CACTI (第一天課程) 1. Cacti 介紹 2. Cacti 安裝 – – – Cacti EZ (Centos 英文/簡體) • ( OS Centos 6 ; 0.8.7g ; PA-2.8 ) Syslog-ng Cacti ( Linux Distributions ) 10.4 版 • ( OS Ubuntu 10.4 ;0.8.7g;PA-2.9) Rsyslog 安裝 • [HOWTO] Installation Guide | Ubuntu 11.04 | Cacti | Nagios • http://richardkok.wordpress.com/2010/10/14/install-andconfigure-cacti-v0-8-7g-on-ubuntu-v10-04-1-step-by-step/ Cacti ( Windows ) • (OS Windows 2008R2/ Window7;0.8.7g;PA2-8) http://forums.cacti.net/viewtopic. php?t=14946 3. 建立 Device / RRD 4. 建立管理者與使用者 5. 網路設備管理 – – Graph / Tree Flow / Mac track / Router Backup / WeatherMap / Syslog CACTI (第二天課程) 1. Network 管理 2. UNIX 管理 – – SNMP SSH Trust 3. WINDOWS 管理 – – SNMP WMI – POWERSHELL 4. Cacti 升級/備份管理 Cacti 介紹 • Cacti 介紹 – What is Cacti ? • • An Open Source Performance Measurement Tool & Graphing Application Cacti uses a cron/at-based poller to gather data from 1. Web-base RRD frontend Management 2. Graphing &User Round Right Management information in MySQL different sources, Robin Database (RRD) files to 3. SNMP / Script or Command Supportdatabase to store store the polled data, and a MySQL the systems configuration. The primary user interface is a PHP web application that allows for easy management of all aspects of the system, as well as automatic display mechanisms for viewing the graphs. SNMP WMI RRD RRD Script / Command Devices Cacti 安裝(一) Cacti 安裝 (一) 1. 2. 3. 4. Prerequisite基本環境需求 – OS / WEB SERVER / PHP / MYSQL / NET-SNMP / RRD-TOOL Web SERVER 目錄調整 (DocumentRoot ->?) – /etc/apache2/sites-available/default Ubuntu( vi /etc/httpd/conf/httpd.conf ) – /var/www/cacti/include/config.php $url_path = "/"; $url_path = "/cacti/“; MYSQL (3個帳號/2個密碼) – MySQLCactiUser="_cactiuser“ – MySQLCactiPwd="_cactipassw" – SystemCactiUser="usercacti" – MySQLRootPwd="dbadmin" – mysqlcheck -a -c -o -r --all-databases #進行 db 分析/檢查/最佳化/修復 – /usr/bin/mysql_secure_installation #change password Spine (Option) – yum install gcc libtool (mysql-devel net-snmp-devel autoconf automake libtool) Cacti 安裝(二) Cacti 安裝 (二) 1. 2. 3. CactiEZ 簡體安裝 Network / Hostname / NTP / DNS / php.ini / Change password Ubuntu 安裝 – Network / Hostname / NTP / DNS / php.ini / Change root password – http://forums.cacti.net/viewtopic.php?f=6&t=38633 (主程式+外掛+spine) – http://forums.cacti.net/viewtopic.php?f=14&t=41514 (syslog) – http://blog.jsdan.com/2675 (微軟yahei 字型) – http://blog.happinesskt.idv.tw/2008/05/119 (RRD 圖中文) Windows 安裝 – http://forums.cacti.net/viewtopic.php?t=14946 下載 Windows Installer – IIS & IIS CGI install 開始->控制台->程式集->開啟或關閉windows 功能>WEB 管理工具(IIS管理主制台)+World Wide Web服務(CGI)打勾 – Spine 升級要安裝 cygwin http://www.cacti.net/spine_install_wincyg.php *補充 ubuntu 的 /lib/init 相當於其它 distribution os 的 /etc/rc.d/init.d *補充 Remote DB (config.php . spine.conf ) CactiEZ 簡體安裝 CactiEZ 簡體安裝 • password (預設 root / CactiEZ) • vi /etc/sysconfig/network-scripts/ifcfg-eth0 • service network restart • vi /etc/reslov.conf • vi /etc/ntpd.conf server time.stdtime.gov.tw • service ntpd restart • ntpdate -u ntpdate -u time.stdtime.gov.tw • http://w.x.y.z Cacti Ubuntu 10.04 安裝 Cacti Ubuntu 10.04 安裝(1‧2) 系統設定 • • • • • • • • iface eth0 inet static address 10.1.1.1 netmask 255.255.255.0 network 10.1.1.0 broadcast 10.1.1.255 gateway 10.1.1.254 sudo passwd root ( 用 root 登入) vi /etc/network/interfaces vi /etc/resolv.conf nameserver 10.1.1.1 sudo apt-get update apt-get install ntp chkconfig -y vi /etc/ntp.conf ifconfig eth0 192.168.0.1 netmask 255.255.255.0 server 10.1.1.2 route add default gw 192.168.0.254 ntpdate -u 10.220.8.100 vi /etc/php5/apache2/php.ini (find / -name php.ini) 安裝 主程式0.8.7g-spine0.8.7g-PA 2.9 • • • • • • cd ~ wget http://forums.cacti.net/download/file.php?id=22710 -O cacti_autoinstall_v0.40c.sh wget http://forums.cacti.net/download/file.php?id=22711 -O README_CAIS_v0.40c.txt cat ./README_CAIS_v0.40c.txt chmod a+x cacti_autoinstall_v0.40c.sh vi cacti_autoinstall_v0.40c.sh echo "*/1 * * * * $SystemCactiUser php /var/www/cacti/poller.php >/dev/null 2>&1" > /etc/cron.d/cacti Cacti Ubuntu 10.04 安裝 Cacti Ubuntu 10.04 安裝(3) 安裝 syslog • • • • • • • • • • • mkdir -p /home/update cd /home/update wget http://docs.cacti.net/_media/plugin:syslog-v1.21-1.tgz mv plugin\:syslog-v1.21-1.tgz aaa.tgz tar zxvf aaa.tgz mv syslog /var/www/cacti/plugins • mysql -uroot -pdbadmin cd /var/www/cacti/plugins/syslog use syslog; mysql -uroot -pdbadmin syslog < syslog.sql show tables; 5項 mysql -uroot -pdbadmin Mysql> GRANT ALL PRIVILEGES ON syslog.* TO _cactiuser@localhost IDENTIFIED BY '_cactipassw' ; Mysql> flush privileges; apt-get install rsyslog rsyslog-mysql vi /etc/rsyslog.conf 1- $ModLoad ommysql 2- $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timer eported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL 3- *.* >localhost,syslog,_cactiuser,_cactipassw;cacti_syslog reboot Cacti Ubuntu 10.04 安裝 Cacti Ubuntu 10.04 安裝(4‧5) 安裝微軟yahei 字型 • • • • • • • • apt-get install lynx-cur* lynx http://www.box.net/shared/6rfdpirpku sudo mkdir /usr/share/fonts/yahei sudo mv msyh.ttf /usr/share/fonts/yahei sudo chmod 755 /usr/share/fonts/yahei -R sudo mkfontscale sudo mkfontdir sudo fc-cache -fv 網頁設定 /usr/share/fonts/yahei/msyh.ttf • • root@ubuntu:~# fc-list vi /var/www/cacti/lib/functions.php <?php setlocale(LC_CTYPE, "zh_TW.UTF-8"); 設定 DB / WEB SERVER 繁體 • mysql -uroot -pdbadmin mysql> ALTER DATABASE `cacti` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> Exit; Cacti Windows 安裝 Cacti Windows 安裝(1) Web: admin / cactipw DB: root / cacti Cacti Windows 安裝 Cacti Windows 安裝(2) 啟動資料庫 開啟 browser SNMP (Simple Network Management Protocol) SNMP Protocol (一) SNMP stores information in a virtual database called a Management Information Base (MIB). The database is hierarchical (tree-structured) and entries are addressed through object identifiers (OID). The following SNMP table output shows this structure: .1.3.6.1.2.1.25.3.8.1.1.1 = INTEGER: 1 .1.3.6.1.2.1.25.3.8.1.1.2 = INTEGER: 2 1. 2. 3. SNMPv1 - does not have any encryption and only uses a community string to identify the management station, and even then it is transmitted in clear text. As a result, SNMPv1 is a very insecure protocol because SetRequests can be used to reconfigure network equipment if improperly configured. SNMPv2(c) - addresses some of the shortcomings of the SNMPv1 protocol by introducing two new protocol data units: GetBulkRequests and InformRequest. SNMPv3 - does not add new operations or enhancements to the MIB, but addresses the security problems of SNMPv1 and SNMPv2c. It can be seen as SNMPv2c plus additional security, as it allows message encryption and strong authentication of senders. SNMP (Simple Network Management Protocol) SNMP Protocol (二) 1. 2. 3. 4. 5. 6. Standardized Universally supported Extendible Portable allows distributed management access lightweight protocol 只是利用 SNMP or Ping 確認主機是否 HostDown (存活) Source IP Destination IP Flows Bytes 10.0.2.3 10.200.50.41 1437 71.62 KB 10.200.50.41 10.0.2.3 2874 143.54 KB -> 24小時使用 上/下載 流量 71.62/143.54 KB Packets 1438 2882 說明: -> 單一主機監控 24個項目 Source IP Destination IP Flows Bytes Packets 10.0.2.51 10. 200.50.41 16658 3.46 MB 41090 10.200.50.41 10.0.2.51 33398 6.17 MB 82334 -> 24小時使用 上/下載 流量 3.46/6.17 MByte -> 每小時約 144/257 Kbyte 說明: -> 單一主機監控 3個項目 Source IP Destination IP Flows Bytes Packets ath09.unix 10.200.50.41 2874 665.39 KB 4598 10.200.50.41 ath09.unix 5756 742.57 KB 9210 -> 24小時使用 上/下載 流量 665.39/742.57 KB RRDRRD-Create / RRA (一) RRD 資料庫 • The Round Robin Database • RRD files store data in a fixed size file • Using a First In, First Out (FIFO) methodology • Different Round Robin Archives (RRA) are defined within a single RRD file. • These RRAs usually consist of daily, weekly, monthly, and yearly archives rrdtool create test.rrd --step 300 \ DS:data:GAUGE:600:U:U \ RRA:AVERAGE:0.5:1:16 \ RRA:AVERAGE:0.5:4:16 \ RRA:AVERAGE:0.5:12:16 RRD-補充(二) RRD / RRA (二) rrdtool graph data1.png \ --title "Interface Speed" \ --start 1318216831 \ --end 1318260031 \ --vertical-label bps \ DEF:intspeed=data1.rrd:data:AVERAGE \ CDEF:isGreen=intspeed,0,50,LIMIT \ HRULE:50#C0C0C0FF:"Threshold ( 50 )\n" \ AREA:intspeed#FF0000:"Over Threshold\n" \ AREA:isGreen#00FF00:"Interface eth0" \ GPRINT:intspeed:LAST:"Current\:%8.0lf" \ GPRINT:intspeed:AVERAGE:"Average\:%8.0lf" \ GPRINT:intspeed:MAX:"Maximum\:%8.0lf\n" Monitor Traffic(一)Add Device 1. Cisco Router / Switch Configuration – – 2. C3750(config)#snmp-server community 1234 ro root@ubuntu:~# snmpwalk -c ytmisrt -v2c 10.227.130.254 Console->Devices – – Add / Delete / Disable / Modify / Tree (Availability / Reach ability Options) • • – (SNMP Options) • 3. Associated Data Queries+Associated Graph Templates Create Graphs for this Host – – 5. Console ->Settings->SNMP Defaults Console ->Host Templates – 4. Console->Settings->Poller->Host Up/Down Settings Console->Settings->Poller->Host Availability Settings Data Source (RRD-Raw Data Management) Graphs (Graph Management ) Add a Tree – – Sub Tree Management / User Right / Relation Monitor Traffic(二)Data Input 1. Data Input Method – – – 2. Simple Data Input (SNMP) SNMP Data Input Method Script / Command Data Input Method Associated Data Queries 定義 – – – – None Uptime Goes Backwards Index Count Changed Verify All Fields Monitor Traffic(三)Import Module 1. 2. Template (官網) Other / Custom – http://forums.cacti.net – Scripts and Templates 3. Import template / Export template – Graph Template / Data Template / Data Query – Old -> New (ex: 0.8.7e->0.8.7g ) OK – Delete Template …要小心 4. 調整圖形模組 – Add Description – < Monitor Traffic(四)CDEF 1. CDEF(Status) +THOLD 2. CDEF (Status) Graph Monitor Traffic(四)CDEF(補) http://forums.cacti.net/viewtopic.php?f=5&t=43923&hilit=CDEF+color +change http://forums.cacti.net/viewtopic.php?f=12&t=31669 – – – – – – Eq 等於 Ne 不等於 Lt 小於 Gt 大於 Le 小於或等於 Ge 大於或等於 CDEF=a,1,LE,a,UNKN,IF,1,+ 表示 if a<=1 -> a=a+1 or unknow 因此要拿掉 ,1,+ , 這是 up 的 CDEF=a,1,GT,a,UNKN,IF,1,+ 表示 if a<=1 -> a=a+1 or unknow 因此要拿掉 ,1,+ , 這是 up 的 Monitor Traffic(五)THOLD 1. Threshold 設定 – – – – 2. Console -> Threshold Console -> Data Sources Graph Thold Threshold Template – – – 單一類型可以多個 Range 有關連性。一旦移除->無法回復 可以套用給 Device / DS / Graph Monitor Traffic(六)Mail Relay 1. Console -> Settings-> Mail/DNS • PHP Mail() Function vi /etc/php.ini install sendmail • SMTP 2. 發送測試信件 Monitor Traffic(七)WeatherMap 1. vi /etc/apache2/httpd.conf 全部# <Directory /var/www/cacti/plugins/weathermap> # 全部# </Directory> 2. chown usercacti:www-data <cacti>/plugins/weathermap 3. chmod 770 <cacti>/plugins/weathermap/config UserManagement Management USER 1. Console->User Management – Add ( copy & batch copy ) (Shell) • • – – User Right Monitor Graph Delete Modify ( Change passed…) Local LDAP & Web Server … 2. Console-> System Utilities->View User Log 3. Superlink Monitor(1.2) 1. 2. Host Down 訊息通知 Console -> Settings -> Misc – – – 3. 可以發出聲音(也可以換聲音) 可以換顯示方式 可以點選主機 Monitor / Disable 不同 syslog-(1.21) Flow(1.1) 1. 2. 3. 4. 5. 至官網下載 flowview 1.0 http://docs.cacti.net/plugin:flowview 放在 /cacti/plugins mysql cacti < flowview.sql chown -R usercacti:www-data flowview/* 網頁啟動 檢查與設定檔案存放資料夾 : Console -> Settings ->Paths Default -> /var/netflow/flows/completed/ Flowview 1.0 Flow(1.1) 6. 7. 8. 網頁 Flows->Listeners 主機安裝 flow-tools (apt-get install flow-tool*) 主機設定 /usr/bin/flow-capture -w /var/netflow/flows/completed/C2821 0/0/2821 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1 /usr/bin/flow-capture -w /var/netflow/flows/completed/C7206 0/0/7206 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1 加入主機 /etc/rc.local 開機自動啟動 9. 檢查 flow 資料是否進入? /var/netflow/flows/…. 10. 網頁管理/設定-bug (10/14) Flowview 1.0 Flow(1.2) Router Command----------------------------(config)# ip flow-cache timeout active 5 (config)# ip flow-export source (config)# GigabitEthernet0/1 (config)# ip flow-export version 5 (config)# ip flow-export destination IP Port (config)# ip flow-top-talkers (config)# top 50 (config)# sort-by bytes 介面----------------------------------------------(config-if)# ip flow ingress (config-if)# ip flow egress OR (config-if)# ip route-cache flow 指令----------------------------------------------#sh ip flow-top-talker Flow(1.2) /usr/bin/flow-cat -t "10/24/2011 09:16:28" -T "10/25/2011 09:16:28" /var/netflow/flows/completed/C3845 /var/netflow/flows/completed/C3845 | /usr/bin/flow-nfilter -f /tmp/1234 -FFlowViewer_filter | /usr/bin/flow-stat -f8 -S2 |head -n 1000 >> flow03.txt Cacti 官網介紹 Other Plugins Mactrack http://10.216.7.11 php mactrack_scanner.php -f -d Aggregate http://10.220.8.222 Cycle http://10.216.7.13/cacti Syslog http://10.220.8.221 Clog http://10.216.7.13/cacti WeatherMap http://10.220.8.222 RouterConfig http://10.216.7.13/cacti http://www.linuxidc.com/Linux/2010-08/27921.htm Superlink http://10.216.7.13/cacti Discovery http://10.216.7.11 Cacti官網介紹 官網介紹 Cacti Cacti website The main Cacti website provides the latest patches as well as lots of other useful information at: http://www.cacti.net Download Spine & PA & & … / Document / Forum Spine Spine is a high performance poller which, by far, exceeds the performance of the original cmd.php. You can find the latest spine version at: http://www.cacti.net/spine_download.php Cacti bug reporting If you find a bug in Cacti, and the community in the forums can confirm it, you should post a bug ticket in their tracker at: http://bugs.cacti.net/ Cacti Users' site The Cacti Users' site provides some additional plugins, as well as the CactiEZ ISO images. http://www.cactiusers.org/ Cacti 目錄說明 Cli -> reindex / useadd / repair db Docs -> http://IP/docs/html/ Image->logo Include->config.php Install Lib 1. vi /etc/logrotate.d/cactilog Log 2. Insert the following code: Resource /var/www/cacti/log/cacti.log { RRA daily rotate 7 Scripts copytruncate compress notifempty missingok } logrotate /etc/logrotate.conf -v Backup Cacti 備份 mkdir –p /home/backup/cacti vi /var/www/cacti/backup.sh #!/bin/sh PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH day=`date +%Y-%m-%d` mysqldump -l --add-drop-table cacti > /home/backup/Cacti/mysql.cacti."$day" mysqldump -l --add-drop-table syslog > /home/backup/Cacti/mysql.syslog."$day" tar -jcvf /home/backup/Cacti/html."$day".tar.bz2 --exclude=/var/www/html/rra* -exclude=/var/www/html/log* /var/www/html cp /var/spool/cron/root /home/backup/Cacti/root."$day“ find /home/backup/Cacti/* -type f -mtime +15 -exec rm -fr {} \; > /dev/null 2>&1