naloji mi se da configuriram rmon notificationi koeto ne e neshto osobeno,
vpechetliawashto beshe towa che sled kato razpitah se okaza che dosta malko
internet service provideri polzwat kakwata i da e forma na notification,
(izkliuchwam grafikite koito chertaiat za natowarwaneto na linkovete), ta
jelanieto mi beshe da napravia sistema (bazirana na niakakuw otvren code
kato razledah nagios/jffnms/opennms i dr) koiato da razpoznawa specifichni mibs
i da generira email/sms's kum grupa ot hora, za jalost ne mojah da nakaram scriptovete
koito biaha za tazi cel da rabotiat, kakto i da e, napisal sum na niakolko reda
v primer kak da se polzwa rmon i kak da nabliudawame skorosta na daden interface
na Cisco Device.
------------------------------------------------------------------------------------------------------------------------------------
MIB's that I'm using are private (they're working only on cisco devices)
1.3.6.1.4.1.9.2.2.1.1.8.ifindiex for Outgoing
1.3.6.1.4.1.9.2.2.1.1.6.ifindex for Incoming
-------------------------------------------------------------------------------------------------------------------------------------
First,we need to find out what is the ID of interface's that we want to monitored , that's can happen with snmpwalk command - there is an example
(for it I'm using core1a and interface Gi2/12)
root# snmpwalk -Os -c -v 1 core1a | grep 2/12 "use grep to match wanted interface id"
ifDescr.60 = STRING: GigabitEthernet2/12 "there it is, ifDescr.60"
lets see what is the speed of Gig2/12 on incoming direction:
snmpwalk -Os -On -c -v 1 85.91.0.5 1.3.6.1.4.1.9.2.2.1.1.6.60
.1.3.6.1.4.1.9.2.2.1.1.6.60 = INTEGER: 1055000
show inter gi2/12
GigabitEthernet2/12 is up, line protocol is up (connected)
....
10 minute input rate 1031000 bits/sec, 705 packets/sec
10 minute output rate 176000 bits/sec, 216 packets/sec
...
We add interface ID in the end of community string, just like as in the example:
1.3.6.1.4.1.9.2.2.1.1.6 <- show me incoming traffic then we add .60 [which is interface ID] 1.3.6.1.4.1.9.2.2.1.1.6.60 <- and it's became [show me incoming traffic on Gi2/12] Next Step is to create rmon configurations on the Router or Switch which is very simple: rmon event 1 trap nick description "ifInOctets Rising to Maximum" owner nick rmon alarm 1 lifEntry.6.60 60 absolute rising-threshold 650000 1 falling-threshold 620000 1 owner nick that said's, if rising-threshold reach 650Kbit/s generate trap to snmp-server/s, which is described as event 1 - it's not necessary to make alot of events u can make just few for all situations and using their ID's, falling-threshold is the normal threshold, the digit after lifEntry.6.60 [60] is how often to make check if rmon face the condition that we describe, the router will generate log just like this: Aug 20 10:49:23.110: %RMON-5-RISINGTRAP: Rising trap is generated because the value of lifEntry.6.60 exceeded the rising-threshold value 650000 Usefull links http://www.tldp.org/linuxfocus/English/January1998/article21.html [SNMPwalk] http://www.cisco.com/en/US/tech/tk961/technologies_tech_note09186a0080094478.shtml [RMON]
vpechetliawashto beshe towa che sled kato razpitah se okaza che dosta malko
internet service provideri polzwat kakwata i da e forma na notification,
(izkliuchwam grafikite koito chertaiat za natowarwaneto na linkovete), ta
jelanieto mi beshe da napravia sistema (bazirana na niakakuw otvren code
kato razledah nagios/jffnms/opennms i dr) koiato da razpoznawa specifichni mibs
i da generira email/sms's kum grupa ot hora, za jalost ne mojah da nakaram scriptovete
koito biaha za tazi cel da rabotiat, kakto i da e, napisal sum na niakolko reda
v primer kak da se polzwa rmon i kak da nabliudawame skorosta na daden interface
na Cisco Device.
------------------------------------------------------------------------------------------------------------------------------------
MIB's that I'm using are private (they're working only on cisco devices)
1.3.6.1.4.1.9.2.2.1.1.8.ifindiex for Outgoing
1.3.6.1.4.1.9.2.2.1.1.6.ifindex for Incoming
-------------------------------------------------------------------------------------------------------------------------------------
First,we need to find out what is the ID of interface's that we want to monitored , that's can happen with snmpwalk command - there is an example
(for it I'm using core1a and interface Gi2/12)
root# snmpwalk -Os -c
ifDescr.60 = STRING: GigabitEthernet2/12 "there it is, ifDescr.60"
lets see what is the speed of Gig2/12 on incoming direction:
snmpwalk -Os -On -c
.1.3.6.1.4.1.9.2.2.1.1.6.60 = INTEGER: 1055000
show inter gi2/12
GigabitEthernet2/12 is up, line protocol is up (connected)
....
10 minute input rate 1031000 bits/sec, 705 packets/sec
10 minute output rate 176000 bits/sec, 216 packets/sec
...
We add interface ID in the end of community string, just like as in the example:
1.3.6.1.4.1.9.2.2.1.1.6 <- show me incoming traffic then we add .60 [which is interface ID] 1.3.6.1.4.1.9.2.2.1.1.6.60 <- and it's became [show me incoming traffic on Gi2/12] Next Step is to create rmon configurations on the Router or Switch which is very simple: rmon event 1 trap nick description "ifInOctets Rising to Maximum" owner nick rmon alarm 1 lifEntry.6.60 60 absolute rising-threshold 650000 1 falling-threshold 620000 1 owner nick that said's, if rising-threshold reach 650Kbit/s generate trap to snmp-server/s, which is described as event 1 - it's not necessary to make alot of events u can make just few for all situations and using their ID's, falling-threshold is the normal threshold, the digit after lifEntry.6.60 [60] is how often to make check if rmon face the condition that we describe, the router will generate log just like this: Aug 20 10:49:23.110: %RMON-5-RISINGTRAP: Rising trap is generated because the value of lifEntry.6.60 exceeded the rising-threshold value 650000 Usefull links http://www.tldp.org/linuxfocus/English/January1998/article21.html [SNMPwalk] http://www.cisco.com/en/US/tech/tk961/technologies_tech_note09186a0080094478.shtml [RMON]