NRG HOWTO – Part 1
Switches, and Routers, and Communigate Pro Oh My!
Network Resource Grapher (NRG) http://nrg.hep.wisc.edu/ is a program that graphs performance trends on Simple Network Management Protocol (SNMP) enabled devices. NRG is easier to install and configure than the venerable Multi-Router Traffic Grapher (MRTG), and it is also more efficient. NRG was created by Steve Rader and I gratefully acknowledge his assistance.
In Part One we'll install and configure NRG and graph an Ethernet switch or router, followed by the Communigate Pro email server. In Part Two I'll cover some NRG and SNMP advanced topics that will enable you to graph any SNMP enabled device.
Prerequisites and NRG Installation
This section covers the supporting software for OS X 10.3, including Apache web server modifications, followed by NRG software installation.
Install Xcode Tools - The Xcode Tools are required to compile open source software on OS X 10.3. Insert the Xcode Tools CD, double-click the Developer package icon and perform a default install.
Modify NET-SNMP - NET-SNMP is the Unix module that provides SNMP functions for OS X 10.3. But NRG (as of version 0.99.22) is currently only compatible with UCD-SNMP, its predecessor so we must replace snmpwalk and snmpget with NRG compatible versions (UCD-SNMP 4.23).
Replace SNMP utilities in NET-SNMP with UCD-SNMP versions
cd /usr/bin
sudo mv snmpwalk snmpwalk.NET-SNMP
sudo mv snmpget snmpget.NET-SNMP
sudo curl http://idisk.mac.com/duling/Public/nrgstuff/snmpwalk -O
sudo curl http://idisk.mac.com/duling/Public/nrgstuff/snmpget -O
sudo chmod +x snmpwalk
sudo chmod +x snmpget
Replacing snmpwalk and snmpget
RRDtool Installation – NRG 0.99.22 was tested with RRDtool 1.0.33 and since some later versions can’t draw graphs with NRG (the web browser displays “can't parse '%b'”), the safe route is to install RRDtool-1.0.33. Here is a shortcut to install an OS X binary version.
Setup the Web Server for NRG Pages - NRG requires some special features from the web server to work properly. Open the file /etc/httpd/httpd.conf and perform the following steps:
1) Make a backup copy of httpd.conf, then edit it
cd /etc/httpd
sudo cp httpd.conf httpd.org
sudo pico httpd.conf
2) Allow execution of .cgi files:
Uncomment this line:
AddHandler cgi-script .cgi
Add this directive:
<Directory /Library/WebServer/Documents/nrg>
Options ExecCGI
</Directory>
3) Expire .gif files so graph web pages reload automatically:
Uncomment these lines:
LoadModule expires_module libexec/httpd/mod_expires.so
AddModule mod_expires.c
Add this directive:
<Files "*.gif">
ExpiresActive On
ExpiresDefault M5
</Files>
4) Optional – Change the Apache user and group:
User <NRGuser>(default is ‘www’)
Group <NRGuser>(default is ‘www’)
NOTE: Changing the Apache user to the NRG user merely eliminates the need to change the owner of new SNMP device directories to ‘www’ after NRG creates it (see NRG configuration sections below.) You may choose to run NRG as root, but never run Apache as root.
5) Start or restart the Apache web server:
- Go to System Preferences on the Apple menu
- Click the Sharing icon
- Check the Personal Web Sharing box
- Click the Start button (or Stop and then Start to restart)
Install and Configure NRG - Download NRG ftp://nrg.hep.wisc.edu/pub/src/nrg/ and unzip the file into a folder. Then perform the following steps to install NRG to the default location /usr/local/nrg.
1) Set a link so that NRG installs inside the RRDtool directory
cd /usr/local
ln -s rrdtool-1.x.xx nrg
2) Allow NRG to run as an ordinary (non-root) user
su (you need to be root for this)
find /usr/local/rrdtool-1.x.x -print | xargs chown <user>
3) Install NRG
cd /<download directory>/
./configure --host=powerpc-unknown-freebsd
sudo make install
4) Modify /usr/local/nrg/Makefile
Change the WEB_PREFIX variable to OS X’s web server root directory
WEB_PREFIX = /Library/WebServer/Documents
NRG_WEB_TITLE = MySite’s NRG Web Page
5) Modify /usr/local/nrg/Site.mconf
Change the WebRootDir variable to OS X’s www root directory
WebRootDir[*]:/Library/WebServer/Documents
6) Copy NRG web files, and set permissions for the NRG user:
mkdir /Library/Webserver/Documents/nrg
mkdir /Library/Webserver/Documents/nrg/icons
cd /<download directory>/images/
cp * /Library/Webserver/Documents/nrg/icons
sudo ln -s /Library/Webserver/Documents/nrg /usr/local/nrg/web
Turn on an Ethernet Switch’s SNMP Agent
To graph a network device it must have its SNMP agent turned on and a community string set, which functions as a password for SNMP queries.
On a Cisco switch, use the following command syntax to enable read-only SNMP access (‘public’ should not be used as a community string.)
snmp-server community <communitystring> RO
Check to see if the device’s SNMP agent is responding by using the snmpwalk command.
snmpwalk <ip address><communitystring>
NOTE: We “downgraded” MacOS X 10.3’s snmpwalk before installing NRG. So if you issue the snmpwalk command from a Mac other than the NRG workstation, use the following syntax:
snmpwalk –Os –c<communitystring>-v 1<ip address>
Any SNMP agent response other than a timeout means that the agent is enabled.
Start of a Cisco switch’s SNMP response
Graphing Autodiscoverable Devices
NRG autodiscovery occurs when NRG can automatically discover a device's type and make an appropriate .conf file for it, which generally works for most switches, hubs, and routers. But the only way to truly know if a device is autodiscoverable is to let NRG try to do it.
You define devices to be autodiscovered in the /usr/local/nrg/Site.mconf file. NRG automatically generates .conf files for devices listed there and places them in /usr/local/nrg/autoconfs.
Add a Switch or Router to Site.mconf - Copy the “SomeSwitch” template from the top of the file and modify occurrences of “SomeSwitch” to a descriptive name for an SNMP enabled device, and then modify the TCP/IP address and community string.
Site.mconf switch definitions
Start NRG Discovery - To tell NRG that you've modified its configuration, perform these two commands:
make rediscover
make notify
NOTE: If you aren't running Apache as the NRG user, change the owner of the new device directory. For example, if you renamed SomeSwitch to switch21:
sudo chown www /usr/local/nrg/web/net/traffic/switch21
sudo chown www /usr/local/nrg/web/net/errors/switch21
Execute an NRG Test Run – to run NRG data collection for your devices, execute this command:
/usr/local/nrg/run-nrg (use –d for verbose mode)
A successful run will produce (non-verbose) results like this:
A run-nrg status report
View the NRG Page - After run-nrg completes, you may go to http://localhost/nrg to view your NRG web page.
The NRG home page
Table of a switch’s Ethernet interfaces
Top of Ethernet interface graphs page
NRG makes a web page containing a four hour graph as well as a graph for the last day, week, month, and year (out of view in the figure.) In order to get valid graphs you need to set NRG to run continuously, which is the subject of the next section.
Schedule Continuous NRG Monitoring via Cron
Jobs are scheduled via the Unix cron facility by editing the crontab file. There is a crontab for each user so we'll use sudo to edit the root user’s crontab file since we'll run NRG as root:
sudo crontab -e
This opens the crontab file in a cranky old Unix program called the vi editor. Use the following commands and modify the file so that it contains the comment and command lines given below.
- Type the letter i (insert) where you want to insert the text.
- Type the text given below; use at least one space as a separator.
- When you are finished press the escape key to end text insertion mode.
- Now press the colon key to bring up the vi command line at the bottom of the editor window.
- Type wq (write, quit) to save and exit.
NOTE: If you make a mistake in the vi editor and don’t know how to correct it:
- Press the escape key to exit insert mode
- Press the colon key to get to the vi command prompt
- Press q! to quit the editor without saving changes
Then open and edit the file again using the steps above. You may also search the web for a vi editor quick reference to learn how to correct errors.
To execute an NRG run script every five minutes and write a log file to /var/logs/run-nrg.log, enter the following into the crontab file.
# Run NRG every 5 minutes & write to a log file
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/nrg/run-nrg >> /var/log/run-nrg.log
Non-Autodiscoverable Devices – Part 1
Graphing the Communigate Pro Email Server
For any device that fails to autodiscover properly you must create a custom .conf file, which is the subject of Part Two. But I'll jump ahead for a moment and show you how to graph the Communigate Pro email server with a .conf file I’ve made for you to acquaint you with modifying and installing custom .conf files into NRG.
Graphing Communigate Pro – Since I’ve already made the .conf file for you there are just a few steps to perform to graph Communigate.
1) Turn on Communigate’s SNMP Agent
Enter the Communigate administrator interface in the Settings -> Obscure section and enter your choice for a password (SNMP community string) in the ‘Password’ box of the SNMP Agent panel. This must match the community string in the cgpro.conf file (below.)
Setting the SNMP community string
Now click ‘listener’ in the SNMP panel and make sure that port 161 (the default for SNMP requests) is set. Then allow SNMP polling for your NRG workstation by entering its address or TCP/IP subnet range in the Remote Address Restrictions box.
Allow SNMP polling for the NRG workstation
2) Copy the cgpro.conf file to /usr/local/nrg
cd /usr/local/nrg
curl http://idisk.mac.com/duling/Public/nrgstuff/cgpro.conf -O
3) Customize the CGPro .conf file System variable
System[<target>]: public@mycompany.com
The System variable contains the community string to the left of the @ sign, and the DNS name or TCP/IP address of your Communigate server to the right. So change occurrences of public@mycompany.com accordingly.
4) Make a directory for the CGPro graph files
mkdir /usr/local/nrg/web/net/cgpro
NOTE: This directory must match the directory set in the CGPro.conf file’s RRD and GraphWebPage variables. Also, if you haven’t set Apache to run as the NRG user, change the owner of the new directory to ‘www’.
5) Start the NRG discovery process to tell NRG about the new .conf file
make rediscover
make notify
You may now go to the NRG home page to view the Communigate SNMP links. If you have set NRG to run automatically via cron, after a few minutes the Communigate server graphs will display data. If you’d like your links to be in a table, see section “Putting SNMP Data Objects in a Table” below.
The NRG page with CGPro stats
The upcoming NRG HOWTO Part 2 will cover advanced NRG and SNMP topics required to graph SNMP devices that NRG can’t autodiscover. Look for Part 2 here on billpalmer.net next week!
hey folks, click here to shop Amazon and support us...
