Make Sense of SNMP/MRTG Alphabet Soup
Best of ENP: Using MRTG, you can capture and display the SNMP data on your network. Here's how.
In SNMP for Everybody we got the high-level view of what SNMP is, and a quick introduction on how to use it. Today we're going to learn how to find MIB and OID values, which will be handy when you have to do a bit of manual configuration on various network monitoring applications. We'll also take a quick look at using MTRG (Multi-router Traffic Grapher) with SNMP. MRTG can capture and display any SNMP data, once you figure out how to find the OIDs you need.
Something that can be a bit difficult to understand are OIDs, or Object IDs. These are numerical hierarchies assigned to devices and functions. The OID for the Internet is 22.214.171.124. Where do these numbers come from? They come from MIBs (Management Information Bases). Each MIB contains wads of OIDs. This lovely ASCII illustration shows the main MIBs you need to know about:
ITU-T(0) -- ISO(1) -- Joint-ISO-ITU-T(2)
DOD means Department of Defense, which is where the Internet was born. Another view of this is at the OID repository. This contains all the officially-assigned OIDs in a searchable database, and in nice friendly tree views. Or as friendly as a 77,000-object database can be.
Before you try to make MRTG pick up on SNMP-fu, you need to make a couple of configuration tweaks in /etc/snmp/snmpd.conf. The example file is big and confusing, so shove it out of the way, but not too far because it's a good reference:
root@xena:/etc/snmp# mv snmpd.conf snmpd.conf-old
root@xena:/etc/snmp# chmod 0666 snmpd.conf-old
This makes it world-readable because it's not your real configuration file, so there's no reason to protect it. The very minimum snmpd.conf file you need contains a single line. This changes the SNMP password, which is called the "community string", to something of your choosing:
Make sure this file is accessible only to root, chmod 0700. This permits read-only access to SNMP queries to anyone who knows the password. Then restart the snmp daemon:
# /etc/init.d/snmpd restart
Now try the snmpwalk command to see all the snmp values on your system:
# snmpwalk -v 2c -c myverysekrettpassword localhost
This should spit out a raft of weird-looking stuff:
SNMPv2-MIB::sysName.0 = STRING: xena
SNMPv2-MIB::sysLocation.0 = STRING: office
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (8) 0:00:00.08
This example names the MIBs, such as SNMPv2-MIB, abbreviates the OID as ::sysName.0, and lists their current values. You can find more information on specific MIBs in your /usr/share/snmp/mibs directory; in this case, /usr/share/snmp/mibs/SNMPv2-MIB.txt.
You must specify which SNMP protocol you want to use, which in this example is -v 2c. Your choices are 1, 2c, or 3. We're using Net SNMP, which supports all three. Using protocol 3 requires a bit of extra work, which is detailed here.
-c is required for specifiying the "community string", or password. Take a peek inside your copy of snmpd.conf-old to see all the numerous, bewildering options for slicing-and-dicing snmp permissions. We'll stick with our one-size-fits-all for now, as defined in snmpd.conf.
OIDs in the previous example were abbreviated. Use the -On option to see the whole OID:
# snmpwalk -On -v 2c -c myverysekrettpassword localhost interfaces
.126.96.36.199.188.8.131.52.1.2.1 = STRING: lo
.184.108.40.206.220.127.116.11.1.2.2 = STRING: eth0
.18.104.22.168.22.214.171.124.1.2.3 = STRING: eth1
Now you know a couple of ways to find the information you need when you have to manually configure some OIDs or MIBs. How do you know your search options, besides "system" and "interface"? These are shortcuts for OIDs. "system" is 126.96.36.199.2.1.1, and "interface" is 188.8.131.52.2.1.2. Spelled out in words "system" is iso(1) identified-organization(3) dod(6) internet(1) mgmt(2) mib-2(1) system(1). You'll find the rest at this ASN1.elibel.tm.fr OID tree-view page.
Creating a More Complete snmp.conf
Before diving into the murky, shark-infested snmp.conf waters all by yourself, try running the snmpconf -g basic_setup script. It asks you every possible configuration question under the sun, then deposits the file it creates in root's home directory, so you can either copy it into /etc/snmp/, or not use it, whatever you desire.
Quick MRTG Setup
MRTG, the Multi-Router Traffic Grapher, is very SNMP-capable, and will let you capture all sorts of useful SNMP data. These examples show how to quickly set up a basic networking monitor. You need some sort of HTTP server running, such as Apache or Lighttpd. You may need to create the /etc/mrtg directory.
MRTG comes with the useful cfgmaker command to create MRTG configurations. Once you have verified that your SNMP daemon is running and set up correctly you can create your MRTG configuration. This example creates a very basic setup that monitors all the active network interfaces installed on your system:
# cfgmaker --output=/etc/mrtg/mrtg.cfg
--global "workdir: /var/www/mrtg" -ifref=ip
--global 'options[_]: growright'
The default for cfgmaker is to track two OIDs: input and output of your up network interfaces.
MRTG requires the LANG=C setting. Most Linux systems these days use UTF-8. Run echo $LANG to see what yours is. Regardless of what your system setting is, MRTG will tell you if it is unhappy. Try running this command:
# mrtg /etc/mrtg/mrtg.conf
If it says "ERROR: Mrtg will most likely not work properly when the environment variable LANG is set to UTF-8" then run this command:
# env LANG=C mrtg /etc/mrtg/mrtg.conf
Run this three times to generate all the necessary /var/www/mrtg files. Now run the following command to create a Web index page:
# indexmaker --output=/var/www/mrtg/index.html /etc/mrtg.cfg
Then open a Web browser and go to http://localhost/mrtg/. You should see nice graphs like this one:
Click on the graphs to get daily, weekly, and other statistics.
Start MRTG at Boot
You can either create cron jobs for MRTG, or add RunAsDaemon: Yes to mrtg.conf, and then create a startup file. See mrtg-unix-guide for some examples of how to do these.
On Debian and Ubuntu, there is a MRTG bug that causes it to complain " ERROR: Creating templock /var/lock/mrtg/_etc_mrtg.cfg_l_3922: No such file or directory at /usr/bin/mrtg line 1645". This happens after a restart. The fix is to run mkdir -m 0755 /var/lock/mrtg. You can put this line your startup file.
Using SNMP With MRTG
The easy way is to find books or other howtos that point you to the MIBs to use for specific tasks, because there are so many of the darned things. But you can also poke around and find interesting things on your own. Suppose you want to monitor CPU load:
$ grep -i cpu /usr/share/snmp/mibs/*.txt
This spits out a bunch of lines. Now what? You'll have to create some custom MRTG configurations to capture and display the data you want. See Net-SNMP howto to see some examples.
You can verify your OIDs before expending a lot of effort in configuration files. For example, the output from our grep includes the object ssCpuRawSystem. Check it out with the snmpwalk command:
root@xena:/etc# snmpwalk -v 2c -c password localhost ssCpuRawSystem
UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 8925
If you know the exact OID, use snmpget instead of snmpwalk.
This completes our whirlwind SNMP tour. Most system and network monitors have a canned set of SNMP data that they know how to grab, but even the most complete ones sometimes require you to fill in some OIDs yourself. So you are now equipped to hunt down the information you need, and you can dazzle people on mailing lists by actually knowing where OIDs come from and how to find them.