Exercise: MRTG

MRTG is the Multi Router Traffic Grapher. It reads interface stats every 5 minutes and plots traffic usage. As well as the current day, you get more condensed graphs of the last week, month and year of usage. Current versions can also plot peak (as well as average) values.

With a bit of tweaking, you can install manufacturer's SNMP MIBs to graph other variables such as temperatue, CPU load etc.

• MRTG home page: www.mrtg.org
• Follow link to config.html for full details of the configuration file

Install a webserver

If you want to view your graphs remotely you'll need to install a webserver (e.g. Apache). For the purposes of this exercise, though, we'll run just Netscape to view the files locally.

In any event, we strongly recommend that you run all your network monitoring tools on different machines than those used by customers - you don't want to degrade the service to customers, and neither should high customer traffic affect your ability to monitor your network.

# cd /cdrom/packages/www
# cd pkg_add apache-1.3.12.tgz

Download and install the MRTG package

Fetch the package file by FTP and install it.

# ftp 137.158.216.129
Anonymous login ('ftp' and your E-mail address)
ftp> cd pub/FreeBSD/4.0-RELEASE/packages/All
ftp> get mrtg-2.8.12.tgz
ftp> quit
# pkg_add mrtg-2.8.12.tgz     (Do this as root)
Note, you can query the FreeBSD installed packages too:
# pkg_info -aI
# pkg_info mrtg-2.8.12
# pkg_info -L mrtg-2.8.12

Set up SNMP access on the box(es) you want to monitor

cape-border-1#conf t
cape-border-1(config)#snmp community t2@afnog ro

The "community string" is basically an SNMP password. For monitoring you only need to enable ro (read-only) access. Don't choose "public" as your community string :-)

Configuring MRTG for interface traffic stats

1. Create mrtg.conf

   There is a cfgmaker utility, but the configs it generates can be hard to read and maintain. It's simpler to just write your own config file.

   Create the file /usr/local/etc/mrtg/mrtg.conf with contents like the following. If you want your graphs to be visible via the web, choose a directory which is within your webserver's document space.

   WorkDir: /usr/local/www/stats
   
   # Set some defaults for all graphs
   Options[_]: bits, growright
   WithPeak[_]: ymw
   
   # Now here's our first router port
   Target[border-e0]: /137.158.218.129:t2@afnog@137.158.220.1
                      ^^^^^^^^^^^^^^^^          ^^^^^^^^^^^^^
   MaxBytes[border-e0]: 1250000
   Title[border-e0]: Border router: Ethernet0
   PageTop[border-e0]: <H1>Border router: Ethernet0</H1>
   
   # Repeat this for each router port you want to monitor
   

   In the Target line, the first IP number is the IP address of the interface you want to monitor, which MRTG uses to pick up the right statistics. The second IP address is the IP address where to send the SNMP query packet itself. These could be the same of course, but if your router has a loopback interface, it's best to send the SNMP queries to the loopback interface address.

   (Hint: use IP addresses rather than DNS names. Then you are not going to be affected by DNS problems!)

   If you have a device like a switch (which doesn't have an IP address on each interface), then you can just use the SNMP sequence number instead, which usually maps to the port number:

   Target[switch1-p6]: 6:t2@afnog@137.158.218.156
   

   The option bits makes the values display in bits per second instead of bytes per second, and growright causes the graphs to have the most recent value on the right-hand side. WithPeak causes the peak in/out lines to be added (ymw = on the yearly, monthly and weekly graphs).

   The setting MaxBytes is the speed of the interface in bytes per second (i.e. bits per second divided by 8). It is used to sanity-check the data from the router.

2. Set up work directories and test

   Now, you need to create a directory for MRTG to store its files (the same as WorkDir above), then you can run it from the command line. It takes one parameter, which is the config filename

   # mkdir -p /usr/local/www/stats
   # mrtg /usr/local/etc/mrtg/mrtg.conf
   

   For the first couple of times you will get warnings about 'rateup' not being able to read log files. Do this twice more and they should go away. If they don't, you have a problem. This will typically be:

   • Bad syntax in the config file
   • Wrong ownership of the directories
   • SNMP communication failure (e.g. wrong community string)
3. Create an index page

   Run this command now, and remember to run it each time you add a new port to mrtg.cfg. The index page gives the "daily" for each port you are monitoring.

   indexmaker -o /usr/local/www/stats/index.html /usr/local/etc/mrtg/mrtg.conf
   

4. View the initial (blank) results

   Point your web browser at file:///usr/local/www/stats/index.html to check that the page has been built

5. Set up crontab to gather data every 5 minutes

   Edit root's crontab as follows:

   # crontab -e
   

   Add a line to run mrtg every 5 minutes:

   */5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.conf
   

Security considerations

For better security you can create a non-root user and run MRTG as that user. To do so you'll need to chown the MRTG directories and the files within them, and make cron run mrtg as this non-root user.

# crontab -e
Remove the mrtg crontab line
# chown -R t2 /usr/local/www/stats
# chown -R t2 /usr/local/etc/mrtg
# crontab -u t2 -e
Re-enter the mrtg crontab line

Make sure you don't run MRTG as 'root' in future though, or you may find the ownership of files being changed to root, and the cron job will no longer have permissions to alter them.

Configuring MRTG for SNMP MIB values

The default configuration of MRTG is to monitor interface byte counts (ifInOctets and ifOutOctets) but it can monitor other variables too (and import vendor MIBs).

Future growth

MRTG is written in Perl and doesn't scale particularly well when you start monitoring hundreds of ports. You may wish to investigate rrdtool as a newer alternative.