torsdag den 3. august 2017

Install Cacti on CentOS 7.x for QNAP Nas (SNMP style)

I was asked: How to make SNMP easy and not on a commandline..

I like nmap and snmpwalk before I do a setup for a client.
yum -y install net-snmp net-snmp-utils nmap

#nmap 1x.x.x.0/24 > scan.txt   (You are looking for UDP port 161 (snmp) - so use UDP scan!! )
#cat scan.txt |more

 #nmap -sU -p 161 --script=snmp-interfaces 1x.x.x.1  (Looking at the gateway)

 Starting Nmap x.xx ( http://nmap.org ) at xxxxxxxxxxxxx CEST
Nmap scan report for gateway (1x.x.x.x.x)
Host is up (0.00013s latency).
PORT    STATE SERVICE
161/udp open  snmp
| snmp-interfaces:
|   pflog0
|     Type: ifPwType  Speed: 0 Kbps
|     Status: up
|     Traffic stats: 2456.21 Mb sent, 0.00 Kb received
|   pfsync0
|     Type: ilan  Speed: 0 Kbps
|     Status: up

|     Traffic stats: 230.30 Kb sent, 0.00 Kb received

Scanning : https://nmap.org/nsedoc/scripts/snmp-interfaces.html
More info about ports:  https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Why not use Cacti ?  More info : https://www.cacti.net/
"Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with thousands of devices."

Here I use CentOS 7.x:

#yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd net-snmp-utils php-snmp net-snmp-libs cacti nano mc

NOTE!!!!  It will install MariaDB....

To start MariaDB:
#systemctl enable mariadb
#systemctl start mariadb
#systemctl status mariadb

#mysqladmin -u root password NEWPASSWORD

-You can make a password on : http://passwordsgenerator.net/
and replace NEWPASSWORD.

Create a user called cacti with a password called NEWPASSWORD, enter:

#mysql -u root -p
#Enter password:     Enter : NEWPASSWORD

FAQ:
Q: Why not just do : mysql -u root -p [somepassword] ?
A: What happens if I do : history |grep mysql
A: I got the mysql root password in the lists...

Error : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
fix :  mysqladmin -u root password NEWPASSWORD

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'NEWPASSWORD';
mysql> FLUSH privileges;
mysql> \q

Let's find the Cacti SQL file to pass into the DB.

#rpm -ql cacti | grep cacti.sql

Output:
#/usr/share/doc/cacti-1.1.16/cacti.sql

#mysql -u cacti -p --database=cacti < /usr/share/doc/cacti-1.1.16/cacti.sql

If you get the error: ERROR 1046 (3D000) at line 12: No database selected 
fix : just add  --database=cacti in your call.

Configure the new cacti
Backup and Open /etc/cacti/db.php file, enter:
# cp  /etc/cacti/db.php  /etc/cacti/db.org
# nano /etc/cacti/db.php

Default:
$database_type     = 'mysql';
$database_default  = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cacti';
$database_password = 'NEWPASSWORD';
$database_port     = '3306';
$database_ssl      = false;

 Config The webserver.
Open /etc/httpd/conf.d/cacti.conf file, enter:

# nano /etc/httpd/conf.d/cacti.conf
##
Alias /cacti    /usr/share/cacti

<Directory /usr/share/cacti/>
        Order Deny,Allow
        Deny from all
        Allow from x.x.x.x/x  (your client IP range)
</Directory>

Another option is create /usr/share/cacti/.htaccess file and password protect the directory.
Now restart your webserver....

# service httpd restart
Redirecting to /bin/systemctl restart  httpd.service

To pull data from our unit we need to change the crontab. Just remove # 

#cat  /etc/cron.d/cacti
*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Now cacti is ready to install. Try with a webbrowser and type the url:
http://monitor-domaine/cacti/
OR
http://x.x.x.x/cacti/

NOTE!
The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

Error :  Forbidden
            You don't have permission to access /cacti/ on this server.
fix :      Did you do the /cacti/.htaccess or the conf.d/cacti.conf   ?

ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account "select" access to the "time_zone_name" table in the "mysql" database, and populate MySQL's TimeZone information before proceeding.
Discussed on the forum here:   http://forums.cacti.net/viewtopic.php?f=2&t=56815

fix
#mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p --database=mysql
#Enter password:     Enter : NEWPASSWORD

 #GRANT SELECT ON mysql. time_zone_name TO 'cacti'@'localhost' IDENTIFIED BY 'NEWPASSWORD';

Next asking the NAS.... You need to enable SNMP before!
info:  http://docs.qnap.com/nas/4.2/SMB/en/index.html?snmp_settings.htm

https://exchange.nagios.org/directory/Plugins/Network-Connections%2C-Stats-and-Bandwidth/Check-QNAP-Disk/details

Plz : Test it with snmpwalk ;-)    To install it : yum -y install net-snmp net-snmp-utils

SNMP for QNAP Turbo NAS TS-869 Pro:

#$IP is QNAP NAS IP-address
#system CPU usage
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.1.0

#system total memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.2.0

#system free memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.3.0

#Uptime of network portion of system
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.4.0

#System uptime - fraction longer
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.2.1.25.1.1.0

#System temp
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.6.0

Output :
"0.60 %"
"1985.2 MB"
"2640.4 MB"
49:1:57:15.36
49:1:57:15.38
"44 C/111 F"
Indsendt af kl.