Cacti

Install Cacti on CentOS 6/7

install PHP 7.1 along with all the required dependencies.

# yum -y install httpd*

systemctl start httpd

systemctl enable httpd

# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

# yum -y update

# yum remove php-common

yum -y install php56w-snmp 

yum -y install php56w-ldap 

yum -y install php56w-imap 

yum -y install libc-client

# yum -y install php71w php71w-snmp php71w-mysqli php71w-cli php71w-ldap php71w-xml php71w-session php71w-sockets php71w-pcre php71w-gd php71w-dom php71w-posix php71w-mbstring libc-client php71w-imap php71w-intl php-ldap php-devel php-imap php-intl

# php -v

# vi /etc/php.ini

[Date]

; Defines the default timezone used by the date functions

; http://php.net/date.timezone

date.timezone = Asia/Dhaka

# yum --enablerepo=epel -y install cacti net-snmp net-snmp-utils php-mysql php-snmp net-snmp-libs rrdtool

# yum install nano httpd httpd-devel mariadb-server php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli –y

 ------------------

systemctl start httpd.service

systemctl start snmpd.service

systemctl start mariadb.service

systemctl enable httpd.service

systemctl enable snmpd.service

systemctl enable mariadb.service

systemctl restart httpd.service

systemctl restart snmpd.service

systemctl restart mariadb.service

Setup MySQL database and User Accounts

First, set the MySQL root password:

mysql_secure_installation

# mysqladmin -u root password YOUR_PASSWORD

# mysql -u root -p

MariaDB>  CREATE DATABASE cactidb;

MariaDB>  CREATE USER 'cactiuser'@'localhost' IDENTIFIED BY 'cactipassword';

MariaDB>  GRANT ALL PRIVILEGES ON cactidb.* TO 'cactiuser'@'localhost';

MariaDB>  FLUSH PRIVILEGES;

MariaDB>  exit

Time Zone

# yum -y install tzdata

 rm -f /etc/localtime

 ln -s /usr/share/zoneinfo/UTC /etc/localtime

# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

# mysql -u root -p

MariaDB>  GRANT SELECT ON mysql.time_zone_name TO 'cactiuser'@'localhost';

MariaDB>  FLUSH PRIVILEGES;

MariaDB> exit

## tuning Maria DB configurations (the syntax is just like mysql, so it is quite easy)

/etc/my.cnf.d/client.cnf

[client]

default-character-set=utf8

 install cacti:

yum -y install epel-release 

yum -y install cacti 

Cacti ships with a cacti.sql database dump that should be imported into MySQL. We need to find where it was stored in order to perform the import.

# rpm -ql cacti|grep cacti.sql

/usr/share/doc/cacti-1.1.10/cacti.sql

Import tables to cacti database:

# mysql -u cactiuser -p cactidb < /usr/share/doc/cacti-*/cacti.sql

OR

# mysql -u cactiuser -p cactidb < /usr/share/doc/cacti-1.1.10/cacti.sql

Enter password:

Cacti needs to know how to connect to the database. We must add the database name and credentials to its database configuration file.

# vi /etc/cacti/db.php

[...]

database_default = "cactidb";

database_hostname = "localhost";

database_username = "cactiuser";

database_password = "cactipassword";     #[ My SQL cactiDB passwd ]

[...]

-----------------------------------------------------------

vim /etc/cacti/db.php

$database_type = "mysql";

$database_default = "cactidb";

$database_hostname = "localhost";

$database_username = "cactiuser";

$database_password = "password";

$database_port = "3306";

$database_ssl = false;

Open http port in firewall

Open an http port in firewall:

# firewall-cmd --permanent --zone=public --add-service=http

# firewall-cmd --reload

Apache must be accessible from the network so we can view Cacti’s statistics. Edit /etc/httpd/conf.d/cacti.conf.

# vi /etc/httpd/conf.d/cacti.conf

Change these two lines:

<Directory /usr/share/cacti/>

<IfModule mod_authz_core.c>

# httpd 2.4

Require host localhost <---- This one

</IfModule>

<IfModule !mod_authz_core.c>

# httpd 2.2

Order deny,allow

Deny from all

Allow from localhost <---- This one

</IfModule>

</Directory>

TO

<Directory /usr/share/cacti/>

<IfModule mod_authz_core.c>

# httpd 2.4

Require all granted

</IfModule>

<IfModule !mod_authz_core.c>

# httpd 2.2

Order deny,allow

Deny from all

Allow from all

</IfModule>

</Directory>

Restart Apache so it picks up the configuration changes we’ve just made.

systemctl restart httpd.service

There is a crontab entry for Cacti that must be activated in order for it to create its graphs. Uncomment the line in /etc/cron.d/cacti.

vi /etc/cron.d/cacti

#*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

TO

*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

In order for Cacti to log its results, we’ll need to create an empty cacti.log.

mkdir -p /var/log/cacti

touch /var/log/cacti/cacti.log

 systemctl restart crond.service

 systemctl enable crond.service

SMNP

# yum install -y net-snmp net-snmp-utils

# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

• on Centos

• #  vi /etc/snmp/snmpd.conf

42 #com2sec notConfigUser default public

        com2sec  AllUser          default   worldcm

47 #groupName securityModel securityName

48   group notConfigGroup v1 notConfigUser

49   group notConfigGroup v2c notConfigUser

50   group AllGroup v2c AllUser                  [add this line ]

58 view AllView included .1

63 #access notConfigGroup "" any noauth exact systemview none none

64 access AllGroup "" any noauth exact AllView none none

                   --------------------------------------------------------------

systemctl start snmpd

systemctl enable snmpd

systemctl restart snmpd

[root@~]#  snmpwalk -v 2c -c worldcm -O e 127.0.0.1

#######################################################################################################

                                                                           BEST

# line 41: comment out

# com2sec notConfigUser default public

# line 74,75: uncomment and change

# change "mynetwork" to your own network

# change comunity name to anyone except public, private (for security reason)

com2sec    local              localhost              worldcm

com2sec    mynetwork  192.168.0.1/24    worldcm

# line 78,79: uncomment and change

group MyRWGroup v2c local

group MyROGroup v2c mynetwork

# line 85: uncomment

view all included .1 80

# line 93,94: uncomment and change

access MyROGroup "" v2c noauth exact all none none

access MyRWGroup "" v2c noauth exact all all all

----------------------------------------------------------------

systemctl start snmpd

systemctl enable snmpd

systemctl restart snmpd

[root@~]# snmpwalk -v2c -c worldcm localhost system

# service snmpd restart

# systemctl restart snmpd.service

Install Cacti Spine poller

yum install -y gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unix help2man

wget https://www.cacti.net/downloads/spine/cacti-spine-latest.tar.gz

tar -xzvf cacti-spine-latest.tar.gz 

cd cacti-spine-1.1.12/

./bootstrap

./configure

make && make install

./configure --prefix=/opt/spine

                    --------------------------------------------

./configure

make

make install

chown root:root /usr/local/spine/bin/spine

chmod +s /usr/local/spine/bin/spine

                  ---------------------------------------------

Configure Spine

cp /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.conf

# vi /usr/local/spine/etc/spine.conf

DB_Host localhost

DB_Database cactidb

DB_User cactiuser

DB_Pass cactiuserPasswd

DB_Port 3306

DB_PreG 0

# chmod a+x spine

## Use spine

cd /usr/local/spine/etc/

(1) copy the "spine.conf.dist" to "spine.conf", and modify the DB related parameters inside, e.g. db name,  user/pass

(2) Then in Cacti UI -> Settings -> Paths, input the spine directories, e.g.

Binary: /usr/local/spine/bin/spine

Config: /usr/local/spine/etc/spine.conf

(3) Settings -> Poller, choose spine instead of cmd.php  / “spine”.

www

go to http://YOUR-IP-HERE/cacti/ 

User/Passwd:  admin    

       XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

https://www.howtoforge.com/tutorial/how-to-monitor-your-centos-7-server-using-cacti/

Step 2 - Installing PHP

Cacti support all the version of PHP greater than 5.3. But in this tutorial, we will install PHP 7.1 as PHP v5.3 has reached the end of life. Installing the latest version of PHP will ensure the maximum security and performance of the application.

The default YUM repository of CentOS does not have PHP 7.1 included, hence you will need to add the Webtatic repository in your system. Webtatic repository requires EPEL repository to work. Run the following command to install EPEL repository.

yum -y install epel-release

yum -y update

Type the commands to install Webtatic repository.

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

yum -y update

Type the following command to install PHP 7.1 along with all the required dependencies.

yum -y install php71w php71w-snmp php71w-mysqli php71w-cli php71w-ldap php71w-xml php71w-session php71w-sockets php71w-pcre php71w-gd php71w-dom php71w-posix php71w-mbstring libc-client php71w-imap php71w-intl

To check if PHP is installed successfully, you can run:

php -v

You should get output similar to this.

[root@liptan-pc ~]# php -v PHP 7.1.6 (cli) (built: Jun 10 2017 07:28:42) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies

Now you will need to configure few configurations in PHP. Open the PHP configuration file, php.ini using your favourite text editor. In this tutorial, we will be using nano editor. If you do not have nano installed, you can run yum -y install nano.

nano /etc/php.ini

Find the following line and Uncomment the line and set the timezone according to your region. For example:

[Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = Asia/Dhaka

Step 3 - Installing MariaDB

MariaDB is a fork of MySQL database. To install MariaDB on your server, run:

yum -y install mariadb mariadb-server

Run the following commands to start MariaDB and enable it to start at boot time.

systemctl start mariadb

systemctl enable mariadb

Now run the following commands to secure your MariaDB installation.

mysql_secure_installation

The above command will run a script to secure fresh MariaDB installation. The script will ask for the existing root user password, we have just installed MariaDB, the root password is not set, just press enter to proceed further.

The script will ask you if you want to set a root password for your MariaDB installation, choose y and set a strong password for the installation. Most of the questions are self-explanatory and you should answer yes or y to all the questions. The output will look like shown below.

To create a database we will need to login to MySQL command line first. Run the following command for same.

mysql -u root -p

The above command will login to MySQL shell of the root user, it will prompt for the password of the root user. Provide the password to login. Now run the following query to create a new database for your Cacti installation.

CREATE DATABASE cacti_data;

The above query will create a new database named cacti_data. You can use any other name for your database if you want. Make sure that you use semicolon at the end of each query as the query always ends with a semicolon.

Once the database is created you can create a new user and grant all the permissions to the user for the database. To create a new database user, run the following query.

CREATE USER 'cacti_user'@'localhost' IDENTIFIED BY 'StrongPassword';

The above query will create a user with username cacti_user. You can use any username you prefer instead of cacti_user. Replace StrongPassword with a very strong password. Now provide the all the privileges to your database user over the database you have created. Run the following command.

GRANT ALL PRIVILEGES ON cacti_data.* TO 'cacti_user'@'localhost';

Now run the following command to immediately apply the changes on the database privileges.

FLUSH PRIVILEGES;

Exit from MySQL prompt using the following command.

EXIT;

You will also need to populate the time zone table. Run the following command to populate the timezone tables.

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

Provide the MySQL root password to proceed. Once the tables are populated, you will need to provide select access to Cacti user account over the tables. Login to MySQL prompt again using:

mysql -u root -p

Now run the following query.

GRANT SELECT ON mysql.time_zone_name TO 'cacti_user'@'localhost';

FLUSH PRIVILEGES;

The above query will SELECT give access to cacti_user on

Step 4 - Installing and Configuring Cacti

Cacti require few more dependencies, run the following command to install them.

yum -y install net-snmp rrdtool net-snmp-utils

As we have all the dependencies ready, we can now download the install package from Cacti website.

cd /var/www/html

wget http://www.cacti.net/downloads/cacti-1.1.12.tar.gz

You can always find the link to the latest version of the application on Cacti download page. Extract the archive using the following command.

tar xzvf cacti*.tar.gz

Rename your Cacti folder using:

mv cacti-1*/ cacti/

Now import the Cacti database by running the following command.

cd /var/www/html/cacti

mysql cacti_data < cacti.sql -u root -p

The above command will import the cacti.sql database into cacti_data using the user root. It will also ask you the password of root user before importing the database.

Now edit Cacti configuration by running the following command.

nano /var/www/html/cacti/include/config.php

Now find the following lines and edit them according to your MySQL database credentials.

Step 5 - Configure Permissions and Firewall

Now you will need to provide the ownership of the application to web server user using the following command.

chown -R apache:apache /var/www/html/cacti

You may also need to allow HTTP traffic on port 80 through the firewall if you are running one. Run the following commands for same.

firewall-cmd --zone=public --permanent --add-service=http

firewall-cmd --reload

Now you will need to disable your SELinux because Proxy configuration does not work with SELinux policies. To temporary disable SELinux without restarting the server, run the following command.

setenforce 0

To completely disable the SELinux you will need to edit /etc/selinux/config file.

nano /etc/selinux/config

Find the following line:

SELINUX=enforcing

Change it to:

SELINUX=disabled

Now complete the installation using a web browser, go to the following link using your favourite web browser.

http://Your_Server_IP/cacti

You will see the following page.

Accept the license agreement to proceed further.

In next interface you will see the pre-installation, all the required dependencies are met.

Proceed to next interface.

In installation type, choose New Primary Server and proceed next.

In next interface, you will need to provide the locations to the binaries. Path to RRDTool and PHP binaries are correct. For all other binaries, provide the path /usr/bin/binary_name. For example, for snapwalk binary, the path is /usr/bin/snmpwalk.

In next interface, you will see that the server has write access to all the required folders.

In template setup, choose Local Linux Machine and click Finish.

You will be taken to the login page. Login using username admin and password admin, you will be taken to dashboard.

Installation of Cacti is now finished, you can use the application to moniter your server using interactive graphs.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Step 1 – Prerequisites

First we need to install some of the software packages needed for Cacti to run properly. Software which is not included or enabled in the base CentOS 6 installation are:

• • rrdtool

  • apache

  • mysql

  • cron

  • gcc

Let’s use yum to get these installed.

Centos 6: yum -y install mysql-server php php-cli php-mysql net-snmp-utils rrdtool \   php-snmp gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unix wget help2man  Centos 7: yum -y install mariadb-server php php-cli php-mysql net-snmp-utils rrdtool \   php-snmp gcc mariadb-devel net-snmp-devel autoconf automake libtool dos2unix wget help2man

gcc and the devel packages are required for the installation of spine, hence that’s why we include it here.

Now let’s make sure that our webserver and the database are automatically starting up after a reboot. Use the following commands to enable these:

CentOS 6: chkconfig httpd on chkconfig mysqld on  CentOS 7: systemctl enable httpd.service systemctl enable mariadb.service

Now that we did make sure that these services start after a reboot, let’s start them manually now in order to continue the installation. Cron may already be running so don’t panic if you don’t see the usual start message:

CentOS 6: service httpd restart service mariadb restart  CentOS 7: systemctl restart httpd.service systemctl restart mariadb.service

Step 2 – Cacti Files

Let’s now move to the actualy installation of Cacti. First we need to download and extract it. As of version 0.8.8, a fully patched Cacti including the Plugin Architecture (PIA) is officially available, so we’re downloading that one:

cd /var/www/html wget http://www.cacti.net/downloads/cacti-0.8.8h.tar.gz tar -xzvf cacti-0.8.8h.tar.gz

I usually suggest to create a symbolic link to the newly created directory “cacti-0.8.8h”. This will make upgrades to never Cacti versions easier:

ln -s cacti-0.8.8h cacti

Step 3 – Cron and file permissions

Cacti uses cron (scheduled task) in order to execute its polling process.  It’s always a good idea to run this under a special user. Let’s create the system “cacti” user now:

adduser -d /var/www/html/cacti -s /sbin/nologin cacti

Having done that, we can now  add a new cron entry to your system for a 5 minute polling interval using the following command:

echo "*/5 * * * * cacti php /var/www/html/cacti/poller.php &>/dev/null" >> /etc/cron.d/cacti

Finally, we also need to make sure that the permissions on the log and rra directories are set correctly:

cd /var/www/html/cacti chown -R cacti.apache rra log   chmod 775 rra log

Step 4 – Cacti Database

Now that we have extracted the cacti files, we can move on preparing the database for the final installation step. Your first step should be securing the mysql database. The following command will help you with this task on a CentOS system. Make sure to select a strong password for root, e.g. MyN3wpassw0rd

/usr/bin/mysql_secure_installation

Let’s create a new database and assign a special user to it:

mysqladmin -u root -p create cacti mysql -p cacti < /var/www/html/cacti/cacti.sql mysql -u root -p

With the last command, you should be seing a mysql prompt where you can enter mysql commands. Here we are going to create the special cacti user. That user only needs to be able to connect from the local system and should have a strong password as well. Enter the following commands and make sure to replace the password:

GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'MyV3ryStr0ngPassword'; flush privileges; exit

We now have the cacti files and the cacti database setup. The last step before moving to the web-based installer is setting the database credentials within the Cacti config file:

cd /var/www/html/cacti/include/ vi config.php

Change the $database_ lines to fit your new settings:

$database_type = "mysql"; $database_default = "cacti"; $database_hostname = "localhost"; $database_username = "cactiuser"; $database_password = "MyV3ryStr0ngPassword"; $database_port = "3306"; $database_ssl = false;

Depending on your installation, you should also uncomment the following line. In our example we have to make sure the following line is there:

$url_path = "/cacti/";

Step 5 – Adding firewall rules

The following settings will add access rules to http and https from outside:

Centos 7: firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --reload

Step 6 – Important PHP Settings

The default PHP installation usually has not configured the correct timezone or php error reporting. While not required to run Cacti, it’s highly recommended to enable error reporting to syslog for troubleshooting issues with plugins or other scripts.

The following lines need to be enabled/configued in your /etc/php.ini file:

; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = Europe/Berlin

and

; Log errors to syslog (Event Log on NT, not valid in Windows 95). error_log = syslog

Step 7 – Running the Web-based installer

Let’s move on to the web-based installer.

Login with admin/admin and you’re ready to go !

###### -----------------------------