Getting started with MRTG
System:
CentOS release 4.1 (Final)
This should work on any CentOS 4 or RHEL 4 release.
Printer friendly: http://www2.maxsworld.org/howtos/mrtg.html
References:
MRTG (Multi Router Traffic Grapher) — http://oss.oetiker.ch/mrtg/
Local docs after installation — http://yourserver/mrtg/
Dependencies:
RPM packages: gcc, perl, gd, libpng, zlib, httpd
Ensure the above packages are installed. All packages are available on the main CentOS repo. Perl should already be bundled into the OS. The main package is MRTG. Fortunately, this is available as an RPM as well.
[me@mymachine ~] yum install gcc, gd, libpng, zlib, mrtg, httpd
Preface:
This how-to implies that you already have SNMP setup and running on your network and hosts. MRTG works using SNMP to poll and return results, then passes the results off to the program to process for graphing purposes. SNMP is very easy to setup in Linux and Windows, so you should have no problem finding help for installation of this service. It’s also implied that you have Apache set up and running on your machine or server. Apache is require to easily dish out the graphs across the network.
1) Configuration:
After installation of the RPM’s, an example configuration file will be located at /etc/mrtg/mrtg.cfg. There will also be a main crontab entry within /etc/cron.d/mrtg. This configuration will allow MRTG to run every five minutes by default. If you would like, you can change that value to run at whatever time you prefer, though the default seems to work fine, with one exception as you’ll see later. Also with the RPM, you get the mrtg.conf file for Apache’s use. This file is installed at /etc/httpd/conf.d/mrtg.conf, and the /var/www/mrtg directory is the default home for the actual graph files.
2) Apache:
Let’s start with the Apache configuration file. I don’t have anything locked down or secured. In my opinion, I don’t honestly care if someone looks at them. They are simply graph files with statistics, so I don’t feel the need to apply Fort Knox rules on the web pages. For my purpose, my /etc/httpd/conf.d/mrtg.conf file looks like this:
Alias /mrtg /var/www/mrtg <Location /mrtg> Order allow,deny Allow from all </Location>
The alias of /var/www/mrtg is the default created. All of the graphs that Apache will eventually dish out live here. You can create directories within here if you’d like to organize your graphs. For instance, you might have a firewall and a switch with many ports you wants graphed. Here you can create two directories in /var/www/mrtg, one called /firewall and one called /switch.
You can then easily create a main .html file to point into this directory. For each host graph, a main .html file exists with four graphs: year, month, week, and day. The main .html file can then be used to simply reference the main .html file in /switch and /firewall. You’ll see and understand this later.
In my example, I’ll use main_firewall.html and main_switch.html as the pointer to each corresponding directory. If you choose to not split these out, then simply ignore my references to this, and all of you files will be dumped into /var/www/mrtg as mentioned.
The reason I split the files out is to make it easier to manage, because a switch could have over a hundred ports on it. Also I link these .html files into Nagios. It’s mainly for my own sanity’s sake.
Note: If you are going to separate the graph locations by directories, then you will have to create the directories manually in /var/www/mrtg. The cfgmaker will not work properly later on, if you split your directories up without having a place to put things.
[me@mymachine ~] mkdir /var/www/mrtg/switch
3) MRTG Setup:
I’m using generic .cfg files. If you have your switches and firewalls named, then I would call them your_name.cfg respectively. Configuration files of interest are:
/etc/mrtg/mrtg.cfg /etc/mrtg/switch.cfg /etc/mrtg/firewall.cfg
The /etc/mrtg directory, as mentioned, contains all of the configuration files that MRTG needs to look at. The default and example file is the main file used for most of the items that you will most likely want to graph. All references for configuration and the execution of the utility are located in the above .cfg files. I’ve hand crafted my main /etc/mrtg/mrtg.cfg file to suit my needs, but there’s a nice tool provided, cfgmaker, to help in the creation of graphing parameters. Remember this tool is primarily used to graph ethernet traffic, so the output generated by the cfgmaker is simply for ethernet statistics. This is another reason for splitting out the files because your firewall and switch host will be easily editable by the cfgmaker without ruining any formatting, or disturbing extra configuration files you might have.
You must specify some minimal parameters as seen below:
# Mininmal mrtg.cfg /etc/mrtg/mrtg.cfg HtmlDir: /var/www/mrtg ImageDir: /var/www/mrtg LogDir: /var/lib/mrtg ThreshDir: /var/lib/mrtg # Minimal firewall.cfg /etc/mrtg/firewall.cfg HtmlDir: /var/www/mrtg/firewall ImageDir: /var/www/mrtg/firewall LogDir: /var/lib/mrtg ThreshDir: /var/lib/mrtg # Minimal switch.cfg /etc/mrtg/switch.cfg HtmlDir: /var/www/mrtg/switch ImageDir: /var/www/mrtg/switch LogDir: /var/lib/mrtg ThreshDir: /var/lib/mrtg
There a lot more variables that can be included in the file. Read the docs… I’ve given you basics to get started.
4) Running cfgmaker:
To automatically generate the parameters to enter in the corresponding .cfg file, you now need to run cfgmaker. This will generate the appropriate entries in the files you’ve already created above. Again, this is only the general ethernet traffic stuff.
[me@mymachine ~]cfgmaker public@yourhost >> /etc/mrtg/your_file.cfg
Note: Again, SNMP must be setup on the host for which you are attempting to poll.
This command queries the targeted host and automatically appends the output into the file you have specified. BIG NOTE: Make sure you use append (>>), otherwise you’ll hose the file and wipe out any and all configurations it contains. It’s good practice to back up these files!
This is pretty much it for creating the general ethernet variables needed for the program to start graphing traffic. This process is easily automated for you by the tools MRTG provides.
The main /etc/mrtg/mrtg.cfg file can be used to host these types of usual ethernet traffic stats, but it can also be easily crafted to poll for very unique items off SNMP as well. I’ll show you one example of using it to poll for something not relating to ethernet traffic. If you start to learn SNMP, you’ll find the snmpwalk/snmpget commands to be your friend. After a bit of playing, you’ll soon be graphing things all over the place just for fun.
5) Graphing other SNMP items:
I’ll use a simple Linux server as an example host for this section. In Nagios (the best network monitoring tool out there), you can add icons which actually just point to a web location. This makes it perfect for adding in your graphs, and when you click on the pretty little icon, you get directed to MRTG’s graph files.
The services I want to graph here are the number of users logged into the system, and the number of processes running. Now you’re probably thinking well wait a minute, how do you graph this and why. The reason is simple, because it provides a nice viewable history of what’s going on at certain times of the day, on this particular server. The how is bit more complicated. Let’s start with the items to insert into /etc/mrtg/mrtg.cfg.
Target[your_server_1]: 1.3.6.1.2.1.25.1.5.0&1.3.6.1.2.1.25.1.6.0:public@your_server MaxBytes[your_server_1]: 130 Options[your_server_1]: gauge,growright,nopercent,integer Title[your_server_1]: Number of Users and Processes on your_server YLegend[your_server_1]: Users/Processes ShortLegend[your_server_1]: Users: Legend0[your_server_1]: Processes: Legend1[your_server_1]: Users Legend2[your_server_1]: Processes PageTop[your_server_1]: <H1>Number of Users and Processes on your_server</H1> <TABLE> <TR><TD>System:</TD> <TD>My System</TD> <TR><TD>Maintainer:</TD> <TD>Your Name</TD> </TABLE>
The Target parameter is relative to SNMP. If you know nothing about SNMP, then you more than likely won’t be doing anything until you at least get it set up as public/read only. The first long string of numbers points SNMP to poll how many users are logged on the system (in geek talk it’s the OID). The second set of numbers points to the processes (again, the OID).
The rest I’ll leave to you to figure out. You can do a lot of fancy things with options, but I’ll mention an example Options field here. The gauge parameters allows for results to go up or down. Alternatively, counter only allows things to count up until it reaches a certain set point. Growright means which side do you want the graph to grow on, and nopercent means just that, don’t use percentages. Also to note, gauge is used because it refers to numbers. For some reason, you can’t graph a string.
You’ll notice I called the actually machine we want to graph, your_server_1. The reason for this is that MRTG is very picky about keeping the files static if you have more than one graph for this host. Meaning, if I wanted to graph ethernet traffic on this same machine, I would specify it as your_server_2. If I wanted to graph something else on the same host, I’d call the next your_server_3. I think you get the hint. Bottom line is, you have to be careful about this because it really messes MRTG up. MRTG writes to these files every time the cron job runs, so they have to remain the same.Setting up the cron job:
Once you’re sure all of your configurations are good to go, you must ensure that you have this set up to run as a job in cron. Open up /etc/cron.d/mrtg and observe. You’ll probably only have one entry pointing to the main file. If you’ve added more configuration files, then you’ll have to schedule them to run as well.
* /5 * * * * root /usr/bin/mrtg /etc/mrtg/mrtg.cfg –lock-file /var/lock/mrtg/mrtg_1 –confcache-file /var/lib/mrtg/mrtg.ok * /6 * * * * root /usr/bin/mrtg /etc/mrtg/switch.cfg –lock-file /var/lock/mrtg/switch_1 –confcache-file /var/lib/mrtg/switch.ok * /7 * * * * root /usr/bin/mrtg /etc/mrtg/firewall.cfg –lock-file /var/lock/mrtg/firewall_1 –confcache-file /var/lib/mrtg/firewall.ok
What this does is run the main file every 5 minutes, the switch file every 6 minutes, and the firewall file every 7 minutes. You might have some problems, like myself, with making everything run every 5 minutes. To alleviate any issues, just space them out. I’m running this on an old box, which is probably my issue, so you might not experience the same problems.
6) Initial creation of the graph files:
The next step is to create the files that MRTG is to work with. The cron jobs can’t do their work if they have no files to write to. When you run the following command, you’ll get a metric-ton of errors initially. Before you hit the panic button, this is actually supposed to occur. So in this case, errors are good…at least for a few times anyways. The reason for this is that it takes MRTG a few runs in order to create everything. Just run the command until the errors go away, and you should be good to go. Usually after the third round the errors stop.
[me@mymachine ~]env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg [me@mymachine ~]env LANG=C /usr/bin/mrtg /etc/mrtg/switch.cfg [me@mymachine ~]env LANG=C /usr/bin/mrtg /etc/mrtg/firewall.cfg
If you create new .cfg files, you’ll have to run this command against it to initialize everything before the graphs start to appear.
7) Oh, pretty graphs!
After all of this trouble, you can actually start to look at some graphs. You can point your web browser to something similar as: http://yourserver/mrtg/your_server_1.html
To check out the graphs for the switch: http://yourserver/mrtg/switch/your_switch_1.html
To check out the graphs for the firewall: http://yourserver/mrtg/firewall/your_firewall_1.html
In my case, I have some icons in Nagios pointing to essentially the link above. And don’t forget you can make your own .html page as a way to organize your switch and firewall ports. It acts as sort of a master sheet. Otherwise, have fun browsing your new graphs.
