Working with external programsTopExpanding JFFNMSICMP Interface Example

ICMP Interface Example

The previous chapter described how to expand JFFNMS in some detail, but often it helps to have a concrete example of what you are trying to do for illustration.

This chapter will guide you, step by step, through all the things needed to get a simple poller going. Use this as a guide or a template for your own pollers.

An ICMP message counter

We will use the example of creating a graph that shows the number of incoming ICMP messages coming into a server. ICMP stands for Internet Control Message Protocol and is used by IP networks to send control messages. The most well-known ICMP messages are echo reply and request, which are used by the ping program. When you "ping" something you are sending an ICMP echo request packet and the thing you just pinged replies with an ICMP echo reply.

This counter is a good one to use for an example because it is found on on most systems and is easy to increment by pinging the device.

Determining what OID to use

Most people assume you plug the MIB somehow into JFFNMS and it will poll everything fine. This is an incorrect assumption as you need to work out which value you want to measure. MIBs are also in a tree structure, with the root being . and the leaf being the value you want to measure, while JFFNMS uses an OID, which is a chain of nodes from the root to your leaf.

It is best to work backwards in the MIB. Find the values you want to monitor and find their parents and then grandparents until you get back to the top of the tree.

The particular OID we want to use is the icmpInMsgs counter, found in the IP MIB. It's OID is .1.3.6.1.2.1.5.1.0 I can check this counter with a simple command line:

Listing.
$ snmpget -v 1 -c public localhost .1.3.6.1.2.1.5.1.0 IP-MIB::icmpInMsgs.0 = Counter32: 1397

We can see that the host responds with a value, and there have been 1397 incoming ICMP messages for this host since the SNMP daemon was last started.

Configuring a Poller Item

A Poller Item is referenced in a Poller Group (see next). For our Interface Type, we want to use the snmp_counter plugin to poll the host our OID. To create the Poller Item:

  1. Bring up the Pollers table by selecting Administration then the menu item Polling & Discovery => Poller Items.
  2. Click the Add button on the top of the table, a new poller item row is show
  3. In the new item row, put the following values:
  4. Once you have typed in the right values, click the Save button on the left side of the row.

Remember what you have put into the Name column as that is used elsewhere in the setup. The Description is just information for you so you know what the poller does.

Example Poller Item

snmp1-polleritem

Configuring the Poller Group

Next is to get the Poller Group to join the Poller Item created in the previous step to the Backend that takes the value from the poller and puts it into the RRD file for later graphing.

As we are only polling 1 item, the group is rather simple:

  1. Bring up the Poller Groups table by selecting Administration then the menu item Polling & Discovery => Poller Groups.
  2. Click the Add button on the top of the table, a new poller item row is shown
  3. Type a name, such as "ICMP InMsgs Counter" for the Group. The Interface Type will have to stay as "No Interface Type" for now.
  4. Click the Save button, which will take you back to the Poller Groups table.
  5. Find your newly created group and click the "View" button. There will now be a split screen with the groups up the top and an empty list of items down below.
  6. At the top of the Pollers/Backend relation table (at the bottom pane) click the Add button.
  7. In the new row, type in the following parameters
  8. Click the Save button and your poller group should have 1 row

Example Poller Group

snmp1-pollergrp

Configuring Interface Type

Next step on our list is to create the Interface Type. This is the object that holds all the other pieces together. It also allows us to setup the values the Interface Type has, see next section.

  1. Bring up the Interface Types table by selecting Administration menu item Internal Configuration => Polling & Discovery => Interface Types.
  2. Click Add to create a new Interface Type
  3. in the new dialog, type the following values. Anything not listed below just leave as the default.
  4. Click Save and you have your new Interface Type

Adding Interface Type Fields

Interface Type Fields are the containers that are used to hold parameters for a particular interface type. It tells JFFNMS, for example, what RRD files to create.

For our example, we just need the index and a single RRD file. We're more interested in the rate of incoming ICMP packets than the absolute value of packets received since last reboot, so the RRD counter type is the one to use.

  1. Find the new Interface Type you just created in the previous step, click the Fields link to bring up a new table below your Interface Types table. As it is a new Interface Type, there are no fields.
  2. On the Interface Type Fields (the lower table) click Add
  3. A new field row appears, enter the following parameters:
  4. Click Save to save the index row.
  5. Next, to add the RRD file definition, again on the Interface Type Fields (the lower table) click Add
  6. Another new row appears, enter the following parameters:
  7. You need to save this row before continuing. JFFNMS needs to know this row is a RRDToolDS type before those RRD parameters appear, click Save.
  8. Click Edit on the row for the RRDToolDS field, the Default Value column now has the RRD parameters.
  9. As what we are measuring is a counter, the only parameter to set is Max, so set it to some large number, like 100000. You must have a value for Max.
  10. Click Save.

Example Interface Type

snmp1-inttype

Fixing Poller Group

The Poller Group references an Interface Type. The Interface Type references a Poller Group. There is a chicken and egg problem here as you need to create one before the other. As we created the Interface Type after the Poller Group, it is OK and has the Default Poller column set, but now we need to fix the Poller Group so it will appear in the list of pollers available for interfaces of this type.

  1. Bring up the Poller Group table again.
  2. Find the Poller Group you previously created and click the Edit link.
  3. JFFNMS now changes that Group so you can edit it.
  4. Change the Interface Type column so it refers to your newly created Interface Type.
  5. Click the Save button to save your changes.

Checking the discovery works

Now we are ready for some testing. Make sure whatever host you run it on has SNMP and it does give you a value for this counter. Run the snmpwalk command described at the start of this chapter.

Next go into the Administration menu item Hosts and Interfaces => Hosts, this should then show you the host table. Find the Host you are testing, then set the combo box on the left of that row to "Manual Discovery w/o Portscan" and click the white/blue arrow next to it.

You should see another pane open below the Host table, showing a whole lot of Interfaces. If your changes are working, there will also be a new interface having a type of "ICMP In Message". This means the discovery part of your changes is working.

Take note of the ID of the host. It is the number in bold immediately to the right of the white/blue arrow. We will need this host ID in the next stage.

Click the checkbox on the left side of your interface, then click the button marked "Add Marked Interfaces" right down the bottom of the interface table. This will change the windows to bring up an Interface edit window. The interface has an ID, make note of that too. This interface ID is different to the host ID.

Checking the poller works

To check the poller, once you have an interface of this type find the host ID and interface ID and run it on the command line.

$ php -q poller.php 42 123
23:37:52 : H 42 : Poller Start : 6 Items.
23:37:55 : H 42 : I 123 : P 10 : snmp_counter:icmp_inmsgs(.1.3..1.0):1402 -> rrd(): icmp_inmsgs:402 (time P:3002.8 | 0.53)
23:37:55 : H 42 : I 123 : P LPD : last_poll_date(): 1206707875 -> db(last_poll_date): 1 (time P:0.38 | 3.38)
23:37:55 : H 42 : Poller End, Total Time: 3055.86 msec.

The poller is working nicely, the rrd backend is sending the value 402 into the RRD file labelled icmp_inmsgs.

Writing the graph plugin

OK, so we're collecting data, what now? We need to graph it. To do this we either need to use an existing graph plugin or write one. The plug-in is there to tell JFFNMS what to do with the graphs and is basically a bunch of lines that get sent to rrdtool. We have only 1 RRD file so our plugin is pretty simple. Make a file called graphs/icmp_inmsgs.inc.php 

function graph_icmp_inmsgs ($data) {

    $opts_DEF = rrdtool_get_def($data,array("icmp_inmsgs"));

    $opts_GRAPH = array(
        "AREA:icmp_inmsgs#00CC00:'ICMP Messages '",
        "GPRINT:icmp_inmsgs:AVERAGE:'Average\:%4.0lf %sEps'",
        "GPRINT:icmp_inmsgs:LAST:'Last\:%4.0lf %sEps\\n'");

    $opts_header[] = "--vertical-label='Messages per Second'";

    return array ($opts_header, @array_merge($opts_DEF,$opts_GRAPH));
}

The function name has to be whatever you call the filename with graph_ at the front of it. This filename (without the .inc.php) is used in the GUI to create a new graph type.

Creating new Graph Type

Now to tell JFFNMS about the plug-in. Go to Internal Configuation => Polling & Discovery => Graph Types. Click on the Add button at the top of the table to make a new Graph Type.

Enter in the following values:

As long as you have already checked the "Have Graph" box in the Interface Types table, you should be able to see this graph in the Performance windows.

JFFNMS Manual, last changed July 3, 2008


Working with external programsTopExpanding JFFNMSICMP Interface Example