Newsletter Get the Newsletter

One individual who faced the monitoring problem created a solution. The result is Tobias Oetiker's Multi Router Traffic Grapher (MRTG),¹ a simple and extremely effective mechanism for collecting, storing, and displaying router traffic information. In the spirit of open cooperation that is a cornerstone of the UNIX community, MRTG is freely redistributable under the terms of the GNU Public License.

The Basic Idea

MRTG is a Perl script that collects and graphs data. The information is retrieved via the Simple Network Management Protocol (SNMP) and displayed using HTML. The use of Perl, SNMP, and HTML makes the software exceedingly portable. Although it is designed to track packet counters from routers, MRTG can be used to track anything that can be accessed via SNMP. A sample graph is given in Figure 1 (green is incoming traffic, blue is outgoing).

The original version of MRTG, written in 1994, used the SNMP tools package from Carnegie Mellon University to perform the queries. It also used pnmtogif from the PBMplus library to build the graphs. The result was a clever tool, built on other tools, that suffered from performance problems. MRTG v. 2 now uses the Perl-based SNMP package from Simon Leinen² and the general-purpose graphing library GD by Thomas Boutell for creating the GIF images.³ Users quickly flocked to MRTG, primarily because it brought together key elements into a single package: simple setup, easy maintenance, friendliness, and an integrated solution. Version 3 of MRTG was recently announced. It continues to provide everything v. 2 does, along with better scalability and flexibility.

The Data Log

MRTG is designed to run at regular intervals, like a cron job. In one invocation it collects all the information specified by its configuration file, then stores it in a log file. Finally, MRTG generates graphs and stores them as GIF images. The graphs that are generated show traffic strip charts for activity spanning the day, week, month, and year. Each graph has a different sampling interval. Where the daily graph shows five-minute averages, the monthly graph only shows two-hour averages. This scale reduction for historic data is a key factor in the design of the log file format.

Samples collected by MRTG are not stored indefinitely. The data-storage model that MRTG uses will intentionally throw out some of the data over time. This "lossy" storage model is used to ensure that the data log does not grow without bound. In fact, the log file does not grow at all over time. It experiences a period of growth after installation--as all the historic fields have the string "0" replaced with real data--but the size of the file remains bounded.

The lossy data-storage model works on the assumption that detailed samples taken from previous months are no longer important. As time moves on, five-minute samples are aggregated into 15-minute samples, 15-minute into two-hour ones, and two-hour into daily samples. Although the log will contain five-minute samples for the previous week, it will hold only daily samples for the last year. MRTG will perform this data reduction automatically every time it is run. This is how the log file size remains relatively constant. The price for lossy data storage is that the data log must be entirely rewritten for every invocation of MRTG.

Configuration

The configuration file offers quite a bit of flexibility in all areas: data collection, graph generation, and automatic HTML creation.

Each line in the configuration file consists of a keyword and associated values separated by a colon, for example, Refresh: 300.

An interface on a router is known to MRTG as a "target," and is identified in the configuration file with a target line, such as Target[name]: 1:public@router.

The string "name" is used to identify the target in the output and in the rest of the configuration. The number (in this case 1) is the port number on the router, followed by the read-only community name for SNMP, the @ sign, then the name of the router itself. Most router software arbitrarily sets the read-only community name to "public" (and the read-write community name to "private"). You would be well-advised to change the community strings unless you really want everyone on the Internet to see (and possibly alter) your router's configuration and statistics.

Other per-interface parameters are set with a syntax similar to Target. For example, the speed of the line can be declared with the line MaxBytes[name]: 8000, which is for setting the scale in the resulting charts.

The complete syntax for the configuration file is documented in an HTML page included with the MRTG package. The configuration file contains a substantial amount of information and you probably don't want to create it from scratch. Fortunately, there is a tool included with MRTG that makes configuration easy. The Perl script cfgmaker will use SNMP to query a target device and determine its interfaces, active status, names, and any other information that can be seen. It places the results in a configuration file and writes the file to standard output. This gets the hard part of configuring MRTG out of the way. Tweaking the resulting file is much easier than writing it from scratch.

If you use cfgmaker to create your configuration, one change you should make is the specification of the working directory. The working directory is where all the dynamic information associated with MRTG is maintained. There is one set of files for each interface that MRTG monitors: the log file contains the lossy data described earlier, four GIF files contain the four strip charts, and the HTML file is used to view the information. There also is a file with the suffix .old, which contains the previous copy of the log file.

The working directory is specified in the configuration with a line that looks like WorkDir: /opt/mrtg/share.

You should make the MRTG working directory available to your Web server. This could be done in one of several ways. The easiest is to place the directory within the Web server's tree, for example /opt/apache/share. An alternative is to incorporate the directory into the Web server's configuration, as one would do with an Apache "Directory" directive. Finally, you could copy the data over at five-minute intervals. The simplest installation places MRTG on the same host that provides Web service, but performance concerns may preclude you from doing so. In such a situation, you will need to ensure that the Web server has access to the most recent MRTG information, either through rcp, NFS, or some other network mechanism. You may wish to consider creating a separate Web server just to handle the MRTG pages.

You can also have MRTG track data from sources other than SNMP. The configuration syntax lets you specify a program whose output will be logged and graphed. MRTG expects the output to be in a simple text format-four lines containing the various values it wants to track. The program itself is specified via the Target directive, for example:

Target[disk]: `df2mrtg /dev/dsk/c0t3d0s0`

Installation

MRTG is easy to install. It has one C source file: rateup.c. This should compile easily on any system with an ANSI C compiler (such as GNU CC). MRTG does rely on the GD library for creating GIF files. Before you can get MRTG to work, you need to configure, compile, and install GD. Finally, you need Perl 5.003 or higher.

Once you have MRTG working, you will want to have cron run it at five-minute intervals. I recommend you have something other than root run mrtg, such as "daemon" or "sys," and you need to ensure that the directories MRTG manipulates are owned by this user. This includes the directory that contains the configuration file, because MRTG creates a lock there. A crontab line to run MRTG might look like the one listed in Figure 2. Obviously you need to specify full pathnames for MRTG and its configuration file.

If five-minute samples consume too many resources, you can opt for a longer cycle. The time between each invocation should remain constant, such as 10, 15, or 30 minutes. Specify the invocation times as desired in the crontab file, then add the following line to the configuration: Interval: 10. In this example, MRTG will assume the interval is ten minutes.

MRTG 3

The next version of MRTG is under development. The biggest change is the use of a database for storing log information. Previous versions of MRTG stored the data in a text file, and had to rewrite that file on every invocation. Version 3 includes the Round Robin Database (RRD) tool, which provides a faster mechanism for storing and expiring data. RRD also includes its own graphing tool and lets you generate graphs using a wide variety of criteria. RRD is flexible enough to be used as a general-purpose tool for tracking a large number of diverse time-series data sources. It has become a package unto itself, and already is being incorporated into many custom monitoring applications. The use of RRD in v. 3 allows MRTG to completely isolate the data gathering (via SNMP) and data visualization. The fast generation of the graphs also allows v. 3 to provide graphs on demand, rather than spending the time to pregenerate each. The bottom line is that v. 3 is significantly more scalable and flexible than v. 2.

Essential Tool

One thing that MRTG does not provide is an index page for the target directory. You must create your own index.html file that contains links to the various interface pages. One site I work with simply uses server-side include directives to place all the MRTG information on one large page for quick access.

If you are used to looking at strip charts under Sun's Open Windows or MIT's Athena widgets, the strip charts normally move from right to left. That is, the most recent information is on the right. By default, MRTG is the opposite: new information appears on the left and information is scrolled to the right over time. If you aren't prepared for this, it could surprise you.

MRTG is a wonderful tool for monitoring router traffic. It should be essential to any installation. The information it provides is invaluable to network administrators, and also has appeal to users. In fact, at the De Montfort University, where MRTG was first developed, the graphs it created helped convince management that a faster link was needed.

The MRTG Web site is http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/. It includes instructions on downloading and installation. The Web site for the GD library is http://www.boutell.com/gd/. Perl can be found at a wide variety of locations, including http://www.perl.com.

William LeFebvre has been banging on UNIX systems for 15 years and has been studying Internet technology for almost as long. He is the editor for the SAGE series "Short Topics in System Administration," and he currently operates Group Sys Consulting (Alpharetta, GA). Reach him at wnl@groupsys.com or via the Web at http://www.groupsys.com.

References

1. Oetiker, Tobias. "MRTG-The Multi Router Traffic Grapher," Proceedings of The Twelfth Systems Administration Conference (LISA 98), December 1998, Boston, MA.

2. Leinen, Simon. Perl 5 SNMP Module, an SNMP client implemented entirely in Perl. http://www.switch.ch/misc/leinen/snmp/perl/.

3. Boutell, Thomas. GD Lib, a graphics library for fast creation of GIF images. http://www.boutell.com/gd/.

Copyright © 2001 UnixReview.com, UnixReview.com's Privacy Policy
Comments about the website: rreames@cmp.com
SDMG Web Sites: C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, Sys Admin, SD Expo, SD Magazine, UnixReview.com, Windows Developer's Journal, TPJ, BYTE.com