Deploying Network Performance-Monitoring Tools

When deploying a performance-monitoring system, you can install performance-monitoring tools on a Linux or Windows computer. The host computer should be connected to the network with appropriate Transmission Control Protocol/Internet Protocol (TCP/IP) settings. Typically, the performance-monitoring tool consists of an SNMP-manager engine for polling the monitored devices. The SNMP manager also listens for SNMP traps sent by the monitored devices. Performance-monitoring tools also use custom scripts or plug-ins to collect other information that cannot be measured through SNMP. The results of SNMP polls, SNMP traps, and custom scripts are stored in an internal database. The performance-monitoring tool then creates trending reports from the database and publishes these reports through a web server. In comparison with the network-monitoring system (discussed in the previous chapter), which provides only host-up or -down status, a performance-monitoring system provides far more details, such as traffic flowing into and out of an interface or the CPU utilization on the router.

Although SNMP-based network-management systems are often referred to as NMSs, network performance-monitoring tools can also be loosely classified as NMSs. Figure 6-2 shows the architecture of a network performance-monitoring system.

Figure 6-2. Network Performance Monitoring System

The following sections discuss deploying Linux- and Windows-based performance-monitoring tools based on the operating system used.

Deploying a Linux-Based Performance-Monitoring System MRTG

The Multi-Router Traffic Grapher (MRTG), by Tobias Oetiker, is arguably one of the most popular open source tools used by the Cisco community. MRTG is an excellent tool for performance monitoring of network devices. Although the name suggests that MRTG is for routers, it can also monitor other network devices, including switches, firewalls, VPN concentrators, web servers, and so on. MRTG was originally developed as a Perl script to monitor the traffic load on router interfaces and provide a visual representation. Since then, the product has matured into a fully functional SNMP-based tool capable of monitoring any SNMP parameters in network devices. The internal architecture of MRTG consists of a collection of Perl scripts that query target SNMP agents. The results of the queries are logged in a database that generates graphic and HTML files that can be published by Apache or other web servers. Note that the MRTG reports only contain histogram graphs that depict the monitoring results over time intervals ranging from hourly to yearly periods. The MRTG reports do not provide other formats such as text, spreadsheets, or pie charts. Following are some features of MRTG:

Display Displays daily, weekly, monthly, and yearly histogram graphs through web pages. These web pages can be viewed in any web browser.
Database Stores all the data in a circular database that does not grow over time but still holds all the relevant information for the last two years. When the circular database is full, the oldest data is overwritten, thus keeping the size constant.
SNMP Uses SNMP to monitor device variables, including interface traffic through routers and switches, CPU utilization, and memory utilization. MRTG also provides plug-ins for monitoring non-SNMP variables such as network latency.
Configuration Features built-in configuration tools for quick-and-easy deployment. MRTG can also be easily customized for different network environments.
Support Enjoys the support of the worldwide user community and is under active development.

Figure 6-3 provides a sample of MRTG. The figure shows the Daily Graph for traffic flowing into and out of the Ethernet0 interface of Router-Dallas. The graph is created by MRTG using samples collected from the router at regular intervals. Although not included in the screenshot, by default, MRTG creates four separate histogram graphs for each monitored parameter.

Figure 6-3. MRTG Sample Page

The histogram for the daily view is created by using samples collected every 5 minutes. The weekly graph is created by calculating a 30-minute average from the collected samples, while the monthly and yearly graphs use 2-hour averages and 1-day averages, respectively. Additional information at the bottom of each graph provides a snapshot of the maximum, average, and current value in absolute and percentage terms. For example, the daily graph in Figure 6-3 shows that the maximum traffic flowing in is 261 bytes per second. The 0.0% in parentheses indicates the value relative to the maximum speed of 1250.0 kilobytes per second (kBps) of the Ethernet interface, according to the following equation:

100 * (261/1,250,000) = 0.02088%

Although not apparent in this text, different colors indicate different parameters within the graph. This particular graph shows the bytes per second flowing into and out of the Ethernet interface. The darker line (closer to the x axis of the graph) indicates the bytes per second flowing out of the interface, while the lighter shaded region (covering the middle part of the graph) indicates the bytes per second flowing into the interface.

Such views provide a quick snapshot of the overall performance of that particular interface (or the device on the associated network) and help to identify potential bottlenecks.

For deployment in a Linux environment, you must first install and configure MRTG according to your needs. You can then start running MRTG to monitor various devices. The following sections cover several of these tasks in detail. Additionally, for clarity, the configuration section is based on a sample Cisco network.

Installing MRTG

MRTG is available in source code for download at http://www.mrtg.org. For MRTG to function correctly, it requires the precompiled libraries listed in Table 6-1.

Table 6-1. MRTG Prerequisites
Package	Explanation	Home Page
Apache	Needed to display the graphical web pages generated by MRTG; comes precompiled with most Linux distributions.	http://www.apache.org
GCC	The GNU C compiler comes preinstalled in most Linux distributions.	http://gcc.gnu.org/
Perl	The MRTG needs version 5.005 or higher of Perl.	http://www.perl.com/
gd	The basic graph-drawing library for generating PNG images by the MRTG.	http://www.boutell.com/gd/
libpng	Required by gd to create PNG graphics.	http://www.libpng.org/pub/png/libpng.html
zlib	Required by libpng to compress the graphics files.	http://www.gzip.org/zlib

To install MRTG, follow these steps:

Step 1.	Compile all the required libraries, as listed in Table 6-1.
Step 2.	Download MRTG source code tar file from http://www.mrtg.org. This example uses MRTG version 2.10.15.
Step 3.	Extract the source code using the following tar command: linuxbox:~# tar -zxvf mrtg-2.10.15
Step 4.	Change the directory to the uncompressed MRTG folder using the following command: linuxbox:~# cd mrtg-2.10.15
Step 5.	Launch the installation script using the configure command. You can optionally use the --prefix option to specify the destination directory. You should also specify the location of the libraries that MRTG depends on. The following code assumes that gd, zlib, and libpng are installed in the /usr/local/bin directory: linuxbox:~/mrtg-2.10.15#./configure --prefix=/usr/local/bin \ --with-gd=/usr/local/bin/gd \ --with-z=/usr/local/bin/zlib \ --with-png=/usr/local/bin/libpng

These installation steps are generic and should work for most Linux distributions. MRTG is also available as a precompiled package with many Linux distributions. Debian users can avoid the previous installation steps by using the apt-get command, as follows:

 linuxbox:~# apt-get install mrtg

This command is a timesaver and provides a hassle-free method of deploying MRTG.

Note

Linux users often spend too much time troubleshooting dependency issues when installing multiple libraries. Try to use the precompiled version of MRTG. The precompiled MRTG Debian packages are stable and suitable for use in Cisco environments.

Configuring the MRTG

MRTG is configured through the mrtg.cfg text file. This file contains the details of the network devices and their interfaces that are to be monitored by MRTG. Based on the contents of the mrtg.cfg file, MRTG generates graphs that illustrate the traffic pattern for each monitored interface. Although you can manually edit the mrtg.cfg file, MRTG includes a handy utility called cfgmaker. The cfgmaker tool provides a quick-and-easy way of populating the mrtg.cfg file with details of the monitored devices. However, cfgmaker can only help monitor the interface statistics. To monitor other parameters, such as CPU utilization, VPN sessions, or firewall connections, you must manually edit the mrtg.cfg file.

To simplify the learning and deployment process, the following sections first discuss the cfgmaker tool and demonstrate its use for creating a sample mrtg.cfg file. Next are the details regarding the mrtg.cfg file itself. Finally, you learn about the indexmaker utility.

Understanding the cfgmaker Tool

As previously mentioned, the purpose of cfgmaker is to create mrtg.cfg files on-the-fly. The cfgmaker tool queries each monitored host through SNMP, collects interface-related details, and generates the configuration for monitoring each discovered interface. The output of cfgmaker is ready for use within the mrtg.cfg file.

The default location of this tool is the /usr/bin/cfgmaker directory. The command syntax is as follows:

 cfgmaker [ options] [snmpstring@] router > destination_file

In this syntax, router can be the IP address or host name of the any SNMP-capable device, including routers or switches; snmpstring is the SNMP community configured on the monitored device. The SNMP community is used as a password by cfgmaker to poll the target hosts and collect information through SNMP. Multiple devices can be specified in a single instance. For a large number of devices, separate each entry using the backslash (\) character. By default, the output of cfgmaker is stdout, meaning that the output is displayed onscreen. The output should be redirected to a file for MRTG to use, as indicated by the > destination_file option within the syntax.

Figure 6-4 shows the network of ABC Investments. The Netadmin is using the Linux machine to monitor the performance of Cisco devices using SNMP.

Figure 6-4. ABC Investments Network Monitoring

Example 6-1 shows the use of cfgmaker to create the /etc/mrtg.cfg file for the LAN devices of ABC Investments. The example uses the IP address of the monitored device. You can also specify the host name if the MRTG server can resolve the host name through the Domain Name System (DNS). The example also shows the contents of the resultant file. Note that lines starting with a hash mark or pound sign (#) are treated as comments.

Example 6-1. Sample mrtg.cfg File

 linuxbox~# cfgmaker read@192.168.0.5 read@192.168.0.10 read@192.168.0.20 > /etc/ mrtg.cfg linuxbox~# cat /etc/mrtg.cfg # Created by # /usr/bin/cfgmaker read@192.168.0.5 read@192.168.0.10 read@192.168.0.20 ### Global Config Options #  for Debian WorkDir: /var/www/mrtg #  or for NT # WorkDir: c:\mrtgdata ### Global Defaults #  to get bits instead of bytes and graphs growing to the right # Options[_]: growright, bits ###################################################################### # System: 1 # Description: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.3.Rel built by vmurphy on Apr 12 2004 01:57:36 # Contact: # Location: ###################################################################### ### Interface 1 >> Descr: '' | Name: '' | Ip: '192.168.0.5' | Eth: '00-90-a4-00-4c- 5c' ### Target[192.168.0.5_1]: 1:read@192.168.0.5: SetEnv[192.168.0.5_1]: MRTG_INT_IP="192.168.0.5" MRTG_INT_DESCR="" MaxBytes[192.168.0.5_1]: 12500000 Title[192.168.0.5_1]: Traffic Analysis for 1 -- 1 PageTop[192.168.0.5_1]: <H1>Traffic Analysis for 1 -- 1</H1>  <TABLE>    <TR><TD>System:</TD>     <TD>1 in </TD></TR>    <TR><TD>Maintainer:</TD> <TD></TD></TR>    <TR><TD>Description:</TD><TD> </TD></TR>    <TR><TD>ifType:</TD>     <TD>ethernetCsmacd (6)</TD></TR>    <TR><TD>ifName:</TD>     <TD></TD></TR>    <TR><TD>Max Speed:</TD>  <TD>12.5 MBytes/s</TD></TR>    <TR><TD>Ip:</TD>         <TD>192.168.0.5 ()</TD></TR>  </TABLE> ###################################################################### # System: Router-Dallas # Description: Cisco Internetwork Operating System Software #       IOS (tm) 1600 Software (C1600-OSY56I-L), Version 12.1(16), RELEASE SOFTWARE (fc1) #          Copyright 1986-2002 by cisco Systems, Inc. #          Compiled Mon 08-Jul-02 18:51 by kellythw # Contact: # Location: ###################################################################### ### Interface 5 >> Descr: 'Ethernet0' | Name: 'Et0' | Ip: '192.168.0.10' | Eth: '00- 50-73-21-d0-67' ### Target[192.168.0.10_5]: 5:read@192.168.0.10: SetEnv[192.168.0.10_5]: MRTG_INT_IP="192.168.0.10" MRTG_INT_DESCR="Ethernet0" MaxBytes[192.168.0.10_5]: 1250000 Title[192.168.0.10_5]: Traffic Analysis for 5 -- Router-Dallas PageTop[192.168.0.10_5]: <H1>Traffic Analysis for 5 -- Router-Dallas</H1>  <TABLE>    <TR><TD>System:</TD>     <TD>Router-Dallas in </TD></TR>    <TR><TD>Maintainer:</TD> <TD></TD></TR>    <TR><TD>Description:</TD><TD>Ethernet0 </TD></TR>    <TR><TD>ifType:</TD>     <TD>ethernetCsmacd (6)</TD></TR>    <TR><TD>ifName:</TD>     <TD>Et0</TD></TR>    <TR><TD>Max Speed:</TD>  <TD>1250.0 kBytes/s</TD></TR>    <TR><TD>Ip:</TD>         <TD>192.168.0.10 ()</TD></TR>  </TABLE> ###################################################################### # System: Firewall-Dallas # Description: Cisco PIX Firewall Version 6.3(3) # # Contact: SPOPE # Location: DALLAS ###################################################################### ### Interface 2 >> Descr: 'PIX Firewall 'inside' interface' | Name: '' | Ip: '192.168.0.20' | Eth: '00-07-50-57-e2-69' ### Target[192.168.0.20_2]: 2:read@192.168.0.20: SetEnv[192.168.0.20_2]: MRTG_INT_IP="192.168.0.20" MRTG_INT_DESCR="PIX Firewall 'inside' interface" MaxBytes[192.168.0.20_2]: 12500000 Title[192.168.0.20_2]: Traffic Analysis for 2 -- Firewall-Dallas PageTop[192.168.0.20_2]: <H1>Traffic Analysis for 2 -- Firewall-Dallas</H1>  <TABLE>    <TR><TD>System:</TD>     <TD>Firewall-Dallas in DALLAS</TD></TR>    <TR><TD>Maintainer:</TD> <TD>SPOPE</TD></TR>    <TR><TD>Description:</TD><TD>PIX Firewall 'inside' interface </TD></TR>    <TR><TD>ifType:</TD>     <TD>ethernetCsmacd (6)</TD></TR>    <TR><TD>ifName:</TD>     <TD></TD></TR>    <TR><TD>Max Speed:</TD>  <TD>12.5 MBytes/s</TD></TR>    <TR><TD>Ip:</TD>         <TD>192.168.0.20 ()</TD></TR>  </TABLE>

Tip

By default, cfgmaker generates the configuration for all the interfaces but comments out the configurations for inactive (or administratively down) interfaces. Use the --no-down option with cfgmaker to override this behavior. Additionally, cfgmaker selects the interfaces by their number, which can change because of the addition or removal of modules. This change can cause MRTG to misinterpret the contents of the mrtg.cfg file. In such cases, cfgmaker provides the --ifref descr option, to select the interfaces by their description, or the --ifref ip option, to select interfaces by IP addresses.

The cfgmaker utility is great for setting up a basic MRTG system that can monitor traffic flowing into and out of interfaces. Readers interested in only setting up such a basic MRTG system can skip the next section, which covers the details of the mrtg.cfg file.

Understanding the mrtg.cfg File

As previously discussed, cfgmaker has a major limitation in that it can only create mrtg.cfg files to monitor interface traffic. To monitor other SNMP variables, such as CPU and memory utilization, router uptime, and chassis environments, Netadmins should manually edit the mrtg.cfg file. However, before editing, you must have a thorough understanding of the various options that are used within the mrtg.cfg file. The default location of the mrtg.cfg file for the precompiled Debian package is /etc/mrtg.cfg. The mrtg.cfg file uses predefined keywords to specify various monitoring options. The keywords must be specified at the beginning of the line. Also, lines starting with a hash mark or pound sign (#) are treated as comments. Table 6-2 provides a partial list of global keywords that affect the default behavior of MRTG.

Table 6-2. Mrtg.cfg Global Keywords
Keyword	Explanation	Example
Workdir	Specifies the target location for creating log files and the web pages. For the Debian package, the default location is /var/www/ mrtg.	`workdir: /var/www/mrtg`
Refresh	Instructs the browser to reload the page; the default is 300 seconds (5 minutes).	`Refresh: 600`
Interval	Indicates the frequency at which the MRTG is run; the minimum and default are 300 seconds (5 minutes).	`Interval: 600`
RunAsDaemon	Enables the MRTG to run as a daemon; improves performance because configuration files are loaded only once. When using this option, set the interval to a suitable value and run the MRTG as a nonroot user.	RunAsDaemon: Yes Interval: mrtg --user=muser --group=muser mrtg.cfg

As mentioned in the introduction to the MRTG, all the reports generated by the MRTG are histogram graphs. The generation and display of these graphs can be customized by using various keywords in the mrtg.cfg file. Additional keywords within the mrtg.cfg file control the MRTG properties, such as the web-page formats, SNMP variables, and even external scripts for pulling non-SNMP statistics. Table 6-3 provides a partial list of these keywords that are helpful in customizing monitoring properties and graphs generated by the MRTG.

Table 6-3. mrtg.cfg Per-Node Keywords
Keyword	Explanation	Example
Name	Each node that is monitored by MRTG must be identified by a unique name. This name must be appended to each parameter that belongs to the same target. The name is also used to identify the generated web pages, log files, and images for this target. The format is as follows: Keyword [node-name]: values	Target[RTR-DALLAS]: 5:read@192.168.0.10: SetEnv[RTR-DALLAS]: MRTG_INT_IP="192.168.0.10" MRTG_INT_DESCR="Ethernet0" MaxBytes[RTR-DALLAS]: 1250000
Target	Specifies the target node to be monitored by the MRTG. The basic format is as follows: Target [interface]: snmp-string@router Advanced formats allow you to specify explicit OIDs, MIB variables, interfaces by IP, names, types, or descriptions and even run an external script for non-SNMP parameters.	Target[192.168.0.20_2]: 2:read@192.168.0.20:
MaxBytes	Specifies the maximum allowed value for the monitored variables; also used in calculating the Y range for unscaled graphs. Calculated by dividing the interface bandwidth (in bits per second) by 8 to generate a value in bytes per second. For example, for a T1 line, the bandwidth is 1.544 MBps, or 1,544,000 / 8 = 193,000 bytes per second. If a number greater than MaxBytes is returned, it is ignored.	MaxBytes[RTR-DALLAS-T1]:9600
AbsMax	Used to monitor links, such as Frame Relay, that can handle more traffic than specified by the MaxBytes value; without AbsMax, MRTG ignores values greater than MaxBytes.	AbsMax[192.168.0.10]: 19200
Unscaled	Suppresses the default behavior of vertically scaling each graph to display actual data, even if it is very small compared to MaxBytes.	Unscaled[192.168.0.10]: ym
Title	Adds a title to the generated HTML page.	Title[192.168.0.10]: Traffic Accounting for Ethernet page
PageTop	Adds text at the top of the generated HTML page.	PageTop[r1]: <H1>Stats for our ISDN Line</H1>
RouterUptime	Displays the uptime of the monitored router.	RouterUptime[RTR-DALLAS]: public@192.168.0.10
WithPeak	Instructs the MRTG to display the peak 5-minute values in the weekly, monthly, and yearly graphs.	WithPeak[myrouter]: ym
Suppress	Suppresses any of the four graphs that are generated by default.	Suppress[myrouter]: y
XSize and YSize	Specifies the size of the MRTG graph; the default is XSize 400 by YSize 100 pixels wide. XSize must be between 20 and 600; YSize must be greater than 20.	XSize[myrouter]: 300 YSize[myrouter]: 300
Colours	Overrides the default color scheme; requires all four colors to be specified. Note the spelling of the keyword Colour because the MRTG originated in Europe.	Colours[myrouter]: GREEN#00eb0c,BLUE#1000ff,DARK GREEN#006600,VIOLET#ff00ff
YLegend	The y-axis label of the graph.	YLegend[myrouter]: Bits per Second
ShortLegend	The units string (used for Max, Average, and Current); the default is b/s (bits per second).	ShortLegend[myrouter]: b/s
Legend [1234IO]	The strings for the colour legend.	Legend1[myrouter]: Incoming Traffic in Bits per Second Legend2[myrouter]: Outgoing Traffic in Bits per Second Legend3[myrouter]: Maximal 5 Minute Incoming Traffic Legend4[myrouter]: Maximal 5 Minute Outgoing Traffic LegendI[myrouter]:  In: LegendO[myrouter]:  Out:
Options	The Options keyword allows you to set the following additional switches: growright Instructs the graph to grow to the right side instead of the default left side. bits Displays the values in bits (by multiplying by 8), instead of the default bytes. perminute Displays the values in per minute (by multiplying by 60) instead of the default per second. perhour Displays the values in per hour (by multiplying by 3600) instead of the default in per second. gauge Monitors variables such as CPU load, memory, and temperature, where the values are absolute integers rather than incrementing counters. nopercent Specifies to not print usage percentages. unknaszero Logs unknown data as 0s instead of the default of repeating the last value seen.	Options[myrouter]: growright, bits, gauge

In Table 6-3, the Target keyword is the most important local directive of the mrtg.cfg file. Table 6-4 provides a list of commonly used Target options.

Table 6-4. Target Keyword Options
Option	Explanation	Example
Basic	The basic format is port : community@router Replace port by the interface-number, community by the router SNMP read-only string, and router by IP address of the router.	Target[myrouter]: 2:public@192.168.0.10
Reversing	To swap incoming traffic as outgoing and vice versa, use the minus sign (-) in front of the Target description.	Target[myrouter]: - 1:public@192.168.0.10
Explicit OIDs	Used to pull specific SNMP variables from monitored devices; the syntax is as follows: OID1 & OID2 : community @ router	To monitor the two pools of free memory (proc and io) on a Cisco router, use the following format: Target[myrouter]: 1.3.6.1.4.1.9.9.48.1.1.1.6.1&1.3 .6.1.4.1.9.9.48.1.1.1.6.2:public @192.168.0.10
MIB variables	Instead of using OIDs, MRTG also allows you to specify the MIB variable names that are already known to the MRTG through the /usr/shar/doc/mrtg/ mibhelp.txt file.	To use the ifInErrors and ifOutErrors variables, the format is as follows: Target[myrouter]: ifInErrors.1&ifOutErrors.1:public @192.168.0.10
External monitoring scripts	To monitor non-SNMP variables such as latency, specify the path of the external script enclosed in backticks (').	Target[myrouter]: `/usr/local/bin/ myping 192.168.0.10` Note the use of the backticks ('), not apostrophes ('), around the command.

Now that you have a better understanding of the various components of the mrtg.cfg file, this section provides several templates that can be added to this file. These templates help Netadmins to monitor some of the common parameters, such as memory and CPU utilization, of Cisco IOS-based routers and switches, VPN 3000 Series concentrators, and PIX Firewalls. Note that these templates do not come preinstalled with MRTG installation files, but they are included here for Netadmins. You can use each of these templates by replacing community by the read-only SNMP community string and host by the IP address of your device. Additionally, some of the templates include embedded comments for specific information.

You can add the following templates to the mrtg.cfg file:

Router CPU utilization

 # Router CPU load # Replace community@host by information specific to your IOS device        Target[cpu.1]:1.3.6.1.4.1.9.2.1.58.0&1.3.6.1.4.1.9.2.1.58.0:community@host  RouterUptime[cpu.1]: community@host  MaxBytes[cpu.1]: 100  Title[cpu.1]: CPU LOAD  PageTop[cpu.1]: <H1>CPU Load %</H1>  Unscaled[cpu.1]: ymwd  ShortLegend[cpu.1]: %  XSize[cpu.1]: 380  YSize[cpu.1]: 100  YLegend[cpu.1]: CPU Utilization  Legend1[cpu.1]: CPU Utilization in % (Load)  Legend2[cpu.1]: CPU Utilization in % (Load)  Legend3[cpu.1]:  Legend4[cpu.1]:  LegendI[cpu.1]:  LegendO[cpu.1]: &nbsp;Usage  Options[cpu.1]: gauge #End ##################################

Router memory utilization

 #Router Memory utilization # Replace community@host by information specific to your IOS device           Target[rtr-mem]: 1.3.6.1.4.1.9.2.1.8.0&1.3.6.1.4.1.9.2.1.8.0:community@router Directory[rtr-mem]: memory WithPeak[rtr-mem]: wmy YLegend[rtr-mem]: Memory Utilization ShortLegend[rtr-mem]: Used # replace 16384 by the value of your Router RAM, below                        # use "show version" to determine the RAM                                     MaxBytes[rtr-mem]: 16384 Options[rtr-mem]: gauge, growright Unscaled[rtr-mem]: dwmy # replace 16384 by the value of your Router RAM, below AbsMax[rtr-mem]: 16384 Title[rtr-mem]: Router Colours[rtr-mem]: GREEN#00eb0c,BLUE#1000ff,BLUE#1000ff,VIOLET#ff00ff Legend1[rtr-mem]: Memory Utilized Legend2[rtr-mem]: Legend3[rtr-mem]: " " Legend4[rtr-mem]: LegendI[rtr-mem]: &nbsp;Memory: LegendO[rtr-mem]: PageTop[rtr-mem]: <H1> Memory Utilization </H1> #End ##################################

PIX Firewall CPU utilization

 #PIX CPU Utilization # Replace community@host by information specific to your PIX                      Target[pix-cpu]:  1.3.6.1.4.1.9.9.109.1.1.1.1.8.1&1.3.6.1.4.1.9.9.109.1.1.1.1.6.1:community@pix_  IP MaxBytes[pix-cpu]: 100 Title[pix-cpu]: CPU Utilization PageTop[pix-cpu]: <H1>PIX CPU Utilization</H1> Options[pix-cpu]: gauge Unscaled[pix-cpu]: dwmy YLegend[pix-cpu]: % CPU ShortLegend[pix-cpu]: % CPU Legend1[pix-cpu]: Five Minute CPU Utilization Legend2[pix-cpu]: Five Second CPU Utilization Legend3[pix-cpu]: Peak CPU Util, Min Legend4[pix-cpu]: Peak CPU Util, Sec LegendI[pix-cpu]: Min LegendO[pix-cpu]: Sec #End ##################################

PIX Firewall memory utilization

 #PIX Memory utilization # Replace community@host by information specific to your PIX                  Target[PIX_mem]:  1.3.6.1.4.1.9.9.48.1.1.1.5.1&1.3.6.1.4.1.9.9.48.1.1.1.6.1.1:community@pix_IP YLegend[pix_mem]: Used and Free ShortLegend[pix_mem]: Bytes #Specify the RAM in the PIX below                                             # If not sure use the "show memory" command                                   Maxbytes[pix_mem]: 16777216 Options[pix_mem]: gauge Unscaled[pix_mem]: dwmy Title[pix_mem]: Memory Legend1[pix_mem]: Free memory Legend2[pix_mem]: Used memory Legend3[pix_mem]: Peak Free memory Legend4[pix_mem]: Peak Used memory LegendI[pix_mem]: Free LegendO[pix_mem]: Used PageTop[pix_mem]: <H1>PIX Memory</H1> #End ##################################

PIX Firewall active connections

 # PIX Connections # Replace community@host by information specific to your PIX                Target[pix_conn]: 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6&1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7:comm unity@pix_IP # Specify the maximum connection supported by PIX license                   MaxBytes[pix_conn]: 1000 Title[pix_cpS]: Connections in Use PageTop[pix_conn]: <H1>Current PIX Connections</H1> Options[pix_conn]: gauge Unscaled[pix_conn]: dwmy YLegend[pix_conn]: # Connections in Use ShortLegend[pix_conn]: # Conn in Use Legend1[pix_conn]: Conn in Use Legend2[pix_conn]: Max Conn Legend3[pix_conn]: Peak Conn in Use Legend4[pix_conn]: Peak Max Conn LegendI[pix_conn]: In Use LegendO[pix_conn]: Max #End ##################################

VPN concentrator CPU utilization and sessions

 # VPN 3000 - CPU & Session # Replace community@host by information specific to your VPN concentrator Target[VPN.cpu]:  1.3.6.1.4.1.3076.2.1.2.25.1.2.0&1.3.6.1.4.1.3076.2.1.2.17.1.9.0:community@VPNB  OX_IP MaxBytes[VPN.cpu]: 100 Title[VPN.cpu]: CPU and Sessions -- VPN 3005 PageTop[VPN.cpu]: <H1>CPU and Sessions - VPN 3000</H1> Options[VPN.cpu]: gauge, nopercent XSize[VPN.cpu]: 380 YSize[VPN.cpu]: 100 YLegend[VPN.cpu]: CPU / Sessions ShortLegend[VPN.cpu]: &nbsp; Legend1[VPN.cpu]: CPU Usage gauge&nbsp; Legend2[VPN.cpu]: Active sessions&nbsp; LegendI[VPN.cpu]: CPU Usage (%) &nbsp; LegendO[VPN.cpu]: Active sessions&nbsp; #End ##################################

Understanding the indexmaker Tool

When monitoring multiple interfaces and variables, the number of HTML pages can get very large. Fortunately, MRTG provides a tool, called indexmaker, that parses the mrtg.cfg file and generates a summary page in HTML format. The single-page summary provides the daily view of the histogram graph that depicts the current status of all the monitored parameters. Moreover, each graph contains embedded hyperlinks that, when clicked, take you to the page that contains the daily, weekly, monthly, and yearly views of the histogram graphs. The command syntax is indexmaker [ options ] mrtg.cfg. Similar to cfgmaker, indexmaker also outputs the result to the screen. You should redirect the output to a file using the > option. Example 6-2 shows the command that creates the summary page index.html from the /etc/mrtg.cfg file.

Example 6-2. Indexmaker Tool

 linuxbox:~# indexmaker /etc/mrtg.cfg > /var/www/mrtg/index.html linuxbox:~# cat /var/www/mrtg/index.html <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD>     <TITLE>MRTG Index Page</TITLE>     <META HTTP-EQUIV="Refresh" CONTENT="300">     <META HTTP-EQUIV="Cache-Control" content="no-cache">     <META HTTP-EQUIV="Pragma" CONTENT="no-cache">     <META HTTP-EQUIV="Expires" CONTENT="Sat, 16 Oct 2004 07:56:58 GMT"> </HEAD> # --- output truncated ---

The resulting web page from the index.html code (generated in the previous example) is illustrated in Figure 6-5.

Figure 6-5. Output of index.html

Running MRTG

Before running MRTG, test the mrtg.cfg file by using the following mrtg script:

 linuxbox:~#/usr/bin/mrtg /etc/mrtg.cfg

Note that the first two instances of running MRTG will generate error messages regarding the missing log files.

After successfully testing the mrtg.cfg file, you can automate MRTG process using cron, which is a Linux utility that periodically runs specified tasks in the background. Crontab is a file that contains the schedule of cron entries to be run and the specified times. The steps for running MRTG through cron are as follows:

Step 1.

Create a text file called mrtgcron that contains the command to run MRTG at an interval of 5 minutes. The command syntax is as follows:

 0-55/5 * * * * /usr/bin/mrtg /etc/mrtg/cfg --logging /var/log/mrtg

This command is based on the assumption that the MRTG executable script is located in the /usr/bin directory and that the mrtg.cfg file is located in the /etc directory.

Step 2.

Use the crontab <filename> command to update the system cron with new job, as follows:

 linuxbox:~# crontab mrtgcron

These steps run MRTG every 5 minutes, poll the devices listed in the mrtg.cfg file, and update the graphs.

Note

By default, the MRTG package for Debian installs the script in the /etc/cron.d/ directory for running the MRTG program daily every 5 minutes. MRTG Debian package users can ignore the previous steps.

Deploying a Windows-Based Performance-Monitoring System MRTG

Because MRTG also comes in a Windows version, the Netadmin can easily deploy it on a Windows machine. The Windows version of MRTG supports Windows NT, XP, 2000, and 2003 servers. The file options and tools are identical to those of the Linux counterpart. However, several minor differences are specific to the Windows environment. These differences are covered in the following steps. MRTG in Windows requires fully functional installations of Perl and web servers to work correctly. The general guidelines for deploying a Windows-based MRTG system are as follows:

Step 1.	Install Perl for Windows from http://www.activeperl.com/.
Step 2.	Install the IIS web server using the Add/Remove Programs icon in the Windows Control Panel.
Step 3.	Create a folder for MRTG in the home directory of the IIS web server. For example, if the home directory points to d:\inetpub\wwwroot, the new folder would be d:\inetpub\wwwroot\mrtg.
Step 4.	Download and unzip the Windows version of MRTG files from http://www.mrtg.org. Copy the unzipped archives to a folder such as d:\mrtg. By default, MRTG stores the Perl scripts, such as mrtg, cfgmaker, and indexmaker, in the \mrtg\bin directory.
Step 5.	Use the cfgmaker Perl script to create the mrtg.cfg file. The command syntax is as follows: perl cfgmaker [options] [community@]router1 [[options] [community@]router2 ... ] Note the use of the keyword perl. In this example, cfgmaker is used to create the mrtg.cfg file for host 192.168.0.10. The host is preconfigured to use the text string read as the SNMP community string for replying to SNMP queries, as follows: d:\mrtg\bin>perl cfgmaker read@192.168.0.10 > mrtg.cfg
Step 6.	After creating the mrtg.cfg file, edit the file to add Windows-specific parameters. These parameters help MRTG to determine the location of the working directory, log files, HTML pages, and so on. Edit the file using the following code: # the webserver home directory is "d:\inetpub\wwwroot\" Workdir: d:\inetpub\wwwroot\mrtg\ Htmldir: d:\inetpub\wwwroot\mrtg\ Imagedir: d:\inetpub\wwwroot\mrtg\ Logdir: d:\inetpub\wwwroot\mrtg\ # specify the location of mrtg icons # default location is under "\mrtg\images" Icondir: d:\mrtg\images # MRTG should be run as daemon after every 5 minutes RunAsDaemon: Yes Interval: 5
Step 7.	Use the indexmaker script to create index files for all the monitored nodes. The syntax is as follows: perl indexmaker [options] [.cfg file] Note the use of the keyword perl. This example creates the index.html file in the d:\inetpub\wwwroot\mrtg directory using the d:\mrtg\bin\mrtg.cfg file. The syntax is as follows: C:\mrtg\bin>perl indexmaker mrtg.cfg > d:\inetpub\wwwroot\mrtg\index.html
Step 8.	Use the following syntax to run MRTG from the command line: perl mrtg [config file] Based on this syntax, the following command illustrates MRTG being executed from the command line using the mrtg.cfg file: d:\mrtg\bin> perl mrtg mrtg.cfg

Tip

To run MRTG in the background, use the following command, as suggested by MRTG website:

 d:\mrtg\bin> start /Dc:\mrtg\bin wperl mrtg --logging=eventlog mrtg.cfg

You can also use Microsoft's RunsAsService tool to run MRTG as a background service.