Cacti 網路監視安裝教學

安裝環境與版本

• CentOS 7
• Apache 2.4.6
• Php 7.1.x
• MariaDB 10
• Cacti 1.2.7

安裝 MariaDB + PHP + APACHE + Cacti

# 建立系統基本環境
# 安裝 epel 套件庫並更新

yum -y install epel-release 
yum -y update

# 建立 MariaDB 的 YUM 來源

cat <<EOF | tee -a  /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.1.29 CentOS repository list for RHEL / CentOS 7
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF

# 建立 PHP 7 的 YUM 來源

yum remove php*
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

# 安裝 LAMP 與中文字型和 GIT 套件

yum -y install httpd mariadb-server mariadb-devel php71w php71w-opcache php71w-mysql php71w-pear php71w-gd php71w-mbstring php71w-snmp php71w-ldap net-snmp net-snmp-utils net-snmp-devel rrdtool help2man cjkuni-ukai-fonts.noarch git

#安裝GCC編譯器 & wget 下載器

yum -y install  gcc wget

# 更新字型快取

fc-cache -fv

# 防火牆允許 TCP 80 Port

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

# 設定 PHP 時區

cat /etc/php.ini | grep "date.timezone ="
sed -i 's#;date.timezone =#date.timezone = "Asia/Taipei"#' /etc/php.ini
cat /etc/php.ini | grep "date.timezone ="

# 啟動 MySQL

systemctl start mariadb.service

# 設定 MariaDB SQL Server

mysql_secure_installation
mysql_tzinfo_to_sql /usr/share/zoneinfo/ | mysql -u root -p mysql

# 修改資料庫設定
vi /etc/my.cnf.d/server.cnf
找到[mysqld]區塊，並與其後加入以下參數設定值

character_set_server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_heap_table_size = 256M
max_allowed_packet = 16777216
tmp_table_size = 64M
join_buffer_size = 64M
innodb_file_per_table = ON
#innodb_buffer_pool_size = 1024M
innodb_buffer_pool_size = 256M
innodb_doublewrite = OFF
innodb_additional_mem_pool_size = 96M
#innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads =16

# 建立 Cacti 資料庫並設定管理帳號及密碼

mysql -u root -p
create database cacti default character set utf8;
grant all privileges on cacti.* to cacti@localhost identified by 'cactipw';
grant select on mysql.time_zone_name to cacti@localhost;
flush privileges;
exit;

# 新增系統使用者 cacti

useradd -r -M cacti

# 重新啟動相關服務並設定開機時啟動

systemctl restart httpd 
systemctl restart mariadb 
systemctl enable httpd
systemctl enable mariadb

# 安裝 cacti – 用 WGET 方式安裝 ( 預設安裝在 /var/www/html/cacti/ )

cd ~
wget https://www.cacti.net/downloads/cacti-1.2.7.tar.gz
tar -zxvf cacti-1.2.7.tar.gz
mv cacti-1.2.7 /var/www/html/cacti
touch /var/www/html/cacti/log/cacti.log
chown -R cacti.apache /var/www/html/cacti
chmod -R 775 /var/www/html/cacti/log

# 增加 Cacti 所畫的圖可以顯示中文

head -n 3 /var/www/html/cacti/lib/functions.php
sed -i '1a setlocale(LC_CTYPE, "zh_TW.UTF-8");' /var/www/html/cacti/lib/functions.php
head -n 3 /var/www/html/cacti/lib/functions.php

#將 cacti 的資料庫格式匯入 MySQL 裡 cacti 資料庫

mysql -u root -p cacti < /var/www/html/cacti/cacti.sql

# 在 Cacti 修改連結 MySQL 設定

cd /var/www/html/cacti/include/
cat config.php | grep database_username
sed -i -e "s/database_username = 'cactiuser'/database_username = 'cacti'/" config.php
cat config.php | grep database_username
cat config.php | grep database_password
sed -i -e "s/database_password = 'cactiuser'/database_password = 'cactipw'/" config.php
cat config.php | grep  database_password

做到此步驟如果頁面顯示Forbidden 403 之類的錯誤 是因為權限問題
#先檢查 SELinux 的狀態
getenforce
#暫時關閉 SELinux
setenforce 0

# 安裝 cacti – 用 GIT 方式安裝 ( 預設安裝在 /var/www/html/cacti/ )

cd ~
git clone https://github.com/Cacti/cacti.git
mv cacti /var/www/html/cacti
touch /var/www/html/cacti/log/cacti.log

# 設定 Cacti 擁有者與權限

chown -R cacti.apache /var/www/html/cacti
chmod -R 775 /var/www/html/cacti/log
chmod -R 775 /var/www/html/cacti/resource
chmod -R 775 /var/www/html/cacti/scripts
chmod -R 775 /var/www/html/cacti/cache

# 增加 Cacti 所畫的圖可以顯示中文

vi  /var/www/html/cacti/lib/functions.php
# 在最上面 <?php 的下面新增一行就行了！
setlocale(LC_CTYPE, "zh_TW.UTF-8");

#將 cacti 的資料庫格式匯入 MySQL 裡 cacti 資料庫

cd /var/www/html/cacti
mysql -u root -p cacti < cacti.sql

# 在 Cacti 修改連結 MySQL 設定

cp /var/www/html/cacti/include/config.php.dist /var/www/html/cacti/include/config.php
vi /var/www/html/cacti/include/config.php
$database_username = "cacti";
$database_password = "cactipw";

# 安裝 cacti-spine

cd ~
wget https://www.cacti.net/downloads/spine/cacti-spine-1.1.28.tar.gz
tar -zxvf cacti-spine-1.1.28.tar.gz
cd cacti-spine-1.1.28
./configure
make&&make install
chown root:root /usr/local/spine/bin/spine
chmod +s /usr/local/spine/bin/spine

# 設定 SPINE 資料

cp /usr/local/spine/etc/spine.conf.dist /etc/spine.conf
vi /etc/spine.conf
DB_User	cacti
DB_Pass	cactipw

# 測試 Spine 是否正常

/usr/local/spine/bin/spine 
SPINE: Using spine config file [/etc/spine.conf]
SPINE: Version 1.1.10 starting
SPINE: Time: 0.0273 s, Threads: 5, Devices: 0

# 設定 Cacti 基本環境
# 修改 Cacti 預設路徑 ( http://ip/cacti/ 改為 http://ip/ )

cat /var/www/html/cacti/include/global.php | grep "url_path ="
sed -i 's#'/cacti/'#'/'#g' /var/www/html/cacti/include/global.php
cat /var/www/html/cacti/include/global.php | grep "url_path ="
cat /var/www/html/cacti/include/config.php | grep "url_path ="
sed -i 's#'/cacti/'#'/'#g' /var/www/html/cacti/include/config.php
cat /var/www/html/cacti/include/config.php | grep "url_path ="
cat /etc/httpd/conf/httpd.conf | grep /var/www/html
sed -i 's#/var/www/html#/var/www/html/cacti#g' /etc/httpd/conf/httpd.conf
cat /etc/httpd/conf/httpd.conf | grep /var/www/html

# 新增基本外掛 Plugin ( thold = 告警，monitor = 設備存活監控，webseer = 網頁存活監控 )

cd ~
git clone https://github.com/Cacti/plugin_thold.git
git clone https://github.com/Cacti/plugin_monitor.git
git clone https://github.com/Cacti/plugin_webseer.git
mv plugin_* /var/www/html/cacti/plugins
cd /var/www/html/cacti/plugins
mv plugin_thold thold
mv plugin_monitor monitor
mv plugin_webseer webseer
chown -R cacti.apache /var/www/html/cacti/plugins

# 修改 cacti 工作排程設定

sed -i '$a */1 * * * * root php /var/www/html/cacti/poller.php > /dev/null 2>&1' /etc/crontab

# 重新啟動 Web & DB

systemctl restart httpd.service
systemctl restart mariadb.service

#啟動snmp並設定為開機啟動

systemctl start snmpd.service
systemctl enable snmpd.service

# SNMP Service Test
#其中 abc 為目標主機 community名稱，localhost 為目標主機IP

snmpwalk -c abc -v 2c localhost system

#範例操作：
vi /etc/snmp/snmpd.conf
搜尋 com2sec
將預設default改為 localhost並存檔

# snmpwalk -c public -v 2c localhost system

登入cacti 首頁

初次到 Web 管理介面修改基本環境與 RRDtool 環境設定
完成 Cacti 安裝進入 WEB 首次使用設定畫面
輸入http://IP/cacti，出現登入畫面
輸入第一次登入的帳號密碼，Cacti 系統預設是admin/admin

系統設定資訊除了 SPINE 外其他都不用去修改，就是使用目前的預設資訊即可

Spine 路徑 = /usr/local/spine/bin/spine
可以滙入需要的 Template
Cacti 系統會強置要求你修改密碼 ( 需大小寫加數字共 8 字以上 )
Cacti 系統畫面，看到這邊表示已經安裝成功。
到 Web 管理介面的 {Console}→[Templates]→[Data Source]→(Data Template Name) 中修改如下：
選最右方的全選，將全部的 Template 勾選
到最右下方的 Choose an action 點選 Change Profile → 點選 GO

到 New Data Source Profile 點選 High Collection Rate → 點選 Continue

如有第二頁，第二頁也要選
再到 Console → Presets → Data Profiles  → System Default

將 Polling Interval = Every 5 Minute 改為 Every Minute
將 Heartbeat  = Every 10 Minute 改為 Every 5 Minute

點選Save後， 完成後再將 Data Source 改回 System Default

到 Web 管理介面的 {Console}→[Automation]→[SNMP Options]→(Default Option Set) 中修改如下：

Item#1 → Version = 2 → Community = public 改為 abc ( 假設 abc 為預設值 )

Item#2 → Version = 2 → Community = private → 刪除

到 Web 管理介面的 {Console}→[Configuration]→[Settings]→(General) 中修改如下：
Event Logging → Log File Destination → Logfile Only 改為 Logfile and Syslog/Eventlog
點選 Save

到 Web 管理介面的 {Console}→[Configuration]→[Settings]→(Device Defaults) 的修改如下：
SNMP Defaults → SNMP Community → public 改為 abc ( 假設 abc 為預設值 )
Availability/Reachability → Downed Host Detection → SNMP 改為 Ping or SNMP Uptime
Availability/Reachability → Ping Type → UDP Ping 改為 ICMP Ping
Availability/Reachability → Ping Timeout Value → 400 改為 500
Availability/Reachability → Ping Retry Count → 1 改為 3
點選Save

到 Web 管理介面的 {Console}→[Configuration]→[Settings]→(Poller) 的修改如下：
General → Enabled → Enabled 打勾
General → Poller Type → cmd.php 改為 spine
General → Poller Interval → Every 5 Minute 改為 Every Minute
General → Cron Interval → Every 5 Minute 改為 Every Minute
General → Maximum Concurrent Poller Processes → 1 改為 2
Spine Specific Execution Parameters → Maximum Threads per Process → 1 改為 15
Spine Specific Execution Parameters → Number of PHP Script Servers → 1 改為 5
Spine Specific Execution Parameters → The Maximum SNMP OID’s Per SNMP Get Request → 10 改為 25
點選Save

到 Web 管理介面的 {Console}→[Configuration]→[Settings]→(Visual) 的修改如下：
Theme Settings → Theme  → Classic 改為 Modem
Table Settings → Rows Per Page → 30 改為 100
Real-time Graphs → Refresh Interval → 10 Seconds 改為 5 Seconds
點選Save

到 Web 管理介面的 {Console}→[Configuration]→[Settings]→(Mail/Reporting/DNS) 的修改如下：
Emailing Options → Test Email = abc@gmail.com
Emailing Options → Mail Services → PHP Mail() Function 改為 SMTP
Emailing Options → From Email Address = abc@gmail.com
Emailing Options → From Name = Cacti_System
SMTP Options → SMTP Hostname = ssl://smtp.gmail.com
SMTP Options → SMTP Port = 465
SMTP Options → SMTP Username = abc@gmail.com
SMTP Options → SMTP Password = 上一行信箱帳號 abc@gmail.com 的密碼
DNS Options → Primary DNS IP Address = 168.95.1.1
DNS Options → Primary DNS IP Address = 8.8.8.8
點選 Save

到 Web 管理介面的 {Console}→[Configuration]→[User]→ ID：Admin (Permissions) 修改：
Normal User → 勾選 Realtime Graphs
點選 Save

到 Web 管理介面的 {Console}→[Configuration]→[User]→ ID：Admin (User Settings) 修改：
General Settings → Theme → Classic 改為 Modem
General Settings → Default View Mode → Tree View 改為 Preview View
General Settings → User Language → Bulgarian 改為 English or Chinese ( China )
Time Spanning/Shifting → Default Time Range → Daily ( 5 Minute Average ) 改為 30 Second Samples
Time Spanning/Shifting → Default Graph View Timespan → Last Day 改為 Last 6 Hours
Graph Thumbnail Settings → Preview Thumbnail Columns → 2 Columns 改為 4 Columns
Tree View Mode → Graphs Per-Page → 10 改為 30
點選 Save

到 Web 管理介面的 {Console}→[Configuration]→[Plugin Management]→外掛套件管理：
將 Thold 安裝啟用
將 Monitor & Webseer 安裝啟用

# 透過 Thond 傳送簡訊 ( 本例以 http://tw.every8d.com 為主說明 )
將thold超過監控值的mail訊息主旨傳到簡訊
主要是把API程式的必要資訊傳送到API程式，由API程式去執行再由SMS Server去傳送簡訊

vi /var/www/html/cacti/plugins/thold/thold_functions.php
找到第一行 thold_mail($alert_emails, ”, $subject, $msg, $file_array);
新增以下兩行:

exec("echo '$subject' > /var/www/html/cacti/plugins/thold/sms.log");
	exec("/var/www/html/cacti/plugins/thold/sendsms.sh");

利用 wget POST 簡訊資料到簡訊功能 URL, 撰寫 sendsms shell script:
新增 sms.log 檔案

touch /var/www/html/cacti/plugins/thold/sms.log
chown cacti.apache /var/www/html/cacti/plugins/thold/sms.log

新增 sendsms.sh 檔案
vi /var/www/html/cacti/plugins/thold/sendsms.sh

==================================================
#!/bin/bash

# UID   = 帳號
# PWD   = 密碼
# MSG   = 簡訊發送內容
# DEST  = 接收人之手機號碼。多筆接收人以半形逗點隔開，如 0912345678,0922333444。
# SB    = 簡訊主旨，不會隨內容發送出去。註記本次發送之用途。可傳入空字串。
# ST    = 預定發送時間。 輸入發送時間。如：2009/01/31 15:30:00 發送，則輸入 20090131153000。可傳入空字串

# 列出sms.log的資料
info1=$(echo “UID=09123345678&PWD=xxxx&DEST=0912345678&MSG=”)
info2=$(cat /var/www/html/cacti/plugins/thold/sms.log)

wget "http://api.every8d.com/API21/HTTP/sendSMS.ashx" --post-data="$info1""$info2"

==================================================

#chown cacti.apache /var/www/html/cacti/plugins/thold/sendsms.sh
#chmod +x /var/www/html/cacti/plugins/thold/sendsms.sh

# 安裝 TCP Conncet Template

到 https://forums.cacti.net/viewtopic.php?f=12&t=12787&sid=066f3120cd4b9f4f7cb562f06760989d 下載
template 檔 cacti_graph_template_snmp_get_tcp_connection_status.xml
下載網址 https://forums.cacti.net/download/file.php?id=10716&sid=3b147629bcd7fedc3e3f18bc2e673987
vi /var/www/html/cacti/scripts/lvm_netstat_tcp.pl

#!/usr/bin/perl -w
# --------------------------------------------------
# ARGV[0] = <hostname> required
# ARGV[1] = <snmp version> required
# ARGV[2] = <snmp community> required
# ARGV[3] = <snmp port> required
# ARGV[4] = <snmp timeout> required
# --------------------------------------------------
$in_hostname = $ARGV[0] if defined $ARGV[0];
$in_version = $ARGV[1] if defined $ARGV[1];
$in_community = $ARGV[2] if defined $ARGV[2];
$in_port = $ARGV[3] if defined $ARGV[3];
$in_timeout = $ARGV[4] if defined $ARGV[4];

if ($in_version eq "2")
{
$in_version = "2c";
}

my $_cmd = "snmpnetstat -v $in_version -c '$in_community' $in_hostname:$in_port -Cn -Cp tcp -Can -Cw $in_timeout";

# usage notes
if (
( ! defined $in_hostname ) ||
( ! defined $in_version ) ||
( ! defined $in_community ) ||
( ! defined $in_port ) ||
( ! defined $in_timeout )
) {
print "usage:\n\n
$0 <host> <snmp version> < snmp community> <snmp port> <snmp timeout>\n\n";
exit;
}

my @_output = `$_cmd`;

my $_estab = 0;
my $_listen = 0;
my $_timewait = 0;
my $_timeclose = 0;
my $_finwait1 = 0;
my $_finwait2 = 0;
my $_synsent = 0;
my $_synrecv = 0;
my $_closewait = 0;

#print "$_output\n";

foreach ( @_output ) {
#print $_;
$_estab++ if /ESTABLISHED/;
$_listen++ if /LISTEN/;
$_timewait++ if /TIMEWAIT/;
$_timeclose++ if /TIMECLOSE/;
$_finwait1++ if /FINWAIT1/;
$_finwait2++ if /FINWAIT2/;
$_synsent++ if /SYNSENT/;
$_synrecv++ if /SYNRECV/;
$_closewait++ if /CLOSEWAIT/;
}

#
print "established:$_estab listen:$_listen timewait:$_timewait timeclose:$_timeclose finwait1:$_finwait1 finwait2:$_finwait2 synsent:$_synsent synrecv:$_synrecv closewait:$_closewait";

#chown cacti.apache /var/www/html/cacti/scripts/lvm_netstat_tcp.pl

加入到 OS 的 Template 裡