 Network
Diagramming and Monitoring with Scotty
Brent Bice
Like many open source tools, Scotty is actually a collection of
tools that have grown together. It can be used as a network-diagramming
tool in addition to an SNMP network console. After you use Scotty
to draw a network diagram, you can then use it to monitor and troubleshoot
the objects in your diagram.
Installation
You must first have Perl, gcc, and Tcl/Tk installed, then you
can download Scotty from its homepage:
http://wwwhome.cs.utwente.nl/~schoenw/scotty/
At the time of this writing, 2.1.11 is the latest stable version,
but the release of 3.0 is expected soon. After downloading Scotty,
extract, configure, and compile the source:
zcat scotty-2.1.11.tar.gz |tar xf -
cd scotty-2.1.11/unix
./configure --enable-gcc
make
make install
su
make sinstall
exit
You may want to use a --prefix=<dir> option to the configure
command to specify where you want to install Scotty if you don't
like the default location of /usr/local. If configure has trouble
finding your Tcl/Tk installation, you may need to use the --with-tcl-config=<dir>
and --with-tk-config=<dir> options. For instance, I had
to do:
./configure --enable-gcc --prefix=/usr/local/tools/scotty2.1.11 \
--with-tcl-config=/usr/local/tools/tcltk8.3.3/lib \
--with-tk-config=/usr/local/tools/tcltk8.3.3/lib
Also, if you have Tcl/Tk installed in an unusual place, you must set
up your environment appropriately before running make. This
means you need to have LD_LIBRARY_PATH set to include the lib
directories for both Tcl and Tk. You may also need to do the su
command before the first make install command if the installation
location isn't writable by you (e.g., /usr or /usr/local
are usually only writable by root).
Lastly, if you install Tcl/Tk in an unusual location or if you
install Scotty in a different location, make sure your LD_LIBRARY_PATH
and TCLLIBPATH environment variables are set correctly before
you fire up Scotty. I wrote a wrapper script that does it for me:
#!/bin/csh
# I like all my diagrams in one tidy spot
cd ~/tkined
# prepend the tcl/tk library dirs
setenv LD_LIBRARY_PATH /usr/local/tools/tcltk8.3.3/lib:$LD_LIBRARY_PATH
setenv TCLLIBPATH "/usr/local/tools/tcltk8.3.3/lib/tk8.3 \
/usr/local/tools/scotty2.1.11/lib/tnm2.1.11 \
/usr/local/tools/scotty2.1.11/lib/tkined1.4.11"
setenv PATH /usr/local/tools/scotty2.1.11/bin:$PATH
rehash
tkined1.4.11 &
Network Diagramming
Start up the network diagram part of Scotty by running tkined1.4.11
to see the interface. The left mouse button selects, the middle
mouse button moves, shift-left mouse button selects more objects
without deselecting currently selected objects, and the right mouse
button brings up a context-sensitive menu.
The frame on the left side of the tkined window is for
selecting different modes (Figure 1). The "Select" button
lets you use the mouse cursor to select items, "Resize"
allows you to resize objects, and "Text" lets you place
text objects in the window.
A square box containing a question mark (not shown in Figure 1)
is an "unknown device" object, and the default icon is
the "unknown device" icon (hence the question mark). The
icon menu will allow you to change the icon you have currently selected
for placement, or to change the icon of selected objects, which
will be described more later.
The thick line is used to draw subnets, and the thin line is used
to draw connections between subnets and devices. The squiggly cloud
is a group (there are other, more meaningful, group icons as well),
and the hand is a reference object.
I'll start with a simple example that will lead into the
more interesting aspects of Scotty. If you want to see what some
finished diagrams might look like, you can download some sample
diagrams I made of a fictitious company at ftp://ftp.persistence.com/pub/bb.zip.
To start making your own diagram, begin by selecting the thick subnet
line, then click once in the drawing panel, drag the mouse a few
inches away, and click again to finish drawing a subnet line. Click
and hold the right mouse button on this subnet object and select
"Edit all Attributes" so you can enter a name for your
subnet (e.g., "10.1.1.0/24" or "San Mateo LAN").
Next, click on the "unknown device" icon, and click
once an inch or two from your subnet to drop a device object. Use
the right mouse button again to get a menu for that object and edit
its attributes to enter the name of a device (preferably one that
has SNMP enabled). Don't worry about the IP address right now.
Click on the thin line in the mode panel and then click on the
device object and the subnet object to connect them. You can continue
adding devices and subnets, but first I'll show how to group
the device and subnet into a group object. To do this, select all
the objects you want to group. The easiest way is to select the
"Select" button on the mode panel, then click and hold
the left mouse button on the drawing panel and drag a "bounding
box" around all the objects to select.
After you've selected the objects, pull down the Structure
menu and select "Group". Notice the letters on the far
right side of the menu and you'll see that there is a "g"
next to "Group", so you could just press "g"
instead of clicking through the menu. I also use "e" and
"c" frequently to "expand" and "collapse"
groups. Now change the icon of the new group from the squiggly cloud
to something better. To do this, pull down the Icon menu and pull
right on "Group" and "Topology" and select "Bus"
while the group object is selected.
If you press "e" to expand your group, you'll see
the individual objects again but selected as one group; note the
gray line around them. You can click on them and select them individually
or you can select the entire group by clicking on the gray border.
You can also set a more useful name for your group (other than "group
0") by using the right mouse button on the gray border and
selecting "edit all attributes". Don't diagram your
entire network right now. Scotty can "Discover" networks
and do a large portion of the initial work for you, which will be
covered later in this article.
Monitoring
Besides drawing network diagrams, Scotty can perform SNMP queries
on the objects. In fact, Scotty can keep running strip charts, monitor
TCP/IP reachability, and monitor things like CPU and Disk activity
on servers running rstatd. Because you now have a small diagram
with a few real devices with real hostnames in it, let's look
at a few of those tools next. Before you can use these tools, the
objects must have IP addresses set. Pull down "Tools"
and select "IP Layout".
This tool is useful for quickly filling in the IP addresses you
left blank. As long as your device names are correct and can be
found in DNS, you can simply select all the objects, then pull down
the new IP-Layout menu and select "Set Address". It switches
the names displayed to the IP and not the name itself, but you can
switch that back with the "Set Name" function of IP-Layout.
If you prefer shortened machine names, you can also use "Unique
Names" in the IP-Layout menu. IP-Layout saves hours when you
diagram a network with hundreds of devices.
Now that the objects have real IP addresses, there are other interesting
tools to try. Pull down "Tools" and select "IP-Monitor"
and "SNMP-Monitor", then select one of your objects. If
the object represents a UNIX machine running rstatd, try
pulling down IP-Monitor and selecting "CPU activity".
Of course, you can select "Reachability" under the IP-Monitor
menu for any IP device. If the object can't be pinged,
the object will change to red, flash, and will switch back after
the object is reachable again. This reachability check is performed
once per minute by default, and can be modified with the IP-Monitor
"Set Parameter" menu.
Select a device that has SNMP enabled and pull down the "SNMP-Monitor"
menu and select "Set SNMP Parameter". If your SNMP device
has a community name other than public, you can set it here. Click
on "Accept" when you're done with the settings, then
pull down SNMP-Monitor and select "Interface Load". If
your SNMP device is answering SNMP queries and all your settings
are correct, you'll see a strip chart for every interface pop
up. Use the middle mouse button to rearrange them. If you use the
right mouse button on one, you'll see that you can change the
scale of each strip chart, too. These strip charts also update once
per minute by default.
If you get an SNMP error, check the SNMP settings in SNMP-Monitor
again. If they're correct, then check the device in question
and see if it really does have SNMP enabled. On a Cisco router,
here's what you might need to add to the config (Cisco config
fragment to enable SNMPv1 with read-only access using "public"
for the community):
snmp-server community public RO
snmp-server trap-authentication
snmp-server location San Mateo, CA
! NOTE - there are other traps you can enable too
snmp-server enable traps config
snmp-server enable traps frame-relay
snmp-server enable traps rtr
snmp-server host 10.1.2.3 public
Every vendor will have different ways to enable and configure SNMP
access, so you may have to refer to the documentation if SNMP isn't
already enabled. Scotty is supposed to support SNMP version 1, verion
2c, and version 2u, but as of this writing I've only tried SNMP
version 1.
SNMP-Monitor is useful for monitoring SNMP devices using well-known
parts of the MIB tree, such as MIB2 (or even for vendor-specific
parts of the MIB tree if you have their MIB files loaded and you
know the OID or variable name). However, if you want to explore
the MIB tree, use the MIB Browser.
Pull down Tools again and select "SNMP-Browser", then
pull down SNMP-Browser and you'll see that you can quickly
find and query specific parts of the MIB tree by pulling right on
some of the menu entries (such as MIB-2). Once you configure Scotty
to read vendor-specific MIB files, you'll see additional menu
entries.
You can also browse the MIB tree by pulling down SNMP-Browser
and selecting "MIB Browser". In the resulting window (Figure
2), you can click on the items in "<>" (such as
<mgmt>, <mib-2>, and <system>)
to navigate around the MIB tree. Once you click on something that
is a leaf in the MIB tree, you'll see another window pop up
with the results of the SNMP query. <--up--> takes
you to the previous node in the MIB tree, and <--walk-->
queries every node in the tree beyond your current position. Use
<--walk--> carefully because it can take a long time
to walk, for instance, the entire <private> branch,
even if only one device is selected. You can also select <--monitor-->
to open up a strip chart for the device variable.
To teach Scotty about a vendor's MIB branch, get the vendor-specific
MIB file or files. Find the file that contains what you'd like
to be able to see from Scotty, and then find out whether it requires
any other MIBs to be loaded first. For instance, in one of the MIB
files for a Cisco Catalyst 6506 switch, there is:
CISCO-STACK-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, IpAddress, TimeTicks,
Counter32, Counter64, NOTIFICATION-TYPE
FROM SNMPv2-SMI
DisplayString, RowStatus
FROM SNMPv2-TC
fddimibPORTSMTIndex, fddimibPORTIndex
FROM FDDI-SMT73-MIB
OwnerString, ifName, ifIndex
FROM IF-MIB
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
Unsigned32
FROM CISCO-TC
workgroup
FROM CISCO-SMI
ringStationMacAddress
FROM TOKEN-RING-RMON-MIB;
All things under "IMPORTS" are types or objects that must
already be loaded before loading this MIB file. The "FROM"
lines provide a clue to what the names of the MIB files that must
first be loaded are likely to be. Note that some of them may already
be defined in MIB files that come with Scotty. For instance, if you
look in the /usr/lib/tnm2.1.11/mibs directory, you'll
see that there are a lot of files with rfc numbers for part of their
file names. These are MIBs that are already being loaded by Scotty.
With the Cisco MIB files, you generally only need to load the MIBs
that are prefixed with "CISCO-". In this case, we need to
load CISCO-TC and CISCO-SMI before we load this MIB file.
Once you have the MIB files you want to load, cd to /usr/lib/tnm2.1.11
and if it's not already there, make the site directory. (tnm2.1.11
could be located elsewhere if you installed Scotty in a different
location, so check /usr/local/lib/tnm2.1.11 or under the
path you specified in your configure command.) In this site
directory, create a file named init.tcl. Here's a sample
file:
#
# MIBs for Livingston
#
lappend tnm(mibs) /home/bbice/mibs/livingston/le38.mib
lappend tnm(mibs) /home/bbice/mibs/livingston/le38trap.mib
#
# MIBs for VPNet
lappend tnm(mibs) vpnet3.mib
# MIBs for Cisco Catalyst 6506
lappend tnm(mibs) CISCO-SMI.my
lappend tnm(mibs) CISCO-TC.my
lappend tnm(mibs) CISCO-STACK-MIB.my
Note that lappend lines that load a file don't start with
a "/" character. If an absolute path isn't specified,
it's assumed the file you specify to lappend is in your
tnm2.1.11/mibs directory. When adding MIBs to site/init.tcl,
add them one at a time. Modify init.tcl, then use the Tools
menu to load SNMP-Browser. If you didn't see any errors in the
terminal window from which you ran tkined, then you can pull
down the SNMP-Browser and select "Delete SNMP-Browser" to
remove it, change site/init.tcl again, and reload the SNMP-Browser,
and so on, until you have all the MIBs added. You can add them all
at once, but it can sometimes make discovering the bad MIB file more
difficult.
After you have the vendor-specific MIBs loaded, the SNMP-Monitor
and SNMP-Browser tools will show you vendor-specific items, such
as air intake temperatures, the number and types of modules in your
Catalyst 6506 switch, the modem statistics for your Portmaster 3,
the number of security associations your VPNet gear has running,
and so forth. If it's in a loaded MIB, you can view, monitor,
graph, or receive traps about it with Scotty.
Finally, if you have a large network to diagram, it can be tedious
to diagram everything the first time. Scotty has a shortcut --
pull down Tools and select "IP-Discover". As of this writing,
Scotty can "discover", to a limited degree, what your
network looks like. It currently only knows how to discover Class
A, B, or C networks, which means that if your network is broken
into smaller, variable-length subnets, IP-Discovery won't be
as useful for you. This is something the next version of Scotty
may have fixed.
However, if you have a Class C network you can try it out on,
pull down IP-Discover and select "Discover IP Network".
Enter in a partial IP address, such as 10.1.110, and Scotty will
proceed to ping and SNMP query every IP address in that network.
Do not, however, do a discovery on someone else's network.
When Scotty finishes discovering the network, you'll see
a mass of objects, one or more networks, and a web of thin lines
connecting them all. Press "a" to select all the objects,
and then pull down IP-Layout and select "All of the above".
This feature strips off redundant domain names from the labels,
arranges the objects around their subnets, groups them, sets icon
types when possible, and results in a tidier diagram. You'll
still need to do some arranging and you'll want to select groups
one at a time (press "e" to expand and arrange them, then
press "c" to collapse them again), but it can save you
time and effort.
To determine which icon to set, Scotty does DNS queries to look
for HINFO records, which can tell it the hardware and OS of a device.
If your DNS server has no HINFO records, it will also try some SNMP
queries to figure out whether the device is a switch, router, bridge,
etc.
It's also possible to have one network diagram refer to another
entire network diagram using "Reference Objects". For
an example of this, see Figure 3. You'll see two network diagram
icons on a world map -- the world-view of a fictitious company,
Beltway Bandits, Inc. These diagram icons are reference objects
with the name of another .tki file set in the address attribute.
If you were able to right click on one and select "Open (new
view)" you'd see another window open up with a diagram
of that office's network.
Scotty is a great complement for other tools, such as MRTG and
RRDTool, and there are too many useful things you can do with Scotty
to cover in one article.
Resources
Scotty homepage:
http://wwwhome.cs.utwente.nl/~schoenw/scotty/
Scotty FAQ:
http://www.ibr.cs.tu-bs.de/~schoenw/scotty/faq/faq.html
Getting Started page:
http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/docs/getstart.html
Tcl and SNMP history:
http://wwwhome.cs.utwente.nl/~schoenw/scotty/tcl+snmp.html
A series of SNMP-related Web pages and Web sites
The SimpleWeb:
http://www.simpleweb.org/
The SimpleTimes:
http://www.simple-times.org/
Example diagrams:
ftp://ftp.persistence.com/pub/bb.zip
Brent Bice has worked as a programmer, network admin, or systems
admin on a variety of UNIX-based systems since 1989. He is currently
employed at Persistence Software Inc as Senior System/Network Admin
and can be reached at: bbice@persistence.com.
|
