Friday 8 June 2012

MRTG Installation and Configuration.

MRTG Introduction

MRTG is wonderful tool. You can use it to monitor traffic on your router or leased server located at remote IDC. Since it is written in Perl and some code in C language, it is portable and high performance tool.

What is MRTG?

As explained in official mrtg(1) man page "The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traffic." Here is public view of my own site. Please note following discussion based upon Red Hat Linux Enterprise version 3 update 2 and RHEL v4.0.

What is SNMP and why should I care?

SNMP is Simple Network Management Protocol. It is use to manage IP network devices such as servers, routers, switches etc. Administrator can find or manage network performance, solve problem or even optimize 

Assumptions

These installation instructions assume you have:
  • Linux distribution
  • You would like to perform MRTG and snmp binary installation using rpm. If you are looking for source installation then visit author's web site here. This page has an excellent information (systematically) to install it from source.
  • Required RPMs
    • mrtg
    • snmp
    • snmp-utils
  • Installations were tested on Red Hat Enterprise Linux version 3 update 
  • Configuration

    Make sure snmp server is working. Without proper working snmp server, mrtg will not work. Therefore, first step is make sure snmp up and running. Following steps will take you gradually to configure it.
  • Step # 1 : Make sure snmp server installed

    Please note that snmpd configuration does not require using mrtg with remote network devices such as Routers and switches. If you just want mrtg graphs for router or switch then please refer to step # 4 (as all these devices comes preconfigured with snmpd software).
    Run rpm commands query option to find out snmp server installed or not:
    # rpm -qa | grep snmp
    If snmp installed then please refer step # 2; otherwise snmp server and utils were not present and your need to install them using following steps (login as a root user):
    (a) Visit rpmfind.net to get snmp server and utilities rpms. If you are fedora user then use yum command as follows to install it:
    # yum install net-snmp-utils net-snmp
     
    (b) If you are RHEL subscriber then use up2date command as follows to install:
    #up2date -v -i net-snmp-utils net-snmp

Step # 2 : Determine if snmp server is running or not

Run 'ps' command to see if snmp server is running or not:
# ps -aux | grep snmp
Output:
root   5512  0.0  2.3  5872 3012 pts/0    S    22:04   0:00 /usr/sbin/snmpd
Alternatively, you can try any of the following two commands as well:
# lsof -i :199
Output:
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
snmpd   5512 root    4u  IPv4  34432       TCP *:smux (LISTEN)
OR try out netstat command:
# netstat -natv | grep ':199'
Output:
tcp        0      0 0.0.0.0:199             0.0.0.0:*               LISTEN
If you found service is running or listing on port 199 then please see step #3; otherwise start service using following command:
# service snmpd start
Make sure snmpd service starts automatically, when linux comes us (add snmpd service):
# chkconfig --add snmpd

  • Step # 3 : Make sure snmp server configured properly

    Run snmpwalk utility to request for tree of information about network entity. In simple words query snmp server for your IP address (assigned to eth0, eth1, lo etc):
    # snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
    ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = 1
    ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.192.168.0.3 = 2
    If you can see your IP address then please proceed to step 4; else it is a time to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason):

    **********Configure SNMP*****************

    (1) Edit file /etc/snmp/snmpd.conf using text editor:
    # vi /etc/snmp/snmpd.conf
    Change/Modify line(s) as follows:
    Find following Line:
    com2sec notConfigUser  default       public
    Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:
    com2sec local     localhost           public
    com2sec mynetwork 192.168.0.0/24      public
    Scroll down bit and change:
    Find Lines:
    group   notConfigGroup v1           notConfigUser
    group   notConfigGroup v2c           notConfigUser
    Replace with:
    group MyRWGroup v1         local
    group MyRWGroup v2c        local
    group MyRWGroup usm        local
    group MyROGroup v1         mynetwork
    group MyROGroup v2c        mynetwork
    group MyROGroup usm        mynetwork
    Again scroll down bit and locate following line:
    Find line:
    view    systemview     included      system
    Replace with:
    view all    included  .1                               80
    Again scroll down bit and change:
    Find line:
    access  notConfigGroup ""      any       noauth    exact  systemview none none
    Replace with:
    access MyROGroup ""      any       noauth    exact  all    none   none
    access MyRWGroup ""      any       noauth    exact  all    all    none
    Scroll down bit and change:
    Find lines:
    syslocation Unknown (edit /etc/snmp/snmpd.conf)
    syscontact Root  (configure /etc/snmp/snmp.local.conf)
    Replace with (make sure you supply appropriate values):
    syslocation Linux (RH3_UP2), Home Linux Router.
    syscontact Vivek G Gite <vivek@nixcraft.com>
    For your convenient, here is my /etc/snmp/snmpd.conf file. Feel free to use this file. Make sure you make backup of your existing file if you use this file as it is.

    Start your snmp server and test it:
    (a) Make sure when linux comes up snmpd always starts:
     # chkconfig snmpd on
    (b) Make sure service start whenever Linux comes up (after reboot):
     # service snmpd start
    (c) Finally test your snmp server:
     # snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Step # 4 : Install mrtg if not installed

Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:
#rpm -qa | grep mrtg
 
If mrtg already installed please see step # 5; else use rpmfind.net to find MRTG rpm or up2date command to install MRTG software:
# up2date -v -i mrtg
 
Fedora Linux user can use yum command as follows to install MRTG:
# yum install mrtg

  • Step # 5 : Commands to Configure mrtg

    (a) Create document root to store mrtg graphs/html pages:
    # mkdir -p /var/www/html/mymrtg/
     
    (b) Run any one of the following cfgmaker command to create mrtg configuration file:
    # cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg.cfg public@localhost
    OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router FQDN address)
    # cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg public@rh9.test.com

    (c) Create default index page for your MRTG configuration:
    # indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg
    (d) Copy all tiny png files to your mrtg path:
    # cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/
     
  • Step # 6 First test run of mrtg

    (a) Run mrtg command from command line with your configuration file:
    # mrtg /etc/mrtg/mymrtg.cfg
     
    Note: You may get few warning message for first time; ignore them.
    (b) Fire your favorite web browser (like FireFox :D ) and type url http://www.your.com/mymrtg/ or http://your-ip/mymrtg/
     
  • Step # 7 Create crontab entry so that mrtg graph / images get generated every 5 minutes

    (a) Login as a root user or login as a mrtg user and type following command:
    # crontab -e
    (b) Add mrtg cron job entry to configuration file (append following line to it):
    */5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg.cfg --logging /var/log/mrtg.log
    Save file and you are done with MRTG config issues :)
  • Step # 8 Block ports 161 & 162 at firewall

    You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server
    (a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):
    SERVER="xxx.xxx.xxx.xxx"
    iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
     
    (b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):
    SERVER="xxx.xxx.xxx.xxx"
    iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

    Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for complete information on iptables

     

tep # 9 Optional: Protect your MRTG graphs/html pages with password protected directory

Once again, you would like to restrict access to your MRTG reports. This can easily accomplished with Apache webserver's .htaccess file. If you are on webhosting server with control panel (such as ensim or plesk) then you can use control panel itself to create password-protected directory.
Below is process outlined to protect graphs using apache's .htaccess file and htpasswd command:
Step # 1: Create .htaccess file in /var/www/html/mymrtg/ directory (add text as follows):
vi /var/www/html/mymrtg/.htaccess
Add following text to file:
AuthName "MRTG Graphs/Html restricted access"
AuthType Basic
AuthUserFile /var/members/.htpasswd
require user mrtgadmin
Step # 2: Create a user and password name (-c assumes first time you are using .htpasswd file):
# htpasswd -c /var/members/.htpasswd mrtgadmin
 
**********************************************************
OUTPUT:

Traffic Analysis for DOT COM INFOWAY LTD.

Max Speed:2048 Kbps
Port@Router/Switch:\GigabitEthernet5/1/0.3507:@CHN-ISP-ACC-RTR-172
Wan Ip:182.72.163.152/30
The statistics were last updated Friday, 8 June 2012 at 15:24,
at which time 'CHN-ISP-ACC-RTR-172' had been up for 76 days, 10:05:21.

`Daily' Graph (5 Minute Average)

day

Max Average Current
In 1966.9 kb/s (96.0%) 153.9 kb/s (7.5%) 644.9 kb/s (31.5%)
Out 313.6 kb/s (15.3%) 21.6 kb/s (1.1%) 124.4 kb/s (6.1%)

`Weekly' Graph (30 Minute Average)

week

Max Average Current
In 2046.8 kb/s (99.9%) 286.0 kb/s (14.0%) 450.1 kb/s (22.0%)
Out 2033.3 kb/s (99.3%) 62.6 kb/s (3.1%) 90.5 kb/s (4.4%)

`Monthly' Graph (2 Hour Average)

month

Max Average Current
In 2047.2 kb/s (100.0%) 304.7 kb/s (14.9%) 581.2 kb/s (28.4%)
Out 2033.3 kb/s (99.3%) 60.3 kb/s (2.9%) 102.5 kb/s (5.0%)

`Yearly' Graph (1 Day Average)

year

Max Average Current
In 2047.6 kb/s (100.0%) 229.3 kb/s (11.2%) 410.3 kb/s (20.0%)
Out 2033.8 kb/s (99.3%) 42.8 kb/s (2.1%) 87.2 kb/s (4.3%)
GREEN ### Incoming Traffic in Bits per Second
BLUE ### Outgoing Traffic in Bits per Second
DARK GREEN ### Maximal 5 Minute Incoming Traffic
MAGENTA ### Maximal 5 Minute Outgoing Traffic
MRTGMRTGMulti Router Traffic Grapher
 

error's:


[root@new-host mrtg]# mrtg /etc/mrtg/mrtg.cfg
-----------------------------------------------------------------------
ERROR: Mrtg will most likely not work properly when the environment
       variable LANG is set to UTF-8. Please run mrtg in an environment
       where this is not the case. Try the following command to start:

       env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
-----------------------------------------------------------------------

No comments:

Post a Comment