Internal documentation only

This page has been marked as draft.

Check_traffic information and examples

The “check_traffic” plugin for OP5 is used to monitor network traffic on various interfaces. It primarily connects to the OP5 Monitor API and queries a specific filter that is provided as an argument to the plugin. The plugin checks the amount of traffic on a network port, which can be useful for identifying unexpected traffic patterns or volumes.

Usage: check_traffic -H -<i|k|d|n> [options…] Copied

Where 'mode' must be 'traffic', 'errors' or 'status'.

Options (* = required; # = changeably required):
--debug Enable (lots) of debugging output
- -H --host <host> Hostname or ip to query
-C --community <str> SNMP community. Defaults to public
## -i --index <int> Interface index
## -k --key <int> Interface index
## -d --descr <str> Interface description (.1.3.6.1.2.1.2.2.1.2.*)
## -n --if-name <str> Interface name (.1.3.6.1.2.1.31.1.1.1.1.*)
-v --version <1|2c|3> SNMP protocol version (default: 1)
-t <int> Timeout in seconds (default: 15)
-r <int> Number of retries (default: 5)

SNMP v3 options:
-L --seclevel <str> 'noAuthNoPriv', 'authNoPriv' or 'authPriv'
-U --secname <str> username for SNMPv3 context
-c --context <str> SNMPv3 context name (default is empty string)
-a --authprot <str> Authentication protocol (md5 or sha1)
-A --authpass <str> Authentication password (cleartext ascii or
localized key in hex with 0x prefix generated
by using the 'snmpkey' utility)
Auth password and authEngineID
-X --privpass <str> Privacy password (same rules as for authpass)
-P --privproto <str> Privacy protocol (DES or AES; default: DES)
-p --port <int> SNMP port (default: 161)
-h --help This cruft
--hide-community|-hc Noop option for backwards compatibility

Mode 'status' options:
-w --warn (o|w|c|u) Result if interface is dormant (default=critical)
-D --admin-down (o|w|c|u) Result if interface adminstatus is DOWN (default=OK)

Mode 'errors' options:
-w --warn <float> Errors+Discards/second resulting in warning
--warn-in <float> Same as '--warn', but for inbound traffic only
--warn-out <float> same as '--warn', but for outbound traffic only
-c --crit <float> Errors+Discards/second resulting in critical
--crit-in <float> Same as '--crit', but for inbound traffic only
--crit-out <float> same as '--crit', but for outbound traffic only
-O --only-errors Count only errors and ignore discards
-S --sampling-interval <int> Use two samplings of traffic data instead
of relying on disc-stored data

Mode 'traffic' options:
-w --warn <int or pct> Bits per second OR percent of max capacity
to trigger a warning result
--warn-in <float> Same as '--warn', but for inbound traffic only
--warn-out <float> same as '--warn', but for outbound traffic only
-c --crit <int or pct> Bits per second OR percent of max capacity
to trigger a critical result
--crit-in <float> Same as '--crit', but for inbound traffic only
--crit-out <float> same as '--crit', but for outbound traffic only
-B --perfdatabits Print bps in performance data rather than percent
-N --nagvis-perfdata Print performance data for NagVis weathermap
-b --bps <int> Interface traffic capacity in bits.
Example: "--bps 100m" for a 100mbps interface
-S --sampling-interval <int> Use two samplings of traffic data instead
of relying on disc-stored data

Examples Copied

Check network utilization on a Windows machine Copied

check_traffic traffic -H 192.168.1.100 -d "Ethernet 0" --debug -v 3 -U myUser -L authPriv -a SHA -A myAuthPassword -X myPrivPassword -P AES -w "80m" -c "95m" -b "100m" --perfdatabits

Explanation of the Command Options Copied

• check_traffic traffic: Sets the mode to traffic.
• -H 192.168.1.100: Specifies the hostname or IP address of the target Windows machine.
• -d "Ethernet 0": Specifies the interface by its description. Replace "Ethernet 0" with the actual description of the interface you want to monitor.
• --debug: Enables detailed debugging output (optional, remove for less verbose output).
• -v 3: Specifies SNMP version 3.
• -U myUser: SNMPv3 username.
• -L authPriv: Security level for SNMPv3, here it’s authentication and privacy.
• -a SHA: Authentication protocol.
• -A myAuthPassword: Authentication passphrase.
• -X myPrivPassword: Privacy passphrase.
• -P AES: Privacy protocol.
• -w "80m": Set the warning level for traffic. Here, “80m” could be 80 Mbps. Adjust according to the expected traffic.
• -c "95m": Set the critical level for traffic. Here, “95m” is 95 Mbps.
• -b "100m": Specify the bandwidth of the interface, which is 100 Mbps in this example.
• --perfdatabits: Ensures the performance data is shown in bits per second.

Adjusting the Command Copied

Make sure to replace the placeholders (myUser, myAuthPassword, myPrivPassword, 192.168.1.100, Ethernet 0, bandwidth values) with the actual values corresponding to your network environment and security settings. This command will help you monitor the network utilization on a specific interface of a Windows machine, giving you real-time performance insights into your network traffic.

Check network utilization on a Linux machine Copied

check_traffic traffic -H 10.0.0.1 -d "eth0" --debug -v 3 -U myUser -L authPriv -a SHA -A myAuthPassword -X myPrivPassword -P AES -w "80000000" -c "95000000" -b "100000000" --perfdatabits

Explanation of Command Options Copied

• check_traffic traffic: Sets the mode to traffic.
• -H 10.0.0.1: Specifies the hostname or IP address of the Linux machine.
• -d "eth0": Specifies the network interface by its description. Replace "eth0" with the actual description or appropriate identifier for the interface you wish to monitor.
• --debug: Enables verbose debugging output (optional).
• -v 3: Specifies using SNMP version 3.
• -U myUser: Specifies the SNMPv3 username.
• -L authPriv: Security level for SNMPv3, here it includes authentication and privacy.
• -a SHA: Specifies the authentication protocol, SHA.
• -A myAuthPassword: Specifies the authentication passphrase.
• -X myPrivPassword: Specifies the privacy passphrase.
• -P AES: Specifies the privacy protocol, AES.
• -w "80000000": Sets the warning level for traffic in bits per second (80 Mbps).
• -c "95000000": Sets the critical level for traffic in bits per second (95 Mbps).
• -b "100000000": Specifies the bandwidth of the interface, which is 100 Mbps in this example.
• --perfdatabits: Ensures the performance data is shown in bits per second.

Adjustments and Considerations Copied

• Interface Identifier: The -d "eth0" part of the command uses the description field to identify the interface. You might need to change this to -i <index> or -n <name> depending on how your system identifies network interfaces.
• Metric Units: The warning and critical thresholds (-w and -c) are in bits per second. Make sure these values align with your network’s capacity and expected traffic levels.
• Security Settings: Replace the placeholders (myUser, myAuthPassword, myPrivPassword, 10.0.0.1, eth0) with actual values relevant to your network and security configuration.

Example Command for Error Monitoring on Windows Copied

check_traffic errors -H 192.168.1.100 -d "Ethernet 0" -v 3 -U myUser -L authPriv -a SHA -A myAuthPassword -X myPrivPassword -P AES -w 100 -c 300 --warn-in 50 --warn-out 50 --crit-in 150 --crit-out 150 --only-errors

Explanation of Command Options Copied

• check_traffic errors: Sets the mode to errors for checking error and discard rates.
• -H 192.168.1.100: Specifies the hostname or IP address of the target Windows machine.
• -d "Ethernet 0": Specifies the network interface by its description. Replace "Ethernet 0" with the actual description of the interface you want to monitor.
• -v 3: Specifies SNMP version 3.
• -U myUser: SNMPv3 username.
• -L authPriv: Security level for SNMPv3, here it’s authentication and privacy.
• -a SHA: Authentication protocol.
• -A myAuthPassword: Authentication passphrase.
• -X myPrivPassword: Privacy passphrase.
• -P AES: Privacy protocol.
• -w 100: Sets the overall warning threshold for errors+discards per second.
• -c 300: Sets the overall critical threshold for errors+discards per second.
• --warn-in 50: Sets the inbound warning threshold.
• --warn-out 50: Sets the outbound warning threshold.
• --crit-in 150: Sets the inbound critical threshold.
• --crit-out 150: Sets the outbound critical threshold.
• --only-errors: Configures the check to count only errors and ignore discards (if you want to consider discards as well, remove this option).

Adjustments and Considerations Copied

• Interface Identifier: Make sure the interface description ("Ethernet 0") accurately corresponds to the interface on the Windows machine you wish to monitor. This can be confirmed using the Windows Device Manager or network connection details.
• Error Metrics: Adjust the error and discard thresholds (-w, -c and their respective --warn-in, --warn-out, --crit-in, --crit-out) based on what you consider acceptable for your network environment.
• Security Settings: Replace placeholders (myUser, myAuthPassword, myPrivPassword, 192.168.1.100, Ethernet 0) with actual values relevant to your SNMP and network settings.

Example Command for Error Monitoring on Linux Copied

check_traffic errors -H 10.0.0.1 -d "eth0" -v 3 -U myUser -L authPriv -a SHA -A myAuthPassword -X myPrivPassword -P AES -w 100 -c 300 --warn-in 50 --warn-out 50 --crit-in 150 --crit-out 150 --only-errors

Explanation of Command Options Copied

• check_traffic errors: Sets the mode to errors for checking error and discard rates on the network interface.
• -H 10.0.0.1: Specifies the hostname or IP address of the target Linux machine.
• -d "eth0": Specifies the network interface by its description. Adjust "eth0" to match the actual identifier for the interface you want to monitor (use ip link or ifconfig on Linux to list network interfaces).
• -v 3: Specifies using SNMP version 3 for secure communication.
• -U myUser: Specifies the SNMPv3 username.
• -L authPriv: Security level for SNMPv3, set to both authentication and privacy.
• -a SHA: Authentication protocol, using SHA here.
• -A myAuthPassword: Authentication passphrase.
• -X myPrivPassword: Privacy passphrase.
• -P AES: Privacy protocol, using AES here.
• -w 100: Sets the overall warning threshold for errors+discards per second.
• -c 300: Sets the overall critical threshold for errors+discards per second.
• --warn-in 50: Sets the inbound warning threshold for errors+discards.
• --warn-out 50: Sets the outbound warning threshold for errors+discards.
• --crit-in 150: Sets the inbound critical threshold for errors+discards.
• --crit-out 150: Sets the outbound critical threshold for errors+discards.
• --only-errors: This option ensures the command counts only errors, not discards. If you want to include discards in your monitoring, remove this option.

Adjustments and Considerations Copied

• Interface Identifier: Confirm that "eth0" or whatever interface you choose to monitor actually exists and is correctly named on your Linux system.
• Error Metrics: Adjust the warning and critical thresholds based on your network’s normal operational metrics and tolerances. These values should reflect the traffic and expected error rates for the network under typical and peak loads.
• Security Settings: Ensure all placeholders (myUser, myAuthPassword, myPrivPassword, 10.0.0.1, eth0) are replaced with actual, secure values appropriate for your environment.