Results 1 to 16 of 16
  1. #1

    Mrtg in datacenters

    Hello,
    I am in a quite serious situation here!
    The mrtg I have installed in my server shows 40% less traffic than that of my dc.
    The mrtg in my dc shows some nice hourly/weekly/monthly/yearly graphs.
    I would like to know how easily the man in control of mrtg in my dc can influence the output of the results.
    I would be grateful if someone of you could show me the procedure of manipulating the results of the mrtg in a dc.
    Thank you,
    Rocco.

  2. #2
    Join Date
    Oct 2004
    Location
    India
    Posts
    491
    Since the DC graphs are based on the router/switch ports to which your servers are connected, they generate more accurate data/graph on their mrtg.

    The graphs will definitely be different than the one that u see in your local installations.
    ESC :wq!

  3. #3
    Join Date
    Aug 2006
    Location
    MA
    Posts
    96
    That is very much correct... you may only be looking at HTTP utilization, while your DC is monitoring all protocols and traffic (of which HTTP only plays a part!).

    If you're interested in seeing what's happening on the network from an engineer's perspective, try using Ethereal (search Google for that term to locate). If you're more looking for continuous monitoring of all protocols, you could place a switch with monitoring features (quite pricey....) between your box and your DC's network drop.

    Or you could just trust your DC.... :-)
    Cory von Wallenstein, Dynamic Network Services Inc.
    My team and I spent the last few months putting together the DynDNS Spring Server VPS platform for folks needing IPv4 and IPv6 Linux servers on Xen. Would love feedback, both good and bad!

  4. #4
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    Actually you should search for Wireshark now... rather then Ethereal...

    as in www.wireshark.org

  5. #5
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    You might take a look at munin as well for much better traffic analasys, as well as server analasys. MRTG is good, but it's a bit dated. Munin uses RRD, which was designed by the same individual (IIRC) that setup MRTG to enhance the program a bit.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  6. #6
    Join Date
    Aug 2006
    Location
    MA
    Posts
    96
    Ah! Thank you.

    This is a welcomed name change... I lost count of the number of times this happened:

    Me: "Try using Ethereal."
    Them: "Eth-a-what?"
    Me: "Ethereal. E-T-H-E-R-E-A-L"
    Them: "Huh?"
    Me: "Oh forget it, let me do it......"
    Cory von Wallenstein, Dynamic Network Services Inc.
    My team and I spent the last few months putting together the DynDNS Spring Server VPS platform for folks needing IPv4 and IPv6 Linux servers on Xen. Would love feedback, both good and bad!

  7. #7
    Quote Originally Posted by cwallenstein
    That is very much correct... you may only be looking at HTTP utilization, while your DC is monitoring all protocols and traffic (of which HTTP only plays a part!).

    If you're interested in seeing what's happening on the network from an engineer's perspective, try using Ethereal (search Google for that term to locate). If you're more looking for continuous monitoring of all protocols, you could place a switch with monitoring features (quite pricey....) between your box and your DC's network drop.

    Or you could just trust your DC.... :-)
    Or he could simply use mrtg to monitor the ethernet device on his server, therefore getting the exact same numbers that the DC "should" be getting.

    The the OP: are you sure this is not a simple problem of them showing you a graph in bits and you looking in bytes or vice-versa?
    Dan - Vice President - [email protected]
    BurstNET Technologies - http://www.burst.net

  8. #8
    This discussion has taken a different path than that of what I wanted.
    All I wanted to know is how the mrtg system of the datacenters works.
    Is it easy for the administrator of this system to change the graphs produced for a server?
    Any info would be appreciated.
    Rocco.

  9. #9
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    Quote Originally Posted by host4good
    This discussion has taken a different path than that of what I wanted.
    All I wanted to know is how the mrtg system of the datacenters works.
    Is it easy for the administrator of this system to change the graphs produced for a server?
    Any info would be appreciated.
    Rocco.
    The short answer... yes.

    They could...
    They'd have to be reaaaaly unethical and pretty shoddy... and/or desparate for $ to do so tho.

    It's possibly they've misconfigured a vlan, and you're receiving traffic for something you shouldnt be. Using a packet sniffer should quickly tell you if this is the case (ie tcpdump, wireshark). If you can clearly show logs and proof of that... they'd probably be willing to come up with some settlement.

    As other have suggested, it's also just possible your mrtg setup on your server is configured incorrectly and isn't monitoring all types of traffic.

    It would be helpful to know exactly how much of a difference in bandwidth you're talking about here... in terms of Mbps. In that if your datacenter says you're pushing 100kbps and you say you're pushing 60kbps... that's a big difference from them saying you're pushing 100Mbps and you saying you're pushing 60Mbps.

  10. #10
    I happen to know the person in charge of the mrtg and it is a matter of personal disputes we 've had in the past that make me suspicious.
    Please let me know if he can manipulate the results through the software of the mrtg of the DC.
    The more accurate you are in your description of how he can do it, the more help you provide to me.
    Thank you,
    Rocco.

  11. #11
    Join Date
    Feb 2006
    Location
    New York
    Posts
    634
    If you don't trust your datacenter, you shouldn't even taking 5 minutes ot post here you should already be in your car on the way there to move the server elsewhere!

    That not withstanding - to modify mrtg output would require a basic shell script running in a cronjob, that simply reads the text file (mysql's data file) and altering it (lets say by a factor of 40% in their favor). Yes they could do it, it would be silly to take the time/effort to build such a method - but yes I suppose it would fall under the 'trivial' department for a seasoned system admin to figure out how to do it.

    Again, if you dont trust the datacenter - MOVE! You have bigger issues here, dont put your business/server in the hands of people you just can't trust. Plenty enough competition out there im sure even locally you can find someone else.

    And as stated above, you can likely monitor this from your own snmp/ethernet device to get 100% accurate details, with the exception of them accidently combining another customers VLAN into the snmp tally. So if your numbers are far off its possible an innocent mistake of someone's vlan/broadcast traffic hitting your ethernet wire (even if your server / ethernet card is discarding the traffic its still 'on your segment' so you get billed for it).
    TurnKey Internet, Inc : phone 1.518.618.0999 and 1.877.539.4638 | Contact Us
    Cloud Servers | Dedicated Servers | Colocation | VPS | Mail Services | Reseller hosting
    New York / East Coast Green Datacenter

  12. #12
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    "matter of personal dispute" ???

    Show him the evidence that you're receiving traffic for netblocks which you shouldnt... gathering that evidence shouldn't take more then a few minutes using the tools mentioned above.

    Simply suggesting "my mrtg shows 40% less traffic then yours... so you must be doing something suspicious" seems naive.

    You're seeking an opinion as to how easy it is to fudge mrtg data? Seeing that the answer is that it's trivial for a systems administrator to do this... he could just as easily come back and say "that you could just as easily be the one altering your own mrtg stats or have misconfigured your end."

    Im sure we could come up with a dozen ways someone could alter their polled MRTG stats... but I disagree that listing ways to do so would be helpful to you, and agree with the previous poster that if you really think this is what your provider is doing you need to move out asap.

  13. #13
    Join Date
    Jun 2002
    Location
    PA, USA
    Posts
    5,137
    Both of you could be looking at the same data, yet measure the bw differently. Perhaps your DC is charging you by 95th percentile where you only measure the average. Also, have you combined the outgoing and incoming traffic? You can attach the two MRTG graphs here and somebody will be better off helping you.
    Fluid Hosting, LLC - HSphere Shared and Reseller hosting - Now with HIGH AVAILABILITY
    Fluid VPS - Linux and Windows Virtuozzo VPS - Enterprise VPS with up to 2 GB guaranteed memory!
    Get your N+1 High Availability Enterprise Cloud
    Equinix Secaucus NY2 (NYC Metro)

  14. #14
    So,

    As turnkeycolocation said:
    In an MRTG system all the traffic data is stored in a text file (mysql's data file).
    And the admin can log in and alter these data, or make a basic shell script running in a cronjob that alters them, correct?
    I don't believe that he would expose himself writing a script so I would ask: how long would it take him to alter the data for 1 week? (The DC MRTG counts 5' average).

    Regards,
    Rocco.

  15. #15
    Join Date
    Feb 2006
    Location
    New York
    Posts
    634
    you still believe he's doing this, and that hes clever enough not to expose himself with cron jobs? Are you seriously going to stay there if you think this is going on?

    anyway - the answer to your question is the mrtg data files can be edited at any time in a matter of seconds, maybe minutes depending how fast you can hit the search and replace buttons. If you are watching the graphs in real time (every 5 minutes) you should see an obvious change if he's editing them once a day/week on you.

    To think someone is actualy doing this to you though is beyond reality, if you think its going on you have much bigger trust issues at your colocation center and need to not collect $200, do not pass go, but find a new place you trust.
    TurnKey Internet, Inc : phone 1.518.618.0999 and 1.877.539.4638 | Contact Us
    Cloud Servers | Dedicated Servers | Colocation | VPS | Mail Services | Reseller hosting
    New York / East Coast Green Datacenter

  16. #16
    Join Date
    Jun 2002
    Location
    PA, USA
    Posts
    5,137
    Do not past go, do not collect $200, pay 10% tax, Divident maturity: pay $50 to each player, and finally go to jail.

    Move to providers you trust. That's the only suggestion that applies to you now ...
    Fluid Hosting, LLC - HSphere Shared and Reseller hosting - Now with HIGH AVAILABILITY
    Fluid VPS - Linux and Windows Virtuozzo VPS - Enterprise VPS with up to 2 GB guaranteed memory!
    Get your N+1 High Availability Enterprise Cloud
    Equinix Secaucus NY2 (NYC Metro)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •