Skip to content

Gmetric Spoofing

jbuchbinder edited this page May 21, 2012 · 1 revision

Gmetric has the ability to spoof metrics for a host that, for some reason, is not running gmond. This is particularly useful for devices that only require one or two metrics, or for when running gmond on the host is not practical. When spoofing, the gmond binary is not required to be running on the machine doing the spoofing. However, it is necessary to have a gmond.conf file available. Gmetric will parse this file for the send blocks that define where the data will be sent, as well as other information such as location and cluster name.

When spoofing, gmetric prepares to send the data specified as it usually does, but changes the reported hostname while doing so. To spoof the data as if coming from a host other than the host gmetric is running on, the following option must be added to the gmetric command:

-S, --spoof=STRING where STRING=IP address and name of host/device (colon separated) we are spoofing

An example of using gmetric to spoof a metric from a webserver that isn't running gmond:

/usr/bin/gmetric -n "web1" -v "`/usr/local/bin/ web1`" -t float -u "req/sec" -S ""

In this example, the data output from web1 script will be used. This can be any data. In this example, it is a custom perl script that outputs the average number of requests/sec from a webserver. This local script runs and returns a value that corresponds to the hostname given as an argument, in this case "web1". Gmetric would normally report this data as coming from the host that gmetric is running on. The additional -S flag allows this data to show up from a different host, in this case "web1" with the corresponding IP address of "". When this command is run for the first time, a new host will appear in the cluster called "web1", with the metric that gmetric reported.

Spoofing also allows for the ability to creatively group like metrics by spoofing them from non-existent hostnames. For example, if one is interested in seeing these web request metrics grouped together, then they could all be spoofed from a non-existent hostname like "web_requests". Multiple gmetric commands would create an artificial "host" that appears in the cluster, that only reports web traffic:

/usr/bin/gmetric -n "web1" -v "`/usr/local/bin/ web1`" -t float -u "req/sec" -S ""

/usr/bin/gmetric -n "web2" -v "`/usr/local/bin/ web2`" -t float -u "req/sec" -S ""

/usr/bin/gmetric -n "web3" -v "`/usr/local/bin/ web3`" -t float -u "req/sec" -S ""
You can’t perform that action at this time.