<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>How to Graph Your Network</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Cacti Manual"
HREF="index.html"><LINK
REL="UP"
TITLE="Basics"
HREF="basics.html"><LINK
REL="PREVIOUS"
TITLE="Graph Overview"
HREF="graph_overview.html"><LINK
REL="NEXT"
TITLE="Creating the Graphs"
HREF="new_graphs.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="manual.css"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Cacti Manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="graph_overview.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="new_graphs.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="GRAPH_HOWTO"
></A
>Chapter 7. How to Graph Your Network</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
><A
HREF="graph_howto.html#NEW_DEVICE"
>Creating a Device</A
></DT
><DT
><A
HREF="new_graphs.html"
>Creating the Graphs</A
></DT
></DL
></DIV
><P
> At this point, you probably realize that graphing is Cacti's greatest strength. Cacti has many powerful
features that provide complex graphing and data acquisition, some which have a slight learning curve.
Do not let that stop you however, because graphing your network is incredibly simple.
</P
><P
> The next two sections will outline the two basic steps which are typically required to create graphs for
most devices.
</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="NEW_DEVICE"
>Creating a Device</A
></H1
><P
> The first step to creating graphs for your network is adding a device for each network device that
you want to create graphs for. A device specifies important details such as the network
hostname, SNMP parameters, and host type.
</P
><P
> To manage devices within Cacti, click on the <SPAN
CLASS="GUILABEL"
>Devices</SPAN
> menu item.
Clicking <SPAN
CLASS="GUILABEL"
>Add</SPAN
> will bring up a new device form. The first two fields,
<SPAN
CLASS="GUILABEL"
>Description</SPAN
> and <SPAN
CLASS="GUILABEL"
>Hostname</SPAN
> are the only two fields that
require your input beyond the defaults. If your host type is defined under the host template
dropdown, be sure to select it here. You can always choose "Generic SNMP-enabled Host" if you are
just graphing traffic or "None" if you are unsure. It is important to remember that the host
template you choose will not lock you into any particular configuration, it will just provide
more intelligent defaults for that type of host.
</P
><DIV
CLASS="FIGURE"
><A
NAME="IMG_DEVICE_NEW"
></A
><P
><B
>Figure 7-1. Adding a New Device</B
></P
><DIV
CLASS="MEDIAOBJECT"
><P
><IMG
SRC="images/new_device.png"></P
></DIV
></DIV
><P
> The field definitions are as follows
</P
><DIV
CLASS="TABLE"
><A
NAME="AEN738"
></A
><P
><B
>Table 7-1. Device Field Definitions</B
></P
><TABLE
BORDER="1"
FRAME="border"
RULES="all"
CLASS="CALSTABLE"
><COL
WIDTH="1*"><COL
WIDTH="3*"><THEAD
><TR
><TH
ALIGN="CENTER"
>Field</TH
><TH
ALIGN="CENTER"
>Description</TH
></TR
></THEAD
><TBODY
><TR
><TD
>Description</TD
><TD
>This description will show up in the first column of the device list.
You may refer to it e.g. in graph titles</TD
></TR
><TR
><TD
>Hostname</TD
><TD
>Either an IP address or a hostname.
The hostname will be resolved using the standard host resolving mechanisms,
e.g. Dynamic Name Services (DNS)</TD
></TR
><TR
><TD
>Host Template</TD
><TD
>A Host Template is a container for a list of graph templates
that will be related to this host.</TD
></TR
><TR
><TD
>Notes</TD
><TD
>New with cacti 0.8.7.
Add notes to a host to add arbitrary text.</TD
></TR
><TR
><TD
>Disable Host</TD
><TD
>Exclude this host from being polled.
This is of particular value, if a device is no longer available,
but should be kept e.g. as a reference.</TD
></TR
><TR
><TD
><B
CLASS="EMPHASIS"
>Availability/Reachability Options</B
></TD
><TD
> </TD
></TR
><TR
><TD
>Downed Device Detection</TD
><TD
><P
>NONE: Deactivate downed host detection
</P
><P
>PING and SNMP: perform both tests
</P
><P
>SNMP: verify SNMP check on OID .1 and .1.3
</P
><P
>ICMP: perform a ping test, see below
</P
></TD
></TR
><TR
><TD
>Ping Method</TD
><TD
><P
>Available only for "PING and SNMP" or "PING"
</P
><P
>ICMP: perform ICMP tests. Requires permissions
</P
><P
>UDP: perform a UDP test
</P
><P
>TCP: perform a TCP test</P
></TD
></TR
><TR
><TD
>Ping Port</TD
><TD
><P
>Available only for UDP/TCP PING test types.
</P
><P
>Please define the port to be tested here.
Make sure, that no firewall intercepts the tests</P
></TD
></TR
><TR
><TD
>Ping Timeout Value</TD
><TD
>After this time, the test fails. Measured
in units of milliseconds</TD
></TR
><TR
><TD
>Ping Retry Count</TD
><TD
>The number of times Cacti will attempt to ping a host before failing.</TD
></TR
><TR
><TD
><B
CLASS="EMPHASIS"
>SNMP Options</B
></TD
><TD
> </TD
></TR
><TR
><TD
>SNMP Version</TD
><TD
><P
>Version 1: Use SNMP Version 1.
Be aware, that 64bit counters are not supported in this SNMP version
</P
><P
>Version 2: Referred to as SNMP V2c in most SNMP documentations
</P
><P
>Version 3: SNMP V3, supporting authentication and encryption</P
></TD
></TR
><TR
><TD
>SNMP Community</TD
><TD
>SNMP read community for this device.</TD
></TR
><TR
><TD
>SNMP Port</TD
><TD
>Enter the UDP port number to use for SNMP (default is 161).</TD
></TR
><TR
><TD
>SNMP Timeout</TD
><TD
>The maximum number of milliseconds Cacti will wait for an SNMP response
(does not work with php-snmp support).</TD
></TR
><TR
><TD
>Maximum OID's Per Get Request</TD
><TD
><P
>This is a performance feature. Specifies the number of
OID's that can be obtained in a single SNMP Get request.
</P
><P
>NOTE: This feature only works when using <SPAN
CLASS="APPLICATION"
>Spine</SPAN
>
</P
><P
>NOTE: Some devices do not support values > 1</P
></TD
></TR
><TR
><TD
><B
CLASS="EMPHASIS"
>Security Options for SNMP V3</B
></TD
><TD
> </TD
></TR
><TR
><TD
>SNMP Username</TD
><TD
>The <KBD
CLASS="USERINPUT"
>username</KBD
> of an SNMP V3 <KBD
CLASS="USERINPUT"
>createUser</KBD
> statement
or equivalent</TD
></TR
><TR
><TD
>SNMP Password</TD
><TD
>The <KBD
CLASS="USERINPUT"
>authpassphrase</KBD
> of an SNMP V3 <KBD
CLASS="USERINPUT"
>createUser</KBD
> statement
or equivalent</TD
></TR
><TR
><TD
>SNMP Auth Protocol</TD
><TD
>The <KBD
CLASS="USERINPUT"
>authentication type</KBD
> of an SNMP V3 <KBD
CLASS="USERINPUT"
>createUser</KBD
> statement
or equivalent. Select either MD5 or SHA. This entry defaults to MD5.</TD
></TR
><TR
><TD
>SNMP Privacy Passphrase</TD
><TD
>The <KBD
CLASS="USERINPUT"
>privacy passphrase</KBD
> of an SNMP V3 <KBD
CLASS="USERINPUT"
>createUser</KBD
> statement
or equivalent.</TD
></TR
><TR
><TD
>SNMP Privacy Protocol</TD
><TD
>The <KBD
CLASS="USERINPUT"
>privacy protocol</KBD
> of an SNMP V3 <KBD
CLASS="USERINPUT"
>createUser</KBD
> statement
or equivalent. Select either DES or AES. This entry defaults to DES.</TD
></TR
><TR
><TD
>SNMP Context</TD
><TD
>When using the View-Based Access Control Model (VACM), it is possible to specify
an SNMP Context when mapping a community name to a security name with a
<KBD
CLASS="USERINPUT"
>com2sec</KBD
> directive, with the <KBD
CLASS="USERINPUT"
>group</KBD
>
directive and the <KBD
CLASS="USERINPUT"
>access</KBD
> directive. This allows
for defining special access models. If using such a parameter with your
target's SNMP configuration, specify the context name to be used to access
that target here.</TD
></TR
></TBODY
></TABLE
></DIV
><P
> After saving your new device, you should be redirected back to the same edit form with some
additional information. If you configured SNMP for this host by providing a valid community string,
you should see various statistics listed at the top of the page. If you see "SNMP error" instead,
this indicates an SNMP problem between Cacti and your device.
</P
><P
> Towards the bottom of the page there will be two addition boxes, <SPAN
CLASS="GUILABEL"
>Associated Data
Queries</SPAN
>, and <SPAN
CLASS="GUILABEL"
>Associated Graph Templates</SPAN
>. If you selected a host
template on the previous page, there will probably be a few items in each box. If there is nothing
listed in either box, you will need to associate at least one data query or graph template with
your new device or you will not be able to create graphs in the next step. If no available
graph template or data query applies to your device, you can check the Cacti templates repository
or create your own if nothing currently exists.
</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="SNMP_INFO"
>A Word About SNMP</A
></H2
><P
> The SNMP version that you choose can have a great effect on how SNMP works for you in
Cacti. Version 1 should be used for everything unless you have reason to choose otherwise.
If you plan on utilizing (and your device supports) high-speed (64-bit) counters, you must
select version 2. Starting with Cacti 0.8.7, version 3 is fully implemented.
</P
><P
> The way in which Cacti retrieves SNMP information from a host has an effect on which
SNMP-related options are supported. Currently there are three types of SNMP retrieval
methods in Cacti and are outlined below.
</P
><DIV
CLASS="TABLE"
><A
NAME="AEN861"
></A
><P
><B
>Table 7-2. SNMP Retrieval Types</B
></P
><TABLE
BORDER="1"
FRAME="border"
RULES="all"
CLASS="CALSTABLE"
><COL
WIDTH="1*"><COL
WIDTH="1*"><COL
WIDTH="1*"><COL
WIDTH="1*"><THEAD
><TR
><TH
ALIGN="CENTER"
>Type</TH
><TH
ALIGN="CENTER"
>Description</TH
><TH
ALIGN="CENTER"
>Supported Options</TH
><TH
ALIGN="CENTER"
>Places Used</TH
></TR
></THEAD
><TBODY
><TR
><TD
>External SNMP</TD
><TD
>Calls the net-snmp snmpwalk and snmpget binaries that are installed on your system.</TD
><TD
>All SNMP options</TD
><TD
>Web interface and PHP poller (poller.php)</TD
></TR
><TR
><TD
>Internal SNMP (php-snmp)</TD
><TD
>Uses PHP's SNMP functions which are linked against net-snmp or ucd-snmp at compile time.</TD
><TD
>Version 1 Only (Community and Port)</TD
><TD
>Web interface and PHP poller (poller.php)</TD
></TR
><TR
><TD
><SPAN
CLASS="APPLICATION"
>Spine</SPAN
> SNMP</TD
><TD
>Links directly against net-snmp or ucd-snmp and calls the API directly.</TD
><TD
>All SNMP options</TD
><TD
>C-Based Poller (<SPAN
CLASS="APPLICATION"
>Spine</SPAN
>)</TD
></TR
></TBODY
></TABLE
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="SNMP_V3"
>SNMP V3 Options Explained</A
></H2
><P
>SNMP supports authentication and encryption features
when using SNMP protocol version 3 known as
<B
CLASS="EMPHASIS"
>View-Based Access Control Model (VACM)</B
>.
This requires, that the
target device in question supports and is configured for
SNMP V3 use. In general, configuration of V3 options is
target type dependant. The following is cited from
<KBD
CLASS="USERINPUT"
>man snmpd.conf</KBD
> concerning user definitions</P
><P
><PRE
CLASS="SCREEN"
>[<SPAN
CLASS="CITATION"
> <B
CLASS="EMPHASIS"
>SNMPv3 Users</B
>
createUser [-e ENGINEID] username (MD5|SHA) authpassphrase [DES|AES] [privpassphrase]
MD5 and SHA are the authentication types to use. DES and AES are the privacy
protocols to use. If the privacy passphrase is not specified, it is assumed
to be the same as the authentication passphrase. Note that the users created will
be useless unless they are also added to the VACM access control tables
described above.
SHA authentication and DES/AES privacy require OpenSSL to be installed and the
agent to be built with OpenSSL support. MD5 authentication may be used without
OpenSSL.
Warning: the minimum pass phrase length is 8 characters.</SPAN
>]</PRE
></P
><P
>VACM directives are explained from
<KBD
CLASS="USERINPUT"
>man snmpd.conf</KBD
> as follows</P
><P
><PRE
CLASS="SCREEN"
>[<SPAN
CLASS="CITATION"
> <B
CLASS="EMPHASIS"
>VACM Configuration</B
>
The full flexibility of the VACM is available using four configuration directives -
com2sec, group, view and access. These provide direct configuration of the underlying
VACM tables.
com2sec [-Cn CONTEXT] SECNAME SOURCE COMMUNITY
map an SNMPv1 or SNMPv2c community string to a security name - either from a
particular range of source addresses, or globally ("default"). A restricted
source can either be a specific hostname (or address), or a subnet -
represented as IP/MASK (e.g. 10.10.10.0/255.255.255.0), or IP/BITS
(e.g. 10.10.10.0/24), or the IPv6 equivalents.
The same community string can be specified in several separate directives
(presumably with different source tokens), and the first source/community
combination that matches the incoming request will be selected. Various
source/community combinations can also map to the same security name.
If a CONTEXT is specified (using -Cn), the community string will be mapped
to a security name in the named SNMPv3 context. Otherwise the default
context ("") will be used.
group GROUP {v1|v2c|usm} SECNAME
maps a security name (in the specified security model) into a named group.
Several group directives can specify the same group name, allowing a single
access setting to apply to several users and/or community strings.
Note that groups must be set up for the two community-based models separately -
a single com2sec (or equivalent) directive will typically be accompanied by two
group directives.
view VNAME TYPE OID [MASK]
defines a named "view" - a subset of the overall OID tree. This is most commonly
a single subtree, but several view directives can be given with the same view
name, to build up a more complex collection of OIDs. TYPE is either included
or excluded, which can again define a more complex view (e.g by excluding certain
sensitive objects from an otherwise accessible subtree).
MASK is a list of hex octets (separated by <SPAN
CLASS="QUOTE"
>"."</SPAN
> or <SPAN
CLASS="QUOTE"
>":"</SPAN
>)
with the set bits indicating which subidentifiers in the view OID to match against.
This can be used to define a view covering a particular row (or rows) in a table.
If not specified, this defaults to matching the OID exactly (all bits set), thus
defining a simple OID subtree.
access GROUP CONTEXT {any|v1|v2c|usm} LEVEL PREFX READ WRITE NOTIFY
maps from a group of users/communities (with a particular security model
and minimum security level, and in a specific context) to one of three views,
depending on the request being processed.
LEVEL is one of noauth, auth, or priv. PREFX specifies how CONTEXT should be
matched against the context of the incoming request, either exact or prefix.
READ, WRITE and NOTIFY specifies the view to be used for GET*, SET and
TRAP/INFORM requests (althought the NOTIFY view is not currently used). For
v1 or v2c access, LEVEL will need to be noauth.</SPAN
>]</PRE
></P
><P
>As an example, following definitions in the snmpd configuration
create a set of definitions for use with SNMP V3</P
><PRE
CLASS="SCREEN"
># sample configuration for SNMP V3
# create an SNMP V3 user with an authpassphrase and a privacy passphrase
## username authProto authpassphrase privProto privpassphrase
## -------- --------- -------------- --------- --------------
createUser gandalf MD5 myauthpass DES myprivpass
# Second, map the security name into a group name:
## groupName securityModel securityName
## --------- ------------- ------------
group groupv3 usm gandalf
# Third, create a view for us to let the group have rights to:
## incl/excl subtree mask
## --------- ------- ----
view all included .iso 80
# Fourth, create the access for that group without context
## context sec.model sec.level prefix read write notif
## ------- --------- --------- ------ ---- ----- -----
access groupv3 "" any auth exact all all all</PRE
><P
>When adding this stuff to your snmp configuration, please
remember to restart the agent. Verify this setting using</P
><PRE
CLASS="SCREEN"
><SAMP
CLASS="PROMPT"
>shell></SAMP
>snmpwalk -v 3 -a MD5 -A myauthpass -x DES \
-X myprivpass -u gandalf -l authpriv localhost interface
IF-MIB::ifNumber.0 = INTEGER: 3
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: irda0
IF-MIB::ifDescr.3 = STRING: eth0
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.2 = INTEGER: other(1)
IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6)
...</PRE
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="graph_overview.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="new_graphs.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Graph Overview</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="basics.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Creating the Graphs</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
