2.5 Maintaining SNMP Tools
The net-snmp package requires little maintenance. Occasionally, you may wish to add a MIB or update the software, but other than that, there is no routine maintenance necessary.
2.6 References and Further Study
There are a number of books available that discuss SNMP in greater depth, including Essential SNMP (O'Reilly and Associates, 2001) by Douglas R. Mauro and Kevin J. Schmidt. Both TCP/IP Illustrated, Volume 1 (Addison-Wesley, 1994) by W. Richard Stevens and Internetworking with TCP/IP (Prentice Hall, 2000) by Douglas Comer have sections with details about the SNMP protocol and associated standards.
RFCs 1155, 1156, and 1157, available from http://www.ietf.org/,
are the original standards for SNMP. RFC 1157 defines SNMP itself,
and RFC 1156 is the standard for MIB-I, now
Additionally, http://www.simpleweb.org/ has information on many
MIBs, including a tool for browsing through MIB
Chapter 3. MRTG
Section 3.1. Overview of MRTG
Section 3.2. What MRTG Can Help You Do
Section 3.3. Installing MRTG
Section 3.4. Configuring MRTG
Section 3.5. Using MRTG
Section 3.6. Maintaining MRTG
Section 3.7. References and Further Study
3.1 Overview of MRTG
MRTG is the Multi Router Traffic Grapher, a piece of free
software released under the GNU General Public
It was written primarily by Tobias Oetiker
and Dave Rand. MRTG produces Web pages that display graphs of
bandwidth use on network links on daily, weekly, monthly, and
MRTG relies on SNMP version one, and
3.2 What MRTG Can Help You Do
In the middle of a crisis, or when you are debugging an
immediate network problem, MRTG will allow you to view the traffic
patterns of many networks at once and quickly determine if one or
more is experiencing an abnormal traffic load. The fact that the
graphs display the history of the network is key. In practice, it
can be difficult to tell from immediate bandwidth and
packet-per-second counts alone whether a network is operating
normally. If a 100Mb/s link is carrying 85Mb/s of traffic, is this
heavy but normal use or is the network straining under an attack?
By having the history of the network available, you can look for
sudden changes that might account for an operational problem. A
denial-of-service attack that attempts to exhaust the available
bandwidth on a network nearly always
When you are not
A sample MRTG graph of a day's worth of network traffic is
depicted in Figure 3.1. Note that time progresses to the left, not
to the right. This is the default configuration and it is indicated
at the bottom of the graph both by the small arrow at the left and
by the direction of the time scale. Some MRTG configurations choose
to increase time to the right, so be sure examine the graph first.
The data at the top of the graph represents the amount of traffic
sent into an interface, while the data at the bottom represents the
amount of traffic sent out from an interface. You can see that over
the past day, this router interface typically received about 20Mb/s
of traffic and sent about 10Mb/s. You will also notice that just
after 3:00 p.m.
Figure 3.1. Sample Daily MRTG Graph.
While MRTG is most often used to collect data from router interfaces, it can also collect traffic data from switches or servers. In this way, you can monitor the bandwidth use of a particular machine. In fact, MRTG can be configured to collect any statistical data that a device makes available via SNMP.