Printing a Post - Using SNMP and MRTG for network monitoring Part 1

Select "print" from your browser's "File" menu.

Back to Post

Username Post: Using SNMP and MRTG for network monitoring Part 1

d_jabsd
The Daemon
Posts 875 Friday February 14th 2003 04:19 PM - Post#45148

Part 1- SNMP installation, configuration, and testing

What is SNMP?
SNMP, or Simple Network Management Protocol, is used to statistics collection on network devices and systems. Once enabled, the SNMP keeps stats on traffic, cpu utilization, processes, installed apps, and the list goes on and on. Once you are comfortable with SNMP, there is little that you can't monitor.
Unfortunately, in its raw form, the statistics don't do much good. This is where MRTG comes into play.

What is MRTG?
MRTG, or Mutli-Router Traffic Grapher, queries the SNMP daemon, at a user-configurable interval (minimum interval is 5 minutes) and translates the output into a usable graph. Although it is not real-time, it gives the administrator a 'snapshot' of system and device performance.

In this tutorial, I am going to show you how to enable and configure the SNMP Protocol for Windows 2k/XP, FreeBSD (also applies to OpenBSD with some minor changes) , Debian Linux, and Cisco network devices. Once this is accomplished, I will show you how to configure MRTG on BSD and Linux. Those of you familiar with IIS or Apache for Win32 will easily be able to convert the tutorial for use with Windows webservers. Once completed, you will be able to monitor network traffic, cpu utilization, process count, user count, and disk usage.

For an example of what we will be doing, take a a look at http://admin.sec-d.net.

Installing and Configuring SNMP for Windows 2K/XP

Microsoft was kind enough to include SNMP in the Windows but it is not installed by default.
To install:
Go to Add/Remove Programs > Add/Remove Windows Components. Select Management and Monitoring Tools and check the the boxes for Simple Network Management Protocol and WMI SNMP Provider. This will install the drivers and daemon for SNMP, allowing you to query your Windows machine from localhost or another host.

To configure snmp:

Go into Administrative Tools > Services > SNMP Service

Set it to automatically start at boot.

Under the Agent tab, fill in the Contact and Location info and select the services youwant to monitor.

Under the Security tab, the 'public' community name will already be listed and will have read-only privileges. This is fine if your network is isolated from the public. You will also want to make sure you have a firewall in place to block incoming traffic to port 161 (snmp) and 162 (snmp traps). If you do not have a firewall, or want extra security, change the the community name to something of your choice, but maintain the 'read-only' privileges. I will discuss write access later.

Installing and Configuring SNMP for FreeBSD/OpenBSD and Debian Linux 3.0

Both FreeBSD and OpenBSD have a ports collection in /usr/ports. This is a collection of applications that have been ported specifically for the OS.
To install:
cd /usr/ports/net/net-snmp make install

This will download the source code and compile it for your system.
It takes a few minutes to complete, but not overly long, depending on the speed of your system.

When the install pauses for the Configuration Section, just accept the defaults.

The install will install a startup script in /usr/local/etc/rc.d called 'snmpd.sh'
This script uses /etc/rc.conf to determine if it should start up at boot. To enable, do the following:
echo 'net_snmpd_enable="YES"' >> /etc/rc.conf echo 'net_snmpd_flags=""' >> /etc/rc.conf

To configure for FreeBSD:
cd /usr/local/share/snmp vi snmpd.conf
add values for your system:
syslocation and syscontact are self explanitory.
sysservices is a sum based on the network layer you want to monitor.
the equation:
2^(L-1) where 'L' is the network layer in question.
Layer Functionality
1 physical (eg: repeaters)
2 datalink/subnetwork (eg: bridges)
3 internet (eg: IP Gateways)
4 end-to-end (eg: IP hosts)
7 applications (eg: mail relays)
layers 5 and 6 can also be used for systems using OSI protocols.

if you want access to all layers, regardless of need, use the value '79', otherwise you can calculate your own value.
For a router, you would use '4' =(2^(3-1)), for a host, you would use '72' =(2^(4-1) + 2^(7-1))

rocommunity is the community name for read-only access
agentuser and agentgroup is the user and group you want snmpd to run as. for ease of use, I am using root, which is not entirely secure, but considering the agent only allows read-only access and is completely isolated from the outside, i'll take the risk and save myself some permissions headaches for now.
agentaddress is the port you want the snmpd daemon to listen on. 161 is default.

you can also use /usr/local/bin/snmpconf to configure the daemon. snmpconf is a Perl script included with net-snmp that can be helpful in adding functionality to snmpd that is not included in this tutorial.

Debian Linux has the apt-get utility which eases the install process.
To install:
apt-get install snmpd snmp
This grabs the Debian packages for the snmpd daemon, the snmp utilities and their required libraries. This will also start up the snmpd daemon as well as the snmptrapd daemon. We will not be covering traps here, so you can modify the start script for it or just leave it for now... it doesn't really hurt anything.

The configuration files are located in /etc/snmp. Follow the instructions for the FreeBSD configuration, since that applies to all unix-like operating systems. The only differences are paths and snmp versions (which are compatible.)

Configuring for a Cisco IOS-based device.

Login and enter enable mode.
conf t snmp-server community communityname RO ^Z wr mem

Pretty easy. use 'sh conf | inc snmp' to verify that it took. IOS will add an engineID and chassis-id. You can also add contact and location information if you like. There are some other snmp-server options that could be useful in the future but we don't need them for this, so i will leave that for you to explore.

Testing your install

(For the purpose of this tutorial, the community name is 'public')

Microsoft does not provide you with utilities for querying the snmpd daemon. In order to do this you will need to download the win32 binaries from the net-snmp sourceforge download page. You want the win32 binaries for ucd-snmp version 4.2.3.
Once downloaded, extract the .zip to c:\. This should give you 4 new folders: c:\bin, c:\mibs, c:\SNMP, and c:\usr. We are concerned with c:\usr, which contains the binaries we need to test snmp.

In order to enable them without the need to include the path, we are going to include them in our environment. Right-click My Computer and select 'Properties'. Then select the 'Advanced' tab, and click on the 'Environment Variables' button. Double-click the 'Path' line and add ';C:\usr\bin' to the end of the line.

Once this is completed, open up a command prompt and type 'smnpwalk -c communityname localhost system'
you should then receive the following output:

FreeBSD and linux both give you the required tools to test the snmpd daemon. They are located in /usr/bin on Debian Linux systems and /usr/local/bin on FreeBSD systems.

to test in Debian, we will use the same command as in windows: snmpwalk -c communityname localhost system.
This will give you more information than the Windows command, due to Windows minimal snmp implementation.

To test in Freebsd, you need to change the command slightly. This is due to FreeBSD using a newer version of snmp that defaults to version 3 instead of version 2 use the following command to test the installation: snmpwalk -c communityname -v 2c localhost system

You can't test as Cisco device locally, so from one of your other systems that has the snmp utilities,
type: snmpwalk -c public ciscohostname system.

If all of the above works, pat yourself on the back, then start brewing another pot of coffee... we aren't done yet. :-)

Username	Post: Using SNMP and MRTG for network monitoring Part 1
d_jabsd The Daemon Posts 875	Friday February 14th 2003 04:19 PM - Post#45148 Part 1- SNMP installation, configuration, and testing What is SNMP? SNMP, or Simple Network Management Protocol, is used to statistics collection on network devices and systems. Once enabled, the SNMP keeps stats on traffic, cpu utilization, processes, installed apps, and the list goes on and on. Once you are comfortable with SNMP, there is little that you can't monitor. Unfortunately, in its raw form, the statistics don't do much good. This is where MRTG comes into play. What is MRTG? MRTG, or Mutli-Router Traffic Grapher, queries the SNMP daemon, at a user-configurable interval (minimum interval is 5 minutes) and translates the output into a usable graph. Although it is not real-time, it gives the administrator a 'snapshot' of system and device performance. In this tutorial, I am going to show you how to enable and configure the SNMP Protocol for Windows 2k/XP, FreeBSD (also applies to OpenBSD with some minor changes) , Debian Linux, and Cisco network devices. Once this is accomplished, I will show you how to configure MRTG on BSD and Linux. Those of you familiar with IIS or Apache for Win32 will easily be able to convert the tutorial for use with Windows webservers. Once completed, you will be able to monitor network traffic, cpu utilization, process count, user count, and disk usage. For an example of what we will be doing, take a a look at http://admin.sec-d.net. Installing and Configuring SNMP for Windows 2K/XP Microsoft was kind enough to include SNMP in the Windows but it is not installed by default. To install: Go to Add/Remove Programs > Add/Remove Windows Components. Select Management and Monitoring Tools and check the the boxes for Simple Network Management Protocol and WMI SNMP Provider. This will install the drivers and daemon for SNMP, allowing you to query your Windows machine from localhost or another host. To configure snmp: Go into Administrative Tools > Services > SNMP Service Set it to automatically start at boot. Under the Agent tab, fill in the Contact and Location info and select the services youwant to monitor. Under the Security tab, the 'public' community name will already be listed and will have read-only privileges. This is fine if your network is isolated from the public. You will also want to make sure you have a firewall in place to block incoming traffic to port 161 (snmp) and 162 (snmp traps). If you do not have a firewall, or want extra security, change the the community name to something of your choice, but maintain the 'read-only' privileges. I will discuss write access later. Installing and Configuring SNMP for FreeBSD/OpenBSD and Debian Linux 3.0 Both FreeBSD and OpenBSD have a ports collection in /usr/ports. This is a collection of applications that have been ported specifically for the OS. To install: `cd /usr/ports/net/net-snmp make install` This will download the source code and compile it for your system. It takes a few minutes to complete, but not overly long, depending on the speed of your system. When the install pauses for the Configuration Section, just accept the defaults. The install will install a startup script in /usr/local/etc/rc.d called 'snmpd.sh' This script uses /etc/rc.conf to determine if it should start up at boot. To enable, do the following: `echo 'net_snmpd_enable="YES"' >> /etc/rc.conf echo 'net_snmpd_flags=""' >> /etc/rc.conf` To configure for FreeBSD: `cd /usr/local/share/snmp vi snmpd.conf` add values for your system: syslocation and syscontact are self explanitory. sysservices is a sum based on the network layer you want to monitor. the equation: 2^(L-1) where 'L' is the network layer in question. Layer Functionality 1 physical (eg: repeaters) 2 datalink/subnetwork (eg: bridges) 3 internet (eg: IP Gateways) 4 end-to-end (eg: IP hosts) 7 applications (eg: mail relays) layers 5 and 6 can also be used for systems using OSI protocols. if you want access to all layers, regardless of need, use the value '79', otherwise you can calculate your own value. For a router, you would use '4' =(2^(3-1)), for a host, you would use '72' =(2^(4-1) + 2^(7-1)) rocommunity is the community name for read-only access agentuser and agentgroup is the user and group you want snmpd to run as. for ease of use, I am using root, which is not entirely secure, but considering the agent only allows read-only access and is completely isolated from the outside, i'll take the risk and save myself some permissions headaches for now. agentaddress is the port you want the snmpd daemon to listen on. 161 is default. you can also use /usr/local/bin/snmpconf to configure the daemon. snmpconf is a Perl script included with net-snmp that can be helpful in adding functionality to snmpd that is not included in this tutorial. Debian Linux has the apt-get utility which eases the install process. To install: `apt-get install snmpd snmp` This grabs the Debian packages for the snmpd daemon, the snmp utilities and their required libraries. This will also start up the snmpd daemon as well as the snmptrapd daemon. We will not be covering traps here, so you can modify the start script for it or just leave it for now... it doesn't really hurt anything. The configuration files are located in /etc/snmp. Follow the instructions for the FreeBSD configuration, since that applies to all unix-like operating systems. The only differences are paths and snmp versions (which are compatible.) Configuring for a Cisco IOS-based device. Login and enter enable mode. `conf t snmp-server community communityname RO ^Z wr mem` Pretty easy. use 'sh conf \| inc snmp' to verify that it took. IOS will add an engineID and chassis-id. You can also add contact and location information if you like. There are some other snmp-server options that could be useful in the future but we don't need them for this, so i will leave that for you to explore. Testing your install (For the purpose of this tutorial, the community name is 'public') Microsoft does not provide you with utilities for querying the snmpd daemon. In order to do this you will need to download the win32 binaries from the net-snmp sourceforge download page. You want the win32 binaries for ucd-snmp version 4.2.3. Once downloaded, extract the .zip to c:\. This should give you 4 new folders: c:\bin, c:\mibs, c:\SNMP, and c:\usr. We are concerned with c:\usr, which contains the binaries we need to test snmp. In order to enable them without the need to include the path, we are going to include them in our environment. Right-click My Computer and select 'Properties'. Then select the 'Advanced' tab, and click on the 'Environment Variables' button. Double-click the 'Path' line and add ';C:\usr\bin' to the end of the line. Once this is completed, open up a command prompt and type 'smnpwalk -c communityname localhost system' you should then receive the following output: FreeBSD and linux both give you the required tools to test the snmpd daemon. They are located in /usr/bin on Debian Linux systems and /usr/local/bin on FreeBSD systems. to test in Debian, we will use the same command as in windows: snmpwalk -c communityname localhost system. This will give you more information than the Windows command, due to Windows minimal snmp implementation. To test in Freebsd, you need to change the command slightly. This is due to FreeBSD using a newer version of snmp that defaults to version 3 instead of version 2 use the following command to test the installation: `snmpwalk -c communityname -v 2c localhost system` You can't test as Cisco device locally, so from one of your other systems that has the snmp utilities, type: `snmpwalk -c public ciscohostname system`. If all of the above works, pat yourself on the back, then start brewing another pot of coffee... we aren't done yet. :-)

FusionBB™ Version 2.0.1
©2003-2006 InteractivePHP, Inc.
Execution time: 0.056 seconds. Total Queries: 7 Zlib Compression is on.
All times are (GMT -0500) Eastern. Current time is 08:31 AM
Top