Cacti Network Monitoring

apt update
apt upgrade

timedatectl set-timezone Asia/Hong_Kong

apt install -y apache2 rrdtool mariadb-server snmp snmpd php8.1 php-mysql php8.1-snmp php8.1-xml php8.1-mbstring php8.1-cli php8.1-gd php8.1-gmp php8.1-zip php8.1-ldap php8.1-intl

/usr/bin/mysql_secure_installation

mysql_tzinfo_to_sql /usr/share/zoneinfo/ | mysql -u root -p mysql

a2enmod ssl
a2ensite default-ssl

vi /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/ssl/certs/full_chain.pem
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCACertificateFile /etc/ssl/certs/rootCA.cer

add-apt-repository ppa:phpmyadmin/ppa

apt install phpmyadmin
cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php

vi /etc/my.cnf
[mysqld]
max_heap_table_size = 33554432
tmp_table_size = 33554432
innodb_buffer_pool_size = 508559360
innodb_doublewrite = OFF
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads = 16
innodb_io_capacity = 5000
innodb_io_capacity_max = 10000

vi /etc/mysql/mariadb.conf.d/50-server.cnf
#collation-server = utf8mb4_general_ci
collation-server = utf8mb4_unicode_ci

git clone -b 1.2.x https://github.com/Cacti/cacti.git

mv cacti /var/www/html

mysql -u root -p
CREATE DATABASE cacti DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ;
GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';
GRANT SELECT ON mysql.time_zone_name TO cactiuser@localhost;
ALTER DATABASE cacti CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
FLUSH PRIVILEGES;

mysql -u root cacti < /var/www/html/cacti/cacti.sql

cd /var/www/html/cacti/include
cp config.php.dist config.php

vi /var/www/html/cacti/include/config.php
$database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cactiuser';
$database_password = 'cactiuser';
$database_port = '3306';
$database_retries = 5;
$database_ssl = false;
$database_ssl_key = '';

vi /var/www/html/cacti/service/cactid.service
#User=apache
#Group=apache

mkdir /etc/sysconfig/
touch /etc/sysconfig/cactid
cp -p /var/www/html/cacti/service/cactid.service /etc/systemd/system
systemctl enable cactid
systemctl start cactid
systemctl status cactid

chown -R www-data:www-data /var/www/html/cacti/

vi /etc/php/8.1/apache2/php.ini
date.timezone = Asia/Hong_Kong
memory_limit = 400M
max_execution_time = 60

vi /etc/php/8.1/cli/php.ini
date.timezone = Asia/Hong_Kong

systemctl restart apache2
systemctl restart mysql

cd /var/www/html/cacti/plugins
git clone https://github.com/Cacti/plugin_weathermap.git
mv plugin_weathermap weathermap

git clone https://github.com/Cacti/plugin_monitor.git
mv plugin_monitor monitor

git clone https://github.com/Cacti/plugin_thold.git
mv plugin_thold thold

#git clone https://github.com/Cacti/plugin_wmi.git
#mv plugin_wmi wmi

git clone https://github.com/Cacti/documentation.git

git clone https://github.com/Cacti/plugin_syslog.git
mv plugin_syslog syslog

git clone https://github.com/Cacti/plugin_mactrack.git
mv plugin_mactrack mactrack

#git clone https://github.com/Cacti/plugin_hmib.git
#mv plugin_hmib hmib

git clone https://github.com/Cacti/plugin_flowview.git
mv plugin_flowview flowview

chown -R www-data:www-data /var/www/html/cacti

apt install rsyslog-mysql

vi /etc/rsyslog.d/cacti.conf
$ModLoad imudp
$UDPServerRun 514
$ModLoad ommysql

$template cacti_syslog,"INSERT INTO syslog_incoming(facility_id, priority_id, program, logtime, host, message) \
values (%syslogfacility%, %syslogpriority%, '%programname%', '%timegenerated:::date-mysql%', '%HOSTNAME%', TRIM('%msg%'))", SQL

*.* >localhost,my_database,my_user,my_password;cacti_syslog

cp /var/www/html/cacti/plugins/syslog/config.php.dist /var/www/html/cacti/plugins/syslog/config.php

vi /var/www/html/cacti/plugins/syslog/config.php
#$use_cacti_db = true;
$use_cacti_db = false;

https://xxx.xxx.xxx.xxx/cacti
admin
admin

全部Default, 而且所有requirement應該已經符合了, 直至以下Default Profile改用1分鍾, 亦改為手動不Scan

上面應該全部完成直接進入到正式Console, 我會先重新設定Sites, 把Default的都Delete, 然後重新增加Site

我有兩個Site, 把SKW & TKO都加進去

我的實例是Sophos Firewall

Name, Contact Person 和最低下的 SNMPv1 and v2c community and traps的Name都是同一個名字

Source就是Cacti的IP, 由於我有2台Cacti, 所以有2個資料

回到Cacti, 這裏的Hostname是Firewall的MGT IP, SNMP Community String是剛才在Firewall裏的名字

增加成功就能看到類似下面的資訊

SKW-Firewall (xxx.xxx.xxx.xxx)
SNMP Information
System: Linux localhost 4.14.277 #2 SMP Fri Jan 5 08:52:46 UTC 2024 x86_64
Uptime: 62945900 (7days, 6hours, 50minutes)
Hostname: xxxxxx
Location: SKW
Contact: xxxxxx

然後按右上角的 Create Graphs for this Device, 把你需要Monitor的都勾選, Select a Graph Type to Create選擇In/Out Bits (64-bit, 95th)

MRTG圖表已經可以成生, 選擇上面的Graphs, Device選擇剛才的SKW-Firewall, Presets選擇Last Half Hour方便查看最近的流量

另一個常用的功能是Graphs裏面的Tree View, 像是自己分Folder

另外一個Cisco的實例

ip access-list standard ACL-SNMP

permit xxx.xxx.xxx.xxx 0.0.0.0

snmp-server community public RO ACL-SNMP

Weathermap是很建議安裝的, 它可以看到最近的流量那個位置出現樽頸, 那裏將會用滿了

在Actions先把Weathermap Install及Enable

到Wathermaps裏按+

然後在Actions下面按Clone

現在多出了一個Simple Map, 然後按進去

Map Properties更改一下名稱, 圖片, Default Link Bandwidth.

Link Width隨便可改可不改

Map Style - Link Labels我改成Percentage

按Add Node, 然後隨便點一下就會放到地圖上, 然後Right Click新設的Node, 選Properties, 改Label & Icon Filename圖片, 如果要移動就按Move, 再在地點上點一下

使用Add Link去增加Network Flow, 如果用TKO Switch的MRTG, 就先點TKO Switch一下, 再點TKO Firewall一下, 就會生成兩個箭咀

右鍵其中一個箭咀選擇TKO Switch連到Firewall的Port, Add, Save

發佈留言

*