|
NAMEcfgmaker - Creates mrtg.cfg files (for mrtg-2.17.4)SYNOPSIScfgmaker [options] [community@]router [[options] [community@]router ...]OPTIONS--ifref=nr interface references by Interface Number (default) --ifref=ip ... by Ip Address --ifref=eth ... by Ethernet Number --ifref=descr ... by Interface Description --ifref=name ... by Interface Name --ifref=type ... by Interface Type You may also use multiple options separated by commas, in which case the first available one is used: e.g. --ifref=ip,name,nr --ifdesc=nr interface description uses Interface Number (default) --ifdesc=ip ... uses Ip Address --ifdesc=eth ... uses Ethernet Number --ifdesc=descr ... uses Interface Description --ifdesc=name ... uses Interface Name --ifdesc=catname ... uses CatOS Interface Name --ifdesc=ppname ... uses Passport Port Name --ifdesc=alias ... uses Interface Alias --ifdesc=type ... uses Interface Type You may also use multiple options separated by commas, in which case the first available one is used: e.g. --ifdesc=catname,ppname,descr,alias,ip,name,nr --if-filter=f Test every interface against filter f to decide wether or not to include that interface into the collection. Currently f is being evaluated as a Perl expression and it's truth value is used to reject or accept the interface. (Experimental, under development, might change) --if-template=templatefile Replace the normal target entries for the interfaces with an entry as specified by the contents in the file templatefile. The file is supposed to contain Perl code to be executed to generate the lines for the target in the configuration file. (Experimental, under development, might change) --host-template=templatefile In addition to creating targets for a host's interfaces do also create targets for the host itself as specified by the contents in the file templatefile. The file is supposed to contain Perl code to be executed to generate the lines for the host related targets (such as CPU, ping response time measurements etc.) in the config- uration file. (Experimental, under development, might change) --global "x: a" add global config entries --no-down do not look at admin or opr status of interfaces --show-op-down show interfaces which are operatively down --zero-speed=spd use this speed in bits-per-second as the interface speed for all interfaces that return a speed of 0 via ifSpeed/ifHighSpeed. 100Mbps = 100000000 --subdirs=format give each router its own subdirectory, naming each per "format", in which HOSTNAME and SNMPNAME will be replaced by the values of those items -- for instance, --subdirs=HOSTNAME or --subdirs="HOSTNAME (SNMPNAME)" --noreversedns do not reverse lookup ip numbers --community=cmty Set the default community string to "cmty" instead of "public". --enable-ipv6 Enable IPv6 support, if the required libraries are present. Numeric IPv6 addresses must be enclosed in square brackets, e.g. public@[2001:760:4::1]:161 --use-16bit Use 16bit SNMP request IDs to query all routers. --snmp-options=:[<port>][:[<tmout>][:[<retr>][:[<backoff>][:<ver>]]]] Specify default SNMP options to be appended to all routers following. Individual fields can be empty. Routers following might override some or all of the options given to --snmp-options. --dns-domain=domain Specifies a domain to append to the name of all routers following. --nointerfaces Don't do generate any configuration lines for interfaces, skip the step of gathering interface information and don't run any interface template code. --interfaces Generate configuration lines for interfaces (this is the default). The main purpose of this option is to negate an --nointerfaces appearing earlier on the command line. --help brief help message --man full documentation --version print the version of cfgmaker --output=file output filename default is STDOUT DESCRIPTIONCfgmaker creates MRTG configuration files based on information pulled from a router or another SNMP manageable device.[community@]router Community is the community name of the device you want to create a configuration for. If not specified, it defaults to 'public'; you might want to try this first if you do not know the community name of a device. If you are using the wrong community name you will get no response from the device. Router is the DNS name or the IP number of an SNMP-managable device. Following the name you can specify 6 further options separated by colons. The full syntax looks like this: router[:[prt][:[tmout][:[retr][:[backoff][:vers]]]]] Of special interest may be the last parameter, vers. If you set this to '2' then your device will be queried with SNMP version 2 requests. This allows you to poll the 64 bit traffic counters in the device and will thus work much better with fast interfaces (no more counter overrun). Note that the order in which the routers are specified on the command line do matter as the same order is used when the configuration file is generated. The first specified router has it's configuration lines genrated first, followed by the lines belonging to the next router and so on. Note that the first line of the generated cfg file will contain all the commandline options you used for generating it. This is to allow for the easy 'regeneration' in case you want to add newhosts or make some other global change. ConfigurationExcept for the --output and --global options, all options affect only the routers following them on the command line. If an option specified earlier on the command line reappears later on the command line with another value, the new value overrides the old value as far as remaining routers are concerned. This way options might be tailored for groups of routers or for individual routers.See --output and --global for how their behaviour is affected by where or how many times they appear on the command line. See the Examples below on how to set an option differently for multiple routers.
SNMP V3 OptionsCfgmaker supports SNMP V3 using the Net:SNMP perl module. There are optional parameters affecting SNMP operation.
SNMPv3 Arguments A SNMP context is a collection of management information accessible by a SNMP entity. An item of management information may exist in more than one context and a SNMP entity potentially has access to many contexts. The combination of a contextEngineID and a contextName unambiguously identifies a context within an administrative domain. In a SNMPv3 message, the contextEngineID and contextName are included as part of the scopedPDU. All methods that generate a SNMP message optionally take a --contextengineid and --contextname argument to configure these fields.
User-based Security Model Arguments The User-based Security Model (USM) used by SNMPv3 requires that a securityName be specified using the --username argument. The creation of a Net::SNMP object with the version set to SNMPv3 will fail if the --username argument is not present. The --username argument expects a string 1 to 32 octets in length. Different levels of security are allowed by the User-based Security Model which address authentication and privacy concerns. A SNMPv3 target will derive the security level (securityLevel) based on which of the following arguments are specified. By default a securityLevel of 'noAuthNoPriv' is assumed. If the --authkey or --authpassword arguments are specified, the securityLevel becomes 'authNoPriv'. The --authpassword argument expects a string which is at least 1 octet in length. Optionally, the --authkey argument can be used so that a plain text password does not have to be specified in a script. The --authkey argument expects a hexadecimal string produced by localizing the password with the authoritativeEngineID for the specific destination device. The "snmpkey" utility included with the Net::SNMP distribution can be used to create the hexadecimal string (see snmpkey). Two different hash algorithms are defined by SNMPv3 which can be used by the Security Model for authentication. These algorithms are HMAC-MD5-96 "MD5" (RFC 1321) and HMAC-SHA-96 "SHA-1" (NIST FIPS PUB 180-1). The default algorithm used by the module is HMAC-MD5-96. This behavior can be changed by using the --authprotocol argument. This argument expects either the string 'md5' or 'sha' to be passed to modify the hash algorithm. By specifying the arguments --privkey or --privpassword the securityLevel associated with the object becomes 'authPriv'. According to SNMPv3, privacy requires the use of authentication. Therefore, if either of these two arguments are present and the --authkey or --authpassword arguments are missing, the creation of the object fails. The --privkey and --privpassword arguments expect the same input as the --authkey and --authpassword arguments respectively. The User-based Security Model described in RFC 3414 defines a single encryption protocol to be used for privacy. This protocol, CBC-DES "DES" (NIST FIPS PUB 46-1), is used by default or if the string 'des' is passed to the --privprotocol argument. By working with the Extended Security Options Consortium http://www.snmp.com/eso/, the module also supports additional protocols which have been defined in draft specifications. The draft http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt defines the support of CBC-3DES-EDE "Triple-DES" (NIST FIPS 46-3) in the User-based Security Model. This protocol can be selected using the --privprotocol argument with the string '3desede'. The draft http://www.snmp.com/eso/draft-blumenthal-aes-usm-04.txt describes the use of CFB128-AES-128/192/256 "AES" (NIST FIPS PUB 197) in the USM. The three AES encryption protocols, differentiated by their key sizes, can be selected by passing 'aescfb128', 'aescfb192', or 'aescfb256' to the -privprotocol argument. Details on FiltersThe purpose of the filters is to decide which interfaces to accept and which interfaces to reject. This decision is done for each interface by evaluating the filter expression as a piece of Perl code and investigating the result of the evaluation. If true, accept the interface otherwise reject it.When working with filters, remember that Perl has it's own idea of what truth and false is. The empty string "" and the string "0" are false, all other strings are true. This further imples that any integer value of 0 is false as well as any undef value. It also implies that all references are considered true. As the filter is evaluated as a Perl expression, several useful constructs in Perl are worth mentioning: Expressions might be grouped by using parentheses "()". Expressions might be combined using boolean operators such as the following:
(For more details on this I recommend a book on Perl) Predefined Filter Variables To facilitate, there are a number of predefined values available to use in the filter. Note that these variables are also available when templates interfaces are evaluated (but not host templates). Caveat: All these variables' names begin with a dollar sign ($), which is a syntactic requirement for scalar variables in Perl. The danger here is that the dollar sign in many shells is an active character (often used for shell variables exactly as in Perl variables) so it is important to ensure that the Perl expression isn't evaluated by the command line shell as shell code before being passed to cfgmaker as command line arguments. In shells like Bourne shell, ksh shell or bash shell, placing the entire expression within single qoutes will avoid such accidental evaluation: '--if-filter=($default_iftype && $if_admin)'
A number of variables are also predefined to easily decide if an interface belong to a certain cathegory or not. Below is all those variables listed together with which if_type numbers each variable will be true for. Note that some variables refer to other variables as well.
Besides that, you can also use the variables defined for templates below. Further, all the variables available in cfgmaker is at the scripts disposal even if the use of such features is discouraged. More "shortcuts" in the form of variables and functions will be made available in the future instead. Examples on Filters The following filter will not affect which interfaces get's included or excluded, it will make cfgmaker behave as normally. '--if-filter=$default' The following filter will make cfgmaker exclude PPP (23) interfaces: '--if-filter=$default && $if_type!=23' The following filter will make cfgmaker behave as usual except that it will consider the operational state of an interface irrelevant but still reject all interfaces which are administratively down. '--if-filter=$if_admin && $default_iftype' Details on TemplatesThe contents of the template files are evaluated as a Perl program. A number or Perl variables are available for the program to read and others are used to be written to.As quite a few of the predefined variables has values which are are supposed to be used in HTML code some of them have an "HTML-escaped" variant, e.g $html_syslocation is the HTML escaped variant of $syslocation. The HTML escaping means that the chars "<", ">" and "&" are replaced by "<", ">" and "&" and that newlines embedded in the string are prepended with "<BR>" and appended with a space character (if a newline is last in the string it is not touched). Writable Template Variables These are the variables available to store the configuration lines in. Some of them are initialized prior to the evaluation of the template but such content normally is comments for inclusion in the final configuration file so those variables might be reset to the empty string in the template code to eliminate the comments. The other way around is also possible, the contents of these variables might be extended with further information for various reasons such as debugging etc. Once the template has been evaluated, the following happens: if the template is a interface template and the actual interface for some reason is rejected and thus needs to be commented out, all the lines in the variable $target_lines are turned into comments by adding a hash mark ("#") at their beginning. Then all the variables $head_lines, $problem_lines , $target_lines and $separator_lines are concatenated together to form the lines to add to the configuration file.
Predefined Template Variables All the variables below are available for interface templates to use. For host templates, only those listed under "Host and System Variables" are available. For interface templates the variables listed under "Predefined Filter Variables" are also available. Host and System Variables
Interface Target Related Variables
By default cfgmaker uses the following directives for each target it generates: Target[], SetEnv[], MaxBytes[], Title[], PageTop[] and if there is any directory specified also the Directory[] directive. To facilitate the creation of templates which generates target configs which are similar to the default one, each of the above mentioned directive lines have a corresponding variable containing the line as cfgmaker would have output it by default. Note that none of these have a HTML escaped variant, text in them is HTML escaped where needed. Also note that they do not have any newline at the end.
Interface Network Configuration Variables
Interface Name, Description and Alias Variables It might seem confusing with both Name, Description and Alias in this context and to some extent it is. Name and Description are usually supported on most equipment but how they are used varies, both between manufacturers as well as between different cathegories of equipment from the same manufacturer. The Alias is at least supported by Cisco IOS, and that variable contains whatever is used in the IOS statement called "description" for the interface (not to be confused with the SNMP variables for Description). For better control from the command line consider $if_title_desc which contents are controlled by the --if-descr command line option.
Help Functions for Templates The following functions exists to facilitate the writing of host and interface templates.
Example Template Files Template Example 1: Eliminating Rejected Targets From Appearing This template file generates exactly the same configuration code per interface as cfgmaker does by default, with the exception that it eliminates all lines (comments as well as config code) for an interface if the interface happens to be rejected. if(not $problem_lines) { $target_lines .= <<ECHO; Target[$target_name]: $if_ref:$router_connect SetEnv[$target_name]: MRTG_INT_IP="$if_ip" MRTG_INT_DESCR="$if_snmp_descr" ECHO if ($directory_name) { $target_lines .= "Directory[$target_name]: $directory_name\n"; } $target_lines .= <<ECHO; MaxBytes[$target_name]: $if_speed Title[$target_name]: $html_desc_prefix$html_if_title_desc -- $sysname PageTop[$target_name]: <h1>$html_desc_prefix$html_if_title_desc -- $sysname</h1> <div id="sysdetails"> <table> <tr> <td>System:</td> <td>$sysname in $html_syslocation</td> </tr> <tr> <td>Maintainer:</td> <td>$html_syscontact</td> </tr> <tr> <td>Description:</td> <td>$html_if_description</td> </tr> <tr> <td>ifType:</td> <td>$html_if_type_desc ($if_type_num)</td> </tr> <tr> <td>ifName:</td> <td>$html_if_snmp_name</td> </tr> ECHO $target_lines .= <<ECHO if defined $if_port_name; <tr> <td>Port Name:</td> <td>$if_port_name</td> </tr> ECHO $target_lines .= <<ECHO if defined $if_pp_port_name; <tr> <td>Port Name:</td> <td>$if_pp_port_name</td> </tr> ECHO $target_lines .= <<ECHO; <tr> <td>Max Speed:</td> <td>$if_speed_str</td> </tr> ECHO $target_lines .= <<ECHO if $if_ip; <tr> <td>Ip:</td> <td>$if_ip ($if_dns_name)</td> </tr> ECHO $target_lines .= <<ECHO; </table> </div> ECHO } else { $head_lines=""; $problem_lines=""; $target_lines=""; $separator_lines=""; } Template Example 2: Simplier Version of Example 1 Example 1 was partly intended to demonstrate how to customize the generation of interface targets but also to provide a hint of how the variables are used in the "default" template which one could consider that cfgmaker normally uses. If you're only intrested in the easiest way of entirely eliminating those reject interfaces, the template below would do the job as well by using $default_target_lines. if($if_ok) { $target_lines = $default_target_lines; } else { $head_lines=""; $problem_lines=""; $target_lines=""; $separator_lines=""; } Template Example 3: Creating CPU Targets for Hosts Below is an example of a host template. $head_lines .= <<ECHO; #--------------------------------------------------------------------- ECHO my $target_name = $router_name . ".cpu"; $target_lines .= <<ECHO; YLegend[$target_name]: Percentage CPU load ShortLegend[$target_name]: % Legend1[$target_name]: CPU load in % Legend2[$target_name]: Legend3[$target_name]: Max Observed CPU load Legend4[$target_name]: LegendI[$target_name]: CPU Load: LegendO[$target_name]: WithPeak[$target_name]: ywm MaxBytes[$target_name]: 100 Options[$target_name]: growright, gauge, nopercent Title[$target_name]: $router_name CPU load Target[$target_name]: 1.3.6.1.4.1.9.2.1.58.0&1.3.6.1.4.1.9.2.1.58.0:$router_connect PageTop[$target_name]: <h1>$router_name CPU load</h1> <div> <table> <tr> <td>System:</td> <td>$router_name in $html_syslocation</td> </tr> <tr> <td>Maintainer:</td> <td>$html_syscontact</td> </tr> <tr> <td>Description:</td> <td>$html_sysdescr</td> </tr> <tr> <td>Resource:</td> <td>CPU.</td> </tr> </table> </div> ECHO EXAMPLESThe first example creates a config file for router.place.xyz: the router has the community name public. Interfaces get identified by their IP number. Two global options get added to the config file. The config file gets redirected to mrtg.conf. The '\' signs at the end of the line mean that this command should be written on a single line.cfgmaker --global "WorkDir: /home/tobi" \ --global "Options[_]: growright,bits" \ --ifref=ip \ public@router.place.xyz > mrtg.cfg Note: if cfgmaker is not in your path, but you are in the directory where cfgmaker is stored, you can start it with ./cfgmaker The next example creates a config file for four devices: router1.place.xyz, router2.place.xyz, switch1.place.xyz and switch2.place.xyz all with the community public. The two routers will have --ifref set to descr whilst the two switches will use --ifref set to name. Further the routers will use --ifdesc set to alias and switch1.place.xyz will use --ifdesc set to descr whilst switch2.place.xyz use name instead. Finally, there will be two Options lines inserted in the configuration: One will be in the beginning, whilst the other will be inserted after the lines related to the two routers but before those lines related to the switches. cfgmaker --global "WorkDir: /home/tobi" \ --global "Options[_]: growright,bits" \ --ifref=descr \ --ifdesc=alias \ public@router1.place.xyz \ public@router2.place.xyz \ --global "Options[_]: growright" \ --ifref=name \ --ifdesc=descr \ public@switch1.place.xyz \ --ifdesc=name \ public@switch2.place.xyz > mrtg.cfg The next example demonstrates how to use the --community, --snmp-options and --dns-domain to make the command line simpler. All the equipment will use the community hidden, except for the ppp-server which use community access. All equipment uses these SNMP options: 1s timeout, 1 retry and SNMP version 2 (backoff and port is unspecified which means they use the default values). The exception again is the ppp-server which uses SNMP version 1. Finally, all the equipment is part of the domain place.xyz, except for the ppp-server which is part of the domain remote.place.xyz. Note that the latter is achieved simply by specifying the name of the ppp-server to be ppp-server.remote . cfgmaker --global "WorkDir: /home/tobi" \ --global "Options[_]: growright,bits" \ --dns-domain=place.xyz \ --community=hidden \ --snmp-options=::1:1::2 \ router1 \ router2 \ router3 \ router4 \ router5 \ switch1 \ switch2 \ switch3 \ switch4 \ switch5 \ switch6 \ switch7 \ access@ppp-server.remote:::::1 > mrtg.cfg SEE ALSOmrtg-referenceAUTHORTobias Oetiker <tobi@oetiker.ch> and Jakob Ilves <jakob.ilves@oracle.com>LICENSEGNU General Public LicenseCOPYRIGHTCfgmaker is Copyright 2000 by Tobias Oetiker <tobi@oetiker.ch>
Visit the GSP FreeBSD Man Page Interface. |