CACTI ( 第一天課程 )1. Cacti 介紹2. Cacti 安裝

– Cacti EZ (Centos 英文 / 簡體 )• ( OS Centos 6 ; 0.8.7g ; PA-2.8 ) Syslog-ng

– Cacti ( Linux Distributions ) 10.4 版 • ( OS Ubuntu 10.4 ;0.8.7g;PA-2.9) Rsyslog 安裝 • [HOWTO] Installation Guide | Ubuntu 11.04 | Cacti | Nagio

s• http://richardkok.wordpress.com/2010/10/14/install-and-con

figure-cacti-v0-8-7g-on-ubuntu-v10-04-1-step-by-step/– Cacti ( Windows )

• (OS Windows 2008R2/ Window7;0.8.7g;PA2-8)http://forums.cacti.net/viewtopic. php?t=14946

3. 建立 Device / RRD 4. 建立管理者與使用者5. 網路設備管理

– Graph / Tree – Flow / Mac track / Router Backup / WeatherMap / Syslog

CACTI ( 第二天課程 )

1. Network 管理2. UNIX 管理

– SNMP– SSH Trust

3. WINDOWS 管理– SNMP– WMI

– POWERSHELL 4. Cacti 升級 / 備份管理

RRDRRD

Cacti 介紹• Cacti 介紹

– What is Cacti ? • An Open Source • Performance Measurement Tool & Graphing Application

1. Web-base RRD frontend Management 2. Graphing &User Right Management information in MySQL

3. SNMP / Script or Command Support

Devices

RRDRRD

SNMPSNMPWMIWMI

Script / CommandScript / Command

SNMPSNMPWMIWMI

Script / CommandScript / Command

Cacti 安裝 ( 一 )Cacti 安裝 ( 一 ) 1. Prerequisite 基本環境需求

– OS / WEB SERVER / PHP / MYSQL / NET-SNMP / RRD-TOOL2. Web SERVER 目錄調整 (DocumentRoot ->?)

– /etc/apache2/sites-available/default Ubuntu( vi /etc/httpd/conf/httpd.conf )– /var/www/cacti/include/config.php $url_path = "/"; $url_path = "/cacti/“;

3. MYSQL (3 個帳號 /2 個密碼 )– MySQLCactiUser="_cactiuser“– MySQLCactiPwd="_cactipassw"– SystemCactiUser="usercacti"– MySQLRootPwd="dbadmin"– mysqlcheck -a -c -o -r --all-databases # 進行 db 分析 / 檢查 / 最佳化 / 修復– /usr/bin/mysql_secure_installation #change password

4. Spine (Option)– yum install gcc libtool (mysql-devel net-snmp-devel autoconf automake

libtool)

Cacti 安裝 ( 二 )Cacti 安裝 ( 二 )1. CactiEZ 簡體安裝 Network / Hostname / NTP / DNS / php.ini / Change password2. Ubuntu 安裝

– Network / Hostname / NTP / DNS / php.ini / Change root password– http://forums.cacti.net/viewtopic.php?f=6&t=38633 ( 主程式 + 外掛 +spine)– http://forums.cacti.net/viewtopic.php?f=14&t=41514 (syslog)– http://blog.jsdan.com/2675 ( 微軟 yahei 字型 )– http://blog.happinesskt.idv.tw/2008/05/119 (RRD 圖中文 )

3. Windows 安裝– http://forums.cacti.net/viewtopic.php?t=14946 下載 Windows Installer – IIS & IIS CGI install 開始 -> 控制台 -> 程式集 -> 開啟或關閉 windows 功

能 ->WEB 管理工具 (IIS 管理主制台 )+World Wide Web 服務 (CGI) 打勾– Spine 升級要安裝 cygwin

http://www.cacti.net/spine_install_wincyg.php

* 補充 ubuntu 的 /lib/init 相當於其它 distribution os 的 /etc/rc.d/init.d * 補充 Remote DB (config.php . spine.conf )

CactiEZ 簡體安裝CactiEZ 簡體安裝

• password ( 預設 root / CactiEZ)• vi /etc/sysconfig/network-scripts/ifcfg-eth0

• service network restart• vi /etc/reslov.conf • vi /etc/ntpd.conf

server time.stdtime.gov.tw• service ntpd restart• ntpdate -u ntpdate -u time.stdtime.gov.tw • http://w.x.y.z

Cacti Ubuntu 10.04 安裝Cacti Ubuntu 10.04 安裝 (1 2)‧ 系統設定

• sudo passwd root ( 用 root 登入 )• vi /etc/network/interfaces• vi /etc/resolv.conf nameserver 10.1.1.1• sudo apt-get update • apt-get install ntp chkconfig -y• vi /etc/ntp.conf

server 10.1.1.2 • ntpdate -u 10.220.8.100• vi /etc/php5/apache2/php.ini (find / -name php.ini)

安裝 主程式 0.8.7g-spine0.8.7g-PA 2.9• cd ~• wget http://forums.cacti.net/download/file.php?id=22710 -O cacti_autoinstall_v0.40c.sh• wget http://forums.cacti.net/download/file.php?id=22711 -O README_CAIS_v0.40c.txt• cat ./README_CAIS_v0.40c.txt• chmod a+x cacti_autoinstall_v0.40c.sh• vi cacti_autoinstall_v0.40c.sh

echo "*/1 * * * * $SystemCactiUser php /var/www/cacti/poller.php >/dev/null 2>&1" > /etc/cron.d/cacti

ifconfig eth0 192.168.0.1 netmask 255.255.255.0route add default gw 192.168.0.254ifconfig eth0 192.168.0.1 netmask 255.255.255.0route add default gw 192.168.0.254

iface eth0 inet static address 10.1.1.1 netmask 255.255.255.0 network 10.1.1.0 broadcast 10.1.1.255 gateway 10.1.1.254

Cacti Ubuntu 10.04 安裝Cacti Ubuntu 10.04 安裝 (3)

安裝 syslog • mkdir -p /home/update• cd /home/update • wget http://docs.cacti.net/_media/plugin:syslog-v1.21-1.tgz • mv plugin\:syslog-v1.21-1.tgz aaa.tgz• tar zxvf aaa.tgz • mv syslog /var/www/cacti/plugins • cd /var/www/cacti/plugins/syslog • mysql -uroot -pdbadmin syslog < syslog.sql

• mysql -uroot -pdbadmin Mysql> GRANT ALL PRIVILEGES ON syslog.* TO _cactiuser@localhost IDENTIFIED BY

'_cactipassw' ;Mysql> flush privileges;

• apt-get install rsyslog rsyslog-mysql • vi /etc/rsyslog.conf

1- $ModLoad ommysql 2- $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host,

message) values (%syslogfacility%, %syslogpriority%, '%timer eported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL

3- *.* >localhost,syslog,_cactiuser,_cactipassw;cacti_syslogreboot

• mysql -uroot -pdbadmin use syslog; show tables; 5 項

• mysql -uroot -pdbadmin use syslog; show tables; 5 項

Cacti Ubuntu 10.04 安裝Cacti Ubuntu 10.04 安裝 (4 5)‧

安裝微軟 yahei 字型• apt-get install lynx-cur*• lynx http://www.box.net/shared/6rfdpirpku• sudo mkdir /usr/share/fonts/yahei• sudo mv msyh.ttf /usr/share/fonts/yahei• sudo chmod 755 /usr/share/fonts/yahei -R• sudo mkfontscale• sudo mkfontdir• sudo fc-cache -fv

網頁設定 /usr/share/fonts/yahei/msyh.ttf • root@ubuntu:~# fc-list• vi /var/www/cacti/lib/functions.php

<?php setlocale(LC_CTYPE, "zh_TW.UTF-8");

設定 DB / WEB SERVER 繁體• mysql -uroot -pdbadmin

mysql> ALTER DATABASE `cacti` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

mysql> Exit;

Cacti Windows 安裝Cacti Windows 安裝 (1)

Web: admin / cactipwDB: root / cacti

Cacti Windows 安裝 (2)

Cacti Windows 安裝

啟動資料庫開啟 browser

SNMP stores information in a virtual database called a Management Information Base (MIB). The database is hierarchical (tree-structured) and entries are addressed through object identifiers (OID). The following SNMP table output shows this structure:

.1.3.6.1.2.1.25.3.8.1.1.1 = INTEGER: 1

.1.3.6.1.2.1.25.3.8.1.1.2 = INTEGER: 2

1. SNMPv1 - does not have any encryption and only uses a community string to identify the management station, and even then it is transmitted in clear text. As a result, SNMPv1 is a very insecure protocol because SetRequests can be used to reconfigure network equipment if improperly configured.

2. SNMPv2(c) - addresses some of the shortcomings of the SNMPv1 protocol by introducing two new protocol data units: GetBulkRequests and InformRequest.

3. SNMPv3 - does not add new operations or enhancements to the MIB, but addresses the security problems of SNMPv1 and SNMPv2c. It can be seen as SNMPv2c plus additional security, as it allows message encryption and strong authentication of senders.

SNMP (Simple Network Management Protocol)SNMP Protocol ( 一 )

SNMP (Simple Network Management Protocol)

1. Standardized 2. Universally supported3. Extendible 4. Portable 5. allows distributed management access6. lightweight protocol

只是利用 SNMP or Ping 確認主機是否 HostDown ( 存活 ) Source IP Destination IP Flows Bytes Packets

10.0.2.3 10.200.50.41 1437 71.62 KB 143810.200.50.41 10.0.2.3 2874 143.54 KB 2882

-> 24 小時使用 上 / 下載 流量 71.62/143.54 KB 說明 : -> 單一主機監控 24 個項目

Source IP Destination IP Flows Bytes Packets 10.0.2.51 10. 200.50.41 16658 3.46 MB 41090 10.200.50.41 10.0.2.51 33398 6.17 MB 82334 -> 24 小時使用 上 / 下載 流量 3.46/6.17 MByte -> 每小時約 144/257 Kbyte

說明 : -> 單一主機監控 3 個項目 Source IP Destination IP Flows Bytes Packets

ath09.unix 10.200.50.41 2874 665.39 KB 4598 10.200.50.41 ath09.unix 5756 742.57 KB 9210

-> 24 小時使用 上 / 下載 流量 665.39/742.57 KB

SNMP Protocol ( 二 )

RRD 資料庫• The Round Robin Database • RRD files store data in a fixed size file • Using a First In, First Out (FIFO) methodology• Different Round Robin Archives (RRA) are defined within a single RRD file. • These RRAs usually consist of daily, weekly, monthly, and yearly archives

rrdtool create test.rrd --step 300 \ DS:data:GAUGE:600:U:U \ RRA:AVERAGE:0.5:1:16 \ RRA:AVERAGE:0.5:4:16 \ RRA:AVERAGE:0.5:12:16

RRD-CreateRRD / RRA ( 一 )

rrdtool graph data1.png \--title "Interface Speed" \--start 1318216831 \--end 1318260031 \--vertical-label bps \DEF:intspeed=data1.rrd:data:AVERAGE \CDEF:isGreen=intspeed,0,50,LIMIT \HRULE:50#C0C0C0FF:"Threshold ( 50 )\n" \AREA:intspeed#FF0000:"Over Threshold\n" \AREA:isGreen#00FF00:"Interface eth0" \GPRINT:intspeed:LAST:"Current\:%8.0lf" \GPRINT:intspeed:AVERAGE:"Average\:%8.0lf" \GPRINT:intspeed:MAX:"Maximum\:%8.0lf\n"

RRD- 補充 ( 二 ) RRD / RRA ( 二 )

1. Cisco Router / Switch Configuration– C3750(config)#snmp-server community 1234 ro– root@ubuntu:~# snmpwalk -c ytmisrt -v2c 10.227.130.254

2. Console->Devices– Add / Delete / Disable / Modify / Tree – (Availability / Reach ability Options)

• Console->Settings->Poller->Host Up/Down Settings • Console->Settings->Poller->Host Availability Settings

– (SNMP Options) • Console ->Settings->SNMP Defaults

3. Console ->Host Templates – Associated Data Queries+Associated Graph Templates

4. Create Graphs for this Host – Data Source (RRD-Raw Data Management)– Graphs (Graph Management )

5. Add a Tree – Sub Tree – Management / User Right / Relation

Monitor Traffic( 一 )Add Device

1. Data Input Method – Simple Data Input (SNMP)– SNMP Data Input Method – Script / Command Data Input Method

2. Associated Data Queries 定義– None– Uptime Goes Backwards – Index Count Changed– Verify All Fields

Monitor Traffic( 二 )Data Input

1. Template ( 官網 )2. Other / Custom

– http://forums.cacti.net– Scripts and Templates

3. Import template / Export template– Graph Template / Data Template / Data Query– Old -> New (ex: 0.8.7e->0.8.7g ) OK– Delete Template … 要小心

4. 調整圖形模組 – Add Description – <

Monitor Traffic( 三 )Import Module

1. CDEF(Status) +THOLD

2. CDEF (Status) Graph

Monitor Traffic( 四 )CDEF

Monitor Traffic( 四 )CDEF( 補 )http://forums.cacti.net/viewtopic.php?

f=5&t=43923&hilit=CDEF+color+changehttp://forums.cacti.net/viewtopic.php?f=12&t=31669

– Eq 等於– Ne 不等於 – Lt 小於– Gt 大於– Le 小於或等於– Ge 大於或等於

CDEF=a,1,GT,a,UNKN,IF,1,+表示 if a<=1 -> a=a+1 or unknow因此要拿掉 ,1,+ , 這是 up 的

CDEF=a,1,LE,a,UNKN,IF,1,+表示 if a<=1 -> a=a+1 or unknow因此要拿掉 ,1,+ , 這是 up 的

Monitor Traffic( 五 )THOLD1. Threshold 設定

– Console -> Threshold – Console -> Data Sources – Graph – Thold

2. Threshold Template– 單一類型可以多個 Range– 有關連性。一旦移除 -> 無法回復– 可以套用給 Device / DS / Graph

1. Console -> Settings-> Mail/DNS• PHP Mail() Function vi /etc/php.ini

install sendmail• SMTP

2. 發送測試信件

Monitor Traffic( 六 )Mail Relay

Monitor Traffic( 七 )WeatherMap1. vi /etc/apache2/httpd.conf 全部 #<Directory /var/www/cacti/plugins/weathermap> # 全部 # </Directory>2. chown usercacti:www-data <cacti>/plugins/weathermap3. chmod 770 <cacti>/plugins/weathermap/config

1. Console->User Management– Add ( copy & batch copy ) (Shell)

• User Right • Monitor Graph

– Delete– Modify ( Change passed…)

Local LDAP & Web Server …

2. Console-> System Utilities->View User Log

3. Superlink

User ManagementUSER Management

1. Host Down 訊息通知2. Console -> Settings -> Misc

– 可以發出聲音 ( 也可以換聲音 )– 可以換顯示方式– 可以點選主機

3. Monitor / Disable 不同

Monitor(1.2)

1. 至官網下載 flowview 1.0 http://docs.cacti.net/plugin:flowview 放在 /cacti/plugins

2. mysql cacti < flowview.sql 3.3. chown -R usercacti:www-data flowview/*chown -R usercacti:www-data flowview/*4. 網頁啟動 5. 檢查與設定檔案存放資料夾 : Console -> Settings ->Paths Default -> /var/netflow/flows/completed/

syslog-(1.21)Flow(1.1)

6. 網頁 Flows->Listeners7. 主機安裝 flow-tools (apt-get install flow-tool*)8. 主機設定 /usr/bin/flow-capture -w

/var/netflow/flows/completed/C2821 0/0/2821 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1

/usr/bin/flow-capture -w /var/netflow/flows/completed/C7206 0/0/7206 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1

加入主機 /etc/rc.local 開機自動啟動9. 檢查 flow 資料是否進入 ? /var/netflow/flows/….10. 網頁管理 / 設定 -bug (10/14)

Flowview 1.0Flow(1.1)

Flowview 1.0Flow(1.2)Router Command-----------------------------(config)# ip flow-cache timeout active 5(config)# ip flow-export source(config)# GigabitEthernet0/1(config)# ip flow-export version 5(config)# ip flow-export destination IP Port(config)# ip flow-top-talkers(config)# top 50(config)# sort-by bytes介面 -----------------------------------------------(config-if)# ip flow ingress(config-if)# ip flow egressOR (config-if)# ip route-cache flow 指令 -----------------------------------------------#sh ip flow-top-talker

Flow(1.2)/usr/bin/flow-cat -t "10/24/2011 09:16:28" -T "10/25/2011 09:16:28" /var/netflow/flows/completed/C3845 /var/netflow/flows/completed/C3845 | /usr/bin/flow-nfilter -f /tmp/1234 -FFlowViewer_filter | /usr/bin/flow-stat -f8 -S2 |head -n 1000 >> flow03.txt

Mactrack http://10.216.7.11 php mactrack_scanner.php -f -dAggregate http://10.220.8.222Cycle http://10.216.7.13/cactiSyslog http://10.220.8.221Clog http://10.216.7.13/cactiWeatherMap http://10.220.8.222RouterConfig http://10.216.7.13/cacti http://www.linuxidc.com/Linux/2010-08/27921.htmSuperlink http://10.216.7.13/cactiDiscovery http://10.216.7.11

Cacti 官網介紹Other Plugins

Cacti websiteThe main Cacti website provides the latest patches as well as lots of other useful information at:

http://www.cacti.netDownload Spine & PA & & … / Document / Forum

SpineSpine is a high performance poller which, by far, exceeds the performance of the original cmd.php. You can find the latest spine version at:

http://www.cacti.net/spine_download.php

Cacti bug reportingIf you find a bug in Cacti, and the community in the forums can confirm it, you should post a bug ticket in their tracker at:

http://bugs.cacti.net/

Cacti Users' siteThe Cacti Users' site provides some additional plugins, as well as the CactiEZ ISO images.

http://www.cactiusers.org/

Cacti 官網介紹Cacti 官網介紹

Cacti 目錄說明Cli -> reindex / useadd / repair dbDocs -> http://IP/docs/html/Image->logoInclude->config.phpInstall LibLogResourceRRAScripts

1. vi /etc/logrotate.d/cactilog2. Insert the following code:/var/www/cacti/log/cacti.log { daily rotate 7 copytruncate compress notifempty missingok}logrotate /etc/logrotate.conf -v

Cacti 備份Backupmkdir –p /home/backup/cactivi /var/www/cacti/backup.sh

#!/bin/shPATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/binexport PATHday=`date +%Y-%m-%d`

mysqldump -l --add-drop-table cacti > /home/backup/Cacti/mysql.cacti."$day"mysqldump -l --add-drop-table syslog > /home/backup/Cacti/mysql.syslog."$day"

tar -jcvf /home/backup/Cacti/html."$day".tar.bz2 --exclude=/var/www/html/rra* --exclude=/var/www/html/log* /var/www/htmlcp /var/spool/cron/root /home/backup/Cacti/root."$day“

find /home/backup/Cacti/* -type f -mtime +15 -exec rm -fr {} \; > /dev/null 2>&1