The MRTG Thread

[[]wave]

Lets help each other out try and find OID strings shall we? Maybe turn this thread into a help thread that grows.

Anyways, I've been doing countless MIB walks and after about 10,000 OID returns i'm not finding much.

I wouldn't mind graphing a 11000 Cisco Content Switch - graphing the number of requests to the switch.

I've googled and have not found much.

Post and request away!

 

[skritch]

http://vegan.net/MRTG/

 

[[]wave]

wtf

THANKS, PIMP.

 

[skritch]

Originally posted by []wave
wtf

THANKS, PIMP.

Eh? That link has configs for MRTG to get stats from the 11000 series switches.

 

[[]wave]

and i was unable to find any, so i said thanks,

i wasn't being sarcastic.


ok anyone else need anything?

what about ideas.


i think i'm going to start graphing broadcasts on each network to determine if there is a virus on that network

as many viruii propogate by pushing out to each device on the network (usually sequentially) and by doing so initiating a LOT of arp requests.


if you see a suddent SPIKE in broadcasts (which would then increase router cpu util) then you might want to start sniffing and looking for that device.

 

[skritch]

Originally posted by []wave
and i was unable to find any, so i said thanks,

i wasn't being sarcastic.

Oh, sorry. I honestly wasn't able to tell. It's old age.

 

[skritch]

Originally posted by []wave
i think i'm going to start graphing broadcasts on each network to determine if there is a virus on that network

as many viruii propogate by pushing out to each device on the network (usually sequentially) and by doing so initiating a LOT of arp requests.


if you see a suddent SPIKE in broadcasts (which would then increase router cpu util) then you might want to start sniffing and looking for that device.

I've thought about doing something similar, and there are products that do this as well (usually in the IDS space, and the method is generally classified as "anomoly detection").

Some things to consider:

1) You'd first want to baseline normal broadcast traffic on the whole, and per device, to provide a basis for comparison and determination of what's anomalous behavior on the network

2) You'd want to have different baselines for different times of day, and different days of the week, as broadcast traffic varies accordingly.

3) Network problems other than virus propagation can create an increase in broadcast traffic as well (such as a switch fabric failure or router outage, or IP renumbering, or OS upgrades or mass system reboots).

Things to keep in mind when trying to find signature trends in network flows. Still, it's a good idea.

 

[[]wave]

yes I know IDS; this is a large component.

but it could also be used to graph broadcast traffic against cpu, etc.

lots of ways to do it.

 

[[]wave]

New request.

Nortel Networks passport 8600

When mib walking, I keep getting a Backplane util of 0.

I'm not sure why it is not working when the front LEDs are indicating > 0 % L2 traffic, but whatever.

Anyone have any information on PP8600 backplane capacity graphing?

 

[[]wave]

Originally posted by skritch
http://vegan.net/MRTG/

the
1.3.6.1.4.2467.1.36.14.1.13.1 OID is not available :'(

I have .13.3-11 available, but no .1.13.1 damnit.

 

[shade91]

Find me some OID's for monitoring AS400 hardware. The IBM redbooks have told me nothing.

 

[FLECOM]

how about an Accelar 1200?

 

[[]wave]

Originally posted by FLECOM
how about an Accelar 1200?

have you done a mib walk on it?
im sure rapidcity mib has plenty.