Solve the Problem of Inaccurate Network Traffic monitoring using snmp in Zabbix
The company has a new data center and needs to use zabbix to monitor the network traffic of H3C switches.
After the snmp protocol is configured, it can be identified normally, but a problem is gradually found. The Telecom interface often suffers from a small amount of data, but China Unicom and China tietong have no problems.
The zabbix plot is intermittent. Sometimes, even more amazing, the traffic drops suddenly and the drop is still outrageous. It drops from over 500 Mbps to over 40 Mbps, at one time, I thought there was a problem with the data returned by the switch.
After capturing packets on the zabbix machine, we found that the packets were not lost and there was no exception in the data. However, there was a counter32 In the captured packets, which caused attention.
Then, read the snmp document carefully and find that both ifInOctets and ifOutOctets returned by the snmp protocol are the total traffic, and we take the difference between the two and divide it by the sampling interval to get the average value.
The maximum value of the counter32 data type count is 2 to the power of 32 minus 1. When it exceeds 4G, the counter will be cleared.
After analyzing the template of the snmp interface of zabbix, we found that the zabbix sampling time was 1 minute. Due to the large traffic, we quickly cleared the data and sometimes added new values after the count was cleared, it is bigger than the previous count. zabbix thought it was not cleared, and the time interval was directly divided by the subtraction, which gave rise to the illusion that the network traffic dropped sharply ".
After finding the cause, the rest is easy to do. What we need is to use the counter64 oid data.
Export the template snmp interfaces template in zabbix, modify the name, and re-import the template. Modify the new template:
Find "project prototype" in "Exploration rules" and click "Incoming traffic on interface {# SNMPVALUE }",
1. Change ifInOctets [{# SNMPVALUE}] in its "key value" to ifHCInOctets [{# SNMPVALUE}]
2. Change IF-MIB: ifInOctets. {# SNMPINDEX} in snmp oid to IF-MIB: ifHCInOctets. {# SNMPINDEX}
Similarly, the "Outgoing traffic on interface {# SNMPVALUE}" in the "Project prototype" is modified similarly.
That is, replace ifInOctets and ifOutOctets with ifHCInOctets and ifHCOutOctets.
Then delete the host and re-Add the host. This time, everything is refreshed. The painted images are continuous and there is no sharp increase or decrease.
SNMP configuration for Zabbix
SNMP for dynamic network analysis
Network status monitoring using SNMP
Set up an SNMP test environment in CentOS 6.3
Linux (Ubuntu/CentOS) SNMP Configuration
Enable and configure the SNMP service for Citrix Xenserver
This article permanently updates the link address: