Glen Pitt-Pladdy :: Blog

Postfix stats on Cacti (via SNMP)

Following on from the basics of SNMP I did previously, this article now adds the next set of SNMP extension scripts, config, and Cacti templates to monitor a Postfix mail server. This includes monitoring spf (Sender Policy Framework, clamav-milter (anti-virus/anti-malware), dkim-milter (Domain Keys Identified Mail), and spamass-milter (SpamAssassin).

Update: Also see my recent article about basic Postfix configuration  which works with these templates.

Major Update 20110707 onwards: With the release of my Universal Log Analyser, this article has been updated to only provide a plugin and you will have to configure the Universal Log Analyser to use the plugin. This is also a major update to graphs etc. and it may be easiest to purge any old versions of the templates and start fresh with such a major change.

Postfix Stats

Postfix produces a minimum of statistics it's self, but as is common in Unix, it does produce comprehensive logs of activity which provides plenty of material for generating statistics from.

There are already a load of logfile analysers around, but for the purposes of this monitoring, I decided the best thing was to write my own and then it would be easy to make it work exactly how I wanted for producing stats.

We rely on my Universal Log Analyser to use the plugins provided here. Please refer to that article and get that working first and then continue configuration for this article.

There are 4 plugins in this case: postfix.pm, dkim.pm, clamav.pm and spamd.pm

These are in the tarball (see later). Place the plugins in the plugin directory (default is /etc/snmp/uloganalyser-plugin)

One feature I have built into the plugin is that it outputs any lines that it does not completely understand. Cron will email this back to the administrator. This means that over time the script can be enhanced to extract more information from the logs. If you want to ignore this then just send all the output to /dev/null in the cron job.

Getting Postfix stats over SNMP

Like discussed previously, Postfix logfiles require root privilege to access, and snmpd runs as a low privilege user. What I do is have a CRON job that reads this data and stores it in files for snmpd to access via extension scripts.

If you are using the same config I described previously, then simply add the lines to your /etc/snmp/local-snmp-cronjob file to make it look something like this (may have other content for other tasks):

#!/bin/sh

# run postfix stats
/etc/snmp/uloganalyser
    /var/log/mail.log.1
    /var/log/mail.log
    /var/local/snmp/mail
    postfix dkim clamav spamd

This is fully compatible with my dovecot stats plugin and you can just add "dovecot" on the end to add those stats into the same file and analyse the logs in one shot. Likewise, plugins you don't use may be left off.

From there, I have a load of small scripts for each aspect of the stats I monitor. One thing to consider when writing these scripts is to ensure that if more parameters are added to them, they are all added to the ends of the scripts to ensure that the order of the data given to snmpd does not change.

These scripts are in the tarball (see later) and are all named postfix-stats-*, clamav-stats or dkim-stats. I place these scripts (make them executable first: chmod +x postfix-stats-*) in /etc/snmp

In /etc/snmp/snmpd.conf add the following lines (or others if you want to monitor them):

extend postfixlocal     /etc/snmp/postfix-stats-local
extend postfixlmtp      /etc/snmp/postfix-stats-lmtp
extend postfixpickup /etc/snmp/postfix-stats-pickup
extend postfixqueue /etc/snmp/postfix-stats-queue
extend postfixsmtp      /etc/snmp/postfix-stats-smtp-connect
extend postfixsmtpstatus        /etc/snmp/postfix-stats-smtp-status
extend postfixsmtptls   /etc/snmp/postfix-stats-smtp-tls
extend postfixsmtpwarn  /etc/snmp/postfix-stats-smtp-warning
extend postfixsmtpd     /etc/snmp/postfix-stats-smtpd-connect
extend postfixsmtpdnq   /etc/snmp/postfix-stats-smtpd-noqueue
extend postfixsmtpdnqrec        /etc/snmp/postfix-stats-smtpd-noqueue-recipient
extend postfixsmtpdnqrel        /etc/snmp/postfix-stats-smtpd-noqueue-relay
extend postfixsmtpdnqsnd        /etc/snmp/postfix-stats-smtpd-noqueue-sender
extend postfixsmtpdnqclnt       /etc/snmp/postfix-stats-smtpd-noqueue-client
extend postfixsmtpdqd   /etc/snmp/postfix-stats-smtpd-queued
extend postfixsmtpdtls  /etc/snmp/postfix-stats-smtpd-tls
extend postfixsmtpdwarn /etc/snmp/postfix-stats-smtpd-warning
extend postfixcleanup   /etc/snmp/postfix-stats-cleanup
extend postfixpolicy /etc/snmp/postfix-stats-policy
extend postfixip /etc/snmp/postfix-stats-connect-ip
extend clamav /etc/snmp/clamav-stats
extend dkim /etc/snmp/dkim-stats
extend spamd /etc/snmp/spamd-stats

Once you have added all this in you can test these scripts by running them from the command line, and via SNMP by appending the appropriate SNMP OID to the "snmpwalk" commands shown previously.

Cacti Templates

I have generated some basic Cacti Templates for these Postfix stats which is in the tarball (see later).

Simply import this template, and add the graphs you want to the appropriate device graphs in Cacti. It should just work if your SNMP is working correctly for that device (ensure other SNMP parameters are working for that device).

The much awaited tarball

Download: Postfix stats on Cacti tarball 20131027

This contains all the goodies needed for this article and extracts into a subdirectory (neat!)

Graph Screen Shots

.... for a very quiet mail server

Postfix Stats over SNMP on Cacti : ClamAV Milter

Postfix Stats over SNMP on Cacti : Queues

Postfix Stats over SNMP on Cacti : DKIM milter

Postfix Stats over SNMP on Cacti : Local

Postfix Stats over SNMP on Cacti : Pickup

Postfix Stats over SNMP on Cacti : Policy SPF

Postfix Stats over SNMP on Cacti : smtp connections

Postfix Stats over SNMP on Cacti : smtp IPv4 / IPv6

Postfix Stats over SNMP on Cacti : smtp status

Postfix Stats over SNMP on Cacti : smtp TLS

Postfix Stats over SNMP on Cacti : smtp TLS Certificate Verification

Postfix Stats over SNMP on Cacti : smtp Warnings

Postfix Stats over SNMP on Cacti : smtpd accept / reject

Postfix Stats over SNMP on Cacti : smtpd connections

Postfix Stats over SNMP on Cacti : smtpd IPv4 / IPv6

Postfix Stats over SNMP on Cacti : smtpd TLS

Postfix Stats over SNMP on Cacti : smtpd TLS Certificate Verification

Postfix Stats over SNMP on Cacti : smtpd Warnings

Changelog (NEW!)

  • 20110707 - Major Update
    • Now using universal log analyser and just provides a plugin
    • Expanded peer mail server error messages and other previously unrecognised log content - thanks to those who submitted samples of their unrecognised log lines
    • ClamAV and DKIM are now optional plugins and not part of the main Postfix script
  • ..... various minor fixes, enhancements
  • 20120420 - Added extra plugin and scripts for spamass-milter (spamd)

Comments:

 Image  30/06/2010 20:42 ::

Good evening, in the office we test your script and we found that running that script in Fedora Core 12 with snmp v5.4.2.1 generates a error that cant find the stats file when generates the new one in '/var/local/snmp/postfix', we find the solution replacing the code in the local-snmp-cronjob file original contaning '/etc/snmp/postfix-loganalyser \

/var/log/mail.log.0 \

/var/log/mail.log \

/var/local/snmp/postfix'

for this one

'#!/bin/sh

LASTFILE=`ls -lat /var/log/maillog* | gawk 'NR==2 {print $9}'`

CURRENTFILE=`ls -lat /var/log/maillog* | gawk 'NR==1 {print $9}'`

STATSFILE=/var/local/snmp/postfix

# run postfix stats

/etc/snmp/postfix-loganalyser $LASTFILE $CURRENTFILE $STATSFILE'

We hope that this code can help the community thanks.

Umberto Bernardi Image  19/07/2010 13:01 :: Umberto Bernardi

Sorry,

but what is the "appropriate OID" to test via snmp?

If I query without OID I get a lot of output, but nothing relative to postfix.

thank you

Glen Pitt-Pladdy Image  24/07/2010 12:30 :: Glen Pitt-Pladdy

Hi Umberto - sorry for the delay getting back to you.... It's been one of those weeks.

By "appropriate OID", I mean adding the OID for the extensions added to the config file to the snmpwalk example from my previous article on SNMP basics.

For example, to walk down all the extensions you could do something like:

$ snmpwalk -v 3 -u monitor -l authPriv -a SHA -x AES -A AUTHPASS -X PRIVPASS localhost NET-SNMP-EXTEND-MIB::nsExtendOutLine

Umberto Bernardi Image  30/07/2010 10:43 :: Umberto Bernardi

Thank you so much,

I've solved.

Ronny Image  04/08/2010 17:47 :: Ronny

Nice work :)

Could you add stats for ipv4 and ipv6 traffic?

I think, the relay= line could here be used for.

Ronny

Glen Pitt-Pladdy Image  04/08/2010 18:03 :: Glen Pitt-Pladdy

I like the idea! It would ideally need to show both inbound (smtpd) and outbound (smtp) mail but it should be relatively easy.

I'm a bit busy now and I will see what I can do over the next few weeks - look for an updated set of templates and scripts.

kurt Image  13/08/2010 01:33 :: kurt

Nice work, thank you for posting your cacti templates.

kurt Image  26/08/2010 02:16 :: kurt

Is there anything special that needs to be done when upgrading to a newer version of your template and scripts? I tried upgrading, and now I'm only getting graphing for my Queues. None of the other Postfix graphs are currently populating. Debug mode also shows OK. Any tips you might have would be appreciated :)

Glen Pitt-Pladdy Image  26/08/2010 19:41 :: Glen Pitt-Pladdy

I have little experience upgrading templates, and most of that wasn't positive. This is something that is probably get a better answer on a Cacti mailing list.

Cacti does seem to try merge old and new when updating templates, but every time I have tried it I've had to go and manually fix things.

What may work (this is theoretical and untested so use with caution, take backups and all the usual disclaimer stuff) is to purge existing graphs, data sources and templates, import the new ones and re-create all the graphs. That will of course loose your old data, but the .rrd files should (on my version anyway) still be in /var/lib/cacti/rra (Debian). When the new data sources have created their files, you can then move the old files over the new (probably wise to do this between samples) and it will continue from there. eg:

# mv bender_postfix_smtp_warn_176.rrd bender_postfix_smtp_warn_572.rrd

Do that for all the old rrd files - you may want to script it.

Hope that helps!

kurt Image  28/08/2010 05:08 :: kurt

Glen, thanks for the tips. I've tried your suggestion but unfortunately it didn't seem to help. This is turning out to be an excellent opportunity for me to learn Cacti a little better :) I've been digging into it, and I've confirmed that SNMP is returning data, and the RRD's appear be getting updated by the poller. For whatever reason, the graphs are not displaying the values, they are just rendering as empty charts. Same as before, only the Queue chart is actually displaying a value, all the other charts are blank.

Glen Pitt-Pladdy Image  28/08/2010 13:10 :: Glen Pitt-Pladdy

Sounds like some old stuff might have survived the purge. It is important to remove ALL the affected graphs with ALL their data sources, plus ALL the relevant templates (host, graphs and data source templates).

What I do with graph problems (happens all the time while creating templates) is head straight to Graph Management and go into a trouble graph, then turn on debug mode and see what errors you are getting. Also check that all the correct data sources are set for the graph, and all the data sources are present.

Other things I have found is sometimes a graph doesn't work after changes until I change to template to None, save it, then switch it back to the correct template. Not sure why, but this seems to work.

Owen Image  01/10/2010 01:08 :: Owen

I've followed your directions to set up these scripts, but I'm getting blank graphs.

* I created a cron job to run postfix-loganalyser every minute. It is successfully outputting data to /var/local/snmp/postfix.

* I copied the various postfix-stats scripts into /etc/snmp and added 'extend' lines to snmpd.conf for them, and then restarted snmpd. snmpwalk shows output for these (many zeroes but a few >0 values).

* I imported the template xml file into Cacti successfully

* I added the appropriate Associated Graph Templates under Devices. I do not see any Associated Data Queries here that look relevant. Should I?

* I added graphs for the host using Create Graphs for this Host

One thing I will note is that my Device setup in Cacti shows this as a Generic SNMP-enabled Host, with SNMP version 1. In the Host Template dropdown, I also see options for Postfix and ucd/net SNMP Host. I'm wondering if I need to use one of those for these graphs...

Owen Image  01/10/2010 01:31 :: Owen

I may have spoken too soon... it looks like at least some of my graphs are updating. I suspect that the others just don't have input data from SNMP, which I will look into.

Glen Pitt-Pladdy Image  01/10/2010 08:06 :: Glen Pitt-Pladdy

The default Cacti config I am familiar with only samples every 5 minutes, however this can be changed and some distros may well have done this.

The first sample will create the data files, and the second start putting data in them. I have been caught before by this - it can be 15minutes before there is any useful info to display in the graphs.

Konstantin Image  01/12/2010 10:35 :: Konstantin

Hi Glen

I have followed your howto on a OpenSuSe server. and but i am confused with the output of snmpwalk.

when i do snmpwalk i get bunch on OIDs, and see the values from the /var/local/snmp/postfix file in there and updating but the they are in the following format:

HOST-RESOURCES-MIB::hrSWRunParameters.7240

I was expecting to see something like the OID format from your cacti template:

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixlocal".4

I have the mib file /usr/share/snmp/mibs/NET-SNMP-EXTEND-MIB.txt but i am not sure if it is loading. Do you have an idea what can be the problem?

Glen Pitt-Pladdy Image  02/12/2010 20:28 :: Glen Pitt-Pladdy

Indeed. When I run the snmpwalk command (see post above from 24/7/2010) I get stuff like this:

ET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixip".1 = STRING: 52100

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixip".2 = STRING: 16299

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixip".3 = STRING: 264

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixip".4 = STRING: 8

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtp".1 = STRING: 1425

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtp".2 = STRING: 0

.......

I am normally using Debain or Ubuntu servers so can't say anything specifically about OpenSuse. The place I would start is to find out exactly what options you are using with snmpwalk. By default it will not walk the extended MIBs unless you specify them... on Debian/Ubuntu anyway.

Charles Image  20/05/2011 16:12 :: Charles

Nice work on those cacti graph and scripts,

i tried them myself and ran into a small problem which could happen to quite a few people who are using postfix/virtual for mail delivery.

The only change i made was to fix line 402 to also check virtual

} elsif ( $line =~ s/^.+ postfix\/(local|virtual)\[\d+\]:\s*// ) {

Glen Pitt-Pladdy Image  20/05/2011 19:03 :: Glen Pitt-Pladdy

Thanks! Good point - I'll look at rolling that into the next update to the script. I've been doing some work with Dovecot recently and will be adding that in too.

Charles Image  24/05/2011 14:32 :: Charles

Another improvement that could easily be done is to support compressed logs as many people use compression with their logrotate :)

Dovecot addition sounds really good to me :)

Glen Pitt-Pladdy Image  24/05/2011 20:37 :: Glen Pitt-Pladdy

In my experience only old logs are compressed, and typically you keep the current and the last rotated log uncompressed. It would be rather wasteful to run less than that with this script as it uses tell/seek to find it's way efficiently to the last position in the log so that it doesn't have to read the whole file each time to find the line it was on so can handle very busy servers with large log files.

Having to read a compressed file would defeat using tell/seek so I think it would be counter productive overall.

It may be a while before I get the chance to update the script, but I'll make an effort to get a decent lot of new stuff in there.

Guido Image  09/06/2011 15:29 :: Guido

Exist an Mib instead of the cacti template or an way to convert the cacti template to a mib.

Best Regards!

Guido

Glen Pitt-Pladdy Image  10/06/2011 07:34 :: Glen Pitt-Pladdy

There is no MIB as this was never intended to work with anything other than the Cacti template, but as it's Open Source, you are welcome to modify it as you please for your needs.

I'm not aware of any automatic conversion, but there may be one. Otherwise, if you look at the OID setting in the cacti data templates you will see where each stat comes from and you could either script up something to generate MIBs, or hand-create a MIB for your needs. I have no use for a MIB for this myself so will not be creating one.

Hope that helps!

Xarion Image  03/07/2011 20:31 :: Xarion

Good going, there is just a little when you first run it, you get a huge spike because obviously the initial value is 0 and then all of a sudden you have all the new vals, not sure if there is any way around that. Other than that all is good, thanks!

Glen Pitt-Pladdy Image  03/07/2011 21:10 :: Glen Pitt-Pladdy

There is certainly a chance of a spike when the loganalyser script is first run as it will parse the entire most recent two log files worth of data. If your graphs are already running then this will mean that the counters jump from zero to whatever was in your last two log files - that could indeed be a big spike!

The way I would recommend of preventing that is to get the loganalyser script running and producing stats before adding the graphs. A quick fix afterwards is just to delete the .rrd files for the affected graphs and the next sample will recreate them, effectively starting them after the script has processed the log files.

Hope that is useful.

Roberto Image  30/08/2011 20:56 :: Roberto

Hi,

I'm trying to install the postfix scripts, but got a problem with the snmp daemon. After installing everything, and extending snmp (in snmpd.conf), instead of the expected output, snmpwalk is returning lines like this one (that's the output of snmpwalk -c <community> -v2c server_ip . > snmpwalk_server.txt):

iso.3.6.1.4.1.8072.1.3.2.3.1.2.12.112.111.115.116.102.105.120.108.111.99.97.108 = STRING: "0

0

0

0

0

0

0

0"

iso.3.6.1.4.1.8072.1.3.2.3.1.2.12.112.111.115.116.102.105.120.113.117.101.117.101 = STRING: "1

124

0

0

0"

iso.3.6.1.4.1.8072.1.3.2.3.1.2.12.112.111.115.116.102.105.120.115.109.116.112.100 = STRING: "0

0

0"

Tried on FreeBSD 7.2, with net-snmp version 5.5, and on Debian 6 with net-snmp version 5.4.3, both with the same results.

Any ideas of what could be wrong?

Thanks,

Roberto

Glen Pitt-Pladdy Image  31/08/2011 07:58 :: Glen Pitt-Pladdy

On newer Debian (this article was written for Lenny) you will also need to install snmp-mibs-downloader and comment out the "mibs:" line in /etc/snmp/snmp.conf

The other thing is I notice you are walking "." - try walking "NET-SNMP-EXTEND-MIB::nsExtendOutLine"

Also make sure that the community you are using is configured to allow the extended outputs else they will not be available. One Debian (possibly others) it appears to default to not being available to the public community.

Roberto Image  01/09/2011 19:41 :: Roberto

Great. Installing snmp-mibs-downloader and commenting the line in snmp.conf made everything work fine. snmp-mibs-downloader gave me some owrk, because it's a package in the 'non-free' repositories, which I usually don't enable. Otherwise, it worked fine.

My problem now is that I can't figure out how to do the same in FreeBSD. Any pointers on what to search for? I've tried googling for "FreeBSD extending snmp" and other similar searches, without success. Any suggestions on what's missing?

Thanks,

Roberto

Glen Pitt-Pladdy Image  01/09/2011 19:53 :: Glen Pitt-Pladdy

Not sure - FreeBSD is something I've never done much with. I would suspect if the problem behaves the same then it probably has the same cause.

On the assumption that you have a version of snmpd that has the features needed (ie. extensions) then I would check the following:

* sufficient privilege is given to whatever method you are using (ie. authentication method / user / community) to access them

* you have the MIBs needed (like with installing snmp-mibs-downloader on Debian/Ubuntu)

* snmpd is configured to use them

Other than that it's down to step-by-step problem solving, increasing logging (add to the code and rebuild the packages if needed), running strace (or FreeBSD equivalent) to see what snmpd is doing and similar.

If you do find a solution on FreeBSD then it would be useful for others if you would post what you found or post a link to your blog with the solution.

Roberto Image  02/09/2011 13:43 :: Roberto

Ok.

Following your tip I managed to bring it to work in FreeBSD. It was really matter of enabling some MIBs.

To enable the MIBs, add the following to snmp.conf:

mibdirs +/usr/local/share/snmp/mibs/:/usr/share/snmp/mibs

mibs +NET-SNMP-EXTEND-MIB

Two notes:

- The '+' sign indicate that those entries above are to add to any previously existing dirs/MIBs entries.

- By default, the net-snmp install does not create a snmp.conf file in FreeBSD. It can be created with the 'snmpconf' command.

Aside from that, I've got two problems now. The first is that sometimes the cronjob script writes in the mail file, a negative number for the 'postfix:smtp:connect:ipv4' line. When that happens, all the following runs of the cronjob script crash.

Also, where do the 'dkim.pm' and 'clamav.pm' take their data? Something is wrong in that both are not adding anything to the 'mail' file, and so the graphs for them are coming out flat.

Thanks,

Roberto

Glen Pitt-Pladdy Image  03/09/2011 16:34 :: Glen Pitt-Pladdy

Well done!

The negative number is interesting as we only decrement the connect stuff when certain errors occur that cause a double increment, so we decrement to compensate.

It does appear you might have discovered a bug in the script. I had done some work cleaning up some ugly code and it looks like I left some in with the result that it might cause this problem. I need to test it some more then I will post an update to what I find.

dkim.pm does stats on dkim-filter, but if you are not running DKIM for your domain then just leave it out. It looks for lines with "dkim-filter[NNNNN]"

Likewise, clamav.pm is if you are running clamav-milter to virus/malware scan your mail and it graphs what flavours of malware are being quarantined. This looks for lines with "clamav-milter[NNNNN]"

Roberto Image  05/09/2011 13:31 :: Roberto

Thanks. Will wait for the update.

Dkim I we are actually not running, so it's no surprise I'm not getting any stats. But we do have clamav running, and the "mail" file is not getting any results for it. I'm guessing that this is because I'm running FreeBSD, and so some files might be in different/unusual places.

BUT, checking now I've seen that clamav stopped logging 3 weeks ago, when the log file reached 1MB (log files for FreeBSD are in /var/log/clamav/). Log rotation was not working. Fixed that, will try again later to see if cronjob starts generating data for clamav.

Thanks,

Roberto

Roberto Image  05/09/2011 19:36 :: Roberto

Just one update: after removing dkim (which I don't have) from the cronjob, the negative values stopped appearing.

Roberto

Glen Pitt-Pladdy Image  05/09/2011 19:53 :: Glen Pitt-Pladdy

I've been looking at this and there is indeed a bug relating to counting connections caused by cruft left over from a cleanup up some of the code. I've also since done some updates to templates etc. Cacti doesn't seem good at merging newer versions of templates and while possible it does seem to need some work to tidy up after. I have put a new version up and that should solve the problem.

The plugins should still work with all the old scripts and templates, but your mileage may vary depending on what you have been running before. If in doubt the safest thing is to purge the old stuff and put the new version on.

Azhar Chowdhury Image  06/12/2011 11:09 :: Azhar Chowdhury

Hi,

My cacti and postfix running two separate servers. uloganalyser running from cron and creating

data in /var/local/snmp/mail without any problem. xml file imported, I can create device for

mail server, graphs generated without any problem. But no records showing for each inv graphs.

No error in Mail and cacti server.

One thing I can notice nothing are coming through snmpwalk -v3c -c <mycommunity> <remote-mx-server> NET-SNMP-EXTEND-MIB::nsExtendOutLine but "snmpwalk -v3c -c <mycommunity> <remote-mx-server>" showing the list of mibs info. Do I have to install "snmp-mibs-downloader" at my ubuntu server? Any other clue.

Glen Pitt-Pladdy Image  06/12/2011 11:22 :: Glen Pitt-Pladdy

Sounds like you have things mostly right. The snmpwalk commands you are using are using say "-v3c", but I think that should be "-v2c" to use SNMP version 2c.

With recent Debian and Ubuntu you will need to install "snmp-mibs-downloader" on the mail server and comment out the "mibs :" line in /etc/snmp/snmp.conf, then restart snmpd.

Also, the extended MIBs which this uses are not accessible with the default config file when using version 2c or below. You will need to configure SNMP version 3 or configure a version 1 or 2c community with permissions for the extended MIBs in the snmpd config to give access for version 2c or lower.

Hope that helps!

Azhar Chowdhury Image  06/12/2011 11:44 :: Azhar Chowdhury

Big Thanks. Typo in last post, it is "v2c". Now data is coming, it is test MX server with less email processing that's why took long time to show some data. I am going to try with v3 for extended one. Thanks once again.

Glen Pitt-Pladdy Image  06/12/2011 13:00 :: Glen Pitt-Pladdy

That's great news. Well done on getting it working!

Azhar Chowdhury Image  06/12/2011 14:34 :: Azhar Chowdhury

I have central Cacti (Version: 0.8.7e) with PIA 2.5, thold 0.4.9, Monitor 1.3, aggregate 0.75. when trying to import your XML file getting "Error: XML: Hash version does not exist." I checked your posting about it begining of blog. Seems problem with Thold or other Plugin, any clue?

Glen Pitt-Pladdy Image  07/12/2011 13:05 :: Glen Pitt-Pladdy

Thanks for the info - the current template was created after I upgraded my Cacti server to Debian Squeeze so it's on 0.8.7g. I have updated the hash_version_codes above from my installed version and hopefully if you add the missing versions your Cacti will recognise it. Always create backups of any files you change in case it breaks things.

Let us know if that solves the problem.

Jeffers Image  06/01/2012 08:06 :: Jeffers

Hi,

First of all, let's say lot of thanks for your great jobs.

I had followed your ideas in my environment.

when I used the

$ snmpwalk -v 2c -c public IP NET-SNMP-EXTEND-MIB::nsExtendOutLine

I can see the result as

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpstatus".5 = STRING: 21

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpstatus".6 = STRING: 0

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpstatus".7 = STRING: 1582

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpstatus".8 = STRING: 0

However, when I used

$ snmpwalk -v 2c -c public IP NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpstatus".8

What I got as:

NET-SNMP-EXTEND-MIB::nsExtendOutLine.postfixsmtpstatus.8: Unknown Object Identifier (Index out of range: postfixsmtpstatus (nsExtendToken))

So, any ideas?

BTW,

I am running under Ubuntu environment.

Thanks.

Jeffers

Glen Pitt-Pladdy Image  06/01/2012 09:09 :: Glen Pitt-Pladdy

This is most likely the shell swallowing your "

Try escaping them: \"

For individual values we would normally use snmpget, though snmpwalk effectively does a load of GETs as it walks the tree.

Jeffers Image  07/01/2012 04:49 :: Jeffers

Hi, Sir,

You're totally correct!

But another question comes out, should I change the data input template in Cacti?

Currently, in my cacti side, I can read the value now, however, in Cacti, the graphics shows empty.

Any idea?

Thanks.

Jeffers

Glen Pitt-Pladdy Image  07/01/2012 12:45 :: Glen Pitt-Pladdy

No, the Cacti data templates should be fine - they don't run in a shell.

If you are seeing problems the first thing I would do is check that SNMP is working correctly in Cacti first: in the device setup look at the top - there should be something that says "SNMP Information", "System:Linux .....". If there's no information about the host (should be ~5 lines including things like uptime, location, contacts etc.) then chances are there is a problem with the SNMP config for the device in Cacti.

I would also check the logs. On Debian/Ubuntu /var/log/cacti/cacti.log will have info on what Cacti is doing and if it is having trouble picking up anything. You can change the log level in Settings->General to get more/less info.

Hope that helps!

tot Image  10/04/2012 17:45 :: tot

hi, this tool seems nice, but i ve got the same jeffer's problem.

Graphic show empty And cacti.log say:

NET-SNMP-EXTEND-MIB::nsExtendOutLine.postfixsmtpdtls.10: Unknown Object Identifier (Index out of range: postfixsmtpdtls (nsExtendToken))

Please, Any idea?

Glen Pitt-Pladdy Image  10/04/2012 18:03 :: Glen Pitt-Pladdy

This is most likely SNMP not working as expected in some way. I would suggest going through testing step-by-step. You can use snmpwalk to see what snmpd is serving up. Other useful checks are checking that the uloganalyser stats file is being updated and has valid info in it, running the snmpd extension scripts and seeing if they return valid info from the uloganalyser stats file and depending on what you get there are many other options to debug this.

I would definitely start with snmpwalk and see if you are getting what is expected from snmpd.

tot Image  10/04/2012 18:14 :: tot

hi, thank so mucho for your answer.

i ve tested the snmpwalk from my cacti debian server to my postfix debian server:

"snmpwalk -v 2c -c xxxx iphost NET-SNMP-EXTEND-MIB::nsExtendOutLine"

And the output is somethink like:

##

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpdnq".1 = STRING: 0

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpdnq".2 = STRING: 0

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpdnq".3 = STRING: 0

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpdnq".4 = STRING: 0

NET-SNMP-EXTEND-MIB::nsExtendOutLine."postfixsmtpdqd".1 = STRING: 310259

....more data

###

And the output of the uloganalyser script is somethink like:

lastrun=1334077501

lastline=2171843

lastposition=229150310

...

postfix:smtpd:timeoutconnection=8

postfix:smtpd:warning=1

which could be my mistake?

Glen Pitt-Pladdy Image  10/04/2012 18:25 :: Glen Pitt-Pladdy

Check specifically that NET-SNMP-EXTEND-MIB::nsExtendOutLine.postfixsmtpdtls.10 is in the snmpwalk output.

Also run the postfix-stats-smtpd-tls script and check that outputs 10 lines - the error is regarding the last line output by this script.

Another possible check is to use snmpget (works very much like snmpwalk) to get the specific OID. Do this from the host that is running Cacti in case there is some error that only occurs from that host.

It is possible that this error is transient (ie. happened just once and is fine now) so check that it isn't being repeatedly logged. If it is being logged with each poll then we need to diagnose this.

oneloveamaru Image  18/04/2012 15:06 :: oneloveamaru

I'm using Spamass-Milter and as well as Clamav-Milter. Is it possible to get some Spamassassin stats? Maybe just rejected is fine. I have mine set to rejected if the score is 15 or over. Even better if it scanned the spamd.log and looked for messages marked as spam, which for me is 5 or over.

Blocked since it scored 15 or over.

postfix/cleanup[8854]: 9F07F87B56: milter-reject: END-OF-MESSAGE from unknown[64.56.70.207]: 5.7.1 Blocked by SpamAssassin;

Spamassassin marked it as spam.

info: spamd: result: Y 21

I'm also going to try and convert all of this over to use in Zenoss. I'll post the final product when I get there. If you or someone could help by writing the code to parse the spamd.log that would be help me out a lot.

Glen Pitt-Pladdy Image  18/04/2012 15:38 :: Glen Pitt-Pladdy

I'll certainly take a look at that - I have already installed spamass-milter on one host to test. I have to date tried to avoid rejecting messages based on statistical spam classifiers as they do sometimes give completely wrong decisions, but I do have some "spam magnet" test boxes I can run to test.

Initially I will probably only add a SpamAssassin trace into the postfix rejection graphs and then perhaps look at a a histogram or something for spam ratings in the longer term.

Keep an eye on this page for releases - I will post a comment when release this feature.

Glen Pitt-Pladdy Image  20/04/2012 08:39 :: Glen Pitt-Pladdy

I've just put up a new release that hopefully understands spamass-mitler/spamd messages, plus two spamd specific graphs. There are quite a few changes which means that the following will change: cronjob, snmpd config, postfix.pm, postfix-stats-cleanup, spamd-stats, and spamd.pm, plus you will also need the latest version of uloganalyser.

An updated Cacti template is also needed. I've not had good experience importing/updating existing templates so if you run into trouble you may need to purge the old templates and start clean.

Juan Baena Image  02/05/2012 08:53 :: Juan Baena

Hi Glen. Congratulations for your great work. I´ve running your solution for a while and everything´s working fine on my environment. But I have a question regarding postfix/smtpd Accept/Reject graph. On this graph, we can look at messages/second related to several subjects like Recipient User Unknown and others.

The question is: How is averaging made ? I can see (CACTI) a graphed value of 3,3 Messages/second (Recipient User Unknown)at a moment and when i check manually logs and stat file i can find only one message difference for the time period elapsed between samples (5 minutes).

So what´s 3,3 accounts for?

Is there some way to show instant values for more recent graphs (i mean current day) while mantaining consolidation for the others ?.

Maybe this is a question for cacti forums.

Thanks anyway for your time.

Glen Pitt-Pladdy Image  02/05/2012 09:24 :: Glen Pitt-Pladdy

The way this works is that the data is simply handed to Cacti as a count of the total messages processed in a category. Each time Cacti polls (default 300seconds/5minutes) it takes the difference since it's last sample ad divides that by 300 seconds to get messages/second.

For example, if the counter is at 10000 and the next poll it's 10006 then Cacti will take 10006 - 10000 = 6 new messages, and then divide by the 300 second polling interval to get 0.02 messages a second. This will likely be displayed as "20m" (m = mili as in 1/1000). If there was only 1 message processed in the polling interval then it would likely be 1/300 = 0.0033 and displayed as "3.3m"

As Cacti polls in 5 minute intervals that's the most up-to-date data will be and the period it will be averaged over for the daily (or hourly) graphs unless you change the interval.

Juan Baena Image  02/05/2012 12:29 :: Juan Baena

It´s clear for me now.

Thanks a lot for your fast answer.

Glen Pitt-Pladdy Image  02/05/2012 14:04 :: Glen Pitt-Pladdy

Glad to be of help!

voytek eymont Image  15/08/2012 00:35 :: voytek eymont

I don't think I've updated, as yet, postfix template that was changed a while back

I don't think dovecot was altered since I've updated (?)

dumb question:

is there a way I can confirm at my cacti if I'm running latest/correct templates, rather than, removing/installing afresh

thanks very much for all your help

Glen Pitt-Pladdy Image  15/08/2012 10:26 :: Glen Pitt-Pladdy

I don't believe there is any way other than checking the .xml file you imported against the latest download. So far as I know there is no versioning mechanism in Cacti templates.

Stephane PARIS Image  24/11/2012 21:15 :: Stephane PARIS

Hello

I have installed all scripts and config and it seems to work correctly without any error but I just have this line in /var/local/snmp/mail stat file :

lastrun=1353791546

lastline=18396

lastposition=2544955

repeatline=Nov 24 22:12:22 irys-dj1 mail/smtpd[25997]: disconnect from unknown[83.167.X.X]

lastinode=2097696

postfix:queue:active=0

postfix:queue:deferred=3

postfix:queue:hold=0

postfix:queue:incoming=0

postfix:queue:maildrop=0

And no other stats

Do you have an idea to have all other stats ?

Stephane PARIS Image  24/11/2012 21:29 :: Stephane PARIS

Hello

regarding my last issue, I have found the root cause :

If I change syslog_name in main.cf of postfix, the plugin postfix.pm cannot treat log lines because a detection is done from the name of syslog.

The solution is to not adjust this parameter or to change postfix/ under postfix.pm by the name of syslog.

regards

Glen Pitt-Pladdy Image  24/11/2012 21:40 :: Glen Pitt-Pladdy

Well done!

The way that the uloganalyser plugins work is to check the name logged to decide if that plugin should process the line. If the name in the plugin doesn't match the name the application is logging as then it won't process any lines.

josue Image  18/12/2012 19:06 :: josue

This error is a MIB associated error, this error as caused for mib not installed on ubuntu systems, install mibs on cacti server with: apt-get install snmp-mibs-downloader and test system.

Will Image  22/03/2013 19:34 :: Will

Hello, I'm attempting to get this working on a Solaris 10 box using net-snmp 5.7.2 with perl-5.16.3 for the perl stuff. All shell scripts manually point to the bash shell.

postfix.pm doesn't look good though:

/opt/thesl/etc/snmp/postfix.pm 20121115:289 /var/adm/mail.log:934592 unknown: Mar 22 11:45:37 mx1 postfix/smtpd[12754]: [ID 197553 mail.info] disconnect from nagios.thesl.me[xxx.yy.zz.34]

* snmpwalk shows output for these (many zeroes but a few >0 values).

1.) I have all the SMTP data being shown in the snmpwalk and visible on the cacti server

2.) The graphs are all blank with data.

Glen Pitt-Pladdy Image  22/03/2013 21:33 :: Glen Pitt-Pladdy

Hi Will,

It would appear that the format of the log is different enough that the postfix.pm plugin is not able to parse it. The "[ID 197553 mail.info]" bit is certainly not in any of the logs I've seen so far (and I've been sent a lot with all the bizarre things that hit mail servers). I suspect that it would be relatively easy to change postfix.pm to handle your logs if they all have this extra field in.

While Solaris was not a target platform, if you send me a test sample of few more error lines (obviously any identifying data stripped) via the Contact link in the side panel and I'll see what I can do about handling the format differences.

voytek Image  03/11/2013 21:45 :: voytek

Glen,

I've been running your postfix cacti for a while, many thanks

looking at postfix/delivery chart, I'm not getting any output, yet I deliver via lmtp postfix to dovecot, how best to t/s this ?

Glen Pitt-Pladdy Image  04/11/2013 19:51 :: Glen Pitt-Pladdy

The delivery graph takes lines for postfix/local, postfix/virtual or postfix/pipe, and increments postfix:local:* counters in the stats file accordingly. Beyond that it's just tracing the data end to end through snmpd and Cacti.

Meik Image  12/02/2014 09:46 :: Meik

Glen,

your scripts are working great! Thanks for that.

I'd like to know how to add own customs stats such as 'size of mailq' for example. I've created a small script in /etc/snmp which prints out a number (size of mailq). How do I export it to the summary file in /var/local/snmp/mail so Cacti can get use of it?

Glen Pitt-Pladdy Image  12/02/2014 23:35 :: Glen Pitt-Pladdy

To add any additional stats you can either create your own extension, or modify the plugin to add your custom stats. That will require programing skills and if you have them then it should be obvious how to do it.




Are you human? (reduces spam)
Note: Identity details will be stored in a cookie. Posts may not appear immediately