A. Using MRTG to Log Signal Strength and Quality on a Wireless Dachstein LEAF

Mrtg is very versatile and can log just about anything graphically. There is a great document on this at: http://www.willy.com/Scripps/mrtg-data.html.

In less than two pages, Willy describes how to log other data using mrtg. I will leverage that to document how I remotely log the signal strength and quality of my Cisco Aironet ISA-342 card.

Concepts

Snmpd has the ability to execute a command on the target system (in our case, the Dachstein firewall) and return the output (and other infomation) from the script. We will use this feature to run two short and simple scripts, checksig1 and checksig2 to output the signal strength and signal quality numbers respectively. We can then probe the respective OID for these exec commands using mrtg or for testing purposes, you could use snmpget or snmpwalk.

Details

Snmpd.conf, as provided, has closed snmpd to probes outside of the "system" subset. In order to probe the OID for the output of scripts or commands specified by "exec" in snmpd.conf, we must open up the system to such probes. If you search the snmpd.conf file suggested at the beginning of this document (http://www.dublerfamily.com/leaf/snmpd.conf) for the word CHECKSIG, you will find exactly what to comment out and what uncomment to get this working. (Once you have it up and running, you can try to make the security tighter by tightening up the OID specifier in the view setting, if you like.)

view systemview included system
# for CHECKSIG comment out the above line and uncomment the next line
#view all included .1

access notConfigGroup "" any noauth exact systemview none none
# for CHECKSIG comment out the above line and uncomment the next line
#access notConfigGroup "" any noauth exact all none none

# for CHECKSIG, uncomment the next two lines
#exec .1.3.6.1.4.1.2021.51 pete /root/checksig1
#exec .1.3.6.1.4.1.2021.52 pete /root/checksig2

The first two sets of commented lines will open up the snmpd to other probes beyond the system subset. The last set of commented lines, flagged by the word CHECKSIG, are the exec commands. Note that the complete OID for the single line of output you need for each signal strength and signal quality are specified here and that they begin with a period.

You must of course have these scripts on your system. (sorry for the grep… but I’m not that great at regular expressions). So, copy checksig1 and checksig2 to /root or wherever you would like to keep it. Make sure the permissions are set to 755.

#!/bin/sh
#
# checksig1 outputs signal strength
# OID .1.3.6.1.4.1.2021.52.101.1
cat /proc/aironet/eth0/Status | grep Signal | sed -e '2d' -e 's/[^0-9]*: //'
exit
#!/bin/sh
#
# checksig2 outputs signal quality
# OID .1.3.6.1.4.1.2021.52.101.1
cat /proc/aironet/eth0/Status | grep Signal | sed -e '1d' -e 's/[^0-9]*: //'
exit

Now, on the system that is running mrtg, you simply add the following to your mrtg.cfg file:

Target[fwsig]: .1.3.6.1.4.1.2021.51.101.1&.1.3.6.1.4.1.2021.52.101.1:public@firewall
MaxBytes[fwsig]: 80
Options[fwsig]: gauge, nopercent, growright
Title[fwsig]: Radio Signal Strength and Quality
ageTop[fwsig]: <H1>Radio Signal Strength and Quality</H1>
YLegend[fwsig]: strength/signal

(since mrtg wants to probe for two numbers, using two separate OIDs and exec works quite nicely here)

Restart mrtg on your server and check at the results in the file fwsig.html.

Hopefully you can now see how to log other things remotely using the combination of snmpd with exec, and mrtg. Good luck!