Installing Cacti on CentOS 5
安裝程序:
Required Packages for RPM-based Operating Systems
httpd
php
php-mysql
php-snmp
php-ldap (when using LDAP authentication)
php-xml
mysql
mysql-server
net-snmp
#yum install php-snmp
Installed:
php-snmp.i386 0:5.3.12-5.el5.art php-snmp.x86_64 0:5.3.12-5.el5.art
Dependency Installed:
lm_sensors.x86_64 0:2.10.7-9.el5 net-snmp.x86_64 1:5.3.2.2-17.el5
net-snmp-libs.i386 1:5.3.2.2-17.el5
Dependency Updated:
php.x86_64 0:5.3.12-5.el5.art php-cli.x86_64 0:5.3.12-5.el5.art
php-common.x86_64 0:5.3.12-5.el5.art php-devel.x86_64 0:5.3.12-5.el5.art
php-gd.x86_64 0:5.3.12-5.el5.art php-ldap.x86_64 0:5.3.12-5.el5.art
php-mbstring.x86_64 0:5.3.12-5.el5.art php-mysql.x86_64 0:5.3.12-5.el5.art
php-pdo.x86_64 0:5.3.12-5.el5.art
#yum install php-xml
Running Transaction
Installing : php-xml 1/3
Installing : libxslt 2/3
Installing : php-xml 3/3
Installed:
php-xml.i386 0:5.3.12-5.el5.art php-xml.x86_64 0:5.3.12-5.el5.art
Dependency Installed:
libxslt.i386 0:1.1.17-2.el5_2.2
#yum install rrdtool
Package rrdtool-1.2.27-4.el5.art.x86_64 already installed
#service httpd restart
Configure PHP & Apache:
http://docs.cacti.net/manual:088:1_installation.1_install_unix.1_configure_php
http://docs.cacti.net/manual:088:1_installation.1_install_unix.2_configure_apache
#chkconfig snmpd on
#chkconfig snmptrapd on
#yum install net-snmp-utils
Running Transaction
Installing : net-snmp-utils 1/1
Installed:
net-snmp-utils.x86_64 1:5.3.2.2-17.el5
#service snmpd start
#useradd -r -M cactiuser
#passwd cactiuser
Installing Cacti:
download cacti.gz and unzip to /var/www/html/
chown -R apache:apache /var/www/html/cacti
use phpmyadmin to create a db named cacti
import tables from cacti.sql found under the installation package to the db named cacti via phpmyadmin
create a user for the db named cacti and grant all privilege to the user
exit root use an ordinary linux account
chown -R cactiuser rra/ log/
Configuration of cacti/include/config.php: http://docs.cacti.net/manual:088:1_installation.1_install_unix.5_install_and_configure_cacti
run the remaining cacti installation via the browser, go to your site http://yoursite/cacti/ , click finish if you find your settings are right, checked by cacti system.
login with account "admin" and password "admin".
change your password.
add devices through your browser on the cacti webpages.
http://forums.cacti.net/about26374.html #snmpconf -g basic_setup -i
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
move the new snmpd.conf file generated by snmpconf to the right place: mv snmpd.conf /etc/snmp/snmpd.conf
#service snmpd restart
go to the cacti webpage > device > localhost > click "verbose query" to check "Data Query Debug Information", successful when no error returned
#vi /etc/crontab
(我在 centos 以 cactiuser 或其他帳號執行 crontab -e 時均無效,需用 root 權限編輯 /etc/crontab 並加入以下 cactiuser 權限才可順利啟動。原因待查。)
*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1
#service crond restart
//check cacti/rra if the files changes every five minutes
安裝結束,開始設定 snmp agents 如 windows 2003 r2 等主機。
至 cacti 網頁設定:
以下引用自: http://cacti.xxoo.net/modules/sections/index.php?op=viewarticle&artid=8
如何偵測Windows或Linux的流量
如果您是Linux主機的話請先確定你的snmpd.conf有無下面字串
view systemview included .1.3.6.1.2.1.2
如果沒有請自行加入
此字串是偵測Interfaces
請先確定您的Devices的Data Query有新增SNMP - Interface Statistics
到Create → New Graphs → 選擇您要偵測的Host
在Data Query [SNMP - Interface Statistics]裡面勾選您要偵測的網卡介面
選擇右下角的Select a graph type:In/Out Bits或者您想要的單位
好了之後點選右下方的create送出新增
再到Graph Trees把剛剛的Host或者Graphs新增進去即可查詢
Windows 2003 R2 SNMP Settings:
以下文字引用自: http://green-lamb.blogspot.com/2008/04/windows-server-2003-snmp.html
啟動本機 SNMP
1. 要偵測本機的 snmp 狀態請啟用它
開啟控制台 → 新增移除程式 → 新增移除Windows元件 → Management and Monitoring Tools → Simple Network Management Protocol
將它打勾後點選確定並啟動它。
2. 到服務設定 SNMP Service -> Agent代理程式下面的服務全打勾,才可以偵測 HD 和 RAM
->Traps 設陷,群體名稱 public,加入清單
->Security 安全性,新增接受的群體名稱 public,唯讀
->設定從下列主機接受SNMP封包,新增一個
重新啟動服務
註:接受 snmp 封包的主機,上述說要新增一個主機,我設為目標主機,也就是 cacti 的主機的 ip。
註:防火牆應打開 161 udp 及 162 udp 兩個 port。
Windows 2008 R2 SNMP Settings:
與以上大同小異,由「初始設定工作」>「新增功能」> 選 snmp 安裝
安裝完需重開機才會看到 snmp 服務的選項。
與 windows 2003 r2 不同的是防火牆會自動打開,只需檢查一下即可。
參考連結:「系統管理工具」>「服務」>「snmp service」>「右鍵--內容」>「代理程式」標籤頁中服務全勾 > 「安全性」標籤頁中新增群體(名稱自訂不要用 public 較安全),從下列主機接受 snmp 封包中新增 cacti 主機的 ip,設定好後再回到 cacti 新增伺服器,加入繪圖工作。
安裝 settings plugin:
0.8.8a 版的 cacti 已經內建 plugin arch/ plugin architecture/ pa 所以不必再安裝,要檢查有沒有 pa,在 cacti 網頁左下角可以看到 plugin management 即是有安裝完畢。
安裝 dns email 的 settings 外掛:
下載 http://docs.cacti.net/plugin:settings 裏的 tgz 檔。
由於檔名中有 : 冒號,所以先 mv plugin:settings-xxx.tgz settings.tgz
tar -zxvf settings.tgz
mv settings /var/www/html/cacti/plugins/.
chown -R apache:apache /var/www/html/cacti/plugins/settings
到 cacti 網頁,進入 plugin management 後將 settings 這個外掛安裝,並啟用。參考圖: http://docs.cacti.net/plugins.install
到 cacti 網頁,進入 settings 的頁面,有看到 mail / dns 這個標籤頁,即是安裝成功。
settings (MAIL/DNS) 設定,以下設定好後,按右上角的 test mail 試傳看看有沒有跑一個新的小視窗跟你說傳送成功:
Test Email
This is a email account used for sending a test message to ensure everything is working properly. (填傳送目標 email)
Mail Services
Which mail service to use in order to send mail (選 php mail function)
From Email Address
This is the email address that the email will appear from. (gmail 帳號)
From Name
This is the actual name that the email will appear from. (自訂一個姓名)
Word Wrap
This is how many characters will be allowed before a line in the email is automatically word wrapped. (0 = Disabled) (按預設值 120)
Sendmail Options
Sendmail Path
This is the path to sendmail on your server. (Only used if Sendmail is selected as the Mail Service) (/usr/sbin/sendmail)
[OK: FILE FOUND]
SMTP Options
SMTP Hostname
This is the hostname/IP of the SMTP Server you will send the email to. (smtp.gmail.com)
SMTP Port
This is the port on the SMTP Server that SMTP uses. (465)
SMTP Username
This is the username to authenticate with when sending via SMTP. (Leave blank if you do not require authentication.) (gmail 帳號)
SMTP Password
This is the password to authenticate with when sending via SMTP. (Leave blank if you do not require authentication.) (gmail 密碼,上下兩欄位打兩次密碼)
DNS Options
Primary DNS IP Address
Enter the primary DNS IP Address to utilize for reverse lookups. (主 dns 要填)
Secondary DNS IP Address
Enter the secondary DNS IP Address to utilize for reverse lookups. (副 dns 就填 8.8.8.8 吧)
DNS Timeout
Please enter the DNS timeout in milliseconds. Cacti uses a PHP based DNS resolver. (按預設值 500)
http://download.ithome.com.tw/article/index/id/370 (安裝 thold 外掛以實現 email 通告服務有誤)
Cacti 網頁中: Configuration > Settings > thold (tab) > Dead Hosts Notifications (Enable Dead/Recovering host notification) 勾選 enable
Cacti 網頁中: Configuration > Settings > thold (tab) > Dead Host Notifications Email (This is the Email Address that the Dead Host Notifications will be sent to if the Global Notification List is selected.) 填上自己的 email。這樣就會在機器 down 時以 email 通知。
其他外掛: http://docs.cacti.net/plugins
修改 community 預設的 public 社群名稱 (community name),以增加安全性:
修改 /etc/snmp/snmp.conf ,修改前先備份為 /etc/snmp/snmp.conf.bak2。改 public 值,存檔後,重啟 snmpd 服務,重啟 httpd 服務。
修改 cacti 中的設定: setting > snmp ver.1 > community > 定新名稱。(建議:新名稱不要有特殊符號)
修改 cacti 中的 devices 設定: 點入每個 device 然後修改成新名稱。(建議:新名稱不要有特殊符號)
到每個機器的 snmp 的設定中,將 public 改成新名稱。(建議:新名稱不要有特殊符號)
到 cacti 中的 devices 看每個 device 的最上方的 snmp 資料有沒有 error 出現。
過五分鐘後看 graphs 有沒有出現問題。沒有就收工。
新增機器 devices:
新增 advanced ping 2.2 功能:
Just an FYI for anyone else who is interested, to get Advanced Ping working in 8.8 all you need to do is update your global_arrays.php file using a copy from the SVN as explained here.
Then you need to download the cacti_graph_template_ping_advanced_ping_v2_2.xml file from here and import it, and your done.
Note: You do not need to download the ss_fping.zip file as all required files are already in Cacti 8.8
Import Results
Cacti has imported the following items:
CDEF
[success] Advanced Ping - Loss 51 - 95 % top [new]
[success] Advanced Ping - Loss 6 - 10 % top [new]
[success] Advanced Ping - Loss 11 - 15 % top [new]
[success] Advanced Ping - Loss 16 - 50 % top [new]
[success] Advanced Ping - Loss 96 - 100 % top [new]
[success] Advanced Ping - Position 1,2 [new]
[success] Advanced Ping - Position 3,4,5 [new]
[success] Advanced Ping - Loss 11 - 15 % bottom [new]
[success] Advanced Ping - Loss 6 - 10 % bottom [new]
[success] Advanced Ping - Loss 16 - 50 % bottom [new]
[success] Advanced Ping - Loss 51 - 95 % bottom [new]
[success] Advanced Ping - Loss 96 - 100 % bottom [new]
[success] Advanced Ping - Loss 1 - 2 % bottom [new]
[success] Advanced Ping - Loss 1 - 2 % top [new]
[success] Advanced Ping - Loss 3 - 5 % bottom [new]
[success] Advanced Ping - Loss 3 - 5 % top [new]
[success] Advanced Ping - Stack Min - 20 % [new]
GPRINT Preset
[success] Normal [update]
[success] Ping [new]
[success] Percentage as Decimal [new]
Data Input Method
[success] PING - Advanced Ping [new]
Data Template
[success] PING - Advanced Ping [new]
Graph Template
[success] PING - Advanced Ping [new]
我用的是 8.8a 版,直接 import 下面的 2.2 版 advanced ping 進 templates 就可以了。
接下來加入可以 ping 的 devices(以下示範沒有 snmp 但可以被 ping 的設備):
device > add > snmp version (not in use) > host template (none) > downed device detection (ping, icmp, ping out value 400, ping retry count 1) > create button 若沒錯的話,左上角沒有紅字,會有 icmp ping success 及 ping 的時間。
因為有些 wifi 晚上會進入省電模式,先把幾台 thold 警示給拿掉先測試一下進入省電模式會不會讓人 ping 不到。Thold Up/Down Email Notification > global list (代表要發信)。 Thold Up/Down Email Notification > disable (不發信)。
device > device page > associated graph template (choose advanced ping) add > save button
device > device page > create graph for this host > tick "ping-advanced ping" > create button > the number of time 20, icmp, port blank > create button
graph trees > host (choose your device) > create button
go to graph tab to take a look at the new graphs.
設置 CentOS 5 snmp 服務供 cacti 取用 snmp 資料:
#yum install net-snmp
#yum install net-snmp-utils
#cd /root/
#snmpconf -g basic_setup
//設置 rocommunity 設完後可看見 /root/snmp.conf ,注意要有此行設定 rocommunity community-name allowed.ip.address
#mv /etc/snmp/snmp.conf /etc/snmp/snmp.conf.bak
#mv /root/snmp.conf /etc/snmp/snmp.conf
#service snmpd start
#chkconfig snmpd on
開放 161 udp 埠 (snmp 預設 port)。不用開 162 udp port,因為那是 snmp trap 在用的。
接下來就可以去 cacti 介面加入此 CentOS 5 機器,一般來說有四種資料源可用:
SNMP - Get Mounted Partitions Success [21 Items, 7 Rows]
SNMP - Get Processor Information Success [4 Items, 4 Rows]
SNMP - Interface Statistics Success [38 Items, 4 Rows]
Unix - Get Mounted Partitions [4 Items, 2 Rows]
設置 FreeBSD 9 snmp 服務供 cacti 取用 snmp 資料:
#cd /usr/ports/net-mgmt/net-snmp/
#make install clean 安裝有 error code 1,再裝一次 (參考:https://forums.freebsd.org/viewtopic.php?&t=38225)
#make rmconfig
#make reinstall
安裝成功。
#cd /usr/local/share/snmp
#cp snmpd.conf.example snmpd.conf
#nano /usr/local/share/snmp/snmpd.conf
加入 rocommunity secret your.cacti.ip 存檔退出
#nano /etc/rc.conf
snmpd_enable="YES"
snmpd_conffile="/usr/local/etc/snmpd.conf"
存檔退出
啟動snmpd
/usr/local/etc/rc.d/snmpd start
以下指令測試:
snmpwalk -v1 -c public 127.0.0.1
有出現一些資料,無 error 就是正常啟動。
再用netstat 確認 port 是否有被開啟
#netstat -an | grep 161
出現以下為正常:
udp4 0 0 *.161 *.*
接下來看以下引用段落,做自動化的設定 (註:啟動有誤時,可不用做 6. Agent Operating Mode > 4. IP address and port number that the agent will listen on. 的設定) :
quote below from: http://blog.up-link.ro/freebsd-how-to-install-and-configure-snmp-in-freebsd/
Copy the default configuration file to the right location.
# cp /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmpd.conf
Open /usr/local/etc/snmpd.conf and set up the community and network access.
Click here to download an example configuration file.
Open /etc/rc.conf in your favorite editor and make sure snmpd is enabled:
snmpd_enable="YES"
snmpd_conffile="/usr/local/etc/snmpd.conf"
Type the following command to start snmpd:
# /usr/local/etc/rc.d/snmpd start
At this point you should be able to snmpwalk your host
# snmpwalk -v1 -c public 127.0.0.1
This will get you up and running with a basic snmp configuration. Next, we'll use snmpconf utility to set up an advanced configration. The next step is optional.
接下來進行自動化設定 snmpd ,在每一個設定後,請輸入 finished 以便跳出,整個設定完後,輸入 quit
# snmpconf -i
I can create the following types of configuration files for you.
Select the file type you wish to create:
1: snmp.conf
2: snmptrapd.conf
3: snmpd.conf
snmp.conf dictates how Net-SNMP applications should operate, snmptrapd.conf configures the snmptrapd daemon which is used for ongoing monitoring via SNMP, and snmpd.conf defines how the snmp daemon which we will be using, is configured.
Choose option 'snmpd.conf'.
The main menu:
1: System Information Setup
2: Access Control Setup
3: Trap Destinations
4: Monitor Various Aspects of the Running Host
5: Extending the Agent
6: Agent Operating Mode
Choose option '1', and at the 'System Information Setup' menu, choose '1' again. You will be asked to enter the location of your system. This can be the country, locality, site name, or any other data you would use to describe the location of the system. After you enter this, you will be returned to the 'System Information Setup' menu.
Choose option '2' and enter the contact information for the administrator of the machine.
Finally, when you choose option '3', you will be asked a number of "Yes/No" questions to determine what the proper value for the sysServices object. This is used to determine what services your machine offers. Reply with a '1' for yes, or '0' for no.
When you are done with the 'System Information Setup' menu, type 'finished' to return to the main menu.
From the main menu, choose option '2' for 'Access Control Setup'
1: a SNMPv3 read-write user
2: a SNMPv3 read-only user
3: a SNMPv1/SNMPv2c read-only access community name
4: a SNMPv1/SNMPv2c read-write access community name
For the purpose of simplicity, we will set up a read-only SNMPv1 server which listens only on localhost. SNMPv2 and v3 provide some added security in the form of user names and passwords.
To continue, choose option '3'. You will be asked to enter a community name for read-only access. This can be any one-word string you wish (for example pub), and is simply used as a weak method of authentication to restrict access to the service.
Then choose 'localhost' as the hostname from which to accept that community string, and press ENTER for no-restrictions on what the user of that community string can read.
Next we will confirm where the daemon should be listening. From the main menu, choose option '6' for 'Agent Operating Mode'
1: Should the agent operate as a master agent or not.
2: The system user that the agent runs as.
3: The system group that the agent runs as.
4: The IP address and port number that the agent will listen on.
Choose option '4', and enter 127.0.0.1 as the address at which snmpd will listen. Return to the main menu, and choose 'finished' again. You will be shown to the original menu asking which file you would like to edit. choose to 'quit'.
Finally, we have to copy the configuration to the right location and then restart snmpd:
# cp /usr/local/share/snmp/snmpd.conf /usr/local/etc/snmpd.conf
# /usr/local/etc/rc.d/snmpd restart.
拿設定好的設定檔覆蓋 /usr/local/etc/snmpd.conf ,重啟 snmpd。
設置 Ubuntu 12.04 64bit snmp 服務供 cacti 取用 snmp 資料:
以下引用自: http://rewriterdark.blogspot.tw/2012/12/snmp.html
安裝方式
apt-get install snmp snmpd snmp-mibs-downloader
確認後就可直接安裝
確認安裝版本
dpkg -l | grrp snmp
檔案配置
下列為需要配置的檔案
/etc/snmp/snmpd.conf
/etc/snmp/snmp.conf
/etc/default/snmpd
配置方式
/etc/snmp/snmpd.conf
設定snmpd.conf,這是有關連線、監控方式有關,為了簡化操作,我們只配置三行
首先將原始檔案更名,作為備份用
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bk
建立相同檔名
vi /etc/snmp/snmpd.conf
寫入下列三行
#讓外部是否有連進來的權利,public是關鍵字串,就像是通關密語
rocommunity public
#設定你的名稱,這裡的名稱不是hostname,是位置
syslocation placename
#聯絡人
syscontact youremail@host.name
/etc/snmp/snmp.conf
這是要設定的是跟mib有關,需要註解一行即可
#mibs :
註解這行是因為要讓snmp抓到的是名稱
/etc/default/snmpd
這裡配置剛剛設定的snmpd.conf,以及可以設定可以連線的網域/網址
可以將原本的 SNMPDOPTS註解掉加入這行
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf 0.0.0.0'
(加入-c /etc/snmp/snmpd.conf 0.0.0.0 可存取的來源位置)
驗證程序
可以透過指令的方式確認是否有啟動snmp 服務
snmpwalk -v 2c -c public localhost system
Ubuntu 會自動打開 161 port ,不必再設。
HP DL-360 & DL-380
設置方法同 centos 5,但斷電重開機時,有時 snmp 會無法正常啟動,只要以 root 身份 ssh 進去執行指令 service snmpd restart 即可。
與影印機連線的電腦若加裝掃描程式(利用影印機的掃描功能),該程式會往外送 snmp 封包,以探測校內印表機,此時 APC 的 snmp 的感應機制會發 email 通知管理員,若無必要使用該程式的話,可將掃描程式移除。
Cacti (CentOS 5)會造成 freebsd 80 port 大量流量的問題:
CACTI advanced ping 模組對於 freebsd 9 的 80 port 會發出大量封包。取消,不要用這個功能。
freebsd 目前己設定擋 cacti 伺服器的 80 封包。