Monday, March 2, 2015

Monitor network traffic with Cacti

http://www.linuxuser.co.uk/tutorials/monitor-network-traffic-with-cacti

Learn how to install and configure Cacti in order to watch the traffic of a Cisco ADSL router using SNMP



Cacti is an open source network graphing application that uses RRDTool – a data logging and graphing system for time series data.
A router, by default, connects two different networks, and therefore it should have at least two distinct network interfaces. This article will use a Cisco 877W ADSL router that uses three interfaces: one for the ADSL connection, one RJ45 Ethernet port and a Wi- Fi connection. What you want to monitor is the ADSL connection. Don’t worry – do not think that you will need to use the ADSL interface to get the desired data; SNMP can ask any one of the three interfaces and get the same ADSL- related monitoring data!
Our previous tutorial about MRTG in issue 145 of LU&D used the ADSL interface whereas this tutorial will use the IP of the Wi-Fi interface. Using a different IP address or interface makes no difference. Cacti has many more capabilities including support for plugins that enable developers to generate additional Cacti features without dealing with Cacti’s source code. A forthcoming article will show you how to develop a Cacti plugin, but for now we’ll focus on installation and configuration.
Cacti’s Preview view shows all monitoring graphs and is an easy way to get a general overview of what you monitor
Cacti’s Preview view shows all monitoring graphs and is an easy way to get a general overview of what you monitor

Resources

Cacti
RRDTool
CiscoMIBs
SNMPRFCs

Step-by-step

Step 01 Get Cacti
On an Ubuntu system you can get Cacti by running the following command:
# apt-get install cacti
This command will automatically install RRDTool as well as other required packages. Cacti installs its files at /usr/share/cacti/.
As Cacti is actually a group of PHP scripts and a database working together and creating a monitoring site, multiple devices can be easily monitored using a centralised site.
Step 02 Installation steps
Installing Cacti is far more difficult than MRTG because Cacti uses a database to save its data instead of plain text files. Cacti uses PHP so your Apache configuration should also support PHP. So, you should have MySQL up and running as well as Apache with PHP support before continuing with the installation of Cacti.
The power that Cacti offers does come at a price that you will only have to pay the first time you install it.
Step 03 Pre-installation actions
You should have root privileges in order to set up Cacti on your Linux machine. You should also know the SNMP-related information of the Cisco router. If the ADSL router is not properly configured to support SNMP, you will also need to have administrative privileges on it and set up SNMP yourself.
The Linux machine must also run MySQL. Although it is not necessary, it is very convenient to have a separate MySQL database to store all Cacti-related data.
Step 04 MySQL Setup
Cacti needs a database in order to work and store its data. The default option is the very popular MySQL database. For the purposes of this article, the name of the MySQL user will be ‘cacti’ and the password will be ‘cactipass’. It is good to use a separate database to store all Cacti related data; it will be called ‘cactiDB’.
You should manually edit the /etc/cacti/debian.conf file and put in the correct database data. This file replaces the include/config.php file that is usually found in Cacti source files.
Step 05 Apache Setup
The Cacti site will be at the /cacti/ URL as defined in the (default) /etc/apache2/conf-available/cacti.conf file. You will also need to install and turn on PHP support. First install the libapache2-mod-php5 package, then enable the php5 Apache module; on an Ubuntu system, this module is automatically enabled after installation. Otherwise, you will have to either run a2enmod or enable the module manually by editing the Apache config files and restarting.
Step 06 Start Cacti installation
The next step is very important. Before doing anything else you should import the Cacti database data inside the MySQL database. On an Ubuntu Linux System, this can be done with the following command:
$ cat /usr/share/doc/cacti/cacti.sql | mysql -u cacti -p cactiDB
Without this step, the installation will fail and you are going to get no data from Cacti!
In order to start the installation process, you should now point your favourite browser at the /cacti/ URL. We will use the http://mb13:3023/cacti/ URL but yours will vary.
Step 07 Finish the installation
Two more simple steps will be required that should present little to no difficulty. After finishing all steps, you should log in to Cacti using the admin user. The first thing you will be asked to do is change the default password for the admin user, which is also “admin”. From now on you can use the http://mb13:3023/cacti/index.php URL to connect to your Cacti installation.
Step 08 Check Cisco configuration
SNMP is a known TCP/IP protocol that is available for most ‘clever’ devices, including Linux and other UNIX machines, routers, network switches, Windows machines, etc.
Before you start installing Cacti, you should make sure that the device you are going to monitor is properly configured. Cacti will acquire data from the Cisco router using SNMP, so you should check if SNMP is properly working on Cisco.
Step 09 Add the Cisco device
After installing and configuring Cacti, you are ready to add devices and graphs to Cacti. The things that you need to know in advance in order to monitor your Cisco router with Cacti are the name of the SNMP community (LUD) and the name or the IP address of the router (192.268.2.1).
To add the ADSL router, you should first click on Devices on the left. Then select Cisco Router and ‘Enabled’ on Status, and then click Add. Now you will have to fill in the required information that depends on your configuration. It is important to put the correct data in the Hostname and ‘SNMP community’ fields. Then, click Create.
If everything is okay, the next screen will display ‘Create Graphs for this Host’ on the upper-right side of the screen. Click on the ‘Create Graphs for this Host’ link to go to the next screen.
The next screen after this lists all the available Cisco interfaces for this particular router. What interests us right now is Interface number 14 (Dialer1), which is the ADSL Internet connection interface, so make it active. The desired graph type should be ‘In/Out Bits’. Now click the Create button. Other interfaces of interest may be Number 5 (Dot11Radio0), which is Cisco’s Wi-Fi interface and Number 13, which is the Ethernet interface. Now select Graph Trees from the left menu and then click Add. The next screen will allow you to select the device you want to monitor. Follow the instructions on-screen, and you are done!
Step 10 The output generated by Cacti
A script that runs as a cron job updates the output of Cacti – this is automatically configured during installation. You can look at the /etc/cron.d/cacti file for more information about the way Cacti is being executed.
Select the Graphs tab and then, from the Default Tree, select the desired host. You will have to wait a little, until some data is obtained in order for the graphs to be populated.
Step 11 User management
Users in Cacti can be divided into three brief categories: Anonymous, Normal and Administrators. What differentiates these three categories is the way they authenticate and the permissions they have.
You can also add users using the command- line interface of Cacti but using the graphical interface is simpler. You can visit the Cacti docs to find more information about Cacti command line scripts.
Step 12 Create and use a new User
Head across to Console>Utilities>User Management. You can see that two users are created by default: admin and guest. Click Add to create a new Normal user called ‘LUD’. Fill in the required information. On the Realm Permissions, turn on the View Graphs checkbox. Now, press Create to create the new user. It is always useful to turn on the ‘User must change password at next login’ option.
After user creation, edit the new user, go to the Graph Permissions tab and add the graphs that you want the user to be allowed to see.
Step 13 Cacti directories
The /var/lib/cacti/rra directory contains all the RRD files that keep your performance data. The /usr/share/cacti/resource directory holds all the XML files responsible for the data queries of Cacti. The /var/log/cacti directory contains all Cacti log files of Cacti – you should visit its files when there are problems with Cacti. The /usr/share/cacti/cli directory holds all the command line scripts.
Step 14 Back up and restore
Although backing up MRTG is a simple copy process, backing up Cacti is more demanding because its data is stored on a database. You can manually backup the MySQL database using the following command:
$ mysqldump -u cacti -pcactipass cactiDB > cacti.sql
The generated cacti.sql plain text file contains SQL commands that can reconstruct a database from scratch (including its data).
Similarly, you can back up all Cacti configuration files using a simple UNIX script; just make sure that you include all files and directories. If you are not that familiar with MySQL, you should ask your database administrator for help, because backup is a critical task.
Step 15 Bonus material
The default Cacti installation automatically gathers and displays monitoring data about the current machine (localhost). You can see it by selecting Graphs>Default Tree>Host:Localhost.
Step 16 Final thoughts
Installing Cacti is not as easy as installing MRTG. Nevertheless, Cacti produces a more professional output, supports plugins and multiple users with different privileges. Cacti also supports templates. They are used for simplifying the creation and administration of graphs.
Depending on your needs, you can choose MRTG or Cacti and be assured that any of them will serve you well.

No comments:

Post a Comment