Cacti
Install Cacti on CentOS 6/7
install PHP 7.1 along with all the required dependencies.
# yum -y install httpd*
systemctl start httpd
systemctl enable httpd
# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# yum -y update
# yum remove php-common
yum -y install php56w-snmp
yum -y install php56w-ldap
yum -y install php56w-imap
yum -y install libc-client
# yum -y install php71w php71w-snmp php71w-mysqli php71w-cli php71w-ldap php71w-xml php71w-session php71w-sockets php71w-pcre php71w-gd php71w-dom php71w-posix php71w-mbstring libc-client php71w-imap php71w-intl php-ldap php-devel php-imap php-intl
# php -v
# vi /etc/php.ini
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Asia/Dhaka
# yum --enablerepo=epel -y install cacti net-snmp net-snmp-utils php-mysql php-snmp net-snmp-libs rrdtool
# yum install nano httpd httpd-devel mariadb-server php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli –y
------------------
systemctl start httpd.service
systemctl start snmpd.service
systemctl start mariadb.service
systemctl enable httpd.service
systemctl enable snmpd.service
systemctl enable mariadb.service
systemctl restart httpd.service
systemctl restart snmpd.service
systemctl restart mariadb.service
Setup MySQL database and User Accounts
First, set the MySQL root password:
mysql_secure_installation
# mysqladmin -u root password YOUR_PASSWORD
# mysql -u root -p
MariaDB> CREATE DATABASE cactidb;
MariaDB> CREATE USER 'cactiuser'@'localhost' IDENTIFIED BY 'cactipassword';
MariaDB> GRANT ALL PRIVILEGES ON cactidb.* TO 'cactiuser'@'localhost';
MariaDB> FLUSH PRIVILEGES;
MariaDB> exit
Time Zone
# yum -y install tzdata
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/UTC /etc/localtime
# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
# mysql -u root -p
MariaDB> GRANT SELECT ON mysql.time_zone_name TO 'cactiuser'@'localhost';
MariaDB> FLUSH PRIVILEGES;
MariaDB> exit
## tuning Maria DB configurations (the syntax is just like mysql, so it is quite easy)
/etc/my.cnf.d/client.cnf
[client]
default-character-set=utf8
install cacti:
yum -y install epel-release
yum -y install cacti
Cacti ships with a cacti.sql database dump that should be imported into MySQL. We need to find where it was stored in order to perform the import.
# rpm -ql cacti|grep cacti.sql
/usr/share/doc/cacti-1.1.10/cacti.sql
Import tables to cacti database:
# mysql -u cactiuser -p cactidb < /usr/share/doc/cacti-*/cacti.sql
OR
# mysql -u cactiuser -p cactidb < /usr/share/doc/cacti-1.1.10/cacti.sql
Enter password:
Cacti needs to know how to connect to the database. We must add the database name and credentials to its database configuration file.
# vi /etc/cacti/db.php
[...]
database_default = "cactidb";
database_hostname = "localhost";
database_username = "cactiuser";
database_password = "cactipassword"; #[ My SQL cactiDB passwd ]
[...]
-----------------------------------------------------------
vim /etc/cacti/db.php
$database_type = "mysql";
$database_default = "cactidb";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "password";
$database_port = "3306";
$database_ssl = false;
Open http port in firewall
Open an http port in firewall:
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --reload
Apache must be accessible from the network so we can view Cacti’s statistics. Edit /etc/httpd/conf.d/cacti.conf.
# vi /etc/httpd/conf.d/cacti.conf
Change these two lines:
<Directory /usr/share/cacti/>
<IfModule mod_authz_core.c>
# httpd 2.4
Require host localhost <---- This one
</IfModule>
<IfModule !mod_authz_core.c>
# httpd 2.2
Order deny,allow
Deny from all
Allow from localhost <---- This one
</IfModule>
</Directory>
TO
<Directory /usr/share/cacti/>
<IfModule mod_authz_core.c>
# httpd 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# httpd 2.2
Order deny,allow
Deny from all
Allow from all
</IfModule>
</Directory>
Restart Apache so it picks up the configuration changes we’ve just made.
systemctl restart httpd.service
There is a crontab entry for Cacti that must be activated in order for it to create its graphs. Uncomment the line in /etc/cron.d/cacti.
vi /etc/cron.d/cacti
#*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
TO
*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
In order for Cacti to log its results, we’ll need to create an empty cacti.log.
mkdir -p /var/log/cacti
touch /var/log/cacti/cacti.log
systemctl restart crond.service
systemctl enable crond.service
SMNP
# yum install -y net-snmp net-snmp-utils
# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
on Centos
# vi /etc/snmp/snmpd.conf
42 #com2sec notConfigUser default public
com2sec AllUser default worldcm
47 #groupName securityModel securityName
48 group notConfigGroup v1 notConfigUser
49 group notConfigGroup v2c notConfigUser
50 group AllGroup v2c AllUser [add this line ]
58 view AllView included .1
63 #access notConfigGroup "" any noauth exact systemview none none
64 access AllGroup "" any noauth exact AllView none none
--------------------------------------------------------------
systemctl start snmpd
systemctl enable snmpd
systemctl restart snmpd
[root@~]# snmpwalk -v 2c -c worldcm -O e 127.0.0.1
#######################################################################################################
BEST
# line 41: comment out
# com2sec notConfigUser default public
# line 74,75: uncomment and change
# change "mynetwork" to your own network
# change comunity name to anyone except public, private (for security reason)
com2sec local localhost worldcm
com2sec mynetwork 192.168.0.1/24 worldcm
# line 78,79: uncomment and change
group MyRWGroup v2c local
group MyROGroup v2c mynetwork
# line 85: uncomment
view all included .1 80
# line 93,94: uncomment and change
access MyROGroup "" v2c noauth exact all none none
access MyRWGroup "" v2c noauth exact all all all
----------------------------------------------------------------
systemctl start snmpd
systemctl enable snmpd
systemctl restart snmpd
[root@~]# snmpwalk -v2c -c worldcm localhost system
# service snmpd restart
# systemctl restart snmpd.service
Install Cacti Spine poller
yum install -y gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unix help2man
wget https://www.cacti.net/downloads/spine/cacti-spine-latest.tar.gz
tar -xzvf cacti-spine-latest.tar.gz
cd cacti-spine-1.1.12/
./bootstrap
./configure
make && make install
./configure --prefix=/opt/spine
--------------------------------------------
./configure
make
make install
chown root:root /usr/local/spine/bin/spine
chmod +s /usr/local/spine/bin/spine
---------------------------------------------
Configure Spine
cp /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.conf
# vi /usr/local/spine/etc/spine.conf
DB_Host localhost
DB_Database cactidb
DB_User cactiuser
DB_Pass cactiuserPasswd
DB_Port 3306
DB_PreG 0
# chmod a+x spine
## Use spine
cd /usr/local/spine/etc/
(1) copy the "spine.conf.dist" to "spine.conf", and modify the DB related parameters inside, e.g. db name, user/pass
(2) Then in Cacti UI -> Settings -> Paths, input the spine directories, e.g.
Binary: /usr/local/spine/bin/spine
Config: /usr/local/spine/etc/spine.conf
(3) Settings -> Poller, choose spine instead of cmd.php / “spine”.
www
go to http://YOUR-IP-HERE/cacti/
User/Passwd: admin
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Install Cacti, SNMP.
# install from EPEL
[root@dlp ~]# yum --enablerepo=epel -y install cacti net-snmp net-snmp-utils php-mysql php-snmp rrdtool
[5]
Configure SNMP (Simple Network Management Protocol).
[root@dlp ~]# vi /etc/snmp/snmpd.conf
# line 41: comment out
#com2sec notConfigUser default public
# line 74,75: uncomment and change
# change "mynetwork" to your own network
# change comunity name to anyone except public, private (for security reason)
com2sec local localhostServerworld
com2sec mynetwork 10.0.0.0/24Serverworld
# line 78,79: uncomment and change
group MyRWGroup v2c local
group MyROGroup v2c mynetwork
# line 85: uncomment
view all included .1 80
# line 93,94: uncomment and change
access MyROGroup "" v2c noauth exact all none none
access MyRWGroup "" v2c noauth exact all all all
[root@dlp ~]# systemctl start snmpd
[root@dlp ~]# systemctl enable snmpd
# validation (replace "Serverworld" to the comunity name you set)
[root@dlp ~]# snmpwalk -v2c -c Serverworld localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux dlp.srv.world 3.10.0-229.4.2.el7.x86_64 #1 SMP Wed May..... SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (91954) 0:15:19.54 SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp ..... ..... SNMPv2-MIB::sysORUpTime.9 = Timeticks: (4) 0:00:00.04 SNMPv2-MIB::sysORUpTime.10 = Timeticks: (4) 0:00:00.04
[6]
Create a Database for Cacti and import tables.
[root@dlp ~]# mysql -u root -p
Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3342 Server version: 5.5.41-MariaDB MariaDB Server Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# create a "Cacti" database ( set any password for 'password' section )
MariaDB [(none)]> create database cacti;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on cacti.* to cacti@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@dlp ~]# mysql -u cacti -p cacti < /usr/share/doc/cacti-*/cacti.sql
Enter password:# cacti user's password
[7]
Configure Cacti.
[root@dlp ~]# vi /etc/cron.d/cacti
# uncomment
*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
[root@dlp ~]# vi /usr/share/cacti/include/config.php
# line 29: change to the connection info to MariaDB
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "password";
$database_port = "3306";
$database_ssl = false;
[root@dlp ~]# vi /etc/httpd/conf.d/cacti.conf
# line 17: add access permission if need
Require host localhost
Require ip 10.0.0.0/24
[root@dlp ~]# systemctl restart httpd
######################################################################
https://www.howtoforge.com/tutorial/how-to-monitor-your-centos-7-server-using-cacti/
Step 2 - Installing PHP
Cacti support all the version of PHP greater than 5.3. But in this tutorial, we will install PHP 7.1 as PHP v5.3 has reached the end of life. Installing the latest version of PHP will ensure the maximum security and performance of the application.
The default YUM repository of CentOS does not have PHP 7.1 included, hence you will need to add the Webtatic repository in your system. Webtatic repository requires EPEL repository to work. Run the following command to install EPEL repository.
yum -y install epel-release
yum -y update
Type the commands to install Webtatic repository.
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y update
Type the following command to install PHP 7.1 along with all the required dependencies.
yum -y install php71w php71w-snmp php71w-mysqli php71w-cli php71w-ldap php71w-xml php71w-session php71w-sockets php71w-pcre php71w-gd php71w-dom php71w-posix php71w-mbstring libc-client php71w-imap php71w-intl
To check if PHP is installed successfully, you can run:
php -v
You should get output similar to this.
[root@liptan-pc ~]# php -v PHP 7.1.6 (cli) (built: Jun 10 2017 07:28:42) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
Now you will need to configure few configurations in PHP. Open the PHP configuration file, php.ini using your favourite text editor. In this tutorial, we will be using nano editor. If you do not have nano installed, you can run yum -y install nano.
nano /etc/php.ini
Find the following line and Uncomment the line and set the timezone according to your region. For example:
[Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = Asia/Dhaka
Step 3 - Installing MariaDB
MariaDB is a fork of MySQL database. To install MariaDB on your server, run:
yum -y install mariadb mariadb-server
Run the following commands to start MariaDB and enable it to start at boot time.
systemctl start mariadb
systemctl enable mariadb
Now run the following commands to secure your MariaDB installation.
mysql_secure_installation
The above command will run a script to secure fresh MariaDB installation. The script will ask for the existing root user password, we have just installed MariaDB, the root password is not set, just press enter to proceed further.
The script will ask you if you want to set a root password for your MariaDB installation, choose y and set a strong password for the installation. Most of the questions are self-explanatory and you should answer yes or y to all the questions. The output will look like shown below.
To create a database we will need to login to MySQL command line first. Run the following command for same.
mysql -u root -p
The above command will login to MySQL shell of the root user, it will prompt for the password of the root user. Provide the password to login. Now run the following query to create a new database for your Cacti installation.
CREATE DATABASE cacti_data;
The above query will create a new database named cacti_data. You can use any other name for your database if you want. Make sure that you use semicolon at the end of each query as the query always ends with a semicolon.
Once the database is created you can create a new user and grant all the permissions to the user for the database. To create a new database user, run the following query.
CREATE USER 'cacti_user'@'localhost' IDENTIFIED BY 'StrongPassword';
The above query will create a user with username cacti_user. You can use any username you prefer instead of cacti_user. Replace StrongPassword with a very strong password. Now provide the all the privileges to your database user over the database you have created. Run the following command.
GRANT ALL PRIVILEGES ON cacti_data.* TO 'cacti_user'@'localhost';
Now run the following command to immediately apply the changes on the database privileges.
FLUSH PRIVILEGES;
Exit from MySQL prompt using the following command.
EXIT;
You will also need to populate the time zone table. Run the following command to populate the timezone tables.
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
Provide the MySQL root password to proceed. Once the tables are populated, you will need to provide select access to Cacti user account over the tables. Login to MySQL prompt again using:
mysql -u root -p
Now run the following query.
GRANT SELECT ON mysql.time_zone_name TO 'cacti_user'@'localhost';
FLUSH PRIVILEGES;
The above query will SELECT give access to cacti_user on
Step 4 - Installing and Configuring Cacti
Cacti require few more dependencies, run the following command to install them.
yum -y install net-snmp rrdtool net-snmp-utils
As we have all the dependencies ready, we can now download the install package from Cacti website.
cd /var/www/html
wget http://www.cacti.net/downloads/cacti-1.1.12.tar.gz
You can always find the link to the latest version of the application on Cacti download page. Extract the archive using the following command.
tar xzvf cacti*.tar.gz
Rename your Cacti folder using:
mv cacti-1*/ cacti/
Now import the Cacti database by running the following command.
cd /var/www/html/cacti
mysql cacti_data < cacti.sql -u root -p
The above command will import the cacti.sql database into cacti_data using the user root. It will also ask you the password of root user before importing the database.
Now edit Cacti configuration by running the following command.
nano /var/www/html/cacti/include/config.php
Now find the following lines and edit them according to your MySQL database credentials.
/* make sure these values reflect your actual database/host/user/password */ $database_type = 'mysql'; $database_default = 'cacti_data'; $database_hostname = 'localhost'; $database_username = 'cacti_user'; $database_password = 'StrongPassword'; $database_port = '3306'; $database_ssl = false;
Step 5 - Configure Permissions and Firewall
Now you will need to provide the ownership of the application to web server user using the following command.
chown -R apache:apache /var/www/html/cacti
You may also need to allow HTTP traffic on port 80 through the firewall if you are running one. Run the following commands for same.
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
Now you will need to disable your SELinux because Proxy configuration does not work with SELinux policies. To temporary disable SELinux without restarting the server, run the following command.
setenforce 0
To completely disable the SELinux you will need to edit /etc/selinux/config file.
nano /etc/selinux/config
Find the following line:
SELINUX=enforcing
Change it to:
SELINUX=disabled
Now complete the installation using a web browser, go to the following link using your favourite web browser.
http://Your_Server_IP/cacti
You will see the following page.
Accept the license agreement to proceed further.
In next interface you will see the pre-installation, all the required dependencies are met.
Proceed to next interface.
In installation type, choose New Primary Server and proceed next.
In next interface, you will need to provide the locations to the binaries. Path to RRDTool and PHP binaries are correct. For all other binaries, provide the path /usr/bin/binary_name. For example, for snapwalk binary, the path is /usr/bin/snmpwalk.
In next interface, you will see that the server has write access to all the required folders.
In template setup, choose Local Linux Machine and click Finish.
You will be taken to the login page. Login using username admin and password admin, you will be taken to dashboard.
Installation of Cacti is now finished, you can use the application to moniter your server using interactive graphs.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Step 1 – Prerequisites
First we need to install some of the software packages needed for Cacti to run properly. Software which is not included or enabled in the base CentOS 6 installation are:
rrdtool
apache
mysql
cron
gcc
Let’s use yum to get these installed.
Centos 6: yum -y install mysql-server php php-cli php-mysql net-snmp-utils rrdtool \ php-snmp gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unix wget help2man Centos 7: yum -y install mariadb-server php php-cli php-mysql net-snmp-utils rrdtool \ php-snmp gcc mariadb-devel net-snmp-devel autoconf automake libtool dos2unix wget help2man
gcc and the devel packages are required for the installation of spine, hence that’s why we include it here.
Now let’s make sure that our webserver and the database are automatically starting up after a reboot. Use the following commands to enable these:
CentOS 6: chkconfig httpd on chkconfig mysqld on CentOS 7: systemctl enable httpd.service systemctl enable mariadb.service
Now that we did make sure that these services start after a reboot, let’s start them manually now in order to continue the installation. Cron may already be running so don’t panic if you don’t see the usual start message:
CentOS 6: service httpd restart service mariadb restart CentOS 7: systemctl restart httpd.service systemctl restart mariadb.service
Step 2 – Cacti Files
Let’s now move to the actualy installation of Cacti. First we need to download and extract it. As of version 0.8.8, a fully patched Cacti including the Plugin Architecture (PIA) is officially available, so we’re downloading that one:
cd /var/www/html wget http://www.cacti.net/downloads/cacti-0.8.8h.tar.gz tar -xzvf cacti-0.8.8h.tar.gz
I usually suggest to create a symbolic link to the newly created directory “cacti-0.8.8h”. This will make upgrades to never Cacti versions easier:
ln -s cacti-0.8.8h cacti
Step 3 – Cron and file permissions
Cacti uses cron (scheduled task) in order to execute its polling process. It’s always a good idea to run this under a special user. Let’s create the system “cacti” user now:
adduser -d /var/www/html/cacti -s /sbin/nologin cacti
Having done that, we can now add a new cron entry to your system for a 5 minute polling interval using the following command:
echo "*/5 * * * * cacti php /var/www/html/cacti/poller.php &>/dev/null" >> /etc/cron.d/cacti
Finally, we also need to make sure that the permissions on the log and rra directories are set correctly:
cd /var/www/html/cacti chown -R cacti.apache rra log chmod 775 rra log
Step 4 – Cacti Database
Now that we have extracted the cacti files, we can move on preparing the database for the final installation step. Your first step should be securing the mysql database. The following command will help you with this task on a CentOS system. Make sure to select a strong password for root, e.g. MyN3wpassw0rd
/usr/bin/mysql_secure_installation
Let’s create a new database and assign a special user to it:
mysqladmin -u root -p create cacti mysql -p cacti < /var/www/html/cacti/cacti.sql mysql -u root -p
With the last command, you should be seing a mysql prompt where you can enter mysql commands. Here we are going to create the special cacti user. That user only needs to be able to connect from the local system and should have a strong password as well. Enter the following commands and make sure to replace the password:
GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'MyV3ryStr0ngPassword'; flush privileges; exit
We now have the cacti files and the cacti database setup. The last step before moving to the web-based installer is setting the database credentials within the Cacti config file:
cd /var/www/html/cacti/include/ vi config.php
Change the $database_ lines to fit your new settings:
$database_type = "mysql"; $database_default = "cacti"; $database_hostname = "localhost"; $database_username = "cactiuser"; $database_password = "MyV3ryStr0ngPassword"; $database_port = "3306"; $database_ssl = false;
Depending on your installation, you should also uncomment the following line. In our example we have to make sure the following line is there:
$url_path = "/cacti/";
Step 5 – Adding firewall rules
The following settings will add access rules to http and https from outside:
Centos 7: firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --reload
Step 6 – Important PHP Settings
The default PHP installation usually has not configured the correct timezone or php error reporting. While not required to run Cacti, it’s highly recommended to enable error reporting to syslog for troubleshooting issues with plugins or other scripts.
The following lines need to be enabled/configued in your /etc/php.ini file:
; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = Europe/Berlin
and
; Log errors to syslog (Event Log on NT, not valid in Windows 95). error_log = syslog
Step 7 – Running the Web-based installer
Let’s move on to the web-based installer.
Login with admin/admin and you’re ready to go !
###### -----------------------------