Packetwatch.net

MRTG in Red Hat Enterprise Linux



Last modified: Sept. 3, 2011

Contents
1 - Summary
2 - Dependencies
3 - MRTG installation
4 - Service configuration
5 - View status on website
6 - Service check


1 - Summary

This guide will show you how to install mrtg in Red Hat Enterprise Linux. MRTG
is used to store information used to create graphs to display traffic. This has
been tested in Red Hat Enterprise Linux 5 x86_64.


2 - Dependencies

Install the apache package. Apache is a web server that will host the web pages
that display the network information.
# sudo yum install httpd.x86_64
[sudo] password for user:

Find where the apache daemon was installed to.
# rpm -ql httpd-* | grep sbin
/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

Enable the apache service so that it will start when the system starts up.
# sudo /sbin/chkconfig httpd on
[sudo] password for user:
# sudo /sbin/chkconfig --list httpd
[sudo] password for user:
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Find where the configuration file should be put.
# rpm -ql httpd-* | grep init.d
/etc/rc.d/init.d/httpd
# grep httpd.conf /etc/rc.d/init.d/httpd
# config: /etc/httpd/conf/httpd.conf
        CONFFILE=/etc/httpd/conf/httpd.conf
# strings /usr/sbin/httpd | grep httpd.conf
-D SERVER_CONFIG_FILE="conf/httpd.conf"
conf/httpd.conf
        directive in your httpd.conf file to list a non-root

You will need to modify the original configuration file. Add the following. In
this example, I set the websites to be stored in an alernate directory. By the
way, there is already a group named it which includes an account for the web
developers.
  ServerName server.test.com
  DocumentRoot "/data/websites/test/server"
  ErrorLog syslog
  LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" commonvhost
  CustomLog "|/usr/bin/logger" commonvhost
  #Alias /icons/ "/var/www/icons/"
  #<Directory "/var/www/icons">
  #    Options Indexes MultiViews
  #    AllowOverride None
  #    Order allow,deny
  #    Allow from all
  #</Directory>
  #ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
  #<Directory "/var/www/cgi-bin">
  #    AllowOverride None
  #    Options None
  #    Order allow,deny
  #    Allow from all
  #</Directory>
  #Alias /error/ "/var/www/error/"
  ErrorDocument 404 /index.html
  NameVirtualHost *:80
  NameVirtualHost *:443
  <VirtualHost *:80>
          ServerName server.test.com
          Redirect / https://server.test.com/
  </VirtualHost>
  <VirtualHost *:443>
          ServerName server.test.com
          ServerAdmin root@localhost
          DocumentRoot /data/websites/test/server
  </VirtualHost>
# rpm -ql httpd-* | grep "httpd\.conf"
/etc/httpd/conf/httpd.conf
# sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf/httpd.conf
[sudo] password for user:
# sudo mkdir -p /data/websites/test/server
[sudo] password for user:
# sudo mkdir -p /data/logs/httpd
[sudo] password for user:
# sudo chown -R root:it /data/logs/httpd/
[sudo] password for user:

Install the mod_ssl package for SSL certificate support. Copy in the SSL
certificate files to /etc/httpd/ssl/.
# sudo yum install mod_ssl.x86_64
[sudo] password for user:
# sudo mkdir /etc/httpd/ssl/
[sudo] password for user:
You will need to modify the original configuration file. Add the following.
  #SSLPassPhraseDialog  builtin
  ErrorLog syslog
  SSLCertificateFile /etc/httpd/ssl/test.cer
  SSLCertificateKeyFile /etc/httpd/ssl/test.key.alt
  SSLCertificateChainFile /etc/httpd/ssl/test.crt
# rpm -ql mod_ssl-* | grep conf.d
/etc/httpd/conf.d/ssl.conf
# sudo cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf.d/ssl.conf
[sudo] password for user:
Create an index file.
  <html>
  <head>
  <title>Test: Network monitoring</title>
  </head>
  <body>
  <a href="https://server.test.com/mrtg/">Bandwidth information - MRTG</a><br>
  </body>
  </html>
# sudo vi /data/websites/test/server/index.html
[sudo] password for user:

Configure syslog appropriately.

Install the perl package. The perl version has to be at least 5.005. If you use
SNMP version 3, you need perl version 5.8 at least.
# sudo yum install perl.x86_64
[sudo] password for user:
# rpm -ql perl-* | grep bin | grep perl
/usr/bin/find2perl
/usr/bin/perl
/usr/bin/perl5.8.8
/usr/bin/perlbug
/usr/bin/perlcc
/usr/bin/perldoc
/usr/bin/perlivp
/usr/lib/perl5/5.8.8/unicore/CombiningClass.pl
/usr/lib/perl5/5.8.8/unicore/lib/gc_sc/InCombin.pl
# /usr/bin/perl -v | grep -i built
This is perl, v5.8.8 built for x86_64-linux-thread-multi

Install the net-snmp-utils package.
# sudo yum install net-snmp-utils.x86_64
[sudo] password for user: 


3 - MRTG installation

Install the mrtg package.
# mkdir mrtg
# cd mrtg/
# wget http://apt.sw.be/redhat/$rel/$lang/$arch/extras/RPMS/mrtg-$ver.$rel.rfx.$arch.rpm
# sudo rpm -ivh mrtg-$ver.$rel.rfx.$arch.rpm
[sudo] password for user:
# cd ..
# rm -fr mrtg/


4 - Service configuration

Find where the mrtg application was installed to.
# rpm -ql mrtg-* | grep bin
/usr/bin/cfgmaker
/usr/bin/indexmaker
/usr/bin/mrtg
/usr/bin/rateup

Enable the mrtg service so that it will start when the system starts up. Here
is a script I created to start and stop the mrtg daemon.
  #!/bin/bash

  # chkconfig: - 50 50
  # description: mrtg

  mrtg=/usr/bin/mrtg
  options="-lock-file /etc/mrtg/.mrtg.lock -logging /data/logs/mrtg/mrtg.log \
  -daemon -pid-file=/var/run/mrtg.pid /etc/mrtg/mrtg.cfg"

  case "$1" in
          start)
                  echo "Starting mrtg: [  OK  ]"
                  env LANG=C $mrtg $options > /dev/null
                  ;;
          stop)
                  if [ -e /var/run/mrtg.pid ]
                      then
                          echo "Stopping mrtg: [  OK  ]"
                          kill -9 `cat /var/run/mrtg.pid`
                          rm -f /var/run/mrtg.pid
                      else
                          echo "mrtg is not running..."
                  fi
                  ;;
          status)
                  if [ -e /var/run/mrtg.pid ]
                      then
                          pid=`cat /var/run/mrtg.pid`
                          echo "mrtg (pid $pid) is running..."
                      else
                          echo "mrtg is not running..."
                  fi
                  ;;
          restart)
                  if [ -e /var/run/mrtg.pid ]
                      then
                          echo "Stopping mrtg: [  OK  ]"
                          kill -9 `cat /var/run/mrtg.pid`
                          rm -f /var/run/mrtg.pid
                      else
                          echo "mrtg is not running..."
                  fi
                  echo "Starting mrtg: [  OK  ]"
                  env LANG=C $mrtg $options > /dev/null
                  ;;
          *)
                  echo "Usage: $0 {start|stop|status|restart}"
                  exit 1
                  ;;
  esac
# sudo vi /etc/rc.d/init.d/mrtg
[sudo] password for user:
# sudo chmod 755 /etc/rc.d/init.d/mrtg
[sudo] password for user:
# sudo /sbin/chkconfig --add mrtg
[sudo] password for user:
# sudo /sbin/chkconfig mrtg on
[sudo] password for user:
# sudo /sbin/chkconfig --list mrtg
[sudo] password for user:
mrtg           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Create a new configuration file.
# rpm -ql mrtg-* | grep mrtg.cfg
/etc/mrtg/mrtg.cfg
/usr/share/doc/mrtg-*/contrib/PMLines/mrtg.cfg-demo
/usr/share/doc/mrtg-*/contrib/TCH/mrtg.cfg
/usr/share/doc/mrtg-*/contrib/accesslistmon/mrtg.cfg
/usr/share/doc/mrtg-*/contrib/mrtgmk/cfg/mrtg.cfg
/usr/share/doc/mrtg-*/contrib/mrtgrq/make-mrtg.cfg.awk
/usr/share/doc/mrtg-*/contrib/net-hosts/make-mrtg.cfg.awk
/usr/share/doc/mrtg-*/contrib/stat/mrtg.cfg
# sudo cp /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.example
[sudo] password for user:
# sudo /usr/bin/cfgmaker --global "Options[_]: bits, growright" --global \
"HtmlDir: /data/websites/test/server/mrtg" --global "ImageDir: \
/data/websites/test/server/mrtg" --global "LogDir: /data/monitoring/mrtg" \
--global "RunAsDaemon: Yes" --global "Interval: 5" --output=/etc/mrtg/mrtg.cfg \
public@router.test.com
[sudo] password for user:
# sudo mkdir -p /data/monitoring/mrtg
[sudo] password for user:
# sudo mkdir /data/logs/mrtg/
[sudo] password for user:
# sudo chown -R root:it /data/logs/mrtg/
[sudo] password for user:

You will need to modify the original configuration file for mrtg used by
apache. Have only the following.
  Alias /mrtg/ "/data/websites/test/server/mrtg/"
  <Directory "/data/websites/test/server/mrtg">
      AuthType Basic
      AuthName "Restricted"
      AuthUserFile /etc/httpd/conf/htaccounts
      Require user Administrator
      Options None
      Order allow,deny
      Allow from all
  </Directory>
# rpm -ql mrtg-* | grep "conf\.d"
/etc/httpd/conf.d/mrtg.conf
# sudo cp /etc/httpd/conf.d/mrtg.conf /etc/httpd/conf.d/mrtg.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf.d/mrtg.conf
[sudo] password for user:

Create a user account using htpasswd that will be allowed to view the mrtg
information.
# rpm -ql httpd-* | grep htpasswd
/usr/bin/htpasswd
/usr/share/man/man1/htpasswd.1.gz
# sudo /usr/bin/htpasswd -c -s /etc/httpd/conf/htaccounts Administrator
[sudo] password for user:
New password: ********
Re-type new password: ********
Adding password for user Administrator

Copy the mrtg web directory and set ownership and permissions. By the way,
there is already a group named it which includes an account for the web developers.
# grep Alias /etc/httpd/conf.d/mrtg.conf.example
Alias /mrtg /var/www/mrtg
# sudo cp -Rp /var/www/mrtg/ /data/websites/test/server/mrtg/
[sudo] password for user:
# sudo /usr/bin/indexmaker --output=/data/websites/test/server/mrtg/index.html \
--title="Test Bandwidth Usage" --columns=4 --sort=name --width=250 \
--height=100 --section=name /etc/mrtg/mrtg.cfg
[sudo] password for user:
# sudo chown -R apache:it /data/websites/test/server/mrtg/
[sudo] password for user:
# sudo chmod -R 774 /data/websites/test/server/mrtg/
[sudo] password for user:

You will need to configure SELinux appropriately. SELinux status can be
found by running sestatus.
# sudo /usr/sbin/sestatus | grep status:
[sudo] password for user:
SELinux status:                 enabled

Before starting the server, make sure that tcp ports 80 and 443 are open in
case you are running firewall software. Here are some sample rules.
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# sudo /sbin/service iptables stop
[sudo] password for user:
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
# sudo cp /etc/sysconfig/iptables /etc/sysconfig/iptables.previous
[sudo] password for user:
# sudo vi /etc/sysconfig/iptables
[sudo] password for user:
# sudo /sbin/service iptables start
[sudo] password for user:
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Start the apache service.
# sudo /sbin/service httpd start
[sudo] password for user:
Starting httpd: [  OK  ]

Start the mrtg service.
# sudo /sbin/service mrtg start
[sudo] password for user:
Starting mrtg: [  OK  ]


5 - View status on website

Navigate your web browser to https://server.test.com/. Click on the link for
Bandwidth information - MRTG. After you login, you will see a screen showing a
summary of the network information.


6 - Service check

Reboot your computer. Log in like normal and check to see that the httpd and
mrtg services are running. That's it, now you have mrtg running in Red Hat
Enterprise Linux.
# sudo /sbin/shutdown -r now
[sudo] password for user:
# sudo /sbin/service httpd status
[sudo] password for user:
httpd (pid  3409) is running...
# sudo /sbin/service mrtg status
[sudo] password for user:
mrtg (pid 3153) is running...


Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.