/Main_Page

::You must have ninja focus to complete your mission::NinjaFocus::

Cacti

Views:

Cacti is a network statistics tool that makes pretty graphs showing load and status of various things on your network. You can add lots of plugins to make it in to a full network monitoring system.

Details on this page describe setting up Cacti on a CentOS 5.0 server, but it should translate reasonably well to other distro's.

For general information on network management, please see these web sites:

Contents

Requirements

Cacti is a PHP/MySQL web application so obviously you need to have those installed and configured. You also need to install some additional software which probably doesn't come with your distro.

  • Apache
  • MySQL
  • PHP
  • PHP SNMP
  • Net-SNMP
  • RRDTool
  • Cacti Spine
  • Libxml2
  • Pango
  • Cairo
  • Lib Art

SELinux

This is known to cause problems, not that I've tried using it. If you have weird problems and you have SELinux enabled then you will need to add some rules.

Run this command to see if SELinux is enabled:

# /usr/sbin/getenforce
Disabled

Lib XML 2

# yum install libxml2 libxml2-devel

Pango

# yum install pango pango-devel

Cairo

# yum install cairo cairo-devel

Lib Art

# yum install libart_lgpl libart_lgpl-devel

RRDTool

RRDTool creates round-robin databases and produces graphs to display the data.

At the time of writing, cacti 0.87b can use either RRDTool version 1.1 or 1.2. The current release is 1.3 and this isn't compatible. Also, Later versions of 1.2 won't work. I tried with the latest 1.2.28 but this would cause cacti to produce graphs without any text or annotations. The way fonts are specified has changed in the latest versions. 1.2.19 is still compatible.

# cd /usr/local/src
# wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.19.tar.gz
# tar zxvf rrdtool-1.2.19.tar.gz
# cd rrdtool-1.2.19
# ./configure --prefix=/usr/local --disable-tcl --disable-ruby --disable-python --disable-perl --disable-shared --enable-static --with-rrd-default-font=/usr/local/share/rrdtool/fonts/DejaVuSansMono-Roman.ttf
# make
# make install

Spine

Spine is a C(++?) program that carries out the polling of data sources for Cacti. It is a lot faster than the PHP scripts and far more reliable (so I hear).

# cd /usr/local/src
# wget http://www.cacti.net/downloads/spine/cacti-spine-0.8.7a.tar.gz
# tar zxvf cacti-spine-0.8.7a.tar.gz 
# cd cacti-spine-0.8.7a
# ./configure --prefix=/usr/local
# make
# make install
# vim /usr/local/etc/spine.conf

The spine config file need to cotain the database details, something like:

DB_Host         localhost
DB_Database     cacti
DB_User         cacti
DB_Pass         cacti
DB_Port         3306

Net SNMP

Net SNMP has a few dependancies that need to be installed as well.

# yum install beecrypt-devel elfutils-devel elfutils-devel-static lm_sensors
# yum install net-snmp net-snmp-libs net-snmp-utils net-snmp-devel
# vim /etc/snmp/snmpd.conf
# service snmpd restart
# chkconfig snmpd on

Basic SNMP configuration file:

# Units can upset cacti
dontPrintUnits true

syslocation a rack
syscontact Admin <webmaster@example.com>

# Read Only community "public" only available to localhost
rocommunity public 127.0.0.1

Test basic snmp is working:

# snmpwalk -Os -c public -v 1 localhost system

There is plenty of documentation on the Net SNMP website including a Net SNMP Wiki (you like those don't you?) including a tutorial.

Security

The Net SNMP configuration file limits access to only the ip addresses specified. Net SNMP can carry out authentication and authorisation, see the docs for this.

Access can also be limited with TCP Wrappers or your firewall.

A simple entry in /etc/hosts.deny will limit access to only trusted machines, for example:

snmpd: ALL except 127 192.168.2.100

Crontab

We're going to update the stats once a minute, the default is five minutes. Some additional scripts for collecting stats expect to run every minute. They can probably be edited if you only want to poll every 5 minutes. You must configure Cacti through the web interface and tell it how often the poller script will be run.

# vim /etc/crontab
*/1 * * * * cacti php /var/www/html/cacti/poller.php >> /var/lib/php/cacti/cacti.log 2>&1

Cacti

This is just an example of how to do it. You will absolutely want to go off to www.cacti.net and find the latest tarball and patches!!

# cd /usr/local/src
# wget http://www.cacti.net/downloads/cacti-0.8.7b.tar.gz
# tar zxvf cacti-0.8.7b.tar.gz
# cd cacti-0.8.7b
# wget http://www.cacti.net/downloads/patches/0.8.7b/upgrade_from_086k_fix.patch
# wget http://www.cacti.net/downloads/patches/0.8.7b/snmp_auth_none_notice.patch
# wget http://www.cacti.net/downloads/patches/0.8.7b/reset_each_patch.patch
# patch -p1 -N < upgrade_from_086k_fix.patch
# patch -p1 -N < snmp_auth_none_notice.patch
# patch -p1 -N < reset_each_patch.patch
# rm upgrade_from_086k_fix.patch snmp_auth_none_notice.patch reset_each_patch.patch
# chmod -R u-s,g-ws,o-rwx .* *
# chown -R root:apache *
# chmod -R g-rx INSTALL README cacti.sql cli docs 
# cd ..
# cp -rp cacti-0.8.7b /var/www/html/cacti
# mkdir /var/lib/php/cacti
# touch /var/lib/php/cacti/php_errors
# touch /var/lib/php/cacti/cacti.log
# chown -R apache /var/lib/php/cacti
# vim /etc/httpd/conf/httpd.conf

Apache

You need something like this in your apache configuration:

<Directory  "/var/www/html/cacti">
    Options Indexes FollowSymlinks
    Order allow,deny
    Allow from all
    php_admin_flag engine on
    php_admin_flag magic_quotes_gpc off
    php_admin_flag magic_quotes_runtime off
    php_admin_flag safe_mode off
    php_admin_flag display_errors off
    php_flag short_open_tag on
    php_flag register_globals off
    php_flag register_argc_argv on
    php_flag track_vars on
    # this setting is necessary for some locales
    php_value mbstring.func_overload 0
    php_value include_path .
    php_admin_value open_basedir "/var/www/html/cacti/:/var/lib/php/cacti/:/usr/local/bin/rrdtool:/usr/bin/php:/usr/bin/snmpwalk:/usr/bin/snmpget:/usr/bin/snmpbulkwalk:/usr/bin/snmpgetnext:/usr/local/bin/spine:/usr/local/share/rrdtool/fonts:/usr/local/bin/rrdupdate:/usr/local/bin/rrdcgi"
    php_admin_value error_log "/var/lib/php/cacti/php_errors"
    php_admin_value upload_tmp_dir "/var/lib/php/cacti"
    php_admin_value session.save_path "/var/lib/php/cacti"
</Directory>
# If you plan to have Cacti gather stats on your apache server, then you'll need this
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>

The <Location /server-status> configuration only allows access to the apache server-status data from the local machine. The Cacti scripts for graphing the apache status would need to be modified if you want to use authentication or to make the server status available at a different url. To make the server-status available to a remote Cacti server, add the ip address of the Cacti server to the "Allow from" line. For example:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 192.168.2.100
</Location>

When you're happy with it:

# apachectl -t && apachectl graceful

MySQL

Pretty straight forward really. You need to create a database import the schema. Also you need to create a user account. You'll need to put these detials in both the Cacti and Spine configuration files.

# cd /var/www/html/cacti
# mysql -u root -p
Enter Password:
mysql> CREATE DATABASE cacti;
Query OK, 1 row affected (0.11 sec)

mysql> GRANT ALL PRIVILEGES ON cacti.* TO cacti@localhost IDENTIFIED BY 'cacti';
Query OK, 0 rows affected (0.66 sec)

mysql> use cacti
Database changed
mysql> source /var/www/html/cacti/cacti.sql;

Older Version on Ubuntu

Plugins

We have four plugins. They live in /usr/share/cacti/site/plugins on thoth

thold

Threshold plugin handles the alerting side of things, login to cacti with admin rights and use the settings (bottom left margin) to configure emailing.

monitor

handy up down diplay to show the net status at a glance.

discover

network discovery module - not used yet. Currently working on this (rfc)

weathermap

In development: weathermap is a large plugin that allows the drawing of network topology maps. It also displays and updates status of individual network links, this could mainly be used to identify bottlenecks directly. It has its own map editor available from thoth/cacti/plugins/weathermap/editor.php

Settings

The cacti version is 0.8.6h, it was installed from the UBUNTU repositories, then patched with plugin archetecture, then the plugin added. See Plugin Architecture Install. Once Plugin Arch is isntalled to acutually use a plugin drop the plugin into the cact plugins dir currently (on ubuntu) /usr/share/cacti/site/plugins/ and put its name in the config file, in the includes subdir of cacti. currently /usr/share/cacti/site/incudes/config.php locate the section of config.php that looks like this.

$plugins = array();
	$plugins[] = 'thold';
	$plugins[] = 'discovery';
	$plugins[] = 'monitor';

the name in quotes is the name of sub dir the plugin is in, its probably a bad idea to use a non default name ofr this dir as its used internaly by hte plugin's code (this is why hte discover plugin was broken.

Russ has moved the cacti data from one server to another, ask him how.

word of warning config.php on ubuntu is NON STANDARD. it has a defferent location for aodb.

#include($config["library_path"] . "/adodb/adodb.inc.php"); //comented out by tom a
include("/usr/share/php/adodb/adodb.inc.php"); //replacement by tom for ubuntu

nomally the top of the config file includes the lines with the databse config, the ubuntu packages use (sigh) "the debian way" so instead there is a line incuding /etc/cacti/debian.conf.

exra templates etc.

Netware Failed Printers

ive also added netware printer moitoring to cacti I got it from http://forums.cacti.net/about8780.html it consists of a shee script in scripts dir, and 2 xml templates imported via the cacti interface

Sonic Wall

I've added extra script and template for the sonicwall from http://forums.cacti.net/about2893.html

groupwise

imported a groupwise templase and scripts - doesn't actually work, but hey neither does groupwise source http://forums.cacti.net/about7536.html

Main Menu

Personal tools

Toolbox