下面是在官方收集到的文档,然后集合在一起的(http://oss.oetiker.ch/mrtg):
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic. Check http://www.stat.ee.ethz.ch/mrtg/ to see what it does.
Go to http://oss.oetiker.ch/mrtg for all the details about mrtg.
MRTG works on most UNIX platforms and Windows NT.
MRTG is written in Perl and comes with full source.
MRTG Uses a highly portable SNMP implementation written entirely in Perl (thanks to Simon Leinen). There is no need to install any external SNMP package.
MRTG can read the new SNMPv2c 64bit counters. No more counter wrapping.
Router interfaces can be identified by IP address, description and ethernet address in addition to the normal interface number.
MRTG's logfiles do NOT grow thanks to the use of a unique data consolidation algorithm.
MRTG comes with a set of configuration tools which make configuration and setup very simple.
Time critical routines are written in C (thanks to the initiative of Dave Rand my Co-Author).
Graphics are generated directly in PNG format using the GD library by Thomas Boutell.
The look of the webpages produced by MRTG is highly configurable.
MRTG has built-in hooks for using RRDtool. If you are strapped for performance this may help.
MRTG consists of a Perl script which uses SNMP to read the traffic counters of your routers and a fast C program which logs the traffic data and creates beautiful graphs representing the traffic on the monitored network connection. These graphs are embedded into webpages which can be viewed from any modern Web-browser.
In addition to a detailed daily view, MRTG also creates visual representations of the traffic seen during the last seven days, the last five weeks and the last twelve months. This is possible because MRTG keeps a log of all the data it has pulled from the router. This log is automatically consolidated so that it does not grow over time, but still contains all the relevant data for all the traffic seen over the last two years. This is all performed in an efficient manner. Therefore you can monitor 200 or more network links from any halfway decent UNIX box.
MRTG is not limited to monitoring traffic, though. It is possible to monitor any SNMP variable you choose. You can even use an external program to gather the data which should be monitored via MRTG. People are using MRTG, to monitor things such as System Load, Login Sessions, Modem availability and more. MRTG even allows you to accumulate two or more data sources into a single graph.
In 1994 I was working at a site where we had one 64kbit line to the outside world. Obviously, everybody was interested in knowing how the link was performing. So I wrote a quick hack which created a constantly updated graph on the web that showed the traffic load on our Internet link. This eventually evolved into a rather configurable Perl script called MRTG-1.0 which I released in spring 1995. After a few updates, I left my job at DMU to start work at the Swiss Federal Institute of Technology. Due to lack of time I had to put MRTG aside. One day in January of 1996, I received email from Dave Rand asking if I had any ideas why MRTG was so slow. Actually, I did. MRTG's programming was not very efficient and it was written entirely in Perl. After a week or so, Dave wrote back to me and said he had tried what I had suggested for improving MRTG's speed. Since the changes did not help much, he had decided to rewrite the time-critical sections of MRTG in C. The code was attached to his email. His tool increased the speed of MRTG by a factor of 40! This got me out of my 'MRTG ignorance' and I started to spend my spare time developing of MRTG-2.
Soon after MRTG-2 development had begun I started to give beta copies to interested parties. In return I got many feature patches, a lot of user feedback and bug fixes. The product you are getting now wouldn't be in this state if it hadn't been for the great contributions and support I received from of many people. I would like to take this opportunity to thank them all. (See the files CHANGES for a long list of folk people who helped to make MRTG what it is today.)
Mrtg is also the name of the script you have to run to poll data and generate the graphs. Most configuration is set through the configuration file; some command-line options exist all the same.
Run as the given user and/or group. (Unix Only)
Use an alternate lock-file (the default is to use the configuration-file appended with _l
).
Use an alternate confcache-file (the default is to use the configuration-file appended with .ok
)
If this is set to writable filename, all output from mrtg (warnings, debug messages, errors) will go to filename. If you are running on Win32 you can specify eventlog instead of a filename which will send all error to the windows event log.
NOTE:Note, there is no Message DLL for mrtg. This has the side effect that the windows event logger will display a nice message with every entry in the event log, complaing about the fact that mrtg has no message dll. If any of the Windows folks want to contribute one, they are welcome.
Put MRTG into the background, running as a daemon. This works the same way as the config file option, but the switch is required for proper FHS operation (because /var/run is writable only by root)
Configure all mrtg paths to conform to the FHS specification; http://www.pathname.com/fhs/
Only check the cfg file for errors. Do not do anything.
Define the name and path of the pid file for mrtg running as a daemon
Only update the logfile, do not produce graphics or html pages
Enable debug options. The argument of the debug option is a comma separated list of debug values:
cfg - watch the config file reading dir - directory mangeling base - basic program flow tarp - target parser snpo - snmp polling fork - forking view time - some timing info log - logging of data via rateup or rrdtool
Example:
--debug="cfg,snpo"
MRTG comes to you in Source Code. This means that you have to compile parts of it before you can use it on a Unix machine. These instructions help you to do so.
In order to compile and use mrtg you need a C compiler and a copy of perl installed on your machine. In most cases this will already be available. In case it is not, here are some starting points. Below I'll give you a detailed run through the whole compilation process.
The GNU C compiler comes preinstalled on most of the free Unicies out there. For commercial derivatives you may have to download and compile it first. If you have no compiler at all there is a chicken and egg problem, but there are also precompiled versions of gcc available for most operating systems.
http://gcc.gnu.org/
Large parts of the MRTG system are written in the Perl scripting language. Make sure there is a recent copy of perl on your machine (try perl -v). At least version 5.005 is required for mrtg to work well. If you use SNMPV3 and other new features you should use at least 5.8.
You can get the latest perl from
http://www.perl.com/
MRTG generates traffic graphs in the PNG format. To be able to do this it needs several 3rd party libraries. When compiling these libraries I urge you to make sure you compile them as static libraries. There is just much less trouble ahead if you are doing it like this. See the Instructions in the next section for inspiration. Note that many free unices have all the required libraries already in place so there is no need to install another copy. To check it is best to skip all the library instructions below and go straight into the mrtg compile.
If the first attempt fails and you do not get a working version of mrtg, try compiling new copies of all libraries as explained below. Do this BEFORE you send email to me about problems compiling mrtg.
This is a basic graph drawing library created by Thomas Boutell. Note that all releases after Version 1.3 only create PNG images. This is because a) Thomas got into trouble because the GIF format which it used to produce uses a compression technology patented by Unisys. b) PNG is more efficient and patent free. MRTG can work with old and new version of the GD library. You can get a recent copy of GD from:
http://www.boutell.com/gd/
Is required by gd in order to produce PNG graphics files. Get it from:
http://www.libpng.org/pub/png/libpng.html
Is needed by libpng to compress the graphics files you create. Get a copy from
http://www.gzip.org/zlib
And last but not least you also need mrtg itself. In case you have not yet downloaded it, you can find a copy on my website:
http://oss.oetiker.ch/mrtg/pub
In this section I will give you step by step instructions on how to compile the various libraries required for the compilation of mrtg. Note that these libraries may already be installed if you have a *BSD or Linux system so you can skip recompiling them. The wget program used below is a simple web downloader. You can also enter the address into your netscape if you don't have wget available.
First let's create a directory for the compilation. Note that this may already exist on your system. No problem, just use it.
mkdir -p /usr/local/src cd /usr/local/src
If you do not have zlib installed:
wget http://www.zlib.net/zlib-1.2.3.tar.gz gunzip -c zlib-*.tar.gz | tar xf - rm zlib-*.tar.gz mv zlib-* zlib cd zlib ./configure make cd ..
If you don't have libpng installed
wget ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.40.tar.gz gunzip -c libpng-1.2.34.tar.gz | tar xf - mv libpng-* libpng cd libpng env CFLAGS="-O3 -fPIC" ./configure --prefix=$INSTALL_DIR make rm *.so.* *.so cd ..
And now you can compile gd
For versions up to 1.8.4, try:
wget http://www.boutell.com/gd/http/gd-1.8.4.tar.gz gunzip -c gd-*.tar.gz |tar xf - rm gd-*.tar.gz mv gd-* gd cd gd
The \ characters at the end of the following lines mean that all the following material should actually be written on a single line.
perl -i~ -p -e s/gd_jpeg.o//g Makefile make INCLUDEDIRS="-I. -I../zlib -I../libpng" \ LIBDIRS="-L../zlib -L. -L../libpng" \ LIBS="-lgd -lpng -lz -lm" \ CFLAGS="-O -DHAVE_LIBPNG" cd ..
For versions starting around 2.0.11, try:
wget http://www.boutell.com/gd/http/gd-2.0.33.tar.gz gunzip -c gd-2.0.33.tar.gz |tar xf - mv gd-2.0.33 gd cd gd env CPPFLAGS="-I../zlib -I../libpng" LDFLAGS="-L../zlib -L../libpng" \ ./configure --disable-shared --without-freetype --without-jpeg make cp .libs/* .
Ok, now everything is ready for the mrtg compilation.
cd /usr/local/src gunzip -c mrtg-2.16.4.tar.gz | tar xvf - cd mrtg-2.16.4
If all the libraries have been preinstalled on your system you can configure mrtg by doing a simple:
./configure --prefix=/usr/local/mrtg-2
Otherwise you may have to give some hints on where to find the various libraries required to compile mrtg:
./configure --prefix=/usr/local/mrtg-2 \ --with-gd=/usr/local/src/gd \ --with-z=/usr/local/src/zlib \ --with-png=/usr/local/src/libpng
If you have RRDtool available you might want to tell mrtg about it so that you can opt to use rrdtool with mrtg. Check mrtg-rrd.
Configure will make sure your environment is fit for building mrtg. If it finds a problem, it will tell you so and it will also tell you what to do about it. If everything is OK, you will end up with a custom Makefile for your system. Now type:
make
This builds the rateup binary and edits all the perl pathnames in the scripts. You can now install mrtg by typing
make install (requires gnu install)
All the software required by MRTG is now installed under the /usr/local/mrtg-2 subdirectory.
You can now safely delete the libraries we compiled above. Then again, you might want to keep them around so that you have them available when compiling the next version of mrtg.
The next step is to configure mrtg for monitoring a network device. This is done by creating an mrtg.cfg file which defines what you want to monitor. Luckily, you don't have to dive straight in and start writing your own configuration file all by yourself. Together with mrtg you also got a copy of cfgmaker. This is a script you can point at a router of your choice; it will create a mrtg configuration file for you. You can find the script in the bin subdirectory.
cfgmaker --global 'WorkDir: /home/httpd/mrtg' \ --global 'Options[_]: bits,growright' \ --output /home/mrtg/cfg/mrtg.cfg \ [email protected]
This example above will create an mrtg config file in /home/mrtg/cfg assuming this is a directory visible on your webserver. You can read all about cfgmaker in cfgmaker. One area you might want to look at is the possibility of using --ifref=ip to prevent interface renumbering troubles from catching you.
If you want to start rolling your own mrtg configuration files, make sure you read mrtg-reference to learn all about the possible configuration options.
Once you have created a configuration file, try the following:
/usr/local/mrtg-2/bin/mrtg /home/mrtg/cfg/mrtg.cfg
This will query your router and also create your first mrtg trafic graphs and webpages. When you run mrtg for the first time there will be a lot of complaints about missing log files. Don't worry, this is normal for the first 2 times you start mrtg. If it keeps complaining after this time you might want to look into the problem.
Starting mrtg by hand is not ideal in the long run. So when you are satisfied with the results you can automate the process of running mrtg in regular intervals (this means every 5 minutes by default).
You can either add mrtg to your crontab with a line like this:
0,5,10,15,20,25,30,35,40,45,50,55 * * * * \ <mrtg-bin>/mrtg <path to mrtg-cfg>/mrtg.cfg \ --logging /var/log/mrtg.log
or if you live in Linux Land the line may look like this if you are using crontab -e
*/5 * * * * <mrtg-bin>/mrtg <path to mrtg-cfg>/mrtg.cfg \ --logging /var/log/mrtg.log
or like this if you use /etc/crontab
*/5 * * * * mrtg-user <mrtg-bin>/mrtg <path to mrtg-cfg>/mrtg.cfg \ --logging /var/log/mrtg.log
You can also run mrtg as a daemon process by adding the line
RunAsDaemon: Yes
to your mrtg configuration file and then creating a startup script in your system startup sequence. Unfortunately, adding startup scripts differs widely amongst different unix systems. The modern ones normally have a directory called /etc/init.d or /etc/rc.d/init.d where you put scripts which starts the process you want to run when the system boots. Further you must create a symbolic link in /etc/rc3.d or /etc/rc.d/rc?.d called S65mrtg (this is just a sample name ... it is just important that it starts with S followed by a two digit number). If you are not sure about this, make sure you consult the documentation of your system to make sure you get this right.
A minimal script to put into init.d might look like this:
#! /bin/sh cd /usr/local/mrtg-2.16.4/bin && ./mrtg --user=mrtg-user \ /home/httpd/mrtg/mrtg.cfg --logging /var/log/mrtg.log
Note that this will only work with RunAsDaemon: Yes in your mrtg.cfg file.
The runtime behaviour of MRTG is governed by a configuration file. Run-of-the-mill configuration files can be generated with cfgmaker. (Check cfgmaker). But for more elaborate configurations some hand-tuning is required.
This document describes all the configuration options understood by the mrtg software.
MRTG configuration file syntax follows some simple rules:
Include: base-options.inc
Include: servers/*.cfg
WorkDir specifies where the logfiles and the webpages should be created.
Example:
WorkDir: /usr/tardis/pub/www/stats/mrtg
HtmlDir specifies the directory where the html (or shtml, but we'll get on to those later) lives.
NOTE: Workdir overrides the settings for htmldir, imagedir and logdir.
Example:
Htmldir: /www/mrtg/
ImageDir specifies the directory where the images live. They should be under the html directory.
Example:
Imagedir: /www/mrtg/images
LogDir specifies the directory where the logs are stored. This need not be under htmldir directive.
Example:
Logdir: /www/mrtg/logs
With system that supports fork (UNIX for example), mrtg can fork itself into multiple instances while it is acquiring data via snmp.
For situations with high latency or a great number of devices this will speed things up considerably. It will not make things faster, though, if you query a single switch sitting next door.
As far as I know NT can not fork so this option is not available on NT.
Example:
Forks: 4
When set to yes, IPv6 support is enabled if the required libraries are present (see the mrtg-ipv6 manpage). When IPv6 is enabled, mrtg can talk to routers using SNMP over IPv6 and targets may be specified by their numeric IPv6 addresses as well as by hostname or IPv4 address.
If IPv6 is enabled and the target is a hostname, mrtg will try to resolve the hostname to an IPv6 address and, if this fails, to an IPv4 address. Note that mrtg will only use IPv4 if you specify an IPv4 address or a hostname with no corresponding IPv6 address; it will not fall back to IPv4 if it simply fails to communicate with the target using IPv6. This is by design.
Note that many routers do not currently support SNMP over IPv6. Use the IPv4Only per target option for these routers.
IPv6 is disabled by default.
Example:
EnableIPv6: Yes
When set to yes, uses the Net::SNMP module instead of the SNMP_SESSION module for generating snmp queries. This allows the use of SNMPv3 if other snmpv3 parameters are set.
SNMPv3 is disabled by default.
Example:
EnableSnmpV3: yes
How many seconds apart should the browser (Netscape) be instructed to reload the page? If this is not defined, the default is 300 seconds (5 minutes).
Example:
Refresh: 600
How often do you call mrtg? The default is 5 minutes. If you call it less often, you should specify it here. This does two things:
In this example, we tell mrtg that we will be calling it every 10 minutes. If you are calling mrtg every 5 minutes, you can leave this line commented out.
Example:
Interval: 10
Note that unless you are using rrdtool you can not set Interval to less than 5 minutes. If you are using rrdtool you can set interval in the format
Interval: MM[:SS]
Down to 1 second. Note though, setting the Interval for an rrdtool/mrtg setup will influence the initial creation of the database. If you change the interval later, all existing databases will remain at the resolution they were initially created with. Also note that you must make sure that your mrtg-rrd Web-frontend can deal with this kind of Interval setting.
MRTG relies heavily on the real time clock of your computer. If the time is set to a wrong value, especially if it is advanced far into the future, this will cause mrtg to expire lots of supposedly old data from the log files.
To prevent this, you can add a 'reasonability' check by specifying a maximum age for log files. If a file seems to be older, mrtg will not touch it but complain instead, giving you a chance to investigate the cause.
Example:
MaxAge: 7200
The example above will make mrtg refuse to update log files older than 2 hours (7200 seconds).
With this switch mrtg will generate .meta files for CERN and Apache servers which contain Expiration tags for the html and gif files. The *.meta files will be created in the same directory as the other files, so you will have to set "MetaDir ." and "MetaFiles on" in your apache.conf or .htaccess file for this to work
NOTE: If you are running Apache-1.2 or later, you can use the mod_expire to achieve the same effect ... see the file htaccess.txt
Example:
WriteExpires: Yes
Normally we ask the SNMP device for 'sysUptime' and 'sysName' properties. Some do not have these. If you want to avoid getting complaints from mrtg about these missing properties, specify the nomib2 option.
An example of agents which do not implement base mib2 attributes are Computer Associates - Unicenter TNG Agents. CA relies on using the base OS SNMP agent in addition to its own agents to supplement the management of a system.
Example:
NoMib2: Yes
Some SNMP implementations can not deal with requests asking for multiple snmp variables in one go. Set this in your cfg file to force mrtg to only ask for one variable per request.
Examples
SingleRequest: Yes
Apart from the per target timeout options, you can also configure the behaviour of the snmpget process on a more profound level. SnmpOptions accepts a hash of options. The following options are currently supported:
timeout => $default_timeout, retries => $default_retries, backoff => $default_backoff, default_max_repetitions => $max_repetitions, use_16bit_request_ids => 1, lenient_source_port_matching => 0, lenient_source_address_matching => 1
The values behind the options indicate the current default value. Note that these settings OVERRIDE the per target timeout settings.
A per-target SnmpOptions[] keyword will override the global settings. That keyword is primarily for SNMPv3.
The 16bit request ids are the only way to query the broken SNMP implementation of SMC Barricade routers.
Example:
SnmpOptions: retries => 2, only_ip_address_matching => 0
Note that AS/400 snmp seems to be broken in a way which prevents mrtg from working with it unless
SnmpOptions: lenient_source_port_matching => 1
is set.
If you want to keep the mrtg icons in someplace other than the working (or imagedir) directory, use the IconDir variable for defining the url of the icons directory.
Example:
IconDir: /mrtgicons/
Load the MIB file(s) specified and make its OIDs available as symbolic names. For better efficiancy, a cache of MIBs is maintained in the WorkDir.
Example:
LoadMIBs: /dept/net/mibs/netapp.mib,/usr/local/lib/ft100m.mib
Switch output format to the selected Language (Check the translate directory to see which languages are supported at the moment. In this directory you can also find instructions on how to create new translations).
Currently the following laguages are supported:
big5 brazilian bulgarian catalan chinese croatian czech danish dutch eucjp french galician gb gb2312 german greek hungarian icelandic indonesia iso2022jp italian korean lithuanian malay norwegian polish portuguese romanian russian russian1251 serbian slovak slovenian spanish swedish turkish ukrainian
Example:
Language: danish
Setting LogFormat to 'rrdtool' in your mrtg.cfg file enables rrdtool mode. In rrdtool mode, mrtg relies on rrdtool to do its logging. See mrtg-rrd.
Example:
LogFormat: rrdtool
If you are using rrdtool mode and your rrdtool Perl module (RRDs.pm) is not installed in a location where perl can find it on its own, you can use LibAdd to supply an appropriate path.
Example:
LibAdd: /usr/local/rrdtool/lib/perl/
If the rrdtool executable can not be found in the normal PATH
, you can use this keyword to add a suitable directory to your path.
Example:
PathAdd: /usr/local/rrdtool/bin/
If you are running RRDTool 1.4 or later with rrdcached, then you can configure MRTG to take advantage of this for updates, either by using the RRDCACHED_ADDRESS environment variable, or by setting the RRDCached keyword in the configuration file. Note that, if both are set, the configuration file keyword will take precedence.
Only UNIX domain sockets are fully supported prior to RRDTool v1.5, and you should note that using RRDCached mode will disable all Threshold checking normally done by MRTG. Appropriate warning messages will be printed if necessary.
Examples:
RRDCached: unix:/var/tmp/rrdcached.sock RRDCached: localhost:42217
The RunAsDaemon keyword enables daemon mode operation. The purpose of daemon mode is that MRTG is launched once and not repeatedly (as it is with cron). This behavior saves computing resourses as loading and parsing of configuration files happens only once on startup, and if the configuration file is modified.
Using daemon mode MRTG itself is responible for timing the measurement intervals. Therfore its important to set the Interval keyword to an apropiate value.
Note that when using daemon mode MRTG should no longer be started from cron as each new process runs forever. Instead MRTG should be started from the command prompt or by a system startup script.
If you want mrtg to run under a particular user and group (it is not recomended to run MRTG as root) then you can use the --user=user_name and --group=group_name options on the mrtg commandline.
mrtg --user=mrtg_user --group=mrtg_group mrtg.cfg
Also note that in daemon mode restarting the process is required in order to activate changes in the config file.
Under UNIX, the Daemon switch causes mrtg to fork into background after checking its config file. On Windows NT the MRTG process will detach from the console, but because the NT/2000 shell waits for its children you have to use this special start sequence when you launch the program:
start /b perl mrtg mrtg.cfg
You may have to add path information equal to what you add when you run mrtg from the commandline.
Example
RunAsDaemon: Yes Interval: 5
This makes MRTG run as a daemon beginning data collection every 5 minutes
If you are daemontools and still want to run mrtg as a daemon you can additionally specify
NoDetach: Yes
this will make mrtg run but without detaching it from the terminal.
If the modification date on the configuration file changes during operation, then MRTG will re-read the configuration on the next polling cycle. Note that sub-files which are included from the main configuration do not have their modification times monitored, only the top-level file is so checked.
Some devices may produce non-numeric values that would nevertheless be useful to graph with MRTG if those values could be converted to numbers. The ConversionCode keyword specifies the path to a file containing Perl code to perform such conversions. The code in this file must consist of one or more Perl subroutines. Each subroutine must accept a single string argument and return a single numeric value. When RRDtool is in use, a decimal value may be returned. When the name of one of these subroutines is specified in a target definition (see below), MRTG calls it twice for that target, once to convert the the input value being monitored and a second time to convert the output value. The subroutine must return an undefined value if the conversion fails. In case of failure, a warning may be posted to the MRTG log file using Perl's warn function. MRTG imports the subroutines into a separate name space (package MRTGConversion), so the user need not worry about pollution of MRTG's global name space. MRTG automatically prepends this package declaration to the user-supplied code.
Example: Suppose a particular OID returns a character string whose length is proportional to the value to be monitored. To convert this string to a number that can be graphed by MRTG, create a file arbitrarily named "MyConversions.pl" containing the following code:
# Return the length of the string argument sub Length2Int { my $value = shift; return length( $value ); }
Then include the following global keyword in the MRTG configuration file (assuming that the conversion code file is saved in the mrtg/bin directory along with mrtg itself):
ConversionCode: MyConversions.pl
This will cause MRTG to include the definition of the subroutine Length2Int in its execution environment. Length2Int can then be invoked on any target by appending "|Length2Int" to the target definition as follows:
Target[myrouter]: 1.3.6.1.4.1.999.1&1.3.6.1.4.1.999.1:public@mydevice|Length2Int
See "Extended Host Name Syntax" below for complete target definition syntax information.
Each monitoring target must be identified by a unique name. This name must be appended to each parameter belonging to the same target. The name will also be used for naming the generated webpages, logfiles and images for this target.
With the Target keyword you tell mrtg what it should monitor. The Target keyword takes arguments in a wide range of formats:
The most basic format is "port:community@router" This will generate a traffic graph for the interface 'port' of the host 'router' (dns name or IP address) and it will use the community 'community' (snmp password) for the snmp query.
Example:
Target[myrouter]: 2:[email protected]
If your community contains a "@" or a " " these characters must be escaped with a "\".
Target[bla]: 2:stu\ pi\@d@router
If you have a fast router you might want to try to poll the ifHC* counters. This feature gets activated by switching to SNMPv2c. Unfortunately not all devices support SNMPv2c yet. If it works, this will prevent your counters from wraping within the 5 minute polling interval, since we now use 64 bit instead of the normal 32 bit.
Example:
Target[myrouter]: 2:public@router1:::::2
As an alternative to SNMPv2c, SNMPv3 provides access to the ifHC* counters, along with encryption. Not all devices support SNMPv3, and you will also need the perl Net::SNMP library in order to use it. It is recommended that cfgmaker be used to generate configurations involving SNMPv3, as it will check if the Net::SNMP library is loadable, and will switch to SNMPv2c if v3 is unavailable.
SNMP v3 requires additional authentication parameters, passed using the SnmpOptions[] per-target keyword.
Example: Target[myrouter]: 2:router1:::::3 SnmpOptions[myrouter]: username=>'user1'
Not all routers that support SNMPv2 or SNMPv3 provide the ifHC* counters on every interface. The noHC[] per-target keyword signals that the low-speed counters ifInOctets and ifOutOctets should be queried instead. cfgmaker will automatically insert this tag if SNMPv2 or SNMPv3 is specified but the ifHC* counters are unavailable.
Example: Target[myrouter]: #Bri0:router1:::::3 SnmpOptions[myrouter]: username=>'user1' noHC[myrouter]: yes
Sometimes you are sitting on the wrong side of the link, and you would like to have mrtg report Incoming traffic as Outgoing and vice versa. This can be achieved by adding the '-' sign in front of the "Target" description. It flips the incoming and outgoing traffic rates.
Example:
Target[ezci]: -1:[email protected]
You can also explicitly define which OID to query by using the following syntax 'OID_1&OID_2:community@router' The following example will retrieve error counts for input and output on interface 1. MRTG needs to graph two variables, so you need to specify two OID's such as temperature and humidity or error input and error output.
Example:
Target[myrouter]: 1.3.6.1.2.1.2.2.1.14.1&1.3.6.1.2.1.2.2.1.20.1:public@myrouter
MRTG knows a number of symbolic SNMP variable names. See the file mibhelp.txt for a list of known names. One example are the ifInErrors and ifOutErrors. This means you can specify the above as:
Example:
Target[myrouter]: ifInErrors.1&ifOutErrors.1:public@myrouter
It may be that you want to monitor an snmp object that is only reachable by 'walking'. You can get mrtg to walk by prepending the OID with the string WaLK or if you want a particular entry from the table returned by the walk you can use WaLKx where x is a number starting from 0 (!).
Example:
Target[myrouter]: WaLKstrangeOid.1&WaLKstrangeOid.2:public@myrouter Target[myrouter]: WaLK3strangeOid.1&WaLK4strangeOid.2:public@myrouter
A special case of an snmp object that is only reachable by 'walking' occurs when a single snmpgetnext will return the correct value, but snmpwalk fails. This may occur with snmp V2 or V3, as the snmpgetbulk method is used in these versions. You can get mrtg to use getnext instead of getbulk by prepending the OID with the string GeTNEXT.
Example:
Target[myrouter]: GeTNEXTstrangeOid&GeTNEXTstrangeOid:public@myrouter
In other situations, an snmpwalk is needed to count rows, but the actual data is uninteresting. For example, counting the number of mac-addresses in a CAM table, or the number of simultaneous dialup sessions. You can get MRTG to count the number of instances by prepending the OID with the string CnTWaLK. The following will retrieve the number of simultaneous VOIP calls on some routers:
Example:
Target[myrouter]: CnTWaLK1.3.6.1.4.1.9.10.55.1.1.1.1.3&CnTWaLK1.3.6.1.4.1.9.10.55.1.1.1.1.3:public@myrouter
Sometimes SNMP interface index can change, like when new interfaces are added or removed. This can cause all Target entries in your config file to become offset, causing MRTG to graphs wrong instances etc. MRTG supports IP address instead of ifindex in target definition. Then MRTG will query snmp device and try to map IP address to the current ifindex. You can use IP addresses in every type of target definition by adding IP address of the numbered interface after OID and separation char '/'.
Make sure that the given IP address is used on your same target router, especially when graphing two different OIDs and/or interface split by '&' delimiter.
You can tell cfgmaker to generate such references with the option --ifref=ip.
Example:
Target[myrouter]: /1.2.3.4:[email protected] Target[ezci]: -/1.2.3.4:[email protected] Target[myrouter]: ifInErrors/1.2.3.4&ifOutErrors/1.2.3.4:public@myrouter
If you can not use IP addresses you might want to use the interface names. This works similar to the IP address aproach except that the prefix to use is a \ instead of a /
You can tell cfgmaker to generate such references with the option --ifref=descr.
Example:
Target[myrouter]: \My-Interface2:[email protected] Target[ezci]: -\My-Interface2:[email protected] Target[myrouter]: ifInErrors\My-If2&ifOutErrors\My-If3:public@myrouter
If your description contains a "&", a ":", a "@" or a " " you can include them but you must escape with a backlash:
Target[myrouter]: \fun\:\ ney\&ddd:[email protected]
This is the only sensible way to reference the interfaces of your switches.
You can tell cfgmaker to generate such references with the option --ifref=name.
Example:
Target[myrouter]: #2/11:[email protected] Target[ezci]: -#2/11:[email protected] Target[myrouter]: ifInErrors#3/7&ifOutErrors#3/7:public@myrouter
If your description contains a "&", a ":", a "@" or a " " you can include them but you must escape with a backlash:
Target[myrouter]: #\:\ fun:[email protected]
Note that the # sign will be interpreted as a comment character if it is the first non white-space character on the line.
When the SNMP interface index changes, you can key that interface by its 'Physical Address', sometimes called a 'hard address', which is the SNMP variable 'ifPhysAddress'. Internally, MRTG matches the Physical Address from the *.cfg file to its current index, and then uses that index for the rest of the session.
You can use the Physical Address in every type of target definition by adding the Physical Address after the OID and the separation char '!' (analogous to the IP address option). The Physical address is specified as '-' delimited octets, such as "0a-0-f1-5-23-18" (omit the double quotes). Note that some routers use the same Hardware Ethernet Address for all of their Interfaces which prevents unique interface identification. Mrtg will notice such problems and alert you.
You can tell cfgmaker to generate configuration files with hardware ethernet address references by using the option --ifref=eth.
Example:
Target[myrouter]: !0a-0b-0c-0d:[email protected] Target[ezci]: -!0-f-bb-05-71-22:[email protected] Target[myrouter]: 1.3.6.1.2.1.2.2.1.14!0a-00-10-23-44-51& *BREAK* 1.3.6.1.2.1.2.2.1.14!0a-00-10-23-44-51:public@myrouter Target[myrouter]: ifInErrors!0a-00-10-23-44-51& *BREAK* ifOutErrors!0a-00-10-23-44-51:public@myrouter
Join the lines at *BREAK* ...
It seems that there are devices that try to defy all monitoring efforts: the interesting interfaces have neither ifName nor a constant ifDescr not to mention a persistent ifIndex. The only way to get a constant mapping is by looking at the interface type, because the interface you are interested in is unique in the device you are looking at ...
You can tell cfgmaker to generate such references with the option --ifref=type.
Example:
Target[myrouter]: %13:[email protected] Target[ezci]: -%13:[email protected] Target[myrouter]: ifInErrors%13&ifOutErrors%14:public@myrouter
There are OIDs that contain the interface index at some inner position within the OID. To use the above mentioned Interface by IP/Description/Name/Type methods in the target definition the keyword 'IndexPOS' can be used to indicate the position of ifIndex. If 'IndexPOS' is not used the ifIndex will be appended at the end of the OID.
Example:
Target[myrouter]: OID.IndexPOS.1/1.2.3.4&OID.IndexPOS.1/1.2.3.4:public@myrouter
Replace OID by your numeric OID.
In all places where ``community@router'' is accepted, you can add additional parameters for the SNMP communication using colon-separated suffixes. You can also append a pipe symbol ( | ) and the name of a numeric conversion subroutine as described under the global keyword "ConversionCode" above. The full syntax is as follows:
community@router[:[port][:[timeout][:[retries][:[backoff][:[version]][|name]]]]]
where the meaning of each parameter is as follows:
the UDP port under which to contact the SNMP agent (default: 161)
The complete syntax of the port parameter is
remote_port[!local_address[!local_port]]
Some machines have additional security features that only allow SNMP queries to come from certain IP addresses. If the host doing the query has multiple interface, it may be necessary to specify the interface the query should come from.
The port parameter allows the specification of the port of the machine being queried. In addition, the IP address (or hostname) and port of the machine doing the query may be specified.
Examples:
somehost somehost:161 somehost:161!192.168.2.4!4000 use 192.168.2.4 and port 4000 as source somehost:!192.168.2.4 use 192.168.2.4 as source somehost:!!4000 use port 4000 as source
initial timeout for SNMP queries, in seconds (default: 2.0)
number of times a timed-out request will be retried (default: 5)
factor by which the timeout is multiplied on every retry (default: 1.0).
for SNMP version. If you have a fast router you might want to put a '2' here. For authenticated or encrypted SNMP, you can try to put a '3' here. This will make mrtg try to poll the 64 bit counters and thus prevent excessive counter wrapping. Not all routers support this though. SNMP v3 requires additional setup, see SnmpOptions[] for full details.
Example:
3:public@router1:::::2
the name of the subroutine that MRTG will call to convert the input and output values to integers. See the complete example under the global keyword "ConversionCode" above.
Example:
1.3.6.1.4.1.999.1&1.3.6.1.4.1.999.2:public@mydevice:161::::2|Length2Int
This would retrieve values from the OID 1.3.6.1.4.1.999.1 for input and .2 for output on mydevice using UDP port 161 and SNMP version 2, and would execute the user-defined numeric conversion subroutine Length2Int to convert those values to integers.
A value that equals the default value can be omitted. Trailing colons can be omitted, too. The pipe symbol followed by the name parameter, if present, must come at the end. There must be no spaces around the colons or pipe symbol.
Example:
Target[ezci]: 1:[email protected]:9161::4
This would refer to the input/output octet counters for the interface with ifIndex 1 on ezci-ether.domain, as known by the SNMP agent listening on UDP port 9161. The standard initial timeout (2.0 seconds) is used, but the number of retries is set to four. The backoff value is the default.
If IPv6 is enabled you may also specify a target using its IPv6 address. To avoid ambiguity with the port number, numeric IPv6 addresses must be placed in square brackets.
Example:
Target[IPv6test]: 2:public@[2001:760:4::]:6161::4
If you want to monitor something which does not provide data via snmp you can use some external program to do the data gathering.
The external command must return 4 lines of output:
current state of the first variable, normally 'incoming bytes count'
current state of the second variable, normally 'outgoing bytes count'
string (in any human readable format), telling the uptime of the target.
string, telling the name of the target.
Depending on the type of data your script returns you might want to use the 'gauge' or 'absolute' arguments for the Options keyword.
Example:
Target[myrouter]: `/usr/local/bin/df2mrtg /dev/dsk/c0t2d0s0`
Note the use of the backticks (`), not apostrophes (') around the command.
If you want to use a backtick in the command name this can be done but you must escape it with a backslash ...
If your script does not have any data to return but does not want mrtg to complain about invalid data, it can return 'UNKNOWN' instead of a number. Note though that only rrdtool is realy equipped to handle unknown data well.
You can also combine several target definitions in a mathematical expression. Any syntactically correct expression that the Perl interpreter can evaluate to will work. An expression could be used, for example, to aggregate both B channels in an ISDN connection or to calculate the percentage hard disk utilization of a server from the absolute used space and total capacity.
Examples:
Target[myrouter]: 2:public@wellfleetA + 1:public@wellfleetA Target[myrouter]: .1.3.6.1.4.1.999.1&.1.3.6.1.4.1.999.2:public@mydevice / .1.3.6.1.4.1.999.3&.1.3.6.1.4.1.999.4:public@mydevice * 100
Note that whitespace must surround each target definition in the expression. Target definitions themselves must not contain whitespace, except in interface descriptions and interface names, where each whitespace character is escaped by a backslash.
MRTG automatically rounds the result of the expression to an integer unless RRDTool logging is in use and the gauge option is in effect for the target. Internally MRTG uses Perl's Math::BigFloat package to calculate the result of the expression with 40 digits of precision. Even in extreme cases, where, for example, you take the difference of two 64-bit integers, the result of the expression should be accurate.
MRTG is designed to economize on its SNMP requests. Where a target definition appears more than once in the configuration file, MRTG requests the data from the device only once per round of data collection and uses the collected data for each instance of a particular target. Recognition of two target definitions as being identical is based on a simple string match rather than any kind of deeper semantic analysis.
Example:
Target[Targ1]: 1:public@CiscoA Target[Targ2]: 2:public@CiscoA Target[Targ3]: 1:public@CiscoA + 2:public@CiscoA Target[Targ4]: 1:public@CISCOA
This results in a total of three SNMP requests. Data for 1:public@CiscoA and 2:public@CiscoA are requested only once each, and used for Targ1, Targ2, and Targ3. Targ4 causes another SNMP request for 1:public@CISCOA, which is not recognized as being identical to 1:public@CiscoA.
The maximum value either of the two variables monitored are allowed to reach. For monitoring router traffic this is normally the bytes per second this interface port can carry.
If a number higher than MaxBytes is returned, it is ignored. Also read the section on AbsMax for further info. The MaxBytes value is also used in calculating the Y range for unscaled graphs (see the section on Unscaled).
Since most links are rated in bits per second, you need to divide their maximum bandwidth (in bits) by eight (8) in order to get bytes per second. This is very important to make your unscaled graphs display realistic information. T1 = 193000, 56K = 7000, 10 MB Ethernet = 1250000, 100 MB Ethernet = 12500000. The MaxBytes value will be used by mrtg to decide whether it got a valid response from the router.
If you need two different MaxBytes values for the two monitored variables, you can use MaxBytes1 and MaxBytes2 instead of MaxBytes.
Example:
MaxBytes[myrouter]: 1250000
Title for the HTML page which gets generated for the graph.
Example:
Title[myrouter]: Traffic Analysis for Our Nice Company
Things to add to the top of the generated HTML page. Note that you can have several lines of text as long as the first column is empty.
Note that the continuation lines will all end up on the same line in the html page. If you want linebreaks in the generated html use the '\n' sequence.
Example:
PageTop[myrouter]: <H1>Traffic Analysis for ETZ C95.1</H1> Our Campus Backbone runs over an FDDI line\n with a maximum transfer rate of 12.5 megabytes per Second.
In cases where you calculate the used bandwidth from several interfaces you normaly don't get the router uptime and router name displayed on the web page.
If these interfaces are on the same router and the uptime and name should be displayed you have to specify its community and address again with the RouterUptime keyword.
If you want to use a special OID for queriing the router uptime, use prepend the oid.
Example:
Target[kacisco.comp.edu]: 1:[email protected] + 2:[email protected] RouterUptime[kacisco.comp.edu]: [email protected] RouterUptime[kacisco.comp.edu]: hrSystemUptime.0:[email protected]
If the default name of the router is incorrect/uninformative, you can use RouterName to specify a different OID on either the same or a different host.
A practical example: sysName on BayTech DS72 units always display "ds72", no matter what you set the Unit ID to be. Instead, the Unit ID is stored at 1.3.6.1.4.1.4779.1.1.3.0, so we can have MRTG display this instead of sysName.
Example:
RouterName[kacisco.comp.edu]: 1.3.6.1.4.1.4779.1.1.3.0
A different OID on a different host can also be specified:
RouterName[kacisco.comp.edu]: 1.3.6.1.4.1.4779.1.1.3.0:[email protected]
Same as MaxBytes, for variable 1.
Same as MaxBytes, for variable 2.
Many IPv6 routers do not currently support SNMP over IPv6 and must be monitored using IPv4. The IPv4Only option forces mrtg to use IPv4 when communicating with the target, even if IPv6 is enabled. This is useful if the target is a hostname with both IPv4 and IPv6 addresses; without the IPv4Only keyword, monitoring such a router will not work if IPv6 is enabled.
If set to no (the default), mrtg will use IPv6 unless the target has no IPv6 addresses, in which case it will use IPv4. If set to yes, mrtg will only use IPv4.
Note that if this option is set to yes and the target does not have an IPv4 address, communication with the target will fail.
This option has no effect if IPv6 is not enabled.
Example:
Target[v4onlyrouter_1]: 1:public@v4onlyrouter IPv4Only[v4onlyrouter_1]: Yes
SNMPv3 requires a fairly rich set of options. This per-target keyword allows access to the User Security Model of SNMPv3. Options are listed in the same syntax as a perl hash.
SNMPv3 has three security modes, defined on the device being polled. For example, on Cisco routers the security mode is defined by the snmp-server group global configuration command.
Neither Authentication nor Privacy is defined. Only the Username option is specified for this mode.
Example:
SnmpOptions[myrouter]: username=>'user1'
Uses a Username and a password. The password can be hashed using the snmpkey application, or passed in plain text along with the ContextEngineID
Example:
SnmpOptions[myrouter]: username=>'user1',authpassword=>'example', contextengineid=>'80000001110000004000000'
Both Authentication and Privacy is defined. The default privacy protocol is des.
Example: SnmpOptions[myrouter]: authkey=>'0x1e93ab5a396e2af234c8920e61cfe2028072c0e2', authprotocol=>'sha',privprotocol=>'des',username=>'user1', privkey=>'0x498d74940c5872ed387201d74b9b25e2'
The following option keywords are recognized:
The user associated with the User Security Model
An SNMP agent can define multiple contexts. This keyword allows them to be polled.
A unique 24-byte string identifying the snmp-agent.
The plaintext password for a user in either AuthNoPriv or Priv mode.
A md5 or sha hash of the plain-text password, along with the engineid. Use the snmpkey commandline program to generate this hash, or use Net::SNMP::Security::USM in a script.
The hashing algorithm defined on the SNMP client. Defaults to md5.
A plaintext pre-shared key for encrypting snmp packets in Priv mode.
A hash of the plain-text pre-shared key, along with the engineid. Use the snmpkey commandline program to generate this hash, or use Net::SNMP::Security::USM in a script.
Specifies the encryption method defined on the snmp agent. The default is des.
Things to add to the bottom of the generated HTML page. Note that you can have several lines of text as long as the first column is empty.
Note that the continuation lines will all end up on the same line in the html page. If you want linebreaks in the generated html use the '\n' sequence.
The material will be added just before the </BODY> tag:
Example:
PageFoot[myrouter]: Contact <A HREF="mailto:[email protected]">Peter</A> if you have questions regarding this page
Use this tag like the PageTop header, but its contents will be added between </TITLE> and </HEAD>.
Example:
AddHead[myrouter]: <link rev="made" href="mailto:[email protected]">
BodyTag lets you supply your very own <body ...> tag for the generated webpages.
Example:
BodyTag[myrouter]: <BODY LEFTMARGIN="1" TOPMARGIN="1" BACKGROUND="/stats/images/bg.neo2.gif">
If you are monitoring a link which can handle more traffic than the MaxBytes value. Eg, a line which uses compression or some frame relay link, you can use the AbsMax keyword to give the absolute maximum value ever to be reached. We need to know this in order to sort out unrealistic values returned by the routers. If you do not set AbsMax, rateup will ignore values higher than MaxBytes.
Example:
AbsMax[myrouter]: 2500000
By default each graph is scaled vertically to make the actual data visible even when it is much lower than MaxBytes. With the Unscaled variable you can suppress this. It's argument is a string, containing one letter for each graph you don't want to be scaled: d=day w=week m=month y=year. There is also a special case to unset the variable completely: n=none. This could be useful in the event you need to override a global configuration. In the example scaling for the yearly and the monthly graph are suppressed.
Example:
Unscaled[myrouter]: ym
By default the graphs only contain the average values of the monitored variables - normally the transfer rates for incoming and outgoing traffic. The following option instructs mrtg to display the peak 5 minute values in the [w]eekly, [m]onthly and [y]early graph. In the example we define the monthly and the yearly graph to contain peak as well as average values.
Examples:
WithPeak[myrouter]: ym
By default mrtg produces 4 graphs. With this option you can suppress the generation of selected graphs. The option value syntax is analogous to the above two options. In this example we suppress the yearly graph as it is quite empty in the beginning.
Example:
Suppress[myrouter]: y
By default, mrtg creates .html files. Use this option to tell mrtg to use a different extension. For example you could set the extension to php3, then you will be able to enclose PHP tags into the output (useful for getting a router name out of a database).
Example:
Extension[myrouter]: phtml
By default, mrtg puts all the files that it generates for each target (the GIFs, the HTML page, the log file, etc.) in WorkDir.
If the Directory option is specified, the files are instead put into a directory under WorkDir or Log-, Image- and HtmlDir). (For example the Directory option below would cause all the files for a target myrouter to be put into directory /usr/tardis/pub/www/stats/mrtg/myrouter/ .)
The directory must already exist; mrtg will not create it.
Example:
WorkDir: /usr/tardis/pub/www/stats/mrtg Directory[myrouter]: myrouter
NOTE: the Directory option must always be 'relative' or bad things will happen.
If the Directory option is specified, the Clonedirectory option will copy all the contents of Directory to the Clonedirectory.
Example:
WorkDir: /usr/tardis/pub/www/stats/mrtg Directory[myrouter]: myrouter Clonedirectory[myrouter]: myclonedirectory
Optionally the target name can be changed in the cloning process.
Example:
WorkDir: /usr/tardis/pub/www/stats/mrtg Directory[myrouter]: myrouter Clonedirectory[myrouter]: myclonedirectory mynewtarget
NOTE1: The clone directory must already exist; mrtg will not create it.
NOTE2: The Clonedirectory option must also always be 'relative' or bad things will happen.
NOTE3: This requires the File::Copy module
By default mrtgs graphs are 100 by 400 pixels wide (plus some more for the labels. In the example we get almost square graphs ...
Note: XSize must be between 20 and 600; YSize must be larger than 20
Example:
XSize[myrouter]: 300 YSize[myrouter]: 300
If you want your graphs to have larger pixels, you can "Zoom" them.
Example:
XZoom[myrouter]: 2.0 YZoom[myrouter]: 2.0
If you want your graphs to be actually scaled use XScale and YScale. (Beware: while this works, the results look ugly (to be frank) so if someone wants to fix this: patches are welcome.
Example:
XScale[myrouter]: 1.5 YScale[myrouter]: 1.5
If you want to show more than 4 lines per graph, use YTics. If you want to scale the value used for the YLegend of these tics, use YTicsFactor. The default value for YTics is 4 and the default value for YTicsFactor is 1.0 .
Example:
Suppose you get values ranging from 0 to 700. You want to plot 7 lines and want to show 0, 1, 2, 3, 4, 5, 6, 7 instead of 0, 100, 200, 300, 400, 500, 600, 700. You should write then:
YTics[myrouter]: 7 YTicsFactor[myrouter]: 0.01
If you want to multiply all numbers shown below the graph with a constant factor, use this directive to define it ..
Example:
Factor[as400]: 4096
Change the default step from 5 * 60 seconds to something else (I have not tested this much ...)
Example:
Step[myrouter]: 60
When using rateup for graph generation, this will print the given title in the graph it generates.
Example:
PNGTitle[myrouter]: WAN Link UK-US
The Options Keyword allows you to set some boolean switches:
The graph grows to the left by default. This option flips the direction of growth causing the current time to be at the right edge of the graph and the history values to the left of it.
All the monitored variable values are multiplied by 8 (i.e. shown in bits instead of bytes) ... looks much more impressive :-) It also affects the 'factory default' labeling and units for the given target.
All the monitored variable values are multiplied by 60 (i.e. shown in units per minute instead of units per second) in case of small values more accurate graphs are displayed. It also affects the 'factory default' labeling and units for the given target.
All the monitored variable values are multiplied by 3600 (i.e. shown in units per hour instead of units per second) in case of small values more accurate graphs are displayed. It also affects the 'factory default' labeling and units for the given target.
Suppress the information about uptime and device name in the generated webpage.
Don't print usage percentages.
Make the background of the generated gifs transparent.
Print summary lines below graph as integers without commas.
The relative percentage of IN-traffic to OUT-traffic is calculated and displayed in the graph as an additional line. Note: Only a fixed scale is available (from 0 to 100%). Therefore if IN-traffic is greater than OUT-traffic then 100% is displayed. If you suspect that your IN-traffic is not always less than or equal to your OUT-traffic you are urged to not use this options. Note: If you use this option in combination with the Colours options, a fifth colour-name colour-value pair is required there.
There are some ISPs who use the average Peak values to bill their customers. Using this option MRTG displays these values for each graph. The value is built by averaging the max 5 minute traffic average for each 'step' shown in the graph. For the Weekly graph this means that it builds the average of all 2 hour intervals 5 minute peak values. (Confused? Thought so!)
Treat the values gathered from target as 'current status' measurements and not as ever incrementing counters. This would be useful to monitor things like disk space, processor load, temperature, and the like ...
In the absence of 'gauge' or 'absolute' options, MRTG treats variables as a counters and calculates the difference between the current and the previous value and divides that by the elapsed time between the last two readings to get the value to be plotted.
This is for counter type data sources which reset their value when they are read. This means that rateup does not have to build the difference between the current and the last value read from the data source. The value obtained is still divided by the elapsed time between the current and the last reading, which makes it different from the 'gauge' option. Useful for external data gatherers.
If you are using rrdtool as logger/grapher you can use a third type of data source. Derive is like counter, except that it is not required to go UP all the time. It is useful for situations where the change of some value should be graphed.
Log unknown data as zero instead of the default behaviour of repeating the last value seen. Be careful with this, often a flat line in the graph is much more obvious than a line at 0.
Normally we ignore all values which are zero when calculating the average transfer rate on a line. If this is not desirable use this option.
If you are using rateup to log data, MRTG will create the graph images. Normally these images have a shaded border around them. If you do not want the border to be drawn, enable this option. This option has no effect if you are not using rateup.
As with the option above, this effects rateup graph generation only. Normally rateup will generate graphs with a small arrow showing the direction of the data. If you do not want this arrow to be drawn, enable this option. This option has no effect if you are not using rateup.
When using rateup for graph generation, you can use this option to stop rateup drawing a graph for the 'I' or first variable. This also removes entries for this variable in the HTML page MRTG generates, and will remove the peaks for this variable if they are enabled. This allows you to hide this data, or can be very useful if you are only graphing one line of data rather than two. This option is not destructive - any data received for the the variable continued to be logged, it just isn't shown.
Same as above, except relating to the 'O' or second variable.
When using rateup for graph generation, this option disables MRTG adding the MRTG banner to the HTML pages it generates.
When using rateup for graph generation, this option will stop MRTG from creating a legend at the bottom of the HTML pages it generates.
When using rateup for graph generation, this option will print the router name in the graph it generates. This option is overridden by the value of PNGTitle if one is given
When using rateup for graph generation, this option will print a timestamp in the graph it generates, including a timezone if one is specified by the 'Timezone' parameter.
The logscale option causes rateup to display the data with the Y axis scaled logarithmically. Doing so allows the normal traffic to occupy the majority of the vertical range, while still showing any spikes at their full height.
logscale displays all the available data and will always produce well-behaved graphs. People often consider a logarithmically scaled graph counterintuitive, however, and thus hard to interpret.
The expscale option causes rateup to display the data with the Y axis scaled exponentially. Doing so emphasizes small changes at the top of the scale; this can be useful when graphing values that fluctuate by a small amount near the top of the scale, such as line voltage.
expscale is essentially the inverse of logscale.
The secondmean option sets the maximum value on the graph to the mean of the data greater than the mean of all data. This produces a graph that focuses more on the typical data, while clipping large peaks.
Using secondmean will give a more intutive linearly scaled graph, but can result in a uselessly high or low scale in some rare situations (specifically, when the data includes a large portion of values far from the actual mean)
If a target includes both logscale and secondmean in the options, the secondmean takes precedence.
Example:
Options[myrouter]: growright, bits
Use this option to change the multiplier value for building prefixes. Defaultvalue is 1000. This tag is for the special case that 1kB = 1024B, 1MB = 1024kB and so far.
Example:
kilo[myrouter]: 1024
Change the default multiplier prefixes (,k,M,G,T,P). In the tag ShortLegend define only the basic units. Format: Comma separated list of prefixed. Two consecutive commas or a comma at start or end of the line gives no prefix on this item. If you do not want prefixes, just put two consecutive commas. If you want to skip a magnitude select '-' as value.
Example: velocity in nm/s (nanometers per second) displayed in nm/h.
ShortLegend[myrouter]: m/h kMG[myrouter]: n,u,m,,k,M,G,T,P options[myrouter]: perhour
The Colours tag allows you to override the default colour scheme. Note: All 4 of the required colours must be specified here. The colour name ('Colourx' below) is the legend name displayed, while the RGB value is the real colour used for the display, both on the graph and in the html doc.
Format is: Col1#RRGGBB,Col2#RRGGBB,Col3#RRGGBB,Col4#RRGGBB
Important: If you use the dorelpercent options tag a fifth colour name colour value pair is required: Col1#RRGGBB,Col2#RRGGBB,Col3#RRGGBB,Col4#RRGGBB,Col5#RRGGBB
First variable (normally Input) on default graph.
Second variable (normally Output) on default graph.
Max first variable (input).
Max second variable (output).
2 digit hex values for Red, Green and Blue.
Example:
Colours[myrouter]: GREEN#00eb0c,BLUE#1000ff,DARK GREEN#006600,VIOLET#ff00ff
With the Background tag you can configure the background colour of the generated HTML page.
Example:
Background[myrouter]: #a0a0a0a
The following keywords allow you to override the text displayed for the various legends of the graph and in the HTML document:
The Y-axis label of the graph. Note that a text which is too long to fit in the graph will be silently ignored.
The units string (default 'b/s') used for Max, Average and Current
The strings for the colour legend.
Example:
YLegend[myrouter]: Bits per Second ShortLegend[myrouter]: b/s Legend1[myrouter]: Incoming Traffic in Bits per Second Legend2[myrouter]: Outgoing Traffic in Bits per Second Legend3[myrouter]: Maximal 5 Minute Incoming Traffic Legend4[myrouter]: Maximal 5 Minute Outgoing Traffic LegendI[myrouter]: In: LegendO[myrouter]: Out:
Note, if LegendI or LegendO are set to an empty string with
LegendO[myrouter]:
The corresponding line below the graph will not be printed at all.
If you live in an international world, you might want to generate the graphs in different timezones. This is set in the TZ variable. Under certain operating systems like Solaris, this will provoke the localtime call to give the time in the selected timezone.
Example:
Timezone[myrouter]: Japan
The Timezone is the standard timezone of your system, ie Japan, Hongkong, GMT, GMT+1 etc etc.
By default, mrtg (actually rateup) uses the strftime(3) '%V' option to format week numbers in the monthly graphs. The exact semantics of this format option vary between systems. If you find that the week numbers are wrong, and your system's strftime(3) routine supports it, you can try another format option. The POSIX '%V' option correspond to the widely used ISO 8601 week numbering standard. The week format character should be specified as a single letter; either W, V, or U.
The UNIX version of rateup uses the libc implementation of strftime. On Windows, the native strftime implementation does not know about %V. So there we use a different implementation of strftime that does support %V.
Example:
Weekformat[myrouter]: W
This affects the creation of new rrd files. By default rrds are created to hold about 1 day's worth of high resolution data. (plus 1 week of 30 minute data, 2 months of 2 hour data and 2 years of 1 day data). With this Keyword you can change the number of base interval entries configured for new rrds as they get created. Note that you must take the interval time into account.
Example:
RRDRowCount[myrouter]: 1600
As per RRDRowCount, but for the RRA's -typically- used for 30 minute data. Even so, you must still take the base interval into account. Leaving out this keyword will force the old default of 800 rows.
Example:
RRDRowCount30m[myrouter]: 800
As per RRDRowCount, but for the RRA's -typically- used for 2 hour data. Even so, you must still take the base interval into account. Leaving out this keyword will force the old default of 800 rows.
Example:
RRDRowCount2h[myrouter]: 400
As per RRDRowCount, but for the RRA's -typically- used for 1 day data. Even so, you must still take the base interval into account. Leaving out this keyword will force the old default of 800 rows.
Example:
RRDRowCount1d[myrouter]: 200
Normally the RRDs created by MRTG will just contain the information gathered directly from the respective target. With this option you can tap into rrdtools advanced aberrant behaviour detection module based on Holt-Winters forecasting. The RRDHWRRAs property specifies the Holt-Winters RRAs as described in the rrdcreate manual page.
Note, this setting will only affect newly created RRDs (targets).
Example:
RRDHWRRAs[myrouter]: RRA:HWPREDICT:1440:0.1:0.0035:288
This defines placement of the timestamp string on the image. Possible values are RU, LU, RL, LL (which stand, respectively, for RightUpper, LeftUpper, RightLower and LeftLower corner) and NO (for no timestamp). By default, no timestamp is placed on the image.
Example:
TimeStrPos[myrouter]: RU
Using this keyword you may specify format of the timestamp to be placed on the image (if enabled by the TimeStrPos keyword). Specified string will be used by the strftime() function - see strftime(3) documentation for conversion specifiers available on your system. Default format: %Y-%m-%d %H:%M
Example:
TimeStrFmt[myrouter]: %H:%M:%S
Through its threshold checking functionality mrtg is able to detect threshold problems for the various targets and can call external scripts to handle those problems (e.g. send email or a page to an administrator).
Threshold checking is configured through the following parameters:
By defining ThreshDir to point to a writable directory, MRTG will only alert you when a threshold boundery has been crossed.
Example:
ThreshDir: /var/mrtg/thresh
If a threshold is broken, and you have a threshdir defined, then mrtg will send mail once the threshold becomes 'unborken' to avoid situations where broken and un-broken messages get sent in close succession, we only send an unbroken message once the curent value is 0.1 (10%) away from the threshold. using the ThreshHyst config variable you can customize this value.
Example for 5%:
ThreshHyst: 0.05
Adderss of an SMTP server which is going to accept mail about Thresholds being broken and unbroken.
Email address for Threshold related Mails. This will only work if a mailserver has been configured.
Example:
ThreshMailAddress[_]: [email protected] ThreshMailAddress[router]:
This would bring threshold releaed mail to all but the target called 'router'.
This is the minimum acceptable value for the Input (first) parameter. If the parameter falls below this value, the program specified in ThreshProgI will be run and a mail will be sent to the ThreshMailAddress if specified. If the value ends in '%' then the threshold is defined relative to MaxBytes.
Works the same as TheshMinI but it acts when the value is higher than ThreshMaxI.
Its value will be assigned to the environment variable THRESH_DESC before any of the programs mentioned below are called. The programs can use the value of this variable to produce more user-friendly output.
This defines a program to be run if ThreshMinI or ThreshMaxI is broken. MRTG passes 3 arguments: the $router variable, the threshold value broken, and the current parameter value.
This defines a program to be run if the parameter is currently OK (based on ThreshMinI and ThreshMaxI), but wasn't OK on the previous running -- based on the files found in ThreshDir. MRTG passes 3 arguments: the $router variable the unbroken threshold value, and the current parameter value.
These work the same as their *I counterparts, except on the Output (second) parameter.
When calling threshold scripts from within your cfg file you might want to pass some data on to the script. This can be done with the SetEnv configuration option which takes a series of environment variable assignments. Note that the quotes are mandatory. This does not work for external scripts. It is not possible to set environment variables per target.
Example:
SetEnv[myrouter]: EMAIL="[email protected]" HOST="www.some_server.net"
When using rrd based logging with HW RRAs defined. You can use the confidence bounds violations stored in the FAILURES RRA for threshold based alerts.
There the all target specific threshold variables have a Hold-Winters counterpart:
ThreshMailAddress -> HWThreshMailAddress ThreshMinI -> HWThreshMinI ...
The global variables for threshold checking are shared except for the
ThreshHyst -> HWThreshHyst
And HWThreshDesc sets the HWTHRESH_DESC variable.
To save yourself some typing you can define a target called '^'. The text of every Keyword you define for this target will be PREPENDED to the corresponding Keyword of all the targets defined below this line. The same goes for a Target called '$' but its text will be APPENDED.
Note that a space is inserted between the prepended text and the Keyword value, as well as between the Keyword value and the appended text. This works well for text-valued Keywords, but is not very useful for other Keywords. See the "default" target description below.
The example will make mrtg use a common header and a common contact person in all the pages generated from targets defined later in this file.
Example:
PageTop[^]: <H1>NoWhere Unis Traffic Stats</H1><HR> PageTop[$]: Contact Peter Norton if you have any questions<HR>
To remove the prepend/append value, specify an empty value, e.g.:
PageTop[^]: PageTop[$]:
With PREPEND and APPEND (see below) there is normally a space inserted between the local value and the PRE- or APPEND value. Sometimes this is not desirable. You can use the global option NoSpaceChar to define a character which can be mentioned at the end of a $ or ^ definition in order to supress the space.
Example:
NoSpaceChar: ~ Target[^]: 1.3.6.1.4.1.482.50.2.4.20.0&1.3.6.1.4.1.482.50.2.4.21.0:get@~ Target[a]: a.tolna.net Target[b]: b.tolna.net Target[c]: c.tolna.net Target[d]: d.tolna.net
The target name '_' specifies a default value for that Keyword. In the absence of explicit Keyword value, the prepended and the appended keyword value, the default value will be used.
Example:
YSize[_]: 150 Options[_]: growright,bits,nopercent WithPeak[_]: ymw Suppress[_]: y MaxBytes[_]: 1250000
To remove the default value and return to the 'factory default', specify an empty value, e.g.:
YLegend[_]:
There can be several instances of setting the default/prepend/append values in the configuration file. The later setting replaces the previous one for the rest of the configuration file. The default/prepend/append values used for a given keyword/target pair are the ones that were in effect at the point in the configuration file where the target was mentioned for the first time.
Example:
MaxBytes[_]: 1250000 Target[myrouter.somplace.edu.2]: 2:[email protected] MaxBytes[_]: 8000 Title[myrouter.somplace.edu.2]: Traffic Analysis for myrouter.somplace.edu IF 2
The default MaxBytes for the target myrouter.someplace.edu.2 in the above example will be 1250000, which was in effect where the target name myrouter.someplace.edu.2 first appeared in the config file.
Run as the given user and/or group. (Unix Only)
Use an alternate lock-file (the default is to use the configuration-file appended with _l
).
Use an alternate confcache-file (the default is to use the configuration-file appended with .ok
)
If this is set to writable filename, all output from mrtg (warnings, debug messages, errors) will go to filename. If you are running on Win32 you can specify eventlog instead of a filename which will send all error to the windows event log.
NOTE: Note, there is no Message DLL for mrtg included with mrtg. This has the side effect that the windows event logger will display a nice message with every entry in the event log, complaing about the fact that mrtg has no message dll. If you go to the mrtg contrib download area (on the website) you will find the mrtg-message-dll.zip which does contain such a thing.
Put MRTG into the background, running as a daemon. This works the same way as the config file option, but the switch is required for proper FHS operation (because /var/run is writable only by root)
Configure all mrtg paths to conform to the FHS specification; http://www.pathname.com/fhs/
Only check the cfg file for errors. Do not do anything.
Define the name and path of the pid file for mrtg running as a daemon
Enable debug options. The argument of the debug option is a comma separated list of debug values:
cfg - watch the config file reading dir - directory mangeling base - basic program flow tarp - target parser snpo - snmp polling coca - confcache operations fork - forking view time - some timing info log - logging of data via rateup or rrdtool eval - print eval strings before evaluting them prof - add hires timing info the rrd calls
Example:
--debug="cfg,snpo"
An exit code of 0 indicates that all targets were successful. Generally speaking, most codes greater than 0 indicate that there was an unrecoverable problem. One exception to this is code 91, which indicates that at least one of the targets was successful. A partial listing of the codes follows:
0: All targets sucessful 2: Config error (can't read, fatal error in config, etc) 17: Another MRTG process is processing config 91: At least one target sucessful 92: No targets were sucessful
WorkDir: /usr/tardis/pub/www/stats/mrtg Target[r1]: 2:[email protected] MaxBytes[r1]: 8000 Title[r1]: Traffic Analysis ISDN PageTop[r1]: <H1>Stats for our ISDN Line</H1>
WorkDir: /usr/tardis/pub/www/stats/mrtg Title[^]: Traffic Analysis for PageTop[^]: <H1>Stats for PageTop[$]: Contact The Chief if you notice anybody<HR> MaxBytes[_]: 8000 Options[_]: growright Title[isdn]: our ISDN Line PageTop[isdn]: our ISDN Line</H1> Target[isdn]: 2:[email protected] Title[backb]: our Campus Backbone PageTop[backb]: our Campus Backbone</H1> Target[backb]: 1:[email protected] MaxBytes[backb]: 1250000 # the following line removes the default prepend value # defined above Title[^]: Title[isdn2]: Traffic for the Backup ISDN Line PageTop[isdn2]: our ISDN Line</H1> Target[isdn2]: 3:[email protected]
cfgmaker [options] [community@]router [[options] [community@]router ...]
--ifref=nr interface references by Interface Number (default) --ifref=ip ... by Ip Address --ifref=eth ... by Ethernet Number --ifref=descr ... by Interface Description --ifref=name ... by Interface Name --ifref=type ... by Interface Type You may also use multiple options separated by commas, in which case the first available one is used: e.g. --ifref=ip,name,nr --ifdesc=nr interface description uses Interface Number (default) --ifdesc=ip ... uses Ip Address --ifdesc=eth ... uses Ethernet Number --ifdesc=descr ... uses Interface Description --ifdesc=name ... uses Interface Name --ifdesc=catname ... uses CatOS Interface Name --ifdesc=ppname ... uses Passport Port Name --ifdesc=alias ... uses Interface Alias --ifdesc=type ... uses Interface Type You may also use multiple options separated by commas, in which case the first available one is used: e.g. --ifdesc=catname,ppname,descr,alias,ip,name,nr --if-filter=f Test every interface against filter f to decide wether or not to include that interface into the collection. Currently f is being evaluated as a Perl expression and it's truth value is used to reject or accept the interface. (Experimental, under development, might change) --if-template=templatefile Replace the normal target entries for the interfaces with an entry as specified by the contents in the file templatefile. The file is supposed to contain Perl code to be executed to generate the lines for the target in the configuration file. (Experimental, under development, might change) --host-template=templatefile In addition to creating targets for a host's interfaces do also create targets for the host itself as specified by the contents in the file templatefile. The file is supposed to contain Perl code to be executed to generate the lines for the host related targets (such as CPU, ping response time measurements etc.) in the config- uration file. (Experimental, under development, might change) --global "x: a" add global config entries --no-down do not look at admin or opr status of interfaces --show-op-down show interfaces which are operatively down --zero-speed=spd use this speed in bits-per-second as the interface speed for all interfaces that return a speed of 0 via ifSpeed/ifHighSpeed. 100Mbps = 100000000 --subdirs=format give each router its own subdirectory, naming each per "format", in which HOSTNAME and SNMPNAME will be replaced by the values of those items -- for instance, --subdirs=HOSTNAME or --subdirs="HOSTNAME (SNMPNAME)" --noreversedns do not reverse lookup ip numbers --community=cmty Set the default community string to "cmty" instead of "public". --enable-ipv6 Enable IPv6 support, if the required libraries are present. Numeric IPv6 addresses must be enclosed in square brackets, e.g. public@[2001:760:4::1]:161 --use-16bit Use 16bit SNMP request IDs to query all routers. --snmp-options=:[<port>][:[<tmout>][:[<retr>][:[<backoff>][:<ver>]]]] Specify default SNMP options to be appended to all routers following. Individual fields can be empty. Routers following might override some or all of the options given to --snmp-options. --dns-domain=domain Specifies a domain to append to the name of all routers following. --nointerfaces Don't do generate any configuration lines for interfaces, skip the step of gathering interface information and don't run any interface template code. --interfaces Generate configuration lines for interfaces (this is the default). The main purpose of this option is to negate an --nointerfaces appearing earlier on the command line. --help brief help message --man full documentation --version print the version of cfgmaker --output=file output filename default is STDOUT
Cfgmaker creates MRTG configuration files based on information pulled from a router or another SNMP manageable device.
[community@]router
Community is the community name of the device you want to create a configuration for. If not specified, it defaults to 'public'; you might want to try this first if you do not know the community name of a device. If you are using the wrong community name you will get no response from the device.
Router is the DNS name or the IP number of an SNMP-managable device. Following the name you can specify 6 further options separated by colons. The full syntax looks like this:
router[:[prt][:[tmout][:[retr][:[backoff][:vers]]]]]
Of special interest may be the last parameter, vers. If you set this to '2' then your device will be queried with SNMP version 2 requests. This allows to poll the 64 bit traffic counters in the device and will thus work much better with fast interfaces (no more counter overrun). Note that the order in which the routers are specified on the command line do matter as the same order is used when the configuration file is generated. The first specified router has it's configuration lines genrated first, followed by the lines belonging to the next router and so on.
Note that the first line of the generated cfg file will contain all the commandline options you used for generating it. This is to allow for the easy 'regeneration' in case you want to add newhosts or make some other global change.
Except for the --output and --global options, all options affect only the routers following them on the command line. If an option specified earlier on the command line reappears later on the command line with another value, the new value overrides the old value as far as remaining routers are concerned. This way options might be tailored for groups of routers or for individual routers.
See --output and --global for how their behaviour is affected by where or how many times they appear on the command line.
See the Examples below on how to set an option differently for multiple routers.
Print a brief help message and exit.
Prints the manual page and exits.
Print the version of cfgmaker. This should match the version of MRTG for which config files are being created.
Select the interface identification method. Default is nr which identifies the router interfaces by their number. Unfortunately the interface numbering scheme in an SNMP tree can change. Some routers change their numbering when new interfaces are added, others change thier numbering every full moon just for fun.
To work around this sad problem MRTG can identify interfaces by 4 other properties. None of these works for all interfaces, but you should be able to find one which does fine for you. Note that especially ethernet addrsses can be problematic as some routers have the same ethernet address on most of their interface cards.
Select ip to identify the interface by its IP number. Use eth to use the ethernet address for identification. Use descr to use the Interface description. Or use name to use the Interface name.
You can specify multiple properties if you wish, separated by commas. In this case, cfgmaker will use the first item in the list which can provide unique identification. This allows you to specify, for example, to use IP address and to use ifName if this is not defined: --ifref ip,name
If your chosen method does not allow unique interface identification on the device you are querying, cfgmaker will tell you about it.
Select what to use as the description of the interface. The description appears in the Title[]
property for the target as well as the text header in the HTML code defined in the target's PageTop[]
. Default is to use nr which is just the interface number which isn't always useful to the viewer of the graphs.
There are 6 other properties which could be used. Use ip if you want to use the interface's IP-address. Use eth if you want to use the interface's ethernet address. If you want a better description, you can use either descr, name or alias. Exactly what each of these do varies between different equipment so you might need to experiment. For instance, for a serial interface on a Cisco router running IOS using name might result in "S0"
being the interface description , descr might result in "Serial0"
and alias might result in "Link to HQ"
(provided that is what is used as the interface's description
in the router's configuration).
Finally, if you want to describe the interface by it's Btype (i.e "ethernetCSMA"
, "propPointtoPoint"
etc) you can use type.
You can specify multiple properties if you wish, separated by commas. In this case, cfgmaker will use the first item in the list which is available for this interface. This allows you to specify, for example, to use any of the different aliases in order of preference.
First of all, this is under some developement and is experimental.
Use this if you want to have better control over what interfaces gets included into the configuration. The filter-expression is evaluated as a piece of Perl code and is expected to return a truth value. If true, include the interface and if false, exclude the interface.
For a further discussion on how these filters work, see the section Details on Filters below.
First of all, this is under some development and is experimental.
Use this if you want to control what the line for each target should look like in the configuration file. The contents of the file template-file will be evaluated as a Perl program which generates the lines using certain variables for input and output.
For a further discussion on how these templates work, see the section Details on Temaplates below.
First of all, this is under some development and is experimental.
Use this if you want to have some extra targets related to the host itself such as CPU utilization, ping response time to the host, number of busy modems etc. The contents of the file template-file will be evaluated once per host as a Perl program which generates the lines using certain variables for input and output.
For a further discussion on how these templates work, see the section Details on Templates below.
Use this to set the community for the routers following on the command line to community-string. Individual routers might overrride this community string by using the syntax community@router.
This option enables IPv6 support. It requires the appropriate perl modules; if they are not found then IPv6 is disabled (see the ipv6 documentation).
cfgmaker will use IPv6 or IPv4 depending on the target. If the target is a numeric address, the protocol depends on the type of address. If the target is a hostname, cfgmaker will try to resolve the name first to an IPv6 address then to an IPv4 address.
IPv6 numeric addresses must be specified between square braces.
For example:
cfgmaker --enable-ipv6 [2001:760:4::1]:165:::2
If the target has both an IPv6 address and an IPv4 address with the same hostname, cfgmaker first queries the target using IPv6 and falls back to IPv4 if it fails. This is useful for targets which don't support SNMP over IPv6.
This option forces the use of 16bit SNMP request IDs. Some broken SNMP agents do not accept 32bit request IDs. Try to avoid this option as much as possible, complain to your agent vendor instead.
Use this to set the default SNMP options for all routers following on the command line. Individual values might be omitted as well as trailing colons. Note that routers might override individual (or all) values specified by --snmp-options by using the syntax
router[:[port][:[timeout][:[retries][:[backoff][:version]]]]]
Use this to add global options to the generated config file. You can call --global several times to add multiple options. The line will appear in the configuration just before the config for the next router appearing on the command line.
--global "workdir: /home/mrtg"
If you want some default Options you might want to put
--global "options[_]: growright,bits"
Specifying --global after the last router on the command line will create a line in the configuration file which will appear after all the routers.
Do not try to reverse lookup IP numbers ... a must for DNS free environments.
Normally cfgmaker will not include interfaces which are marked anything but administratively and operationally UP. With this switch you get them all.
Include interfaces which are operatively down.
Assign this speed in bits-per-second to all interfaces which return 0 for ifSpeed and ifHighSpeed. Some switches, notably Foundry equipment, return a speed of zero for some interfaces. For example, to have all interfaces reporting zero set to 100Mbps, use --zero-speed=100000000.
Give each router its own subdirectory for the HTML and graphics (or .rrd) files. The directory name is the given format string with a couple of pattern replacements. The string "HOSTNAME" will be replaced by the hostname of the router (however you specified it on the cfgmaker commandline -- it may be an actual hostname or just an IP address), and "SNMPNAME" will be replaced with the device's idea of its own name (the same name that appears on the right side of the "Title" lines). For instance, a call like:
cfgmaker --subdirs=HOSTNAME__SNMPNAME [email protected]
would result in the generation of lines looking something like:
Directory[10.10.0.18_1]: 10.10.0.18__fp2200-bothrip-1.3
Write the output from cfgmaker into the file file. The default is to use STDOUT
. --output is expected to appear only once on the command line. If used multiple times, the file specified by the last --output will be used.
Don't generate configuration lines for interfaces.
This makes cfgmaker skip all steps related to interfaces which means it will not do any polling of the router to retrieve interface information which speeds up the execution of cfgmaker and it will neither run any interface templates.
This makes cfgmaker generate configuration lines for interfaces (the default behaviour).
The main usage of this option is to negate an --nointerfaces appearing earlier on the command line.
Cfgmaker supports SNMP V3 using the Net:SNMP perl module. There are optional parameters affecting SNMP operation.
The --enablesnmpv3 option is an optional flag to check for the presence of the Net::SNMP libraries. Cfgmaker will try to determine whether this flag is required and will set the values automatically.
A SNMP context is a collection of management information accessible by a SNMP entity. An item of management information may exist in more than one context and a SNMP entity potentially has access to many contexts. The combination of a contextEngineID and a contextName unambiguously identifies a context within an administrative domain. In a SNMPv3 message, the contextEngineID and contextName are included as part of the scopedPDU. All methods that generate a SNMP message optionally take a --contextengineid and --contextname argument to configure these fields.
The --contextengineid argument expects a hexadecimal string representing the desired contextEngineID. The string must be 10 to 64 characters (5 to 32 octets) long and can be prefixed with an optional "0x". Once the --contextengineid is specified it stays with the object until it is changed again or reset to default by passing in the undefined value. By default, the contextEngineID is set to match the authoritativeEngineID of the authoritative SNMP engine.
The contextName is passed as a string which must be 0 to 32 octets in length using the --contextname argument. The contextName stays with the object until it is changed. The contextName defaults to an empty string which represents the "default" context.
The User-based Security Model (USM) used by SNMPv3 requires that a securityName be specified using the --username argument. The creation of a Net::SNMP object with the version set to SNMPv3 will fail if the --username argument is not present. The --username argument expects a string 1 to 32 octets in length.
Different levels of security are allowed by the User-based Security Model which address authentication and privacy concerns. A SNMPv3 target will derive the security level (securityLevel) based on which of the following arguments are specified.
By default a securityLevel of 'noAuthNoPriv' is assumed. If the --authkey or --authpassword arguments are specified, the securityLevel becomes 'authNoPriv'. The --authpassword argument expects a string which is at least 1 octet in length. Optionally, the --authkey argument can be used so that a plain text password does not have to be specified in a script. The --authkey argument expects a hexadecimal string produced by localizing the password with the authoritativeEngineID for the specific destination device. The snmpkey
utility included with the Net::SNMP distribution can be used to create the hexadecimal string (see snmpkey).
Two different hash algorithms are defined by SNMPv3 which can be used by the Security Model for authentication. These algorithms are HMAC-MD5-96 "MD5" (RFC 1321) and HMAC-SHA-96 "SHA-1" (NIST FIPS PUB 180-1). The default algorithm used by the module is HMAC-MD5-96. This behavior can be changed by using the --authprotocol argument. This argument expects either the string 'md5' or 'sha' to be passed to modify the hash algorithm.
By specifying the arguments --privkey or --privpassword the securityLevel associated with the object becomes 'authPriv'. According to SNMPv3, privacy requires the use of authentication. Therefore, if either of these two arguments are present and the --authkey or --authpassword arguments are missing, the creation of the object fails. The --privkey and --privpassword arguments expect the same input as the --authkey and --authpassword arguments respectively.
The User-based Security Model described in RFC 3414 defines a single encryption protocol to be used for privacy. This protocol, CBC-DES "DES" (NIST FIPS PUB 46-1), is used by default or if the string 'des' is passed to the --privprotocol argument. By working with the Extended Security Options Consortium http://www.snmp.com/eso/, the module also supports additional protocols which have been defined in draft specifications. The draft http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt defines the support of CBC-3DES-EDE "Triple-DES" (NIST FIPS 46-3) in the User-based Security Model. This protocol can be selected using the --privprotocol argument with the string '3desede'. The draft http://www.snmp.com/eso/draft-blumenthal-aes-usm-04.txt describes the use of CFB128-AES-128/192/256 "AES" (NIST FIPS PUB 197) in the USM. The three AES encryption protocols, differentiated by their key sizes, can be selected by passing 'aescfb128', 'aescfb192', or 'aescfb256' to the -privprotocol argument.
The purpose of the filters is to decide which interfaces to accept and which interfaces to reject. This decision is done for each interface by evaluating the filter expression as a piece of Perl code and investigating the result of the evaluation. If true, accept the interface otherwise reject it.
When working with filters, remember that Perl has it's own idea of what truth and false is. The empty string "" and the string "0" are false, all other strings are true. This further imples that any integer value of 0 is false as well as any undef value. It also implies that all references are considered true.
As the filter is evaluated as a Perl expression, several useful constructs in Perl are worth mentioning:
Expressions might be grouped by using parentheses "()". Expressions might be combined using boolean operators such as the following:
Boolean "and" of the two expressions, is only true if both expressions are true. Example: expression1 and expression2
Boolean "or" of the two expressions, is true if either or both expressions are true. Example: expression1 or expression2
Boolean negation of a single expression. Example: not expression . Yet another example: !expression
(For more details on this I recommend a book on Perl)
To facilitate, there are a number of predefined values available to use in the filter. Note that these variables are also available when templates interfaces are evaluated (but not host templates).
Caveat: All these variables' names begin with a dollar sign ($), which is a syntactic requirement for scalar variables in Perl. The danger here is that the dollar sign in many shells is an active character (often used for shell variables exactly as in Perl variables) so it is important to ensure that the Perl expression isn't evaluated by the command line shell as shell code before being passed to cfgmaker as command line arguments. In shells like Bourne shell, ksh shell or bash shell, placing the entire expression within single qoutes will avoid such accidental evaluation:
'--if-filter=($default_iftype && $if_admin)'
This is an integer specifying the interface type as per the SNMP standards and as reported by the polled device. A complete list of interface types would be impractical for this document , but there are a number predefined varables below. Normally, cfgmaker puts in the target's PageTop this iftype value within paranthesis after the name of the interface type. (e.g "propPointToPointSerial (22)").
Here's a list of some of the most common interface types by number:
6 ethernetCsmacd 7 iso88023Csmacd 9 iso88025TokenRing 15 fddi 19 E1 20 basicISDN 21 primaryISDN 22 propPointToPointSerial 23 ppp 24 softwareLoopback 30 ds3 32 frame-relay 33 rs232 37 atm 39 sonet 44 frameRelayService 46 hssi 49 aal5 53 propVirtual 62 Fast Ethernet (100BaseT) 63 ISDN & X.25 69 Full Duplex Fast Ethernet (100BaseFX) 94 Asymetric Digital Subscriber Loop (ADSL) 117 Gigabit Ethernet 134 ATM Sub Interface
True if and only if cfgmaker normally should accepted the interface based on the interfaces administrative and operational state (taking the flags --no-down and --show-op-down into account) and it's type (and a few other things).
True if and only if cfgmaker would have accepted the interface based on it's operational and administrative states (also taking into account the presence of the flags --no-down and --show-op-down).
True if and only if cfgmaker would have accepted the interface based on it's type (and a few type specific details in addition).
True if and only if the interface is in an adminstrative up state.
True if and only if the interface is in an operational up state.
A number of variables are also predefined to easily decide if an interface belong to a certain cathegory or not. Below is all those variables listed together with which if_type numbers each variable will be true for. Note that some variables refer to other variables as well.
True for ethernet interfaces (nr 6, 7, 26, 62, 69 and 117).
True for various ISDN interface types (nr 20, 21, 63, 75, 76 and 77)
True for dial-up interfaces such as PPP as well as ISDN. (nr 23, 81, 82 and 108 in addition to the numbers of $if_is_isdn).
True for miscellaneous ATM related interface types (nr 37, 49, 107, 105, 106, 114 and 134).
True for WAN interfaces point to point, Frame Relay and High Speed Serial ( 22,32,44,46)
True for LAN interfaces (8, 9, 11, 15, 26, 55, 59, 60 and 115 in addition to the numbers of $if_is_ethernet).
True for ADSL, RDSL, HDSL and SDSL (nr 94, 95, 96, 97)
True for software loopback interfaces (nr 24)
True for Cisco VLAN interfaces (interfaces with the word Vlan or VLAN in their ifdescs)
Returns the vlan id associated with a specific port on Cisco Catalyst switches under both Catalyst OS and IOS, and 3Com switches. If it is not a vlan interface, will return undef.
Returns the trunking state of a specific port on Cisco Catalyst switches under both Catalyst OS and IOS. Returns "1" if the interface is a trunk, undef otherwise.
Returns the Maximum Transfer Unit associated with a specific port.
Besides that, you can also use the variables defined for templates below. Further, all the variables available in cfgmaker is at the scripts disposal even if the use of such features is discouraged. More "shortcuts" in the form of variables and functions will be made available in the future instead.
The following filter will not affect which interfaces get's included or excluded, it will make cfgmaker behave as normally.
'--if-filter=$default'
The following filter will make cfgmaker exclude PPP (23) interfaces:
'--if-filter=$default && $if_type!=23'
The following filter will make cfgmaker behave as usual except that it will consider the operational state of an interface irrelevant but still reject all interfaces which are administratively down.
'--if-filter=$if_admin && $default_iftype'
The contents of the template files are evaluated as a Perl program. A number or Perl variables are available for the program to read and others are used to be written to.
As quite a few of the predefined variables has values which are are supposed to be used in HTML code some of them have an "HTML-escaped" variant, e.g $html_syslocation is the HTML escaped variant of $syslocation. The HTML escaping means that the chars "<", ">" and "&" are replaced by "<", ">" and "&" and that newlines embedded in the string are prepended with "<BR>" and appended with a space character (if a newline is last in the string it is not touched).
These are the variables available to store the configuration lines in. Some of them are initialized prior to the evaluation of the template but such content normally is comments for inclusion in the final configuration file so those variables might be reset to the empty string in the template code to eliminate the comments. The other way around is also possible, the contents of these variables might be extended with further information for various reasons such as debugging etc.
Once the template has been evaluated, the following happens: if the template is a interface template and the actual interface for some reason is rejected and thus needs to be commented out, all the lines in the variable $target_lines are turned into comments by adding a hash mark ("#") at their beginning. Then all the variables $head_lines, $problem_lines , $target_lines and $separator_lines are concatenated together to form the lines to add to the configuration file.
This variable is the placeholder for the configuration lines created by the template. $target_lines is predefined to be empty when the template code is evaluated.
This variable is intended to be the placeholder for the comment line appearing just before the target in the configuration file. It is initialized with that comment line before the evaluation of the template code and if the template doesn't modify $head_lines during evaluation, the comment will look like usual in the config file.
This variable is intended to be the placholder for the comment lines describing any problems which might have been encountered when trying to add the target into the configuration. For host templates it's normally not used and for those it's predefined as the empty string. For interface templates $problem_lines is predefined with the error description comments which cfgmaker normally would use for rejected interfaces or as the empty string for accepted interfaces.
It is possible to test against $problem_lines to find out if an interface will be included or rejected but this is not recommended. Test against $if_ok instead.
This variable is the placeholder for the string to use as the separator between the code for individual targets. The contents of this variable is put after each target (so the lines will appear after the end of the last target in the config as well).
All the variables below are available for interface templates to use. For host templates, only those listed under Host and System Variables are available.
For interface templates the variables listed under Predefined Filter Variables are also available.
This is the fully qualified name for the router. It is affected by the following items on the command line: the router name itself and --dns-domain.
This is the reference string for the router being polled. It is on the form community@router possibly followed by some snmp options. It is affected by the following items on the command line: the router name itself, --community, --snmp-options and --dns-domain. (There's no HTML escaped variant available)
This variable should contain the directory name as cfgmaker normally would use as the value for the "Directory[]" directive. The value is determined by the --subdirs command line option. If --subdirs isn't specified $directory_name will be the empty string. (There's no HTML escaped variant available)
This variable is the router's SNMP sysContact value. (HTML escaped variant: $html_syscontact)
This variable is the router's SNMP sysName value. (No HTML escaped variant available)
This variable is the router's SNMP sysLocation value. (HTML escaped variant: $html_syslocation)
This variable is the router's SNMP sysDescr value. It is normally not used by cfgmaker but might be useful in a template. (HTML escaped variant: $html_sysdescr)
This is what cfgmaker normally would use as the the name of the target. The target name is what is found within the square brackets, "[]", for target directives. (There's no HTML escaped variant available)
This the reference string for the interface. It is expected to be used in the "Target[xyz]" directive to distinguish what interface to use. The value of this variable is affected by the --ifref command line option. It is normally used together with $router_connect. (There's no HTML escaped variant available)
This variable is true if the interface is going to be included into the configuration file, otherwise false. Don't test against other variables such as $problem_lines to find out if an interface will be rejected or not, use this $if_ok instead.
This variable contains all the target lines which cfgmaker by default outputs for this interface. It's useful if you want to have the "standard target" but want to add some extra lines to it by using a template.
By default cfgmaker uses the following directives for each target it generates: Target[], SetEnv[], MaxBytes[], Title[], PageTop[] and if there is any directory specified also the Directory[] directive.
To facilitate the creation of templates which generates target configs which are similar to the default one, each of the above mentioned directive lines have a corresponding variable containing the line as cfgmaker would have output it by default.
Note that none of these have a HTML escaped variant, text in them is HTML escaped where needed. Also note that they do not have any newline at the end.
This variable contains the default string for the Target[] directive line.
This variable contains the default string for the SetEnv[] directive line.
This variable contains the default string for the Directory[] directive line which means it is an empty string (with no newline) if there's no directory.
This variable contains the default string for the MaxBytes[] directive line.
This variable contains the default string for the Title[] directive line.
This variable contains the default string for the PageTop[] directive lines.
This variable should contain the IP-address of the interface, if any has been assigned to it. (There's no HTML escaped variant available)
This variable is the SNMP ifIndex for the interface which per definition always is an integer. (There's no HTML escaped variant available)
Equivalent with $ifindex.
Contains the ethernet address of the interface, if any. (There's no HTML escaped variant available)
This variable is the speed in bytes/second (with prefixes). (There's no HTML escaped variant available)
This variable is a cooked speed description which is either in bits or bytes depending on wether or not the bits option is active and also with the proper prefix for the speed (k, M, G etc). (No HTML escaped variant available)
This variable is a textual description of the interface type. (HTML escaped variant: $html_if_type_desc)
This variable the integer value corresponding to the interface type (for a listing for the value for the more common interface types, see the section DETAILS ON FILTERS above). (No HTML escaped variant available)
This is the DNS name for the interface. (No HTML escaped variant available)
It might seem confusing with both Name, Description and Alias in this context and to some extent it is. Name and Description are usually supported on most equipment but how they are used varies, both between manufacturers as well as between different cathegories of equipment from the same manufacturer. The Alias is at least supported by Cisco IOS, and that variable contains whatever is used in the IOS statement called "description" for the interface (not to be confused with the SNMP variables for Description).
For better control from the command line consider $if_title_desc which contents are controlled by the --if-descr command line option.
This variable should contain the "raw" description of the interface as determined by the SNMP polling of the router. (HTML escaped variant: $html_if_snmp_descr)
The "raw" name for the interface as provided by SNMP polling. (HTML escaped variant: $html_if_snmp_name)
The "raw" ifAlias for the interface as provided by SNMP polling. (HTML escaped variant: $html_if_snmp_alias)
The "raw" CiscolocIfDescr for the interface as provided by SNMP polling. (HTML escaped variant: $html_if_cisco_descr)
This is the "cooked" description string for the interface, taking into account the SNMP values found for the interface's RDescr, ifAlias and CiscolocIfDescr. (HTML escaped variant: $html_if_description)
The full string cfgmaker by default would have used for the Title[] directive in the configuration as well as the content of the topmost H1 tag in the PageTop[]. Is composed by the contents of $desc_prefix, $if_title_desc and $sysname.
As $if_title depends on $if_title_desc, it is possible to indirectly control $if_title by using the command line option --if-descr.
(HTML escaped variant: $html_if_title)
If the host is a Cisco Catalyst LAN switch, this variable is the name of that port. (No HTML escaped variant available)
If the host is a Nortel Passport LAN switch, this variable is the name of that port. (No HTML escaped variant available)
This variable is a prefix of the description of what the target is to use in the "Title[]" directive and in the H1 section of the "PageTop[]". Default is "Traffic analysis for ". (HTML escaped variant: $html_desc_prefix)
This is the description of the interface normally used by cfgmaker as part of the variable $if_title. The latter is used as the full string in the "Title[]" directove and the H1 section in the PageTop[].
$if_title_desc is controlled by the command line option --if-descr which indirectly controls the contents of $if_title
(HTML escaped variant: $html_if_title_desc)
The following functions exists to facilitate the writing of host and interface templates.
html_escape() takes a string as an argument and returns a new string where the following substitutions has been done: the chars "<", ">" and "&" are replaced by "<", ">" and "&" and that newlines embedded in the string are prepended with "<BR>" and appended with a space character (newlines at the end of the string are not touched).
This function will try to poll each of the oids specified until it is successful or has run out of oids. It will return the name of the first oid that worked or undef if it is not successful
This template file generates exactly the same configuration code per interface as cfgmaker does by default, with the exception that it eliminates all lines (comments as well as config code) for an interface if the interface happens to be rejected.
if(not $problem_lines) { $target_lines .= <<ECHO; Target[$target_name]: $if_ref:$router_connect SetEnv[$target_name]: MRTG_INT_IP="$if_ip" MRTG_INT_DESCR="$if_snmp_descr" ECHO if ($directory_name) { $target_lines .= "Directory[$target_name]: $directory_name\n"; } $target_lines .= <<ECHO; MaxBytes[$target_name]: $if_speed Title[$target_name]: $html_desc_prefix$html_if_title_desc -- $sysname PageTop[$target_name]: <h1>$html_desc_prefix$html_if_title_desc -- $sysname</h1> <div id="sysdetails"> <table> <tr> <td>System:</td> <td>$sysname in $html_syslocation</td> </tr> <tr> <td>Maintainer:</td> <td>$html_syscontact</td> </tr> <tr> <td>Description:</td> <td>$html_if_description</td> </tr> <tr> <td>ifType:</td> <td>$html_if_type_desc ($if_type_num)</td> </tr> <tr> <td>ifName:</td> <td>$html_if_snmp_name</td> </tr> ECHO $target_lines .= <<ECHO if defined $if_port_name; <tr> <td>Port Name:</td> <td>$if_port_name</td> </tr> ECHO $target_lines .= <<ECHO if defined $if_pp_port_name; <tr> <td>Port Name:</td> <td>$if_pp_port_name</td> </tr> ECHO $target_lines .= <<ECHO; <tr> <td>Max Speed:</td> <td>$if_speed_str</td> </tr> ECHO $target_lines .= <<ECHO if $if_ip; <tr> <td>Ip:</td> <td>$if_ip ($if_dns_name)</td> </tr> ECHO $target_lines .= <<ECHO; </table> </div> ECHO } else { $head_lines=""; $problem_lines=""; $target_lines=""; $separator_lines=""; }
Example 1 was partly intended to demonstrate how to customize the generation of interface targets but also to provide a hint of how the variables are used in the "default" template which one could consider that cfgmaker normally uses.
If you're only intrested in the easiest way of entirely eliminating those reject interfaces, the template below would do the job as well by using $default_target_lines.
if($if_ok) { $target_lines = $default_target_lines; } else { $head_lines=""; $problem_lines=""; $target_lines=""; $separator_lines=""; }
Below is an example of a host template.
$head_lines .= <<ECHO; #--------------------------------------------------------------------- ECHO my $target_name = $router_name . ".cpu"; $target_lines .= <<ECHO; YLegend[$target_name]: Percentage CPU load ShortLegend[$target_name]: % Legend1[$target_name]: CPU load in % Legend2[$target_name]: Legend3[$target_name]: Max Observed CPU load Legend4[$target_name]: LegendI[$target_name]: CPU Load: LegendO[$target_name]: WithPeak[$target_name]: ywm MaxBytes[$target_name]: 100 Options[$target_name]: growright, gauge, nopercent Title[$target_name]: $router_name CPU load Target[$target_name]: 1.3.6.1.4.1.9.2.1.58.0&1.3.6.1.4.1.9.2.1.58.0:$router_connect PageTop[$target_name]: <h1>$router_name CPU load</h1> <div> <table> <tr> <td>System:</td> <td>$router_name in $html_syslocation</td> </tr> <tr> <td>Maintainer:</td> <td>$html_syscontact</td> </tr> <tr> <td>Description:</td> <td>$html_sysdescr</td> </tr> <tr> <td>Resource:</td> <td>CPU.</td> </tr> </table> </div> ECHO
The first example creates a config file for router.place.xyz: the router has the community name public. Interfaces get identified by their IP number. Two global options get added to the config file. The config file gets redirected to mrtg.conf. The '\' signs at the end of the line mean that this command should be written on a single line.
cfgmaker --global "WorkDir: /home/tobi" \ --global "Options[_]: growright,bits" \ --ifref=ip \ [email protected] > mrtg.cfg
Note: if cfgmaker is not in your path, but you are in the directory where cfgmaker is stored, you can start it with ./cfgmaker
The next example creates a config file for four devices: router1.place.xyz, router2.place.xyz, switch1.place.xyz and switch2.place.xyz all with the community public.
The two routers will have --ifref set to descr whilst the two switches will use --ifref set to name. Further the routers will use --ifdesc set to alias and switch1.place.xyz will use --ifdesc set to descr whilst switch2.place.xyz use name instead.
Finally, there will be two Options lines inserted in the configuration: One will be in the beginning, whilst the other will be inserted after the lines related to the two routers but before those lines related to the switches.
cfgmaker --global "WorkDir: /home/tobi" \ --global "Options[_]: growright,bits" \ --ifref=descr \ --ifdesc=alias \ [email protected] \ [email protected] \ --global "Options[_]: growright" \ --ifref=name \ --ifdesc=descr \ [email protected] \ --ifdesc=name \ [email protected] > mrtg.cfg
The next example demonstrates how to use the --community, --snmp-options and --dns-domain to make the command line simpler. All the equipment will use the community hidden, except for the ppp-server which use community access. All equipment uses these SNMP options: 1s timeout, 1 retry and SNMP version 2 (backoff and port is unspecified which means they use the default values). The exception again is the ppp-server which uses SNMP version 1. Finally, all the equipment is part of the domain place.xyz, except for the ppp-server which is part of the domain remote.place.xyz. Note that the latter is achieved simply by specifying the name of the ppp-server to be ppp-server.remote .
cfgmaker --global "WorkDir: /home/tobi" \ --global "Options[_]: growright,bits" \ --dns-domain=place.xyz \ --community=hidden \ --snmp-options=::1:1::2 \ router1 \ router2 \ router3 \ router4 \ router5 \ switch1 \ switch2 \ switch3 \ switch4 \ switch5 \ switch6 \ switch7 \ [email protected]:::::1 > mrtg.cfg
mrtg-reference
indexmaker [options] mrtg.cfg [other.cfg ...]
--output=filename set output filename (default: stdout) --filter title=~regexp select targets by matching regexp against titles --filter pagetop=~regexp select targets by matching regexp against pagetop --filter name=~regexp select targets by matchin regexp against name --addhead=text insert this text between </TITLE> and </HEAD> --title=text set title of generated index file --subtitle=text add a subtitle to the generated index file --bodyopt=text set body tag options --headlevel=number use <Hnumber> at top of page (default: 1) --pagetop=text insert this text between <BODY> and <H1>...</H1> --pageend=text insert this text after the main body --pagetopend=text use this text for pagetop or pageend if undefined --nolegend do not add the Mrtg legend at the end of the page --columns=number show graphs in a table with x columns (default: 2) --perhost show graphs of the same host on a row --compact try to make a vertically more compact page --optlog log the used command line in the page (default: log) --sort=title sort graphs by title --sort=name sort graphs by their name --sort=descr sort graphs by their description --sort=original leave as is (default) --enumerate add a sequence number to the title of each graph --picfirst place pictures before text (default: text first) --width=number set width of graphs (default: not set) --height=number --sidebyside place text / pictures side by side (default: above/below) --bold use bold text (default: bold) --clicktext make the text link to the inner page (like the image) --show=day pick which graph to show in the index (default) --show=week --show=month --show=year --show=none --section=h1 h1 tag from pagetop as section heading (default) --section=title title as section headings for graphs --section=name graph name as section heading --section=descr graph description as section heading --section=portname port name entry in pagetop as section heading --sectionhost Try to prepend the host to the section heading if missing --rrdviewer=path path to rrdviewer (default: /cgi-bin/14all.cgi) --icondir=path path to icondir --prefix=path path from the location of the index.html to the graphs --headeradd=string add string to the html page header --autoprefix try to set prefix automatically --<opt>-file=file read string argument for option <opt> from file
Indexmaker can create web pages which display the status of an array of mrtg interface status pages.
set output filename (default: stdout)
Several filters may get set. Each filter can match agains the contents of a specific section of the mrtg config file. Name refers to the bit in square brackets (option[name]: bla).
Depending on the match operator chosen (=~ or !~) the match will be positive or negative.
Note that some shells consider ! a special character. It may be necessary to type \!~ instead.
Set title of generated index file (default: regexp)
The value of this argument gets appended to the <BODY> tag. This allows to set document colors. By default this option is set to
bgcolor="#ffffff" text="#000000" link="#000000" vlink="#000000" alink="#000000"
Display graphs in a table with number columns (default: 2)
Sort the graphs in the page either by title, by name, by interface description, or leave them as is.
Add a sequence number to the title of each graph
Set width of graphs
Set the height of the graphs
Select which graph to show in the index page. You can supress images completely with --show=none.
Select what to use as the title for each graph in the page. h1 is the H1 section from pagetop, title is the graph title, name is the bit in square brackets (option[name]: bla), and descr or description is the text from the Description field of the PageTop (the Cisco description text if it's available, otherwise just the interface description). portname is the Port Name:
from pagetop.
Extract the hostname from the target line (this does not work if the target is a mathematial expression). Prepend the hostname (and a colon) to the section if not already present.
If you have set the LogFormat: rrdtool property in the mrtg.cfg file, the index will take this into account. The only thing you must tell it is the path to your grapher cgi. (default: /cgi-bin/14all.cgi)
By default we assume that the file generated by indexmaker is stored in WorkDir. If you want to store it somewhere else, specify how to reach WorkDir from the place where the Index is stored. Note that you have to use '/' as path separator as this will be used in urls. Speaking of which, you can even enter a whole url.
Requires --output. Try to generate the prefix automatically by comparision of the path to the output file set with --output and the Htmldir set in the configuration files. Particulary useful when multiple configuration files are specified, with different Htmldir settings.
Default is logging in the generated page the command line, suppress with --nooptlog . Useful if the commandline contains a complex --pagetop=string which could confuse simple browsers.
For any someoption which takes a string as parameter you can read the string from a file by adding <-file> to the option keyword. The whole content of the file will be read and used as the string. The file must exist.
If you have written an extension to mrtg or created a bug fix, please consider contributing it to the project. As I get quite a number of contributions every week, here are a few guidelines which explain how to contribute so that I can use the contribution without too much additional work.
MRTG messages have been translated to a number of languages but there are still many which have not been covered yet. If you want to add yours, go into the mrtg-2.16.4/translate directory and follow the instructions given in the README file.
When you have created your modification or extension to mrtg and want to submit it to me, please crate a patch for the files which you have modified. Do not send entire files unless they are new.
To create a patch, get hold of a copy of GNU diff (Many Unix systems will have this installed already. In the NT world you might want to get http://sources.redhat.com/cygwin/ to get all the nice GNU tools available.) and type
diff --unified --ignore-space-change old-file new-file > simple.patch
or if you have modified several files do
diff --recursive --unified --ignore-space-change old-dir/ new-dir/ >long.patch
All documentation of mrtg is done with the perl POD system. If you want to learn about it, type
perldoc perlpod
and read the instructions. If you have bugfixes or additions to the existing documents, make sure you modify the POD files and not the html or txt versions.
I take documentation very seriously. Whenever you create a new feature for mrtg which you want to get included in the official release, your patch must also contain modifications for the relevant pod file in the doc tree or for the documentation sections of cfgmaker and indexmaker.
MRTG seems to raise a lot of questions. There are a number of resources apart from the documentation where you can find help for mrtg.
In the following sections you'll find some additonal Frequently Asked Questions, with Answers.
Nobody has contributed a @#$%.pmd file yet. Go into the mrtg-2.16.4/translate directory and create your own translation file. When you are happy with it send it to me for inclusion with the next mrtg release.
Probably this has already been done. Check the stuff in the mrtg-2.16.4/contrib directory. There is a file called 00INDEX in that directory which tells what you can find in there.
There are many resources on the net that explain SNMP. Take a look at this article from the Linux Journal by David Guerrero
http://www.david-guerrero.com/papers/snmp/
And at this rather long document from CISCO.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm
Remove the *-{week,day,month,year}.png files and start MRTG again. Using MRTG for the first time, you might have to do this twice. This will also help when you introduce new routers into the cfg file.
Ask the person in charge of your Router or try 'public', as this is the default Community Name.
Well, the short answer is that when an SNMP query goes out and a response doesn't come back, MRTG has to assume something to put in the graph, and by default it assumes that the last answer we got back is probably closer to the truth than zero. This assumption is not perfect (as you have noticed). It's a trade-off that happens to fail during a total outage.
If this is an unacceptable trade-off, use the unknaszero option.
You may want to know what you're trading off, so in the spirit of trade-offs, here's the long answer:
The problem is that MRTG doesn't know *why* the data didn't come back, all it knows is that it didn't come back. It has to do something, and it assumes it's a stray lost packet rather than an outage.
Why don't we always assume the circuit is down and use zero, which will (we think) be more nearly right? Well, it turns out that you may be taking advantage of MRTG's "assume last" behaviour without being aware of it.
MRTG uses SNMP (Simple Network Management Protocol) to collect data, and SNMP uses UDP (User Datagram Protocol) to ship packets around. UDP is connectionless (not guaranteed) unlike TCP where packets are tracked and acknowledged and, if needed, retransmitted. UDP just throws packets at the network and hopes they arrive. Sometimes they don't.
One likely cause of lost SNMP data is congestion; another is busy routers. Other possibilities include transient telecommunications problems, router buffer overflows (which may or may not be congestion-related), "dirty lines" (links with high error rates), and acts of God. These things happen all the time; we just don't notice because many interactive services are TCP-based and the lost packets get retransmitted automatically.
In the above cases where some SNMP packets are lost but traffic is flowing, assuming zero is the wrong thing to do - you end up with a graph that looks like it's missing teeth whenever the link fills up. MRTG interpolates the lost data to produce a smoother graph which is more accurate in cases of intermittent packet loss. But with V2.8.4 and above, you can use the "unknaszero" option to produce whichever graph is best under the conditions typical for your network.
MRTG and cfgmaker support SNMP over IPv6. IPv6 targets can be specified by hostname or IPv6 address, and if the required libraries are present (see below), queries will use IPv6.
IPv6 is currently disabled by default and must be explicitly enabled. In MRTG this is done by turning on the EnableIPv6 global option in the configuration file. In cfgmaker, it is enabled with the --enable-ipv6 command-line option.
If IPv6 is disabled, MRTG and cfgmaker should behave in exactly the same way as previous versions. So the addition of IPv6 support should have no effect on existing MRTG setups unless IPv6 is enabled.
IPv6 support requires the Socket6 and INET6 libraries (see below). If MRTG can't find them, IPv6 is disabled.
IPv6 targets may be specified by name or IPv6 address. Numeric IPv6 addresses may be used with both cfgmaker and MRTG, but they must be enclosed in square brackets.
For example, a target could be specified as:
public@[2001:760:4::]:161
Hostnames work as expected: first an IPv6 name lookup is tried, then an IPv4 lookup.
Many targets (this currently includes all Cisco routers) do not yet support SNMP over IPv6 and must be monitored over IPv4. This can cause problems if you specify a target through its DNS name and the name maps to both the IPv6 address and the IPv4 address of the target: MRTG will only try IPv6, and will fail.
To query these targets, use the IPv4Only per-target option, which tells MRTG not to use SNMP over IPv6 for the target.
MRTG does not fall back to IPv4 for performance and correctness reasons. If there are many routers to query, a timeout for every router would make MRTG take too long to query them all. And if, for some reason, IPv6 connectivity to the target is lost, MRTG's error messages can help figure out what is wrong.
cfgmaker does fall back from IPv6 to IPv4. If IPv6 is enabled and cfgmaker is given a hostname that resolves to both an IPv6 and an IPv4 address, it first tries to query the target over IPv6. If it receives no answer, it tries again using IPv4. If the target answers, cfgmaker sets the IPv4Only option in the generated config file.
IPv6 support requires the Socket6 and INET6 Perl modules. Both can be downloaded from CPAN:
http://search.cpan.org/author/UMEMOTO/Socket6/
http://search.cpan.org/author/MONDEJAR/INET6/
If you use Debian, you will need the packages libsocket6-perl and libio-socket-inet6-perl, which are (or should soon be) in unstable.
So far, IPv6 support has been tested on Linux only, and only with Socket6 version 0.12. Also note that IPv6 won't work at all if you don't have INET6.pm version 2.00 or newer.
Building and installing Socket6 and INET6 is very simple. For each module, just unpack the archive and then do:
perl Makefile.PL make
and then:
su make install
If you have installed the libraries successfully, cfgmaker and mrtg should automatically detect them and allow IPv6 support to be enabled.
This document provides a description of the contents of the mrtg-2 logfile.
The logfile consists of two main sections.
It stores the traffic counters from the most recent run of mrtg.
Stores past traffic rate averates and maxima at increassing intervals.
The first number on each line is a unix time stamp. It represents the number of seconds since 1970.
The first line has 3 numbers which are:
A timestamp of when MRTG last ran for this interface. The timestamp is the number of non-skip seconds passed since the standard UNIX "epoch" of midnight on 1st of January 1970 GMT.
The "incoming bytes counter" value.
The "outgoing bytes counter" value.
The second and remaining lines of the file contains 5 numbers which are:
The Unix timestamp for the point in time the data on this line is relevant. Note that the interval between timestamps increases as you progress through the file. At first it is 5 minutes and at the end it is one day between two lines.
This timestamp may be converted in OpenOffice Calc or MS Excel by using the following formula
=(x+y)/86400+DATE(1970;1;1)
(instead of ";" it may be that you have to use "," this depends on the context and your locale settings)
you can also ask perl to help by typing
perl -e 'print scalar localtime(x),"\n"'
x is the unix timestamp and y is the offset in seconds from UTC. (Perl knows y).
The average incoming transfer rate in bytes per second. This is valid for the time between the A value of the current line and the A value of the previous line.
The average outgoing transfer rate in bytes per second since the previous measurement.
The maximum incoming transfer rate in bytes per second for the current interval. This is calculated from all the updates which have occured in the current interval. If the current interval is 1 hour, and updates have occured every 5 minutes, it will be the biggest 5 minute transfer rate seen during the hour.
The maximum outgoing transfer rate in bytes per second for the current interval.
This File Contains a collection of interesting MIB Entries ... mrtg knows about their names ... depending on the ASN.1 Syntax you may have to put gauge into the Options[]: parameter.
For information about how to create a Target[]: parameter which references these MIB entries, please consult mrtg-reference.
Descriptor: ifOperStatus Identifier: 1.3.6.1.2.1.2.2.1.8 ASN.1 Syntax: INTEGER Enumeration: up 1, down 2, testing 3
The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed.
Descriptor: ifAdminStatus Identifier: 1.3.6.1.2.1.2.2.1.7 ASN.1 Syntax: INTEGER Enumeration: up 1, down 2, testing 3
The current administrative state of the interface. The testing(3) state indicates that no operational packets can be passed.
Descriptor: ifInOctets Identifier: 1.3.6.1.2.1.2.2.1.10 ASN.1 Syntax: Counter32
The total number of octets received on the interface, including framing characters.
Descriptor: ifInUcastPkts Identifier: 1.3.6.1.2.1.2.2.1.11 ASN.1 Syntax: Counter32
The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Descriptor: ifInNUcastPkts Identifier: 1.3.6.1.2.1.2.2.1.12 ASN.1 Syntax: Counter32
The number of non-unicast (i.e., subnetwork- broadcast or subnetwork-multicast) packets delivered to a higher-layer protocol.
Descriptor: ifInDiscards Identifier: 1.3.6.1.2.1.2.2.1.13 ASN.1 Syntax: Counter32
The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space.
Descriptor: ifInErrors Identifier: 1.3.6.1.2.1.2.2.1.14 ASN.1 Syntax: Counter32
The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
Descriptor: ifInUnknownProtos Identifier: 1.3.6.1.2.1.2.2.1.15 ASN.1 Syntax: Counter32
The number of packets received via the interface which were discarded because of an unknown or unsupported protocol.
Descriptor: ifOutOctets Identifier: 1.3.6.1.2.1.2.2.1.16 ASN.1 Syntax: Counter32
The total number of octets transmitted out of the interface, including framing characters.
Descriptor: ifOutUcastPkts Identifier: 1.3.6.1.2.1.2.2.1.17 ASN.1 Syntax: Counter32
The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
Descriptor: ifOutNUcastPkts Identifier: 1.3.6.1.2.1.2.2.1.18 ASN.1 Syntax: Counter32
The total number of packets that higher-level protocols requested be transmitted to a non- unicast (i.e., a subnetwork-broadcast or subnetwork-multicast) address, including those that were discarded or not sent.
Descriptor: ifOutDiscards Identifier: 1.3.6.1.2.1.2.2.1.19 ASN.1 Syntax: Counter32
The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space.
Descriptor: ifOutErrors Identifier: 1.3.6.1.2.1.2.2.1.20 ASN.1 Syntax: Counter32
The number of outbound packets that could not be transmitted because of errors.
Descriptor: ifOutQLen Identifier: 1.3.6.1.2.1.2.2.1.21 ASN.1 Syntax: Unsigned32
The length of the output packet queue (in packets).
From: Simon Ferrett <[email protected]>
'frInOctets' => '1.3.6.1.2.1.10.32.2.1.9' 'frOutOctets' => '1.3.6.1.2.1.10.32.2.1.7'
which when used in the form:
frInOctets.pp.dd&frOutOctets.pp.dd:[email protected]
where pp is the physical port that the frame relay pvc is defined on and dd is the DLCI of the pvc gets you the in and out octets for just that pvc.
The return values of ifAdminStatus and ifOperStatus are not very useful for graphing. Use ifOperHack and ifAdminHack instead. They return 1 for UP and 0 otherwise.
Note these are not real MIB entities but mrtg hacks
will return 0 and 1 respectively
Note these are not real MIB entities but mrtg hacks
After using MRTG for some time you may find some limitations, mostly in the areas of performance and graphing flexibility. These are exactly the areas addressed by RRDtool. To learn more about RRDtool check out its website on
http://oss.oetiker.ch/rrdtool
When using mrtg with RRDtool you are replacing rateup with the RRDtool perl module RRDs.pm. To enable RRDtool support in mrtg you have to add the line
LogFormat: rrdtool
to your mrtg config file.
MRTG needs access to both the RRDtool perl module RRDs.pm and to the rrdtool executable.
If these two items are not installed in locations where perl can find them on its own, then you can use the following two parameters to supply the appropriate directories.
For the location of the rrdtool executable you put
PathAdd: /usr/local/rrdtool/bin/
or
PathAdd: c:\rrdtool\bin
For the location of the perl module it would be:
LibAdd: /usr/local/rrdtool/lib/perl/
or
LibAdd: c:\rrdtool\bin\lib\perl
When you have made this modification to the configuration file, several things will happen when you run mrtg again with the new config file:
mrtg will take all your old .log
files and convert them to .rrd
format. (The .log
files don't get touched in the process, so if things don't work out they are still there.)
mrtg will use rrdtool to update its databases. These will have a new format called rrd which is totally different than the native log format of the classic mrtg.
mrtg will not create any webpages of graphs anymore. It will only query the routers for traffic information and update its rrd databases.
The advantage of whole thing is that the mrtg will become much faster. Expect the runtime to drop to 20% of the previous value. (I would like to get some feedback on this from folks with large installations.)
Mind you, though, while the logging process of RRDtool is very fast, you are also gaining some time by neither creating graphs nor updating webpages. The idea behind this is that it is more efficient to create graphs and webpages on demand by using a cgi script.
At the moment there is no official script to do this, but two contributers have created such scripts:
This was the first program to take over the webpage creation and graphing task. It has been developed by Rainer Bawidamann [email protected]. You can find a copy on Rainers website: http://my14all.sourceforge.net/ The program comes with its own documentation
This is another CGI frontend for mrtg running with rrdtool. The main difference between this and 14all is that the web pages it creates are much more stylish than the ones from mrtg, plus they support User Defined summary graphs and different levels of Authentication and Authorisation. This has been written by Steve Shipway ([email protected]). You obtain a copy, and find a forum and demonstration system at http://www.steveshipway.org/software/ The program comes with its own installation instructions and install script.
The mrtg-rrd script is a CGI/FastCGI application by Jan "Yenya" Kasprzak for displaying MRTG graphs from data in the RRDtool format. It is an intended replacement for the 14all.cgi script. It can make your monitoring system faster because MRTG does not have to generate all the PNG files with graphs every 5 minutes or so. Instead of this the graphs are generated on-demand when the user wants to see them. http://www.fi.muni.cz/~kas/mrtg-rrd/
Paul C. Williamson has written a more in-depth page on how the whole process works, including some performance figures. You can find his page on http://www.geocities.com/paulcwilliamson/mrtg/rateup2rrd.html
Just as a side note: MRTG-3 will be based entirely on rrdtool technology. But don't wait for it ... get going now!
If you want people to actually see the results of your network monitoring efforts you will need a webserver.
This document lists some configuration hints for webservers. Contributions welcome.
A big issue with mrtg monitoring data is the expiry time. All these nice graphs you can create are only valid for a short time. If you do not take special action some webbrowsers will not notice this and you may end up with people seeing old data because of caching issues.
The apache module mod_expire allows you to setup special expiry properties for individual file.
Here is an example for how this may look for an mrtg web directory. The configuration directives can be stored into a .htaccess file.
############################################################ # Example .htaccess for use with apache-1.2 and mod_expire. # (mod_expire come with apache-1.2 but you have to explicitly # activate it when compiling the httpd ...) ############################################################# # <Files "*-day.png"> ExpiresActive On # enable expirations # five minutes ExpiresDefault M300 </Files> <Files "*-week.png"> ExpiresActive On ExpiresDefault M1800 </Files> <Files "*-month.png"> ExpiresActive On ExpiresDefault M7200 </Files> <Files "*-year.png"> ExpiresActive On ExpiresDefault M86400 </Files> <Files "*.html"> ExpiresActive On ExpiresDefault M300 </Files> # index.html is not automatically generated <Files "index.html"> ExpiresActive Off </Files>
mrtg-traffic-sum [options...] config-file
--man show man-page and exit -h, --help display this help and exit --version output version information and exit --catch=regexp filter out things that match this in PageTop --email=address email the result --min=gigabytes minimal number of gigabites required for report --range=<when> Specify "current" for month-to-date, "previous" for last complete month --units=[GB|MB] Display results in gigabytes (default is MB)
The mrtg-traffic-sum goes through the mrtg logs for the targets in the the config file specified and builds the traffic total for the last month in Giga Bytes. (Note in communications Giga is 10^9).
The result of this analysis can be sent via email to an address of your choice using the --email option.
With the --catch option you can specify a regular expression which will be matched against the contents of the PageTop settings. The regular expression should return a value into $1 and possibly into $2. This will then be used as description for the appropriate traffic sum. By default the catch is set to:
(?:description|port name):</td>\s*<td>\s*([^< ]*?[^<]*?)\s*</td
By default, all traffic which is over one megabyte gets reported. Use the --min switch to change this number.
Copyright (c) 2002 by Tobias Oetiker. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.