CACTI 第一天課程 1 Cacti 介紹 2 Cacti 安裝

CACTI (第一天課程) 1. Cacti 介紹 2. Cacti 安裝 – – – Cacti EZ (Centos 英文/簡體) • ( OS Centos 6 ; 0. 8. 7 g ; PA-2. 8 ) Syslog-ng Cacti ( Linux Distributions ) 10. 4 版 • ( OS Ubuntu 10. 4 ; 0. 8. 7 g; PA-2. 9) Rsyslog 安裝 • [HOWTO] Installation Guide | Ubuntu 11. 04 | Cacti | Nagios • http: //richardkok. wordpress. com/2010/10/14/install-andconfigure-cacti-v 0 -8 -7 g-on-ubuntu-v 10 -04 -1 -step-by-step/ Cacti ( Windows ) • (OS Windows 2008 R 2/ Window 7; 0. 8. 7 g; PA 2 -8) http: //forums. cacti. net/viewtopic. php? t=14946 3. 建立 Device / RRD 4. 建立管理者與使用者 5. 網路設備管理 – – Graph / Tree Flow / Mac track / Router Backup / Weather. Map / Syslog

CACTI (第二天課程) 1. Network 管理 2. UNIX 管理 – – SNMP SSH Trust 3. WINDOWS 管理 – – SNMP WMI – POWERSHELL 4. Cacti 升級/備份管理

Cacti 介紹 • Cacti 介紹 – What is Cacti ? • • An Open Source Performance Measurement Tool & Graphing Application 1. 2. 3. Web-base RRD frontend Management Graphing &User Right Management information in My. SQL SNMP / Script or Command Support SNMP WMI RRD Script / Command Devices

Cacti 安裝(一) Cacti 安裝 (一) 1. Prerequisite基本環境需求 – OS / WEB SERVER / PHP / MYSQL / NET-SNMP / RRD-TOOL 2. Web SERVER 目錄調整 (Document. Root ->? ) – /etc/apache 2/sites-available/default Ubuntu( vi /etc/httpd/conf/httpd. conf ) – /var/www/cacti/include/config. php $url_path = "/"; $url_path = "/cacti/“; 3. MYSQL (3個帳號/2個密碼) – My. SQLCacti. User="_cactiuser“ – My. SQLCacti. Pwd="_cactipassw" – System. Cacti. User="usercacti" – My. SQLRoot. Pwd="dbadmin" – mysqlcheck -a -c -o -r --all-databases #進行 db 分析/檢查/最佳化/修復 – /usr/bin/mysql_secure_installation #change password 4. Spine (Option) – yum install gcc libtool (mysql-devel net-snmp-devel autoconf automake libtool)

Cacti 安裝(二) Cacti 安裝 (二) 1. 2. 3. Cacti. EZ 簡體安裝 Network / Hostname / NTP / DNS / php. ini / Change password Ubuntu 安裝 – Network / Hostname / NTP / DNS / php. ini / Change root password – http: //forums. cacti. net/viewtopic. php? f=6&t=38633 (主程式+外掛+spine) – http: //forums. cacti. net/viewtopic. php? f=14&t=41514 (syslog) – http: //blog. jsdan. com/2675 (微軟yahei 字型) – http: //blog. happinesskt. idv. tw/2008/05/119 (RRD 圖中文) Windows 安裝 – http: //forums. cacti. net/viewtopic. php? t=14946 下載 Windows Installer – IIS & IIS CGI install 開始->控制台->程式集->開啟或關閉windows 功能>WEB 管理具(IIS管理主制台)+World Wide Web服務(CGI)打勾 – Spine 升級要安裝 cygwin http: //www. cacti. net/spine_install_wincyg. php *補充 ubuntu 的 /lib/init 相當於其它 distribution os 的 /etc/rc. d/init. d *補充 Remote DB (config. php. spine. conf )

Cacti. EZ 簡體安裝 • password (預設 root / Cacti. EZ) • vi /etc/sysconfig/network-scripts/ifcfg-eth 0 • service network restart • vi /etc/reslov. conf • vi /etc/ntpd. conf server time. stdtime. gov. tw • service ntpd restart • ntpdate -u time. stdtime. gov. tw • http: //w. x. y. z

Cacti Ubuntu 10. 04 安裝(1‧ 2) 系統設定 • • iface eth 0 inet static address 10. 1. 1. 1 netmask 255. 0 network 10. 1. 1. 0 broadcast 10. 1. 1. 255 gateway 10. 1. 1. 254 sudo passwd root ( 用 root 登入) vi /etc/network/interfaces vi /etc/resolv. conf nameserver 10. 1. 1. 1 sudo apt-get update apt-get install ntp chkconfig -y vi /etc/ntp. conf ifconfig eth 0 192. 168. 0. 1 netmask 255. 0 server 10. 1. 1. 2 route add default gw 192. 168. 0. 254 ntpdate -u 10. 220. 8. 100 vi /etc/php 5/apache 2/php. ini (find / -name php. ini) 安裝主程式 0. 8. 7 g-spine 0. 8. 7 g-PA 2. 9 • • • cd ~ wget http: //forums. cacti. net/download/file. php? id=22710 -O cacti_autoinstall_v 0. 40 c. sh wget http: //forums. cacti. net/download/file. php? id=22711 -O README_CAIS_v 0. 40 c. txt cat. /README_CAIS_v 0. 40 c. txt chmod a+x cacti_autoinstall_v 0. 40 c. sh vi cacti_autoinstall_v 0. 40 c. sh echo "*/1 * * $System. Cacti. User php /var/www/cacti/poller. php >/dev/null 2>&1" > /etc/cron. d/cacti

Cacti Ubuntu 10. 04 安裝(3) 安裝 syslog • • • mkdir -p /home/update cd /home/update wget http: //docs. cacti. net/_media/plugin: syslog-v 1. 21 -1. tgz mv plugin: syslog-v 1. 21 -1. tgz aaa. tgz tar zxvf aaa. tgz mv syslog /var/www/cacti/plugins • mysql -uroot -pdbadmin cd /var/www/cacti/plugins/syslog use syslog; mysql -uroot -pdbadmin syslog < syslog. sql show tables; 5項 mysql -uroot -pdbadmin Mysql> GRANT ALL PRIVILEGES ON syslog. * TO _cactiuser@localhost IDENTIFIED BY '_cactipassw' ; Mysql> flush privileges; apt-get install rsyslog-mysql vi /etc/rsyslog. conf 1 - $Mod. Load ommysql 2 - $template cacti_syslog, "INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timer eported: : : datemysql%', '%timereported: : : date-mysql%', '%HOSTNAME%', '%msg%')", SQL 3 - *. * >localhost, syslog, _cactiuser, _cactipassw; cacti_syslog reboot

Cacti Ubuntu 10. 04 安裝(4‧ 5) 安裝微軟yahei 字型 • • apt-get install lynx-cur* lynx http: //www. box. net/shared/6 rfdpirpku sudo mkdir /usr/share/fonts/yahei sudo mv msyh. ttf /usr/share/fonts/yahei sudo chmod 755 /usr/share/fonts/yahei -R sudo mkfontscale sudo mkfontdir sudo fc-cache -fv 網頁設定 /usr/share/fonts/yahei/msyh. ttf • • root@ubuntu: ~# fc-list vi /var/www/cacti/lib/functions. php <? php setlocale(LC_CTYPE, "zh_TW. UTF-8"); 設定 DB / WEB SERVER 繁體 • mysql -uroot -pdbadmin mysql> ALTER DATABASE `cacti` DEFAULT CHARACTER SET utf 8 COLLATE utf 8_general_ci; mysql> Exit;

Cacti Windows 安裝(1) Web: admin / cactipw DB: root / cacti

Cacti Windows 安裝(2) 啟動資料庫開啟 browser

SNMP (Simple Network Management Protocol) SNMP Protocol (一) SNMP stores information in a virtual database called a Management Information Base (MIB). The database is hierarchical (tree-structured) and entries are addressed through object identifiers (OID). The following SNMP table output shows this structure: . 1. 3. 6. 1. 25. 3. 8. 1. 1. 1 = INTEGER: 1. 1. 3. 6. 1. 25. 3. 8. 1. 1. 2 = INTEGER: 2 1. 2. 3. SNMPv 1 - does not have any encryption and only uses a community string to identify the management station, and even then it is transmitted in clear text. As a result, SNMPv 1 is a very insecure protocol because Set. Requests can be used to reconfigure network equipment if improperly configured. SNMPv 2(c) - addresses some of the shortcomings of the SNMPv 1 protocol by introducing two new protocol data units: Get. Bulk. Requests and Inform. Request. SNMPv 3 - does not add new operations or enhancements to the MIB, but addresses the security problems of SNMPv 1 and SNMPv 2 c. It can be seen as SNMPv 2 c plus additional security, as it allows message encryption and strong authentication of senders.

SNMP (Simple Network Management Protocol) SNMP Protocol (二) 1. 2. 3. 4. 5. 6. Standardized Universally supported Extendible Portable allows distributed management access lightweight protocol p 只是利用 SNMP or Ping 確認主機是否 Host. Down (存活) Source IP Destination IP Flows Bytes Packets 10. 0. 2. 3 10. 200. 50. 41 1437 71. 62 KB 1438 10. 200. 50. 41 10. 0. 2. 3 2874 143. 54 KB 2882 -> 24小時使用上/下載流量 71. 62/143. 54 KB p 說明: -> 單一主機監控 24個項目 Source IP Destination IP Flows Bytes Packets 10. 0. 2. 51 10. 200. 50. 41 16658 3. 46 MB 41090 10. 200. 50. 41 10. 0. 2. 51 33398 6. 17 MB 82334 -> 24小時使用上/下載流量 3. 46/6. 17 MByte -> 每小時約 144/257 Kbyte p 說明: -> 單一主機監控 3個項目 Source IP Destination IP Flows Bytes Packets ath 09. unix 10. 200. 50. 41 2874 665. 39 KB 4598 10. 200. 50. 41 ath 09. unix 5756 742. 57 KB 9210 -> 24小時使用上/下載流量 665. 39/742. 57 KB

RRD-Create RRD / RRA (一) RRD 資料庫 • The Round Robin Database • RRD files store data in a fixed size file • Using a First In, First Out (FIFO) methodology • Different Round Robin Archives (RRA) are defined within a single RRD file. • These RRAs usually consist of daily, weekly, monthly, and yearly archives rrdtool create test. rrd --step 300 DS: data: GAUGE: 600: U: U RRA: AVERAGE: 0. 5: 1: 16 RRA: AVERAGE: 0. 5: 4: 16 RRA: AVERAGE: 0. 5: 12: 16

RRD-補充(二) RRD / RRA (二) rrdtool graph data 1. png --title "Interface Speed" --start 1318216831 --end 1318260031 --vertical-label bps DEF: intspeed=data 1. rrd: data: AVERAGE CDEF: is. Green=intspeed, 0, 50, LIMIT HRULE: 50#C 0 C 0 C 0 FF: "Threshold ( 50 )n" AREA: intspeed#FF 0000: "Over Thresholdn" AREA: is. Green#00 FF 00: "Interface eth 0" GPRINT: intspeed: LAST: "Current: %8. 0 lf" GPRINT: intspeed: AVERAGE: "Average: %8. 0 lf" GPRINT: intspeed: MAX: "Maximum: %8. 0 lfn"

Monitor Traffic(一)Add Device 1. Cisco Router / Switch Configuration – – 2. C 3750(config)#snmp-server community 1234 ro root@ubuntu: ~# snmpwalk -c ytmisrt -v 2 c 10. 227. 130. 254 Console->Devices – – Add / Delete / Disable / Modify / Tree (Availability / Reach ability Options) • • – (SNMP Options) • 3. Associated Data Queries+Associated Graph Templates Create Graphs for this Host – – 5. Console ->Settings->SNMP Defaults Console ->Host Templates – 4. Console->Settings->Poller->Host Up/Down Settings Console->Settings->Poller->Host Availability Settings Data Source (RRD-Raw Data Management) Graphs (Graph Management ) Add a Tree – – Sub Tree Management / User Right / Relation

Monitor Traffic(二)Data Input 1. Data Input Method – – – 2. Simple Data Input (SNMP) SNMP Data Input Method Script / Command Data Input Method Associated Data Queries 定義 – – None Uptime Goes Backwards Index Count Changed Verify All Fields

Monitor Traffic(三)Import Module 1. 2. Template (官網) Other / Custom – http: //forums. cacti. net – Scripts and Templates 3. Import template / Export template – Graph Template / Data Query – Old -> New (ex: 0. 8. 7 e->0. 8. 7 g ) OK – Delete Template …要小心 4. 調整圖形模組 – Add Description – <

Monitor Traffic(四)CDEF 1. CDEF(Status) +THOLD 2. CDEF (Status) Graph

Monitor Traffic(四)CDEF(補) http: //forums. cacti. net/viewtopic. php? f=5&t=43923&hilit=CDEF+color +change http: //forums. cacti. net/viewtopic. php? f=12&t=31669 – – – Eq 等於 Ne 不等於 Lt 小於 Gt 大於 Le 小於或等於 Ge 大於或等於 CDEF=a, 1, LE, a, UNKN, IF, 1, + 表示 if a<=1 -> a=a+1 or unknow 因此要拿掉 , 1, + , 這是 up 的 CDEF=a, 1, GT, a, UNKN, IF, 1, + 表示 if a<=1 -> a=a+1 or unknow 因此要拿掉 , 1, + , 這是 up 的

Monitor Traffic(五)THOLD 1. Threshold 設定 – – 2. Console -> Threshold Console -> Data Sources Graph Thold Threshold Template – – – 單一類型可以多個 Range 有關連性。一旦移除->無法回復可以套用給 Device / DS / Graph

Monitor Traffic(六)Mail Relay 1. Console -> Settings-> Mail/DNS • PHP Mail() Function vi /etc/php. ini install sendmail • SMTP 2. 發送測試信件

Monitor Traffic(七)Weather. Map 1. vi /etc/apache 2/httpd. conf 全部# <Directory /var/www/cacti/plugins/weathermap> # 全部# </Directory> 2. chown usercacti: www-data <cacti>/plugins/weathermap 3. chmod 770 <cacti>/plugins/weathermap/config

User Management USER Management 1. Console->User Management – Add ( copy & batch copy ) (Shell) • • – – User Right Monitor Graph Delete Modify ( Change passed…) Local LDAP & Web Server … 2. Console-> System Utilities->View User Log 3. Superlink

Monitor(1. 2) 1. 2. Host Down 訊息通知 Console -> Settings -> Misc – – – 3. 可以發出聲音(也可以換聲音) 可以換顯示方式可以點選主機 Monitor / Disable 不同

syslog-(1. 21) Flow(1. 1) 1. 至官網下載 flowview 1. 0 http: //docs. cacti. net/plugin: flowview 放在 /cacti/plugins 2. mysql cacti < flowview. sql 3. chown -R usercacti: www-data flowview/* 4. 網頁啟動 5. 檢查與設定檔案存放資料夾 : Console -> Settings ->Paths Default -> /var/netflow/flows/completed/

Flowview 1. 0 Flow(1. 1) 6. 7. 8. 網頁 Flows->Listeners 主機安裝 flow-tools (apt-get install flow-tool*) 主機設定 /usr/bin/flow-capture -w /var/netflow/flows/completed/C 2821 0/0/2821 -S 5 -V 5 -z 9 -n 1439 -e 43200 -N -1 /usr/bin/flow-capture -w /var/netflow/flows/completed/C 7206 0/0/7206 -S 5 -V 5 -z 9 -n 1439 -e 43200 -N -1 加入主機 /etc/rc. local 開機自動啟動 9. 檢查 flow 資料是否進入? /var/netflow/flows/…. 10. 網頁管理/設定-bug (10/14)

Flowview 1. 0 Flow(1. 2) Router Command--------------(config)# ip flow-cache timeout active 5 (config)# ip flow-export source (config)# Gigabit. Ethernet 0/1 (config)# ip flow-export version 5 (config)# ip flow-export destination IP Port (config)# ip flow-top-talkers (config)# top 50 (config)# sort-by bytes 介面-----------------------(config-if)# ip flow ingress (config-if)# ip flow egress OR (config-if)# ip route-cache flow 指令-----------------------#sh ip flow-top-talker

Flow(1. 2) /usr/bin/flow-cat -t "10/24/2011 09: 16: 28" -T "10/25/2011 09: 16: 28" /var/netflow/flows/completed/C 3845 | /usr/bin/flow-nfilter -f /tmp/1234 -FFlow. Viewer_filter | /usr/bin/flow-stat -f 8 -S 2 |head -n 1000 >> flow 03. txt

Cacti 官網介紹 Other Plugins Mactrack http: //10. 216. 7. 11 php mactrack_scanner. php -f -d Aggregate http: //10. 220. 8. 222 Cycle http: //10. 216. 7. 13/cacti Syslog http: //10. 220. 8. 221 Clog http: //10. 216. 7. 13/cacti Weather. Map http: //10. 220. 8. 222 Router. Config http: //10. 216. 7. 13/cacti http: //www. linuxidc. com/Linux/2010 -08/27921. htm Superlink http: //10. 216. 7. 13/cacti Discovery http: //10. 216. 7. 11

Cacti 官網介紹 Cacti website The main Cacti website provides the latest patches as well as lots of other useful information at: http: //www. cacti. net Download Spine & PA & & … / Document / Forum Spine is a high performance poller which, by far, exceeds the performance of the original cmd. php. You can find the latest spine version at: http: //www. cacti. net/spine_download. php Cacti bug reporting If you find a bug in Cacti, and the community in the forums can confirm it, you should post a bug ticket in their tracker at: http: //bugs. cacti. net/ Cacti Users' site The Cacti Users' site provides some additional plugins, as well as the Cacti. EZ ISO images. http: //www. cactiusers. org/

Cacti 目錄說明 Cli -> reindex / useadd / repair db Docs -> http: //IP/docs/html/ Image->logo Include->config. php Install Lib 1. vi /etc/logrotate. d/cactilog Log 2. Insert the following code: Resource /var/www/cacti/log/cacti. log { RRA daily rotate 7 Scripts copytruncate compress notifempty missingok } logrotate /etc/logrotate. conf -v

Backup Cacti 備份 mkdir –p /home/backup/cacti vi /var/www/cacti/backup. sh #!/bin/sh PATH=/bin: /sbin: /usr/sbin: /usr/local/sbin: ~/bin export PATH day=`date +%Y-%m-%d` mysqldump -l --add-drop-table cacti > /home/backup/Cacti/mysql. cacti. "$day" mysqldump -l --add-drop-table syslog > /home/backup/Cacti/mysql. syslog. "$day" tar -jcvf /home/backup/Cacti/html. "$day". tar. bz 2 --exclude=/var/www/html/rra* -exclude=/var/www/html/log* /var/www/html cp /var/spool/cron/root /home/backup/Cacti/root. "$day“ find /home/backup/Cacti/* -type f -mtime +15 -exec rm -fr {} ; > /dev/null 2>&1