MRTG with FreeBSD and a Cisco Router
It doesn't get much easier than this. I wanted to add the Multi Router Traffic Grapher (MRTG) to my NSM tool collection. Based on the instructions provided by Open Source Network Administration and Cisco, here's how I did it. bourque is the name of my FreeBSD 4.9 REL NSM sensor and gill.taosecurity.com is my Cisco router.
First I enabled the SNMP server on the router. Replace 'public' and 'private' with other community strings, like I did. (These are examples.)
Make sure you set up an access list on interfaces where you don't want people accessing the SNMP service on your router:
Next install an Apache Web server on the system which will hold MRTG's output:
Next install MRTG:
Now configure MRTG:
Now start MRTG:
Create an index page for the Web server and add an entry in cron to periodically collect MRTG data:
You'll want to add the following link for each router name so MRTG can find its icons:
When you're done you'll see graphs like this when you visit http://sensor/mrtg/index.html. Notice there's only a little bit of data at the far left side, as the system's only been awake for a few minutes.
That's all you need for a basic install. Notice I'm accessing the sensor using HTTP. I could enable HTTPS and access the sensor using that method. Also, be careful running a Web server on your NSM appliance. Lock down who can access it.
First I enabled the SNMP server on the router. Replace 'public' and 'private' with other community strings, like I did. (These are examples.)
gill(config)#snmp-server community public RO
gill(config)#snmp-server community private RW
Make sure you set up an access list on interfaces where you don't want people accessing the SNMP service on your router:
access-list 101 deny udp any any eq snmp log
Next install an Apache Web server on the system which will hold MRTG's output:
bourque# pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4-stable/All/apache+mod_ssl-1.3.29+2.8.16.tgz
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4-stable/All/apache+mod_ssl-1.3.29+2.8.16.tgz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4-stable/All/mm-1.3.0.tgz... Done.
bourque# apachectl start
Next install MRTG:
bourque# pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4.9-release/All/mrtg-2.9.29_3,1.tgz
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4.9-release/All/mrtg-2.9.29_3,1.tgz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/
packages-4.9-release/All/p5-SNMP_Session-0.95.tgz... Done.
Now configure MRTG:
bourque# mkdir /usr/local/www/data/mrtg
bourque# cfgmaker --global 'WorkDir: /usr/local/www/data/mrtg'
--global 'Options[_]: bits' --global 'IconDir: icons'
--snmp-options=:::::2 --subdirs=HOSTNAME --ifref=ip
--ifdesc=alias --output /usr/local/etc/mrtg/mrtg.cfg
public@gill.taosecurity.com
--base: Get Device Info on public@gill.taosecurity.com:::::2
--base: Vendor Id: cisco
--base: Populating confcache
...edited output...
mkdir /usr/local/www/data/mrtg/icons
cp /usr/local/share/mrtg/* /usr/local/www/data/mrtg/icons/
Now start MRTG:
bourque# mrtg /usr/local/etc/mrtg/mrtg.cfg
WARNING: /usr/local/www/data/mrtg/gill.taosecurity.com/
did not exist I will create it now
...ignore the warnings; these are normal for initial start-up...
Create an index page for the Web server and add an entry in cron to periodically collect MRTG data:
bourque# indexmaker --output /usr/local/www/data/mrtg/index.html
--columns=1 /usr/local/etc/mrtg/mrtg.cfg
bourque# crontab -l
*/5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
--logging /var/log/mrtg.log
You'll want to add the following link for each router name so MRTG can find its icons:
ln -s /usr/local/www/data/mrtg/icons/
/usr/local/www/data/mrtg/gill.taosecurity.com/icons
When you're done you'll see graphs like this when you visit http://sensor/mrtg/index.html. Notice there's only a little bit of data at the far left side, as the system's only been awake for a few minutes.
That's all you need for a basic install. Notice I'm accessing the sensor using HTTP. I could enable HTTPS and access the sensor using that method. Also, be careful running a Web server on your NSM appliance. Lock down who can access it.