RRD
advertisement
CACTI (第一天課程)
1. Cacti 介紹
2. Cacti 安裝
–
–
–
Cacti EZ (Centos 英文/簡體)
•
( OS Centos 6 ; 0.8.7g ; PA-2.8 ) Syslog-ng
Cacti ( Linux Distributions ) 10.4 版
• ( OS Ubuntu 10.4 ;0.8.7g;PA-2.9) Rsyslog 安裝
• [HOWTO] Installation Guide | Ubuntu 11.04 | Cacti | Nagios
• http://richardkok.wordpress.com/2010/10/14/install-andconfigure-cacti-v0-8-7g-on-ubuntu-v10-04-1-step-by-step/
Cacti ( Windows )
• (OS Windows 2008R2/ Window7;0.8.7g;PA2-8)
http://forums.cacti.net/viewtopic. php?t=14946
3. 建立 Device / RRD
4. 建立管理者與使用者
5. 網路設備管理
–
–
Graph / Tree
Flow / Mac track / Router Backup / WeatherMap / Syslog
CACTI (第二天課程)
1. Network 管理
2. UNIX 管理
–
–
SNMP
SSH Trust
3. WINDOWS 管理
–
–
SNMP
WMI
–
POWERSHELL
4. Cacti 升級/備份管理
Cacti 介紹
•
Cacti 介紹
–
What is Cacti ?
•
•
An Open Source
Performance Measurement Tool & Graphing Application
Cacti
uses
a cron/at-based
poller to gather data from
1.
Web-base
RRD frontend Management
2.
Graphing
&User Round
Right Management
information in
MySQL
different
sources,
Robin Database
(RRD)
files to
3.
SNMP
/ Script
or Command
Supportdatabase to store
store
the
polled
data,
and a MySQL
the systems configuration. The primary user interface is
a PHP web application that allows for easy management
of all aspects of the system, as well as automatic display
mechanisms for viewing the graphs.
SNMP
WMI
RRD
RRD
Script / Command
Devices
Cacti 安裝(一)
Cacti 安裝 (一)
1.
2.
3.
4.
Prerequisite基本環境需求
– OS / WEB SERVER / PHP / MYSQL / NET-SNMP / RRD-TOOL
Web SERVER 目錄調整 (DocumentRoot ->?)
– /etc/apache2/sites-available/default Ubuntu( vi /etc/httpd/conf/httpd.conf )
– /var/www/cacti/include/config.php $url_path = "/"; $url_path = "/cacti/“;
MYSQL (3個帳號/2個密碼)
– MySQLCactiUser="_cactiuser“
– MySQLCactiPwd="_cactipassw"
– SystemCactiUser="usercacti"
– MySQLRootPwd="dbadmin"
– mysqlcheck -a -c -o -r --all-databases #進行 db 分析/檢查/最佳化/修復
– /usr/bin/mysql_secure_installation #change password
Spine (Option)
– yum install gcc libtool (mysql-devel net-snmp-devel autoconf automake libtool)
Cacti 安裝(二)
Cacti 安裝 (二)
1.
2.
3.
CactiEZ 簡體安裝
Network / Hostname / NTP / DNS / php.ini / Change password
Ubuntu 安裝
– Network / Hostname / NTP / DNS / php.ini / Change root password
– http://forums.cacti.net/viewtopic.php?f=6&t=38633 (主程式+外掛+spine)
– http://forums.cacti.net/viewtopic.php?f=14&t=41514 (syslog)
– http://blog.jsdan.com/2675 (微軟yahei 字型)
– http://blog.happinesskt.idv.tw/2008/05/119 (RRD 圖中文)
Windows 安裝
– http://forums.cacti.net/viewtopic.php?t=14946 下載 Windows Installer
– IIS & IIS CGI install 開始->控制台->程式集->開啟或關閉windows 功能>WEB 管理工具(IIS管理主制台)+World Wide Web服務(CGI)打勾
– Spine 升級要安裝 cygwin
http://www.cacti.net/spine_install_wincyg.php
*補充 ubuntu 的 /lib/init 相當於其它 distribution os 的 /etc/rc.d/init.d
*補充 Remote DB (config.php . spine.conf )
CactiEZ 簡體安裝
CactiEZ 簡體安裝
• password (預設 root / CactiEZ)
• vi /etc/sysconfig/network-scripts/ifcfg-eth0
• service network restart
• vi /etc/reslov.conf
• vi /etc/ntpd.conf
server time.stdtime.gov.tw
• service ntpd restart
• ntpdate -u ntpdate -u time.stdtime.gov.tw
• http://w.x.y.z
Cacti Ubuntu 10.04 安裝
Cacti Ubuntu 10.04 安裝(1‧2)
系統設定
•
•
•
•
•
•
•
•
iface eth0 inet static
address 10.1.1.1
netmask 255.255.255.0
network 10.1.1.0
broadcast 10.1.1.255
gateway 10.1.1.254
sudo passwd root ( 用 root 登入)
vi /etc/network/interfaces
vi /etc/resolv.conf
nameserver 10.1.1.1
sudo apt-get update
apt-get install ntp chkconfig -y
vi /etc/ntp.conf
ifconfig eth0 192.168.0.1 netmask 255.255.255.0
server 10.1.1.2
route add default gw 192.168.0.254
ntpdate -u 10.220.8.100
vi /etc/php5/apache2/php.ini (find / -name php.ini)
安裝 主程式0.8.7g-spine0.8.7g-PA 2.9
•
•
•
•
•
•
cd ~
wget http://forums.cacti.net/download/file.php?id=22710 -O cacti_autoinstall_v0.40c.sh
wget http://forums.cacti.net/download/file.php?id=22711 -O README_CAIS_v0.40c.txt
cat ./README_CAIS_v0.40c.txt
chmod a+x cacti_autoinstall_v0.40c.sh
vi cacti_autoinstall_v0.40c.sh
echo "*/1 * * * * $SystemCactiUser php /var/www/cacti/poller.php >/dev/null 2>&1" >
/etc/cron.d/cacti
Cacti Ubuntu 10.04 安裝
Cacti Ubuntu 10.04 安裝(3)
安裝 syslog
•
•
•
•
•
•
•
•
•
•
•
mkdir -p /home/update
cd /home/update
wget http://docs.cacti.net/_media/plugin:syslog-v1.21-1.tgz
mv plugin\:syslog-v1.21-1.tgz aaa.tgz
tar zxvf aaa.tgz
mv syslog /var/www/cacti/plugins
•
mysql -uroot -pdbadmin
cd /var/www/cacti/plugins/syslog
use syslog;
mysql -uroot -pdbadmin syslog < syslog.sql
show tables;
5項
mysql -uroot -pdbadmin
Mysql> GRANT ALL PRIVILEGES ON syslog.* TO _cactiuser@localhost IDENTIFIED BY
'_cactipassw' ;
Mysql> flush privileges;
apt-get install rsyslog rsyslog-mysql
vi /etc/rsyslog.conf
1- $ModLoad ommysql
2- $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host,
message) values (%syslogfacility%, %syslogpriority%, '%timer eported:::date-mysql%',
'%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
3- *.*
>localhost,syslog,_cactiuser,_cactipassw;cacti_syslog
reboot
Cacti Ubuntu 10.04 安裝
Cacti Ubuntu 10.04 安裝(4‧5)
安裝微軟yahei 字型
•
•
•
•
•
•
•
•
apt-get install lynx-cur*
lynx http://www.box.net/shared/6rfdpirpku
sudo mkdir /usr/share/fonts/yahei
sudo mv msyh.ttf /usr/share/fonts/yahei
sudo chmod 755 /usr/share/fonts/yahei -R
sudo mkfontscale
sudo mkfontdir
sudo fc-cache -fv
網頁設定 /usr/share/fonts/yahei/msyh.ttf
•
•
root@ubuntu:~# fc-list
vi /var/www/cacti/lib/functions.php
<?php
setlocale(LC_CTYPE, "zh_TW.UTF-8");
設定 DB / WEB SERVER 繁體
•
mysql -uroot -pdbadmin
mysql> ALTER DATABASE `cacti` DEFAULT CHARACTER SET utf8 COLLATE
utf8_general_ci;
mysql> Exit;
Cacti Windows 安裝
Cacti Windows 安裝(1)
Web: admin / cactipw
DB: root / cacti
Cacti Windows 安裝
Cacti Windows 安裝(2)
啟動資料庫
開啟 browser
SNMP (Simple
Network
Management
Protocol)
SNMP
Protocol
(一)
SNMP stores information in a virtual database called a Management Information
Base (MIB). The database is hierarchical (tree-structured) and entries are
addressed through object identifiers (OID). The following SNMP table output
shows this structure:
.1.3.6.1.2.1.25.3.8.1.1.1 = INTEGER: 1
.1.3.6.1.2.1.25.3.8.1.1.2 = INTEGER: 2
1.
2.
3.
SNMPv1 - does not have any encryption and only uses a community string
to identify the management station, and even then it is transmitted in clear
text. As a result, SNMPv1 is a very insecure protocol because SetRequests
can be used to reconfigure network equipment if improperly configured.
SNMPv2(c) - addresses some of the shortcomings of the SNMPv1 protocol
by introducing two new protocol data units: GetBulkRequests and
InformRequest.
SNMPv3 - does not add new operations or enhancements to the MIB, but
addresses the security problems of SNMPv1 and SNMPv2c. It can be seen
as SNMPv2c plus additional security, as it allows message encryption and
strong authentication of senders.
SNMP (Simple
Network
Management
Protocol)
SNMP
Protocol
(二)
1.
2.
3.
4.
5.
6.
Standardized
Universally supported
Extendible
Portable
allows distributed management access
lightweight protocol
只是利用 SNMP or Ping 確認主機是否 HostDown (存活)
Source IP
Destination IP
Flows
Bytes
10.0.2.3
10.200.50.41
1437
71.62 KB
10.200.50.41 10.0.2.3
2874
143.54 KB
-> 24小時使用 上/下載 流量 71.62/143.54 KB
Packets
1438
2882
說明: -> 單一主機監控 24個項目
Source IP
Destination IP
Flows
Bytes
Packets
10.0.2.51 10. 200.50.41
16658
3.46 MB
41090
10.200.50.41 10.0.2.51
33398
6.17 MB
82334
-> 24小時使用 上/下載 流量 3.46/6.17 MByte -> 每小時約 144/257 Kbyte
說明: -> 單一主機監控 3個項目
Source IP
Destination IP
Flows
Bytes
Packets
ath09.unix
10.200.50.41
2874
665.39 KB
4598
10.200.50.41 ath09.unix
5756
742.57 KB
9210
-> 24小時使用 上/下載 流量 665.39/742.57 KB
RRDRRD-Create
/ RRA (一)
RRD 資料庫
• The Round Robin Database
• RRD files store data in a fixed size file
• Using a First In, First Out (FIFO) methodology
• Different Round Robin Archives (RRA) are defined within a single RRD file.
• These RRAs usually consist of daily, weekly, monthly, and yearly archives
rrdtool create test.rrd --step 300 \
DS:data:GAUGE:600:U:U \
RRA:AVERAGE:0.5:1:16 \
RRA:AVERAGE:0.5:4:16 \
RRA:AVERAGE:0.5:12:16
RRD-補充(二)
RRD
/ RRA (二)
rrdtool graph data1.png \
--title "Interface Speed" \
--start 1318216831 \
--end 1318260031 \
--vertical-label bps \
DEF:intspeed=data1.rrd:data:AVERAGE \
CDEF:isGreen=intspeed,0,50,LIMIT \
HRULE:50#C0C0C0FF:"Threshold ( 50 )\n" \
AREA:intspeed#FF0000:"Over Threshold\n" \
AREA:isGreen#00FF00:"Interface eth0" \
GPRINT:intspeed:LAST:"Current\:%8.0lf" \
GPRINT:intspeed:AVERAGE:"Average\:%8.0lf" \
GPRINT:intspeed:MAX:"Maximum\:%8.0lf\n"
Monitor Traffic(一)Add Device
1.
Cisco Router / Switch Configuration
–
–
2.
C3750(config)#snmp-server community 1234 ro
root@ubuntu:~# snmpwalk -c ytmisrt -v2c 10.227.130.254
Console->Devices
–
–
Add / Delete / Disable / Modify / Tree
(Availability / Reach ability Options)
•
•
–
(SNMP Options)
•
3.
Associated Data Queries+Associated Graph Templates
Create Graphs for this Host
–
–
5.
Console ->Settings->SNMP Defaults
Console ->Host Templates
–
4.
Console->Settings->Poller->Host Up/Down Settings
Console->Settings->Poller->Host Availability Settings
Data Source (RRD-Raw Data Management)
Graphs (Graph Management )
Add a Tree
–
–
Sub Tree
Management / User Right / Relation
Monitor Traffic(二)Data Input
1.
Data Input Method
–
–
–
2.
Simple Data Input (SNMP)
SNMP Data Input Method
Script / Command Data Input Method
Associated Data Queries 定義
–
–
–
–
None
Uptime Goes Backwards
Index Count Changed
Verify All Fields
Monitor Traffic(三)Import Module
1.
2.
Template (官網)
Other / Custom
– http://forums.cacti.net
– Scripts and Templates
3. Import template / Export template
– Graph Template / Data Template / Data Query
– Old -> New (ex: 0.8.7e->0.8.7g ) OK
– Delete Template …要小心
4. 調整圖形模組
– Add Description
–
<
Monitor Traffic(四)CDEF
1.
CDEF(Status) +THOLD
2.
CDEF (Status) Graph
Monitor Traffic(四)CDEF(補)
http://forums.cacti.net/viewtopic.php?f=5&t=43923&hilit=CDEF+color
+change
http://forums.cacti.net/viewtopic.php?f=12&t=31669
–
–
–
–
–
–
Eq 等於
Ne 不等於
Lt 小於
Gt 大於
Le 小於或等於
Ge 大於或等於
CDEF=a,1,LE,a,UNKN,IF,1,+
表示 if a<=1 -> a=a+1 or unknow
因此要拿掉 ,1,+ , 這是 up 的
CDEF=a,1,GT,a,UNKN,IF,1,+
表示 if a<=1 -> a=a+1 or unknow
因此要拿掉 ,1,+ , 這是 up 的
Monitor Traffic(五)THOLD
1.
Threshold 設定
–
–
–
–
2.
Console -> Threshold
Console -> Data Sources
Graph
Thold
Threshold Template
–
–
–
單一類型可以多個 Range
有關連性。一旦移除->無法回復
可以套用給 Device / DS / Graph
Monitor Traffic(六)Mail Relay
1.
Console -> Settings-> Mail/DNS
•
PHP Mail() Function
vi /etc/php.ini
install sendmail
• SMTP
2. 發送測試信件
Monitor Traffic(七)WeatherMap
1. vi /etc/apache2/httpd.conf 全部#
<Directory /var/www/cacti/plugins/weathermap>
# 全部#
</Directory>
2. chown usercacti:www-data <cacti>/plugins/weathermap
3. chmod 770 <cacti>/plugins/weathermap/config
UserManagement
Management
USER
1.
Console->User Management
–
Add ( copy & batch copy ) (Shell)
•
•
–
–
User Right
Monitor Graph
Delete
Modify ( Change passed…)
Local LDAP & Web Server
…
2. Console-> System Utilities->View User Log
3.
Superlink
Monitor(1.2)
1.
2.
Host Down 訊息通知
Console -> Settings -> Misc
–
–
–
3.
可以發出聲音(也可以換聲音)
可以換顯示方式
可以點選主機
Monitor / Disable 不同
syslog-(1.21)
Flow(1.1)
1.
2.
3.
4.
5.
至官網下載 flowview 1.0
http://docs.cacti.net/plugin:flowview 放在 /cacti/plugins
mysql cacti < flowview.sql
chown -R usercacti:www-data flowview/*
網頁啟動
檢查與設定檔案存放資料夾 : Console -> Settings ->Paths
Default -> /var/netflow/flows/completed/
Flowview
1.0
Flow(1.1)
6.
7.
8.
網頁 Flows->Listeners
主機安裝 flow-tools (apt-get install flow-tool*)
主機設定
/usr/bin/flow-capture -w /var/netflow/flows/completed/C2821
0/0/2821 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1
/usr/bin/flow-capture -w /var/netflow/flows/completed/C7206
0/0/7206 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1
加入主機 /etc/rc.local 開機自動啟動
9. 檢查 flow 資料是否進入? /var/netflow/flows/….
10. 網頁管理/設定-bug (10/14)
Flowview
1.0
Flow(1.2)
Router Command----------------------------(config)# ip flow-cache timeout active 5
(config)# ip flow-export source
(config)# GigabitEthernet0/1
(config)# ip flow-export version 5
(config)# ip flow-export destination IP Port
(config)# ip flow-top-talkers
(config)# top 50
(config)# sort-by bytes
介面----------------------------------------------(config-if)# ip flow ingress
(config-if)# ip flow egress
OR
(config-if)# ip route-cache flow
指令----------------------------------------------#sh ip flow-top-talker
Flow(1.2)
/usr/bin/flow-cat -t "10/24/2011 09:16:28" -T "10/25/2011 09:16:28"
/var/netflow/flows/completed/C3845 /var/netflow/flows/completed/C3845 | /usr/bin/flow-nfilter
-f /tmp/1234 -FFlowViewer_filter | /usr/bin/flow-stat -f8 -S2 |head -n 1000 >> flow03.txt
Cacti 官網介紹
Other
Plugins
Mactrack
http://10.216.7.11
php mactrack_scanner.php -f -d
Aggregate
http://10.220.8.222
Cycle
http://10.216.7.13/cacti
Syslog
http://10.220.8.221
Clog
http://10.216.7.13/cacti
WeatherMap
http://10.220.8.222
RouterConfig
http://10.216.7.13/cacti
http://www.linuxidc.com/Linux/2010-08/27921.htm
Superlink
http://10.216.7.13/cacti
Discovery
http://10.216.7.11
Cacti官網介紹
官網介紹
Cacti
Cacti website
The main Cacti website provides the latest patches as well as lots of other useful information at:
http://www.cacti.net
Download Spine & PA & & … / Document / Forum
Spine
Spine is a high performance poller which, by far, exceeds the performance of the original cmd.php. You can find
the latest spine version at:
http://www.cacti.net/spine_download.php
Cacti bug reporting
If you find a bug in Cacti, and the community in the forums can confirm it, you should post a bug ticket in their
tracker at:
http://bugs.cacti.net/
Cacti Users' site
The Cacti Users' site provides some additional plugins, as well as the CactiEZ ISO images.
http://www.cactiusers.org/
Cacti 目錄說明
Cli -> reindex / useadd / repair db
Docs -> http://IP/docs/html/
Image->logo
Include->config.php
Install
Lib
1. vi /etc/logrotate.d/cactilog
Log
2. Insert the following code:
Resource
/var/www/cacti/log/cacti.log {
RRA
daily
rotate 7
Scripts
copytruncate
compress
notifempty
missingok
}
logrotate /etc/logrotate.conf -v
Backup
Cacti 備份
mkdir –p /home/backup/cacti
vi /var/www/cacti/backup.sh
#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
day=`date +%Y-%m-%d`
mysqldump -l --add-drop-table cacti > /home/backup/Cacti/mysql.cacti."$day"
mysqldump -l --add-drop-table syslog > /home/backup/Cacti/mysql.syslog."$day"
tar -jcvf /home/backup/Cacti/html."$day".tar.bz2 --exclude=/var/www/html/rra* -exclude=/var/www/html/log* /var/www/html
cp /var/spool/cron/root /home/backup/Cacti/root."$day“
find /home/backup/Cacti/* -type f -mtime +15 -exec rm -fr {} \; > /dev/null 2>&1
