Tuesday 11 June 2013

Bandwidth monitoring using Multi Router Traffic Grapher ( MRTG )

MRTG monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface. Initial days MRTG is being used to graph only network devices but now it can monitor everything from weather data to vending machines. MRTG generates HTML pages with images of PNG, which show the amount of traffic passing through the interface. If you want MRTG on your system, you need to have SNMP configured and running. But you don't need to configure SNMP for router, as most router and switches comes with pre-configured SNMP.

INSTALLATION
You can install using yum, if you want the latest version running on system you need to install manually from here.

# yum install mrtg

CONFIGURATION
You need to create the folder in which your graphs and html pages has to be stored.

# mkdir /var/www/html/mrtg/

Run the cfgmaker to create the mrtg configuration file /etc/mrtg/mrtg.cfg

# cfgmaker --global "workdir: /var/www/html/mrtg" -ifref=ip --output /etc/mrtg/mrtg.cfg --global 'options[_]: growright,bits' public@<router-ip-address>

Here you can see that --output /etc/mrtg/mrtg.cfg as long as to public@<router-ip-address>. This command tells the MRTG to create a configuration file with the name ‘mrtg.cfg’ for the traffic of your router.

Next we use indexmaker to creates index files for mrtg web sites

# indexmaker --output=/var/www/html/mrtg/index.html /etc/mrtg/mrtg.cfg

CRON JOB
/etc/cron.d/mrtg executes mrtg command in every 5 minutes to graph the traffic load on network links. If you run

# cat /etc/cron.d/mrtg

You should see something like

*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lock/mrtg/mrtg_l --confcache-file /var/lib/mrtg/mrtg.ok

You need to make sure crond is running on run level 3 and 5, # chkconfig --level 35 crond on

VERIFY
When you run the command # mrtg /etc/mrtg/mrtg.cfg, if you see something like
 -----------------------------------------------------------------------
ERROR: Mrtg will most likely not work properly when the environment
       variable LANG is set to UTF-8. Please run mrtg in an environment
       where this is not the case. Try the following command to start:

       env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
-----------------------------------------------------------------------
then, you need to run the above command few more times till it runs without any error, this is quite normal.

MRTG GRAPHS
You need to have Apache web server to view graphs, simply type the following to install httpd:
# yum install httpd (Obviously you need to configure the apache).
# chkconfig --level 3 httpd on
# service httpd on

Fire your favorite web browser and type http://your-router-ip/mrtg. Now your graph will be something like


Monday 10 June 2013

Installation and Configuration of SNMP On a Linux Host

INSTALLATION

First you need to install the necessary SNMP package on the system to monitor a Linux Host using SNMP.

# yum install net-snmp-utils net-snmp

Make sure the the snmpd runs on runlevel 3 and 5
# chkconfig --level 35 snmpd on (You can verify this by #chkconfig --list snmpd)

snmpd should be listening on tcp port 199
# netstat -an | grep 199

You can see that
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN

CONFIGURATION

Next, you need to back up the original snmpd.conf and create your own snmpd.conf

# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
# vim /etc/snmp/snmpd.conf

Now do the following four steps

First, map the community name "public" into a "security name" by changing

com2sec notConfigUser  default       public

with these

com2sec      local              localhost             public
com2sec      mynetwork  192.168.1.0/24   public

Note that the public community string setting above also specifies a network (192.168.1.0/24 is what my network is) from which the query must originate from. This is a good security measure for limiting access.

Second, map the security name into a group name by changing

group   notConfigGroup v1            notConfigUser
group   notConfigGroup v2c          notConfigUser

these with

group   MyRWGroup      v1           local
group   MyRWGroup      v2c         local
group   MyRWGroup      usm       local

group   MyROGroup      v1           mynetwork
group   MyROGroup      v2c         mynetwork
group   MyROGroup      usm       mynetwork

Third, create a view for us to let the group have rights to by changing

view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1

with these

view    all            included      .1              80

Finally, grant the group read-only access to the systemview view by changing

access  notConfigGroup ""      any       noauth    exact  systemview none none

with these

access MyROGroup   ""      any       noauth    exact  all    none   none
access MyRWGroup  ""      any       noauth    exact  all    all       none

Save the configuration file and restart snmpd service (# service snmpd restart).

VERIFICATION

You can verify this by run this command

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Now you should get something like
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.1.11 = INTEGER: 2

Where 192.168.2.11 is ip address of my Linux Host.

Note:

1. The easiest way to configure snmp on your system is to edit the configuration file and specify a community string that can be used to issue queries.

# vim /etc/snmp/snmpd.conf

rocommunity public 192.168.1.0/24, where 192.168.1.0 is your network.

Save the configuration file and restart snmp services. You can verify snmp is properly configured by

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

2. If you are using firewall you need to edit your firewall settings. You will need to open up UDP port 161 to allow SNMP queries to the Linux Host. Add these line to the file /etc/sysconfig/iptables and restart iptable.

iptables -I INPUT -p udp –-destination-port 161 -j ACCEPT

3. If you are using TCP Wrappers you may need to add the address of your Linux Host to the allowed hosts file (/etc/hosts.allow).

Simple Network Management Protocol (SNMP)

SNMP works by sending messages, called Protocol Data Units (PDUs), to different SNMP compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requester's. SNMP originally designed to monitor the network devices like routers and switches. But now they are using to retrieve the information about the entire network infrastructure. System up time, CPU, disk and memory usage are few of them.

SNMP Architecture

The SNMP architecture consists of three elements:

1. Manager: Software runs on the system, designed to communicate and manage network devices which has agents.

2. Agent: Software stored on network devices like routers, switches etc. and provides information to the managers.

3. MIB: Just a text file, and MIBs data object values are used for the communication between managers and agents.

MIBs and OIDs Overview

SNMP uses an extensible design of the available information defined by MIBs. These MIBs can be described as a tree like structure of the management data of a device, which use a hierarchical name space known a s object identifiers (OID). Each OID defines a unique variable that can be read or set via SNMP.

SNMPTrap: Is a SNMP application that sends an SNMP notification (trap) to a network administrator.

Applications

SNMP is widely used by network administrators to monitor and manage network performance, detect and resolve network issues. Even you can collect the long term data.

Note:
The first two versions of the SNMP protocol (SNMPv1 and SNMPv2c) contained clear text passwords called community strings. SNMPv3/USM was later developed which include a User-Based Security Model, that allows network administrators to secure the protocol by defining the users with various security credentials.

Monday 3 June 2013

less colors for man pages

I have been using Tera Term for quite long time, but whenever I open the man pages it displays the text in some weird yellow color. To get rid of this yellow color I have started my search and end up in two methods for displaying colored man pages. One is using less, more preferred one because it provides the powerful feature of less command and the other is using most.

1. Using less

Less is used as the default command for viewing man pages.

Add the following to the BASH configuration file ~/.bashrc or /etc/bashrc

# Less Colors for Man Pages

export LESS_TERMCAP_mb=$'\E[01;31m' # begin blinking
export LESS_TERMCAP_md=$'\E[01;31m' # begin bold
export LESS_TERMCAP_me=$'\E[0m' # end mode
export LESS_TERMCAP_se=$'\E[0m' # end stand-out mode
export LESS_TERMCAP_so=$'\E[01;44;33m' # begin stand-out mode
export LESS_TERMCAP_ue=$'\E[0m' # end underline
export LESS_TERMCAP_us=$'\E[01;32m' # begin underline

You can customize the colors too, see ANSI escape code for reference.

Log out and log back in or source the /etc/bashrc have it work

# source /etc/bashrc

2. Change to vim editor to open man pages

If you use bash, just add the following script in your ~/.bashrc or /etc/bashrc

export PAGER="/bin/sh -c \"unset PAGER;col -b -x | vim -R -c 'set ft=man nomod nolist' -c 'map q :q<CR>' -c 'map <SPACE> <C-D>' -c 'map b <C-U>' -c 'nmap K :Man <C-R>=expand(\\\"<cword>\\\")<CR><CR>' -\""

3. Using most

most provides almost same functions as as less and more, but most is not powerful as less and configuring most to use colors is simper than using less.

RPMForge repo has to be  configured, if we want to use yum. You can download the source tarball from the website http://www.jedsoft.org/most/ or you can download the rpm from http://pkgs.repoforge.org/most/

Open the file /etc/man.config and replace 'PAGER  /usr/bin/less -is' with 'PAGER  /usr/bin/most -s'

Verify this by typing man <some command>

Note: Thanks Nico for this tip.

Sunday 2 June 2013

Install RPMForge Repository on RHEL/CentOS/Scientific Linux 6

RPMForge repository is a collaboration of Dag WieĆ«rs and other packagers.  The RPMforge project maintains 10,000+ third party software packages in the rpm package format for Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL).

RPMforge repository is not a part of RHEL, CentOS or SL but it is designed to work with these operating systems.  This repository is considered to be stable and safe by many in the community.

The complete list of RPMForge packages can be found at http://pkgs.repoforge.org/

How to check RPMforge has enabled on your system

#rpm -qa | grep rpmforge or yum repolist | grep rpmforge to see RPMforge package has enabled or not.

How to install RPMForge

Install the appropriate rpmforge-release package for your distribution from http://repoforge.org/use/ that you can enable the RPMforge repository on your system.

RHEL/CentOS/SL 6 32-Bit
# rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm

RHEL/CentOS/SL 6 64-Bit
# rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Install Dag's gpg key

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

Disable RPMForge Repository

You can disable accidental updates from the repository by setting enabled = 0 in the repo definition file in /etc/yum.repos.d/rpmforge.repo.

Now you can use yum to install the available packages from the RPMForge Repository, e.g. yum install --enablerepo=rpmforge package_name

Note: cat /proc/version will give you the release as well as processor architecture