Detection works, but generates too much traffic.

Goodmorning everyone,
I would like to ask you for help in understanding how to solve a problem I encountered.
In a network structure with different types of equipment (virtual servers, blade servers, switches, etc.) we have implemented a monitoring system with Check_mk. On the linux machines we have copied the related plug-ins and activated the service, after which on the server side we have enabled the collection of a certain number of information per client. The system works, but it seems to generate too much traffic.
At present it would not be a problem, but based on a substantial increase in the machines to be managed (in the future) it could become a much more serious problem.
In the tuning.cfg file the parameter was set like this
status-update_interval = 30,
I changed it to = 3000 to see if the situation improved, but I still couldn’t verify the data because the change is very recent.
Could you suggest me how to set the checks to be done in a more “granular” way, considering that I have several devices that use the smtp protocol to communicate their information.

I’m new to using check_mk, any help or suggestion
it could be precious to me, so thank you for any suggestions you may want to provide me.

What in numbers means too much traffic in your case?
I have very big systems and they only produce a steady traffic of 1 MB input and output per second.

Hi, not my post but I just found a problem that fits: I was wondering what causes so much traffic on our line and found cmk producing most of the traffic. A quick look on the firewall showed that all the linux hosts that are configured using ssh instead of 6556 are producing about 800MB/day each. The “old” hosts produce virtually no traffic. Traffic of the server for ssh/“all other” was 155/30GB last month.
A cmk -nv shows the normal output.
Config is master and 2 slaves of which only the master connects via ssh to several hosts.
Version is 1.6.25 to be ugraded to 2.x if time left…
Any help appreaciated.
Claudio

That would mean that every agent output of your hosts is around 500 kByte, with 1440 one minute check intervals per day.
If the 500 kByte are way more than the real agent output then you have another problem in your network. My normal Linux systems have around 100 kByte per check interval.

Of course I have a problem ! :slight_smile:
But I don´t think it is another one. All of my problem host have one thing in common:
Looking in the host properties you can find a creation date.
All other host have a “Sometime before 1.6” instead.

I have 11 ssh connected hosts.
Each of them produces 70-100MB/day.
If I do a manual check cmk -nv the output file is 2,6K
But if done via ssh 230K
Surely I can see a lot more of information of course, but the info of the 2,6k should be enough…
I set the “Normal check interval for service checks” to 5min.
But"The rule is only applied to hosts directly in or below this folder."seems not to work. (my traffic has not dropped) So I´m gonna try a second rule for the host in that folder.

I don’t understand the “cmk -nv” also connects to the monitored host with ssh and gets the data if your host is configured to be contacted over ssh.

may be there is something wrong in my ssh configuration…but I followed the manual and the output of
is similar to the sample in the manual
doing a cmk -nv it´s basically only the host status page in the web interface
if I run /usr/bin/check_mk_agent on any host I get the same output ssh or 6556
so to me it seems that doing ssh means all the informaiton is transfered to the cmk instance and not only the result like in communication via 6556

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.