Quick question. We're currently using MRTG to monitor traffic on a
number of cisco switches connected to various customers. Now, this is
all great and everything, except there's no real way to monitor if a
customer's traffic goes completely out of whack (i.e. they start
hammering 20 mbps instead of 300kbps) without manually checking MRTG
every few minutes (and that'd be kinda time-consuming, you'd think.) We
also show individual MRTG pages to our customer base via some handy mods
we made.
So my question is...what's out there that will allow us to check
thresholds on traffic, and notify us if needed? We do have monitoring
stations, running CastleRock SNMPc software. We have it set up to tell
us when there's broadcast storms and suff, but I've never seen anything
for actual traffic monitoring.
So my question is...what's out there that will allow us to check
thresholds on traffic, and notify us if needed?
RMON alarms and events for one. These are available on pretty much all recent versions of IOS. You can set a rising or falling threshhold on any MIB variable you like, and period of time between polls. This will generate a trap to a network management station, and you can choose to do what with you will the alarms.
If you want to tie this stuff into scripts you can use the net-snmp trap daemon to call various trap handlers that could do something keep track of the duration of the spike or send an alert.
Another thing that is out there in later releases is the EVENT MIB. This is probably overkill for what you want, and the only way to configure it is through SNMP.
For all of this stuff there is documentation on CCO.
Micromuse's Netcool/USM (Usage Service Monitors) will allow you to monitor
traffic on a per user or per port (type) basis. The USMs allow you to
monitor and generate notifications for defined thresholds and usage
patterns.
Quick question. We're currently using MRTG to monitor traffic on a
number of cisco switches connected to various customers. Now, this is
all great and everything, except there's no real way to monitor if a
customer's traffic goes completely out of whack (i.e. they start
hammering 20 mbps instead of 300kbps) without manually checking MRTG
every few minutes (and that'd be kinda time-consuming, you'd think.) We
also show individual MRTG pages to our customer base via some handy mods
we made.
we wrote a perl script that scans the mrtg automatically-generated web
pages and compares todays Average to yesterday's Average and then sends an
e-mail if the diferences is over 3x. This is done every day. If you
wanted you could do a similar script, checking every 5 minutes for the
'current in' verses a monthly 'average' and send email acordingly.
Scanning the text in the automatically created html page allows you to
create any custom crafted rules.
you can RTFM ..