0% found this document useful (0 votes)
103 views7 pages

Linux: How To Create A New MRTG Graph in 8 Steps

The document provides 8 steps to configure a new MRTG graph on a Linux system: 1. Use the cfgmaker command to generate a configuration file for the new device from its IP address and SNMP community name. 2. Edit the configuration file to remove any unwanted interfaces. 3. Create the work directory specified in the configuration file to hold the graphs. 4. Use indexmaker to generate an index page for the graphs. 5. Generate the initial graphs and banner. 6. Edit the index page with device details. 7. Add a cron job to regenerate the graphs every 5 minutes. 8. Restart cron to apply the new job.

Uploaded by

Frederick Kwaku
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
103 views7 pages

Linux: How To Create A New MRTG Graph in 8 Steps

The document provides 8 steps to configure a new MRTG graph on a Linux system: 1. Use the cfgmaker command to generate a configuration file for the new device from its IP address and SNMP community name. 2. Edit the configuration file to remove any unwanted interfaces. 3. Create the work directory specified in the configuration file to hold the graphs. 4. Use indexmaker to generate an index page for the graphs. 5. Generate the initial graphs and banner. 6. Edit the index page with device details. 7. Add a cron job to regenerate the graphs every 5 minutes. 8. Restart cron to apply the new job.

Uploaded by

Frederick Kwaku
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Linux:HowtocreateanewMRTGgraphin8steps

[CCtoDormMRTG]GeaSuanLinonFlickr,23Sep05. ThispostisforpeoplelikemewhohavehadlimitedexperiencewithMRTG(akaMultiRouterTraffic Grapher),andwerestrugglingtoconfigureitfortrafficanalysis.Itsalsoformyself,ifIeverforgethowtodo it. Note:configure,notsetupfromscratch.Setupinstructionscanbefoundhereonaguidewrittenby [email protected],orattheMRTGImplementationManualbyFlorinPrunoiu. (ImusingDebiandistribution2.4.18bf2.4FYI.)

#1Usecfgmakertocreatea.cfgfileforyourdevice YoushouldhaveyourdevicesIPaddress(123.123.123.123)andtheSNMPcommunityname (SNMPnewdevice)atthispoint.Mineoutputstoafilecallednewdevice.cfg. cfgmaker [email protected] --global "WorkDir: /var/www/mrtg/newdevice" --output /etc/mrtg/newdevice.cfg *Theabovecommandisonesingleline. **/var/www/mrtgiswheremyMRTGpageis,youshouldedititaccordingly. ***/etc/mrtgiswheremyMRTG.cfgfilesare. #2Tidyupthe.cfgfile Edityour.cfgfileandremoveanyinterfacesyoumightnotwanttomonitor;use#tocommentthemout. vi /etc/mrtg/newdevice.cfg Checkoutthewikionviifyourenewtoit. #3Beorganised:createdthenewworkdirectory YoucanseethatwespecifiedaWorkDirinstep#1,andnowweneedtocreateit.Thiswillholdallthegraphs forthenewdevice. mkdir /var/www/mrtg/

#4Useindexmakertocreatetheindexpageforyourgraphs /usr/bin/indexmaker --output /var/www/mrtg/newdevice/index.html /etc/mrtg/newdevice.cfg *Theabovecommandisonesingleline. Thisgeneratesthepageindex.html.

#5Populatethegraphsforthefirsttime cd /var/www/mrtg/newdevice mrtg /etc/mrtg/newdevice.cfg ThisgeneratesthegraphsandthenicelittleMRTGbanneratthebottom. #6Tidyupyourindexpage Addneededinformatione.g.thename/IPoftheinterface,whereitspointingto. vi /var/www/mrtg/newdevice/index.html

#7Addajobtoyourcrontabtoregeneratethegraphsevery5minutes vi /etc/cron.d/mrtg 0-55/5 * * * * root if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg/newdevice.cfg ]; then env LANG=C /usr/bin/mrtg /etc/mrtg/newdevice.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi *MyMRTGcronisin/etc/cron.d,soedityoursaccordingly. **Thisisveryimportant:MAKESUREthesecondcommandremainsasonesinglelinewhenyouenterit; copypastesometimesbreaksthelineintotwo,andthiseffectivelyrendersthecronfromworking.Andworst, itsthenextthingtobeinginvisible.Ittookmeagoodhalfhourtofindtheerror(ThankstoShaolinTigers postonWindowSecurity.com). #8Restartyourcron /etc/init.d/cron restart Andthatsall,weredone!Feelfreetoleaveanycommentsorsuggestionsthatyoumighthaveonimproving thisarticle. ~ Additionaltip: Ifyouwanttomakeyourgraphstimelinegofromrighttoleft,dothis: vi /etc/mrg/newdevice.cfg Addthissectionofcodeatthetop,below###GlobalDefaults Options[_]: growright Optional:Addthistoallowthevaluestobeconvertedintomegabitsautomatically: Options[_]: bits Tomakeitgofromlefttoright,addthisinstead: Options[_]: growright, bits Remembertouse#tocommentouttheotherOptions!

RPMNRTG

Step#1:Makesuresnmpserverinstalled
PleasenotethatsnmpdconfigurationdoesnotrequireusingmrtgwithremotenetworkdevicessuchasRouters andswitches.Ifyoujustwantmrtggraphsforrouterorswitchthenpleaserefertostep#4(asallthesedevices comespreconfiguredwithsnmpdsoftware). Runrpmcommandsqueryoptiontofindoutsnmpserverinstalledornot:
# rpm -qa | grep snmp

Ifsnmpinstalledthenpleasereferstep#2;otherwisesnmpserverandutilswerenotpresentandyourneedto installthemusingfollowingsteps(loginasarootuser): (a)Visitrpmfind.nettogetsnmpserverandutilitiesrpms.Ifyouarefedorauserthenuseyumcommandas followstoinstallit:


# yum install net-snmp-utils net-snmp

(b)IfyouareRHELsubscriberthenuseup2datecommandasfollowstoinstall:
#up2date -v -i net-snmp-utils net-snmp

Step#2:Determineifsnmpserverisrunningornot
Run'ps'commandtoseeifsnmpserverisrunningornot:
# ps -aux | grep snmp

Output:
root 5512 0.0 2.3 5872 3012 pts/0 S 22:04 0:00 /usr/sbin/snmpd

Alternatively,youcantryanyofthefollowingtwocommandsaswell:
# lsof -i :199

Output:
COMMAND PID USER snmpd 5512 root FD 4u TYPE DEVICE SIZE NODE NAME IPv4 34432 TCP *:smux (LISTEN)

ORtryoutnetstatcommand:
# netstat -natv | grep ':199'

Output:
tcp 0 0 0.0.0.0:199 0.0.0.0:* LISTEN

Ifyoufoundserviceisrunningorlistingonport199thenpleaseseestep#3;otherwisestartserviceusing followingcommand:
# service snmpd start

Makesuresnmpdservicestartsautomatically,whenlinuxcomesus(addsnmpdservice):
# chkconfig --add snmpd

Step#3:Makesuresnmpserverconfiguredproperly
Runsnmpwalkutilitytorequestfortreeofinformationaboutnetworkentity.Insimplewordsquerysnmp serverforyourIPaddress(assignedtoeth0,eth1,loetc):
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = 1 ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.192.168.0.3 = 2

IfyoucanseeyourIPaddressthenpleaseproceedtostep4;elseitisatimetoconfiguresnmpserveras follows(bydefaultRHELandRH8/9arenotconfiguredforsnmpserverforsecurityreason):

ConfigureSNMP
(1)Editfile/etc/snmp/snmpd.confusingtexteditor:
# vi /etc/snmp/snmpd.conf

Change/Modifyline(s)asfollows: FindfollowingLine:
com2sec notConfigUser default public

Replacewith(makesureyoureplace192.168.0.0/24replacewithyournetworkIPs)followinglines:
com2sec local localhost com2sec mynetwork 192.168.0.0/24 public public

Scrolldownbitandchange: FindLines:
group group notConfigGroup v1 notConfigGroup v2c notConfigUser notConfigUser

Replacewith:
group group group group group group MyRWGroup MyRWGroup MyRWGroup MyROGroup MyROGroup MyROGroup v1 v2c usm v1 v2c usm local local local mynetwork mynetwork mynetwork

Againscrolldownbitandlocatefollowingline: Findline:
view systemview included system

Replacewith:
view all included .1 80

Againscrolldownbitandchange: Findline:
access notConfigGroup "" any noauth exact systemview none none

Replacewith:
access MyROGroup "" access MyRWGroup "" any any noauth noauth exact exact all all none all none none

Scrolldownbitandchange: Findlines:
syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root (configure /etc/snmp/snmp.local.conf)

Replacewith(makesureyousupplyappropriatevalues):
syslocation Linux (RH3_UP2), Home Linux Router. syscontact Vivek G Gite <[email protected]>

Foryourconvenient,hereismy/etc/snmp/snmpd.conffile.Feelfreetousethisfile.Makesureyoumake backupofyourexistingfileifyouusethisfileasitis. Startyoursnmpserverandtestit: (a)Makesurewhenlinuxcomesupsnmpdalwaysstarts:


# chkconfig snmpd on

(b)MakesureservicestartwheneverLinuxcomesup(afterreboot):
# service snmpd start

(c)Finallytestyoursnmpserver:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Step#4:Installmrtgifnotinstalled
Mrtgsoftwaremayinstallduringinitialinstallation;youcanverifyifMRTGinstalledornotwithfollowing RPMcommand:
rpm -qa | grep mrtg

Ifmrtgalreadyinstalledpleaseseestep#5;elseuserpmfind.nettofindMRTGrpmorup2datecommandto installMRTGsoftware:
# up2date -v -i mrtg

FedoraLinuxusercanuseyumcommandasfollowstoinstallMRTG:
# yum install mrtg

Step#5:CommandstoConfiguremrtg
(a)Createdocumentroottostoremrtggraphs/htmlpages:
# mkdir -p /var/www/html/mymrtg/

(b)Runanyoneofthefollowingcfgmakercommandtocreatemrtgconfigurationfile:
#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg.cfg public@localhost

OR(makesureyourFQDNresolves,infollowingexamplei'musingrh9.test.comwhichismyrouterFQDN address)
# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg [email protected]

(c)CreatedefaultindexpageforyourMRTGconfiguration:
# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg

(d)Copyalltinypngfilestoyourmrtgpath:
# cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/

Step#6Firsttestrunofmrtg
(a)Runmrtgcommandfromcommandlinewithyourconfigurationfile:
# mrtg /etc/mrtg/mymrtg.cfg

Note:Youmaygetfewwarningmessageforfirsttime;ignorethem. (b)Fireyourfavoritewebbrowser(likeFireFox:D)andtypeurlhttp://www.your.com/mymrtg/orhttp://your ip/mymrtg/

Step#7Createcrontabentrysothatmrtggraph/imagesgetgeneratedevery5minutes
(a)Loginasarootuserorloginasamrtguserandtypefollowingcommand:
# crontab -e

(b)Addmrtgcronjobentrytoconfigurationfile(appendfollowinglinetoit):
*/5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg.cfg --logging /var/log/mrtg.log

SavefileandyouaredonewithMRTGconfigissues:)

Step#8Blockports161&162atfirewall
Youdonotwanttogiveaccesstoeveryonetoyoursnmpserverforsecurityreasons.SNMPserverusesUDP 161,162portsforcommunication.UseLinuxIPTABLESfirewalltorestrictaccesstoSNMPserver (a)AllowoutgoingSNMPserverrequestfromyourLinuxcomputer.Thisisusefulwhenyouqueryremote host/router(replaceSERVERIOwithyourrealIP):

SERVER="xxx.xxx.xxx.xxx" iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP): SERVER="xxx.xxx.xxx.xxx" iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for complete information on iptables

Step#9Optional:ProtectyourMRTGgraphs/htmlpageswithpasswordprotected directory
Onceagain,youwouldliketorestrictaccesstoyourMRTGreports.Thiscaneasilyaccomplishedwith Apachewebserver's.htaccessfile.Ifyouareonwebhostingserverwithcontrolpanel(suchasensimorplesk) thenyoucanusecontrolpanelitselftocreatepasswordprotecteddirectory. Belowisprocessoutlinedtoprotectgraphsusingapache's.htaccessfileandhtpasswdcommand: Step#1:Create.htaccessfilein/var/www/html/mymrtg/directory(addtextasfollows):
vi /var/www/html/mymrtg/.htaccess

Addfollowingtexttofile:
AuthName "MRTG Graphs/Html restricted access" AuthType Basic AuthUserFile /var/members/.htpasswd require user mrtgadmin

Step#2:Createauserandpasswordname(cassumesfirsttimeyouareusing.htpasswdfile):
# htpasswd -c /var/members/.htpasswd mrtgadmin

You might also like