Every network and systems administrator needs tools that can accurately display usage statistics and possible problem areas in his or her infrastructure. However, many of these tools are very expensive and complex and do more than is required to get the job done.

Enter Multi Router Traffic Grapher, or MRTG, an open source tool that creates graphs and Web pages based on SNMP information gathered from various network devices and servers. Almost any device with SNMP capability can be managed with the MRTG utility, and all of the information generated by MRTG is displayed through a Web browser. In this Daily Feature, I’ll explain the requirements for a successful basic installation and configuration of MRTG.

To use MRTG, you should have a Web server, such as Apache or Netscape, running on your UNIX server. In addition, MRTG requires a number of free libraries such as gd and libpng to work properly. In most of the free versions of UNIX/Linux, these libraries are already installed, but in case you run into trouble, Table A provides a list of required libraries along with the locations from which they can be downloaded.
Table A

Required libraries for MRTG
Required library Location to download from
gcc gcc.gnu.org
perl (5.005 or better) www.perl.com
gd www.boutell.com/gd
libpng www.libpng.org/pub/png/src
zlib (ftp) sunsite.cnlab-switch.ch/mirror/infozip/zlib/

The list of required libraries for MRTG is a short one compared to some applications.

Installing MRTG
The first thing you’ll do is install the necessary libraries by following these steps:

  1. 1.      Create a directory for the compilation. (This directory may already exist on your system; if so, skip this step.)

mkdir -p /usr/local/src

  1. 2.      Change to the newly created directory:

cd /usr/local/src

  1. 3.      Install zlib with the following:

wget ftp://sunsite.cnlab-switch.ch/mirror/infozip/zlib/zlib.tar.gz
gunzip -c zlib.tar.gz | tar xf –
mv zlib-?.?.?/ zlib
cd zlib
cd ..

  1. 4.      Install libpng by running the following:

wget http://www.libpng.org/pub/png/src/libpng-1.0.12.tar.gz
gunzip -c libpng-*.tar.gz |tar xf –
rm libpng-*.tar.gz
mv libpng-* libpng
cd libpng
make -f scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
rm *.so.* *.so
cd ..

  1. 5.      Install gd with the following:

wget http://www.boutell.com/gd/http/gd-1.8.3.tar.gz
gunzip -c gd-1.8.3.tar.gz |tar xf –
mv gd-1.8.3 gd
cd gd

  1. 6.      And finally, install the library directories with this command:

make INCLUDEDIRS=”-I. -I../zlib -I../libpng” \
LIBDIRS=”-L../zlib -L. -L../libpng” \
LIBS=”-lgd -lpng -lz -lm”
cd ..

One line

The make command shown above that installs the library directories is actually one line with the backslash (\) characters representing no newline. (Leave those characters out of the command.)

Once all of the required libraries are installed, the installation of the MRTG program is very simple. The current version of MRTG is 2.9.17, and it’s available as mrtg-2.9.17.tar.gz. For this installation, please make sure that you’re logged in as a root user and that you place the MRTG installation file in /usr/local when you download it.

Once you’ve downloaded the distribution file, expand it by switching to the /usr/local directory with the cd /usr/local command and issuing the following at the command line:
gunzip –dc mrtg-2.9.17.tar.gz | tar xvf –

Next, switch to the mrtg source directory with the cd /usr/local/mrtg-2.9.17 command and run the configuration script with an option to install MRTG to the /usr/local/mrtg directory on your server by typing ./configure -–prefix=/usr/local/mrtg. This will only take a few seconds to run.

Next, you need to actually build the contents of MRTG. Type make at the command line and press [Enter]. Again, this will be quick. Finally, type makeinstall at the command line to install the MRTG binary files in their correct locations.

Configuring and running MRTG
The next step is to start giving MRTG configuration files for each device that you want it to monitor. MRTG comes with a utility written in Perl named cfgmaker (located in /usr/local/mrtg/bin in this example) that accomplishes this task automatically for you—automatic in the sense that you don’t have to type in a bunch of configuration commands. You still have to tell it which specific devices to monitor, though.

When you run cfgmaker, you must provide it with some basic details. First, give it a work directory, which is where it will store log files, generated graphs, and HTML output. This directory should be accessible to your Web server so that any HTML output can be rendered by a remote browser. Second, tell MRTG where and under what name to store the generated configuration file for a particular device. The configuration file contains static information that is consistent no matter what kind of traffic the device sees, such as system name, contact information, etc.

Once the configuration file is built, you can run the MRTG executable against it. The first couple of times that you run the MRTG executable file, you’ll get errors indicating problems with the log files. This is normal. MRTG expects to see a history of log files, and if you’ve never run it before, you won’t see these.

Sound complicated? It’s not too bad once you start using it. Another utility, indexmaker, creates a nice HTML index page for you, which is especially useful if you manage many devices. I’ll explain more about this one a little later.

An example will do a lot to clear up some of the confusion:

First, I’ll create the mrtg user with the command useradd mrtg. Then, I’ll run cfgmaker with these arguments to build an MRTG configuration file for a Windows 2000 server that is running the SNMP service. In this command, you can see that my work directory is /usr/local/apache/htdocs/mrtg. This is a directory that Apache can see, and it’s where MRTG will place log files, HTML files, and .png files for this device. I’m storing the configuration file in /home/mrtg as win2k.cfg.

Finally, notice that I’m using public@ as the device name. Public is the SNMP read-only community name for this device, and the IP address is its address. (I don’t use DNS on my test network.)

After I run the command, the .cfg file is placed in /home/mrtg, but nothing is placed in the /usr/local/apache/htdocs/mrtg directory because I only built the MRTG configuration file for this device. I didn’t actually run MRTG yet to read any statistics.

Now I can run MRTG against this configuration file and see what happens:
/usr/local/mrtg/bin/mrtg /home/mrtg/win2k.cfg

I should see six files in the MRTG directory. The four files with .png extensions are graphs for day, month, week, and year. The purpose of the .log and .html files should be fairly evident.

Figure A
The MRTG initial analysis screen showing the default statistics

How did this work? If you examine the /home/mrtg/win2k.log file, you’ll notice a line marked WorkDir that points to this Apache directory. When you run MRTG, the contents of this .cfg file are analyzed and used as parameters for the program. Figure A shows what appears when I browse to the file


As you can see, the default statistics offer Max In/Out, Average In/Out, and Current In/Out. Naturally, you can add many more options to the graphing of your network. If you’re interested in using MRTG to monitor more than the basics, take a look at this MRTG Site guide that will give you a listing of how various sites are using MRTG and how they modify MRTG to suit their needs.

Figure B
Our networking is peaking at nearly 960 Kbps.

The graphs are unpopulated because I just ran the MRTG program for the first time, and the lab server that I use had no traffic. Figure B is a look at the daily graph a few minutes later.

To gather statistics on a periodic basis, you need to either run MRTG from the command line manually or you must find a way to automate the process. Personally, I’d rather automate it. You can use a cron job to do this.

I added the line */5 * * * * /usr/local/mrtg/bin/mrtg /home/mrtg/win2k.cfg to root’s crontab file by running the crontab –e command as the root user. Now, every five minutes, MRTG will be automatically run against the configuration file created earlier.

Multiple interfaces and multiple systems
Most routers and switches have more than one interface. With MRTG, you can separately monitor each one. In this example, I’ll monitor the ports on my Cisco PIX firewall for activity.

Creating the configuration file for a device with multiple interfaces is just as easy as it was in the last example. My particular device’s SNMP community string is public, and its inside IP address is To create the configuration file for this device, I’ll issue this command.

Next, I run MRTG against this file to create an initial set of statistics by issuing /usr/local/mrtg/bin/mrtg /home/mrtg/fw.cfg at the command line. I’ll add this device to the crontab file so that MRTG is automatically run every five minutes.

When I want to view the statistics that were just created, I can browse to it, as before, and use the notation <SNMP device IP address>_<interface number>.html to view statistics on the device. In my case, since the firewall I’m monitoring has only two interfaces, I can view two HTML files, and, depending on which interface I want to see.

The index maker tool
If you think it seems like it can be a little cumbersome to view statistics, you’re correct. But the brains behind MRTG thought it out for you and packaged MRTG with an index creation tool that allows you to see all the devices you’re monitoring at a glance and choose the one you’re interested in.

You’ll find the index maker tool at /usr/local/mrtg/bin/indexmaker. To use indexmaker, you need to give it at least two parameters. The first one is a –output parameter, which tells the utility where to place the results. The second required parameter is the .cfg file that the utility should index. In this example, I’ll index the win2k.cfg and the fw.cfg files that were generated earlier and place the output in the same location as the MRTG files.


If I looked at the fw.html file with my browser, I’d see a screen similar to that in Figure C. Notice that this is an overall traffic analysis for each port on the device rather than four separate graphs broken down by time increments.

Figure C
If you were to click on one of the graphs shown, you would get the full statistical results for that port.

Next, I can create an index.html file that points to each of these two files. In a small environment, you may not need to create this index, but as you add more devices to be monitored by MRTG, I’m sure that you’ll find this utility to be an invaluable resource.

For these two devices, I could create an index.html file in the /usr/local/apache/htdocs/mrtg folder that looks like this:
<A HREF=”fw.html”>PIX firewall stats</A><BR>
<A HREF=”win2k.html”>Windows 2000 Server</A>

As you add new devices, you can add links to the appropriate indexmaker output file so that you have a “one-stop shop” for all of your network-monitoring needs.

Without the aid of a network-monitoring tool like MRTG, troubleshooting your network would be infinitely more difficult. With MRTG’s ability to give constant Net traffic updates, it’s possible to see, in real time, where your networking issues lie. I’ve gone over the very basic installation and simple configuration of a free tool that will allow you to watch your network devices and get statistical information from them at a glance. MRTG has been around for a number of years and will likely be around for many more as improvements are made. Naturally, because it’s an open source project, you can send your suggestions and alterations to the creator to help mold this into the perfect tool for the professional IT network administrator.

In my next article, I’ll discuss another open source monitoring package, Big Brother, and explain how it can be used with MRTG as a very effective monitoring suite.

Have a cool Linux tool?

Do you have a particular Linux tool that you’d like to see covered on TechProGuild? If so, send an e-mail to Jack Wallen, Jr., and let him know what it is.