Saturday, July 25, 2009

MRTG, SNMP Configuration on SQUID



We re-install RHEL on our Proxy server as we have two sata 160 GB hard drive each. we also did RAID-1 configuration on it. Now after successfull configuration of Squid we have to install MRTG and SARG for report generation, i will talk about MRTG here in detail. so first thing is to check that wheather our web services is running or not, if not so we have to start the services.


[root@pswproxy ~]# service httpd start


After entering this command i got an error that unable to identify fully qualified domain name, so it means we have to identify the fully qualified domain name

[root@pswproxy ~]# vi /etc/httpd/conf/httpd.conf

Uncomment this line and put your FQDN: ServerName pswbackupproxy:80

Now restart the web services it will work

[root@pswproxy ~]# service httpd restart

Now to install and configure MRTG we have to install and configure SNMP, if you have SNMP install then move to Step #5 directly, lets look

Step # 1 : Check SNMP server Status

To check wheather SNMP is install or not use following RPM query command:

[root@pswproxy ~]# rpm -qa | grep snmp

In my case it was already install, following are the rpm that are install on my machine
net-snmp-libs-5.1.2-11.EL4.11
net-snmp-5.1.2-11.EL4.11
php-snmp-4.3.9-3.22.9
net-snmp-libs-5.1.2-11.EL4.11
net-snmp-utils-5.1.2-11.EL4.11
net-snmp-devel-5.1.2-11.EL4.11
net-snmp-perl-5.1.2-11.EL4.11

If its not install on your machine then use the following command if you have Fedora repositray

[root@pswproxy ~]# yum install net-snmp-utils net-snmp

or If you have RHEL the use the following command

[root@pswproxy ~]# up2date -v -i net-snmp-utils net-snmp

Step # 2 : Check status of snmp server

Check 'ps' comamnd to find out wheather snmp is running or not

[root@pswproxy ~]# ps -aux | grep snmp

Make sure snmpd service starts automatically, when linux comes online

[root@pswproxy ~]# chkconfig --add snmpd


Step # 3 : Make sure snmp server configured properly

Run snmpwalk utility to request for tree of information about network entity. In other words query snmp server for your IP address (assigned to eth0, eth1, lo etc):

[root@pswproxy ~]# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

If you can see your IP address then please proceed to step 4; else you have to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason) and in my case it was also not configured so lets look at the detail steps:

SNMP Configuration:

1: Edit file /etc/snmp/snmpd.conf using text editor:

[root@pswproxy ~]# vi /etc/snmp/snmpd.conf

Change/Modify line(s) as follows, Find following Line:

com2sec notConfigUser default public

Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:

com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public

Scroll down a bit and Find Lines:

group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser

Replace
with:

group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork


Again scroll down bit and locate following line, Find line:

view systemview included system

Replace
with:

view all included .1 80

Again scroll down bit and change, Find line:

access notConfigGroup "" any noauth exact systemview none none

Replace
with:

access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none


Scroll down bit and change, Find lines:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)

Replace
with:

syslocation Linux (RH3_UP2), Home Linux Router.
syscontact Vivek G Gite


Start your snmp server and test it:

(a) Make sure when linux comes up snmpd always starts:

[root@pswproxy ~]# chkconfig snmpd on

(b) Make sure service start whenever Linux comes up (after reboot):

[root@pswproxy ~]# service snmpd start

(c) Finally test your snmp server:

[root@pswproxy ~]# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Step # 4 : Install MRTG if not Installed

Mrtg software may install during initial installation, you can verify if MRTG installed or not with following RPM command:

[root@pswproxy ~]# rpm -qa | grep mrtg

In my case it was installed as the following shown,
mrtg-2.10.15-2a

if it is not installedon your mcahine then use any of the following command depend on your repository

For Linux User
[root@pswproxy ~]# up2date -v -i mrtg

For Fedora user
[root@pswproxy ~]# yum install mrtg

Step # 5 : MRTG Configuration

(a) Create document root to store mrtg graphs/html pages:
[root@pswproxy ~]# mkdir -p /var/www/html/mymrtg/

(b) Run any one of the following cfgmaker command to create mrtg configuration file:
[root@pswproxy ~]#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output
/etc/mrtg/mymrtg.cfg public@localhost


OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router FQDN address)

[root@pswproxy ~]# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg public@rh9.test.com

(c) Create default index page for your MRTG configuration:

[root@pswproxy ~]# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg

(d) Copy all tiny png files to your mrtg path,

[root@pswproxy ~]# cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/

Step # 6 First test mrtg, run of mrtg

(a) Run mrtg command from command line with your configuration file:

[root@pswbackupproxy /]# mrtg /etc/mrtg/mymrtg.cfg

I got an Error but after a little search i found the solution see below
-----------------------------------------------------------------------
ERROR: Mrtg will most likely not work properly when the environment
variable LANG is set to UTF-8. Please run mrtg in an environment
where this is not the case. Try the following command to start:

env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg
-----------------------------------------------------------------------

[root@pswproxy /]# env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg

NOTE: Avoid The Warning, you will see it for teh first time

Rateup WARNING: /usr/bin/rateup could not read the primary log file for localhost_2
Rateup WARNING: /usr/bin/rateup The backup log file for localhost_2 was invalid as well
Rateup WARNING: /usr/bin/rateup Can't remove localhost_2.old updating log file
Rateup WARNING: /usr/bin/rateup Can't rename localhost_2.log to localhost_2.old updating log file


Step # 7 Create crontab entry so that mrtg graph / images get generated every 5 minutes

(a) Login as a root user or login as a mrtg user and type following command:

[root@pswproxy /]# crontab -e

(b) Add mrtg cron job entry to configuration file (append following line to it):

*/5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg.cfg --logging /var/log/mrtg.log

Save file and you are done with MRTG config issues :)


Step # 8 Block ports 161 & 162 at firewall

You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server

(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):

SERVER="xxx.xxx.xxx.xxx"
[root@pswproxy /]# iptables -A OUTPUT -p udp -s $10.110.9.116 --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@pswproxy /]# iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):

SERVER="xxx.xxx.xxx.xxx"
[root@pswproxy /]# iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@pswproxy /]# iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


Change Server with your IP address


FOR IMAGE:

You can see the SNGPL monogram if you want to place your own so you just have to make change in the "index.html"

[root@pswbackupproxy ~]# cd /var/www/html/mymrtg/
[root@pswbackupproxy ~]# ls
[root@pswbackupproxy ~]#

index.html localhost_2.log localhost_2-week.png mrtg-m.png
localhost_2-day.png localhost_2-month.png localhost_2-year.png mrtg-r.png
localhost_2.html localhost_2.old mrtg-l.png sngpllogo.jpg

[root@pswbackupproxy mymrtg]# vi index.html

In first Figur The Whole while in secodn figure its for the specific interface like Ethernet 1 (outgoing Traffic)

I hope it will be informative for you people.

CHEERS

7 comments:

nayyares said...

MRTG is generic Graphical representation method, it is even can be configured for your server's health and performance, fo instance CACTI.

moreover i would be expecting from you to post step-by-step for MRTG with CISCO equipment. nice work done.

Haroon Ahmad said...

great work Sohail. Thumbs up!

Anonymous said...

Very soon this site will be famous amid all blogging viewers, due to it's pleasant content

My site; www.teenpornpost.com

Anonymous said...

replica watches, ugg boots, ralph lauren pas cher, oakley sunglasses, louis vuitton, nike roshe run, chanel handbags, burberry, kate spade outlet, louis vuitton outlet, nike outlet, longchamp, louboutin shoes, gucci outlet, ray ban sunglasses, air jordan pas cher, nike free, jordan shoes, sac longchamp, uggs on sale, louboutin, nike free, cheap oakley sunglasses, nike air max, prada outlet, air max, christian louboutin outlet, tory burch outlet, longchamp pas cher, polo ralph lauren outlet, ugg boots, polo ralph lauren outlet, louis vuitton, replica watches, nike air max, louboutin pas cher, oakley sunglasses, tiffany jewelry, oakley sunglasses, ray ban sunglasses, louis vuitton, prada handbags, michael kors, ray ban sunglasses, louis vuitton outlet, louboutin outlet, longchamp outlet, oakley sunglasses, longchamp outlet, tiffany and co

Anonymous said...

vans shoes, beats by dre, ghd, lancel, herve leger, new balance, ray ban, ralph lauren, abercrombie and fitch, celine handbags, north face outlet, birkin bag, louboutin, chi flat iron, soccer jerseys, nike air max, ferragamo shoes, mont blanc, insanity workout, hollister, jimmy choo shoes, nfl jerseys, soccer shoes, nike huarache, nike air max, nike roshe, wedding dresses, instyler, iphone cases, p90x workout, timberland boots, reebok shoes, mcm handbags, gucci, oakley, hollister, asics running shoes, valentino shoes, longchamp, converse, vans, converse outlet, baseball bats, hollister, north face outlet, bottega veneta, lululemon, babyliss, mac cosmetics, nike trainers

Anonymous said...

bottes ugg, ugg boots uk, ugg,uggs,uggs canada, canada goose uk, canada goose outlet, pandora jewelry, moncler, hollister, marc jacobs, swarovski, juicy couture outlet, replica watches, canada goose, moncler, swarovski crystal, links of london, wedding dresses, moncler outlet, thomas sabo, karen millen, pandora jewelry, moncler, montre pas cher, juicy couture outlet, ugg pas cher, louis vuitton, moncler, moncler, louis vuitton, moncler, louis vuitton, supra shoes, coach outlet, canada goose, toms shoes, ugg,ugg australia,ugg italia, moncler, doudoune canada goose, canada goose, canada goose outlet, louis vuitton, pandora charms, canada goose, sac louis vuitton pas cher, pandora charms

miki said...

0813jejebasket adidas nike pas cher Les travailleurs cortez nike femme kaki de la construction sont très souvent nike air max thea camel desert tenus de porter ces air jordan 11 retro price chaussures spécialement conçues par leurs asics gel lyte 3 pas cher chine employeurs. Ceux-ci sont généralement utilisés basket nike air tn dans de nombreux tournois sportifs internationaux. air jordan pas cher discount Il a reçu une air jordan noir homme pas cher réputation rapide et est cortez nike femme or devenu l'image avec le cow-boy américain. basket nike roshe run palmier