How do I Troubleshoot giant traffic spikes in graphs?
The most common cause of devices showing giant spikes on graphs is the device sending spurious data.
To see if this is the case can you please run the nim-snmppoll tool to colect the in and out octets every 60 seconds to see if the device is sending us incorrect data when the spikes occur?
The below command line entry will create a file called snmppoll-check.sh to do this:
echo "nim-snmppoll <insert device IP address> 60 2 <insert device SNMP community> IF-MIB.ifHCInOctets. IF-MIB.ifHCOutOctets." > snmppoll-check.sh
The command below will make that file executable:
chmod 500 ./snmppoll-check.sh
The command below will run the snmppoll-check.sh for 1 day with output to a file and then kill it:
timeout -k 10s 1d ./snmppoll-check.sh > snmppoll-check.out &
To check the output is being written please tail the file:
tail -f snmppoll-check.out
statseekernim-snmppoll -h
nim-snmppoll [-rtfov] ...
Options:
-r <number of retry attempts>
-e Passwords are encrypted
-t <request timeout>
-f <path to input file>
-o <prefix path to output files>
-v <verbose level 0 to 3>
Input Format:
<ip> <interval> 1 <community> <varbinds>
<ip> <interval> 2 <community> <varbinds>
<ip> <interval> 3 (noauth|user <username>) nopriv (nocontext|context <name>) <varbinds>
<ip> <interval> 3 auth (md5|sha|sha224|sha256|sha384|sha512) <username> <password> (nopriv|priv (des|des3|aes|aes192|aes256) <password>) (nocontext|context <name>) <varbinds>
I suggest checking the graph every day for a spike:
1. If there has been a spike please send us the output file and a screenshot of the graph.
2. If there has not been a spike please wait for the file to timeout and then delete the output file and restart the tool.
To delete the output file:
rm -i snmppoll-check.out
To see if this is the case can you please run the nim-snmppoll tool to colect the in and out octets every 60 seconds to see if the device is sending us incorrect data when the spikes occur?
The below command line entry will create a file called snmppoll-check.sh to do this:
echo "nim-snmppoll <insert device IP address> 60 2 <insert device SNMP community> IF-MIB.ifHCInOctets. IF-MIB.ifHCOutOctets." > snmppoll-check.sh
The command below will make that file executable:
chmod 500 ./snmppoll-check.sh
The command below will run the snmppoll-check.sh for 1 day with output to a file and then kill it:
timeout -k 10s 1d ./snmppoll-check.sh > snmppoll-check.out &
To check the output is being written please tail the file:
tail -f snmppoll-check.out
statseekernim-snmppoll -h
nim-snmppoll [-rtfov] ...
Options:
-r <number of retry attempts>
-e Passwords are encrypted
-t <request timeout>
-f <path to input file>
-o <prefix path to output files>
-v <verbose level 0 to 3>
Input Format:
<ip> <interval> 1 <community> <varbinds>
<ip> <interval> 2 <community> <varbinds>
<ip> <interval> 3 (noauth|user <username>) nopriv (nocontext|context <name>) <varbinds>
<ip> <interval> 3 auth (md5|sha|sha224|sha256|sha384|sha512) <username> <password> (nopriv|priv (des|des3|aes|aes192|aes256) <password>) (nocontext|context <name>) <varbinds>
I suggest checking the graph every day for a spike:
1. If there has been a spike please send us the output file and a screenshot of the graph.
2. If there has not been a spike please wait for the file to timeout and then delete the output file and restart the tool.
To delete the output file:
rm -i snmppoll-check.out