check_broadcast_threshold plugin ...

Andreas Ericsson ae at op5.se
Fri May 6 05:10:10 CEST 2005

Previous message: check_broadcast_threshold plugin ...
Next message: check_squid
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stanley Hopcroft wrote:
> Dear Folks,
> 
> Some people have gig switch infrastructure operating at layer two. 
> People in such a mess _need_ to know about broadcast/multicast storms 
> ... (yes, I know what sensible people have done for the last twenty 
> years ..).
> 
> Apart from RMON traps, can anyone suggest a plugin, or a probe or an 
> approach that would be useful as a Nagios plugin to raise an alert for a 
> broadcast rate over a threshold (on the monitored host, no need to worry 
> about other segments ...).
> 
> Hmm, maybe the RFC1213-MIB::ifInNUcastPkts OID is what I want from the 
> Net-SNMP agent.
> 
> Perhaps this can be polled and stored (by Cricket or some such thing) 
> in an RRD, and then check_rrd or a custom plugin reads the RRD and 
> checks for threshold violations (possibly using Holt-Winters forecast in 
> RRDtoo 1.2).
> 

Forecasts is a no-go if you're hoping to notify on attacks as tools can 
be easily adapted to circumvent such things (several of them already do 
this by slowly incrementing the rate). Use a fixed pkts/sec limit instead.

> Actually, maybe Cricket generating passive service checks is the way to 
> go.
> 
> Any other low budget ideas are very welcome.
> 

A simple hack of check_traffic should do the trick.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_broadcast_threshold plugin ...
Next message: check_squid
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list