Network Traffic Monitoring

1
Network Traffic Monitoring
2
Multi Router Traffic Grapher

• MRTG is a network management application that can
  monitor any remote network host, which has the
  SNMP protocol support enabled.
• MRTG, as a SNMP based application, runs SNMP
  requests against the target hosts on a regularly
  basis.
• Applications
• Originally MRTG was designed to acquire bandwidth
  information related to the network interfaces on
  a network host.
• Currently MRTG can interrogate a host about any
  supported SNMP OID and construct the variation
  graphs. 

3
Network-distributed Deployment
4
Acquiring SNMP Information

• Interrogates the remote host and gets the value
  of the specific SNMP OID. 
• Updates the variation graph in PNG format with
  new values and deletes the old graph.
• Stores the new variation graph in a local or
  remote location on a dedicated MRTG storage
  server.
• Stores the new value in the log file that can be
  located on the local host or remotely on a MRTG
  storage server. 

5
Components of MRTG

• Perl interpreter needs to be installed on the
  MRTG machine. A free copy can be downloaded from
  http//www.activeperl.com/
• MRTG package. A copy can be downloaded from
  http//people.ee.ethz.ch/oetiker/webtools/mrtg/pu
  b/
• Web Server is required on the local machine or on
  a remote machine (for distributed installation)
  in order to make the MRTG graphs available over
  the web/http. A free copy of Apache can be
  downloaded from http//www.apache.org/

6
Classic vs. Newer Versions

• Classic version
• builds the graphs immediately after a new SNMP
  value is acquired
• does not store any historical data for future
  reference
• Newer version
• Comes with a very flexible database support where
  historical data can be stored for as long as you
  configure the database size.
• MRTG does not generate the variation graphs when
  a new SNMP value is acquired, just stores it in
  database, making the whole process faster.
• The graphical variations are generated
  "on-demand" using dedicated scripts.

7
Installation Process

• Installing Perl
• Installing MRTG
• Running the HTTP server
• Enabling SNMP support on the monitored hosts
• Extended SNMP support for Windows based hosts
  (cpu, memory, disk, etc)

8
SNMP Support

• Windows 2000 offers the SNMP service through
  ControlPanel -gt Add/RemovePrograms -gt
  WindowsComponents -gt ManangementandMonitoringTools
  
• UNIX based hosts need the SNMPD daemon to be
  configured (edit the config file) and started
  (edit the .rc file).
• Cisco routers/switches offer SNMP support running
  on a "public" community string for Catalyst based
  switches and no community string for IOS based
  routers/switches by default. 
• (config)snmp-server community ltnamegt
  ltaccess-typegt
• -- (config)snmp-server community private rw
• -- (config)snmp-server community public ro

9
Extended SNMP OID Support for Windows

• Microsoft Windows NT/2000 offer a limited set of
  SNMP OID for Windows based hosts (cpu, memory,
  disk, dhcp, dns, web, etc)
• A copy of the SNMP support files can be obtained
  from the SNMP for the Public Community website
  http//www.wtcs.org/snmp4tpc/default.htm
• where a standard (no license required) and
  full SNMP support (ResourceKit license required)
  packages are available.

10
MRTG overview
User
IE
6509
Administrator
graph charts
/home/mrtg/cfg
mrtg.cfg
cfgmaker
MRTG
Web server
/usr/local/mrtg-2/bin
/usr/local/mrtg-2/bin
Index.html
Index maker
/home/local/apache/htdoc/mrtg/
/usr/local/mrtg-2/bin
11
Configuring MRTG Tasks

• Building the .cfg configuration files
• A .cfg file is required for each monitored host
  or a global .cfg file can be used for all
  monitored hosts, but the flexibility will
  decrease. 
• A .cfg file defines the SNMP OIDs for each entity
  that you intend to monitor from the destination
  host. MRTG parses the associated .cfg file and
  collects the SMNP values for all OIDs defined in
  the .cg file. 
• To build a .cfg file run the CFGMAKER script,
  which resides in the \mrtg\bin\ directory. This
  script scans a host for the network-interfaces
  only and constructs the .cfg file 

12
CFGMAKER Example

• Here is a CFGMAKER usage example
• /usr/local/mrtg-2/bin/cfgmaker --global
  WorkDir /usr/local/apache/htdocs/mrtg --global
  Options_ bits,growright --global Refresh
  300 --global Interval 5 --output
  /home/mrtg/cfg/mrtg.cfg public_at_192.168.x.x
• This command will interrogate the 192.168.x.x.
  host and parses its network interfaces.
• To query the switch and create MRTG traffic
  graphs and web pages, run
• /usr/local/mrtg-2/bin/mrtg
  /home/mrtg/cfg/mrtg.cfg
• To create an index file, run
• /usr/local/mrtg-2/bin/indexmaker
  /home/mrtg/cfg/mrtg.cfg gt /usr/local/apache/htdocs
  /mrtg/index.html

13
Refresh Your Browser

• Start your Apache web server using the command
• /usr/local/apache/bin/apachectl start
• Fire up your web browser and input
  http//127.0.0.1/mrtg/ to the URL window
• Automate the process of running mrtg in regular
  intervals (every 5 minutes or 300 sec. by
  default) edit your crontab file in /etc
• vi /etc/crontab
• run-parts comments
• 01 root run-part /etc/cron.hourly
  at 01 run cron.hourly
• 02 4 root run-part /etc/cron.daily
  at 402 run cron.daily
• 22 4 0 root run-part /etc/cron.weekly
  at Sunday 422 run
• 42 4 1 root run-part /etc/cron.monthly
  at 1st day 442 run
• 0-59/5 root /usr/local/mrtg-2/bin/m
  rtg /home/mrtg/cfg/mrtg.cfg

14
Option Tags Target Option

• Option Tags
• Configuration file is a key element which is a
  collection of MRTG option tags.
• Running the CFGMAKER script against a target host
  builds the configuration file for that target but
  only for the interface bandwidth OIDs
• MRTG has the ability to monitor any SNMP OID that
  a host can deliver but the configuration file has
  to be built manually.

• Target Option
• The key option tag that makes the difference
  between the standard MRTG configuration
  (input/output network bandwidth) and generic SNMP
  operation (monitor any SNMP OID) is the lttargetgt
  option tag that describes the OIDs that MRTG will
  ask a target host for.
• The format of the lttargetgt option tag is
• targettarget-generic-name
  OID1OID2community-name_at_IP-address

15
(No Transcript)
16
Custom SNMP OID configuration examples

• Global Config Options for UNIX or for NT
• A204PC00x is your computer name and 172.19.81.y
  is your Windows workstation /servers IP address
•  
• WorkDir /usr/local/apache/htdocs/server
• Refresh 300
• Interval 5
• TargetA204PC00x_cpu.1.3.6.1.4.1.311.1.1.3.1.1.2
  .1.3.1.1.3.6.1.4.1.311.1.1.3.1.1.2.1.3.1public_at_1
  72.19.81.y
• OptionsA204PC00x_cpu growright, gauge,
  nopercent
• YLegendA204PC00x_cpu Percentage CPU load
• ShortLegendA204PC00x_cpu
• Legend1A204PC00x_cpu CPU load in
• Legend2A204PC00x_cpu
• Legend3A204PC00x_cpu Max Observed CPU load
• Legend4A204PC00x_cpu
• LegendIA204PC00x_cpu nbspCPU Load
• LegendOA204PC00x_cpu
• UnscaledA204PC00x_cpu dwmy
• MaxBytesA204PC00x_cpu 100
• TitleA204PC00x_cpu CPU Processor Usage for
  A204PC00x

17
Custom configuration examples (2)

• Once you have created the server config file, add
  it to /home/mrtg/cfg directory. Then you can run
  MRTG by typing the following line
• /usr/local/mrtg-2/bin/mrtg
  home/mrtg/cfg/server.cfg
• This will query your server and create your first
  mrtg traffic graphs and webpages in the directory
  /usr/local/apache/htdocs/server
• You can create an index file for all your graphs
  so that users and select any graph they want to
  view by clicking on the thumbnail graph.
• /usr/local/mrtg-2/bin/indexmaker
  /home/mrtg/cfg/server.cfg
• gt /usr/local/apache/htdocs/server/index.
  html

18
Custom configuration examples (3)

• Fire up a web browser with http//127.0.0.1/server
  / in the URL window.
• You should be able to see the index graph of all
  your servers CPU Usage.