SOURCECODEBD.NET

Live Experience

MRTG Configuration on Fedora

SNMP Packages: 
net-snmp-devel-5.4.2.1-4.fc10.i386
net-snmp-5.4.2-3.fc10.i386
net-snmp-perl-5.4.2.1-4.fc10.i386
net-snmp-libs-5.4.2.1-4.fc10.i386
net-snmp-gui-5.4.2.1-4.fc10.i386
net-snmp-utils-5.4.2.1-4.fc10.i386
 
MRGT Packages:
mrtg-2.16.2-1.fc10.i386
nagios-plugins-mrtgtraf-1.4.13-11.fc10.i386
nagios-plugins-mrtg-1.4.13-11.fc10.i386
 
HTTP Packages:
httpd-2.2.10-2.i386
httpd-tools-2.2.10-2.i386
 
 
Step # 1 : Make sure snmp server installed
 
Run rpm commands query option to find out snmp server installed or not:
 
# rpm -qa | grep snmp
 
(a) Visit rpmfind.net to get snmp server and utilities rpms. If you are fedora user then use yum command as follows to install it:
 
# yum install net-snmp-utils net-snmp
 
(b) If you are RHEL subscriber then use up2date command as follows to install:
 
#up2date -v -i net-snmp-utils net-snmp
 
 
Step # 2 : Determine if snmp server is running or not
 
Run 'ps' command to see if snmp server is running or not:
 
# ps -aux | grep snmp
 
Output:
 
root   5512  0.0  2.3  5872 3012 pts/0    S    22:04   0:00 /usr/sbin/snmpd
 
Alternatively, you can try any of the following two commands as well:
 
# lsof -i :199
 
Output:
 
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
snmpd   5512 root    4u  IPv4  34432       TCP *:smux (LISTEN)
 
OR try out netstat command:
 
# netstat -natv | grep ':199'
 
Output:
 
tcp        0      0 0.0.0.0:199             0.0.0.0:*               LISTEN
 
If you found service is running or listing on port 199 then please see step #3; otherwise start service using following command:
 
# service snmpd start
 
Make sure snmpd service starts automatically, when linux comes us (add snmpd service):
 
# chkconfig --add snmpd
 
 
Step # 3 : Make sure snmp server configured properly
 
Run snmpwalk utility to request for tree of information about network entity. In simple words query snmp server for your IP address (assigned to eth0, eth1, lo etc):
 
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
 
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = 1
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.192.168.0.3 = 2
 
If you can see your IP address then please proceed to step 4; else it is a time to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason):
Configure SNMP
(1) Edit file /etc/snmp/snmpd.conf using text editor:
 
# vi /etc/snmp/snmpd.conf
 
Change/Modify line(s) as follows:
 
Find following Line:
 
com2sec notConfigUser  default       public
 
Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:
 
com2sec local     localhost           public
com2sec mynetwork 192.168.0.0/24      public
 
Scroll down bit and change:
 
Find Lines:
 
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
 
Replace with:
 
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
 
Again scroll down bit and locate following line:
 
Find line:
 
view    systemview     included      system
 
Replace with:
 
view all    included  .1                               80
 
Again scroll down bit and change:
 
Find line:
 
access  notConfigGroup ""      any       noauth    exact  systemview none none
 
Replace with:
 
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none
 
Scroll down bit and change:
 
Find lines:
 
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
 
Replace with (make sure you supply appropriate values):
 
syslocation Linux (RH3_UP2), Home Linux Router.
syscontact Vivek G Gite < This email address is being protected from spambots. You need JavaScript enabled to view it. >
 
For your convenient, here is my /etc/snmp/snmpd.conf file. Feel free to use this file. Make sure you make backup of your existing file if you use this file as it is.
 
Start your snmp server and test it:
 
(a) Make sure when linux comes up snmpd always starts:
 
 # chkconfig snmpd on
 
(b) Make sure service start whenever Linux comes up (after reboot):
 
 # service snmpd start
 
(c) Finally test your snmp server:
 
 # snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
 
 
 
Step # 4 : Install mrtg if not installed
 
Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:
 
rpm -qa | grep mrtg
 
If mrtg already installed please see step # 5; else use rpmfind.net to find MRTG rpm or up2date command to install MRTG software:
 
# up2date -v -i mrtg
 
Fedora Linux user can use yum command as follows to install MRTG:
 
# yum install mrtg
 
 
 
Step # 5 : Commands to Configure mrtg
 
(a) Create document root to store mrtg graphs/html pages:
 
# mkdir -p /var/www/html/mymrtg/
 
(b) Run any one of the following cfgmaker command to create mrtg configuration file:
 
#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg.cfg public@localhost
 
OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router FQDN address)
 
# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg This email address is being protected from spambots. You need JavaScript enabled to view it.
 
**IF you want connect a cisco or any device, simple put down the snmp name and ip at public@localhost replce with This email address is being protected from spambots. You need JavaScript enabled to view it. .
next_online is community string of cisco.
and 194.193.192.111 this is cisco's IP.
 
(c) Create default index page for your MRTG configuration:
 
# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg
 
(d) Copy all tiny png files to your mrtg path:
 
# cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/
 
 
**Three file need to be created inside mymrtg directory /var/www/html/mymrtg, where all .png file stored
# touch cfgmaker
# vi cfgmaker
cfgmaker --global 'WorkDir:/var/www/html/pppoe' --global --output=/root/mrtg/server/mrtg.cfg This email address is being protected from spambots. You need JavaScript enabled to view it.
 
# touch cfgrun
# vi cfgrun
env LANG=C /usr/bin/mrtg /root/mrtg/server/mrtg.cfg
 
# touch indexmaker
# vi indexmaker
indexmaker --output=/var/www/html/pppoe/index.html /root/mrtg/server/mrtg.cfg
        
 
Step # 6 First test run of mrtg
 
(a) Run mrtg command from command line with your configuration file:
 
# mrtg /etc/mrtg/mymrtg.cfg
 
Note: You may get few warning message for first time; ignore them.
 
(b) Fire your favorite web browser (like FireFox :D ) and type url http://www.your.com/mymrtg/ or http://your-ip/mymrtg/
[Next section] 
 
 
 
Step # 7 Create crontab entry so that mrtg graph / images get generated every 5 minutes
 
(a) Login as a root user or login as a mrtg user and type following command:
 
# crontab -e
 
(b) Add mrtg cron job entry to configuration file (append following line to it):
 
*/5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg.cfg --logging /var/log/mrtg.log
 
Save file and you are done with MRTG config issues :)
 
 
 
Step # 8 Block ports 161 & 162 at firewall
 
You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server
 
(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):
 
SERVER="xxx.xxx.xxx.xxx"
iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 
(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):
 
SERVER="xxx.xxx.xxx.xxx"
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 
Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for complete information on iptables
 
.............................
.............................
 
Optional
 
#mkdir /var/www/html/mango
#cd /var/www/html/mango
#ln -s /var/www/html/pppoe/port_no_48.html
#ln -s /var/www/html/pppoe/port_no_48_day.png
#ln -s /var/www/html/pppoe/port_no_48_week.png
#ln -s /var/www/html/pppoe/port_no_48_month.png
#ln -s /var/www/html/pppoe/port_no_48_year.png
 
#mv port_no-48.html /var/www/html/index.html
 
#touch .htaccess
#vi .htaccess
 
AuthName "Secure Area"
AuthType Basic
AuthUserFile /home/.htpasswd
Require valid-user
 
Write this line
 
.htaccess file ar owner change korte hobe
#chown apache:apache .htaccess
 
Go to home directory and create the .htpasswd file
#touch /home/.taccess
 
go to home directory and run this.
 
#htpaswd .htpaswd mango
password and re-password ashbe 
 
mango user name and password will be done at /var/www/html/mango directory for index.html
You are here: Home / Fedora / MRTG Configuration on Fedora