Knowledge is Power He who gets wisdom loves his own soul; he who cherishes understanding prospers. (Proverbs 19:8)
Monitoring Tool -MRTG on CentOS 6.4 Jeong Chul tland12.wordpress.com www.youtube.com/user/tland12 Computer Science ITC and RUPP in Cambodia
Monitoring Tool - MRTG on CentOS 6.4 Part 1 Managed Devices Chapter 1 Network Monitoring Structure Chapter 2 Basic Terminology Chapter 3 Testing Environment Chapter 4 Managed Devices Chapter 5 MRTG Configuration (1) Part 2 NMS MRTG Chapter 5 MRTG Configuration (2) Chapter 6 Email Notification Chapter 7 MRTG Authentication
Chapter 1 Network Monitoring Structure
Chapter 2 Basic Terminology 1.SNMP - Simple Network Management Protocol an application-layer protocol that facilitates the exchange of management information works between a network management system (NMS), agents, and managed devices. uses TCP/IP protocol suite. 2. Agent A network-management software module that resides in a managed device such as the Cisco IOS software has local knowledge of management information makes that information available by using SNMP. 3. NMS - Network Management System Run applications that monitor and control managed devices. provide resources required for network management. NMS applications such as MRTG, Cacti or Nagios. 4. Managed Device Contain an SNMP agent and reside on a managed network. Collect and store management information and make it available to NMS by using SNMP. Include Routers, Switches, Servers, Hosts, or Printers.
Chapter 3 Testing Environment 1.NMS MRTG (Multi Router Traffic Grapher) IP Address: 192.168.80.6 OS: CentOS 6.4 Hostname: client.chul.com Need to install and start MRTG service with Web server 2. Managed Devices 1)Linux Server 192.168.80.5 (CentOS 6.4) Need to install net-snmp package and start SNMPD 2)Windows Server 2008-192.168.80.48 Need to install snmp file and start SNMP service 3) Cisco Router - DHCP Configure snmp service and activate SNMP service
Chapter 4 Managed Devices 1. Linux Server a. Packages installation # yum install net-snmp-libs net-snmp net-snmp-utils b. File Configuration # vi /etc/snmp/snmpd.conf # sec.name source community com2sec local localhost jeong com2sec mynetwork 192.168.80.0/24 jeong # groupname securitymodel securityname group MyROGroup v1 mynetwork group MyROGroup v2c mynetwork # Make at least snmpwalk -v 1 localhost -c public system fast again. # name incl/excl subtree mask(optional) #view systemview included.1.3.6.1.2.1.25.1.1 view all included.1 80 # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all none # Check the / partition and make sure it contains at least 10 megs. disk / 10000 c. Service checking # service snmpd start # chkconfig snmpd on # ps ef grep snmpd ; netstat nau grep 161
Chapter 4 Managed Devices 2. Windows Server 2008 Install snmp files Start -> Administrative Tools -> Services -> SNMP Service > 1 2 Properties -> Security Add Community : jeong Add Hosts : 192.168.80.6 (NMS IP) 3. Cisco Router and Switch router# config terminal router(config)# snmp-server contact tland12@gmail.com router(config)# access-list 5 permit 192.168.80.6 router(config)# snmp-server community jeong RO 5 router(config)# snmp-server host 192.168.80.6 jeong router(config)# int lo 0 router(config)# ip address 1.1.1.1 255.255.255.0 router(config)# exit router(config)# snmp-server trap-source lo0 router(config)# snmp-server enable traps
Chapter 5 MRTG Configuration 1.MRTG Installation # yum install httpd php zlib libpng gd mrtg 2. Creating configuration files for each device # cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg/mrtg.cfg jeong@192.168.80.5 // Linux Server # cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg/windows.cfg jeong@192.168.80.48 // Windows Server #cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg/router.cfg jeong@192.168.80.60 // Router # vi mrtg.sh //shell script to execute MRTG using cfg files #!/bin/bash LOCK=/var/lock/mrtg/mrtg_l CONFCACHE=/var/lib/mrtg/mrtg.ok env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file $LOCK --confcache-file $CONFCACHE env LANG=C /usr/bin/mrtg /etc/mrtg/windows.cfg --lock-file $LOCK --confcache-file $CONFCACHE env LANG=C /usr/bin/mrtg /etc/mrtg/router.cfg --lock-file $LOCK --confcache-file $CONFCACHE # chmod 700 mrtg.sh
Chapter 5 MRTG Configuration 3. Editing cfg files for each Devices a. Editing 3 files for managed devices # vi mrtg.cfg windows.cfg router.cfg Target[eth0]: \eth0:public@192.168.80.5: SetEnv[eth0]: MRTG_INT_IP="192.168.80.5" MRTG_INT_DESCR="eth0" MaxBytes[eth0]: 1250000 Title[eth0]: eth0 -- server.chul.com PageTop[eth0]: <h1>eth0 -- server.chul.com</h1> b. Executing shell script #./mrtg.sh # ls l /var/www/mrtg c. Creating index file # indexmaker output=/var/www/mrtg/index.html mrtg.cfg windows.cfg router.cfg d. Webserver reload # service httpd restart
Chapter 5 MRTG Configuration 4. Access Control for MRTG Access # vi /etc/httpd/conf.d/mrtg.conf Alias /mrtg /var/www/mrtg <Location /mrtg> Order deny,allow Deny from all Allow from 127.0.0.1 192.168.80.0/24 </Location> [root@centos ~]# service httpd reload 5. Crontab #vi /etc/cron.d/mrtg */5 * * * * root /root/mrtg.sh # service crond start # chkconfig crond on 6. Testing MRTG Graph http://localhost/mrtg/index.html
Chapter 6 Adding More Targets 1. CPU ## CPU Load Average ### Target[cpu]:.1.3.6.1.4.1.2021.10.1.5.1&.1.3.6.1.4.1.2021.10.1.5.2:jeong@192.168.80.5 MaxBytes[cpu]: 100 Unscaled[cpu]: dwmy Options[cpu]: gauge, absolute, growright, noinfo, nopercent YLegend[cpu]: CPU Load(%) ShortLegend[cpu]: (%) LegendI[cpu]: 1 minute average LegendO[cpu]: 5 minute average Legend1[cpu]: 1 minute average(%) Legend2[cpu]: 5 minute average(%) Title[cpu]: CPU usage PageTop[cpu]: <H1>CPUusage</H1> ThreshMaxI[cpu]: 85 ThreshProgI[cpu]: /usr/local/sbin/notify.sh 2. Memory ### Memory Free #### Target[mem]:.1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.4.0:jeong@192.168.80.5 MaxBytes1[mem]: 1030608 MaxBytes2[mem]: 2097144 LegendI[mem]: Real LegendO[mem]: Swap 3. Disk
Chapter 7 Email Notification 1. mrtg.cfg in /etc/mrtg a. Global section WorkDir: /var/www/mrtg ThreshDir: /var/run/mrtg b. Per each Target Target[cpu]: Options[cpu]: growright, nopercent, gauge ThreshMaxI[cpu]: 90 ThreshMinI[cpu]: 50 ThreshProgI[cpu]: /usr/local/sbin/notify.sh 2. Need to check SMTP working for email notification 3. /usr/local/sbin/notify.sh #!/bin/sh echo -e "Device: $1\\nThreshold Value : $2\\nCurrent Value: $3\\nDate/Time : `date`\\n" mail -s "Threshold Alert: '$1' Passed $2 Threshold" tland12@gmail.com
Chapter 8 MRTG Authentication 1.Web server configuration # vi /etc/httpd/conf/httpd.conf <Directory /var/www/mrtg> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes IncludesNoExec </Directory> # service httpd reload 2. Creating htaccess and htpasswd # vi /var/www/mrtg/.htaccess AuthName Cambodia Network Administrator AuthType Basic AuthUserFile /var/www/.htpasswd requre valid-user # htpasswd c /var/www/.htpasswd tland Passwd: 3. Authentication Testing http://localhost/mrtg/index.html
Monitoring Tool MRTG on CentOS 6.4 Summary 1. Network Monitoring Structure 2. How to setup Managed Devices Linux server, Windows Server and Cisco Router 3. How to setup MRTG as a monitoring tool 4. How to use MRTG Adding more target, Email notification MRTG Authentication
Monitoring Tool - MRTG on CentOS 6.4 Thank you & God bless you!! tland12.wordpress.com www.youtube.com/user/tland12