More Linux Server Topics - Network Diagram - About This Site
Chapter 20
Monitoring Server Performance
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In This Chapter
© Peter Harrison, www.linuxhomenetworking.com
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Monitoring your system’s web performance can be done quite easily with a number of graphical tools available for Linux. These include MRTG for raw network traffic which is based on SNMP and Webalizer that monitors web site hits.
SNMP
What is SNMP?
Most routers and firewalls keep their operational statistics in Management Information Blocks (MIBs). Each statistic has an Object Identifier (OID) and can be remotely retrieved from the MIB via the Simple Network Management Protocol (SNMP). However, as a security measure, you need to know the SNMP password or "community string" to do so. There are a number of types of community strings, the most commonly used ones are the "Read Only" community string that only provides access for viewing statistics and system parameters. In many cases the "Read Only" community string or password is set to "public". There is also a "Read Write" community string for not only viewing statistics and system parameters but also for updating the parameters too.
SNMP on a Linux Server
By default, RedHat Linux has the NetSNMP package installed to provide SNMP services. NetSNMP uses a configuration file /etc/snmp/snmpd.conf in which the community strings may be set. The version of the configuration file that comes with Net-SNMP is quite complicated. I suggest archiving it and using a much simpler version with only a single line containing the keyword "rocommunity" followed by the community string. Here is an example of how to do that.
· Save the old configuration file
[root@bigboy snmp]# cd /etc/snmp/
[root@bigboy snmp]# mv snmpd.conf snmpd.conf.old
[root@bigboy snmp]# vi snmpd.conf
· Enter the following line in the new configuration file to set the Read Only community string to "craz33guy"
rocommunity craz33guy
· Configure Linux to start SNMP services on each reboot with the chkconfig command:
[root@bigboy root]# chkconfig --level 345 snmpd on
[root@bigboy root]#
· You can then start SNMP to load the current configuration file.
[root@bigboy root]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]
[root@bigboy root]#
· Test whether SNMP can read the "system" and "interface" information MIB
[root@bigboy snmp]# snmpwalk -v 1 -c craz33guy localhost
system
SNMPv2-MIB::sysDescr.0 = STRING: Linux bigboy 2.4.18-14 #1 Wed Sep 4 11:57:57
EDT 2002 i586
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (425) 0:00:04.25
SNMPv2-MIB::sysContact.0 = STRING: root@localhost
SNMPv2-MIB::sysName.0 = STRING: bigboy
...
...
...
[root@bigboy snmp]# snmpwalk -v 1 -c craz33guy localhost
interface
IF-MIB::ifNumber.0 = INTEGER: 3
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: wlan0
IF-MIB::ifDescr.3 = STRING: eth0
...
...
...
[root@bigboy snmp]#
Note: In this case we were polling localhost. You can poll any SNMP aware network device with SNMP enabled. All you need is the IP address and SNMP read only string and you’ll be able to get similar results.
Now that we know SNMP is working correctly on your Linux server, we can configure a SNMP statistics gathering software package such as MRTG to create online graphs of your traffic flows.
MRTG
What is MRTG?
MRTG (Multi Router Traffic Grapher) is a public domain package for producing graphs of various types of router statistics via a web page. You can easily create graphs of traffic flow statistics through your home network's firewall / router or even your Linux box's NIC cards using MRTG. The product is available from the MRTG website and also on your distribution CDs.
Download and Install The MRTG Packages
Most RedHat Linux software products are available in the RPM format. Downloading and installing RPMs isn’t hard. If you need a refresher, the chapter on RPMs covers how to do this in detail. The latest version of the RPM for RedHat 8.0 is:
mrtg-2.9.17-8.i386.rpm
o You can install the package like this:
[root@bigboy tmp]# rpm -Uvh mrtg-2.9.17-8.i386.rpm
o You will also need to have a webserver package installed for MRTG to work. The RedHat RPM version seems to work with Apache 1.X. The most current version as of this writing was apache 1.3.23 - 11. This is available from the RedHat website or your installation CDs. Install apache using the following command.
[root@bigboy tmp]# rpm -Uvh apache-1.3.23-14.i386.rpm
o MRTG runs automatically upon startup, but you’ll need to configure Apache to start at boot using the chkconfig command:
[root@bigboy tmp]# chkconfig --level 35 httpd on
o Here’s how to start/stop/restart Apache after booting:
[root@bigboy tmp]# /etc/init.d/httpd start
[root@bigboy tmp]# /etc/init.d/httpd stop
[root@bigboy tmp]# /etc/init.d/httpd restart
By default Apache expects the HTML files for your website to be located in /var/www/html. MRTG will place its HTML files in /var/www/html/mrtg.
Configuring MRTG
By default, MRTG will map the inbound and outbound data throughput rates on the device it is polling. There are ways to specify other OIDs such as CPU and memory usage, but this is beyond the scope of this book. We’ll be discussing the default configuration.
When the MRTG RPM is installed it creates a directory called /etc/mrtg in which all future configuration files are stored. Here are the steps you need to go through to create new configuration files.
o In this example we'll use MRTG’s cfgmaker command to create a configuration file named localhost.cfg for the server "bigboy" using a read only community string of craz33guy. All data files will be placed in the directory /var/www/html/mrtg/stats.
[root@bigboy tmp]# cfgmaker --output=/etc/mrtg/localhost.cfg \
-ifref=ip --global "workdir: /var/www/html/mrtg/stats" \
craz33guy@localhost
--base: Get Device Info on craz33guy@localhost:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache craz33guy@localhost: Descr lo --> 1
--snpo: confcache craz33guy@localhost: Descr wlan0 --> 2
--snpo: confcache craz33guy@localhost: Descr eth0 --> 3
--snpo: confcache craz33guy@localhost: Ip 0.0.0.0 --> 3
--snpo: confcache craz33guy@localhost: Ip 127.0.0.1 --> 1
--snpo: confcache craz33guy@localhost: Ip 192.168.1.100 --> 2
--snpo: confcache craz33guy@localhost: Type 24 --> 1
--snpo: confcache craz33guy@localhost: Type 6 --> 2
--snpo: confcache craz33guy@localhost: Type 6 --> 3 (duplicate)
--snpo: confcache craz33guy@localhost: Eth --> 1
--snpo: confcache craz33guy@localhost: Eth 00-06-25-09-6a-b5 --> 2
--snpo: confcache craz33guy@localhost: Eth 00-08-c7-10-74-a8 --> 3
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifSpeed
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Writing /etc/mrtg/localhost.cfg
[root@bigboy tmp]#
o Next create the /var/www/html/mrtg/stats directory and copy all of MRTG’s standard “.png” image files into it.
[root@bigboy mrtg]# mkdir /var/www/html/mrtg/stats
[root@bigboy mrtg]# cp /var/www/html/mrtg/*.png /var/www/html/mrtg/stats
[root@bigboy mrtg]#
o Edit /etc/mrtg/localhost.cfg and remove the sections related to interfaces you don't need to monitor. This would most likely include the loopback interface L0: with the IP address of 127.0.0.1
When the MRTG RPM is installed it places an entry in the /etc/crontab file to make MRTG run every 5 minutes using the default /etc/mrtg/mrtg.cfg configuration file. Add a new line referring to /etc/mrtg/localhost.cfg and comment out the one pointing to mrtg.cfg.
# 0-59/5 * * * * root /usr/bin/mrtg /etc/mrtg/mrtg.cfg
0-59/5 * * * * root /usr/bin/mrtg /etc/mrtg/localhost.cfg
o Run MRTG using /etc/mrtg/localhost.cfg as your argument three times. You'll get an error the two times as MRTG tries to rename old data files, and naturally, the first time it is run, MRTG has no data files to move.
[root@bigboy mrtg]# mrtg /etc/mrtg/localhost.cfg
Rateup WARNING: /usr/bin/rateup could not read the primary log file for
localhost_192.168.1.100
Rateup WARNING: /usr/bin/rateup The backup log file for localhost_192.168.1.100
was invalid as well
Rateup WARNING: /usr/bin/rateup Can't remove localhost_192.168.1.100.old
updating log file
Rateup WARNING: /usr/bin/rateup Can't rename localhost_192.168.1.100.log to
localhost_192.168.1.100.old updating log file
[root@bigboy mrtg]# mrtg /etc/mrtg/localhost.cfg
Rateup WARNING: /usr/bin/rateup Can't remove localhost_192.168.1.100.old
updating log file
[root@bigboy mrtg]# mrtg /etc/mrtg/localhost.cfg
[root@bigboy mrtg]#
o You'll then want to use MRTG’s indexmaker command to create a combined index page to see all the graphs defined in all the various “.cfg” files in your /etc/mrtg directory. Once this is done, you can point your browser to http://ip-address/mrtg/ to get a graphical listing of all the monitored interfaces.
Note: The indexmaker command creates a very generic index page which is very similar to the MRTG home page, don’t be fooled, you will find your devices at the very bottom. The format of the command is:
indexmaker --output=filename device1.cfg device2.cfg etc
RedHat Version 8.0 and Indexmaker
RedHat version 8 gives an error like this when running indexmaker.
[root@bigboy mrtg]# indexmaker --output=index.html /etc/mrtg/localhost.cfg
Can't locate package $VERSION for @MRTG_lib::ISA at /usr/bin/indexmaker line 49
main::BEGIN() called at /usr/bin/../lib/mrtg2/MRTG_lib.pm line 49
eval {...} called at /usr/bin/../lib/mrtg2/MRTG_lib.pm line 49
[root@bigboy mrtg]#
You have a couple choices here:
· Run a version of indexmaker from an older version of RedHat
· Create your own custom index page to replace the default one in /var/www/html/mrtg. You can then add links to all the html files in the /var/www/html/mrtg/stats directory.
Using MRTG To Monitor Other Subsystems
MRTG will generate HTML pages with daily, weekly, monthly and yearly statistics for your interfaces. By default MRTG provides only network interface statistics. The MRTG website www.mrtg.org has links to other sites that show you how to monitor other sub-systems on a variety of devices and operating systems.
Webalizer
What Is Webalizer?
Webalizer is a web server log file analysis tool that comes installed by default on RedHat Linux. Each night, Webalizer reads your Apache log files and creates a set of web pages that allow you to view websurfer statistics for your site. The information provided includes a list of your web site’s most popular pages sorted by “hits” along with traffic graphs showing the times of day when your site is most popular.
How To View Your Webalizer Statistics
By default webalizer places its index page in the directory /var/www/html/usage, so if you have a default Apache installation you’ll be able to view your data by visiting http://www.my-site.com/usage
The Webalizer Configuration File
Webalizer stores its configuration in the file /etc/webalizer.conf. The default settings should be sufficient for your web server, but you may want to adjust the directory in which Webalizer places your graphic statistics. This can be adjusted with the OutputDir directive in the file.
Make Webalizer run in Quiet Mode
Webalizer has a tendency to create this message in your logs which according to the Webalizer site’s documentation is non-critical.
Error: Unable to open DNS cache file /var/lib/webalizer/dns_cache.db
You can make the software run in quite mode by editing the /etc/cron.daily/00webalizer script file and adding the –Q (Quiet) switch to the webalizer command like this:
#! /bin/bash
# update access statistics for the web site
if [ -s /var/log/httpd/access_log ] ; then
/usr/bin/webalizer -Q
fi
exit 0
Once you’ve done this, Webalizer will function with few annoyances, however be aware that running in quiet mode could hide deeper problems that could occur in future.