MRTG with FreeBSD and a Cisco Router

It doesn't get much easier than this. I wanted to add the Multi Router Traffic Grapher (MRTG) to my NSM tool collection. Based on the instructions provided by Open Source Network Administration and Cisco, here's how I did it. bourque is the name of my FreeBSD 4.9 REL NSM sensor and gill.taosecurity.com is my Cisco router.

First I enabled the SNMP server on the router. Replace 'public' and 'private' with other community strings, like I did. (These are examples.)

gill(config)#snmp-server community public RO
gill(config)#snmp-server community private RW

Make sure you set up an access list on interfaces where you don't want people accessing the SNMP service on your router:

access-list 101 deny udp any any eq snmp log

Next install an Apache Web server on the system which will hold MRTG's output:

bourque# pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4-stable/All/apache+mod_ssl-1.3.29+2.8.16.tgz
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4-stable/All/apache+mod_ssl-1.3.29+2.8.16.tgz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4-stable/All/mm-1.3.0.tgz... Done.
bourque# apachectl start

Next install MRTG:

bourque# pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4.9-release/All/mrtg-2.9.29_3,1.tgz
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4.9-release/All/mrtg-2.9.29_3,1.tgz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4.9-release/All/p5-SNMP_Session-0.95.tgz... Done.

Now configure MRTG:

bourque# mkdir /usr/local/www/data/mrtg
bourque# cfgmaker --global 'WorkDir: /usr/local/www/data/mrtg'
--global 'Options[_]: bits' --global 'IconDir: icons'
--snmp-options=:::::2 --subdirs=HOSTNAME --ifref=ip
--ifdesc=alias --output /usr/local/etc/mrtg/mrtg.cfg
public@gill.taosecurity.com

--base: Get Device Info on public@gill.taosecurity.com:::::2
--base: Vendor Id: cisco
--base: Populating confcache
...edited output...

mkdir /usr/local/www/data/mrtg/icons
cp /usr/local/share/mrtg/* /usr/local/www/data/mrtg/icons/

Now start MRTG:

bourque# mrtg /usr/local/etc/mrtg/mrtg.cfg
WARNING: /usr/local/www/data/mrtg/gill.taosecurity.com/
did not exist I will create it now
...ignore the warnings; these are normal for initial start-up...

Create an index page for the Web server and add an entry in cron to periodically collect MRTG data:

bourque# indexmaker --output /usr/local/www/data/mrtg/index.html
--columns=1 /usr/local/etc/mrtg/mrtg.cfg

bourque# crontab -l
*/5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
--logging /var/log/mrtg.log

You'll want to add the following link for each router name so MRTG can find its icons:

ln -s /usr/local/www/data/mrtg/icons/
/usr/local/www/data/mrtg/gill.taosecurity.com/icons

When you're done you'll see graphs like this when you visit http://sensor/mrtg/index.html. Notice there's only a little bit of data at the far left side, as the system's only been awake for a few minutes.

That's all you need for a basic install. Notice I'm accessing the sensor using HTTP. I could enable HTTPS and access the sensor using that method. Also, be careful running a Web server on your NSM appliance. Lock down who can access it.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics