Introduction to MRTG

Aims:

  • To further investigate SNMP services and graphical monitor tools such as MRTG

Resources:

  1. Access to lecture notes (possibly requires access to Unit web site)
  2. Access to internet for searching and download
  3. Network Management and Monitoring with Linux by David Guerrero
  4. SNMP with Linux (ibid.)
  5. Multi Router Traffic Grapher (ibid.)
  6. MRTG Documentation

Reading:

  • Essential System Administration (3rd Ed) By Æleen Frisch (via the Monash Library Proxy: Authcate username required)
    Chapter 8.6. Monitoring the Network. [O'Reilly 2002. ISBN 0-596-00343-9]
  • MRTG [www.informit.com 01Apr2004] sample chapter from Open Source Network Administration by James Krechmar [Prentice Hall 2003. ISBN 0-13-046210-1]
  • Long-Term Monitoring with SNMP an article by Michael W. Lucas: [www.onlamp.com 21Sep2000]
  • Eleven Metrics to Monitor for a Happy and Healthy Squid an article by Duane Wessels: 11 tips to help you stay on top of Squid's performance. Duane is the creator of Squid and the author of "Squid: The Definitive Guide". [www.onlamp.com 25Mar2004]

Exercises:

Graphical Monitoring of Routers and Servers using MRTG

  1. As an example of MRTG have a look at the usage logs for various routers in the Monash network
    (Authcate password required).
  2. The example MRTG display at http://waserv.netcomp.monash.edu.au/mrtg/waserv.html features
    1. display of incoming and outgoing network traffic in Kbit/s
    2. display of CPU load (%utilisation) and of disk space usage (%utilisation)
  3. In the PSIT NetLAB, MRTG is used to display gateway traffic. T see the live data for the lab gateway, visit the URL: http://netlabGW.netlab/mrtg/. This page is only visible to users of PCs attached to the netLAB internal network. You may have to set the proxy exemptions on your browser so that URLs containing "192.168.1.0/24, .netlab" will not use the Lab proxy service.... of course the proxy will fail to find a 192.168.1.0/24 address !!
  4. Lets look at the steps required to create the graphical view of information from netlabGW....
    The diagram below shows the the flow of information needed to monitor the netLAB gateway traffic:
    MRTGmonitoring
    1. Connect your benchtop PC to the netlab network, boot Fedora linux, login as the root user and configure your network interface for the room network. The easiest way to do this is to plug in the first network card (eth0) and set it to use DHCP. Use the command: service network restart to reinitialise the network after your have made configurational changes.
    2. SNMP is already installed on netlabGW (here is the snmpd.conf file from netlabGW) and our MRTG exercise will access it there, but first you may need to install the snmp and MRTG packages on your linux PC using the following instructions:
      1. obtain a Fedora DVD of the same version that was used to create the disk) and insert in the CD drive
      2. mount the DVD using the shell command: mount /disk/cdrom or mount /media/cdrecorder or open the CDROM icon on your desktop.
      3. GO to the package directory on the DVD using the appropriate "cd" command.
        Eg: cd /disk/cdrom/Fedora/RPMS
      4. install the snmp packages using the command: rpm -ivh lm_sensor<tab> net-snmp-*
      5. install the MRTG packages using the command: rpm -ivh gd<tab> mrtg<tab>
    3. Verify that snmp agent on netlabGW is operational by viewing the system and interface tables using the commands: 
      snmpwalk -v2c -c netLAB netlabGW.netlab system
      snmpwalk -v2c -c netLAB netlabGW.netlab interface
    4. Now configure MRTG on your PC to gather details from netlabGW and produce graphs (later, look at using cfgmaker to do something similar). Configuration is achieved by editing the file /etc/mrtg/mrtg.cfg. Here is the mrtg.cfg file that you should save as /etc/mrtg/mrtg.cfg. It defines three "Targets":
      1. "r1" is the traffic in/out of the first network interface in Kbit/s (eth0 is the ITS uplink: 172.19.72.106). This is represented in the standard way as shown in the MRTG documentation.
      2. "r2" is also traffic in/out in Kbit/s, but this is for eth1 (the room network link: 192.168.1.254), and  is also represented in the standard way, except for the network interface number.
      3. "la1" is the load average and disk space graph. This graphs the MIB items  "enterprises.ucdavis.diskTable.dskEntry.diskPercent.1" for disk space and "enterprises.ucdavis.loadTable.laEntry.laLoadInt.1" for the 1 minute load average figure. Note these are represented using numeric explicit OID identification of the target pair (MRTG always need two items that correspond to the In and Out traffic), the option settings including "noinfo", "nopercent" and "gauge";
      4. the various "Legend" parameters that are used in the graph images
    5. configure cron to run MRTG every 5 minutes. The configuration is already installed as part of the MRTG package, but can be done manually by editing /etc/cron.d/mrtg. If you can't wait 5 minutes for MRTG to run, run it manually using the command:  env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
    6. You should now have sets of graph file (.png) and moving average history files (.log) in the /var/www/mrtg directory. Use a local web bowser to view these individually as local html files (r1.html, r2.html and la1.html
    7. It is useful to have a single web page that acts an index for all these other web pages and graphic files. Build a summary web page using indexmaker. A suitable indexmaker script file is shown here. You should save this file as BuildNetlabGW.sh then run it using the command:  ./BuildNetlabGW.sh
    8. how do you know that the information displayed by MRTG is actually correct? verify measurements and check reliability of data. Always test and check that the figures are valid. This usually requires alternate ways of measuring and comparing the results....
  5. The SQUID web proxy server also contains an SNMP agent. It is possible for MRTG to be configured to harvest usage and cache hit rate information from SQUID and graph this. The image below show an intranet with a gateway running a SQUID proxy. The first NIC (eth0) connected to the monash network and the second NIC (eth1) connected to a switch for the intranet. The intranet uses network 192.168.10.0/24 and most of the network infrastructure services are provided by the gateway (DHCP, DNS, NAT, firewall) :
    an intranet
    and the MRTG configuration needed to provide simple hit% graphs for the intranet proxy is available here.
    Note:
    • Inclusion of additional MIB information on line 7, which allows the use of OIDs for the Squid MIB
    • MRTG is configured for 5 target graphs:
      • eth0 uplink,
      • eth1 downlink,
      • gateway CPU/disk%,
      • Squid CacheHits%,
      • Squid CacheI/O
    • The Squid cache data is harvested from port 3401 instead of the usual SNMP port 161.