Monday, September 10, 2012

MRTG: Bandwidth monitoring.


   1. Run cfgmaker for the Firewall (10.32.10.254) traffic:

      # cfgmaker --global "WorkDir: /var/www/html/mrtg/fw" --global "Options[_]: growright,bits" --ifref=descr --ifdesc=alias --output=/var/www/mrtg/mrtg_fw.cfg public@10.32.10.254

      Same stuff for the Core switch (10.32.1.2):

      # cfgmaker --global "WorkDir: /var/www/html/mrtg/core" --global "Options[_]: growright,bits" --ifref=descr --ifdesc=alias --output=/var/www/mrtg/mrtg_core.cfg public@10.32.1.2

   2. Run index maker on that cfg file:

      # indexmaker --output=/var/www/html/mrtg/fw/index.html --Title=RGB\ Firewall\ Traffic /var/www/mrtg/mrtg_fw.cfg

      # indexmaker --output=/var/www/html/mrtg/core/index.html --Title=RGB\ Core\ Traffic /var/www/mrtg/mrtg_core.cfg

   3. Copy the pictures over:

      # cp -av /var/www/html/mrtg/fw/*.png /var/www/html/mrtg/fw/

      # cp -av /var/www/html/mrtg/core/*.png /var/www/html/mrtg/core/

   4. Run mrtg on that config file:

      # mrtg /var/www/mrtg/mrtg_fw.cfg
      # env LANG=C /usr/bin/mrtg /var/www/mrtg/mrtg_fw.cfg
      # mrtg /var/www/mrtg/mrtg_core.cfg
      # env LANG=C /usr/bin/mrtg /var/www/mrtg/mrtg_core.cfg

   5. Add mrtg checks to Cron:

      */5 * * * * /usr/bin/mrtg /var/www/mrtg/mrtg_fw.cfg >/dev/null 2>&1
      */5 * * * * /usr/bin/mrtg /var/www/mrtg/mrtg_core.cfg >/dev/null 2>&1

SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl MIB browser. This package contains the snmpd and snmptrapd daemons, documentation, etc.
In addition to this, install the net-snmp-utils package, which contains NET-SNMP utilities.

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing PNG images which provide a live visual representation of this traffic.

Usually SNMP gets the network traffic from network devices. MRTG can get the traffic from SNMP then translate it to an image and output a HTML web page for users.

Below is the procedure to install and configure the snmp and mrtg. For this example, assume the IP address is 192.168.0.20.

Be sure the packages listed below are installed. Use the rpm -qa packagename command to check and up2date to install any missing packages.

net-snmp-libs
net-snmp
net-snmp-devel
net-snmp-perl
net-snmp-utils

mrtg

Edit the /etc/snmpd/snmpd.conf file (in the position near line 62 and line 89), changing this line:

access notConfigGroup "" any noauth exact systemview none none

to

access notConfigGroup "" any noauth exact mib2 none none

In the same file, uncomment this line by removing the pound sign (#):

view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc

Save the file and restart the snmpd service:

service snmpd restart
chkconfig snmpd on

Now that snmp is configured, the next step is to configure mrtg software. The mrtg package installs to the directory /var/www/mrtg, so change to the directory and run the following command to generate the mrtg configuration file:

# cd /var/www/mrtg
# cfgmaker --global "WorkDir: /var/www/html/mrtg" --global "Options[_]: growright,bits" --output=/var/www/mrtg/mrtg.cfg
public@192.168.0.20

# cfgmaker --global "WorkDir: /var/www/html/mrtg" --global "Options[_]: growright,bits" --output=/var/www/mrtg/mrtg.cfg public@10.32.250.14

Now in the /var/www/mrtg directory, there is a file mrtg.cfg generated which is the mrtg configuration file.

After snmp and mrtg are configured, configure the Apache web server to serve out the mrtg pages. Start by editing the /etc/httpd/conf/httpd.conf file. Edit the section DocumentRoot section as below:

DocumentRoot "/var/www/html/mrtg"

Now, create that directory:

# mkdir /var/www/html/mrtg/

Start the Apache service:

# service httpd start
# chkconfig httpd on

Next, generate the index of the webpage as follows:

# indexmaker --output=/var/www/html/mrtg/index.html --Title=RGB\ Traffic /var/www/mrtg/mrtg.cfg
Start the monitor program as follows:

# mrtg /var/www/mrtg/mrtg.cfg

If there is a warning message, run this command:

# env LANG=C /usr/bin/mrtg /var/www/mrtg/mrtg.cfg.

To test the set up, go to the machine's address--for example http://192.168.0.20. There will be a web page with network statistics.

Adding a cron job will run the commands to get the network status regularly. Here is an example:

*/5 * * * * /usr/bin/mrtg /var/www/mrtg/mrtg.cfg

For more informantion about snmp and mrtg, see their man pages.

Enable SNMP on Cisco switches to get the data:

RGB-Core01#conf t
RGB-Core01(config)#snmp-server community public ro
RGB-Core01(config)#snmp-server host 10.32.11.66 traps version 2c WORD envmon
RGB-Core01(config)#snmp-server host 10.32.11.24 traps version 2c WORD envmon
RGB-Core01(config)#snmp-server enable traps
RGB-Core01(config)#end

Enable SNMP on FortiGate firewall:

 config system snmp sysinfo
   set contact-info "itops"
   set description "fw1"
   set location "server room"
   set status enable
     set trap-high-cpu-threshold 80
     set trap-log-full-threshold 90
     set trap-low-memory-threshold 80
  end
config system snmp community
    edit 1
        set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change ha-member-up ha-member-down
            config hosts
                edit 1
                    set interface "port1"
                    set ip 10.32.11.66
                next
            end
        set name "public"
        set query-v1-port 161
        set query-v1-status enable
        set query-v2c-port 161
        set query-v2c-status enable
        set status enable
        set trap-v1-lport 162
        set trap-v1-rport 162
        set trap-v1-status enable
        set trap-v2c-lport 162
        set trap-v2c-rport 162
        set trap-v2c-status enable
    next
end


Redundancy

If services go down on app1, move MRTG over to app2:

   1. Start snmpd:

       service snmpd restart
       chkconfig snmpd on
     

   2. Enable Virtual host in Apache:

       vi /etc/httpd/conf/httpd.conf
     

      uncomment

       #<VirtualHost *:80>
       #       ServerName mrtg
       #       DocumentRoot /var/www/html/mrtg
       #</VirtualHost>

       /etc/init.d/httpd restart
     

   3. Start the cron job:

       crontab -e
     

      uncomment

       #*/5 * * * * /usr/bin/mrtg /var/www/mrtg/mrtg.cfg
     

You can start ntop as root on Green and collect network stats from the browser:
http://green:3000/sortDataIP.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)