Cacti 0.8.8c - Initial installation on Linux CentOS 7. [TESTED]

I was needed to setup Cacti system to collect Cisco IP SLA statistics. Here is a little note for myself.

Basic CentOs 7 installation

• Download CentOS-7.0-1406-x86_64-Minimal.iso from http://isoredirect.centos.org/centos/7/isos/x86_64/.
• Upload ISO to ESXi Datastorage
• Create VM, mount ISO then power on VM.
• While CentOS 7 menu is visible press TAB, then add vga=791 at the end of the string to get more higher screen resolution (1024×768):

> vmlinuz initrd=initrd.img inst.stage2=hd:LABEL=CentOSx207x20x86_64 quiet vga=791

• Setup some basic parameters, not that you have to create regular (NOT LVM) /boot partition (/boot filesystem cannot be of type lvmlv).
• Then I’ve found some little problems. Network interface hasn’t been enabled even after network restart. Probably, I didn’t notice a checkbox during the installation. To solve it:

vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes

/etc/init.d/network restart

• To setup hostname.

vi /etc/hostname
cacti.example.com

reboot

• The most useful command for me ifconfig has not been installed.

yum -y install net-tools

• According to the new network interfaces naming scheme, network interface has name ens160 instead of eth0. I decided to rename it w/o disabling new scheme. To do it, I was needed to create a new file for rules. Reboot is required.

vi /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:32:00:01", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

reboot

• I got kernel messages like “localhost kernel: dm-1: WRITE SAME failed. Manually zeroing.”. I applied workaround mentioned here and here, but none of these solved the solution. Just let it go for a while.

• Setting up NTP to keep local time quite precise:

yum -y install ntp

rm -f /etc/localtime
ln -s /usr/share/zoneinfo/PST8PDT /etc/localtime

vi /etc/ntp.conf
server pool.ntp.org iburst prefer

systemctl enable ntpd
systemctl start ntpd
ntpq -p
date

• Disable SELinux:

vi /etc/selinux/config
SELINUX=permissive

You can disable it manually to avoid from reboot:

setenforce 0

sestatus | grep -i mode
Current mode:                   permissive
Mode from config file:          permissive

• To get root’s emails:

vi /etc/aliases
# Person who should get root's mail
root:           alexey@gmail.com

newaliases

Cacti installation

• Install necessary packages.

yum -y install httpd php php-mysql php-snmp mariadb-server net-snmp net-snmp-utils rrdtool-devel

• Configure TZ for PHP:

vi /etc/php.ini
[Date]
date.timezone = PST8PDT

• Enable MySQL:

systemctl status mariadb
systemctl enable mariadb
systemctl start mariadb

• Setup mysql root password:

mysqladmin -u root -h 127.0.0.1 password your_root_password

• Create DB for cacti:

mysql -h 127.0.0.1 -u root -p -e 'CREATE DATABASE cacti'

• Grand privileges for cactiuser:

mysql -h 127.0.0.1 -u root -p

mysql> grant all on cacti.* to cactiuser@localhost identified by 'cacti_password';
mysql> flush privileges;

• Select the latest Cacti version from http://www.cacti.net/downloads/ and install it:

cd /var/www/html/
mkdir cacti
cd cacti

yum -y install wget
wget http://www.cacti.net/downloads/cacti-0.8.8c.tar.gz
tar zxvf cacti*
cp -R cacti*/* .

# Cleaning:
rm -rf *.tar.gz cacti-*

• Import DB then check the result:

mysql -u cactiuser --password='cacti_password' cacti < cacti.sql

mysql -u cactiuser --password='cacti_password' -e 'show tables from cacti'

# Cleaning:
rm -f cacti.sql

• Configure DB access parameters:

vi include/config.php
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cacti_password";
$database_port = "3306";

$url_path = "/";

• Configure Apache:

vi /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html/cacti"

systemctl start httpd
systemctl enable httpd
systemctl status httpd

• Disable iptables/firewall:

systemctl stop firewalld
systemctl disable firewalld

• Go to http://server_ip/, use default login/password admin/admin and perform initial installation.
• Create special user for poller and provide privileges for important folders:

useradd cactiuser
chown -R cactiuser /var/www/html/cacti/rra/ /var/www/html/cacti/log/

• Enable poller:

vi /etc/crontab
*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1

• Check log file:

tail -f /var/www/html/cacti/log/cacti.log

SolarWinds - How to create a chart for active AnyConnect sessions. [TESTED]

I wanted to know how many active sessions we have throughout the day. Here is an example how to solve it using SolarWinds.

We are going to use the following SNMP OID: CISCO-REMOTE-ACCESS-MONITOR-MIB::crasSVCNumSessions.0 which has a description “The number of currently active SVC sessions”.

Procedure

• Start > “Universtal Device Poller” > “New Universal Device Poller”
– OID: 1.3.6.1.4.1.9.9.392.1.3.35.0
– Name: CiscoASA_AnyConnect_Active_Sessions
– Description: The number of currently active SVC (AnyConnect) sessions.
– MIB Value Type: Raw Value
– Format: None
– SNMP Get Type: GET
– Polling Type: Node
– Polling Interval: 1 minutes.
– Keep Historical Data: Yes
– Status: Enabled
– Group: Cisco
• Then “Next”.
• After that select test node and click “Test” > Next.
– Do you want to display results on your Orion website?: Yes
– Select “Chart” for “Note Details - Summary”.
– Do not show this poller if it is not assigned
• Finish
• Then go to the Node Detail, find created chart and by clicking “Edit” modify description, zoom properties, etc.

Cisco Prime Infrastructure and IP SLA.

Well, I just want to create a little note for myself about CPI 2.2 and IP SLA feature.

• Monitoring of IP SLA is possible, but you have to add it manually and I’ve found this way is very complicated ans isn’t usable - Cisco Prime Infrastructure 2.2 User Guide > Monitoring your network > Monitoring Third-Party Devices By Polling MIBs > Example: Monitoring IP SLA.

• “IP SLA provisioning” feature is not yet available in Prime Infrastructure. This is targeted for a yet to be named future release. Each subsequent PI release after 2.2 is targeted to get more of the feature LMS functionality into Prime Infrastructure with the intent of PI being the replacement for the outdated LMS software. Once this takes place, LMS will be retired. Expect this to take place over the next several release cycles for the PI software.

• In addition, I’ve found some publicly available thread: What are Prime Infrastructure’s IP SLA capabilities?.

Jose Macario - Bias Clean Tone.

Cisco Linksys E900 - Initial setup. [TESTED]

Here is a quick note how to do basic configuration. Recently I was need to set this up…

• Power on the device, connect local PC to any of 4 LAN ports.
• Configure on local PC static IP address 192.168.1.2/24 and check if 192.168.1.1 is pingable. If NO - you have to reset the device to hardware defaults.
• Reset the device to factory defaults if required - Press and hold the Reset button located at the bottom of the router for approximately five seconds then release. When devices is booted, 192.168.1.1 should be pingable.
• Connect to WebGUI using HTTP and default login/password: admin/admin or blank/admin (by blank I mean NO login, password ONLY).
• Skip all the stuff about “Cisco Connect” to configure it manually.
• In upper right corner of the page you will see FW version. In my case it was 1.0.00 - initial one.
• Upgrade the FW to the latest one.
Here you can find everything, as well as “User Guide”.
Here you can find “Release Notes” for the latest Firmware.
Firmware 1.0.05.
Firmware 1.0.06 (01/16/2015).
Administration - Firmware Upgrade > Browse. The upgrade process takes ~1 minute.
• I used the following public DNS servers:
– 8.8.8.8
– 8.8.4.4
• Wireless settings are simple: Wireless > Manual > Mixed > Type SSID > Auto > Auto > Enabled.
• Wireless Security: Security Mode > WPA2 Personal > Type desired Passphrase.
• By default WAN ip address is not pingable, but you can enable it: Security > Firewall > Filter Anonymous Internet Requests > Disabled > Save Settings.
• You can also configure Remote Access for the certain IP address range.

Admin area