Cisco 1700 and SNMP MRTG
Hey
Got some routers, got a box runnning MRTG... everything worked fine !
Then I did some config changes, inserted some BR ISDN cards, got attacked by hackers ( just another week in the life of net admin right ? )
Now my MRTG is not loggin any trafic on any routers ?
I'm thinking my SNMP setup was changed some how. I doubt MRTG itself has a problem, as I have it set up on difrent boxes ( all with working configs ) and now NONE of them log anything.
I have rebuilt the MRTG config with config builder, only to compare the XXx.cfg with the Something.cfg that I am using ( this file contains the snmp query setup for the router ) and everything seems to match up.
I dont really know SNMP.... I think I screwed up the snmp config on the router.
What to do ? I need this tool !!
Got some routers, got a box runnning MRTG... everything worked fine !
Then I did some config changes, inserted some BR ISDN cards, got attacked by hackers ( just another week in the life of net admin right ? )
Now my MRTG is not loggin any trafic on any routers ?
I'm thinking my SNMP setup was changed some how. I doubt MRTG itself has a problem, as I have it set up on difrent boxes ( all with working configs ) and now NONE of them log anything.
I have rebuilt the MRTG config with config builder, only to compare the XXx.cfg with the Something.cfg that I am using ( this file contains the snmp query setup for the router ) and everything seems to match up.
I dont really know SNMP.... I think I screwed up the snmp config on the router.
What to do ? I need this tool !!
Les Moore
Did you change the snmp-server community strings on the router?
ASKER
Nope .... I also checked that they are still there, and I also made sure they are still working ok by running the config maker ( it's a app that querys the given IP with the given public read key to "discover" the device and the logable interfaces )
Is it possible that snmp could still be responding to queries but my router no longer keeps the information to be queried ?
Is it possible that snmp could still be responding to queries but my router no longer keeps the information to be queried ?
Xorb ...
you execute your .cfg file in perl ...... and check wat does it say in the end ??? there could be a syntax error in the .cfg
also check, whether you can ping router, and router also ping the mrtg box???
not a big deal to cop with this ... dont worry ...
ASKER
Sheahmed
No errors, deamonizes fine, and stays that way. Ping times either way are not much more than 1 ms.
Funny thing is it's both my routers at the same time.
It's probable that some one tried to bruteForce my snmt keys by trying deafaults.
No errors, deamonizes fine, and stays that way. Ping times either way are not much more than 1 ms.
Funny thing is it's both my routers at the same time.
It's probable that some one tried to bruteForce my snmt keys by trying deafaults.
Xorb ...
your .html and .log are updating ??? can u paste the .cg here? avoid printing ip's and passwords along with ...
can u paste the .cfg* here?
ASKER
Ok ... I'll do you one better ... here is the config as is ... followed by a rebuild I just ran ( dumping a .cfg with a difrent name ) :
# Created by
# cfgmaker ABC-INET@192.168.1.1 --global 'WorkDir: f:\mrtghtml' --output INET.cfg
RunAsDaemon: Yes
Interval: 5
# to get bits instead of bytes and graphs growing to the right
Options[_]: bits
EnableIPv6: no
##########################
# System: ABC-INET
# Description: Cisco Internetwork Operating System Software
# IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5), RELEASE SOFTWARE (fc1)
# Copyright (c) 1986-2003 by cisco Systems, Inc.
# Compiled Tue 28-Oct-03 04:22 by kellythw
# Contact:
# Location:
##########################
### Interface 2 >> Descr: 'Serial0' | Name: 'Se0' | Ip: '196.***.***.193' | Eth: '' ###
Target[192.168.1.1_2]: 2:ABC-INET@192.168.1.1:
SetEnv[192.168.1.1_2]: MRTG_INT_IP="196.***.***.1
MaxBytes[192.168.1.1_2]: 8000
Title[192.168.1.1_2]: Traffic Analysis for 2 -- ABC-INET
PageTop[192.168.1.1_2]: <H1>Traffic Analysis for 2 -- ABC-INET</H1>
<TABLE>
<TR><TD>System:</TD> <TD>ABC-INET in </TD></TR>
<TR><TD>Maintainer:</TD> <TD></TD></TR>
<TR><TD>Description:</TD><
<TR><TD>ifType:</TD> <TD>propPointToPointSerial
<TR><TD>ifName:</TD> <TD>Se0</TD></TR>
<TR><TD>Max Speed:</TD> <TD>8000.0 Bytes/s</TD></TR>
<TR><TD>Ip:</TD> <TD>196.***.***.193 ()</TD></TR>
</TABLE>
WorkDir: c:\progra~1\mrtghtml
#++++++++++++++
Here is the new build done NOW :
# Created by
# cfgmaker ABC-INET@192.168.1.1 -global 'Workdir: C:\progra~1\mrtghtml' --output xxx.cfg
EnableIPv6: no
##########################
# System: ABC-INET
# Description: Cisco Internetwork Operating System Software
# IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5), RELEASE SOFTWARE (fc1)
# Copyright (c) 1986-2003 by cisco Systems, Inc.
# Compiled Tue 28-Oct-03 04:22 by kellythw
# Contact:
# Location:
##########################
### Interface 1 >> Descr: 'BRI0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
### Interface 4 >> Descr: 'FastEthernet0' | Name: 'Fa0' | Ip: '192.168.1.1' | Eth: '00-0e-84-b4-46-77' ###
### I dont graph this interface, so I would coment it out, or, just del it
### Interface 5 >> Descr: 'Serial0' | Name: 'Se0' | Ip: '196.***.***.193' | Eth: '' ###
Target[192.168.1.1_5]: 5:ABC-INET@192.168.1.1:
SetEnv[192.168.1.1_5]: MRTG_INT_IP="196.***.***.1
MaxBytes[192.168.1.1_5]: 8000
Title[192.168.1.1_5]: Traffic Analysis for 5 -- ABC-INET
PageTop[192.168.1.1_5]: <H1>Traffic Analysis for 5 -- ABC-INET</H1>
<TABLE>
<TR><TD>System:</TD> <TD>ABC-INET in </TD></TR>
<TR><TD>Maintainer:</TD> <TD></TD></TR>
<TR><TD>Description:</TD><
<TR><TD>ifType:</TD> <TD>propPointToPointSerial
<TR><TD>ifName:</TD> <TD>Se0</TD></TR>
<TR><TD>Max Speed:</TD> <TD>8000.0 Bytes/s</TD></TR>
<TR><TD>Ip:</TD> <TD>196.***.***.193 ()</TD></TR>
</TABLE>
Workdir: C:\progra~1\mrtghtml
#+++++++++++
Obviously I trimmed these configs for space, keeping only the relivant bits. I also changed the keys and IP'z ( ***.*** = something dot something, but I'm not saying what )
# Created by
# cfgmaker ABC-INET@192.168.1.1 --global 'WorkDir: f:\mrtghtml' --output INET.cfg
RunAsDaemon: Yes
Interval: 5
# to get bits instead of bytes and graphs growing to the right
Options[_]: bits
EnableIPv6: no
##########################
# System: ABC-INET
# Description: Cisco Internetwork Operating System Software
# IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5), RELEASE SOFTWARE (fc1)
# Copyright (c) 1986-2003 by cisco Systems, Inc.
# Compiled Tue 28-Oct-03 04:22 by kellythw
# Contact:
# Location:
##########################
### Interface 2 >> Descr: 'Serial0' | Name: 'Se0' | Ip: '196.***.***.193' | Eth: '' ###
Target[192.168.1.1_2]: 2:ABC-INET@192.168.1.1:
SetEnv[192.168.1.1_2]: MRTG_INT_IP="196.***.***.1
MaxBytes[192.168.1.1_2]: 8000
Title[192.168.1.1_2]: Traffic Analysis for 2 -- ABC-INET
PageTop[192.168.1.1_2]: <H1>Traffic Analysis for 2 -- ABC-INET</H1>
<TABLE>
<TR><TD>System:</TD> <TD>ABC-INET in </TD></TR>
<TR><TD>Maintainer:</TD> <TD></TD></TR>
<TR><TD>Description:</TD><
<TR><TD>ifType:</TD> <TD>propPointToPointSerial
<TR><TD>ifName:</TD> <TD>Se0</TD></TR>
<TR><TD>Max Speed:</TD> <TD>8000.0 Bytes/s</TD></TR>
<TR><TD>Ip:</TD> <TD>196.***.***.193 ()</TD></TR>
</TABLE>
WorkDir: c:\progra~1\mrtghtml
#++++++++++++++
Here is the new build done NOW :
# Created by
# cfgmaker ABC-INET@192.168.1.1 -global 'Workdir: C:\progra~1\mrtghtml' --output xxx.cfg
EnableIPv6: no
##########################
# System: ABC-INET
# Description: Cisco Internetwork Operating System Software
# IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5), RELEASE SOFTWARE (fc1)
# Copyright (c) 1986-2003 by cisco Systems, Inc.
# Compiled Tue 28-Oct-03 04:22 by kellythw
# Contact:
# Location:
##########################
### Interface 1 >> Descr: 'BRI0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
### Interface 4 >> Descr: 'FastEthernet0' | Name: 'Fa0' | Ip: '192.168.1.1' | Eth: '00-0e-84-b4-46-77' ###
### I dont graph this interface, so I would coment it out, or, just del it
### Interface 5 >> Descr: 'Serial0' | Name: 'Se0' | Ip: '196.***.***.193' | Eth: '' ###
Target[192.168.1.1_5]: 5:ABC-INET@192.168.1.1:
SetEnv[192.168.1.1_5]: MRTG_INT_IP="196.***.***.1
MaxBytes[192.168.1.1_5]: 8000
Title[192.168.1.1_5]: Traffic Analysis for 5 -- ABC-INET
PageTop[192.168.1.1_5]: <H1>Traffic Analysis for 5 -- ABC-INET</H1>
<TABLE>
<TR><TD>System:</TD> <TD>ABC-INET in </TD></TR>
<TR><TD>Maintainer:</TD> <TD></TD></TR>
<TR><TD>Description:</TD><
<TR><TD>ifType:</TD> <TD>propPointToPointSerial
<TR><TD>ifName:</TD> <TD>Se0</TD></TR>
<TR><TD>Max Speed:</TD> <TD>8000.0 Bytes/s</TD></TR>
<TR><TD>Ip:</TD> <TD>196.***.***.193 ()</TD></TR>
</TABLE>
Workdir: C:\progra~1\mrtghtml
#+++++++++++
Obviously I trimmed these configs for space, keeping only the relivant bits. I also changed the keys and IP'z ( ***.*** = something dot something, but I'm not saying what )
Workdir: C:\progra~1\mrtghtml ???
write down whole program files inplace of this ...
ABC-INET is ur snmp string?
ASKER
sheahmed
>>Workdir: C:\progra~1\mrtghtml ???
>>write down whole program files inplace of this ...
Ok ... I'll give that a shot, but this worked fine for MONTHS till the day I got hackerwhacked and had to insert some ISDN wic'z ... I dont think it's that
ABC-NET is my snmp string ( but it's not really ... since I am not about to post my snmp string on the web ! it's a placeholder for my real SNMP string, but it's almost exactly like the real thing )
>>Workdir: C:\progra~1\mrtghtml ???
>>write down whole program files inplace of this ...
Ok ... I'll give that a shot, but this worked fine for MONTHS till the day I got hackerwhacked and had to insert some ISDN wic'z ... I dont think it's that
ABC-NET is my snmp string ( but it's not really ... since I am not about to post my snmp string on the web ! it's a placeholder for my real SNMP string, but it's almost exactly like the real thing )
ASKER
I found the problem ! ( I think ! Will have to test it ... but I'm sure it's this )
The one change between my old config and my new config are these lines :
Target[192.168.1.1_2]: 2:ABC-INET@192.168.1.1:
Target[192.168.1.1_5]: 5:ABC-INET@192.168.1.1:
That 2 and 5 right ? So ? My devices are numberd by MRTG right ? Big deal ! Actualy it is a big deal ... those are the index numbers snmp uses to refer to a spesific INT. When I inserted my ISDN wic'z the indexes shifted. So the reason the graph is showing constant zero is its been querying a "down" interface !
I figured it out by reading : http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-reference.html
The following paragraph is what showed me the err of my ways :
Interface by IP
Sometimes SNMP interface index can change, like when new interfaces are added or removed. This can cause all Target entries in your config file to become offset, causing MRTG to graphs wrong instances etc. MRTG supports IP address instead of ifindex in target definition. Then MRTG will query snmp device and try to map IP address to the current ifindex. You can use IP addresses in every type of target definition by adding IP address of the numbered interface after OID and separation char '/'.
Make sure that the given IP address is used on your same target router, especially when graphing two different OIDs and/or interface split by '&' delimiter.
You can tell cfgmaker to generate such references with the option --ifref=ip.
Example:
Target[ezwf]: /1.2.3.4:public@wellfleet-
Target[ezci]: -/1.2.3.4:public@ezci-ethe
Target[ezwf]: 1.3.6.1.2.1.2.2.1.14/1.2.3
Target[ezwf]: ifInErrors/1.2.3.4&ifOutEr
Aaaah ! So I can use the IP or the "int -index -num" ... good luck getting a IP on a IPX only ISO ! So then just change the index num ... and I will let you know in 10 min ! he he
The one change between my old config and my new config are these lines :
Target[192.168.1.1_2]: 2:ABC-INET@192.168.1.1:
Target[192.168.1.1_5]: 5:ABC-INET@192.168.1.1:
That 2 and 5 right ? So ? My devices are numberd by MRTG right ? Big deal ! Actualy it is a big deal ... those are the index numbers snmp uses to refer to a spesific INT. When I inserted my ISDN wic'z the indexes shifted. So the reason the graph is showing constant zero is its been querying a "down" interface !
I figured it out by reading : http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-reference.html
The following paragraph is what showed me the err of my ways :
Interface by IP
Sometimes SNMP interface index can change, like when new interfaces are added or removed. This can cause all Target entries in your config file to become offset, causing MRTG to graphs wrong instances etc. MRTG supports IP address instead of ifindex in target definition. Then MRTG will query snmp device and try to map IP address to the current ifindex. You can use IP addresses in every type of target definition by adding IP address of the numbered interface after OID and separation char '/'.
Make sure that the given IP address is used on your same target router, especially when graphing two different OIDs and/or interface split by '&' delimiter.
You can tell cfgmaker to generate such references with the option --ifref=ip.
Example:
Target[ezwf]: /1.2.3.4:public@wellfleet-
Target[ezci]: -/1.2.3.4:public@ezci-ethe
Target[ezwf]: 1.3.6.1.2.1.2.2.1.14/1.2.3
Target[ezwf]: ifInErrors/1.2.3.4&ifOutEr
Aaaah ! So I can use the IP or the "int -index -num" ... good luck getting a IP on a IPX only ISO ! So then just change the index num ... and I will let you know in 10 min ! he he
ASKER
It Works !! HE he !! Ok ... so now the points ? Tell you guys what, I'll throw up a few more questions and give you guys easy questions !
Thanks for your help !
Thanks for your help !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.