Network Management & Monitoring with Linux
MRTG is an advanced tool written by Tobias Oetiker and Dave Rand to graphically represent the data SNMP agents brings to SNMP managers. It generates nice HTML pages with GIF graphics about inbound and outbound traffic in network interfaces in almost real time. This abstracts the idea of dealing directly with objects of an MIB with a command line tool like CMU-SNMP. This is the simplest and most powerful tool to monitor my routers I have found on the Internet.
MRTG uses an SNMP implementation coded entirely in Perl, so there is no need to install other packages. The main program is written in C to speed up the logging process and the generation of GIF images. The graphics are generated with the help of the GD library from Thomas Boutell, author of the WWW FAQ.
One of the highlights of MRTG is its expandability and powerful configuration. It's very easy to monitor any SNMP variables instead of traffic, like error packets, system load, modem availability and others. It's even possible to import data from an external program to feed the data, so you can use it to monitor login sessions and other information not available through SNMP.
It comes with some tools to watch your router for interfaces, extract their characteristics and generate a base configuration file you can easily tweak to accommodate your needs.
Another interesting feature of MRTG is the amount of information it generates. It permits four levels of detail for each interface: traffic in the last 24 hours, the last week, the last month and a yearly graphic. This allows you to gather information for statistical purposes. It maintains an accumulated database with all this information with the help of a consolidation algorithm that prevents the data in the logs from eating up your disk space.
It also generates a main page that contains the GIF images of the daily details of every interface of a router, which lets you have a complete idea of what's happening in your router with a simple look. You can see the main page and a detail page generated by MRTG in Figures 3 and 4.
Let's see a basic installation procedure. First of all, you need the distribution of MRTG. At the time of this writing, the latest version was 2.1; check the URL in the references sidebar for the latest version.
A package you must install before compiling MRTG is the GD graphic library. The URL is in the references sidebar, too. The current version of GD is 1.2, and you shouldn't have any problems compiling and installing it. Simply run make in the directory you unpacked the distribution and a file called libgd.a will be generated. Copy this file to /usr/local/lib and all the .h files to the directory /usr/local/include/gd.
At this point you should have GD up and running. Now is the time to build the MRTG package. Unpack the distribution, and edit the Makefile, indicating where to find the GD libraries and header files, and the Perl 5.003 binary—usually /usr/bin/perl or /usr/local/bin/perl. This is done through the variables GD_LIB, GD_INCLUDE and PERL.
Build the main program by typing make rateup, and when the compilation finished, enter make substitute to include the correct PATH to the Perl interpreter within the set of Perl scripts that MRTG uses.
Copy the following files to the final destination of the binaries (for example, /usr/local/mrtg): BER.pm, SNMP_Session.pm, mrtg and rateup. You can also copy to this location the two configuration programs, indexmaker and cfgmaker.
Ensure that all the programs have the execution bit set. Now we're ready to build a simple configuration file. At this point you should have SNMP read access to your router. In a Cisco router, the configuration lines to allow this are the following:
access-list 99 permit 184.108.40.206 access-list 99 permit 220.127.116.11 access-list 99 permit 18.104.22.168 snmp-server community public RO 99
This allows read-only requests from the addresses specified in the access list 99 using “public” as a password (community). If you want to allow every node in the network Read Only (RO) access to the router, you can have a line like this one:
snmp-server community public ROIf you have another brand of router, check the manuals to determine how to allow SNMP access to them.
The cfgmaker script greatly simplifies the task of building the configuration file. All you have to do is run it with the following arguments:
cfgmaker <community>@<router-host-name or IP>
cfgmaker email@example.com > mrtg.cfgIt will discover every interface in your router and write a section in the file with its specifications of numbers of interfaces, maximum speed, description, etc, with some HTML tags to include them in the detail page. It's possible to edit this HTML layout to suit your language, preferences, etc. You can see in Figure 5 the output for one of the interfaces of my router.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide