Cacti – The Networking Monitoring & Security Tool
CACTI – As the official website states “ Cacti is a complete network graphing solution designed to harness the power of RRD TOOL’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices”
In IT industries with 100’s of devices running on the network , CACTI proves to be the best solution for monitoring these devices for resource consumption on all grounds.
CACTI works on all versions of SNMP v 1 , v2c , v3 . To embed more security we have documented the use of SNMP V3 as all the communication in this scenario goes encrypted over the network.
Cacti runs on a LAMP stack in Linux environment.
STEP 1 : Setting up the LAMP Stack in linux
Setting up LAMP stack on Ubuntu
1.1: APACHE – web server
sudo apt-get install apache2
1.2: My sql
sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql
sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt
sudo nano /etc/apache2/mods-enabled/dir.conf
#Append the dir.conf file with these entries.
DirectoryIndex index.php index.html index.cgi index.pl index.php index.xhtml index.htm
1.4: Restart apache web server
service apache2 restart
STEP 2 : Setting up the SNMP linux
SNMP – SIMPLE NETWORK MANAGEMENT PROTOCOL
SNMP allows you get information about various services , resource consumption , load , CPU cycles etc about the devices through snmp protocol . It runs on udp port 161 for the SNMP manager and Agent activities and uses UDP port 162 for TRAPS(alerts).
2.1 Setting up the SNMP agent
Agents are the devices from which we will be polling the data for cacti graphs . Agent response to the requests made by SNMP Manager .
2.1.1 Setting up snmp agent in linux (SNMP V3 configuration)
sudo apt-get install snmpd
sudo nano /etc/snmp/snmpd.conf
comment out agentAddress udp:127.0.0.1:161
and uncomment out agentAddress udp:161,udp6:[::1]:161
Add the line
view all included .1 80
Setup the communtiy name in the following line
rocommunity <your communtiy name > default
We are using bots as our community name :
rocommunity bots default
You can skip setting up community name if you want as the communtiy name is basically used in v2 c (community SNMP v2)
Add these lines for SNMP V3 username according to theirs rights
createUser lvl002 MD5 yourpassword
createUser lvl003 MD5 yourpassword DES yourkey
rouser lvl001 noauth 188.8.131.52.2.1.1
rouser lvl002 auth 184.108.40.206.2.1
rwuser lvl003 priv 220.127.116.11.2.1
Finally save the file and close it. You are done With the configuration .
2.1.2 Verifying SNMP V3 in linux
TO VERIFY ON SNMP Manager side
-> snmpwalk -v 3 -u lvl001 -l NoauthNoPriv host_address
-> snmpwalk -v 3 -u lvl002 -l NoauthNoPriv host_address
Error in packet
Reason: authorizationError (access denied to that object)
-> snmpwalk -v 3 -u lvl002 -l authNoPriv -a MD5 -A cactiwebinterfaceissecured host_address
-> snmpwalk -v 3 -u lvl003 -l authPriv -a MD5 -A cactiwebinterfaceissecured -x DES -X cactiwebinterfaceissupersecure host_address
2.1.3 SNIFING SNMP PACKETS WITH WIRESHARK
WIRESHARK Display Filters complete list of SNMP display filter fields can be found in the display filter reference.
Show only the SNMP based traffic:
you cannot directly filter SNMP protocols while capturing.
However, if you know the UDP ports used (see above), you can filter on that ones.
Capture SNMP traffic over the default ports (161 and 162):
udp port 161 or udp port 162