Kent Ickler //
ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential for this blog entry to be used as an opportunity to learn and to possibly update or integrate into modern tools and techniques.
What is Cacti?
Cacti is a network system that inputs system-generated quantifiable data and presents the data in spiffy graphs.
In the Net-Admin world, it gives you time-critical and time-historical data to help you make important decisions. Typical data inputs are things like: switch-port-utilization, environmental information (temperature, humidity, etc.), system criticals: storage space, CPU time, etc.
Combined with SIEM and other system data sources, Cacti can be used to generate security baseline and normalization patterns. It’s also a quick sanity check on the network.
Installing Ubuntu 16.04
We are installing from the ISO ubuntu-16.04.2-server-amd64.iso
Complete a the typical setup, however, ensure that the LAMP package is installed during OS install packet selection.
You will be prompted to create a MySQL root account password. Create the password (don’t leave it blank), keep it handy (you’ll need it soon when working with mysql and mysqladmin) and continue on.
After installation, login. Note all those updates we need to do!
Update Base System
sudo -s apt-get update apt-get upgrade reboot -h now
After the updates are completed, setup your network stack. Then reboot.:
sudo -s nano /etc/network/interfaces
Notes on nano: CTRL+O to write changes, CTRL+X to close
Update your network settings and reboot once more.
reboot -h now
Note on sudo & root
Most of the work done from here on out is done at root since most this work is done within /opt/ and installing bits.
After the reboot login once again.
We have some pre-req’s that need to be installed for Cacti:
apt-get install php-xml php-ldap php-mbstring php-gd php-snmp php-gmp rrdtool snmp librrds-perl
Download Cacti files:
wget http://www.cacti.net/downloads/cacti-1.1.10.tar.gz tar xvzf cacti-1.1.10.tar.gz mv cacti-1.1.10 /opt/cacti
Setup Log locations
mkdir /opt/logs touch /opt/logs/cacti.log touch /opt/logs/httpd_access.log touch /opt/logs/httpd_error.log chown -R www-data /opt/logs/*
Configure SQL Database
#Create cacti database mysqladmin --user=root --password create cacti ###Enter your mysql root password #Populate the Cacti database mysql --user root -p cacti < /opt/cacti/cacti.sql ###Enter your mysql root password ###This process will take a few minutes, be patient and wait for the prompt to return #Create Timezone tables in SQL mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql ###Enter your mysql root password
#Provision access for the cacti database and the timezone database to the cacti user mysql --user=root --password mysql ###Enter your mysql root password. ###This will enter you into the mysql console for mysql database. ###NOTE: ‘somepassword’ referenced here is the cacti user password and must be the same as used in cacti configuration in the next section mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'somepassword'; mysql> GRANT SELECT ON mysql.time_zone_name TO cacti@localhost IDENTIFIED BY 'somepassword'; Exit
Configure Cacti files:
Note: ‘somepassword’ referenced here is the cacti database user password specified above.
nano /opt/cacti/include/config.php ### Find these variables and make the following changes $database_type = 'mysql'; $database_default = 'cacti'; $database_hostname = 'localhost'; $database_username = 'cactiuser'; $database_password = somepassword; $database_port = '3306'; $database_ssl = false; $url_path = '';
Set File permissions:
NOTE: After setup is completed, the “Needed for setup” section should be reverted back to your Linux user for security reasons.
#Needed for setup chown -R www-data:www-data /opt/cacti/resource/snmp_queries chown -R www-data:www-data /opt/cacti/resource/script_server chown -R www-data:www-data /opt/cacti/resource/script_queries chown -R www-data:www-data /opt/cacti/scripts #Needed always chown -R www-data:www-data /opt/cacti/rra/ /opt/cacti/log/ chown -R www-data:www-data /opt/cacti/cache/mibcache chown -R www-data:www-data /opt/cacti/cache/realtime chown -R www-data:www-data /opt/cacti/cache/spikekill
touch /etc/apache2/sites-available/cacti.conf nano /etc/apache2/sites-available/cacti.conf ###Enter the following and save cacti.conf <VirtualHost *:80> <Location /> require all granted </Location> ServerAdmin webmaster@localhost DocumentRoot /opt/cacti ErrorLog /opt/logs/httpd_error.log CustomLog /opt/logs/httpd_access.log combined </VirtualHost>
Remove default/existing site from Apache
Enable Cacti site in Apache
nano /etc/mysql/mysql.conf.d/mysqld.cnf ###Add following lines to the bottom of the configuration file: Max_heap_table_size = 380M Tmp_table_size = 64M Join_buffer_size = 64M Innodb_doublewrite = OFF Innodb_buffer_pool_size = 1899M Innodb_flush_log_at_timeout = 3 Innodb_read_io_threads = 32 Innodb_write_io_threads = 16
Configure Poller Crontab
nano /etc/crontab ###Add line at bottom */5 * * * * www-data php /opt/cacti/poller.php > /dev/null 2>&1
service apache2 restart service mysql restart
Initiate web-gui install:
With all of the pre-req’s done, the web-gui install should go pretty easy. The NEXT button is at the bottom left of each page.
Note: Be sure to update the cacti log path to be /opt/logs/cacti.conf
Be sure to check all of the available templates for install.
Default login for the first time is
You will be prompted to change your password upon first login.
Check out this follow up post about adding an HP ProCurve Switch to Cacti.