These instructions are also under development. If you need help getting pmGraph working, please contact us.
In this section we’ll cover the steps needed to successfully install pmGraph and get it running. We’ll also list the third-party software that is needed to get started.
Planning your Installation
Before you install pmGraph, it is essential to understand how you are going to capture your network traffic. Otherwise you might waste a lot of time installing it on the wrong computer.
Unless you’re already familiar with network maps, monitoring and topology, please read Chapter 3 of the Bandwidth Management Book before continuing.
pmGraph relies on pmacct to capture network traffic. They can be installed on different computers, but the simplest installation process is to put them both on the same computer. Unless you already have pmacct installed and configured, you will need to do so before you can make pmGraph do anything useful. In that case, you will need to understand how pmacct will capture your network traffic in order to configure it correctly.
Where to capture network traffic
First you need to choose where to place your sensor, which will record traffic passing through it. Usually, it is not possible or desirable to monitor every packet on your network, as the volume of local traffic can be enormous (much more than your Internet traffic) and this would place a heavy burden on your monitoring system. The sensor will be most efficient if you place it so that it only sees the traffic that you want to record and graph, and as little as possible else.
Often you are most concerned with your Internet traffic, since your Internet bandwidth is much less than your local bandwidth. In this case, you might want to place the sensor at the interconnection point, exactly where your network connects to your Internet Service Provider (ISP), and record all traffic crossing this point, which is therefore entering or leaving your domain of control (your own network).
The interconnection point may be a router, modem, bridge, firewall, switch or access point. Chapter 3 of the Bandwidth Management Book explains network monitoring in more detail.
If the interconnection point is a router, firewall or switch, then it may already be capable of monitoring traffic. For example, some routers support Netflow or sFlow, some firewalls run Unix, and some switches have monitoring ports. If your interconnection point does not have any of these, you will need to insert a new device into the network as the sensor.
pmacct has two ways to receive network traffic information:
- By sniffing traffic passing through the network ports of the computer on which it’s running. To do this, you will have to install pmacct on a router or transparent bridge on your network. If your network doesn’t have one of these, you will need to add it.
- By receiving Netflow or sFlow data from a router on your network. If your network doesn’t have a router that supports Netflow or sFlow, you will need to add one, or replace an existing router.
Network device configuration
You will probably have to do one of the following to monitor your network:
- Configure the existing router to enable Netflow or sFlow.
- Replace the existing router with one that supports Netflow or sFlow.
- Configure your existing switch to enable a monitoring port, and attach a sensor to that port.
- Replace your existing switch with one that supports monitoring ports, and attach a sensor to that switch.
- Build a Unix machine as a transparent bridge and sensor, and insert it next to your Internet router.
- Build a Unix machine as a router, and use it to replace your Internet router.
- Build a Unix machine as a router, insert it next to your Internet router, and renumber some networks.
Using Netflow or sFlow
You can use a Cisco or Juniper router to send Netflow or sFlow network accounting records to your Unix server. This removes the need to connect the Unix server directly to the point where the networks meet, as long as the router is already there, or you replace your existing router with one of these.
In this case, you will need to install and configure the nfacct component of pmacct. This usually means just running
nfacctd instead of
pmacctd. Since nfacct doesn’t support the pcap_filter directive, you will have to modify your
pmacctd.conf file manually.
You will also need to enable Netflow or sFlow on your router, and configure it to export flows to the computer where you installed pmacct (nfacctd).
Running pmacct in Promiscuous Mode
You can use pmacct to monitor passing network traffic in promiscuous mode. Most Unix servers can do this. The sensor will only see packets which pass though it, so this will only work if you combine it with either the monitoring port or the transparent bridge configurations below. It is the default configuration of pmacct generated by installing the pmGraph package.
Using a Monitoring Port
Check the manual for your switch to see if it’s a managed switch. If not, you probably won’t be able to configure it. If it has a console port, you could try connecting it to a PC using a serial null modem cable.
The process to enable a monitoring port depends on the switch. Please check the switch manual for details. You may be able to guess by navigating the web interface, or textual menus on the serial console port.
Using a Transparent Bridge
For more information about configuring a Unix machine as a transparent bridge, please see Chapter 4 of the Bandwidth Management Book, from page 130 onwards.
There are three options available for installing pmGraph:
- Use a debian package supplied by us which installs all the software needed. This is the recommended method, and the instructions are just below this section.
- Use this install script. Note: This installer will need root privileges to run.
Third-Party software included
Using this package the following software will be installed automatically:
- mysql database
- pmacct network traffic logger
- tomcat web serverWiki
- Java Sun Development Kit
Steps to install the software using the debian package
Install pmGraph using an APT repository:
1. Add the pmGraph project repository. To do so add the following lines to your /etc/apt/sources.list file
# app repository for PMGRAPH
deb http://ppa.launchpad.net/pmgraph/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/pmgraph/ppa/ubuntu lucid main
2. Import the PGP key of the repository
To import this key you will have to use the following command.
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 72318B8DAC9C70E6
The code at the end of the command is the PGP key needed for the repository.
3. Update the list of available packages:
sudo apt-get update
4. Make a search for “pmgraph”
apt-cache search pmgraph
you should receive a line like this:
pmgraph -pmGraph is a software application for network monitoring to work with pmacct
5. Download and install pmGraph
sudo apt-get install pmgraph
6. Restart Tomcat server and pmacct
sudo /etc/init.d/tomcat6 restart
- you may need to change the tomcat version depending on what you have installed.
sudo /etc/init.d/pmacct restart
7. Now you should be able to access the pmGraph page at:
For example, if you are running tomcat on the same machine as your web browser and using the default port, try to open:
8. To get pmGraph working for your network, you will need to change the parameter “LocalSubnet”. It lets pmGraph know which IPs belong to your local network.
Go to the link ‘Configure’ on your pmGraph page. Then modify the parameter LocalSubnet to make it match your local network. For example if your local network is 192.168.1.0/24 the value of the parameter has to be:
LocalSubnet = 192.168.1.
On clicking ‘Save Configuration’, this parameter will be updated both in pmGraph configuration file database.properties and pmacct config file /etc/pmacct/pmacctd.conf.
pcap_filter: not (src and dst net 10.0.156.0/24)
updated to match your local subnet which for the above example will be:
pcap_filter: not (src and dst net 192.168.1.0/24)
For security reasons you need to change the default password by editing the configuration file. This also contains other parameters which you may wish to configure.
If you have any trouble with installing pmGraph, please get in touchand let us know about it. We will try to help you out with it.
The source code for pmGraph is available on Github. We welcome pull requests with enhancements or bug fixes!