|
|
English
|
|
December 2006, Ilker Temir
Using MRTG on Debian Stable (Sarge)
At certain point, I needed to install MRTG on my Debian Stable for the
simplest possible reason: To watch the traffic on the ethernet
interface, which connects me to the backbone. I encountered few issues
and since googling didn't help much, I had to to spend more time
than I had initially planned. I saw similar posts in forums without
answers so this might a common problem. So there comes this document.
Some important points to clarify first:
- MRTG can be used for different
purposes (i.e. monitoring
bandwidth/cpu/... utilization on routers, switches etc). The sole
purpose
of this document is to show how a Debian system can monitor the
utilization of its own interface(s). Although it should be easy to make
changes to monitor other systems, it is not the intent here.
- You have to pay special attention
to how you configure this in
your environment, installing an snmp daemon can result in leaking
sensitive information from your system.
- Also, there is a common confusion.
MRTG is
mainly for monitoring bandwidth utilization. If you are trying to know
how much traffic (in megabytes or gigabytes) passes through your links
on a daily/monthly/yearly basis, MRTG will be of no help at all. You
should instead try vnstat (apt-get
install vnstat) which is a lightweight console based
application for this very purpose. There is also a 3rd party php frontend that
gives you nice graphs.
- In any case, use the
information available here at your own risk.
Author does not accept any responsibilty for anything that might go
wrong
for you.
What to do now?
First install snmp, snmpd and mrtg packages.
snmpd package is for the actual snmp daemon, we'll need this
since mrtg mainly uses snmp to poll data. It can use
other things as well but this is the most convenient method. snmp package includes some basic
troubleshooting utilities and mrtg is
the actual mrtg package itself.
Normally this is as easy as apt-get
install snmp snmpd mrtg
This should immediately start the snmp daemon, and put
links in /etc/rc*.d
for it to
start in bootup. You can manually start/stop/restart it via /etc/init.d/snmpd
script.
Now we can test snmp with the snmp utilities we have installed.
kybele:~# snmpwalk -v 1 -c public localhost
SNMPv2-MIB::sysDescr.0 = STRING: Linux ...
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (1768) 0:00:17.68
SNMPv2-MIB::sysContact.0 = STRING: Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)
SNMPv2-MIB::sysName.0 = STRING: ...
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (configure /etc/snmp/snmpd.local.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.9 = Timeticks: (1) 0:00:00.01
End of MIB
kybele#
|
This
seems to be working. So far so good. We go the next step and
try to configure mrtg.
kybele:~# cfgmaker [email protected]
--base: Get Device Info on [email protected]:
SNMP Error:
Received SNMP response with error code
error status: noSuchName
index 1 (OID: 1.3.6.1.2.1.1.9.1.4.9)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
community: "public"
request ID: 392141002
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
at /usr/share/perl5/SNMP_util.pm line 733
--base: Vendor Id:
--base: Populating confcache
--snpo: Skipping ifName scanning because [email protected]: does not seem to support it
--snpo: Skipping ifDescr scanning because [email protected]: does not seem to support it
--snpo: Skipping ifType scanning because [email protected]: does not seem to support it
--snpo: Skipping ipAdEntIfIndex scanning because [email protected]: does not seem to support it
--snpo: Skipping ifPhysAddress scanning because [email protected]: does not seem to support it
--base: Get Interface Info
--base: Walking ifIndex
.......
.......
|
Here we have a problem. Normally we should be able expect cfgmaker
to run
in this scenario but it does
not. The trick is the default configuration of the snmp daemon. Digging
further you will see that snmpd doesn't allow the types of queries mrtg
needs by
default.
So, edit /etc/snmp/snmpd.conf
and comment out the following line
com2sec
paranoid default
public
and instead add
com2sec
readonly
localhost public
The difference is, the
first one which comes in the default installation gives access to
anyone on all interfaces with a public community string and it is paranoid. This doesn't suit us
for two reasons: First, there is no need for letting everyone to access
us on all interfaces. We both
have mrtg and snmpd on the same system so only allowing loopback will
do perfectly
for us. The second problem is that we need more information than snmpd
provides by default. So we change this line to allow all readonly
queries to be made only on the loopback interface but nowhere else. So
after the change this is what /etc/snmp/snmpd.conf
looks like:
...
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):
# sec.name source community
com2sec readonly localhost public
#com2sec paranoid default public
#com2sec readonly default public
#com2sec readwrite default private
...
|
If you run mrtg on a different system, you will need a different
configuration here since only allowing the loopback will not be enough.
But
that's not what we are trying to do here. (In such a
case, I'd strongly
advise to use a different community name than public, that's what
everyone and all scanners will try first!)
After changing the file, we do a reload of the snmp daemon for
the changes to take effect.
And then test with the cfgmaker
again.
kybele:~# /etc/init.d/snmpd reload
Restarting network management services: snmpd.
kybele:~#
kybele:~# cfgmaker [email protected]
--base: Get Device Info on [email protected]:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache [email protected]: Descr lo --> 1
--snpo: confcache [email protected]: Descr eth0 --> 2
--snpo: confcache [email protected]: Descr eth1 --> 3
--snpo: confcache [email protected]: Descr dummy0 --> 4
--snpo: confcache [email protected]: Descr tunl0 --> 5
--snpo: confcache [email protected]: Type 24 --> 1
--snpo: confcache [email protected]: Type 6 --> 2
--snpo: confcache [email protected]: Type 6 --> 3 (duplicate)
--snpo: confcache [email protected]: Type 6 --> 4 (duplicate)
--snpo: confcache [email protected]: Type 131 --> 5
--snpo: confcache [email protected]: Ip 127.0.0.1 --> 1
--snpo: confcache [email protected]: Ip xxxx --> 2
--snpo: confcache [email protected]: Eth --> 1
--snpo: confcache [email protected]: Eth xxxx --> 2
--snpo: confcache [email protected]: Eth xxxx --> 3
--snpo: confcache [email protected]: Eth --> 4 (duplicate)
--snpo: confcache [email protected]: Eth --> 5 (duplicate)
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Walking ifSpeed
# Created by
# /usr/bin/cfgmaker [email protected]
### Global Config Options
# for UNIX
# WorkDir: /home/http/mrtg
# for Debian
WorkDir: /var/www/mrtg
# or for NT
# WorkDir: c:\mrtgdata
### Global Defaults
# to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits
EnableIPv6: no
######################################################################
# System: xxxx
# Description: xxxx
# Contact: Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)
# Location: Unknown (configure /etc/snmp/snmpd.local.conf)
######################################################################
### Interface 1 >> Descr: 'lo' | Name: '' | Ip: '127.0.0.1' | Eth: '' ###
### The following interface is commented out because:
### * it is a Software Loopback interface
#
# Target[localhost_1]: 1:[email protected]:
# SetEnv[localhost_1]: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="lo"
# MaxBytes[localhost_1]: 1250000
# Title[localhost_1]: Traffic Analysis for 1 -- xxxx
# PageTop[localhost_1]: <H1>Traffic Analysis for 1 -- xxxx</H1>
# <TABLE>
# <TR><TD>System:</TD> <TD>xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Maintainer:</TD> <TD>Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Description:</TD><TD>lo </TD></TR>
# <TR><TD>ifType:</TD> <TD>softwareLoopback (24)</TD></TR>
# <TR><TD>ifName:</TD> <TD></TD></TR>
# <TR><TD>Max Speed:</TD> <TD>1250.0 kBytes/s</TD></TR>
# <TR><TD>Ip:</TD> <TD>127.0.0.1 (localhost)</TD></TR>
# </TABLE>
### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: 'xxxx' | Eth: 'xxxx' ###
Target[localhost_2]: 2:[email protected]:
SetEnv[localhost_2]: MRTG_INT_IP="xxxx" MRTG_INT_DESCR="eth0"
MaxBytes[localhost_2]: 12500000
Title[localhost_2]: Traffic Analysis for 2 -- xxxx
PageTop[localhost_2]: <H1>Traffic Analysis for 2 -- xxxx</H1>
<TABLE>
<TR><TD>System:</TD> <TD>xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)</TD></TR>
<TR><TD>Maintainer:</TD> <TD>Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)</TD></TR>
<TR><TD>Description:</TD><TD>eth0 </TD></TR>
<TR><TD>ifType:</TD> <TD>ethernetCsmacd (6)</TD></TR>
<TR><TD>ifName:</TD> <TD></TD></TR>
<TR><TD>Max Speed:</TD> <TD>12.5 MBytes/s</TD></TR>
<TR><TD>Ip:</TD> <TD>xxxx</TD></TR>
</TABLE>
### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '' | Eth: 'xxxx' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
#
# Target[localhost_3]: 3:[email protected]:
# SetEnv[localhost_3]: MRTG_INT_IP="" MRTG_INT_DESCR="eth1"
# MaxBytes[localhost_3]: 1250000
# Title[localhost_3]: Traffic Analysis for 3 -- xxxx
# PageTop[localhost_3]: <H1>Traffic Analysis for 3 -- xxxx</H1>
# <TABLE>
# <TR><TD>System:</TD> <TD>xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Maintainer:</TD> <TD>Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Description:</TD><TD>eth1 </TD></TR>
# <TR><TD>ifType:</TD> <TD>ethernetCsmacd (6)</TD></TR>
# <TR><TD>ifName:</TD> <TD></TD></TR>
# <TR><TD>Max Speed:</TD> <TD>1250.0 kBytes/s</TD></TR>
# </TABLE>
### Interface 4 >> Descr: 'dummy0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
#
# Target[localhost_4]: 4:[email protected]:
# SetEnv[localhost_4]: MRTG_INT_IP="" MRTG_INT_DESCR="dummy0"
# MaxBytes[localhost_4]: 1250000
# Title[localhost_4]: Traffic Analysis for 4 -- xxxxx
# PageTop[localhost_4]: <H1>Traffic Analysis for 4 -- xxxx</H1>
# <TABLE>
# <TR><TD>System:</TD> <TD>xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Maintainer:</TD> <TD>Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Description:</TD><TD>dummy0 </TD></TR>
# <TR><TD>ifType:</TD> <TD>ethernetCsmacd (6)</TD></TR>
# <TR><TD>ifName:</TD> <TD></TD></TR>
# <TR><TD>Max Speed:</TD> <TD>1250.0 kBytes/s</TD></TR>
# </TABLE>
### Interface 5 >> Descr: 'tunl0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
### * has a speed of 0 which makes no sense
#
# Target[localhost_5]: 5:[email protected]:
# SetEnv[localhost_5]: MRTG_INT_IP="" MRTG_INT_DESCR="tunl0"
# MaxBytes[localhost_5]: 0
# Title[localhost_5]: Traffic Analysis for 5 -- xxxx
# PageTop[localhost_5]: <H1>Traffic Analysis for 5 -- xxxx</H1>
# <TABLE>
# <TR><TD>System:</TD> <TD>xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Maintainer:</TD> <TD>Root <[email protected]> (configure /etc/snmp/snmpd.local.conf)</TD></TR>
# <TR><TD>Description:</TD><TD>tunl0 </TD></TR>
# <TR><TD>ifType:</TD> <TD>Encapsulation Interface (131)</TD></TR>
# <TR><TD>ifName:</TD> <TD></TD></TR>
# <TR><TD>Max Speed:</TD> <TD>0.0 Bytes/s</TD></TR>
# </TABLE>
|
Ok, it worked. We created a working mrtg configuration. You should
write/append it to the
default mrtg configuration at /etc/mrtg.cfg
with cfgmaker
[email protected] > /etc/mrtg.cfg
and customize it as you like (I'd recommend Options[_]: growright, bits). Now
you should have a working mrtg. You can easily add CPU, memory and swap
monitoring to your configuration as well, just make sure that you have
the libsnmp-base package (apt-get
install libsnmp-base) and include the following lines to
your /etc/mrtg.cfg
LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.cpu]:ssCpuRawUser.0&ssCpuRawUser.0:[email protected]+ssCpuRawSystem.0&
ssCpuRawSystem.0:[email protected]+ssCpuRawNice.0&ssCpuRawNice.0:[email protected]
RouterUptime[localhost.cpu]: [email protected]
MaxBytes[localhost.cpu]: 100
Title[localhost.cpu]: CPU Load
PageTop[localhost.cpu]: <H1>Active CPU Load %</H1>
Unscaled[localhost.cpu]: ymwd
ShortLegend[localhost.cpu]: %
YLegend[localhost.cpu]: CPU Utilization
Legend1[localhost.cpu]: Active CPU in % (Load)
Legend2[localhost.cpu]:
Legend3[localhost.cpu]:
Legend4[localhost.cpu]:
LegendI[localhost.cpu]: Active
LegendO[localhost.cpu]:
Options[localhost.cpu]: growright,nopercent
LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Target[localhost.mem]: .1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.6.0:[email protected]
PageTop[localhost.mem]: <H1>Free Memory</H1>
Options[localhost.mem]: nopercent,growright,gauge,noinfo
Title[localhost.mem]: Free Memory
MaxBytes[localhost.mem]: 1000000
kMG[localhost.mem]: k,M,G,T,P,X
YLegend[localhost.mem]: bytes
ShortLegend[localhost.mem]: bytes
LegendI[localhost.mem]: Free Memory:
LegendO[localhost.mem]:
Legend1[localhost.mem]: Free memory, not including swap, in bytes
LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.swap]: memAvailSwap.0&memAvailSwap.0:[email protected]
PageTop[localhost.swap]: <H1>Swap Memory</H1>
Options[localhost.swap]: nopercent,growright,gauge,noinfo
Title[localhost.swap]: Free Memory
MaxBytes[localhost.swap]: 1000000
kMG[localhost.swap]: k,M,G,T,P,X
YLegend[localhost.swap]: bytes
ShortLegend[localhost.swap]: bytes
LegendI[localhost.swap]: Free Memory:
LegendO[localhost.swap]:
Legend1[localhost.swap]: Swap memory avail, in bytes
|
Finally, you can create an index page with indexmaker
/etc/mrtg.cfg > path_to_your_index_file/index.html command.
|
|
|
