wiki:librenms

Version 21 (modified by admin, 8 years ago) ( diff )

--

SNMP and LibreNMS

In the first part of this Hands-On you will install and learn some basic SNMP commands. Then you will Install LibreNMS and Configure the Network Management System

SNMP

Installing client (manager) tools

Start by installing the net-snmp tools:

$ sudo apt-get install snmp
$ sudo apt-get install snmp-mibs-downloader

The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.

Now, edit the file /etc/snmp/snmp.conf:

$ sudo vi /etc/snmp/snmp.conf

Change this line:

mibs :

... so that it looks like:

# mibs :

(You are “commenting out” the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)

Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it:

$ cd
$ mkdir .snmp
$ chmod 700 .snmp/
$ vi .snmp/snmp.conf

Put the following contents in the file:

defVersion v2c
defCommunity NetManage

Creating this configuration file means you won't have to enter your snmp community everytime you use one of the SNMP utilities.

Configure SNMP on Your Router (Already done)

Note: If you are using a cisco router this is the way to enable snmp on the device. In this lab this part is already done.

Connect to your router:

rtrN> enable
Password: <>
rtrN# configure terminal			(conf t)

Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do:

rtrN(config)# access-list 60 permit 192.248.6.0 0.0.0.255     (Allow from workshop IP subnet)
rtrN(config)# snmp-server community NetManage ro 60

Now let's exit and save this new configuration to the routers permanent config.

rtrN(config)# exit
rtrN# write memory					(wr mem)
rtrN# exit						(until you return to your pc)

Testing SNMP

To check that your SNMP installation works, run the snmpstatus command on each of the following devices

$ snmpstatus 192.248.1.1

Where 192.248.1.1 is the IP of the LEARN Router

What happens if you try using the wrong community string (i.e. change NetManage to something else) using the options "-c NetWrong”?

SNMP Walk and OIDs

Now, you are going to use the snmpwalk command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above:

.1.3.6.1.2.1.2.2.1.2
.1.3.6.1.2.1.31.1.1.1.18
.1.3.6.1.2.1.25.2.3.1

You will try this with two forms of the snmpwalk command:

$ snmpwalk <ip_address> <oid>

and

$ snmpwalk -On <ip_address> <oid>

... where OID is one of the OIDs listed above: .1.3.6...

...where IP_ADDRESS can be your group's router...

Note: the -On option turns on numerical output, i.e.: no translation of the OID <-> MIB object takes place.

For these OIDs:

a) Do all the devices answer ? b) Do you notice anything important about the OID on the output ?

Configuration of snmpd on your PC

For this exercise your group needs to verify that the snmpd service is running and responding to queries for all machines in your group. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your other group members.

Install the SNMP agent (daemon)

$ sudo apt-get install snmpd
$ sudo apt-get install libsnmp-dev

Configuration

We will make a backup of the distributed config, and then we will create our own:

$ cd /etc/snmp
$ sudo mv snmpd.conf snmpd.conf.dist
$ sudo vi snmpd.conf

Then, copy/paste the following:

#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

# For SNMPv2: Configure Read-Only community and restrict who can connect
rocommunity NetManage  192.248.0.0/16
rocommunity NetManage  127.0.0.1

# Information about this host
sysLocation    LEARN Workshop
sysContact     admin@'your domain'.ws.learn.ac.lk

# Which OSI layers are active in this host
# (Application + End-to-End layers)
sysServices    72

# Include proprietary dskTable MIB (in addition to hrStorageTable)
includeAllDisks  10%

Now save and exit from the editor.

Now we will add the same SNMPv3 user to your PC. We need to stop snmpd before adding the user, and restart it to read the above changes as well as the new user:

$ sudo service snmpd restart

Check that snmpd is working:

$ snmpstatus localhost

What do you observe ?

Test your neighbors

Check now that you can run snmpstatus against your other group members servers:

$ snmpstatus www.'your neighbors domain'.ws.learn.ac.lk

LibreNMS

Installing LibreNMS

These instructions assume you are the root user. If you are not, prepend sudo to the shell commands (the ones that aren't at mysql> prompts) or temporarily invoke root privileges.

Create database

NOTE: These instructions are based on the official LibreNMS installation notes and have been tested on a fresh install of Ubuntu 16.0.

We will assume that the database is running on the same machine as your network management server (this is the most common initial deployment scenario).

First install mysql and configure:

# apt-get update (Already done)
# apt-get install mysql-server mysql-client

You will be asked to enter a password for the MySQL root user. Be absolutely sure that you remember what you choose here. You will use this later.

# mysql -u root -p

Input the MySQL root password (the one you chose in the previous step) to enter the MySQL command-line interface where you will get a mysql> prompt.

Create the database:

CREATE DATABASE librenms;
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost' IDENTIFIED BY '<Your Password>';
FLUSH PRIVILEGES;
exit

Note : Here we are using <your Password> (Make sure your password match with the policies you add in last lab session eg. Linux@2016) as the password for LibreNMS to access MySQL. Please replace <your Password> with, Please do not forget the password as you will need it in the future

Then edit /etc/mysql/mysql.conf.d/mysqld.cnf to avoid mysql to work in strict mode

vi /etc/mysql/mysql.conf.d/mysqld.cnf

Within the [mysqld] section please add:

innodb_file_per_table=1
sql-mode=""

Restart Mysql service

service mysql restart

Install LibreNMS

The NMS is the host is where the web server and SNMP poller run.

Install the required software:

apt-get install libapache2-mod-php7.0 php7.0-cli php7.0-mysql php7.0-gd php7.0-snmp php-pear php7.0-curl snmp graphviz php7.0-mcrypt php7.0-json apache2 fping imagemagick whois mtr-tiny nmap python-mysqldb snmpd php-net-ipv4 php-net-ipv6 rrdtool git

The packages listed above are an all-inclusive list of packages that were necessary on a clean install of Ubuntu 16.0

snmp

You need to configure snmpd appropriately if you have not already done so. We will do a minimal snmp configuration on our server -- please DON'T do this if you've already configured SNMP earlier!

# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
# vi /etc/snmp/snmpd.conf

and, add the following line to the empty file:

rocommunity NetManage 127.0.0.1

And, now restart the snmp service so that the changes become active.

# service snmpd restart

You can verify that snmp now responds to you locally by typing:

# snmpstatus -v2c -c NetManage 127.0.0.1 sysStatus

php

In both /etc/php/7.0/apache2/php.ini and /etc/php/7.0/cli/php.ini, ensure date.timezone is set to your preferred time zone.

See <http://php.net/manual/en/timezones.php> or files under /usr/share/zoneinfo for a list of supported timezones. For this workshop we are all going to use the same timezone.

In the two archives noted above find the line that reads:

;date.timezone =

and change it to:

date.timezone = Asia/Colombo

Save and exit from the files.

Adding the LibreNMS user

We need to create a LibreNMS system user, librenms

# useradd librenms -d /opt/librenms -M -r
# usermod -a -G librenms www-data

Cloning the LibreNMS source code with git

LibreNMS is installed using git. If you're not familiar with git, check out the git book or the tips at git ready. The initial install from github.com is called a git clone; subsequent updates are done through git pull.

The initial clone can take quite a while (nearly 3 minutes on a 10Mbps connection is typical) as the size of the software repository is 220+ MB in size.

Run the following:

# cd /opt
# git clone https://github.com/librenms/librenms.git librenms

At this point, you should have a librenms directory, with the most recent revision checked out.

Web Interface

To prepare the web interface (and adding devices shortly), you'll need to create and change the ownership of a directory as well as create an Apache Virtul Host definition.

First, create and chown the rrd directory and create the logs directory:

# cd /opt/librenms
# mkdir rrd logs
# chown -R librenms:librenms /opt/librenms
# chmod 775 rrd
# chown www-data /opt/librenms

Next, create /etc/apache2/sites-available/librenms.conf:

 # vi /etc/apache2/sites-available/librenms.conf

Add the following lines:

<VirtualHost *:80>
  DocumentRoot /opt/librenms/html/
  ServerName librenms."your domain".ws.learn.ac.lk
  CustomLog /opt/librenms/logs/access_log combined
  ErrorLog /opt/librenms/logs/error_log
  AllowEncodedSlashes NoDecode
  <Directory "/opt/librenms/html/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>

Now enable the Virtual Host, but wait to restart Apache

# a2ensite librenms.conf
# a2enmod rewrite
# service apache2 restart

Web installer

You can choose either a web configuration or manual configuration at the command line. We're going to use the Web installer, which is by far the easiest, but we'll include the manual configuration as a reference at the end of this document.

At this stage you can launch the web installer by going to http://librenms.'yourdomain'.ws.learn.ac.lk/install.php

Follow the onscreen instructions.

  • Stage 0 is a summary of the PHP modules installed, normally you should just click on Next Stage
  • Stage 1 prompts you for the database settings. Enter
  • DB Host: localhost
  • DB User: librenms
  • DB Pass: <your password used for mysql database lireNMS>
  • DB Name: librenms
  • Stage 2 is the DB creating itself - it should finish correctly, and you simply click on Goto Add User at the bottom
  • Stage 3: enter a username, password (do not forget the password) and E-mail address. This will become the login you use to access the web interface.
  • Stage 4 should show you the successful user creation, click on Generate Config
  • Stage 5: the interface should show, at this point:

The config file has been created

You can now click Finish install

  • Stage 6: you are done!

You can now follow the instructions and click where it says click here to login to your new install.

A useful tool is provided with LibreNMS to help verify that the software is installed correctly.

Let's try it out:

# cd /opt/librenms
# ./validate.php

You may see warnings about the software not being up to date, and some more about permissions. You can probably ignore these for now, but it might come in useful later if you experience issues with LibreNMS.

We can now secure the /opt/librenms directory again:

# chown librenms /opt/librenms

Configuring LibreNMS

Setting the SNMP community

First, edit the file /opt/librenms/config.php,

# vi /opt/librenms/config.php

and find the line:

$config['snmp']['community'] = array("public");

And change it to:

$config['snmp']['community'] = array("NetManage");

Tell LibreNMS which subnets it's allowed to scan automatically

By default, LibreNMS will try ask for the list of “neighbors” that network devices "see" on the network. This is done using the Link Layer Discovery Protocol (LLDP) or Cisco's CDP (Cisco Discovery Protocol).

But to be on the safe side, and not scan networks outside your organization, LibreNMS needs to be told which subnets it's allowed to scan for new devices.

Still in the file /opt/librenms/config.php, find the line:

#$config['nets'][] = "10.0.0.0/8";

And replace this with the following to scan our specific subnets in use by our network and the workshop infrastructure.

$config['nets'][] = "192.248.0.0/16";

We need to make one more change...

Tell LibreNMS not to add duplicate devices

A situation can happen where two devices have duplicate SNMP sysName. (that's hostname in IOS) They could be two different devices, so it would be a good idea to have LibreNMS automatically add and monitor them.

But it can also happen that the SAME device is seen multiple times by LibreNMS - once using LLDP/CDP, and another time via OSPF (for example).

In that case, it ends up added twice. For instance, you may suddenly see two devices called rtr2-fa0-0.ws.ac.lk and rtr2, and this is not what we want.

Since "both" devices are in fact the same, their SNMP sysName will be identical, and we can tell LibreNMS to NOT add devices if one already exists with the same sysName - after all, this shouldn't happen in a well configured network!

To avoid this, add the following line at the bottom of the config.php file:

$config['allow_duplicate_sysName'] = false;

... this will prevent LibreNMS from adding the device if it exists already with the same sysName. You will be able to see if there are duplicate devices deteced in the Event Log (Overview -> Event Log).

After you've added the above setting, save the file and exit - we’re nearly done!

Add a host

Let's add localhost (i.e.: YOUR virtual server), using the following commands. Later you'll do this from the Web interface:

# cd /opt/librenms
# php addhost.php localhost NetManage v2c

You should see:

Added device localhost (1)

Notice we explicitly tell LibreNMS which SNMP community to use. We also assume it's SNMP v2c. If you're using v3, there are additional steps which aren't provided here.

Discover and Poll newly added hosts

LibreNMS first “discovers” each host that has been added. This means that it methodically examines each host you added and figures out what it should monitor. The discover.php script does not automatically scan your network to find new devices. To run this script do:

# cd /opt/librenms
# sudo -u librenms php discovery.php -h all

NOTE: This could take some time. If you try to add devices that do not yet have an snmp service configured, then the discovery script takes a while to time out.

Once this has finished you can now "poll" the hosts. This means LibreNMS now knows what it wishes to monitor for each host, but it has yet to populate its database with initial values for each item. To do this we do:

# sudo -u librenms php poller.php -h all

As you can see the poller.php script does quite a bit with just a few devices. When we add it to a cronjob below this helps explain why LibreNMS is a resource intensive tool.

Create cronjob

Create the cronjob which will run periodic tasks required by LibreNMS:

# cd /opt/librenms
# cp librenms.nonroot.cron /etc/cron.d/librenms

Install complete

That's it! You now should be able to log in to http://librenms.'your domain'.ws.learn.ac.lk/ and begin to explore the information being collected for your monitored devices.

PLEASE NOTE: We have not covered HTTPS setup in this example, so your LibreNMS install is not secure by default. Please do not expose it to the public Internet unless you have configured HTTPS and taken appropriate web server hardening steps.

Note: See TracWiki for help on using the wiki.