MRTG tutorial, install and howtos

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.


MRTG is basically used for generating graphs to a device, network host, IP-based appliances for monitoring usage, live data and statistics usage. This monitoring software package is not installed by default installation. MRTG is written in Perl and comes for free. MRTG supports several SNMP version and even 64 bit counters. All graphs produced by MRTG are highly configurable and customizable to fit one's needs. MRTG works on most Linux, Windows and UNIX platform. Check out more info from the site.


MRTG INSTALLATION
==================

Here's an entry how to install MRTG from Fedora using yum

# yum -y install mrtg


USAGE AND PROCESS
=================


Verify that MRTG is currently installed.

# rpm -qa mrtg


Here are several steps on how to configure MRTG and start a new graph for you devices, or network host.

By default installation, MRTG uses /etc/mrtg/mrtg.cfg as its default configuration file. It is adviseable to a backup copy of the said original config file for future preference like so

# cp /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.bak

On creating MRTG graph, the first step to take is to determine if the target host is SNMP enabled or supports SNMP. Additionally, the target polling host or device should be currently reachable or accessible by polling host via direct or network connectivity.

Polling host is where the MRTG is currently installed to. If the target host being polled does not support SNMP polling, the resulting data results may vary from systems to system depending upon the technique and approach used to retrieve variable values from the host being polled .

To cover a basic MRTG usage sample, this entry would cover using MRTG on linux to create and generate MRTG graph of ethernet interfaces from a windows machine. Windows machine is assumed to be located inside the broadcast network where linux host is currently residing. It is also assumed that the windows machine has SNMP enabled from its TCP/IP properties.


MRTG GRAPH CREATION
===================

Here's the basic foundation instructions on creating MRTG graph taking the above scenario.

MRTG config file can be manually created using one of MRTG tools that comes from installing MRTG package. Here, we are going to use cfgmaker which is responsible for automatic creation of config files readable by MRTG.

The basic cfgmaker parameters requires 2 arguments
a. hostname or IP address of the host being polled. This should be reachable by broadcast from the polling host.
b. community access name defined from the host being polled. This can be public, private or user-defined community host.

As an example using linux terminal, here's a basic sample that shows the above requirements

# cfgmaker public@windows-IP-address

The above command would display from your screen similar results shown below

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--base: Get Device Info on public@target-host-ip:
--base: Vendor Id:
--base: Populating confcache
--coca: populate confcache public@target-host-ip:
--coca: store in confcache public@target-host-ip_ Descr MS TCP Loopback interface --> 1
--coca: store in confcache public@target-host-ip_ Descr Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport --> 2
--coca: store in confcache public@target-host-ip_ Type 24 --> 1
--coca: store in confcache public@target-host-ip_ Type 6 --> 2
--coca: store in confcache public@target-host-ip_ Ip target-host-ip --> 2
--coca: store in confcache public@target-host-ip_ Ip 127.0.0.1 --> 1
--coca: store in confcache public@target-host-ip_ Ip target-host-ip2 --> 2
--coca: store in confcache public@target-host-ip_ Eth --> 1
--coca: store in confcache public@target-host-ip_ Eth 30-78-30-30-31-34-38-35-64-31-39-39-30-30 --> 2
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Walking ifMtu
--base: Walking ifSpeed

Target[target-host-IP-address]: 2:public@target-host-IP-address:
SetEnv[target-host-IP-address]: MRTG_INT_IP="target-host-IP-address" MRTG_INT_DESCR="Realtek-RTL8139-Family-PCI-Fast-Ethernet-NIC---Packet-Scheduler-Miniport"
MaxBytes[target-host-IP-address]: 12500000
Title[target-host-IP-address]: Traffic Analysis for 2 -- ORG NAME
PageTop[target-host-IP-address]: Traffic Analysis for 1 -- ORG NAME
..
snipped.
...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As shown above, you can now copy and paste the line that starts with

Target[target-host-IP-address]: 2:public@target-host-IP-address:

and ends with [/div]

into your /etc/mrtg/mrtg.cfg file. All lines that starts with # character is found to be disabled from the host being polled and is not required to be included from /etc/mrtg/mrtg.cfg unless you further need them being uncommented.

There are several cfgmker arguments that is available from the command line. Here are a few argument alternatives:

# cfgmaker --enable-ipv6 --noreversedns --community=mycommunity --dns-domain target-IP-address

Legend:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--enable-ipv6 enables polling using IPv6
--noreversedns avoids doing reverse lookup for IP address found from device polling
--community defines custom community name to use with creating MRTG config file
--dns-domain appends custom domain name from the name of the device/host being polled

You can also overwrite the following variable directly from the command line
--ifdesc=nr interface description uses Interface Number (default)
--ifdesc=ip uses Ip Address
--ifdesc=eth uses Ethernet Number
--ifdesc=descr uses Interface Description
--ifdesc=name uses Interface Name
--ifdesc=catname uses CatOS Interface Name
--ifdesc=alias uses Interface Alias
--ifdesc=type uses Interface Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


After updating /etc/mrtg/mrtg.cfg, an index HTML file should be created. MRTG index file are the main index file where all the graphs can be viewed from the browser.


MRTG INDEX FILE CREATION
========================


MRTG comes with another binary tool called indexmaker. This indexmaker creates MRTG index files automatically using /etc/mrtg/mrtg.cfg as an index file basis for MRTG web site. This MRTG index file can be generated using indexmaker as shown below

# indexmaker /etc/mrtg/mrtg.cfg

With the above command, this would dump the actual index file from your screen. Using linux output redirection, the result from issuing the above command can be redirected to a file like so

# indexmaker /etc/mrtg/mrtg.cfg > index.html

Alternativety, using indexmaker parameters

# indexmaker /etc/mrtg/mrtg.cfg --output=index.html

MRTG index file is highly configurable using a variety of parameters available from indexmaker parameters. You can statically define MRTG title, number of columns, width, height, sections, MRTG log file, MRTG subtitle and headlevel number, MRTG leg


ends, sort display method, which interval graph to show, and more.

Now, you need to copy or move index.html file into a browseable location of your web server. As an example, you can create a folder directory and move it to /var/www/html/mrtg .


MRTG POLLING INTERVAL
=====================

With previous crontab entry here, you can now create an interval polilng schedule . Normally, advisable polling would be done every 5 minutes.

Here's a sample MRTG crontab sample that polls all defined variables and host from /etc/mrtg/mrtg.cfg with log output redirected to /var/log/mrtg.log done every 5 minutes time interval.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/5 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --logging /var/log/mrtg.log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


MRTG LOG MONITORING
===================

MRTG log monitoring can be done basically like so

# tailf /var/log/mrtg.log

mrtg.log was defined from crontab utility shown above.

Make sure your web server is currently running and browseable. Simply fire up your browser and point it to your webserver default MRTG folder like http://MRTG-server-IP-address/mrtg/

And sample screenshot of one of my device using MRTG:



MRTG SECURITY
=============

Access to MRTG pages can be done from linux using apache security access list, user and password authentication, tcp wrapper and more using linux and apache. Unfortunately, this security issues and means would not be covered here as MRTG issues but would be done so sooner or later.

Kick the black box and thanks for reading!