Chapter 14. Network Monitoring with MRTG

14.0. Introduction

MRTG, the Multi-Router Traffic Graph, was originally designed to collect SNMP traffic counters of routers, log the data, and convert the data to graphs. These graphs are embedded in web pages, and can be read from any web browser. Because MRTG is based on SNMP, you may use it to graph practically any device or service that is SNMP-enabled. This also means you need to pay attention to SNMP, because if SNMP doesn’t work, MRTG doesn’t work.

MRTG builds daily, weekly, monthly, and yearly graphs, so it’s a great tool for seeing trends at a glance. “A picture is worth a thousand words” is especially true when you’re riding herd on a network.

MRTG only collects data and creates graphs; it does not send alerts. It stores data in its own logfiles, which helpfully manage themselves. MRTG automatically consolidates its logs, so you don’t have to worry about them ballooning out of control. It keeps data for two years.

MRTG also depends on an HTTP server. In this chapter, we’ll use Lighttpd because it is a fast, lightweight HTTP server that is well-suited for MRTG. Of course, you may use whatever you like.

There are three versions of SNMP: SNMPv1, SNMPv2, and SNMPv3. SNMPv1 is the most widespread, and probably will be for some time to come. The main objection to v1 is the lack of security; all messages are sent in cleartext. v2 was developed to add security, but it seems that development got a bit out of hand, and we ended up with four versions: ...

Get Linux Networking Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.