2014年9月15日 星期一

CentOS 6.5 安裝MRTG

因為之前工作用的MRTG掛了,所以重新安裝一部

1.首先安需要的套件

yum  -y  install  gcc  perl  gd  libpng  zlib  mrtg

























因為MRTG是走SNMP協定,所以SERVER需要安裝SNMP套件,
我先用 rpm -qa | grep snmp 來查一下是否有安裝,















我這部SERVER是有安裝snmp的,如果沒有,
可以下 yum install net-snmp net-snmp-utils 來安裝

再來設定snmp,vi /etc/snmp/snmpd.conf
在該檔案加入這兩行
view systemview included .1.3.6.1.2.1.2.2.1.10
view systemview included .1.3.6.1.2.1.2.2.1.16
#附註說明 
1.3.6.1.2.1.2.2.1.10.2 是 eth0 流入量
1.3.6.1.2.1.2.2.1.16.2 是 eth0 的流出量



之後重啟snmp
service snmpd restart

#附註說明 如果偵測設備時出現錯誤,可以考慮將snmpd.cfg 裡面的內容置換成 以下
####
# First, map the community name "public" into a "security name"

#       sec.name  source          community
com2sec notConfigUser  default       public

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

####
# Third, create a view for us to let the group have rights to:

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    all           included   .1 80
view    systemview    included   .1.3.6.1.2.1.2
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25
view    systemview    included   .1.3.6.1.4.1.2021

####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none none

# -----------------------------------------------------------------------------

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

##       sec.name  source          community
com2sec local     localhost       COMMUNITY
com2sec mynetwork 203.68.102.0/24      COMMUNITY

##     group.name sec.model  sec.name
group MyRWGroup  any        local
group MyROGroup  any        mynetwork
#
#group MyRWGroup  any        otherv3user
#...

##           incl/excl subtree                          mask
view all    included  .1                               80

## -or just the mib2 tree-

view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc


##                context sec.model sec.level prefix read   write  notif
access MyROGroup ""      any       noauth    0      all    none   none
access MyRWGroup ""      any       noauth    0      all    all    all


###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don't allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and 
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#

# First, map the community name "public" into a "security name"
#       sec.name        source          community
com2sec notConfigUser   default         public

# Second, map the security name into a group name:
#       groupName       securityModel   securityName
group   notConfigGroup  v1              notConfigUser
group   notConfigGroup  v2c             notConfigUser

# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
#       name            incl/excl       subtree mask(optional)
view    roview          included        .1
view    rwview          included        system.sysContact
view    rwview          included        system.sysName
view    rwview          included        system.sysLocation
view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
view    rwview          included        at.atTable.atEntry.atPhysAddress
view    rwview          included        at.atTable.atEntry.atNetAddress
view    rwview          included        ip.ipForwarding
view    rwview          included        ip.ipDefaultTTL
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
view    rwview          included        snmp.snmpEnableAuthenTraps

# Finally, grant the group read-only access to the systemview view.
#       group          context sec.model sec.level prefix read   write  notif
access  notConfigGroup ""      any       noauth    exact  roview rwview none



###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)

# Example output of snmpwalk:
#   % snmpwalk -v 1 localhost -c public system
#   system.sysDescr.0 = "SunOS name sun4c"
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
#   system.sysContact.0 = "Me "
#   system.sysName.0 = "name"
#   system.sysLocation.0 = "Right here, right now."
#   system.sysServices.0 = 72


###############################################################################
# Logging
#

# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.

dontLogTCPWrappersConnects yes

# -----------------------------------------------------------------------------


###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.  

# disk PATH [MIN=100000]
#
# PATH:  mount path to the disk in question.
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
#        Default value = 100000.

# Check the / partition and make sure it contains at least 10 megs.

disk / 10000

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""

# -----------------------------------------------------------------------------





搞定SNMP後,接下來處理MRTG的設定...

有兩種方式可以產生cfg檔案:
方法1.使用cfgmaker 自動產生檔案 (強烈推薦!!)
若要針對大量的網路設備去偵測的話,建議使用cfgmaker來自動產生 cfg檔案
方法如下:
cfgmaker SNMP Community String@L2_Switch_IP --output=產生cfg檔案的路徑


cfgmaker Dorm@140.129.88.7 --output=/etc/mrtg/dorm.cfg
以上的意思是說 我針對140.129.88.7這台網路設備(通常是 Switch)去執行cfgmaker,
產生出來的檔案為/etc/mrtg/dorm.cfg,

而140.129.88.7 這台設備的SNMP Community String是Dorm (我用的SNMP Community String是Dorm,預設通常為public(因 SNMP是標準協定,所有的網路設備商通用的SNMP Community String為public),但是一般的網管人員會將網路設備的SNMP Community String改掉(像我們為了資安理由,就將public改了,避免有心人進去查到設備資訊))

方法2.自行編輯 MRTG 設定檔

編輯 /etc/mrtg/mrtg.cfg , 內容只要有下面即可

Target[eth0]: 2:public@127.0.0.1
MaxBytes[eth0]: 1250000
Options[eth0]:growright, bits  #(用在網路流量中)
Title[eth0]: Traffic Analysis  
PageTop[eth0]:<h1> 127.0.0.7</h1>

如果要新增其他設備,就繼續編輯mrtg.cfg

Target[Dorm]: Switch_Port:SNMP Community String@L2_Switch_IP
MaxBytes[Dorm]: 1250000
Options[Dorm]:growright, bits
Title[Dorm]: Traffic Analysis
PageTop[Dorm]: <H1>學生宿舍</H1>

#參數說明: 其中Target 的參數主要是說要針對哪一個設備去抓資料,
上述設定的Target[eth0]: 2:public@127.0.0.1 是說我針對本機端的第2Port(即網路卡)去抓流量,
像宿舍流量: Target[Dorm]: 4:Dorm@140.129.88.7 這一段的意義是:我針對140.129.88.7這部設備的第4Port去抓資料,用的 SNMP Community String 是當初我所設定的 Dorm...


同時修改一下工作網頁,因為我預設的網頁路徑是 /var/www/html/mrtg ,所以要找到
HtmlDir 與 ImageDir改為以下

HtmlDir: /var/www/html/mrtg
ImageDir: /var/www/html/mrtg

Refresh: 300                              #網頁設定每300秒更新一次
Interval: 10                               #每10秒讀取設定檔
Language: big5                        #語系big 5
Options[ _ ]: growright           #由右邊畫起 
這兩個照預設值就可以了
其他參數說明:


#附註:
1.如果沒有mrtg的目錄,請記得先用mkdir /var/www/html/mrtg 來生成該目錄
2.如果Apache 重新啟動後發現mrtg網頁進不去,請確認一下/etc/httpd/conf.d/mrtg.cfg中的
Alias /mrtg /var/www/html/mrtg 路徑是否有誤!!! 更改後記得重啟Apache






public 前面的數字可用下面偵測, 一般 eth0 代號是 2

ip  link








執行 3 次下面指令, 產生基本網頁

代碼:

env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

產生網頁,產生在 /var/www/html/mrtg/ 下

indexmaker /etc/mrtg/mrtg.cfg > /var/www/html/mrtg/index.html




 



透過cronatb設定每2分鐘跑一次上一個指令
crontab -e

*/2 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg  > /dev/null 2>&1

產生之後,可以透過Winscp 來看一下工作目錄

你會發現其實他是透過剛剛我們寫的croontab 來將設備流量產生成圖片,eth0.html這個網頁就是將圖片資料顯示出來的頁面而已,如果要修改成自己的網頁,那就自己寫html,把圖片帶進去就可以了...







沒有留言:

張貼留言