Monitorar banda com CACTI - Ubuntu 10.04

emanoeljulio · 19 de Abril de 2011, 10:31

Salve galega!!!
Estou configurando o cacti em meu servidor e estou com dificuldades em dois pontos. O primeiro como configuro o cacti para monitorar o consumo da banda(eth0) e o segundo como monitorar servidores remotos?

Valeu e agradeço a quem ajudar.

zekkerj · 19 de Abril de 2011, 11:20

Se o Cacti usar SNMP, vc pode ativá-lo nos servidores remotos pra obter várias estatísticas, inclusive consumo de banda nas interfaces.

emanoeljulio · 19 de Abril de 2011, 11:56

Valeu pela ajuda, mas deixa eu dar mais detalhes. O SNMP esta configurado no servidor local(SERVIDOR-CACTI) e funcionado, mas não acho o maldito gráfico referente ao consumo de banda. O outro ponto é que o servidor remoto esta com o snmp instalado e com a linha:
"#com2sec paranoid default public" comentada,
"com2sec readonly default public" descomentada
e adicionei a linha "com2sec readonly XXX.XXX.XXX.XXX planeta" cujo o XXX.XXX.XXX.XXX é o ip do servidor com o cacti instalado

Código Selecionar


root@lgustavo:~# cat /etc/snmp/snmpd.conf 
###############################################################################
#
# EXAMPLE.conf:
#   An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be an example.  If, however, you want
# to use it, it should be placed in /etc/snmp/snmpd.conf.
# When the snmpd agent starts up, this is where it will look for it.
#
# You might be interested in generating your own snmpd.conf file using
# the "snmpconf" program (perl script) instead.  It's a nice menu
# based interface to writing well commented configuration files.  Try it!
#
# Note: This file is automatically generated from EXAMPLE.conf.def.
# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
# configure & make, and then make sure you read the EXAMPLE.conf file
# instead, as it will tailor itself to your configuration.

# All lines beginning with a '#' are comments and are intended for you
# to read.  All other lines are configuration commands for the agent.

#
# PLEASE: read the snmpd.conf(5) manual page as well!
#


###############################################################################
# Access Control
###############################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readonly  default          public
#com2sec readwrite default         private
com2sec readonly  XXX.XXX.XXX.XXX	planeta
#
####
# Second, map the security names into group names:

#             	sec.model  sec.name
group MyROSystem v1        paranoid
group MyROSystem v2c       paranoid
group MyROSystem usm       paranoid
group MyROGroup v1         readonly
group MyROGroup v2c        readonly
group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .1.3.6.1.2.1.1
#view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROSystem ""     any       noauth    exact  system none   none
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# -----------------------------------------------------------------------------


###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file.  **PLEASE NOTE** that setting
# the value of these objects here makes these objects READ-ONLY
# (regardless of any access control settings).  Any attempt to set the
# value of an object whose value is given here will fail with an error
# status of notWritable.

syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)

# Example output of snmpwalk:
#   % snmpwalk -v 1 -c public localhost system
#   system.sysDescr.0 = "SunOS name sun4c"
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
#   system.sysContact.0 = "Me <me@somewhere.org>"
#   system.sysName.0 = "name"
#   system.sysLocation.0 = "Right here, right now."
#   system.sysServices.0 = 72


# -----------------------------------------------------------------------------


###############################################################################
# Process checks.
#
#  The following are examples of how to use the agent to check for
#  processes running on the host.  The syntax looks something like:
#
#  proc NAME [MAX=0] [MIN=0]
#
#  NAME:  the name of the process to check for.  It must match
#         exactly (ie, http will not find httpd processes).
#  MAX:   the maximum number allowed to be running.  Defaults to 0.
#  MIN:   the minimum number to be running.  Defaults to 0.

#
#  Examples:
#

#  Make sure mountd is running
#proc mountd

#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4

#  Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1

#  A snmpwalk of the prTable would look something like this:
# 
# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
#  Note that the errorFlag for mountd is set to 1 because one is not
#  running (in this case an rpc.mountd is, but thats not good enough),
#  and the ErrMessage tells you what's wrong.  The configuration
#  imposed in the snmpd.conf file is also shown.  
# 
#  Special Case:  When the min and max numbers are both 0, it assumes
#  you want a max of infinity and a min of 1.
#


# -----------------------------------------------------------------------------


###############################################################################
# Executables/scripts
#

#
#  You can also have programs run by the agent that return a single
#  line of output and an exit code.  Here are two examples.
#
#  exec NAME PROGRAM [ARGS ...]
#
#  NAME:     A generic name.
#  PROGRAM:  The program to run.  Include the path!
#  ARGS:     optional arguments to be passed to the program

# a simple hello world
#exec echotest /bin/echo hello world

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest

# Then, 
# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0

# Note that the second line of the /tmp/shtest shell script is cut
# off.  Also note that the exit status of 35 was returned.

# -----------------------------------------------------------------------------


###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.  

# disk PATH [MIN=DEFDISKMINIMUMSPACE]
#
# PATH:  mount path to the disk in question.
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
#        Default value = DEFDISKMINIMUMSPACE.

# Check the / partition and make sure it contains at least 10 megs.

#disk / 10000

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""

# -----------------------------------------------------------------------------


###############################################################################
# load average checks
#

# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE]
#
# 1MAX:   If the 1 minute load average is above this limit at query
#         time, the errorFlag will be set.
# 5MAX:   Similar, but for 5 min average.
# 15MAX:  Similar, but for 15 min average.

# Check for loads:
#load 12 14 14

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""

# -----------------------------------------------------------------------------


###############################################################################
# Extensible sections.
# 

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
# 
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

# -----------------------------------------------------------------------------


###############################################################################
# Pass through control.
# 

# Usage:
#   pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.  
#
# Note:  You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
# 
# Example:  (see the script for details)
#           (commented out here since it requires that you place the
#           script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#

# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.

###############################################################################
# Subagent control
#

# The agent can support subagents using a number of extension mechanisms.
# From the 4.2.1 release, AgentX support is being compiled in by default.
# To use this mechanism, simply uncomment the following directive.
#
#  master  agentx
#
#   Please see the file README.agentx for more details.
#


###############################################################################
# Further Information
#
#  See the snmpd.conf manual page, and the output of "snmpd -H".
#  MUCH more can be done with the snmpd.conf than is shown as an
#  example here.
root@lgustavo:~#

zekkerj · 19 de Abril de 2011, 12:37

CitarO outro ponto é que o servidor remoto esta com o snmp instalado e com a linha...

Instalado e ativo?

emanoeljulio · 19 de Abril de 2011, 13:07

Sim, esta ativo. Onde XXX.XXX.XXX.XXX esta o ip do ppp0

Código Selecionar


root@lgustavo:~# ps ax | grep snmp
8994 ?        S      0:01 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid XXX.XXX.XXX.XXX
17058 pts/0    S+     0:00 grep --color=auto snmp

zekkerj · 19 de Abril de 2011, 13:32

Liberado no firewall? Vc consegue consultar por linha de comando, no no servidor do Cacti?

snmpwalk -v2c -c public xxx.xxx.xxx.xxx

emanoeljulio · 03 de Maio de 2011, 10:31

Zekkerj, mto obrigado pela ajuda, mas vou desabafar, ja estou de cabeça quente. O problema é que só assim agente aprende.

Cara liberei tudo entre as duas máquinas, da uma olhada:

Código Selecionar


Starting Nmap 5.00 ( http://nmap.org ) at 2011-05-03 10:25 BRT
Interesting ports on fixo-0194.bandalarga.bcmg.com.br (XXX.XXX.XXX.XXX):
Not shown: 987 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
53/tcp   open     domain
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
161/tcp  filtered snmp
445/tcp  filtered microsoft-ds
1025/tcp filtered NFS-or-IIS
1720/tcp filtered H.323/Q.931
3000/tcp open     ppp
3128/tcp open     squid-http
4662/tcp filtered edonkey
5900/tcp filtered vnc
Nmap done: 1 IP address (1 host up) scanned in 6.32 seconds

zekkerj · 03 de Maio de 2011, 12:41

Depois de ver seu tópico, resolvi instalar o cacti na minha bancada de testes e "ver qualé".

Passei pelo mesmo problema, sabe? A máquina Ubuntu não respondia a SNMP. Descobri que o arquivo "/etc/default/snmpd" tem que ser modificado, pro SNMP responder a máquinas da rede. Na linha de opções, vc tem que tirar o "127.0.0.1".

Agora estou longe da máquina onde fiz a configuração, mas mais tarde posso confirmar isso pra você.