MRTG is the Multi Router Traffic Grapher. It reads interface stats every 5 minutes and plots traffic usage. As well as the current day, you get more condensed graphs of the last week, month and year of usage. Current versions can also plot peak (as well as average) values.
With a bit of tweaking, you can install manufacturer's SNMP MIBs to graph other variables such as temperatue, CPU load etc.
If you want to view your graphs remotely you'll need to install a webserver (e.g. Apache). For the purposes of this exercise, though, we'll run just Netscape to view the files locally.
In any event, we strongly recommend that you run all your network monitoring tools on different machines than those used by customers - you don't want to degrade the service to customers, and neither should high customer traffic affect your ability to monitor your network.Don't do this for today:
# cd /cdrom/packages/www # cd pkg_add apache-1.3.12.tgz
Fetch the package file by FTP and install it.
# ftp 126.96.36.199 Anonymous login ('ftp' and your E-mail address) ftp> cd pub/FreeBSD/4.0-RELEASE/packages/All ftp> get mrtg-2.8.12.tgz ftp> quit # pkg_add mrtg-2.8.12.tgz (Do this as root) Note, you can query the FreeBSD installed packages too: # pkg_info -aI # pkg_info mrtg-2.8.12 # pkg_info -L mrtg-2.8.12
cape-border-1#conf t cape-border-1(config)#snmp community t2@afnog ro
The "community string" is basically an SNMP password. For monitoring
you only need to enable ro (read-only) access. Don't choose "public"
as your community string
There is a cfgmaker utility, but the configs it generates can be hard to read and maintain. It's simpler to just write your own config file.
Create the file
/usr/local/etc/mrtg/mrtg.conf with contents
like the following. If you want your graphs to be visible via the web,
choose a directory which is within your webserver's document space.
WorkDir: /usr/local/www/stats # Set some defaults for all graphs Options[_]: bits, growright WithPeak[_]: ymw # Now here's our first router port Target[border-e0]: /188.8.131.52:t2@firstname.lastname@example.org ^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ MaxBytes[border-e0]: 1250000 Title[border-e0]: Border router: Ethernet0 PageTop[border-e0]: <H1>Border router: Ethernet0</H1> # Repeat this for each router port you want to monitor
In the Target line, the first IP number is the IP address of the interface you want to monitor, which MRTG uses to pick up the right statistics. The second IP address is the IP address where to send the SNMP query packet itself. These could be the same of course, but if your router has a loopback interface, it's best to send the SNMP queries to the loopback interface address.
(Hint: use IP addresses rather than DNS names. Then you are not going to be affected by DNS problems!)
If you have a device like a switch (which doesn't have an IP address on each interface), then you can just use the SNMP sequence number instead, which usually maps to the port number:
The option bits makes the values display in bits per second instead of bytes per second, and growright causes the graphs to have the most recent value on the right-hand side. WithPeak causes the peak in/out lines to be added (ymw = on the yearly, monthly and weekly graphs).
The setting MaxBytes is the speed of the interface in bytes per second (i.e. bits per second divided by 8). It is used to sanity-check the data from the router.
Now, you need to create a directory for MRTG to store its files (the same as WorkDir above), then you can run it from the command line. It takes one parameter, which is the config filename
# mkdir -p /usr/local/www/stats # mrtg /usr/local/etc/mrtg/mrtg.conf
For the first couple of times you will get warnings about 'rateup' not being able to read log files. Do this twice more and they should go away. If they don't, you have a problem. This will typically be:
Run this command now, and remember to run it each time you add a new port to mrtg.cfg. The index page gives the "daily" for each port you are monitoring.
indexmaker -o /usr/local/www/stats/index.html /usr/local/etc/mrtg/mrtg.conf
Point your web browser at file:///usr/local/www/stats/index.html to check that the page has been built
Edit root's crontab as follows:
# crontab -e
Add a line to run mrtg every 5 minutes:
*/5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.conf
For better security you can create a non-root user and run MRTG as that user. To do so you'll need to chown the MRTG directories and the files within them, and make cron run mrtg as this non-root user.
# crontab -e Remove the mrtg crontab line # chown -R t2 /usr/local/www/stats # chown -R t2 /usr/local/etc/mrtg # crontab -u t2 -e Re-enter the mrtg crontab line
Make sure you don't run MRTG as 'root' in future though, or you may find the ownership of files being changed to root, and the cron job will no longer have permissions to alter them.
The default configuration of MRTG is to monitor interface byte counts (ifInOctets and ifOutOctets) but it can monitor other variables too (and import vendor MIBs).
MRTG is written in Perl and doesn't scale particularly well when you start monitoring hundreds of ports. You may wish to investigate rrdtool as a newer alternative.