Percona apache 템플릿을 이용하기 위해서는 ss_get_by_ssh.php 스크립트의 수정이 필요 하며
cacti 계정이 접속 할수 있도록 cshs 작업이 필요 합니다.
Apache httpd.conf 파일 수정 및 apache 재시작
root@bsd11:~ # root@bsd11:~ # cd /usr/local/etc/apache24/ root@bsd11:/usr/local/etc/apache24 # vi httpd.conf <Location /server-status> SetHandler server-status Order Deny,Allow Deny from all Allow from localhost </Location> root@bsd11:~ # service apache24 restart
Allow from Domain 또는 localhost 로 설정 합니다.
Percona Apache 템플릿을 import 합니다.
root@bsd11:~ # root@bsd11:~ # root@bsd11:~ # php /usr/local/share/cacti/cli/import_template.php --filename=/usr/local/share/percona-monitoring-plugins/cacti/templates/cacti_host_template_percona_apache_server_ht_0.8.6i-sver1.1.3.xml Read 74554 bytes of XML data Import ResultsCacti has imported the following items for the Template: CDEF [success] Percona Turn Into Bits CDEF [unchanged] [success] Percona Negate CDEF [unchanged] GPRINT Preset [success] Percona Apache Server Version t1.1.3:s1.1.3 [new] [success] Percona Apache Server Checksum e5bcdec29950a544697949887ac841b4 [new] [success] Percona Normal [unchanged] Data Input Method [success] Percona Get Apache Stats/Apache Requests IM [new] [success] Percona Get Apache Stats/Apache Bytes IM [new] [success] Percona Get Apache Stats/Apache CPU Load IM [new] [success] Percona Get Apache Stats/Apache Workers IM [new] [success] Percona Get Apache Stats/Apache Scoreboard IM [new] Data Template [success] Percona Apache Requests DT [new] [success] Percona Apache Bytes DT [new] [success] Percona Apache CPU Load DT [new] [success] Percona Apache Workers DT [new] [success] Percona Apache Scoreboard DT [new] Graph Template [success] Percona Apache Requests GT [new] [success] Percona Apache Bytes GT [new] [success] Percona Apache CPU Load GT [new] [success] Percona Apache Workers GT [new] [success] Percona Apache Scoreboard GT [new] Device Template [success] Percona Apache Server HT [new] root@bsd11:~ #
ss_get_by_ssh.php 스크립트 수정 및 퍼미션 변경
root@bsd11:~ # root@bsd11:~ # cd /usr/local/share/cacti/scripts/ root@bsd11:/usr/local/share/cacti/scripts # vi ss_get_by_ssh.php $ssh_user = 'cacti'; # SSH username $ssh_port = 22; # SSH port $ssh_iden = '-i /usr/share/cacti/cacti/.ssh/id_rsa'; # SSH identity root@bsd11:/usr/local/share/cacti/scripts # chown cacti:cacti ss_get_by_ssh.php
cacti 유저 디렉토리 생성
root@bsd11:~ # cd /usr/local/share/cacti/ root@bsd11:/usr/local/share/cacti # mkdir -p cacti/.ssh root@bsd11:/usr/local/share/cacti # chown -R cacti:cacti cacti/
chsh 명령어를 사용하여 cacti 유저 데이터베이스 파일을 변경합니다.
root@bsd11:~ # root@bsd11:~ # root@bsd11:~ # chsh cacti #Changing user information for cacti. Login: cacti Password: * Uid [#]: 107 Gid [# or name]: 107 Change [month day year]: Expire [month day year]: Class: Home directory: /usr/local/share/cacti/cacti Shell: /bin/csh Full Name: Cacti Sandbox Office Location: Office Phone: Home Phone: Other information:
cacti 유저와는 별도로 다른유저로 생성을 하였지만 정상적으로 그래프를 생성하지 못하였습니다.
ssh-key 생성
root@bsd11:~ # root@bsd11:~ # root@bsd11:~ # su - cacti % pwd /usr/local/share/cacti/cacti % ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/usr/local/share/cacti/cacti/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/local/share/cacti/cacti/.ssh/id_rsa. Your public key has been saved in /usr/local/share/cacti/cacti/.ssh/id_rsa.pub. The key fingerprint is: SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 cacti@bsd11 The key's randomart image is: +---[RSA 2048]----+ | ..oo.+. | | . * | | = . | | O o | | . S O | |. . + B = | |.+ . o @ . | |+o+.+ o =. | |=XXE.. .o. | +----[SHA256]-----+ % % cd .ssh/ % cat id_rsa.pub >> authorized_keys % chmod 600 authorized_keys
ssh 접속 테스트
% % ssh 127.0.0.1 The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:nIS4vw3Qw73/gmtI4JHoLs3h89qMlBRF68h8qfklpt8. No matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. % logout Connection to 127.0.0.1 closed. % % ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:nIS4vw3Qw73/gmtI4JHoLs3h89qMlBRF68h8qfklpt8. No matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. Last login: Sun Nov 19 02:33:19 2017 from localhost FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. % logout Connection to localhost closed. %
ss_get_by_ssh.php 스크립트 테스트 ( cacti 유저를 이용합니다.)
정상
% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type apache0.0.1 --items gg,gh gg:1 gh:2048%
비정상
% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type apache --host 127.0.0.1 --items gg,gh gg:-1 gh:-1%
비정상일 경우 gg:-1 , gh: -1 로 값이 표기 됩니다.
웹브라우저 설정
Templates -> Data Source 에서 apache 템플릿을 검색 합니다.
Apache 템플릿을 클릭하여 Hostname 을 localhost 로 변경 합니다.
Management -> Devices 로 이동합니다.
ADD 버튼을 클릭하여 Device 를 추가 합니다.
Description : Apache-Server
Hostname : 127.0.0.1
Device Template : Percona Apache Server HP
Create 버튼을 클릭합니다.
Create Graphs for this Device 를 클릭합니다.
(우측상단)
모니터링 항목을 선택후 Create 버튼을 클릭합니다.
Graphs 메뉴를 클릭후 Device 를 Apache-Server 로 변경 하여 모니터링을 합니다.
최초 그래프 생성까지 약 5분 ~ 10분 정도 소요 됩니다.
모니터링 결과값 확인 (15분 경과)
/var/log/auth.log 확인
정상적인 로그
root@bsd11:~ # tail -f /var/log/auth.log Nov 19 02:58:00 bsd11 sshd[2023]: Accepted publickey for cacti from 127.0.0.1 port 57872 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 02:58:00 bsd11 sshd[2025]: Received disconnect from 127.0.0.1 port 57872:11: disconnected by user Nov 19 02:58:00 bsd11 sshd[2025]: Disconnected from 127.0.0.1 port 57872 Nov 19 03:00:10 bsd11 sshd[2126]: Accepted publickey for cacti from 127.0.0.1 port 51733 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 03:00:10 bsd11 sshd[2128]: Received disconnect from 127.0.0.1 port 51733:11: disconnected by user Nov 19 03:00:10 bsd11 sshd[2128]: Disconnected from 127.0.0.1 port 51733 Nov 19 03:01:00 bsd11 sshd[2292]: Accepted publickey for cacti from 127.0.0.1 port 41944 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 03:01:00 bsd11 sshd[2295]: Received disconnect from 127.0.0.1 port 41944:11: disconnected by user Nov 19 03:01:00 bsd11 sshd[2295]: Disconnected from 127.0.0.1 port 41944 Nov 19 03:02:21 bsd11 sshd[2450]: Accepted keyboard-interactive/pam for root from 112.187.207.28 port 12688 ssh2 Nov 19 03:04:00 bsd11 sshd[2502]: Accepted publickey for cacti from 127.0.0.1 port 17207 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 03:04:01 bsd11 sshd[2504]: Received disconnect from 127.0.0.1 port 17207:11: disconnected by user Nov 19 03:04:01 bsd11 sshd[2504]: Disconnected from 127.0.0.1 port 17207
비정상적인 로그
root@bsd11:~ # tail -f /var/log/auth.log Nov 19 03:00:10 bsd11 sshd[2126]: Accepted publickey for cacti from 127.0.0.1 port 51733 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 03:00:10 bsd11 sshd[2128]: Received disconnect from 127.0.0.1 port 51733:11: disconnected by user Nov 19 03:00:10 bsd11 sshd[2128]: Disconnected from 127.0.0.1 port 51733 Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost Nov 19 03:01:00 bsd11 sshd[2292]: Accepted publickey for cacti from 127.0.0.1 port 41944 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 03:01:00 bsd11 sshd[2295]: Received disconnect from 127.0.0.1 port 41944:11: disconnected by user Nov 19 03:01:00 bsd11 sshd[2295]: Disconnected from 127.0.0.1 port 41944 Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost Nov 19 03:02:21 bsd11 sshd[2450]: Accepted keyboard-interactive/pam for root from 112.187.207.28 port 12688 ssh2 Nov 19 03:04:00 bsd11 sshd[2502]: Accepted publickey for cacti from 127.0.0.1 port 17207 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 Nov 19 03:04:01 bsd11 sshd[2504]: Received disconnect from 127.0.0.1 port 17207:11: disconnected by user Nov 19 03:04:01 bsd11 sshd[2504]: Disconnected from 127.0.0.1 port 17207
Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost 메시지가 출력 됩니다.