Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 May 2011 05:42:21 -0700
From:      Jeremy Chadwick <freebsd@jdc.parodius.com>
To:        Vincent Hoffman <vince@unsane.co.uk>
Cc:        freebsd-stable@freebsd.org, freebsd-pf@freebsd.org
Subject:   Re: RELENG_8 pf stack issue (state count spiraling out of control)
Message-ID:  <20110503124221.GB13811@icarus.home.lan>
In-Reply-To: <4DBFCB8D.10105@unsane.co.uk>
References:  <20110503015854.GA31444@icarus.home.lan> <20110503084800.GB9657@insomnia.benzedrine.cx> <20110503091619.GA39329@icarus.home.lan> <4DBFCB8D.10105@unsane.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 03, 2011 at 10:31:57AM +0100, Vincent Hoffman wrote:
> On 03/05/2011 10:16, Jeremy Chadwick wrote:
> 
> <snip lots of data relevant to the discussion but not my answer>
> > Sadly I don't see a way with bsnmpd(8) to monitor things like interrupt
> > usage, etc. otherwise I'd be graphing that.  The more monitoring the
> > better; at least then I could say "wow, interrupts really did shoot
> > through the roof -- the box went crazy!" and RMA the thing.  :-)
> >
> you could use net-mgmt/bsnmp-regex although I dont know what the
> overhead for that is like.

Thanks for the tip.  I've investigated that plugin before, and its
implementation model seems like a very hackish way to accomplish
something that should ultimately be done inside of bsnmpd(8) itself via
native C.  It's good for parsing a single log file via tail -F (not
"tail -f" like the man page indicates), but it doesn't scale well.

bsnmpd(8) just needs to be enhanced and fixed, and I know there's
efforts underway by syrinx@ to do exactly that.  I have chatted with her
about some existing problems with bsnmpd(8) and its SNMP parser, and have
chatted with philip@ about a pf-related bug with bsnmp(8) (but I can't
remember what the details of that one is; I have a file with the info
around here somewhere...)

There was also a recent commit to net-mgmt/net-snmp that pertains to
*properly* monitoring swap, which makes me wonder if net-mgmt/bsnmp-ucd
(which a lot of people, myself included, rely on) also does the wrong
thing.

http://www.freebsd.org/cgi/query-pr.cgi?pr=153179
http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/net-snmp/files/patch-memory_freebsd.c

Things like this make me question my graphs and my monitoring data
pretty much every time I look at them.

-- 
| Jeremy Chadwick                                   jdc@parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110503124221.GB13811>