MRTG
Installation
For Debian (non-free) or Ubuntu (multiverse):
sudo apt-get install mrtg snmp libsnmp-base snmp-mibs-downloader
Note: the snmp-mibs-downloader[1] package will download missing MIBs which cannot be distributed by Debian due to licensing issues.
The Debian mrtg package will install a cronjob to periodically run and generate our statistics. However, there's no need to have the cronjob run as root and we're going to change that:
$ cat /etc/cron.d/mrtg
*/5 * * * * www-data if [ -x /usr/bin/mrtg -a -r /etc/mrtg.cfg ]; \
then env LANG=C /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log; fi
$ sudo mkdir -p /var/www/mrtg/{images,logs}
$ sudo chown -cR www-data:www-data /var/lock/mrtg/ /var/log/mrtg/ /var/lib/mrtg/ /var/www/mrtg
$ sudo chmod -c 0700 /var/lock/mrtg/ /var/log/mrtg/ /var/lib/mrtg/ /var/www/mrtg
If Nagios needs to query those logfiles later on:
sudo setfacl -m g:nagios:rx /var/www{,/mrtg}
SNMP
We installed the MIB files but loading MIBs is disabled in Debian:
$ cat /etc/snmp/snmp.conf # As the snmp packages come without MIB files due to license reasons, loading # of MIBs is disabled by default. If you added the MIBs you can reenable # loading them by commenting out the following line. mibs :
So yeah: comment out that line :-)
If we're querying ourselves, we will need an SNMP server too:
sudo apt-get install snmpd # Debian, Ubuntu sudo dnf install net-snmp # Fedora
Debian's default /etc/snmp/snmpd.conf is pretty restrictive[2], so let's make sure the rocommunity is configured correctly:
agentAddress udp:127.0.0.1:161 view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 rocommunity public localhost # Full access from the local host # rocommunity public default -V systemonly # Default access to basic system info sysLocation MX sysContact Admin <admin@localhost> sysServices 72 # Value of the sysServices.0 object # proc mountd # At least one mountd process # proc ntalkd 4 # No more than 4 ntalkd processes, 0 is OK too # proc sendmail 10 1 # At least one sendmail process, but no more than 10 # disk / 10000 # At least 10 MB free required on root disk # disk /var 5% # At least 5% free on /var # includeAllDisks 10% # At least 10% free on all other disks # load 12 10 5 # Unacceptable load averages (1min, 5min, 15min) # Disable the trap destinations[3] # trapsink localhost public # send SNMPv1 traps # trap2sink localhost public # send SNMPv2c traps # informsink localhost public # send SNMPv2c INFORMs
Another example, which actually allows access from a (trusted) network:
# Map the community name "public" into a "security name" com2sec local localhost public com2sec thisnetwork 10.10.0.0/24 public # Map the security name into a group name: # > name sec.model sec.name group TNRW v1 local group TNRW v2c local # group TNRW usm local group TNRO v1 thisnetwork group TNRO v2c thisnetwork # group TNRO usm thisnetwork # Create a view # > name incl/excl subtree mask view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view all included .1 80 # Grant access # > group context sec.model sec.level prefix read write notif access TNRO "" any noauth exact all none none access TNRW "" any noauth exact all all none syslocation MX syscontact Admin <root@proxy> dontLogTCPWrappersConnects yes
Restart snmpd and we should be good to go.
$ snmpwalk -v1 -c public localhost | wc -l 11684 $ snmpwalk -v2c -c public router SNMPv2-MIB::sysDescr.0 = STRING: Linux router.local SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (963073) 2:40:30.73 SNMPv2-MIB::sysContact.0 = STRING: Admin <root@router> SNMPv2-MIB::sysName.0 = STRING: router.local [...]
Notes:
- snmpd tries to access /proc/diskstats and /proc/partitions, so we need to make sure that the snmp user has access to those files:
- chgrp snmp /proc/{diskstats,partitions} && chmod 0440 /proc/{diskstats,partitions}
- When accessed over the network, we have to configure the tcpwrapper to allow snmpd.
- To suppress those error on subcontainer 'ia_addr' insert (-1) warnings[4][5][6], we can change the loglevel of snmpd[7][8]
- SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp [...]
Usage
mrtg will call snmpget to gather statistics, e.g.:
$ snmpget -v2c -c public localhost ifInOctets.1
IF-MIB::ifInOctets.1 = Counter32: 17479
After getting statistics, the rateup program will be used to generate log entries and update the traffic graphs.
For mrtg to work, an mrtg.conf is needed. Some examples:
cfgmaker
We can use cfgmaker to generate a basic configuration file:
$ cfgmaker --ifref=name --zero-speed=100000000 --no-down public@router
WorkDir: /var/www/mrtg
Options[_]: growright, bits
Target[router_wlan0]: wlan0:public@router
MaxBytes[router_wlan0]: 12500000
Title[router_wlan0]: Traffic Analysis for wlan0 -- router
PageTop[router_wlan0]: <h1>Traffic Analysis for wlan0 -- router</h1>
[...]
Example
An example mrtg.cfg:
HtmlDir: /var/www/mrtg/html ImageDir: /var/www/mrtg/images LogDir: /var/www/mrtg/logs IconDir: /mrtg/icons WriteExpires: no # No .meta files Options[_]: growright,noborder,pngdate,printrouter TimeStrFmt[_]: %Y-%m-%d %H:%M %Z Title[^]: Traffic Analysis for Title[router_eth0]: router PageTop[router_eth0]: <h1>router eth0</h1> Target[router_eth0]: ifInOctets.3&ifOutOctets.3:public@router MaxBytes[router_eth0]: 10000000 Title[box_eth0]: box_eth0 Target[box_eth0]: \eth0:public@box: MaxBytes[box_eth0]: 12500000 PageTop[box_eth0]: <h1>box_eth0</h1>
Once the mrtg.cfg file is in place, we can use indexmaker to generate an index.html file:
indexmaker --autoprefix --show=week --perhost --title MRTG \ --headeradd='<meta http-equiv="refresh" content="60;" />' --output /var/www/mrtg/index.html /etc/mrtg.cfg
Because we're querying localhost as well, let's replace its name in the HTML output with the real host name:
sed 's/Localhost/machine/g' -i /var/www/mrtg/index.html
Remove graph spikes
According to How to remove spikes from your MRTG graphs[9], this is how it's done:
mkdir -p old/ mv *.log old/ for i in `ls *.log`; do awk '!(NF==5 && ($4+$5) > 1000000)' old/$i > $i done
Bugs
- Debian #628804 - libsnmp-session-perl: Warnings from SNMP_Session.pm / Fix for MRTG Generating SNMP_Session Error in Debian Wheezy (and possibly Ubuntu) (2013-06-07)
- Issues with SNMP, MIBS and TKMIB in Debian Squeeze (OLD STABLE Lenny works fine)
- Debian Missing MIBs for SNMP
- how to get interface traffic snmp information for routers ( cisco, zte, huawei ...)?
- What does “No more variables left in this MIB View” mean (Linux)?
Links
- Munin
- Ubuntu: MRTG
- MRTG configuration reference
- Tut:Extending snmpd using shell scripts / System Monitoring Via Nagios and SNMP
- Observium / LibreNMS[10][11]
References
- ↑ SNMP problem on Debian 6.0 (squeeze)
- ↑ What does “No more variables left in this MIB View” mean (Linux)?
- ↑ snmpd listening on a random UDP port
- ↑ #1322 hide snmpd log message - error on subcontainer 'ia_addr' insert (-1)
- ↑ Debian #559109, Debian #684721 - Lots of errors in syslog : error on subcontainer 'ia_addr' insert (-1)
- ↑ Lots of "error on subcontainer ‘ia_addr’ insert (-1)" reports in /var/log/syslog
- ↑ snmpd gives "error on subcontainer" warnings
- ↑ Debian #684721
- ↑ How to remove spikes from your MRTG graphs (2006/11/15)
- ↑ Observium only works if the base_uri is set to /
- ↑ goodbye observium