= LibreNMS = Shutdown the !NetMon VM by following command as root {{{ shutdown -now }}} start the libreNMS VM as you will install LibreNMS in a seperate VM as recomended. == Installation == NOTE: These instructions assume you are the root user. If you are not, prepend sudo to the shell commands === Installing LibreNMS === First install required packages. {{{ apt-get install apache2 composer fping git graphviz imagemagick libapache2-mod-php7.0 mariadb-client mariadb-server mtr-tiny nmap php7.0-cli php7.0-curl php7.0-gd php7.0-json php7.0-mcrypt php7.0-mysql php7.0-snmp php7.0-xml php7.0-zip python-memcache python-mysqldb rrdtool snmp snmpd whois }}} give as databse root password. Add librenms user and user's home directory {{{ useradd librenms -d /opt/librenms -M -r usermod -a -G librenms www-data }}} Install LibreNMS {{{ cd /opt git clone https://github.com/librenms/librenms.git librenms }}} === Database Configuration === Configure MySQL {{{ systemctl restart mysql mysql -uroot -p }}} Create '''librenms''' database and '''librenms''' database user. grant all privileges to the created user. {{{ CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; CREATE USER 'librenms'@'localhost' IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; FLUSH PRIVILEGES; }}} exit mysql {{{ exit }}} We need to change some mysql server settings. To do that edit '''50-server.cnf''' file {{{ vi /etc/mysql/mariadb.conf.d/50-server.cnf }}} Add the following llines within the '''[mysqld]''' section {{{ innodb_file_per_table=1 sql-mode="" lower_case_table_names=0 }}} Restart the mysql server {{{ systemctl restart mysql }}} === Web server Configuration === ==== Configure PHP ==== To set the correct time zone edit '''php.ini''' {{{ vi /etc/php/7.0/apache2/php.ini }}} Find the line ''';date.timezone''' and change the line as follows {{{ date.timezone = Asia/Colombo }}} Do the same to the '''vi /etc/php/7.0/cli/php.ini''' Enable php modules in apache {{{ a2enmod php7.0 a2dismod mpm_event a2enmod mpm_prefork phpenmod mcrypt }}} ==== Configure Apache ==== Create '''librenms.conf''' to enable the site {{{ vi /etc/apache2/sites-available/librenms.conf }}} Add the following lines: {{{ DocumentRoot /opt/librenms/html/ CustomLog /opt/librenms/logs/access_log combined ErrorLog /opt/librenms/logs/error_log AllowEncodedSlashes NoDecode Require all granted AllowOverride All Options FollowSymLinks MultiViews }}} Enable the librenms site and restart apache server {{{ a2ensite librenms.conf a2enmod rewrite disenmod 000-default.conf systemctl restart apache2 }}} === Configure snmpd === Create the snmpd configuration file {{{ cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf vi /etc/snmp/snmpd.conf }}} Edit the text which says '''RANDOMSTRINGGOESHERE''' and set your own community string. Install the libreNMS agent and restart snmpd {{{ curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro chmod +x /usr/bin/distro systemctl restart snmpd }}} === Cron job === {{{ cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms }}} Copy logrotate config LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. To rotate out the old logs you can use the provided logrotate config file: {{{ cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms }}} === Set permissions === {{{ chown -R librenms:librenms /opt/librenms setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs }}} === Web Installer === You can choose either a web configuration or manual configuration at the command line. We're going to use the Web installer, which is by far the easiest, but we'll include the manual configuration as a reference at the end of this document. At this stage you can launch the web installer by going to '''http:///install.php''' Follow the onscreen instructions. Stage 0 is a summary of the PHP modules installed, normally you should just click on ''Next Stage'' Stage 1 prompts you for the database settings. Enter - DB Host: '''localhost''' - DB User: '''librenms''' - DB Pass: - DB Name: '''librenms''' Stage 2 is the DB creating itself - it should finish correctly, and you simply click on ''Goto Add User'' at the bottom Stage 3: enter following username, Password and e-mail address. This will become the login you use to access the web interface. - Username : '''admin''' - Password : < class password > - e-mail address : Stage 4 should show you the successful user creation, click on '''Generate Config'''. It will show you the config file. Copy all the content and create the config.php file and paste the content in the file. {{{ vi /opt/librenms/config.php }}} Click Next Stage 5: the interface should show, at this point: The config file has been created You can now click ''''Finish install''''. == Configuring LibreNMS == === Setting the SNMP community === Let's change the SNMP community that LibreNMS will try when discovering and adding new devices. First edit the file /opt/librenms/config.php, {{{ # vi /opt/librenms/config.php }}} and find the line: {{{ $config['snmp']['community'] = array("public"); }}} And change it to: {{{ $config['snmp']['community'] = array(""); }}} === Allowed Subnets === Tell LibreNMS which subnets it's allowed to scan automatically By default, LibreNMS will try ask for the list of “neighbors” that network devices "see" on the network. This is done using the Link Layer Discovery Protocol (LLDP) or Cisco's CDP (Cisco Discovery Protocol). But to be on the safe side, and not scan networks outside your organization, LibreNMS needs to be told which subnets it's allowed to scan for new devices. Still in the file /opt/librenms/config.php, find the line: {{{ #$config['nets'][] = "10.0.0.0/8"; }}} And replace this with the following to scan our specific subnets in use by our network and the workshop infrastructure. {{{ $config['nets'][] = "192.248.6.0/24"; }}} === Avoid Duplicate devices === We need to make one more change... Tell LibreNMS not to add duplicate devices To avoid making duplicate devices, add the following line at the bottom of the config.php file: {{{ $config['allow_duplicate_sysName'] = false; }}} === Discovery Method === By default system don't add devices by IP address, we look for a reverse dns name to be found and add with that. If this fails and you would like to still add devices automatically then you will need to set following. {{{ $config['discovery_by_ip'] = true; }}} Finaly we have to define the discovery method. Here we will use ARP to discover devices. to do that add the following line {{{ $config['discovery_modules']['discovery-arp'] = 1; }}} After you've added the above setting, save the file and exit - we’re nearly done! === Add a host === Let's add localhost (i.e.: YOUR virtual server), using the following commands. you can do this from the Web interface: {{{ # cd /opt/librenms # php addhost.php localhost v2c }}} You should see: {{{ Added device localhost (1) }}} Notice we explicitly tell LibreNMS which SNMP community to use. We also assume it's SNMP v2c. If you're using v3, there are additional steps which aren't provided here. === Final Configuration === Discover and Poll newly added hosts LibreNMS first “discovers” each host that has been added. This means that it methodically examines each host you added and figures out what it should monitor. The discover.php script does not automatically scan your network to find new devices. To run this script do: {{{ # cd /opt/librenms # sudo -u librenms php discovery.php -h all }}} NOTE: This could take some time. If you try to add devices that do not yet have an snmp service configured, then the discovery script takes a while to time out. Once this has finished you can now "poll" the hosts. This means LibreNMS now knows what it wishes to monitor for each host, but it has yet to populate its database with initial values for each item. To do this we do: {{{ # sudo -u librenms php poller.php -h all }}} As you can see the poller.php script does quite a bit with just a few devices. When we add it to a cronjob below this helps explain why LibreNMS is a resource intensive tool. === Create cronjob === Create the cronjob which will run periodic tasks required by LibreNMS: {{{ # cd /opt/librenms # cp librenms.nonroot.cron /etc/cron.d/librenms }}} One last thing: edit the file /etc/cron.d/librenms ... {{{ # editor /etc/cron.d/librenms }}} ...and find the line: {{{ */5 * * * * librenms /opt/librenms/cronic /opt/librenms/poller-wrapper.py 16 }}} And change the ''16'' at the end to ''4'' (we have a single processor, and 4 threads is plenty) {{{ */5 * * * * librenms /opt/librenms/cronic /opt/librenms/poller-wrapper.py 4 }}} Save, and exit.