Monitoring Mikrotik with Munin
Munin is a very powerful, feature rich monitoring server based on Tobias Oetiker's RRDTool. The monitoring server runs every 5 minutes via cron and connect to various configured nodes. Each node runs a daemon listening for connections from the server, and executes a wide range of completely customisable scripts to return data to the munin server to generate graphs from.
As the backend graphing engine is based on RRDTool, any feature available in RRDTool is also available as options to Munin. The really nice thing about Munin and RRDTool, is that negative numbers can be graphed.
In this article I will explain how to install Munin as well as Munin-Node on a single server, and how to get Munin to probe your Mikrotik devices via SNMP as well as Telnet (Depending on the type of graph). I would strongly advise that time is spend reading the Munin as well as RRDTool documentation available at the web sites, so that a clear understanding can be obtained on how Munin operates and generates graphs.
Munin Server Installation and Configuration
Munin-Server is only available in Linux format. As I use Ubuntu and FreeBSD only, I will base this installation guide on a Ubuntu Linux server. Once the general packages has been installed, the configuration should however be pretty much the same to any Munin installation, regardless of the flavour of Linux preferred.
In our case, we are going to run both munin as well as munin-node on the same machine. Untill such time that (fingers crossed) we can get a munin-node integrated into Mikrotik, the node will be required to run on the same server as Munin itself for best results.
As such, and being Ubuntu, we simply install the two packages, and make sure that we meet all the requirements in terms of dependencies. Additionally, for the Mikrotik scripts below to work, we also need to install the Net::SNMP, and Net::Telnet::Cisco Perl packages.
$sudo apt-get install munin munin-node libnet-telnet-cisco-perl libnet-snmp-perl
Now that we have all that we need installed (I am presuming you have Apache / tinyHTTP Web server already installed), it's time to head off and do some basic configurations.
Configuring the Master
First things first, we need to edit the Master's configuration file, by default, /etc/munin/munin.conf. This is the file where you configure every munin-node that the master needs to poll. As we are using a simple model here, we are only going be to polling localhost, which is accessible via 127.0.0.1 (If it isn't you have bigger problems than monitoring).
Your Munin configuration should thus look something similar to below (Paths may vary on different distributions ;-) ):
dbdir /var/lib/munin/ htmldir /var/www/munin/ logdir /var/log/munin rundir /var/run/munin/ [localhost] address 127.0.0.1
dbdir will be the database where munin stores its internal state files, as well as the RRD database files
htmldir will be the directory where munin will greate the appropriate html files as well as png images
logdir keeps various log files of what munin is doing - useful when things don't go as you intended
rundir munin pid files, lock files, etc. Nothing fancy here really
Additionally, we have configured one active node which munin needs to poll. Munin will connect to 127.0.0.1 on 4949/TCP (default port that munin runs on) and pull this node for any nodes and/or scripts configured to be graphed.
Configuring the Node
Whilst Munin-Node is pretty secure out of the box, there are some basic things we need to change. Even though the node only authorizes just localhost to gather data from it, it listens by default on all IP addresses. As a security measure, we are going to alter the munin-node configuration file and ensure that we are only listening on localhost for connections from the Munin Server. As such, we need to open up /etc/munin/munin-node.conf in your faviourite editor of choice.
We need to alter the Host value in order to bind munin-node to the 127.0.0.1 address. Your config should now look like this:
#host * host 127.0.0.1
This is about all that you need to do to get Munin working. As we have modified the configurations, we need to restart the munin-node service, in Ubuntu I issue:
Apache needs access to Munin's htmldir configuration in order for you to see the pretty graphs and generated html in the browser of your choice. As such we need to configure some Alias and Directory settings in Apache's configuration. This can be done either inside a Virtual Host of your choice, or in apache's main configuration. As a example, I have elected to configure a new Apache Virtual Host which will only serve up the munin pages. The Virtual Host's configuration will be something similar to
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName monitor.example.com DocumentRoot /var/www/munin <Directory /> Options FollowSymLinks AllowOverride None </Directory> CustomLog /var/log/apache2/monitor.example.com.access.log combined ErrorLog /var/log/apache2/monitor.example.com.error.log ServerSignature On </VirtualHost>
Verify that your syntax of the Apache configuration file is correct (apache2ctl -t), and then restart your Apache web server to enable the newly configured Virtual Host
$sudo apache2ctl -t Syntax OK $sudo apache2ctl graceful $
Open up your faviourite web browser, browse to http://monitor.example.com, and you should have pretty graphs for the server on which you are running munin.