Customizing MRTG Once you have a working MRTG setup, be careful testing new configurations. I generally test a new MRTG configuration in a separate WorkDir, so that any mis-configurations won’t damage existing log files or production status pages. The mrtg.cfg file contains a wide variety of options that allows you to customize almost every aspect of MRTG’s appearance and functionality. Here you’ll find some of the most useful MRTG configuration options, and how they can be used in production environments. WithPeak[label]: wmy MRTG’s log format condenses older entries into average values, which tends to decrease values over time. The WithPeak option forces MRTG to keep and graph the maximum values over time. While your graphs will be more complex as a result, they will contain more useful information. This option can be set for the weekly, monthly, and yearly graphs, or a combination. MaxBytes[label]: number This is the maximum value that a MIB can reach. (The label is misleading if the MIB doesn’t measure bytes.) MRTG uses this value to decide if it got a sensible answer from the device. Both MIBs being measured use MaxBytes, so be sure you’re measuring sensible pairs! If you’re doing something particularly weird and need different MaxBytes variables, use MaxBytes1 and MaxBytes2. YLegend[label]: text MRTG will put this text along the side of the graph. Put whatever you’re measuring here, such as “% CPU Time”. LegendI[label] & LegendO[label]: text MRTG always measures two MIBs. The first MIB is the traditional “In” value, and the second the Out. You can put short descriptions of what you’re measuring here to have them appear beneath the graph. Legend1[label] & Legend2[label]: text Legend1 is the label for the first MIB you measure; Legend2, the second. Both will appear at the bottom of your chart, in the key. Legend3[label] & Legend4[label]: text These labels will be used if you’re recording maximums (with the WithPeak option). If you’re not recording maximums, these labels will have no effect. Directory[label]: directoryname Large MRTG setups can generate a lot of files. The directory keyword allows you to put the files for a particular label in a subdirectory of the WorkDir. 447
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Cheap Web Hosting services
Without further ado, here are some useful MIBs: memory.memTotalSwap (4.3) The total swap on the system. Check this value before assigning limits involving swap in other MRTG graphs. memory.memAvailSwap (4.4) The amount of swap remaining. memory.memTotalReal (4.5) The total memory actually available on the system. While you don’t need to monitor this value (after all, the RAM in a system rarely changes), you should check it before setting limits in MRTG. memory.memAvailReal (4.6) The amount of unused real memory. memory.memBuffer (4.14) The amount of memory in the system buffer. memory.memCached (4.15) The amount of memory in the system cache. dskTable.dskEntry.dskTotal (9.1.6) The total size of a partition. Like the other totals, this is just for reference. This MIB will almost certainly have indexes. dskTable.dskEntry.dskAvail (9.1.7) The amount of space remaining on the disk, in blocks. dskTable.dskEntry.dskPercent The percentage of the disk in use. (9.1.9) systemStats.ssCpuUser (11.9) The percentage of the CPU time spent in non-kernel programs. systemStats.ssCpuSystem (11.10) The percentage of CPU time spent running the kernel. There are many, many more MIBs you could monitor, and entire books have been written about SNMP and monitoring. Still, these select few should cover the basic system services, and give you those important pretty pictures for your staff meeting. Monitoring a Single MIB Although MRTG is designed to monitor things in pairs, you can monitor a single MIB by listing it twice: ………………………………………………………………………………………. Target[localhost.memAvail]:.1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.6.0:GetLostLo ser@localhost ………………………………………………………………………………………. This will work just fine to show only one MIB on the MRTG graph. Note Be sure to pick a separate label for the target, and use it for all configuration statements for that target. If you don’t, MRTG will either complain or overwrite the log files from other targets. 446
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Linux Web Hosting services
Figure 19-1: Sample MRTG graph Get MRTG measuring traffic on one of your machines, and then we’ll measure some other interesting things by choosing our SNMP MIBs. Tracking Other System Values By default, MRTG measures network traffic, but you can use it to measure any information available via SNMP. All you need are the MIBs for the information you want to measure. To make MRTG monitor these MIBs instead of network traffic, add them to the Target entry like so: ………………………………………………………………………………………. Target[label]:mibnumber1&mibnumber2:GetLostLoser@localhost ………………………………………………………………………………………. For example, to measure system CPU time (MIB .1.3.6.1.4.1.2021.11.9.0) and user CPU time (MIB .1.3.6.1.4.1.2021.11.10.0), use this line: ………………………………………………………………………………………. Target[cpu]:1.3.6.1.4.1.2021.11.9.0&1.3.6.1.4.1.2021.11.10.0.:GetLostLoser@localhost ………………………………………………………………………………………. Remember, MRTG charts MIBs in pairs, so pick values to monitor accordingly. Sensible choices are things like “available swap and total swap” or “system CPU usage and user CPU usage.” Measuring combinations such as available swap versus the percentage of disk available would give you difficult-to-understand charts. How do we know which MIBs to use? Well, digging through the snmpwalk output, and translating the system and user CPU times (enterprises.ucdavis.systemStats.ssCpuUser.0 and enterprises.ucdavis.systemStats.ssCpuSystem.0, respectively), we find that they translate to .1.3.6.1.4.1.2021.11.9.0 and .1.3.6.1.4.1.2021.11.10.0. You don’t want to go digging through the MIB tree to find this sort of thing, however, so I’ll make it a little easier for you. Useful Net-snmp MIBs Here are some net-snmp MIBs worth monitoring by name, with their corresponding numerical values in parentheses. All of these can be found under .1.3.6.1.4.1.2021. For example, the Memory.MemTotalSwap MIB can be determined by querying 1.3.6.1.4.1.2021.Memory.MemTotalSwap. Note Before using any MIB, be sure to test it at snmpwalk. Each query should return a single line. If it returns multiple lines, there’s probably an index on the end of it that you should include before entering that MIB in MRTG. 445
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Linux Web Hosting services
Edited Configuration File Once I finish editing the basic MRTG config to my taste to monitor a network interface, it generally looks like this: ………………………………………………………………………………………. WorkDir: /usr/local/share/apache/htdocs/mrtg Target[webserver1.EthernetTraffic]: 3:GetLostLoser@localhost MaxBytes[webserver1.EthernetTraffic]: 1250000 Title[webserver1.EthernetTraffic]: Ethernet Interface PageTop[webserver1.EthernetTraffic]:
Traffic Throughput for Ethernet Interface
Call the Helpdesk if you have any questions ………………………………………………………………………………………. You’ll notice that, first of all, the label has been changed to something meaningful. Also, the HTML under PageTop has been trimmed considerably, because I know perfectly well where the system is, after all, and who to talk to about it. If these pages are intended for management, I might add a couple of lines of HTML after PageTop describing what the machine does or how to interpret the data. You can list any number of machines or interfaces in one configuration file. Set up things appropriately for your system. Testing MRTG When you have a configuration you like, test it by running MRTG by hand a few times: ………………………………………………………………………………………. # mrtg mrtg.cfg ………………………………………………………………………………………. MRTG will warn you that it can’t find log files the first two times, after which it should run silently. This alone is not a problem. However, if you get an error that MRTG cannot reach a target, the Target entry is misconfigured, and either the community name, hostname, or MIB is wrong. Check those, correct the problem, and try again. Once MRTG runs silently, add it to root’s cron to run every five minutes. (You can also set up a specific user to run MRTG, but there’s no real need for this.) MRTG will send its output to the directory you specify in WorkDir in the configuration file. If you followed the previous example, when you look at http:///mrtg/webserver1.EthernetTraffic.html, you’ll see a pretty graph of your network traffic since you started running MRTG. There are two different lines on the graph: one for inbound traffic, the other for outbound. MRTG measures things in pairs. You can see a sample MRTG graph in Figure 19.1. 444
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Unix Web Hosting services
y Title[localhost.3]: petulance.blackhelicopters.org: xl0 z PageTop[localhost.3]:
Traffic Analysis for xl0
| System: | petulance.blackhelicopters.org in Basement Server Room |
| Maintainer: | mwlucas@blackhelicopters.org> |
| Interface: | xl0 (3) |
| IP: | petulance.blackhelicopters.org (192.168.1.100) |
| Max Speed: | 1250.0 kBytes/s (ethernetCsmacd) |
………………………………………………………………………………………. Labels The string inside the square brackets ([ ])(w) is an arbitrary label that indicates a unique subsystem being monitored. In this example, the label is localhost.3. This might be a network interface, the disk space on a partition, CPU usage, or anything. All files generated by MRTG for this monitored subsystem will have a name starting with this label. To monitor any number of items, you must give each a unique label of any length. I usually create labels like “webserver1.EthernetTraffic” or “webserver9.AvailableSwap.” Labels with names similar to the MIB you want to monitor are most useful, but they can become quite long, so strike a balance that you feel comfortable with. Target The Target keyword (v) tells MRTG which machine to query and which interface on that machine this configuration is for. (The actual target appears after the colon.) If you change the community name or IP address of your system, you can edit it directly here. In this case, the target is 3:GetLostLoser localhost: an interface number, a SNMP community, and a hostname. We spoke about indexes in MIBs earlier in “Index Numbers;” if you were to snmpwalk the MIB tree, you would find that this interface has the index number 3. You can dig through the snmpwalk output to find out which interface has this index number. Each interface has a unique IP address, however, and it’s generally easier to use that to identify the interface. MRTG kindly includes the IP address a little later in the configuration. MaxBytes MaxBytes (x) is the maximum value allowed for this item. Since this is a network interface, MaxBytes is the maximum number of bytes this network card can handle (a 10BaseT card). MRTG has enough brains to figure out the MaxBytes values for most common network types. You should never have to change this value if you’re measuring throughput. You will have to change it to monitor other things, such as CPU or memory utilization. Title and PageTop Title (y) and PageTop (z) are arbitrary HTML. You can put almost any HTML in these spaces to display it on the generated MRTG Web page. 443
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
every five minutes. You will need a Web server on the machine running MRTG. You can use MRTG to give supervisors, managers, and co-workers convenient access to performance data without giving them server access. And, because MRTG keeps records over the course of a year, you can get a good idea of real-life trends. MRTG is also quite useful for justifying hardware and software expenditures, since you can point to exactly how much CPU time a machine is using, and how its performance has changed as you’ve added software. Configuring MRTG You can use the included cfgmaker(1) tool to generate a default MRTG configuration that measures network throughput on interfaces, like so: ………………………………………………………………………………………. # cfgmaker communityname@machine > mrtg.cfg ………………………………………………………………………………………. For example, if I wanted to run MRTG on my local machine, using the community name GetLostLoser, I could run this command: ………………………………………………………………………………………. # cfgmaker GetLostLoser@localhost > mrtg.cfg ………………………………………………………………………………………. Cfgmaker makes SNMP queries of the specified device and generates a basic configuration file, which we dumped into the file mrtg.cfg in the preceding example. By default, MRTG monitors only network traffic. Before you can use this configuration file, you need to add a “WorkDir” directive to the top of it to tell MRTG where to store its logs, graphics, working files, and HTML. I generally put the WorkDir somewhere under my Web server root directory, like this: ………………………………………………………………………………………. WorkDir: /usr/local/share/apache/htdocs/mrtg ………………………………………………………………………………………. You’ll probably want to password-protect this directory, too, if the Web server is on the public Internet or otherwise exposed to the world at large. (See Chapter 15.) Sample mrtg.cfg Entry The generated mrtg.cfg has a lot of information, including some unnecessary HTML. If you look through the created file, you’ll see that cfgmaker has generated a configuration for every single interface on the machine, which is proper because it measures network throughput by default. The loopback interface, and any down interfaces, are commented out; the remaining uncommented parts are a series of entries much like this: ………………………………………………………………………………………. vTarget w [localhost.3]: 3:GetLostLoser@localhost x MaxBytes[localhost.3]: 1250000 442
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Unix Web Hosting services
sort of information you can read from your system. Index Numbers Now let’s look at something that frequently confuses new SNMP users. Take the following snippet of snmpwalk output describing the disks on our system. Remember: snmpwalk reads the SNMP information available from a server; this is a small chunk of output from the complete listing of information available from snmpd. ………………………………………………………………………………………. enterprises.ucdavis.dskTable.dskEntry.dskIndex.1 = 1 enterprises.ucdavis.dskTable.dskEntry.dskIndex.2 = 2 enterprises.ucdavis.dskTable.dskEntry.dskIndex.3 = 3 enterprises.ucdavis.dskTable.dskEntry.dskPath.1 = /usr enterprises.ucdavis.dskTable.dskEntry.dskPath.2 = / enterprises.ucdavis.dskTable.dskEntry.dskPath.3 = /var enterprises.ucdavis.dskTable.dskEntry.dskDevice.1 = /dev/ad0s1f enterprises.ucdavis.dskTable.dskEntry.dskDevice.2 = /dev/ad0s1a enterprises.ucdavis.dskTable.dskEntry.dskDevice.3 = /dev/ad0s1e ………………………………………………………………………………………. All the partitions listed in snmpd.conf appear here. In the first three lines of the preceding example, we see that the dksIndex is a number from 1 to 3. Using snmptranslate, we learn that these are the reference numbers for the disk partitions we’re monitoring; each partition has been assigned a unique index number. In the next three rows, dskPath, we map the index 1 to /usr, index 2 to /, and index 3 to /var. Then, in our next three entries, dskDevice, we see that there are three entries yet again. How do we use these disparate entries? By working backwards. For example, we see that dskDevice.1 is /dev/ad0s1f. We know that entry 1 is /usr, which tells us that /usr is on this physical device. Because MIB trees are based on the information you want to pull, not the device that you want to access, a partition’s information appears on nonconsecutive lines, making things slightly more difficult to read. But with a little patience, you’ll be able to put it all together. You’ll see index numbers in anything SNMP reports that comes in multiple units. While disk partitions are the first one everyone stumbles across, you’ll find that you’ll get indexes for just about anything. Just look around for a key to these indexes; it’ll be at the top of the section. [3]Enjoyment is not a requirement, merely capability. Long-Term Monitoring with MRTG For long-term monitoring, we’ll use a program that will query SNMP at specific intervals and record the answers it gathers. The most popular programs for this purpose are cricket and MRTG. Both are included in the FreeBSD ports collection and install cleanly on FreeBSD. We’ll discuss MRTG (/usr/ports/net/mrtg) here. MRTG, the Multi-Router Traffic Grapher, uses SNMP data to automatically generate reports on a Web page with nicely labeled graphs. MRTG can run as a daemon, but is traditionally a cron job run 441
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
A trap is where the system will send a notice to another system when a MIB is set or unset. We aren’t using them. Answer n. ………………………………………………………………………………………. **************************************** *** Beginning monitoring setup *** **************************************** Do you want to configure the agent’s ability to monitor various aspects of your system? (default ………………………………………………………………………………………. We aren’t using process monitoring right now, but we will monitor disk space. Answer y to both the preceding question and the following one. ………………………………………………………………………………………. Do you want to configure the agents ability to monitor disk space? (default = y): Configuring: disk Description: Check for disk space usage of a partition. The agent can check the amount of available disk space, and make sure it is above a set limit. disk PATH [MIN=100000] PATH: mount path to the disk in question. MIN: Disks with space below this value will have the Mib’s errorFlag set. Can be a raw byte value or a percentage followed by the % symbol. Default value = 100000. The results are reported in the dskTable section of the UCD-SNMP-MIB tree Enter the mount point for the disk partion to be checked on: /usr Enter the minimum amount of space that should be available on /usr: 10% Finished Output: disk /usr 10% ………………………………………………………………………………………. Enter each partition you have on your system above. If you’re unsure, check /etc/fstab or df(1). Generally speaking, it’s a good idea to warn the user if the system has less than 10 percent free space on any one partition. ………………………………………………………………………………………. Do you want to configure the agents ability to monitor load average? (default = y): n Do you want to configure the agents ability to monitor file sizes? (default = y): n ………………………………………………………………………………………. We aren’t monitoring load average or file size, so answer n to the previous two questions. You can set this up later when you understand more about SNMP and monitoring. ………………………………………………………………………………………. The following files were created: snmpd.conf installed in /usr/local/share/snmp # Stop and start snmpd to read the new configuration. # killall snmpd && snmpd # ………………………………………………………………………………………. Congratulations! You now have a complete SNMP configuration. Break out snmpwalk and see what 440
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
Do you want to allow SNMPv3 read-only user based access (default = y): Do you want to allow SNMPv1/v2c read-write community access (default = y): ………………………………………………………………………………………. SNMP version 3 is fairly advanced stuff, and far beyond what we need for basic monitoring. Also, we are not using read-write SNMP; we want our monitor to only be able to read information, not issue commands on the system! Answer n to all of the above. You’ll get your read-only access by answering y to the next option. ………………………………………………………………………………………. Do you want to allow SNMPv1/v2c read-only community access (default = y): y Configuring: rocommunity Description: a SNMPv1/SNMPv2c read-only access community name arguments: community [default|hostname|network/bits] [oid] The community name to add read-only access for: ………………………………………………………………………………………. Those of you experienced with SNMP are familiar with the default communities of “public” and private, but don’t use them: they’re the first thing an intruder will look for. Choose community names like you would a good password; don’t use ones that are easily guessed, and don’t use common words; do mix letters and other characters, and so on. If you don’t intend to allow anyone to write SNMP commands on your system, then you probably only need one community name. ………………………………………………………………………………………. The hostname or network address to accept this community name from [RETURN for all]: ………………………………………………………………………………………. Enter the IP address of your network monitoring system as the answer to the preceding question. If you’re monitoring only this machine, from itself, put the loopback IP address (127.0.0.1). You can list an entire network in the standard slash format discussed in Chapter 5 (for example, 192.168.0.0/16). Finally, if you put “0.0.0.0/0″, anyone on the Internet can read SNMP values from your system if they have (or guess) the correct community name. ………………………………………………………………………………………. The OID that this community should be restricted to [RETURN for no-restriction]: ………………………………………………………………………………………. You can restrict different SNMP communities to subportions of the MIB tree. Though you don’t need to bother doing so for our purposes, you might choose to restrict communities in more complex setups than this one. ………………………………………………………………………………………. Finished Output: rocommunity public 127.0.0.1 Do another rocommunity line? (default = y): ………………………………………………………………………………………. If you’re doing only the monitoring we discuss in this chapter, you only need one SNMP community. Answer n to the preceding question. ………………………………………………………………………………………. **************************************** *** Beginning trap destination setup *** **************************************** Do you want to configure where and if the agent will send traps? (default = y): ………………………………………………………………………………………. 439
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Linux Web Hosting services
The script will then ask you for a “syscontact”, the person responsible for the system. If you have multiple server administrators, this is an excellent place to put the email address of the person who should be contacted regarding problems or issues. You might also put in an alias that forwards to multiple people, so that you don’t have to reconfigure snmpd when your contact person leaves or is reassigned. ………………………………………………………………………………………. Do you want to properly set the value of the sysServices.0 OID? (default = y): ………………………………………………………………………………………. Yes, you do. This section describes extremely basic properties of the system, but not ones that accept a “y” or “n” answer. Because you’ll be filling in actual values to be used in the SNMP configuration, you’ll enter 0 for no and 1 for yes. ………………………………………………………………………………………. Configuring: sysservices Description: The proper value for the sysServices object. arguments: sysservices_number does this host offer physical services (eg, like a repeater) [answer 0 or 1]: ………………………………………………………………………………………. Some people have telco cards for FreeBSD that allow them to hook a standard x86 PC into a telephone switch to handle phone-company-level operations. If you’re not one of them, enter 0 for the preceding question. ………………………………………………………………………………………. does this host offer datalink/subnetwork services (eg, like a bridge): ………………………………………………………………………………………. FreeBSD can be configured as a bridge, but if you haven’t done so, answer 0. ………………………………………………………………………………………. does this host offer internet services (eg, supports IP): 1 does this host offer end-to-end services (eg, supports TCP): 1 does this host offer application services (eg, supports SMTP): 1 ………………………………………………………………………………………. Answer 1 to all of the three preceding questions. A FreeBSD Internet server supports them all. ………………………………………………………………………………………. ************************************** *** BEGINNING ACCESS CONTROL SETUP *** ************************************** Do you want to configure the agent’s access control? (default = y): ………………………………………………………………………………………. You don’t want just anyone to be able to access your system, so answer y. ………………………………………………………………………………………. Do you want to allow SNMPv3 read-write user based access (default = y): 438
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Cheap Web Hosting services