MRTGモニタON RHEL 6
Step # 1 : Make sure snmp server installed
Step # 2 : Determine if snmp server is running or not
Run 'ps' command to see if snmp server is running or not:
Output:
Alternatively, you can try any of the following two commands as well:
Output:
OR try out netstat command:
Output:
If you found service is running or listing on port 199 then please see step #3; otherwise start service using following command:
Make sure snmpd service starts automatically, when linux comes us (add snmpd service):
Step # 3 : Make sure snmp server configured properly
Run snmpwalk utility to request for tree of information about network entity. In simple words query snmp server for your IP address (assigned to eth0, eth1, lo etc):
If you can see your IP address then please proceed to step 4; else it is a time to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason):
Configure SNMP
(1) Edit file/etc/snmp/snmpd.conf using text editor:
Change/Modify line(s) as follows:
Find following Line:
Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:
Scroll down bit and change:
Find Lines:
Replace with:
Again scroll down bit and locate following line:
Find line:
Replace with:
Again scroll down bit and change:
Find line:
Replace with:
Scroll down bit and change:
Find lines:
Replace with (make sure you supply appropriate values):
For your convenient, here is my/etc/snmp/snmpd.conf file. Feel free to use this file. Make sure you make backup of your existing file if you use this file as it is.
Start your snmp server and test it:
(a) Make sure when linux comes up snmpd always starts:
(b) Make sure service start whenever Linux comes up (after reboot):
(c) Finally test your snmp server:
Step # 4 : Install mrtg if not installed
Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:
If mrtg already installed please see step # 5; else use rpmfind.net to find MRTG rpm or up2date command to install MRTG software:
Fedora Linux user can use yum command as follows to install MRTG:
Step # 5 : Commands to Configure mrtg
(a) Create document root to store mrtg graphs/html pages:
(b) Run any one of the following cfgmaker command to create mrtg configuration file:
OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router FQDN address)
(c) Create default index page for your MRTG configuration:
注意:このステップでは、次のエラーが発生する可能性があります.
Use of uninitialized value $first in hash element at/usr/bin/indexmaker line 353. これは、前のステップ(cfgmakerのステップ)で生成されたファイルが何らかの理由ですべて注釈されているためです.
### Interface 1 >> Descr: 'lo' | Name: 'lo' | Ip: '127.0.0.1' | Eth: '' ### ### The following interface is commented out because: ### * it is a Software Loopback interface .
.
###Interface 2>>Descr:'eth 0'|Name:'eth 0'|Ip:'192.168.0.117'|Eth:'52-54-00-00-17'#####The following interface is commented out because:###**has a speed of 0 which makes no senseこの場合/etc/mrtg/mymrtg.cfg注釈を除去し、2番目のインタフェースの次の行を変更する
MaxBytes[localhost_2]:1250000以上のコマンドを実行しても問題ありません
(d) Copy all tiny png files to your mrtg path:
Step # 6 First test run of mrtg
(a) Run mrtg command from command line with your configuration file:
Note: You may get few warning message for first time; ignore them.and run it three time
(b) Fire your favorite web browser (like FireFox :D ) and type url http://www.your.com/mymrtg/or http://your-ip/mymrtg/
Step # 7 Create crontab entry so that mrtg graph/p_w_picpaths get generated every 5 minutes
(a) Login as a root user or login as a mrtg user and type following command:
(b) Add mrtg cron job entry to configuration file (append following line to it):
Save file and you are done with MRTG config issues :)
Step # 8 Block ports 161 & 162 at firewall
You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server
(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):
(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):
Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for complete information on iptables
Step # 9 Optional: Protect your MRTG graphs/html pages with password protected directory
Once again, you would like to restrict access to your MRTG reports. This can easily accomplished with Apache webserver's .htaccess file. If you are on webhosting server with control panel (such as ensim or plesk) then you can use control panel itself to create password-protected directory.
Below is process outlined to protect graphs using apache's .htaccess file and htpasswd command:
Step # 1: Create .htaccess file in/var/www/html/mymrtg/directory (add text as follows):
Add following text to file:
Step # 2: Create a user and password name (-c assumes first time you are using .htpasswd file):
For more information please see Apache Webserver Authentication and access control mini-howto.
# rpm -qa | grep snmp
# yum install net-snmp-utils net-snmp
Step # 2 : Determine if snmp server is running or not
Run 'ps' command to see if snmp server is running or not:
# ps -aux | grep snmp
Output:
root 5512 0.0 2.3 5872 3012 pts/0 S 22:04 0:00 /usr/sbin/snmpdAlternatively, you can try any of the following two commands as well:
# lsof -i :199
Output:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
snmpd 5512 root 4u IPv4 34432 TCP *:smux (LISTEN)OR try out netstat command:
# netstat -natv | grep ':199'
Output:
tcp 0 0 0.0.0.0:199 0.0.0.0:* LISTENIf you found service is running or listing on port 199 then please see step #3; otherwise start service using following command:
# service snmpd start
Make sure snmpd service starts automatically, when linux comes us (add snmpd service):
# chkconfig --add snmpd
Step # 3 : Make sure snmp server configured properly
Run snmpwalk utility to request for tree of information about network entity. In simple words query snmp server for your IP address (assigned to eth0, eth1, lo etc):
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = 1
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.192.168.0.3 = 2If you can see your IP address then please proceed to step 4; else it is a time to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason):
Configure SNMP
(1) Edit file/etc/snmp/snmpd.conf using text editor:
# vi /etc/snmp/snmpd.conf
Change/Modify line(s) as follows:
Find following Line:
com2sec notConfigUser default public
Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:
com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
Scroll down bit and change:
Find Lines:
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
Replace with:
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
Again scroll down bit and locate following line:
Find line:
view systemview included system
Replace with:
view all included .1 80
Again scroll down bit and change:
Find line:
access notConfigGroup "" any noauth exact systemview none none
Replace with:
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
Scroll down bit and change:
Find lines:
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
Replace with (make sure you supply appropriate values):
syslocation Linux (RH3_UP2), Home Linux Router.
syscontact Vivek G Gite
For your convenient, here is my/etc/snmp/snmpd.conf file. Feel free to use this file. Make sure you make backup of your existing file if you use this file as it is.
Start your snmp server and test it:
(a) Make sure when linux comes up snmpd always starts:
# chkconfig snmpd on
(b) Make sure service start whenever Linux comes up (after reboot):
# service snmpd start
(c) Finally test your snmp server:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
Step # 4 : Install mrtg if not installed
Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:
rpm -qa | grep mrtg
If mrtg already installed please see step # 5; else use rpmfind.net to find MRTG rpm or up2date command to install MRTG software:
# up2date -v -i mrtg
Fedora Linux user can use yum command as follows to install MRTG:
# yum install mrtg
Step # 5 : Commands to Configure mrtg
(a) Create document root to store mrtg graphs/html pages:
# mkdir -p /var/www/html/mymrtg/
(b) Run any one of the following cfgmaker command to create mrtg configuration file:
# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg.cfg public@localhost
OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router FQDN address)
# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg [email protected]
(c) Create default index page for your MRTG configuration:
# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg
注意:このステップでは、次のエラーが発生する可能性があります.
Use of uninitialized value $first in hash element at/usr/bin/indexmaker line 353. これは、前のステップ(cfgmakerのステップ)で生成されたファイルが何らかの理由ですべて注釈されているためです.
### Interface 1 >> Descr: 'lo' | Name: 'lo' | Ip: '127.0.0.1' | Eth: '' ### ### The following interface is commented out because: ### * it is a Software Loopback interface .
.
###Interface 2>>Descr:'eth 0'|Name:'eth 0'|Ip:'192.168.0.117'|Eth:'52-54-00-00-17'#####The following interface is commented out because:###**has a speed of 0 which makes no senseこの場合/etc/mrtg/mymrtg.cfg注釈を除去し、2番目のインタフェースの次の行を変更する
MaxBytes[localhost_2]:1250000以上のコマンドを実行しても問題ありません
(d) Copy all tiny png files to your mrtg path:
# cp -av /var/www/mrtg/*.png /var/www/html/mymrtg/
Step # 6 First test run of mrtg
(a) Run mrtg command from command line with your configuration file:
# env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg
# /etc/init.d/httpd start
Note: You may get few warning message for first time; ignore them.and run it three time
(b) Fire your favorite web browser (like FireFox :D ) and type url http://www.your.com/mymrtg/or http://your-ip/mymrtg/
Step # 7 Create crontab entry so that mrtg graph/p_w_picpaths get generated every 5 minutes
(a) Login as a root user or login as a mrtg user and type following command:
# crontab -e
(b) Add mrtg cron job entry to configuration file (append following line to it):
*/5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg.cfg --logging /var/log/mrtg.log
Save file and you are done with MRTG config issues :)
Step # 8 Block ports 161 & 162 at firewall
You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server
(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):
SERVER="xxx.xxx.xxx.xxx"
iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):
SERVER="xxx.xxx.xxx.xxx"
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for complete information on iptables
Step # 9 Optional: Protect your MRTG graphs/html pages with password protected directory
Once again, you would like to restrict access to your MRTG reports. This can easily accomplished with Apache webserver's .htaccess file. If you are on webhosting server with control panel (such as ensim or plesk) then you can use control panel itself to create password-protected directory.
Below is process outlined to protect graphs using apache's .htaccess file and htpasswd command:
Step # 1: Create .htaccess file in/var/www/html/mymrtg/directory (add text as follows):
vi /var/www/html/mymrtg/.htaccess
Add following text to file:
AuthName "MRTG Graphs/Html restricted access"
AuthType Basic
AuthUserFile /var/members/.htpasswd
require user mrtgadmin
Step # 2: Create a user and password name (-c assumes first time you are using .htpasswd file):
# htpasswd -c /var/members/.htpasswd mrtgadmin
For more information please see Apache Webserver Authentication and access control mini-howto.