Dynamic indexes

Previously, we monitored incoming traffic on the eth0 device using an active Zabbix agent daemon item. If we have snmpd set up and running, we can also try retrieving outgoing traffic but, this time, let's try to use SNMP for that.

Monitoring network traffic using the Zabbix agent daemon is usually easier, but SNMP monitoring is the only way to obtain this information for many network devices, such as switches and routers. If you have such a device available, you can try monitoring it instead, though the network interface name will most likely differ.

One way to find the item we are interested in would be to redirect the output of snmpwalk to a file and then examine that file. Looking at the output, there are lines such as these:

IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0

Great, so the desired interface, eth0 in this case, has an index of 2. Nearby, we can find actual information we are interested in-traffic values:

IF-MIB::ifOutOctets.1 = Counter32: 1825596052
IF-MIB::ifOutOctets.2 = Counter32: 1533857263

So, theoretically, we could add an item with the IF-MIB::ifOutOctets.2 OID and name it appropriately. Unfortunately, there are devices that change interface index now and then. Also, the index for a particular interface is likely to differ between devices, hence potentially creating a configuration nightmare. This is where dynamic index support in Zabbix comes into use.

Let's look at what a dynamic index item OID would look like in this case:

Database OID

Literal string "index"

 Index-based OID

Index string

IF-MIB::ifOutOctets[

"index",

"ifDescr",

"eth0"]

 

Let's have a quick overview what this all means to us:

  • Database OID: This is the base part of the OID that holds the data we are interested in, that is, without the actual index. In this case, it's the OID leading to ifOutOctets, in any notation.
  • Literal string "index": This is the same for all dynamic index items.
  • Index-based OID: This is the base part of the OID that holds the index we are interested in. In this case, it's the OID leading to ifDescr, in any notation.
  • Index string: This is the string that the index part of the tree is searched for. This is an exact, case-sensitive match of all OIDs from the previous base OID. Here, the name of the interface we are interested in, eth0, will be searched for. No substring or other matching is allowed here.

The index that this search will return will be added to the database OID, and the following queries will gather values from the resulting OID.

You can easily view the index to determine the correct string to search for with Net-SNMP tools:

$ snmpwalk -v 2c -c public localhost .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0
IF-MIB::ifDescr.3 = STRING: sit0

As can be seen, this machine has three interfaces—loopback, Ethernet, and a tunnel. The picture will be very different for some other devices. For example, an HP ProCurve Switch would return (with the output shortened) the following:

$ snmpwalk -v 2c -c public 10.196.2.233 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
IF-MIB::ifDescr.1 = STRING: 1
IF-MIB::ifDescr.2 = STRING: 2
...
IF-MIB::ifDescr.49 = STRING: 49
IF-MIB::ifDescr.50 = STRING: 50
IF-MIB::ifDescr.63 = STRING: DEFAULT_VLAN
IF-MIB::ifDescr.4158 = STRING: HP ProCurve Switch software loopback interface

Now that we know the OID to use for dynamic index items, let's create one such item in Zabbix:

  1. Navigate to Configuration | Hosts, click on Items next to the correct host you want to create the item for, and click on Create item. Fill in the following values:
    • Name: Outgoing traffic on interface $1
    • Type: SNMPv2 agent
    • Key: ifOutOctets[eth0]
    • SNMP OID: IF-MIB::ifOutOctets["index","ifDescr","eth0"]
    • Units: Bps
    • Store value: Delta (speed per second)

Same as before, replace eth0 with an interface name that exists on the target system.

  1. When you are done, click on the Add button at the bottom.
Make sure that the compound OID is entered correctly, paying close attention to quotes and spelling. We discussed the reason to use the Numeric (unsigned) type of information in Chapter 3, Monitoring with Zabbix Agents and Basic Protocols.

The newly added item should start gathering data, so let's look at Monitoring | Latest data. If you don't see this item or the data for it, navigate back to Configuration | Hosts and click on Items next to the corresponding host—there should be an error message displayed that should help with fixing the issue. If you have correctly added the item, you'll see the traffic data, as follows:

Remember that if the index matches the exact string, a substring match will not work here.

Dynamic index items are quite common. Many network devices have fixed port names but varying indexes. Host-based SNMP agents place things such as disk usage and memory statistics in dynamic indexes; thus, if you have such devices to monitor, Zabbix support for them will be handy.

Using dynamic index items can slightly increase overall load, as two SNMP values are required to obtain the final data. Zabbix caches retrieved index information, so the load increase should not be noticeable.

A dynamic SNMP index enables us to easily monitor a specific interface or other entity by name, but it would not be a very efficient method for monitoring a larger number of interfaces. We will discuss an automated solution, low-level discovery, in Chapter 10, Advanced Item Monitoring.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.19.56.45