MRTG is the Multi Router Traffic Grapher. It reads interface stats in a user defined period and plots traffic usage. As well as the current day, you get more condensed graphs of the last week, month and year of usage. Current versions of MRTG can also plot peak (as well as average) values.
With a bit of tweaking, you can install manufacturer's SNMP MIBs to graph other variables such as temperatue, CPU load etc.
If you want to view your graphs remotely you'll need to install a webserver (e.g. Apache). For the purposes of this exercise, though, we'll run just Firefox to view the files locally.
In all cases, we strongly recommend that you run all your core network monitoring tools on different machines than those used for customers - you don't want to degrade the service to customers, and neither should high customer traffic affect your ability to monitor your network.
You can install mrtg and apache under FreeBSD by following the steps below. Note again, that this has already been done for you
# cd /usr/ports/www/apache22 # make all install clean
# cd /usr/ports/net-mgmt/mrtg/ # make all install clean
router-a#conf t router-a(config)#snmp-server community afnog ro [acl]
The "community string" is basically an SNMP password. For monitoring
you only need to enable ro (read-only) access. Don't choose "public"
as your community string
The optional [acl] refers to a standard cisco access-list that can be used to limit the network hosts that can read your SNMP configuration. It is strongly recommended to make use of this to help secure your environment. If there was a way we could force you to do this, we would :-)
It's often simpler to just write your own config file, but for the lab exercise, we will use the cfgmaker tool that is installed as part of the mrtg package
Create the file
/usr/local/etc/mrtg/mrtg.cfg with contents
like the following. Note, if you want your graphs to be visible via the web,
choose a directory which is within your webserver's document space.
# cfgmaker [your-snmp-string]@[your-router-ip] > /usr/local/etc/mrtg/mrtg.cfg
In the Target line, the first IP number is the IP address of the interface you want to monitor, which MRTG uses to pick up the right statistics. The second IP address is the IP address where to send the SNMP query packet itself. These could be the same of course, but if your router has a loopback interface, it's best to send the SNMP queries to the loopback interface address.
(Hint: use IP addresses rather than DNS names. Then you are not going to be affected by DNS problems!)
If you have a device like a switch (which doesn't have an IP address on each interface), then you can just use the SNMP sequence number instead, which usually maps to the port number:
The option bits makes the values display in bits per second instead of bytes per second, and growright causes the graphs to have the most recent value on the right-hand side. WithPeak causes the peak in/out lines to be added (ymw = on the yearly, monthly and weekly graphs).
The setting MaxBytes is the speed of the interface in bytes per second (i.e. bits per second divided by 8). It is used to sanity-check the data from the router.
# for UNIX # WorkDir: /home/http/mrtgand change that to whatever you will be using. For the lab exercise, please unhash, and modify that to read
/usr/local/www/statsor whatever directory you create below.
Now, you need to create a directory for MRTG to store its files (the same as WorkDir above), then you can run it from the command line. It takes one parameter, which is the config filename
# mkdir -p /usr/local/www/stats # mrtg /usr/local/etc/mrtg/mrtg.cfg
For the first couple of times you will get warnings about 'rateup' not being able to read log files. Do this twice more and they should go away. If they don't, you have a problem. This will typically be:
Run this command now, and remember to run it each time you add a new port to mrtg.cfg. The index page gives the "daily" for each port you are monitoring.
indexmaker --output /usr/local/www/stats/index.html /usr/local/etc/mrtg/mrtg.cfg
Point your web browser at <file:///usr/local/www/stats/index.html> to check that the page has been built
Edit root's crontab as follows:
# crontab -e
Add a line to run mrtg every 5 minutes:
*/5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
mrtg_daemon_enable="YES"You should not do both.
For better security you can create a non-root user and run MRTG as that user. To do so you'll need to chown the MRTG directories and the files within them, and make cron run mrtg as this non-root user.
# crontab -e Remove the mrtg crontab line # chown -R e2 /usr/local/www/stats # chown -R e2 /usr/local/etc/mrtg # crontab -u e2 -e Re-enter the mrtg crontab line
Make sure you don't run MRTG as 'root' in future though, or you may find the ownership of files being changed to root, and the cron job will no longer have permissions to alter them.
Don't use just simple text for SNMP strings. and do use an acl to protect SNMP.
The default configuration of MRTG is to monitor interface byte counts (ifInOctets and ifOutOctets) but it can monitor other variables too (and import vendor MIBs). A common exercise is to monitor mail queues...
MRTG is written in Perl and doesn't scale particularly well when you start monitoring hundreds of ports. You may wish to investigate rrdtool as a newer alternative.