360 likes | 1.48k Views
CACTI ( 第一天課程 ). Cacti 介紹 Cacti 安裝 Cacti EZ (Centos 英文 / 簡體 ) ( OS Centos 6 ; 0.8.7g ; PA-2.8 ) Syslog-ng Cacti ( Linux Distributions ) 10.4 版 ( OS Ubuntu 10.4 ;0.8.7g;PA-2.9) Rsyslog 安裝 [HOWTO] Installation Guide | Ubuntu 11.04 | Cacti | Nagios
E N D
CACTI (第一天課程) • Cacti 介紹 • Cacti 安裝 • Cacti EZ(Centos 英文/簡體) • ( OS Centos 6 ; 0.8.7g ; PA-2.8 ) Syslog-ng • Cacti ( Linux Distributions ) 10.4 版 • ( OS Ubuntu 10.4 ;0.8.7g;PA-2.9) Rsyslog 安裝 • [HOWTO] Installation Guide | Ubuntu 11.04 | Cacti | Nagios • http://richardkok.wordpress.com/2010/10/14/install-and-configure-cacti-v0-8-7g-on-ubuntu-v10-04-1-step-by-step/ • Cacti ( Windows ) • (OS Windows 2008R2/ Window7;0.8.7g;PA2-8) http://forums.cacti.net/viewtopic. php?t=14946 • 建立 Device / RRD • 建立管理者與使用者 • 網路設備管理 • Graph / Tree • Flow / Mac track / Router Backup / WeatherMap / Syslog
CACTI (第二天課程) • Network 管理 • UNIX 管理 • SNMP • SSH Trust • WINDOWS 管理 • SNMP • WMI • POWERSHELL • Cacti 升級/備份管理
Cacti 介紹 • Cacti 介紹 • What is Cacti ? • An Open Source • Performance Measurement Tool & Graphing Application • Web-base RRD frontend Management • Graphing &User Right Management information in MySQL • SNMP/ Script or Command Support Cacti uses a cron/at-based poller to gather data from different sources, Round Robin Database (RRD) files to store the polled data, and a MySQL database to store the systems configuration. The primary user interface is a PHP web application that allows for easy management of all aspects of the system, as well as automatic display mechanisms for viewing the graphs. RRD SNMP WMI Script / Command Devices RRD
Cacti 安裝(一) Cacti 安裝 (一) • Prerequisite基本環境需求 • OS / WEB SERVER / PHP / MYSQL / NET-SNMP / RRD-TOOL • Web SERVER 目錄調整 (DocumentRoot ->?) • /etc/apache2/sites-available/default Ubuntu( vi /etc/httpd/conf/httpd.conf ) • /var/www/cacti/include/config.php $url_path = "/"; $url_path = "/cacti/“; • MYSQL (3個帳號/2個密碼) • MySQLCactiUser="_cactiuser“ • MySQLCactiPwd="_cactipassw" • SystemCactiUser="usercacti" • MySQLRootPwd="dbadmin" • mysqlcheck -a -c -o -r --all-databases #進行 db 分析/檢查/最佳化/修復 • /usr/bin/mysql_secure_installation #change password • Spine (Option) • yum install gcc libtool (mysql-devel net-snmp-devel autoconf automake libtool)
Cacti 安裝(二) Cacti 安裝 (二) • CactiEZ 簡體安裝 Network / Hostname / NTP / DNS / php.ini / Change password • Ubuntu 安裝 • Network / Hostname / NTP / DNS / php.ini / Change root password • http://forums.cacti.net/viewtopic.php?f=6&t=38633 (主程式+外掛+spine) • http://forums.cacti.net/viewtopic.php?f=14&t=41514 (syslog) • http://blog.jsdan.com/2675 (微軟yahei 字型) • http://blog.happinesskt.idv.tw/2008/05/119 (RRD 圖中文) • Windows 安裝 • http://forums.cacti.net/viewtopic.php?t=14946下載 Windows Installer • IIS & IIS CGI install 開始->控制台->程式集->開啟或關閉windows 功能->WEB 管理工具(IIS管理主制台)+World Wide Web服務(CGI)打勾 • Spine 升級要安裝 cygwin http://www.cacti.net/spine_install_wincyg.php *補充 ubuntu 的 /lib/init 相當於其它 distribution os 的 /etc/rc.d/init.d *補充 Remote DB (config.php . spine.conf )
CactiEZ 簡體安裝 CactiEZ 簡體安裝 • password (預設 root / CactiEZ) • vi /etc/sysconfig/network-scripts/ifcfg-eth0 • service network restart • vi /etc/reslov.conf • vi /etc/ntpd.conf server time.stdtime.gov.tw • service ntpd restart • ntpdate -u ntpdate -u time.stdtime.gov.tw • http://w.x.y.z
Cacti Ubuntu 10.04 安裝 Cacti Ubuntu 10.04 安裝(1‧2) 系統設定 • sudo passwd root ( 用 root 登入) • vi /etc/network/interfaces • vi /etc/resolv.conf nameserver 10.1.1.1 • sudo apt-get update • apt-get install ntp chkconfig -y • vi /etc/ntp.conf server 10.1.1.2 • ntpdate -u 10.220.8.100 • vi /etc/php5/apache2/php.ini (find / -name php.ini) 安裝主程式0.8.7g-spine0.8.7g-PA 2.9 • cd ~ • wget http://forums.cacti.net/download/file.php?id=22710 -O cacti_autoinstall_v0.40c.sh • wget http://forums.cacti.net/download/file.php?id=22711 -O README_CAIS_v0.40c.txt • cat ./README_CAIS_v0.40c.txt • chmod a+x cacti_autoinstall_v0.40c.sh • vi cacti_autoinstall_v0.40c.sh echo "*/1 * * * * $SystemCactiUser php /var/www/cacti/poller.php >/dev/null 2>&1" > /etc/cron.d/cacti iface eth0 inet static address 10.1.1.1 netmask 255.255.255.0 network 10.1.1.0 broadcast 10.1.1.255 gateway 10.1.1.254 ifconfig eth0 192.168.0.1 netmask 255.255.255.0 route add default gw 192.168.0.254
Cacti Ubuntu 10.04 安裝 Cacti Ubuntu 10.04 安裝(3) 安裝 syslog • mkdir -p /home/update • cd /home/update • wget http://docs.cacti.net/_media/plugin:syslog-v1.21-1.tgz • mv plugin\:syslog-v1.21-1.tgz aaa.tgz • tar zxvf aaa.tgz • mv syslog /var/www/cacti/plugins • cd /var/www/cacti/plugins/syslog • mysql -uroot -pdbadmin syslog < syslog.sql • mysql -uroot -pdbadmin Mysql> GRANT ALL PRIVILEGES ON syslog.* TO _cactiuser@localhost IDENTIFIED BY '_cactipassw' ; Mysql> flush privileges; • apt-get install rsyslog rsyslog-mysql • vi /etc/rsyslog.conf 1- $ModLoad ommysql 2- $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timer eported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL 3- *.* >localhost,syslog,_cactiuser,_cactipassw;cacti_syslog reboot • mysql -uroot -pdbadmin • use syslog; • show tables; • 5項
Cacti Ubuntu 10.04 安裝 Cacti Ubuntu 10.04 安裝(4‧5) 安裝微軟yahei 字型 • apt-get install lynx-cur* • lynx http://www.box.net/shared/6rfdpirpku • sudo mkdir /usr/share/fonts/yahei • sudo mv msyh.ttf /usr/share/fonts/yahei • sudo chmod 755 /usr/share/fonts/yahei -R • sudo mkfontscale • sudo mkfontdir • sudo fc-cache -fv 網頁設定 /usr/share/fonts/yahei/msyh.ttf • root@ubuntu:~# fc-list • vi /var/www/cacti/lib/functions.php <?php setlocale(LC_CTYPE, "zh_TW.UTF-8"); 設定 DB / WEB SERVER 繁體 • mysql -uroot -pdbadmin mysql> ALTER DATABASE `cacti` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> Exit;
Cacti Windows 安裝 Cacti Windows 安裝(1) Web: admin / cactipw DB: root / cacti
Cacti Windows 安裝 Cacti Windows 安裝(2) 啟動資料庫 開啟 browser
SNMP (Simple Network Management Protocol) SNMP Protocol (一) • SNMP stores information in a virtual database called a Management Information Base (MIB). The database is hierarchical (tree-structured) and entries are addressed through object identifiers (OID). The following SNMP table output shows this structure: • .1.3.6.1.2.1.25.3.8.1.1.1 = INTEGER: 1 • .1.3.6.1.2.1.25.3.8.1.1.2 = INTEGER: 2 SNMPv1 - does not have any encryption and only uses a community string to identify the management station, and even then it is transmitted in clear text. As a result, SNMPv1 is a very insecure protocol because SetRequests can be used to reconfigure network equipment if improperly configured. SNMPv2(c) - addresses some of the shortcomings of the SNMPv1 protocol by introducing two new protocol data units: GetBulkRequests and InformRequest. SNMPv3 - does not add new operations or enhancements to the MIB, but addresses the security problems of SNMPv1 and SNMPv2c. It can be seen as SNMPv2c plus additional security, as it allows message encryption and strong authentication of senders.
SNMP (Simple Network Management Protocol) SNMP Protocol (二) • Standardized • Universally supported • Extendible • Portable • allows distributed management access • lightweight protocol • 只是利用 SNMP or Ping 確認主機是否 HostDown (存活) • Source IP Destination IP Flows Bytes Packets 10.0.2.3 10.200.50.41 1437 71.62 KB 143810.200.50.41 10.0.2.3 2874 143.54 KB 2882 • -> 24小時使用 上/下載 流量 71.62/143.54 KB • 說明: -> 單一主機監控 24個項目 Source IP Destination IP Flows Bytes Packets 10.0.2.51 10. 200.50.41 16658 3.46 MB 41090 10.200.50.41 10.0.2.51 33398 6.17 MB 82334 -> 24小時使用 上/下載 流量 3.46/6.17 MByte -> 每小時約 144/257 Kbyte • 說明: -> 單一主機監控 3個項目 • Source IP Destination IP Flows Bytes Packets ath09.unix 10.200.50.41 2874 665.39 KB 4598 10.200.50.41 ath09.unix 5756 742.57 KB 9210 • -> 24小時使用 上/下載 流量 665.39/742.57 KB
RRD / RRA (一) RRD-Create • RRD 資料庫 • The Round Robin Database • RRD files store data in a fixed size file • Using a First In, First Out (FIFO) methodology • Different Round Robin Archives (RRA) are defined within a single RRD file. • These RRAs usually consist of daily, weekly, monthly, and yearly archives rrdtool create test.rrd --step 300 \ DS:data:GAUGE:600:U:U \ RRA:AVERAGE:0.5:1:16 \ RRA:AVERAGE:0.5:4:16 \ RRA:AVERAGE:0.5:12:16
RRD-補充(二) RRD / RRA (二) rrdtool graph data1.png \ --title "Interface Speed" \ --start 1318216831 \ --end 1318260031 \ --vertical-label bps \ DEF:intspeed=data1.rrd:data:AVERAGE \ CDEF:isGreen=intspeed,0,50,LIMIT \ HRULE:50#C0C0C0FF:"Threshold ( 50 )\n" \ AREA:intspeed#FF0000:"Over Threshold\n" \ AREA:isGreen#00FF00:"Interface eth0" \ GPRINT:intspeed:LAST:"Current\:%8.0lf" \ GPRINT:intspeed:AVERAGE:"Average\:%8.0lf" \ GPRINT:intspeed:MAX:"Maximum\:%8.0lf\n"
Monitor Traffic(一)Add Device • Cisco Router / Switch Configuration • C3750(config)#snmp-server community 1234 ro • root@ubuntu:~# snmpwalk -c ytmisrt -v2c 10.227.130.254 • Console->Devices • Add / Delete / Disable / Modify / Tree • (Availability / Reach ability Options) • Console->Settings->Poller->Host Up/Down Settings • Console->Settings->Poller->Host Availability Settings • (SNMP Options) • Console ->Settings->SNMP Defaults • Console ->Host Templates • Associated Data Queries+Associated Graph Templates • Create Graphs for this Host • Data Source (RRD-Raw Data Management) • Graphs (Graph Management ) • Add a Tree • Sub Tree • Management / User Right / Relation
Monitor Traffic(二)Data Input • Data Input Method • Simple Data Input (SNMP) • SNMP Data Input Method • Script / Command Data Input Method • Associated Data Queries 定義 • None • Uptime Goes Backwards • Index Count Changed • Verify All Fields
Monitor Traffic(三)Import Module • Template (官網) • Other / Custom • http://forums.cacti.net • Scripts and Templates • Import template / Export template • Graph Template / Data Template / Data Query • Old -> New (ex: 0.8.7e->0.8.7g ) OK • Delete Template …要小心 • 調整圖形模組 • Add Description • <
Monitor Traffic(四)CDEF CDEF(Status) +THOLD CDEF (Status) Graph
Monitor Traffic(四)CDEF(補) http://forums.cacti.net/viewtopic.php?f=5&t=43923&hilit=CDEF+color+change http://forums.cacti.net/viewtopic.php?f=12&t=31669 • Eq 等於 • Ne 不等於 • Lt 小於 • Gt 大於 • Le 小於或等於 • Ge 大於或等於 CDEF=a,1,LE,a,UNKN,IF,1,+ 表示 if a<=1 -> a=a+1 or unknow 因此要拿掉 ,1,+ , 這是 up 的 CDEF=a,1,GT,a,UNKN,IF,1,+ 表示 if a<=1 -> a=a+1 or unknow 因此要拿掉 ,1,+ , 這是 up 的
Monitor Traffic(五)THOLD • Threshold 設定 • Console -> Threshold • Console -> Data Sources • Graph • Thold • Threshold Template • 單一類型可以多個 Range • 有關連性。一旦移除->無法回復 • 可以套用給 Device / DS / Graph
Monitor Traffic(六)Mail Relay • Console -> Settings-> Mail/DNS • PHP Mail() Function • vi /etc/php.ini • install sendmail • SMTP • 發送測試信件
Monitor Traffic(七)WeatherMap vi /etc/apache2/httpd.conf 全部# <Directory /var/www/cacti/plugins/weathermap> # 全部# </Directory> chown usercacti:www-data <cacti>/plugins/weathermap chmod 770 <cacti>/plugins/weathermap/config
User Management USER Management • Console->User Management • Add ( copy & batch copy ) (Shell) • User Right • Monitor Graph • Delete • Modify (Change passed…) Local LDAP & Web Server … • Console-> System Utilities->View User Log • Superlink
Monitor(1.2) • Host Down 訊息通知 • Console -> Settings -> Misc • 可以發出聲音(也可以換聲音) • 可以換顯示方式 • 可以點選主機 • Monitor / Disable 不同
syslog-(1.21) Flow(1.1) • 至官網下載 flowview 1.0 • http://docs.cacti.net/plugin:flowview放在 /cacti/plugins • mysql cacti < flowview.sql • chown -R usercacti:www-data flowview/* • 網頁啟動 • 檢查與設定檔案存放資料夾 : Console -> Settings ->Paths • Default -> /var/netflow/flows/completed/
Flowview 1.0 Flow(1.1) 網頁 Flows->Listeners 主機安裝 flow-tools (apt-get install flow-tool*) 主機設定 /usr/bin/flow-capture -w /var/netflow/flows/completed/C2821 0/0/2821 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1 /usr/bin/flow-capture -w /var/netflow/flows/completed/C7206 0/0/7206 -S5 -V5 -z 9 -n 1439 -e 43200 -N -1 加入主機 /etc/rc.local 開機自動啟動 檢查 flow 資料是否進入?/var/netflow/flows/…. 網頁管理/設定-bug (10/14)
Flowview 1.0 Flow(1.2) Router Command----------------------------- (config)# ip flow-cache timeout active 5 (config)# ip flow-export source (config)# GigabitEthernet0/1 (config)# ip flow-export version 5 (config)# ip flow-export destination IP Port (config)# ip flow-top-talkers (config)# top 50 (config)# sort-by bytes 介面----------------------------------------------- (config-if)# ip flow ingress (config-if)# ip flow egress OR (config-if)# ip route-cache flow 指令----------------------------------------------- #sh ip flow-top-talker
Flow(1.2) /usr/bin/flow-cat -t "10/24/2011 09:16:28" -T "10/25/2011 09:16:28" /var/netflow/flows/completed/C3845 /var/netflow/flows/completed/C3845 | /usr/bin/flow-nfilter -f /tmp/1234 -FFlowViewer_filter | /usr/bin/flow-stat -f8 -S2 |head -n 1000 >> flow03.txt
Cacti 官網介紹 Other Plugins Mactrack http://10.216.7.11 php mactrack_scanner.php -f -d Aggregate http://10.220.8.222 Cycle http://10.216.7.13/cacti Syslog http://10.220.8.221 Clog http://10.216.7.13/cacti WeatherMap http://10.220.8.222 RouterConfig http://10.216.7.13/cacti http://www.linuxidc.com/Linux/2010-08/27921.htm Superlink http://10.216.7.13/cacti Discovery http://10.216.7.11
Cacti 官網介紹 Cacti 官網介紹 Cacti website The main Cacti website provides the latest patches as well as lots of other useful information at: http://www.cacti.net Download Spine & PA & & … / Document / Forum Spine Spine is a high performance poller which, by far, exceeds the performance of the original cmd.php. You can find the latest spine version at: http://www.cacti.net/spine_download.php Cacti bug reporting If you find a bug in Cacti, and the community in the forums can confirm it, you should post a bug ticket in their tracker at: http://bugs.cacti.net/ Cacti Users' site The Cacti Users' site provides some additional plugins, as well as the CactiEZ ISO images. http://www.cactiusers.org/
Cacti 目錄說明 Cli -> reindex / useadd / repair db Docs -> http://IP/docs/html/ Image->logo Include->config.php Install Lib Log Resource RRA Scripts 1. vi /etc/logrotate.d/cactilog 2. Insert the following code: /var/www/cacti/log/cacti.log { daily rotate 7 copytruncate compress notifempty missingok } logrotate /etc/logrotate.conf -v
Cacti 備份 Backup mkdir –p /home/backup/cacti vi /var/www/cacti/backup.sh #!/bin/sh PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH day=`date +%Y-%m-%d` mysqldump -l --add-drop-table cacti > /home/backup/Cacti/mysql.cacti."$day" mysqldump -l --add-drop-table syslog > /home/backup/Cacti/mysql.syslog."$day" tar -jcvf /home/backup/Cacti/html."$day".tar.bz2 --exclude=/var/www/html/rra* --exclude=/var/www/html/log* /var/www/html cp /var/spool/cron/root /home/backup/Cacti/root."$day“ find /home/backup/Cacti/* -type f -mtime +15 -exec rm -fr {} \; > /dev/null 2>&1