd be kinda time-consuming, you'd think.) We RM> also show individual MRTG pages to our customer base via some handy mods RM> we made. Try searching <http://people.ee.ethz.ch/~oetiker/webtools/mrtg/reference.html> for "THRESHOLD CHECKING" at which point (hopefully ;-) you can RTFM .. -- Rafi
Rob, we wrote a perl script that scans the mrtg automatically-generated web pages and compares todays Average to yesterday's Average and then sends an e-mail if the diferences is over 3x. This is done every day. If you wanted you could do a similar script, checking every 5 minutes for the 'current in' verses a monthly 'average' and send email acordingly. Scanning the text in the automatically created html page allows you to create any custom crafted rules. Art On Mon, 26 Aug 2002, Rafi Sadowsky wrote:
## On 2002-08-25 23:54 -0700 Rob Mitzel typed:
RM> RM> Hi everyone, RM> RM> Quick question. We're currently using MRTG to monitor traffic on a RM> number of cisco switches connected to various customers. Now, this is RM> all great and everything, except there's no real way to monitor if a RM> customer's traffic goes completely out of whack (i.e. they start RM> hammering 20 mbps instead of 300kbps) without manually checking MRTG RM> every few minutes (and that'd be kinda time-consuming, you'd think.) We RM> also show individual MRTG pages to our customer base via some handy mods RM> we made.
Try searching <http://people.ee.ethz.ch/~oetiker/webtools/mrtg/reference.html> for "THRESHOLD CHECKING" at which point (hopefully ;-) you can RTFM ..
-- Rafi
Art Houle e-mail: houle@acns.fsu.edu. Academic Computing & Network Services Voice: 850-644-2591 Florida State University FAX: 850-644-8722
Yo Rob! On Sun, 25 Aug 2002, Rob Mitzel wrote:
So my question is...what's out there that will allow us to check thresholds on traffic, and notify us if needed?
I use Nagios: http://www.nagios.org. It used to be called Netsaint. If it does not do exactly what you want then you can easily right a plug-in to do it. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
participants (6)
-
Art Houle -
Eliot Lear -
Gary E. Miller -
Jim Popovitch -
Rafi Sadowsky -
Rob Mitzel