Professional Documents
Culture Documents
Introduction
MRTG is wonderful tool. You can use it to monitor traffic on your router or leased server located at
remote IDC. Since it is written in Perl and some code in C language, it is portable and high
performance tool.
What is MRTG?
As explained in official mrtg(1) man page "The Multi Router Traffic Grapher (MRTG) is a tool to
monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which
provide a LIVE visual representation of this traffic." Here is public view of my own site. Please note
following discussion based upon Red Hat Linux Enterprise version 3 update 2 and RHEL v4.0.
SNMP is Simple Network Management Protocol. It is use to manage IP network devices such as
servers, routers, switches etc. Administrator can find or manage network performance, solve problem
or even optimize it further. For more information on official UNIX/Linux SNMP please see UCD-
SNMP/NET-SNMP Tutorials and an excellent resource at Snmplink.org
Assumptions
• Linux distribution
• You would like to perform MRTG and snmp binary installation using rpm. If you are looking
for source installation then visit author's web site here. This page has an excellent information
(systematically) to install it from source.
• Required RPMs
o mrtg
o snmp
o snmp-utils
• Installations were tested on Red Hat Enterprise Linux version 3 update 2.
Configuration
Make sure snmp server is working. Without proper working snmp server, mrtg will not work.
Therefore, first step is make sure snmp up and running. Following steps will take you gradually to
configure it.
Please note that snmpd configuration does not require using mrtg with remote network devices such as
Routers and switches. If you just want mrtg graphs for router or switch then please refer to step # 4 (as
all these devices comes preconfigured with snmpd software).
Run rpm commands query option to find out snmp server installed or not:
If snmp installed then please refer step # 2; otherwise snmp server and utils were not present and your
need to install them using following steps (login as a root user):
(a) Visit rpmfind.net to get snmp server and utilities rpms. If you are fedora user then use yum
command as follows to install it:
(b) If you are RHEL subscriber then use up2date command as follows to install:
Output:
root 5512 0.0 2.3 5872 3012 pts/0 S 22:04 0:00 /usr/sbin/snmpd
Alternatively, you can try any of the following two commands as well:
# lsof -i :199
Output:
Output:
Make sure snmpd service starts automatically, when linux comes us (add snmpd service):
Run snmpwalk utility to request for tree of information about network entity. In simple words query
snmp server for your IP address (assigned to eth0, eth1, lo etc):
If you can see your IP address then please proceed to step 4; else it is a time to configure snmp server
as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason):
Configure SNMP
Find Lines:
Replace with:
Replace with:
Find line:
Replace with:
Find lines:
For your convenient, here is my /etc/snmp/snmpd.conf file. Feel free to use this file. Make sure you
make backup of your existing file if you use this file as it is.
# chkconfig snmpd on
(b) Make sure service start whenever Linux comes up (after reboot):
Mrtg software may install during initial installation; you can verify if MRTG installed or not with
following RPM command:
# up2date -v -i mrtg
Fedora Linux user can use yum command as follows to install MRTG:
# mkdir -p /var/www/html/mymrtg/
(b) Run any one of the following cfgmaker command to create mrtg configuration file:
OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router
FQDN address)
(a) Run mrtg command from command line with your configuration file:
# mrtg /etc/mrtg/mymrtg.cfg
Note: You may get few warning message for first time; ignore them.
(b) Fire your favorite web browser (like FireFox :D ) and type url http://www.your.com/mymrtg/ or
http://your-ip/mymrtg/
Step # 7 Create crontab entry so that mrtg graph / images get generated every 5
minutes
(a) Login as a root user or login as a mrtg user and type following command:
# crontab -e
(b) Add mrtg cron job entry to configuration file (append following line to it):
Save file and you are done with MRTG config issues :)
You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses
UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP
server
(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query
remote host/router (replace SERVER IO with your real IP):
SERVER="xxx.xxx.xxx.xxx"
iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m
state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT
(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries
for rest of the world (replace SERVER IP with your real IP):
SERVER="xxx.xxx.xxx.xxx"
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m
state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT
Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for
complete information on iptables
Step # 9 Optional: Protect your MRTG graphs/html pages with password protected
directory
Once again, you would like to restrict access to your MRTG reports. This can easily accomplished with
Apache webserver's .htaccess file. If you are on webhosting server with control panel (such as ensim or
plesk) then you can use control panel itself to create password-protected directory.
Below is process outlined to protect graphs using apache's .htaccess file and htpasswd command:
vi /var/www/html/mymrtg/.htaccess
Step # 2: Create a user and password name (-c assumes first time you are using .htpasswd file):
For more information please see Apache Webserver Authentication and access control mini-howto.
Use following resources to find out more Linux help, links to general information and help for MRTG,
snmp under Linux/UNIX/Windows OSes:
When you come across a problem with MRTG and SNMP configurations, I would like to hear about it.
You can send all your questions regarding snmp and mrtg configuration, problem to nixCraft forum for
further discussion. Well it is true that MRTG is for network monitoring and it can be use to see how
much traffic your server/router or ADSL router actually generated, however it will not tell you how
much megabytes or gigabytes the daily traffic was. For all such home user and people having dedicated
single Linux box hosted somewhere remote at IDC/ISP there is a tool called vnStat (see image below),
see Special configuration: Keeping a log of daily network traffic for ADSL or dedicated remote Linux
box