Monitoring the kernel entropy buffer with mrtg

Look here for some output examples (look for 'devrandom').


When your Linux system uses a lot of entropy-data from the /dev/random or /dev/urandom device, it might get empty and stall your application (in case of /dev/random) or return less secure data (in case of /dev/urandom).
This can happen when you, for example, generate a lot of cryptographic keys (for GnuPG or OpenSSL) or when you use LibPRNGWrap.
One then can install a hardware random number generator (which are expensive) or run audio-entropyd (which fills /dev/random with random data from an unused audio-card) or run video-entropyd (which fills /dev/random with random data from an unused video4linux device (e.g. webcam or tv-card)).

How to...

But before taking such measures one first to know if it is really neccessarily to go through all this hassle so you could monitor the kernel entropy buffer with MRTG.
This is actually quiet simple: create a file called 'entropy.cfg' or add the following to /etc/mrtg.cfg (Debian users):
Target[devrandom]: `cat /proc/sys/kernel/random/entropy_avail ; cat /proc/sys/kernel/random/entropy_avail ; uptime ; hostname`
MaxBytes[devrandom]: 1000000
Options[devrandom]: gauge, growright
Title[devrandom]: entropy in /dev/random
YLegend[devrandom]: bits
LegendI[devrandom]:  bits
PageTop[devrandom]: <H1>entroy in /dev/random</H1>
ShortLegend[devrandom]: bits
That's it!