Cacti Plugin Flowview 1.1 安裝 SOP

Cacti Plugin Flowview 1.1 安裝 SOP


使用環境 CentOS 6.X X64 + Cacti 0.8.8c

前置作業 安裝 flow-tools 套件;

參考 URL

http://pkgs.org/centos-6/epel-x86_64/flow-tools-0.68.5.1-1.el6.x86_64.rpm.html

Download

Download flow-tools-0.68.5.1-1.el6.x86_64.rpm for CentOS 6 from the EPEL repository.

Install Howto
Download the latest epel-release rpm from
http://dl.fedoraproject.org/pub/epel/6/x86_64/

Install epel-release rpm:
# rpm -Uvh epel-release*rpm

Install flow-tools rpm package:
# yum install flow-tools


Download  flowview ( flowview-v1.1-1.tgz )

http://docs.cacti.net/plugin:flowview


解壓縮檔及放置到 cacti plunins

#tar -zvcf flowview-v1.1-1.tgz

#mv flowview /var/www/html/cacti/plugins

[root@aaa plugins]# pwd
/var/www/html/cacti/plugins

[root@aaa plugins]# ll
total 32
drwxr-xr-x 3 cactiuser apache 4096 Sep 25  2011 clog
drwxr-xr-x 7 cactiuser apache 4096 Oct 26 17:12 flowview
-rw-r--r-- 1 cactiuser apache   44 Nov 24  2014 index.php
drwxr-xr-x 4 cactiuser apache 4096 Oct  6  2011 monitor
drwxrwxr-x 6 cactiuser apache 4096 Aug 29  2011 nectar
drwxr-xr-x 3 cactiuser apache 4096 Oct 26 16:26 settings
drwxr-xr-x 5 cactiuser apache 4096 Jan 12  2015 thold
drwxr-xr-x 9 cactiuser apache 4096 Jan 12  2015 weathermap
[root@aaa plugins]#

建立 flow 的 raw data 存放目錄

#mdkir -p /var/netflow/flows/completed
#chmod 777 -R /var/netflow/flows/completed


進入 cacti web UI 設定 啟用 Flowview
Console -> configuration -> plugin management->  Flowview  install & enable

設定 Flow Viewer 基本資訊
Console -> configuration -> settings --> Misc --> Flow Viewer

重點在這裡是要確定設定無誤,並按下右下角的 SAVE 按鍵..

設定 plugins Flows Listeners 資訊

plugin-> flows -> listeners-> add .....

重點在這裡是要確定設定無誤,並按下右下角的 SAVE 按鍵..


最好是確認一下 cacti DB 內有上述設定.

#mysql

mysql> use cacti;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT value FROM `settings` WHERE name = 'path_flows_dir';
+------------------------------+
| value                        |
+------------------------------+
| /var/netflow/flows/completed |
+------------------------------+
1 row in set (0.00 sec)

mysql> SELECT * FROM plugin_flowview_devices;
+----+------+--------+-----------+------+---------+---------+----------+--------+-------------+
| id | name | folder | allowfrom | port | nesting | version | rotation | expire | compression |
+----+------+--------+-----------+------+---------+---------+----------+--------+-------------+
|  1 | Vyos | C7609  | 0         | 2205 | 3       | 5       |     1439 |      2 |           0 |
+----+------+--------+-----------+------+---------+---------+----------+--------+-------------+
1 row in set (0.00 sec)

mysql>



取代系統預設的  flow-capture

#備份 原始檔案

#mv /etc/init.d/flow-capture  /etc/init.d/flow-capture.bk

#取代  flow-capture

[root@aaa flowview]# pwd
/var/www/html/cacti/plugins/flowview
[root@aaa flowview]# cp flow-capture /etc/init.d/flow-capture



[root@aaa init.d]# pwd
/etc/init.d
[root@aaa init.d]# vi flow-capture
#!/usr/bin/php
<?php
/*
# description: Start Flow-Capture
# chkconfig: 2345 95 00
*/

#以下這行設定務必正確,要不然 Flow-Capture 將無法正常被執行

$cacti_base = '/var/www/html/cacti';



執行 flow-capture
#cd /etc/init.d/

[root@aaa init.d]# ./flow-capture start
NOTE: Starting Flow Tools
NOTE: Launching flow-capture as '/usr/bin/flow-capture -w /var/netflow/flows/completed/C7609 0/0/2205 -S5 -V5 -z 0 -n 1439 -e 2880 -N 3'
[root@aaa init.d]#



[root@aaa flowview]# netstat -antup | grep flow
udp        0      0 0.0.0.0:2205                0.0.0.0:*                               2494/flow-capture
[root@aaa flowview]#



如果出現以下錯誤訊息請務必再次檢查 cacti web ui 上的所有設定是否正確.
使用上述 DB 語法 即可


[root@aaa init.d]# ./flow-capture start
NOTE: Starting Flow Tools
WARNING: No flows configured

flow-capture raw data 驗證方式


[root@aaa 2015-10-27]# pwd
/var/netflow/flows/completed/C7609/2015/2015-10/2015-10-27
[root@aaa 2015-10-27]#

[root@aaa 2015-10-27]# ll
total 88
-rw-r--r-- 1 root root   92 Oct 27 09:44 ft-v05.2015-10-27.094338+0800
-rw-r--r-- 1 root root   92 Oct 27 09:45 ft-v05.2015-10-27.094401+0800
-rw-r--r-- 1 root root   92 Oct 27 09:46 ft-v05.2015-10-27.094501+0800
-rw-r--r-- 1 root root   92 Oct 27 09:47 ft-v05.2015-10-27.094601+0800
-rw-r--r-- 1 root root   92 Oct 27 09:48 ft-v05.2015-10-27.094701+0800
-rw-r--r-- 1 root root   92 Oct 27 09:49 ft-v05.2015-10-27.094801+0800
-rw-r--r-- 1 root root   92 Oct 27 09:50 ft-v05.2015-10-27.094901+0800
-rw-r--r-- 1 root root   92 Oct 27 09:51 ft-v05.2015-10-27.095001+0800
-rw-r--r-- 1 root root   92 Oct 27 09:52 ft-v05.2015-10-27.095101+0800
-rw-r--r-- 1 root root   92 Oct 27 09:53 ft-v05.2015-10-27.095201+0800
-rw-r--r-- 1 root root   92 Oct 27 09:54 ft-v05.2015-10-27.095301+0800
-rw-r--r-- 1 root root   92 Oct 27 09:55 ft-v05.2015-10-27.095401+0800
-rw-r--r-- 1 root root   92 Oct 27 09:56 ft-v05.2015-10-27.095501+0800
-rw-r--r-- 1 root root   92 Oct 27 09:57 ft-v05.2015-10-27.095601+0800
-rw-r--r-- 1 root root   92 Oct 27 09:58 ft-v05.2015-10-27.095747+0800
-rw-r--r-- 1 root root   92 Oct 27 09:59 ft-v05.2015-10-27.095801+0800
-rw-r--r-- 1 root root   92 Oct 27 10:00 ft-v05.2015-10-27.095901+0800
-rw-r--r-- 1 root root   92 Oct 27 10:01 ft-v05.2015-10-27.100001+0800
-rw-r--r-- 1 root root   92 Oct 27 10:02 ft-v05.2015-10-27.100101+0800
-rw-r--r-- 1 root root 1244 Oct 27 10:03 ft-v05.2015-10-27.100201+0800
-rw-r--r-- 1 root root   92 Oct 27 09:57 tmp-v05.2015-10-27.095701+0800
-rw-r--r-- 1 root root   92 Oct 27 10:03 tmp-v05.2015-10-27.100301+0800
[root@aaa 2015-10-27]#


[root@aaa 2015-10-27]# cat  ft-v05.2015-10-27.100201+0800  |  flow-stat -f10
#  --- ---- ---- Report Information --- --- ---
#
# Fields:    Total
# Symbols:   Disabled
# Sorting:   None
# Name:      Source/Destination IP
#
# Args:      flow-stat -f10
#
#
# src IPaddr     dst IPaddr       flows                 octets                packets
#
192.168.1.17     192.168.1.255    1                     78                    1                
192.168.111.7    192.168.111.255  1                     78                    1                
0.0.0.0          255.255.255.255  1                     576                   1                
192.168.222.138  192.168.222.255  1                     78                    1                
192.168.111.46   192.168.111.255  1                     156                   2                
192.168.111.32   192.168.111.255  1                     78                    1                
192.168.1.208    192.168.1.255    1                     206                   1                
192.168.111.138  192.168.111.255  1                     78                    1                
192.168.111.173  192.168.111.255  1                     78                    1                
192.168.111.32   255.255.255.255  1                     328                   1                
169.254.104.223  169.254.255.255  1                     78                    1                
192.168.111.200  192.168.111.255  1                     78                    1                
192.168.1.142    192.168.1.255    1                     78                    1                
192.168.1.152    192.168.1.255    1                     156                   2                
192.168.1.59     192.168.1.255    1                     234                   3                
192.168.111.136  192.168.111.255  1                     78                    1                
192.168.1.149    192.168.1.255    1                     312                   4                
192.168.1.180    192.168.1.255    1                     78                    1                
[root@aaa 2015-10-27]#


以下方式是用來解決 DB 重啟後 plugin_flowview_devices 記錄不存在的問題.

#mysql

mysql> use cacti;
mysql> ALTER TABLE  plugin_flowview_devices ENGINE=MyISAM;


====================


# vyos netflow configuration setting  ( vyatta )


set system flow-accounting netflow version 5
set system flow-accounting netflow server 192.168.111.xxx port 2205
set system flow-accounting interface eth0
set system flow-accounting netflow timeout expiry-interval 60
set system flow-accounting netflow sampling-rate 500
set system flow-accounting netflow engine-id  0
set system flow-accounting netflow timeout max-active-life 604800
set system flow-accounting netflow timeout flow-generic 3600
set system flow-accounting netflow timeout tcp-fin 300
set system flow-accounting netflow timeout tcp-generic 3600
set system flow-accounting netflow timeout tcp-rst 120
set system flow-accounting netflow timeout icmp 300
set system flow-accounting netflow timeout udp 300

DEMO

內部 Push Mail 的需求

緣起~

內部 Push Mail 的需求.

在現實機房內,可能有些設備,基本上支援簡單的 Mail Alert,如 NetApp / Fortigate ....
所以我們可以透過 Push Mail 的方式,將 Mail Alert 轉發至 手機的 SMS.

如下的參考資訊與方式:

http://www.bulksms.com/features/send-sms-messages-from-your-email.htm

http://developer.bulksms.com/eapi/code-samples/

http://developer.bulksms.com/eapi/code-samples/perl/send_sms/

send_sms.pl

#!/usr/bin/perl -w
use strict;
use HTTP::Request::Common;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new(timeout => 30);

# Please see the FAQ regarding HTTPS (port 443) and HTTP (port 80/5567)

my $res = $ua->request(POST '?EAPI URL?/submission/send_sms/2/2.0',
Header => 'Content-Type: application/x-www-form-urlencoded',
Content => [
username => 'myusername',
password => 'xxxxxxxxxx',
msisdn => '44123123123',
message => 'Test from Perl',
],
);

if ($res->is_error) {
  die "HTTP request error, with error code ".$res->code.
  ", and body:\n\n".$res->error_as_HTML;
}

my ($result_code, $result_string, $batch_id) = split(/\|/, $res->content);

if ($result_code eq '0') {
  print "Message sent: batch $batch_id";
}
else {
  print "Error sending: $result_code: $result_string";
}
print "\n";

上面這個 Mail 2 SMS GateWay 的方式是由專門的公司才提供的服務.

如要 DIY Push Mail 的方法,可參考如下,以 Perl 為例:


http://cpansearch.perl.org/src/LENGEL/Net-SMS-2Way-0.08-FIXED/contrib/email2sms.pl

# Author: Lee Engel, <lee@kode.co.za>
# Copyright (C) 2009 by Lee S. Engel
# A very simple email-to-sms gateway.

# INSTALLATION INSTRUCTIONS:
# Create a user which will handle all the email-to-sms stuff. Example: adduser -m -d /home/sms sms
# Install Net::SMS::2Way and create a config file for it at /home/sms/sms.cfg
# Install the MailTool Perl module. (See http://search.cpan.org/~markov/MailTools-2.04/)  Try this: perl -MCPAN -e " install( 'MailTool' ); "
# Create a .forward file in the sms user's home directory:  echo '|/home/sms/email2sms.pl' > /home/sms/.forward
# Change your alias_maps config option in /etc/postfix/main.cf  to look like this: alias_maps = hash:/etc/aliases pcre:/etc/aliases-regexp
# Create /etc/aliases-regexp with a line which looks likes this: /^\d+$/ sms
# Copy this script to /home/sms/email2sms.pl and make it executable by all.


經由上述說明得知可以透過 mail .forward 的機制達到這個功能,
由於 Net::SMS::2Way 內定是使用  BulkSMS API

http://bulksms.2way.co.za/docs/eapi/submission/send_sms/

並不太適用於個人實際運用,故想自創一個 Email to SMS Gateway ( Push Mail Server) 的想法,

抄改上述程式範例修改如下;

[root@aaa zabbix]# cat .forward
|/home/zabbix/sms/email2sms.pl

[root@aaa zabbix]# cat /home/zabbix/sms/email2sms.pl
#!/usr/bin/perl
use Mail::Header;
use Mail::Internet;
use Mail::Send;

$mail = Mail::Internet->new(\*STDIN);
$mail_headers = $mail->head();

$mail_body = $mail->body();
$mail->tidy_body( $mail_body );

$body_text = join( "\n",  @$mail_body );
chomp( $body_text );

if( length( $body_text ) > 160 )
{
$body_text = substr( $body_text, 0, (160 - length($body_text)) );
}

$headers = $mail_headers->header_hashref();
$sender_address = $headers->{From}->[0];
$sender_address =~ s/^(\S+)\s+.*/$1/;
chomp( $sender_address);

@to_headers = qw( To X-Original-To Delivered-To );

foreach $to_header ( @to_headers )
{
open(write_log,">>/home/zabbix/mail2sms.txt");
print write_log "$sender_address $body_text\n";
close(write_log);
         #在這裡就可以寫自己的企業簡訊 API介接的地方
last;
}
[root@aaa zabbix]#


這樣會發成當有人寄 Mail 給 zabbix 時,會觸發上面的 .forward
==> 接者在 Run 這個 shell
接者將  $body_text 轉導成 SMS 的 API 內文即可,這樣就完成
 Push Mail 的簡單任務了.