ifgraph is a nice utility that you can run on a machine on your LAN to query SNMP on your SmallWall and graph its interfaces. Note that you may be able to hack SmallWall to run this locally, but if you have a connection with moderate bandwidth and are running on low end hardware like a Soekris 4501, this could limit the device's throughput.
FreeBSD is used in the demonstrated installation as the OS performing the monitoring and hosting the graphs. This will work on other BSD's, Linux or any other Unix OS, but the installation procedures and configuration file locations may vary.
Installed and functioning Apache server
SmallWall SNMP enabled following the instructions in the Users Guide.
1. Install ifgraph.
We'll install ifgraph from FreeBSD ports using binary packages, unless you want to wait for it to compile (doesn't take horribly long). It'll automatically install all the prerequisites either way you do it.
From binary packages
su-2.05b# pkg_add -r ifgraph
su-2.05b# cd /usr/ports/net-mgmt/ifgraph su-2.05b# make install clean
2. Query for interfaces
After the successful ifgraph installation, we will use ifgraph's find-if.pl to find the interface numbers on your SmallWall. Replace 192.168.1.1 with the LAN IP of your SmallWall, and 'public' with the SNMP community of your firewall.
su-2.05b# /usr/local/bin/find-if.pl -mi 192.168.1.1 public OK: session created, getting info from 192.168.1.1 Showing up interfaces of: 192.168.1.1 Interface total: 8 OK: Collecting info on each interface, wait... Warn: Could NOT get ifPhysAddress table OK: Data collected System Description: FreeBSD m0n0wall.local 4.10-RELEASE FreeBSD 4.10-RELEASE #0: Fri Au i386 System Uptime: 3 days, 06:10:58.33 | If # | Description | Stat | Octets In | Errors | Octets Out | Errors | IP Address | MAC Address | | ------- | ----------- | ---- | ------------- | ------- | ------------- | ------- | ---------------- | --------------- | | (1) | wi0 | up | 0 | 0 | 11538828 | 0 | not set | not set | | (2) | sis0 | up | 3234568017 | 0 | 1783247523 | 0 | 126.96.36.199 | not set | | (3) | sis1 | up | 0 | 0 | 42 | 0 | 10.1.0.1 | not set | | (4) | sis2 | up | 1743313091 | 0 | 3020545424 | 0 | 192.168.1.1 | not set | | (5) | lo0 | up | 732 | 0 | 732 | 0 | 127.0.0.1 | not set |
You'll see the names of your interfaces under the description column. Make note of the interface number (first column) for your interfaces.
3. Edit ifgraph.conf file.
Copy the sample ifgraph.conf file (ifgraph.conf.sample) to ifgraph.conf.
su-2.05b# cp /usr/local/etc/ifgraph.conf.sample /usr/local/etc/ifgraph.conf
Use the following ifgraph.conf as a template. You will need to replace 192.168.1.1 with the LAN IP address of your SmallWall, "public" with the SNMP community configured on your SmallWall, and the "interface=" line to the number of the interface to be graphed.
# [global] target # This target is mandatory # The directives of this target are: # rrdtool = /path/to/rrdtool - full path to rrdtool # rrddir = /path/to/rrddir - full path to a writeable dir, where # rrd files and logs will be created # graphdir = /path/to/public_html - full path to a writeable dir, # where png and html will be created # template = /path/to/template_dir - full path to a directory # containing template files # imgformat = the image format. You may choose: # PNG - Portable Network Graphics # GIF - Graphics Interchange Format # iGIF - Interlaced GIF # GD - Boutell GD # Defaults: You can define default configurations in the global # target, but, for this to work, it must be the first target always. # If [global] is after another target, default configurations # will not work as expected. [global] rrdtool = /usr/local/bin/rrdtool rrddir = /usr/local/var/ifgraph graphdir = /usr/local/ifgraph/htdocs template = /usr/local/ifgraph/templates/en imgformat=PNG # those are the default configurations, should be # overriden in each target host = your.main.router.com community = public port =161 max=100M dimension=550x200 colors=back#000000,font#FFFFFF,shadea#212121,canvas#232323,mgrid#FF0000,out#FFFFFF options=noerror hbeat=600 retry=2 timeout=5 [m0n0wall-wan] host=192.168.1.1 community=public port=161 interface=2 max=100M dimension=550x200 title=In/Out data for m0n0wall WAN interface colors=back#000000,font#FFFFFF,shadea#212121,canvas#232323,mgrid#FF0000,out#FFFFFF options=noerror ylegend=kbits per second legends=kbits entering our network,kbits leaving our network shortlegend=kbits/sec hbeat=600 retry=2 timeout=5 step = 300 periods = -1day, -1week, -1month, -1year [m0n0wall-dmz] host=192.168.1.1 community=public port=161 interface=3 max=100M dimension=550x200 title=In/Out data for m0n0wall DMZ interface colors=back#000000,font#FFFFFF,shadea#212121,canvas#232323,mgrid#FF0000,out#FFFFFF options=noerror ylegend=kbits per second legends=kbits entering DMZ network,kbits leaving DMZ network shortlegend=kbits/sec hbeat=600 retry=2 timeout=5 step = 300 periods = -1day, -1week, -1month, -1year [m0n0wall-lan] host=192.168.1.1 community=public port=161 interface=4 max=100M dimension=550x200 title=In/Out data for m0n0wall LAN interface colors=back#000000,font#FFFFFF,shadea#212121,canvas#232323,mgrid#FF0000,out#FFFFFF options=noerror ylegend=kbits per second legends=kbits entering our LAN network,kbits leaving our LAN network shortlegend=kbits/sec hbeat=600 retry=2 timeout=5 step = 300 periods = -1day, -1week, -1month, -1year
4. Run tests.
First we'll run ifgraph.pl to collect the data. Run this at least three times, and wait a few seconds in between runs.
su-2.05b# ifgraph.pl -c /usr/local/etc/ifgraph.conf
Now we'll run makegraph.pl to make the html pages and graphs.
su-2.05b# makegraph.pl -c /usr/local/etc/ifgraph.conf
Check the ifgraph htdocs directory to make sure it contains the png and html files.
su-2.05b# ls /usr/local/ifgraph/htdocs index.html m0n0wall-lan-1day.png m0n0wall-wan-1month.png m0n0wall-dmz-1day.png m0n0wall-lan-1month.png m0n0wall-wan-1week.png m0n0wall-dmz-1month.png m0n0wall-lan-1week.png m0n0wall-wan-1year.png m0n0wall-dmz-1week.png m0n0wall-lan-1year.png m0n0wall-wan.html m0n0wall-dmz-1year.png m0n0wall-lan.html m0n0wall-dmz.html m0n0wall-wan-1day.png
5. Edit Apache config
In the mod_alias section of your httpd.conf file (/usr/local/etc/apache/httpd.conf in FreeBSD)
Alias /ifgraph/ "/usr/local/ifgraph/htdocs/"
Restart Apache for the changes to take effect.
su-2.05b# apachectl restart
6. Open web browser to view graphs.
Open up your web browser and go to http://server/ifgraph/. You should see graphs there, though they probably will not contain any data at this time. If you can't get any web page to appear, you likely have Apache issues. If you see broken images instead of graphs, check step 4 for problems.
7. Add to cron to update automatically.
Open up /etc/crontab in your text editor, and add the following two lines to the bottom of this file.
* * * * * root /usr/local/bin/ifgraph.pl -c /usr/local/etc/ifgraph.conf > /dev/null */5 * * * * root /usr/local/bin/makegraph.pl -c /usr/local/etc/ifgraph.conf > /dev/null
This will run the data collection every minute, and make the graphs every 5 minutes. You can change these if you like, but these values generally work out well.
Note that you likely don't have to run this as root. If you want to be cautious, you should create an account with the appropriately limited permissions to run this under.
Make cron re-read its configuration files:
su-2.05b# killall -HUP cron