GUIDELINES FOR INSTALLATION OF MRTG ON LINUX
(Version-3/3-1-2003)
In order to monitor the load on different NIB links and also to aid in the systematic augmentation
of internodal bandwidth, Multi Router Traffic Grapher (MRTG) is proposed to be used. MRTG
is a software to monitor the traffic load on network links. MRTG generates HTML pages
containing graphical images, which provide a LIVE visual representation of this traffic.
MRTG is to be installed by all the "A" type of nodes except Ludhiana. Chandigarh would
be installing MRTG in place of Ludhiana. Apart from MRTG of their own interfaces these
nodes would also configure MRTG for the nodes as given in Table-1.
The MRTG PC would be used only for MRTG purposes, no other activity like browsing ,
mail etc. is to be carried out from that PC. All the security guidelines as given in Section (g)
of this document must be implemented.
The details of user-id and password must be sent to Sh Dhirendra Verma, DE(Tech-1)
(DNW) on [email protected]
Following steps are required to implement MRTG.
a)
b)
c)
d)
e)
f)
g)
Arrange a PC
Procure Red Hat Linux 7.1
Connect the PC to the NIB LAN .
Install Red Hat Linux (Use the IP address as specified in Table-1)
Configure Apache Web server
Down load and install MRTG
Securing the MRTG PC
(The procedure written has been tested with RedHat Linux 7.1)
A.
PC :- A normal Pentium III machine with 128 MB RAM , 20 GB hard disk , CD ROM
drive , Network Interface card should be sufficient for the installation of MRTG.
B.
Red Hat Linux 7.1 :- This should be easily available from the market. Generally Linux
books also come along with the Linux CD.
C.
Connect PC to LAN :- Special permission has been given to connect this PC to NIB
LAN. On this PC, no browsing, sending or receiving of mail etc. is to be done for
security reasons. This PC would remain ON forever and is not supposed to be switched
off.
D.
Linux Installation: The installation procedure given below has been tested with
RedHat 7.1. The PC should not be loaded with any variant of Windows operating
system. (The PC is not to be made dual bootable). After inserting the Linux CD into CD
ROM drive, following are the main options which must be selected while Linux
installation is ON.
I.
System should be installed as Server System, not as a work station or anything
else.
II.
IP address, mask and gateway should be provided as per details in table-1.
Data Networks Circle, Jan 2003
-1-
III.
IV.
V.
E.
Firewall should be configured as Medium.
"GNOME", "Webserver" & "X WINDOW system" package should be selected.
Other should not be selected as they may pose security threats.
Chose your login type as text. (Not Graphical)
Apache Web Server : After the loading of Linux is over , enter into the system and give
the following command at the Unix prompt.
#ps -ef |grep httpd
If it shows httpd as running, then fine. Else proceed as below
#cd /etc/init.d
#ls httpd
# ./httpd start
After giving this command, check the default webpage running on this PC by giving the URL as
http://<IP address of the LINUX machine>. If it shows the default page, then fine. Else proceed
as below
#setup
After giving this command a menu would be displayed , then do as given below
Choose firewall- mediumCustomizeenable www(http)
Now the default webpage should be opened from another PC.
F.
MRTG : After the above steps are over , check the output of the following commands.
The output of the following commands should not give a response like
"type: xxx : not found" where xxx is gcc/perl/wget
#type gcc
#type perl
#type wget
F-1
Library Compilation :
Give following commands in sequence:
#mkdir -p /usr/local/src
#cd
/usr/local/src
#wget ftp://sunsite.cnlab-switch.ch/mirror/infozip/zlib/zlib.tar.gz
#gunzip -c zlib.tar.gz | tar xf #mv zlib-?.?.?/
zlib
#cd zlib
#./configure
#make
#cd ..
#wget http://www.libpng.org/pub/png/src/libpng-1.0.12.tar.gz
#wget http://www.libpng.org/pub/png/src/libpng-1.2.3.tar.gz
#wget http://www.libpng.org/pub/png/src/libpng-1.2.5.tar.gz
#gunzip -c libpng-*.tar.gz | tar xf #rm
libpng-*.tar.gz
#mv libpng-*
libpng
#cd
libpng
#make -f
scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
#cd ..
Data Networks Circle, Jan 2003
-2-
#wget http://www.boutell.com/gd/http/gd-1.8.3.tar.gz
#gunzip
–c
gd-1.8.3.tar.gz |tar xf #mv gd-1.8.3
gd
#cd
gd
Following command is to be given in a single line.
#make INCLUDEDIRS="-I. -I../zlib -I../libpng" LIBDIRS="-L../zlib -L. L../libpng" LIBS="-lgd -lpng -lz -lm"
#cd ..
#cd
/usr/local/src
#wget http://people.ee.ethz.ch/~oetiker/webtools/mrtg/pub/mrtg-2.9.18pre4.tar.gz
#gunzip -c mrtg-2.9.18pre5.tar.gz | tar xvf –
#cd mrtg-2.9.18pre4
#wget http://people.ee.ethz.ch/~oetiker/webtools/mrtg/pub/mrtg-2.9.18.tar.gz
#gunzip
-c
mrtg-2.9.18.tar.gz
|
tar xvf #cd
mrtg-2.9.18
Following command is to be given in single line.
#./configure --prefix=/usr/local/mrtg-2 --with-gd=/usr/local/src/gd --with-z=/usr/local/src/zlib -with-png=/usr/local/src/libpng
#make
#make install
F-2
Configuring MRTG for a node e.g Shimla (Shimla MRTG is to be
implemented at Chandigarh as given in Table-1) :
#cd
/usr/local/mrtg-2/bin
#mkdir –p
/var/www/html/<node-name>
In this case<node-name> would be shimla.
Before proceeding ahead, please ensure that all the interfaces on Shimla router
have the proper description i.e. description command should have been specified
for all the interfaces. (For this Chandigarh node-in-charge must coordinate with
Shimla node-in-charge)
Following command is to be given in single line. <snmp-community> for nodes
must be asked from Data Networks on phone number: 011-3737572/3737571.In
this case <snmp-community> for Shimla would be required. Node router IPs are
given in Table 2. In this case <node-router-ip>,would be 61.0.237.144 and in
the field <node-name>, shimla should be given
#./cfgmaker --no-down --global 'WorkDir: /var/www/html/<node-name>' --global
'Options[_]: bits,growright' <snmp-community>@<node router-ip> > <node-name>.cfg
Run MRTG for the node like Shimla in this case by giving the command
#/usr/local/mrtg-2/bin/mrtg
/usr/local/mrtg-2/bin/<node-name>.cfg &
Data Networks Circle, Jan 2003
-3-
It will generate many files in /var/www/html/<node-name>
#cd /etc
Now to configure MRTG to run continuously. Put the following line at the end
of the crontab file with the help of vi editor. (A summary of vi commands can be
obtained from Internet at http://www.bris.ac.uk/is/selfhelp/documentation/vi-r2/vir2.htm).
#vi
crontab
*/5 * * * * root /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/bin/<node-name>.cfg --logging
/var/log/mrtg.log
After adding the above line save crontab file and exit then restart crond by
giving following commands
#cd
/etc/init.d/
#./crond
restart
Now make html file for the node.
#cd
/usr/local/mrtg-2/bin/
Following is the single command.
#/usr/local/mrtg-2/bin/indexmaker -section=descr -sort=descr -columns=2 --show=none -title="MRTG
for <node-name> Router" <node-name>.cfg > /var/www/html/<node-name>/<node-name>.html
Now the MRTG graphs can be seen for the node in this case Shimla from any
Internet connected browser by giving URL as
http://<ip_of_MRTG PC>/<node-name>/<node_name>.html
The step number F-2 is to be repeated for all the nodes whose MRTG is to be
implemented as defined in Table-1.
F-3
Procedure for protecting the MRTG with password :
In order to protect MRTG from unauthorized viewing, password protection to
MRTG site should be implemented.
#cd
/var/www/html
Create a file .htaccess with the vi editor
#vi
.htaccess
The following lines must be inserted in this file . <your-node-name> is the name
of the node which is implementing MRTG , like in this case Chandigarh.
AuthName
AuthType
AuthUserFile
AuthGroupFile
Data Networks Circle, Jan 2003
"Restricted Access for MRTG of <your-node-name>"
Basic
/var/www/html/.htpasswd
/dev/null
-4-
Require user
mrtg-<your-node-name>
After inserting these lines , save the file .htaccess and exit from vi.
Now give the command
#htpasswd
-c
/var/www/html/.htpasswd mrtg-<your-node-name>
This command will prompt for the password, give the password and remember this password.
This password along with the login name which is mrtg-<your-node-name>, should be
communicated to the concerned Circle Coordinator, Mr Dhirendra Verma, ADET,Data Networks
(011-3737572) and the nodes whose MRTG has been implemented in this machine.
Now give the following command :
#cd
/etc/httpd/conf
Open the file httpd.conf with vi editor
# vi
httpd.conf
In this file look for the following line :
"This controls which options the .htaccess files in directories can override. Can also be "All", or
any combination of "Options", "FileInfo", "AuthConfig"", and "Limit".
AllowOverride None
Change the line, "AllowOverride None" to "AllowOverride All" ,if required
Now restart the Apache web server by following commands
#cd
/etc/init.d
# ./httpd
restart
G.
Securing the MRTG PC: (The implementation of this section is mandatory)
To secure the MRTG PC , it is essential to do the following:1. PC power-on password must be configured.
2. Only these services: xinetd, httpd, crond, ipchains, iptable and network should be enabled. This
can be done by giving the following command
#setup
Then choose "system services", and select only the services mentioned above. De-select all
the others.
3.
Use IPCHAINS to prevent unauthorized access to the MRTG PC. The following commands are
to be given
#ipchains -F input
#ipchains -P input DENY
#ipchains -A input -j ACCEPT -p tcp -s 61.0.0.0/15 -d <IP addr. of MRTG PC>/32
#ipchains -A input -j ACCEPT -p tcp -s 210.212.79.224/27 -d <IP addr. of MRTG PC>/32
#ipchains -A input -j ACCEPT -p udp -s 61.0.0.0/15 -d <IP addr. of MRTG PC>/32
#ipchains -A input -j ACCEPT -p udp -s 210.212.79.224/27 -d <IP addr. of MRTG PC>/32
After carrying out all the steps , the MRTG is ready for use. MRTG PC must be kept on and is
not to be switched off. MRTG PC would be used only for MRTG purposes, no activities like
browsing and mail are allowed from this PC. Node-in-charges must check daily, that the MRTG
is running.
Data Networks Circle, Jan 2003
-5-
H.
Procedure for reinstalling the MRTG after the new cards insertion:
Assumption: MRTG is running and updating the data after every 5 minutes.
Procedure:
Go to the html directory.
#cd
/var/www/html
First take the backup of the existing running MRTG for all the nodes. The following
command would move existing directory with a different name (e.g. for taking backup of shimla
on 25-Dec,2002 the backup directory name would become shimla-251202)
#mv
<node-name> <node-name>-ddmmyy
Repeat the above command for all the nodes for which MRTG is working from a particular node.
Now follow the given commands set below (in orange color) for each node for which MRTG has
to be installed.
#mkdir -p
/var/www/html/<node-name>
#cd
/usr/local/mrtg-2/bin/
#./cfgmaker --no-down --global 'WorkDir: /var/www/html/<node-name>' --global
'Options[_]: bits,growright' <snmp-community>@<node router-ip> > <node-name>.cfg
Now restart the Apache web server by following commands
#cd
/etc/init.d
# ./httpd
restart
Wait here for at-least 10 minutes.
#cd
/usr/local/mrtg-2/bin/
#/usr/local/mrtg-2/bin/indexmaker -section=descr -sort=descr -columns=2 --show=none -title="MRTG
for <node-name> Router" <node-name>.cfg > /var/www/html/<node-name>/<node-name>.html
Now the MRTG graphs can be seen for the node from any Internet connected
browser by giving URL as
http://<ip_of_MRTG PC>/<node-name>/<node_name>.html
After every 5 minutes, the data should be updated and the WAN links on new
cards slot should be visible in MRTG.
Any feedback on this document should be forwarded to Mr. Dhirendra Verma,
DE(Tech-1),DNW on [email protected]
Data Networks Circle, Jan 2003
-6-
Annexure-1
Help URL’s for working on Linux
Following link may be referred for operation of “vi” editor.
http://www.mdstud.chalmers.se/~md0claes/vi-commands.html
For basic linux/unix commands, refer to:
http://tardis.csudh.edu/linux/commands/
Data Networks Circle, Jan 2003
-7-
Table 1
S No
Node Name
IP address
Mask
Gateway
1.
2.
Bangalore
Calcutta
61.1.128.124
61.0.128.124
255.255.255.192
255.255.255.192
61.1.128.94
61.0.128.94
3.
Chennai
61.1.192.124
255.255.255.192
61.1.192.94
4.
5.
Mumbai
New Delhi
61.1.64.124
61.0.0.25
255.255.255.192
255.255.255.192
61.1.64.94
61.0.0.30
6.
7.
Pune
Ahmedabad
61.1.96.124
61.1.32.58
255.255.255.192
255.255.255.192
61.1.96.124
61.1.32.46
8.
Ernakulam
61.1.224.58
255.255.255.192
61.1.224.46
9.
Hyderabad
61.1.160.124
255.255.255.128
61.1.160.94
10.
Indore
61.1.0.58
255.255.255.192
61.1.0.46
11.
12.
Jaipur
Lucknow
61.0.192.58
61.0.96.58
255.255.255.192
255.255.255.192
61.0.192.46
61.0.96.46
13.
Chandigarh
61.0.65.188
255.255.255.192
61.0.65.174
14.
Patna
61.0.160.58
255.255.255.192
61.0.160.46
Data Networks Circle, Jan 2003
-8-
Nodes
to
be
covered
Bangalore, Mysore
Calcutta, Guwahati,
Shillong
Chennai, Madurai,
Coimbatore
Mumbai, Nasik
New Delhi, Agra,
Faridabad,
Ghaziabad,
Gurgaon, Meerut,
Noida
Pune, Nagpur
Ahemdabad,
Rajkot, Vadodara,
Surat
Ernakulam,
Trivandrum
Hyderabad,
Bhubneshwar,
Vizag
Indore,
Bhopal,
Gwalior, Jabalpur
Jaipur, Jodhpur
Lucknow, Kanpur,
Varanasi,
Allahabad
Ludhiana,
Amritsar,
Jallandhar, Jammu,
Shimla, Chandigarh
Patna
TABLE-2
LOOPBACK ADDRESSES
A- Type Locations
61.0.239.16
61.0.239.32
61.0.239.48
61.0.239.64
61.0.239.80
61.0.239.96
61.0.239.112
61.0.239.128
61.0.239.144
61.0.239.160
61.0.239.176
61.0.239.192
61.0.239.208
61.0.239.224
61.0.238.0
61.0.238.16
61.0.238.32
61.0.238.48
61.0.238.64
61.0.238.80
61.0.238.96
61.0.238.112
61.0.238.128
61.0.238.144
61.0.238.160
61.0.238.176
61.0.238.192
61.0.238.208
61.0.238.224
61.0.238.240
61.0.237.0
61.0.237.16
61.0.237.32
61.0.237.48
61.0.237.64
61.0.237.80
61.0.237.96
61.0.237.112
61.0.237.128
61.0.237.144
61.0.237.160
61.0.237.176
61.0.237.192
61.0.237.208
61.0.237.224
Data Networks Circle, Jan 2003
Bangalore
Calcutta
Chennai
Mumbai
New Delhi
Pune
Ahmedabad
Ernakulam
Hyderabad
Indore
Jaipur
Lucknow
Ludhiana
Patna
(B Type)
Agra
Allahabad
Amritsar
Bhopal
Bhubaneshwar
Chandigarh
Coimbatore
Faridabad
Ghaziabad
Gurgaon
Guwahati
Gwalior
Jabalpur
Jallandhar
Jammu
Jodhpur
Kanpur
Madurai
Meerut
Mysore
Nagpur
Nashik
Noida
Rajkot
Shillong
Shimla
Surat
Trivandrum
Vadodara
Varansai
Vizag
-9-