Wednesday, November 11, 2009

How to Setup MRTG on Debian

Using MRTG on Debian Stable (Sarge)

At certain point, I needed to install MRTG on my Debian Stable for the simplest possible reason: To watch the traffic on the ethernet interface, which connects me to the backbone. I encountered few issues and since googling didn't help much, I had to  to spend more time than I had initially planned. I saw similar posts in forums without answers so this might a common problem. So there comes this document.

Some important points to clarify first:


  • MRTG can be used for different purposes (i.e. monitoring bandwidth/cpu/... utilization on routers, switches etc). The sole purpose of this document is to show how a Debian system can monitor the utilization of its own interface(s). Although it should be easy to make changes to monitor other systems, it is not the intent here.
  • You have to pay special attention to how you configure this in your environment, installing an snmp daemon can result in leaking sensitive information from your system.
  • Also, there is a common confusion. MRTG is mainly for monitoring bandwidth utilization. If you are trying to know how much traffic (in megabytes or gigabytes) passes through your links on a daily/monthly/yearly basis, MRTG will be of no help at all. You should instead try vnstat (apt-get install vnstat) which is a lightweight console based application for this very purpose. There is also a 3rd party php frontend that gives you nice graphs.
  • In any case, use the information available here at your own risk. Author does not accept any responsibilty for anything that might go wrong for you.

What to do now?

First install snmp, snmpd and mrtg packages.

snmpd package is for the actual snmp daemon, we'll need this since mrtg mainly uses snmp to poll data. It can use other things as well but this is the most convenient method. snmp package includes some basic troubleshooting utilities and mrtg is the actual mrtg package itself.

Normally this is as easy as apt-get install snmp snmpd mrtg

This should immediately start the snmp daemon, and put links in /etc/rc*.d for it to start in bootup. You can manually start/stop/restart it via /etc/init.d/snmpd script.

Now we can test snmp with the snmp utilities we have installed.

kybele:~# snmpwalk -v 1 -c public localhost
SNMPv2-MIB::sysDescr.0 = STRING: Linux ...
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (1768) 0:00:17.68
SNMPv2-MIB::sysContact.0 = STRING: Root  (configure /etc/snmp/snmpd.local.conf)
SNMPv2-MIB::sysName.0 = STRING: ...
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (configure /etc/snmp/snmpd.local.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.9 = Timeticks: (1) 0:00:00.01
End of MIB
kybele#


This seems to be working. So far so good. We go the next step and try to configure mrtg.


kybele:~# cfgmaker public@localhost
--base: Get Device Info on public@localhost:
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.2.1.1.9.1.4.9)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
                  community: "public"
                 request ID: 392141002
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)
 at /usr/share/perl5/SNMP_util.pm line 733
--base: Vendor Id:
--base: Populating confcache
--snpo: Skipping ifName scanning because public@localhost: does not seem to support it
--snpo: Skipping ifDescr scanning because public@localhost: does not seem to support it
--snpo: Skipping ifType scanning because public@localhost: does not seem to support it
--snpo: Skipping ipAdEntIfIndex scanning because public@localhost: does not seem to support it
--snpo: Skipping ifPhysAddress scanning because public@localhost: does not seem to support it
--base: Get Interface Info
--base: Walking ifIndex
.......
.......


Here we have a problem. Normally we should be able expect cfgmaker to run in this scenario but it does not. The trick is the default configuration of the snmp daemon. Digging further you will see that snmpd doesn't allow the types of queries mrtg needs by default.

So, edit /etc/snmp/snmpd.conf and comment out the following line

com2sec paranoid  default         public

and instead add

com2sec readonly  localhost         public

The difference is, the first one which comes in the default installation gives access to anyone on all interfaces with a public community string and it is paranoid. This doesn't suit us for two reasons: First, there is no need for letting everyone to access us on all interfaces. We both have mrtg and snmpd on the same system so only allowing loopback will do perfectly for us. The second problem is that we need more information than snmpd provides by default. So we change this line to allow all readonly queries to be made only on the loopback interface but nowhere else. So after the change this is what /etc/snmp/snmpd.conf looks like:

...
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec readonly  localhost         public
#com2sec paranoid  default         public
#com2sec readonly  default         public
#com2sec readwrite default         private
...

If you run mrtg on a different system, you will need a different configuration here since only allowing the loopback will not be enough. But that's not what we are trying to do here. (In such a case, I'd strongly advise to use a different community name than public, that's what everyone and all scanners will try first!)

After changing the file,  we do a reload of the snmp daemon for the changes to take effect. And then test with the cfgmaker again.

kybele:~# /etc/init.d/snmpd reload
Restarting network management services: snmpd.
kybele:~#
kybele:~# cfgmaker public@localhost
--base: Get Device Info on public@localhost:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache public@localhost: Descr lo --> 1
--snpo: confcache public@localhost: Descr eth0 --> 2
--snpo: confcache public@localhost: Descr eth1 --> 3
--snpo: confcache public@localhost: Descr dummy0 --> 4
--snpo: confcache public@localhost: Descr tunl0 --> 5
--snpo: confcache public@localhost: Type 24 --> 1
--snpo: confcache public@localhost: Type 6 --> 2
--snpo: confcache public@localhost: Type 6 --> 3 (duplicate)
--snpo: confcache public@localhost: Type 6 --> 4 (duplicate)
--snpo: confcache public@localhost: Type 131 --> 5
--snpo: confcache public@localhost: Ip 127.0.0.1 --> 1
--snpo: confcache public@localhost: Ip xxxx --> 2
--snpo: confcache public@localhost: Eth  --> 1
--snpo: confcache public@localhost: Eth xxxx --> 2
--snpo: confcache public@localhost: Eth xxxx --> 3
--snpo: confcache public@localhost: Eth  --> 4 (duplicate)
--snpo: confcache public@localhost: Eth  --> 5 (duplicate)
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Walking ifSpeed
# Created by
# /usr/bin/cfgmaker public@localhost
### Global Config Options
#  for UNIX
# WorkDir: /home/http/mrtg
#  for Debian
WorkDir: /var/www/mrtg
#  or for NT
# WorkDir: c:\mrtgdata
### Global Defaults
#  to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits
EnableIPv6: no
######################################################################
# System: xxxx
# Description: xxxx
# Contact: Root  (configure /etc/snmp/snmpd.local.conf)
# Location: Unknown (configure /etc/snmp/snmpd.local.conf)
######################################################################
### Interface 1 >> Descr: 'lo' | Name: '' | Ip: '127.0.0.1' | Eth: '' ###
### The following interface is commented out because:
### * it is a Software Loopback interface
#
# Target[localhost_1]: 1:public@localhost:
# SetEnv[localhost_1]: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="lo"
# MaxBytes[localhost_1]: 1250000
# Title[localhost_1]: Traffic Analysis for 1 -- xxxx
# PageTop[localhost_1]: 
Traffic Analysis for 1 -- xxxx

#  #         
#   

#   

#   
     
#   
     
#   
  
#   
         
#  


System:xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer: Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description:lo  
ifType:softwareLoopback (24)
ifName:
Max Speed:1250.0 kBytes/s
Ip:127.0.0.1 (localhost)
### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: 'xxxx' | Eth: 'xxxx' ###
Target[localhost_2]: 2:public@localhost:
SetEnv[localhost_2]: MRTG_INT_IP="xxxx" MRTG_INT_DESCR="eth0"
MaxBytes[localhost_2]: 12500000
Title[localhost_2]: Traffic Analysis for 2 -- xxxx
PageTop[localhost_2]: 
Traffic Analysis for 2 -- xxxx
         
  

  

  
     
  
     
  
  
  
         
 


System:xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer: Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description:eth0  
ifType:ethernetCsmacd (6)
ifName:
Max Speed:12.5 MBytes/s
Ip:xxxx
### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '' | Eth: 'xxxx' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
#
# Target[localhost_3]: 3:public@localhost:
# SetEnv[localhost_3]: MRTG_INT_IP="" MRTG_INT_DESCR="eth1"
# MaxBytes[localhost_3]: 1250000
# Title[localhost_3]: Traffic Analysis for 3 -- xxxx
# PageTop[localhost_3]: 
Traffic Analysis for 3 -- xxxx
#  #         
#   

#   

#   
     
#   
     
#   
  
#  


System:xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer: Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description:eth1  
ifType:ethernetCsmacd (6)
ifName:
Max Speed:1250.0 kBytes/s
### Interface 4 >> Descr: 'dummy0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
#
# Target[localhost_4]: 4:public@localhost:
# SetEnv[localhost_4]: MRTG_INT_IP="" MRTG_INT_DESCR="dummy0"
# MaxBytes[localhost_4]: 1250000
# Title[localhost_4]: Traffic Analysis for 4 -- xxxxx
# PageTop[localhost_4]: 
Traffic Analysis for 4 -- xxxx
#  #         
#   

#   

#   
     
#   
     
#   
  
#  


System:xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer: Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description:dummy0  
ifType:ethernetCsmacd (6)
ifName:
Max Speed:1250.0 kBytes/s
### Interface 5 >> Descr: 'tunl0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
### * has a speed of 0 which makes no sense
#
# Target[localhost_5]: 5:public@localhost:
# SetEnv[localhost_5]: MRTG_INT_IP="" MRTG_INT_DESCR="tunl0"
# MaxBytes[localhost_5]: 0
# Title[localhost_5]: Traffic Analysis for 5 -- xxxx
# PageTop[localhost_5]: 
Traffic Analysis for 5 -- xxxx
#  #         
#   

#   

#   
     
#   
     
#   
  
#  


System:xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer: Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description:tunl0  
ifType:Encapsulation Interface (131)
ifName:
Max Speed:0.0 Bytes/s


Ok, it worked. We created a working mrtg configuration. You should write/append it to the default mrtg configuration at /etc/mrtg.cfg with cfgmaker public@localhost > /etc/mrtg.cfg and customize it as you like (I'd recommend Options[_]: growright, bits). Now you should have a working mrtg. You can easily add CPU, memory and swap monitoring to your configuration as well, just make sure that you have the libsnmp-base package (apt-get install libsnmp-base) and include the following lines to your /etc/mrtg.cfg

LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.cpu]:ssCpuRawUser.0&ssCpuRawUser.0:public@localhost+ssCpuRawSystem.0&
ssCpuRawSystem.0:public@localhost+ssCpuRawNice.0&ssCpuRawNice.0:public@localhost
RouterUptime[localhost.cpu]: public@localhost
MaxBytes[localhost.cpu]: 100
Title[localhost.cpu]: CPU Load
PageTop[localhost.cpu]: 
Active CPU Load %
Unscaled[localhost.cpu]: ymwd
ShortLegend[localhost.cpu]: %
YLegend[localhost.cpu]: CPU Utilization
Legend1[localhost.cpu]: Active CPU in % (Load)
Legend2[localhost.cpu]:
Legend3[localhost.cpu]:
Legend4[localhost.cpu]:
LegendI[localhost.cpu]: Active
LegendO[localhost.cpu]:
Options[localhost.cpu]: growright,nopercent

LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Target[localhost.mem]: .1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.6.0:public@localhost
PageTop[localhost.mem]: 
Free Memory
Options[localhost.mem]: nopercent,growright,gauge,noinfo
Title[localhost.mem]: Free Memory
MaxBytes[localhost.mem]: 1000000
kMG[localhost.mem]: k,M,G,T,P,X
YLegend[localhost.mem]: bytes
ShortLegend[localhost.mem]: bytes
LegendI[localhost.mem]: Free Memory:
LegendO[localhost.mem]:
Legend1[localhost.mem]: Free memory, not including swap, in bytes

LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.swap]: memAvailSwap.0&memAvailSwap.0:public@localhost
PageTop[localhost.swap]: 
Swap Memory
Options[localhost.swap]: nopercent,growright,gauge,noinfo
Title[localhost.swap]: Free Memory
MaxBytes[localhost.swap]: 1000000
kMG[localhost.swap]: k,M,G,T,P,X
YLegend[localhost.swap]: bytes
ShortLegend[localhost.swap]: bytes
LegendI[localhost.swap]:  Free Memory:
LegendO[localhost.swap]:
Legend1[localhost.swap]: Swap memory avail, in bytes


Finally, you can create an index page with indexmaker /etc/mrtg.cfg > path_to_your_index_file/index.html command.

(This document has been omitted from http://www.ilkertemir.com)
Posted by at No comments:
Subscribe to: Posts (Atom)