1. Download and install the following pieces of software:
* (optional) Apache and install it to c:\apache or c:\apache2. Make sure to install it as a service.
* Cacti and extract it to the root of your web server directory. Typically c:\inetpub\wwwroot\ or c:\apache2\.
* Cactid and extract it to c:\cactid.
* RRDTool and extract it to c:\rrdtool.
* PHP 4.3.6+ or 5.x and extract it to c:\php.
* MySQL 4.0 or MySQL 4.1. 5.0 is not supported unless you run it in compatibility mode and with the MySQL 5 patch. Install it to c:\mysql.
* (optional) Cygwin. Download setup.exe and keep it around until later used in the document.
* (optional) Net-SNMP and install to c:\net-snmp.
Configure PHP
1.If using PHP 4, move the files in c:\php\dlls to c:\php.
2.Add the following to your Windows PATH environment variable c:\php. The Windows
path can be accessed via the Control Panel at: System | Advanced | Environment Variables | System Variables..
3.Add the following two new environment variables to your system using the procedure above: PHPRC=c:\php.
1. If using PHP 4, create this variable: MIBDIRS=c:\php\mibs
2. If using PHP 5, create this variable: MIBDIRS=c:\php\extras\mibs
4.If using PHP 4.3.5 or less (not recommended), create the following directory c:\tmp.
5.Rename the file c:\php\php.ini.dist to php.ini, and make the following changes to it:
If using PHP 4 uncomment the following lines:
extension_dir = c:\php\extensions
extension=php_snmp.dll
extension=php_sockets.dll
cgi.force_redirect = 0
If using PHP 5 uncomment the following lines:
extension_dir = c:\php\ext
extension=php_mysql.dll
extension=php_snmp.dll
extension=php_sockets.dll
cgi.force_redirect = 0
If using PHP 4.3.5 or less include the following line. If using 4.3.6 or greater, you should remove this line if present.
session.save_path=c:\tmp
6.If you have had previous versions of PHP installed, you had likely moved the PHP system files to in the Windows directory structure. If so, you will have to remove those files. Please review your PHP installation documentation for instructions on removing those files.
7. If you want to allow template importing, uncomment the following line:
file_uploads = On
8. Give the user who will be running the scheduled task, modify rights to:
1. If using PHP 4: c:\php\mibs\.index
2. If using PHP 5: c:\php\extras\mibs\.index
Configure the Webserver (Apache)
1.Make sure you have stopped any IIS web servers before you proceed with Apache installation.
2.If you are using Apache 1.3.x, installation of PHP 5 is not recommended. If using PHP 4, add the following lines to your httpd.conf file in the c:\apache\conf directory:
LoadModule php4_module c:\php\sapi\php4apache.dll
AddModule mod_php4.c
AddType application/x-httpd-php .php
DirectoryIndex index.html index.htm index.php
3.If you are using Apache 2.x, add the following lines to your httpd.conf file in the c:\apache2\conf directory:
If using PHP 4, then add the following lines:
LoadModule php4_module c:\php\sapi\php4apache2.dll
AddType application/x-httpd-php .php
DirectoryIndex index.html index.htm index.php
If using PHP 5, then add the following lines:
LoadModule php5_module c:\php\php5apache2.dll
AddType application/x-httpd-php .php
DirectoryIndex index.html index.htm index.php
Configure the Webserver (IIS)
1.Start the Internet Information Services (IIS) Manager, right click on Default Web Site (in most cases) and select Properties.
2.Under the Home Directory tab, select Configuration and click Add. Browse to the path of php4isapi.dll or php5isapi.dll, and type in .php as the extension.
IIS6: Enable All Verbs and Script Engine.
3.Under the ISAPI Filters tab, click Add and browse to the php4isapi.dll or
php5isapi.dll file. Name the filter "php" and click OK.
4.Under the Documents tab, add index.php to the top of the list.
5. If using IIS6, go to Web Service Extensions and add a new Web Service Extension. Name the extension "php", click Add and browse to the php4isapi.dll or php5isapi.dll file, enable Set Extension status to Enable, and click OK.
6. Under the Default Web Site, right click on Cacti and select Properties.
7. Under the Directory tab, click the Write checkbox..
8. Give the IUSR_XXXX and IIS_WPG users read & execute permissions to the file %windir%\system32\cmd.exe. They will also need read permissions on
9. IIS6: Give the IIS_WPG user modify permissions to the folders /cacti/log and /cacti/rrd.
10.Completely stop and start the IIS service using the following commands:
net stop iisadmin
net start w3svc
Install Cygwin (optional)
1. Installing a single instance of Cygwin, and using it for all applications that require it is recommended so you do not have different versions of the Cygwin dlls laying around on your system, which can cause conflicts.
2. Run setup.exe you previously downloaded.
3. Once you reach the portion of setup entitled Select Packages, install the following:
Base (whole thing)
Libs
libart_lgpl
libfreetype26
libpng12
zlib
Utils
patch
Web
wget
4. Add c:\cygwin\bin to your system path.
5. Move setup.exe to c:\cygwin for future use.
Install RRDTool
1. If you have Cygwin installed, remove the DLL files from the c:\rrdtool directory.
Configure MySQL
1.Start MySQL by running c:\mysql\bin\winmysqladmin.exe.
2.Set a password for the root user
shell> cd mysql\bin
shell> mysqladmin --user=root password somepassword
shell> mysqladmin --user=root --password reload
3.Create the MySQL database:
shell> mysqladmin --user=root --password create cacti
4.Import the default Cacti database:
shell> mysql --user=root --password cacti < c:\apache2\htdocs\cacti\cacti.sql
5.Optional: Create a MySQL username and password for Cacti.
shell> mysql --user=root --password mysql
mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword';
mysql> flush privileges;
6. If you're running MySQL 4.1 then you will need to apply the old password trick for user authentication to work with Cacti.
Stop the MySQL service and add the following to Start Parameter field. Start it again once it has been added.
--old-passwords
You will also need to update the cactiuser account with the old password style:
shell> UPDATE mysql.user SET Password = OLD_PASSWORD('cactipw') WHERE Host = 'localhost' AND User = 'cactiuser';
mysql> FLUSH PRIVILEGES;
7. If you're running MySQL 5, then you will need to run it in compatibility mode by specifying the following in the Start Parameter field for the MySQL service:
--sql-mode=MYSQL40
Install Net-SNMP
1.If you plan to use any hosts with SNMP v2c support, you must download and install the Net-SNMP libraries. Net-SNMP provides installers to install their product. However, caution must be taken not to use long file names as Cacti does not support them in this version. We suggest you install Net-SNMP in a directory such as c:\net-snmp.
Configure Cactid
1.Modify the cactid.conf file in c:\cactid to include the following statements.
DB_Host IP_Address or Hostname (not localhost)
DB_Database cacti
DB_User cactiuser
DB_Password cactipw
All other pre 0.8.6 settings are obsolete. Cactid may not complain if you leave them in, but they are not longer required. Cactid now comes with a binary distribution. Therefore, a basic installation of Cygwin is not longer required, but suggested to help maintain dll version conflicts.
2.If you have Cygwin installed, remove the DLL files and the SH.EXE file from the c:\cactid directory.
Configure Cacti
1.Edit
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cactipw";
2.Point your web browser to:
http://your-server/cacti/
Log in the with a username of admin and password of admin. You will be required to change this password immediately.
Once logged in, you must go to Settings->Paths and verify/update your paths to point to the correct locations. Recommended examples are posted below. If you plan on using Cactid, then it is very important that your all your paths and scripts use forward slashes.
PHP Binary Path:
If using PHP 4, you should change this to:
c:/php/php.exe
If using PHP 5, you should change this to:
c:/php/php.exe
RRDTool Binary Path:
c:/rrdtool/rrdtool.exe
RRDTool Default Font Path:
c:/windows/fonts/arial.ttf
RRDTool Version:
Select the appropriate version
SNMPGET, SNMPWALK Paths:
c:/net-snmp/bin/snmpget.exe
c:/net-snmp/bin/snmpwalk.exe
Cacti Logfile Path:
c:/mycacti/website/cacti/log/cacti.log
Cactid Path:
c:/cactid/cactid.exe
3. Click on Devices. Delete Localhost, since it's set up to use the Linux host template. In the upper right corner, click on Add. Fill in the following information and then click Add.
Description: localhost
Hostname: localhost
Host Template: Windows 2000/XP
4. You should now be looking at the localhost device screen. Right under it's name, there should be some SNMP information listed, if not you should double check the SNMP settings on the server and firewall settings. In the upper right-hand corner, click on Create Graphs for this Host. On the following screen, select a disk partition and network interface. At the bottom of the page, click on Create.
5. Log into the user account you'll be using for the scheduled task and verify starting a Cacti polling cycle works. Do this by running the following from the command prompt:
php c:\
The output should look something like this:
C:\>php c:\inetpub\wwwroot\cacti\poller.php
OK u:0.00 s:0.06 r:1.32
OK u:0.00 s:0.06 r:1.32
OK u:0.00 s:0.16 r:2.59
OK u:0.00 s:0.17 r:2.62
10/28/2005 04:57:12 PM - SYSTEM STATS: Time:4.7272 Method:cmd.php Processes:1 Threads:N/A Hosts:1 HostsPerProcess:2 DataSources:4 RRDsProcessed:2
After this has ran once, you should have cacti.log in /cacti/log/ and rrd files in /cacti/rra/.
6.You are going to need to schedule a task while logged on as an Administrator account, so poller.php can run every 5 minutes. Make sure the Task Scheduler service is started and follow the steps below to begin.
1.Select Start --> Settings --> Control Panel and double click on Scheduled Tasks.
2.Double click on Add Scheduled Task.
3.Click Next and Browse on the following screen. Find c:\php and select php.exe. If using PHP 5 with Cacti 0.8.6f or earlier, use php-win.exe instead. Choose Daily on and click Next.
4.Click Next again without changing the time or date settings.
5.When entering a username and password make sure the user has modify access to the following directories:
c:\
c:\
Make sure the user has read, and execute access to the following directories:
c:\php\
c:\
6.Click Next and Finish to close the wizard.
7.Right click on the task you just created, and select Properties.
8.Select the Schedule tab.
9.Make sure Daily is selected and click the Advanced button.
10.Check the Repeat checkbox, set the repetition for every 5 minutes, set the duration for 24 hours, and check the If the task is still running, stop it at this time checkbox.
11.Click Ok
12.In the Run textbox enter the following text making sure to use the appropriate paths.
c:\php\php.exe c:\
The start in box should say c:\
Apply Patches
1. There are two methods of applying patches to Cacti:
1. If you have Cygwin installed, then the patch instructions which use wget and patch, will work.
2. The other method requires you to visit http://www.cacti.net/downloads/patches/
2. You might need to reapply file/folder security on the files patched. Double check they are correct.
Tweaking
There are several things you can do to speed up your Cacti web server. It's suggested that you only apply these after you have a fully functional Cacti installation.
1. Switch the polling agent in Cacti from cmd.php to Cactid.exe. Go to Settings | Poller | Type.
2. Install the Zend Optimizer for PHP.
3. Set up the query cache in MySQL. Read about how to properly configure the settings. You will need to stop the MySQL service when you edit c:\mysql\my.ini and put in the following:
#The memory allocated to store results from old queries.
query_cache_size=16M
#Don't cache results that are bigger than this.
query_cache_limit=1M
#Query cache type to use.
query_cache_type=1
4. Install FastCGI, which can offer x4 to x8 improvement (for IIS users at least).
5. An extensive list of other optimizations for PHP and MySQL can be found over at phplens.com.
Chapter 4. Upgrading Cacti
1.Backup the old Cacti database.
shell> mysqldump -l --add-drop-table cacti > mysql.cacti
Note: You will probably have to specify the -u and -p flags for the MySQL username and password. This user must have permission to read from Cacti's database or you will end up with an empty backup.
2.Backup the old Cacti directory.
shell> mv cacti cacti_old
3.Extract the distribution tarball.
shell> tar xzvf cacti-version.tar.gz
4.Rename the new Cacti directory to match the old one.
shell> mv cacti-version cacti
5.Edit include/config.php and specify the MySQL user, password and database for your Cacti configuration.
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cacti";
6.Copy the *.rrd files from the old Cacti directory.
shell> cp cacti_old/rra/* cacti/rra/
7.Copy any relevant custom scripts from the old Cacti directory. Some script are updated between versions. Therefore, make sure you only over write if the scripts either don't exist or are newer than the distribution's.
shell> cp -u cacti_old/scripts/* cacti/scripts/
8.Copy any relevant custom resource XML files from the old Cacti directory. Some resource XML files are updated between versions. Therefore, make sure you only over write if the XML files either don't exist or are newer than the distribution's.
shell> cp -u -R cacti_old/resource/* cacti/resource/
9.Set the appropriate permissions on Cacti's directories for graph/log generation. You should execute these commands from inside Cacti's directory to change the permissions.
shell> chown -R cactiuser rra/ log/
(Enter a valid username for cactiuser, this user will also be used in the next step for data gathering.)
10.Point your web browser to:
http://your-server/cacti/
Follow the on-screen instructions so your database can be updated to the new version.
II. Basics
Table of Contents
5. Principles of Operation
6. Graph Overview
7. How to Graph Your Network
8. Viewing Graphs
9. User Management
Chapter 5. Principles of Operation
Table of Contents
Data Retrieval
Data Storage
Data Presentation
Cacti operation may be divided into three different tasks:
Figure 5-1. Principles of Operation
Chapter 3. Installing Under Windows
Data Retrieval
First task is to retrieve data. Cacti will do so using its Poller. The Poller is executed from the operating system's scheduler, e.g. crontab for Unix flavored OSes.
In current IT installations, you're dealing with lots of devices of different kind, e.g. servers, network equipment, appliances and the like. To retrieve data from remote targets/hosts, cacti will mainly use the Simple Network Management Protocol SNMP. Thus, all devices capable of using SNMP will be eligible to be monitored by cacti.
Later on, we demonstrate how to extend cacti's capabilities of retrieving data to scripts, script queries and more.
Chapter 6. Graph Overview
Almost everything in Cacti is somehow related to a graph. At any time, you can list all available graphs by clicking on the Graph Management menu item. While it is possible to manually create graphs through this screen, new users should follow the instructions provided in the next chapter for creating new graphs in Cacti.
For users that are familiar with RRDTool , you will immediately recognize that a graph in Cacti is closely modeled after RRDTool's graphs. This makes sense since Cacti provides a user friendly interface to RRDTool without requiring users to understand how RRDTool works. With this in mind, every graph in Cacti has certain settings and at least one graph item associated with it. While graph settings define the overall properties of a graph, the graph items define the data that is to be represented on the graph. So the graph items define which data to display and how it should displayed, and also define what should be displayed on the legend.
Each graph and graph item has a set of parameters which control various aspects of the graph. Fortunately through the use of graph templates, it is not necessary to understand the function of each field to create graphs for your network. When you are ready to take on the task of creating your own graph templates, extensive field descriptions for both graphs and graph items are provided in that section of the manual.
Chapter 7. How to Graph Your Network
Table of Contents
Creating a Device
Creating the Graphs
At this point, you probably realize that graphing is Cacti's greatest strength. Cacti has many powerful features that provide complex graphing and data acquisition, some which have a slight learning curve. Do not let that stop you however, because graphing your network is incredibly simple.
The next two sections will outline the two basic steps which are typically required to create graphs for most devices.
Creating a Device
The first step to creating graphs for your network is adding a device for each network device that you want to create graphs for. A device specifies important details such as the network hostname, SNMP parameters, and host type.
To manage devices within Cacti, click on the Devices menu item. Clicking Add will bring up a new device form. The first two fields, Description and Hostname are the only two fields that require your input beyond the defaults. If your host type is defined under the host template dropdown, be sure to select it here. You can always choose "Generic SNMP-enabled Host" if you are just graphing traffic or "None" if you are unsure. It is important to remember that the host template you choose will not lock you into any particular configuration, it will just provide more intelligent defaults for that type of host.
Figure 7-1. Adding a New Device
The field definitions are as follows
Table 7-1. Device Field Definitions
Field Description
Description This description will show up in the first column of the device list. You may refer to it e.g. in graph titles
Hostname Either an IP address or a hostname. The hostname will be resolved using the standard host resolving mechanisms, e.g. Dynamic Name Services (DNS)
Host Template A Host Template is a container for a list of graph templates that will be related to this host.
Notes New with cacti 0.8.7. Add notes to a host to add arbitrary text.
Disable Host Exclude this host from being polled. This is of particular value, if a device is no longer available, but should be kept e.g. as a reference.
Availability/Reachability Options
Downed Device Detection
NONE: Deactivate downed host detection
PING and SNMP: perform both tests
SNMP: verify SNMP check on OID .1 and .1.3
ICMP: perform a ping test, see below
Ping Method
Available only for "PING and SNMP" or "PING"
ICMP: perform ICMP tests. Requires permissions
UDP: perform a UDP test
TCP: perform a TCP test
Ping Port
Available only for UDP/TCP PING test types.
Please define the port to be tested here. Make sure, that no firewall intercepts the tests
Ping Timeout Value After this time, the test fails. Measured in units of milliseconds
Ping Retry Count The number of times Cacti will attempt to ping a host before failing.
SNMP Options
SNMP Version
Version 1: Use SNMP Version 1. Be aware, that 64bit counters are not supported in this SNMP version
Version 2: Referred to as SNMP V2c in most SNMP documentations
Version 3: SNMP V3, supporting authentication and encryption
SNMP Community SNMP read community for this device.
SNMP Port Enter the UDP port number to use for SNMP (default is 161).
SNMP Timeout The maximum number of milliseconds Cacti will wait for an SNMP response (does not work with php-snmp support).
Maximum OID's Per Get Request
This is a performance feature. Specifies the number of OID's that can be obtained in a single SNMP Get request.
NOTE: This feature only works when using Spine
NOTE: Some devices do not support values > 1
Security Options for SNMP V3
SNMP Username The username of an SNMP V3 createUser statement or equivalent
SNMP Password The authpassphrase of an SNMP V3 createUser statement or equivalent
SNMP Auth Protocol The authentication type of an SNMP V3 createUser statement or equivalent. Select either MD5 or SHA. This entry defaults to MD5.
SNMP Privacy Passphrase The privacy passphrase of an SNMP V3 createUser statement or equivalent.
SNMP Privacy Protocol The privacy protocol of an SNMP V3 createUser statement or equivalent. Select either DES or AES. This entry defaults to DES.
SNMP Context When using the View-Based Access Control Model (VACM), it is possible to specify an SNMP Context when mapping a community name to a security name with a com2sec directive, with the group directive and the access directive. This allows for defining special access models. If using such a parameter with your target's SNMP configuration, specify the context name to be used to access that target here.
After saving your new device, you should be redirected back to the same edit form with some additional information. If you configured SNMP for this host by providing a valid community string, you should see various statistics listed at the top of the page. If you see "SNMP error" instead, this indicates an SNMP problem between Cacti and your device.
Towards the bottom of the page there will be two addition boxes, Associated Data Queries, and Associated Graph Templates. If you selected a host template on the previous page, there will probably be a few items in each box. If there is nothing listed in either box, you will need to associate at least one data query or graph template with your new device or you will not be able to create graphs in the next step. If no available graph template or data query applies to your device, you can check the Cacti templates repository or create your own if nothing currently exists.
A Word About SNMP
The SNMP version that you choose can have a great effect on how SNMP works for you in Cacti. Version 1 should be used for everything unless you have reason to choose otherwise. If you plan on utilizing (and your device supports) high-speed (64-bit) counters, you must select version 2. Starting with Cacti 0.8.7, version 3 is fully implemented.
The way in which Cacti retrieves SNMP information from a host has an effect on which SNMP-related options are supported. Currently there are three types of SNMP retrieval methods in Cacti and are outlined below.
Table 7-2. SNMP Retrieval Types
Type Description Supported Options Places Used
External SNMP Calls the net-snmp snmpwalk and snmpget binaries that are installed on your system. All SNMP options Web interface and PHP poller (poller.php)
Internal SNMP (php-snmp) Uses PHP's SNMP functions which are linked against net-snmp or ucd-snmp at compile time. Version 1 Only (Community and Port) Web interface and PHP poller (poller.php)
Spine SNMP Links directly against net-snmp or ucd-snmp and calls the API directly. All SNMP options C-Based Poller (Spine)
SNMP V3 Options Explained
SNMP supports authentication and encryption features when using SNMP protocol version 3 known as View-Based Access Control Model (VACM). This requires, that the target device in question supports and is configured for SNMP V3 use. In general, configuration of V3 options is target type dependant. The following is cited from man snmpd.conf concerning user definitions
[ SNMPv3 Users
createUser [-e ENGINEID] username (MD5|SHA) authpassphrase [DES|AES] [privpassphrase]
MD5 and SHA are the authentication types to use. DES and AES are the privacy
protocols to use. If the privacy passphrase is not specified, it is assumed
to be the same as the authentication passphrase. Note that the users created will
be useless unless they are also added to the VACM access control tables
described above.
SHA authentication and DES/AES privacy require OpenSSL to be installed and the
agent to be built with OpenSSL support. MD5 authentication may be used without
OpenSSL.
Warning: the minimum pass phrase length is 8 characters.]
VACM directives are explained from man snmpd.conf as follows
[ VACM Configuration
The full flexibility of the VACM is available using four configuration directives -
com2sec, group, view and access. These provide direct configuration of the underlying
VACM tables.
com2sec [-Cn CONTEXT] SECNAME SOURCE COMMUNITY
map an SNMPv1 or SNMPv2c community string to a security name - either from a
particular range of source addresses, or globally ("default"). A restricted
source can either be a specific hostname (or address), or a subnet -
represented as IP/MASK (e.g. 10.10.10.0/255.255.255.0), or IP/BITS
(e.g. 10.10.10.0/24), or the IPv6 equivalents.
The same community string can be specified in several separate directives
(presumably with different source tokens), and the first source/community
combination that matches the incoming request will be selected. Various
source/community combinations can also map to the same security name.
If a CONTEXT is specified (using -Cn), the community string will be mapped
to a security name in the named SNMPv3 context. Otherwise the default
context ("") will be used.
group GROUP {v1|v2c|usm} SECNAME
maps a security name (in the specified security model) into a named group.
Several group directives can specify the same group name, allowing a single
access setting to apply to several users and/or community strings.
Note that groups must be set up for the two community-based models separately -
a single com2sec (or equivalent) directive will typically be accompanied by two
group directives.
view VNAME TYPE OID [MASK]
defines a named "view" - a subset of the overall OID tree. This is most commonly
a single subtree, but several view directives can be given with the same view
name, to build up a more complex collection of OIDs. TYPE is either included
or excluded, which can again define a more complex view (e.g by excluding certain
sensitive objects from an otherwise accessible subtree).
MASK is a list of hex octets (separated by "." or ":")
with the set bits indicating which subidentifiers in the view OID to match against.
This can be used to define a view covering a particular row (or rows) in a table.
If not specified, this defaults to matching the OID exactly (all bits set), thus
defining a simple OID subtree.
access GROUP CONTEXT {any|v1|v2c|usm} LEVEL PREFX READ WRITE NOTIFY
maps from a group of users/communities (with a particular security model
and minimum security level, and in a specific context) to one of three views,
depending on the request being processed.
LEVEL is one of noauth, auth, or priv. PREFX specifies how CONTEXT should be
matched against the context of the incoming request, either exact or prefix.
READ, WRITE and NOTIFY specifies the view to be used for GET*, SET and
TRAP/INFORM requests (althought the NOTIFY view is not currently used). For
v1 or v2c access, LEVEL will need to be noauth.]
As an example, following definitions in the snmpd configuration create a set of definitions for use with SNMP V3
# sample configuration for SNMP V3
# create an SNMP V3 user with an authpassphrase and a privacy passphrase
## username authProto authpassphrase privProto privpassphrase
## -------- --------- -------------- --------- --------------
createUser gandalf MD5 myauthpass DES myprivpass
# Second, map the security name into a group name:
## groupName securityModel securityName
## --------- ------------- ------------
group groupv3 usm gandalf
# Third, create a view for us to let the group have rights to:
## incl/excl subtree mask
## --------- ------- ----
view all included .iso 80
# Fourth, create the access for that group without context
## context sec.model sec.level prefix read write notif
## ------- --------- --------- ------ ---- ----- -----
access groupv3 "" any auth exact all all all
When adding this stuff to your snmp configuration, please remember to restart the agent. Verify this setting using
shell>snmpwalk -v 3 -a MD5 -A myauthpass -x DES \
-X myprivpass -u gandalf -l authpriv localhost interface
IF-MIB::ifNumber.0 = INTEGER: 3
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: irda0
IF-MIB::ifDescr.3 = STRING: eth0
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.2 = INTEGER: other(1)
IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6)
...
Chapter 8. Viewing Graphs
Graph Trees
A graph tree can be thought of as a hierarchical way of organizing your graphs. Each graph tree consists of zero or more headers or branch nodes that contain leaf nodes such as graphs or trees. Multiple graph trees or branches within a single tree can be combined to form a very powerful way of organizing your graphs.
Creating a Graph Tree
To create a new graph tree, select the Graph Trees menu item under the Management header. Select Add on this page to create a new tree. The following page will prompt you for a tree name, which will be used to identify the graph tree throughout Cacti. Along with the Name, you may select one of four currently supported Sorting Types
Table 8-1. Tree Sporting Type Definitions
Field Description
Name Name of the tree entry. The sort order of all trees themselves is always alphabetical
Sorting Type
Manual Ordering (No Sorting): You may chance the sequence at your will
Alphabetical Ordering: All subtrees are ordered alphabetically, unless specifies otherwise (you may chance sort options at subtree lebel), i.e. 1, Ab, ab
Natural Ordering: ie. ab1, ab2, ab7, ab10, ab20
Numeric Ordering: Leading zeroes are not taken into account when ordering numerically, i.e. 01, 02, 4, 04
Once you type a name, click the Create button to continue. You will be redirected to a page similar to the one below, but without all of the items.
Figure 8-1. Editing a Graph Tree
To start adding items to your tree, click add in the Tree Items box. There are currently three different types of tree items you can choose from: header, graph, or host. Simply choose the type you want, fill in the value for that type, and click Create to make your new graph tree item. Clicking the Add link to the right of any branch will add the new item below that branch, you can change the branch that any item belongs to by changing its Parent Item field.
Please note the "++" and the "--" buttons. They will help you managing large trees. Pressing the "--" will collapse all tree levels while "++" expands all of them. You may expand each single subtree of a collapsed tree to reorder, add or delete entries without much scrolling.
Chapter 9. User Management
Table of Contents
Editing an existing User
Creating a New User
Copying a user
Enable/Disable Users
Batch Copy Users
Delete Users
Guest (Anonymous) Access
In addition to giving you the tools to create sophisticated graphs, Cacti enables you to create users that are tailored specifically to their requirements. Each user has certain settings such as login actions, as well as graph viewing settings. There are also two levels of permissions control, realm permissions and graph permissions which enable you to control what the user can see and change.
Figure 9-1. User Management
Out of the box, there are two users that come with every Cacti installation. The "admin" user, is the main user that by default has access to see and change everything in Cacti. This is the user that you first login with in Cacti, and is probably a good idea to keep around unless you know otherwise. The second user is the "guest" user, which controls which areas/graphs are allowed for unauthenticated users. By default this user only has rights to view, but not change all graphs. This enables any unauthenticated user to visit 'graph_view.php' and view your graphs. This behavior can be changed by either changing the realm permissions for the "guest" user, or disabling the guest user altogether under Cacti Settings. By default in 0.8.7 and later, the "guest" user is not set in the setting, effectively disabling "guest" (Unauthenticated) access to Cacti.
Editing an existing User
To edit an existing user, select the User Management item under the Utilities heading on the Cacti menu. Once at the user management screen, click username of the user you wish to edit. You will see a screen that looks similar to the image below.
Figure 9-2. Editing a User
At minimum, you must specify a User Name and a Password for each user. Each user field is described in more detail below. In addition to these fields, each user can have their own realm permissions", graph permissions, and graph settings. Each of these items are described in this section of the manual.
Table 9-1. Field Description: User Management
Name Description
User Name This field contains the actual login name for the user. There are no character limits this field, but it would make sense to keep it to alphanumeric characters to maintain simplicity.
Full Name (Optional) You can use this field as a more descriptive identifier for the user. It is currently only used for display on the user management page.
Password Enter the password for the user twice, once in each text box. Keep in mind that passwords are case sensitive and the password will remain unchanged if the boxes are both left empty.
Account Options There are currently two account related options that can be set for each user. The first, 'User Must Change Password at Next Login', forces a password change immediately after the user logs in. The second option, 'Allow this User to Keep Custom Graph Settings', dictates whether the user can maintain their own custom graph viewing settings which includes expanding and collapsing trees.
Graph Options There are three permission related options that can be set for each user here. The 'User Has Rights to {Tree,List,Preview} View' checkboxes dictate which graph viewing areas the user can see.
Login Options These options dictate what occurs immediately after the user logs in. The first option, 'Show the page that user pointed their browser to.' will point the user to whatever page they were heading to before being interrupted by the login page. The 'Show the default console screen.' option will always point the user to 'index.php' after a successful login. The last option, 'Show the default graph screen.' will point the user to 'graph_view.php' after a successful login.
Authenication Realm Multiple types of users can exist in Cacti. This setting allows you to specify a user for use with Local, Web Basic or LDAP authenication. Template users must be Local.
Realm Permissions
Realm permissions control which areas of Cacti a user can access. You can edit a user's realm permissions by selecting User Management and choosing the user you want to edit the permissions for. The Realm Permissions box will be displayed in the lower part of the screen. Each "realm" is a grouping that represents common tasks in Cacti, making it easier to fine tune each user's access.
If you want to create a user that can only view graphs, you should select the View Graphs realm and leave everything else unchecked. See the Graph Permissions section for more information about how to fine tune this even more on a per-graph basis. Conversely, if the user needs to access the console, they will need Console Access and any additional realms that you see fit.
Graph Permissions
Graph permissions control which graphs a user is allowed to view, it does not apply to editing graphs. You can edit a user's graph permissions by selecting User Management and choosing the user you want to edit the permissions for. Now select the Graph Permissions tab to view this user's graph permissions. There are three different ways that you can apply graph permissions, by graph, by host, or by graph template. This works by allowing or denying the user to all graphs associated with the particular group. So you can deny a user to a single graph, all graphs associated with a particular host, or all graphs associated with a particular graph template. Combining these three types of assigning graph permissions results in a very powerful graph policy editor.
Each assignment type contains a Default Policy dropdown which can be used to control whether the user should be allowed to view everything or be denied from everything by default in the particular group. It is very important to remember that these policies are evaluated in the order: graph, host, graph template. Therefore, if you set graph's default policy to Deny, but kept host and graph template at Allow, the user's effective policy would be Deny since the graph assignment type is evaluated first. You typically either want to set all default policies to Deny for a restrictive user, or Allow for a non-restrictive user. If you thoroughly understand Cacti's graph permissions system, these default policies can be combined to provide very complex results.
Graph Settings
Cacti stores certain graph viewing settings for each user, which enables each user to view graphs in an optimal way. These preferences controls things such as the preview graph size or the default graph viewing mode to use. In addition to managing these settings here under user management, each user can change their own settings by clicking on the Graphs tab and selecting the Settings tab on the following page. If you want to prevent a user from being able to keep their own graph preferences, uncheck the Allow this User to Keep Custom Graph Settings checkbox in user management. The user will be presented with an "Access Denied" error message if they attempt to click the Settings tab when this box is checked.
Referensi : http://www.cacti.net/downloads/docs/html/basics.html
http://www.cacti.net/downloads/docs/html/index.html
Tidak ada komentar:
Posting Komentar