Exercise: MRTG

MRTG is the Multi Router Traffic Grapher. It reads interface stats in a user defined period and plots traffic usage. As well as the current day, you get more condensed graphs of the last week, month and year of usage. Current versions of MRTG can also plot peak (as well as average) values.

With a bit of tweaking, you can install manufacturer's SNMP MIBs to graph other variables such as temperatue, CPU load etc.

Install a webserver

For the lab exercise, this has already been installed for you

If you want to view your graphs remotely you'll need to install a webserver (e.g. Apache). For the purposes of this exercise, though, we'll run just Firefox to view the files locally.

In all cases, we strongly recommend that you run all your core network monitoring tools on different machines than those used for customers - you don't want to degrade the service to customers, and neither should high customer traffic affect your ability to monitor your network.

You can install mrtg and apache under FreeBSD by following the steps below. Note again, that this has already been done for you

# cd /usr/ports/www/apache22
# make all install clean

Download and install the MRTG package

# cd /usr/ports/net-mgmt/mrtg/
# make all install clean

Set up SNMP access on the box(es) you want to monitor

router-a#conf t
router-a(config)#snmp-server community afnog ro [acl]

The "community string" is basically an SNMP password. For monitoring you only need to enable ro (read-only) access. Don't choose "public" as your community string :-)

The optional [acl] refers to a standard cisco access-list that can be used to limit the network hosts that can read your SNMP configuration. It is strongly recommended to make use of this to help secure your environment. If there was a way we could force you to do this, we would :-)

Configuring MRTG for interface traffic stats

  1. Create mrtg.cfg

    It's often simpler to just write your own config file, but for the lab exercise, we will use the cfgmaker tool that is installed as part of the mrtg package

    Create the file /usr/local/etc/mrtg/mrtg.cfg with contents like the following. Note, if you want your graphs to be visible via the web, choose a directory which is within your webserver's document space.

    # cfgmaker [your-snmp-string]@[your-router-ip] > /usr/local/etc/mrtg/mrtg.cfg

    In the Target line, the first IP number is the IP address of the interface you want to monitor, which MRTG uses to pick up the right statistics. The second IP address is the IP address where to send the SNMP query packet itself. These could be the same of course, but if your router has a loopback interface, it's best to send the SNMP queries to the loopback interface address.

    (Hint: use IP addresses rather than DNS names. Then you are not going to be affected by DNS problems!)

    If you have a device like a switch (which doesn't have an IP address on each interface), then you can just use the SNMP sequence number instead, which usually maps to the port number:

    Target[switch1-p6]: 6:afnog@

    The option bits makes the values display in bits per second instead of bytes per second, and growright causes the graphs to have the most recent value on the right-hand side. WithPeak causes the peak in/out lines to be added (ymw = on the yearly, monthly and weekly graphs).

    The setting MaxBytes is the speed of the interface in bytes per second (i.e. bits per second divided by 8). It is used to sanity-check the data from the router.

  2. Edit the recently created mrtg.cfg file to reflect the directory that will store the mrtg files. Typically, you should find the line that says:
      #  for UNIX
      # WorkDir: /home/http/mrtg
    and change that to whatever you will be using. For the lab exercise, please unhash, and modify that to read
    or whatever directory you create below.
  3. Set up work directories and test

    Now, you need to create a directory for MRTG to store its files (the same as WorkDir above), then you can run it from the command line. It takes one parameter, which is the config filename

    # mkdir -p /usr/local/www/stats
    # mrtg /usr/local/etc/mrtg/mrtg.cfg

    For the first couple of times you will get warnings about 'rateup' not being able to read log files. Do this twice more and they should go away. If they don't, you have a problem. This will typically be:

  4. Create an index page

    Run this command now, and remember to run it each time you add a new port to mrtg.cfg. The index page gives the "daily" for each port you are monitoring.

    indexmaker --output /usr/local/www/stats/index.html /usr/local/etc/mrtg/mrtg.cfg
  5. View the initial (blank) results

    Point your web browser at <file:///usr/local/www/stats/index.html> to check that the page has been built

  6. Set up crontab to gather data every 5 minutes

    Edit root's crontab as follows:

    # crontab -e

    Add a line to run mrtg every 5 minutes:

    */5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
If you prefer, you can enable MRTG in daemon mode and not use cron. To do this, just edit your /etc/rc.conf file and add:
You should not do both.

Security considerations

For better security you can create a non-root user and run MRTG as that user. To do so you'll need to chown the MRTG directories and the files within them, and make cron run mrtg as this non-root user.

# crontab -e
Remove the mrtg crontab line
# chown -R e2 /usr/local/www/stats
# chown -R e2 /usr/local/etc/mrtg
# crontab -u e2 -e
Re-enter the mrtg crontab line

Make sure you don't run MRTG as 'root' in future though, or you may find the ownership of files being changed to root, and the cron job will no longer have permissions to alter them.

Don't use just simple text for SNMP strings. and do use an acl to protect SNMP.

Configuring MRTG for SNMP MIB values

The default configuration of MRTG is to monitor interface byte counts (ifInOctets and ifOutOctets) but it can monitor other variables too (and import vendor MIBs). A common exercise is to monitor mail queues...

Future growth

MRTG is written in Perl and doesn't scale particularly well when you start monitoring hundreds of ports. You may wish to investigate rrdtool as a newer alternative.

Last updated 2007-04-26