[apache] cacti percona plugins

Percona apache 템플릿을 이용하기 위해서는 ss_get_by_ssh.php 스크립트의 수정이 필요 하며

cacti 계정이 접속 할수 있도록 cshs 작업이 필요 합니다.

 

Apache httpd.conf 파일 수정 및 apache 재시작

root@bsd11:~ # 
root@bsd11:~ # cd /usr/local/etc/apache24/
root@bsd11:/usr/local/etc/apache24 # vi httpd.conf
<Location /server-status>
SetHandler server-status

Order Deny,Allow
Deny from all
Allow from localhost
</Location>
root@bsd11:~ # service apache24 restart

Allow from Domain 또는 localhost 로 설정 합니다.

 

Percona Apache 템플릿을 import 합니다.

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # php /usr/local/share/cacti/cli/import_template.php --filename=/usr/local/share/percona-monitoring-plugins/cacti/templates/cacti_host_template_percona_apache_server_ht_0.8.6i-sver1.1.3.xml
Read 74554 bytes of XML data
Import ResultsCacti has imported the following items for the Template:
CDEF
[success] Percona Turn Into Bits CDEF [unchanged]
[success] Percona Negate CDEF [unchanged]
GPRINT Preset
[success] Percona Apache Server Version t1.1.3:s1.1.3 [new]
[success] Percona Apache Server Checksum e5bcdec29950a544697949887ac841b4 [new]
[success] Percona Normal [unchanged]
Data Input Method
[success] Percona Get Apache Stats/Apache Requests IM [new]
[success] Percona Get Apache Stats/Apache Bytes IM [new]
[success] Percona Get Apache Stats/Apache CPU Load IM [new]
[success] Percona Get Apache Stats/Apache Workers IM [new]
[success] Percona Get Apache Stats/Apache Scoreboard IM [new]
Data Template
[success] Percona Apache Requests DT [new]
[success] Percona Apache Bytes DT [new]
[success] Percona Apache CPU Load DT [new]
[success] Percona Apache Workers DT [new]
[success] Percona Apache Scoreboard DT [new]
Graph Template
[success] Percona Apache Requests GT [new]
[success] Percona Apache Bytes GT [new]
[success] Percona Apache CPU Load GT [new]
[success] Percona Apache Workers GT [new]
[success] Percona Apache Scoreboard GT [new]
Device Template
[success] Percona Apache Server HT [new]
root@bsd11:~ #

 

ss_get_by_ssh.php 스크립트 수정 및 퍼미션 변경

root@bsd11:~ # 
root@bsd11:~ # cd /usr/local/share/cacti/scripts/
root@bsd11:/usr/local/share/cacti/scripts # vi ss_get_by_ssh.php
$ssh_user   = 'cacti';                           # SSH username
$ssh_port   = 22;                                # SSH port
$ssh_iden   = '-i /usr/share/cacti/cacti/.ssh/id_rsa'; # SSH identity

root@bsd11:/usr/local/share/cacti/scripts # chown cacti:cacti ss_get_by_ssh.php

 

cacti 유저 디렉토리 생성

root@bsd11:~ # cd /usr/local/share/cacti/
root@bsd11:/usr/local/share/cacti # mkdir -p cacti/.ssh
root@bsd11:/usr/local/share/cacti # chown -R cacti:cacti cacti/

 

chsh 명령어를 사용하여 cacti 유저 데이터베이스 파일을 변경합니다.

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # chsh cacti
#Changing user information for cacti.
Login: cacti
Password: *
Uid [#]: 107
Gid [# or name]: 107
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /usr/local/share/cacti/cacti
Shell: /bin/csh
Full Name: Cacti Sandbox
Office Location:
Office Phone:
Home Phone:
Other information:

cacti 유저와는 별도로 다른유저로 생성을 하였지만 정상적으로 그래프를 생성하지 못하였습니다.

 

ssh-key 생성

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # su - cacti
% pwd
/usr/local/share/cacti/cacti
% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/local/share/cacti/cacti/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/local/share/cacti/cacti/.ssh/id_rsa.
Your public key has been saved in /usr/local/share/cacti/cacti/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 cacti@bsd11
The key's randomart image is:
+---[RSA 2048]----+
|     ..oo.+.     |
|      .  *       |
|        = .      |
|         O o     |
|      . S O      |
|.    . + B =     |
|.+  .   o @ .    |
|+o+.+    o =.    |
|=XXE..     .o.   |
+----[SHA256]-----+
%
% cd .ssh/
% cat id_rsa.pub >> authorized_keys
% chmod 600 authorized_keys

 

ssh 접속 테스트

%
% ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:nIS4vw3Qw73/gmtI4JHoLs3h89qMlBRF68h8qfklpt8.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
% logout
Connection to 127.0.0.1 closed.
%
% ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:nIS4vw3Qw73/gmtI4JHoLs3h89qMlBRF68h8qfklpt8.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Sun Nov 19 02:33:19 2017 from localhost
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
% logout
Connection to localhost closed.
%

 

ss_get_by_ssh.php 스크립트 테스트 ( cacti 유저를 이용합니다.)

정상

% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type apache0.0.1 --items gg,gh
gg:1 gh:2048%

 

 

비정상 

% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type apache --host 127.0.0.1 --items gg,gh
gg:-1 gh:-1%

비정상일 경우 gg:-1 , gh: -1 로 값이 표기 됩니다.

 

웹브라우저 설정

Templates -> Data Source 에서 apache 템플릿을 검색 합니다.

 

Apache 템플릿을 클릭하여 Hostname 을 localhost 로 변경 합니다.

 

Management -> Devices 로 이동합니다.

ADD 버튼을 클릭하여 Device 를 추가 합니다.

 

Description : Apache-Server

Hostname : 127.0.0.1

Device Template : Percona Apache Server HP

Create 버튼을 클릭합니다.

 

Create Graphs for this Device 를 클릭합니다.

(우측상단)

 

모니터링 항목을 선택후 Create 버튼을 클릭합니다.

 

Graphs 메뉴를 클릭후 Device 를 Apache-Server 로 변경 하여 모니터링을 합니다.

최초 그래프 생성까지 약 5분 ~ 10분 정도 소요 됩니다.

 

모니터링 결과값 확인 (15분 경과)

 

/var/log/auth.log 확인

정상적인 로그

root@bsd11:~ # tail -f /var/log/auth.log
Nov 19 02:58:00 bsd11 sshd[2023]: Accepted publickey for cacti from 127.0.0.1 port 57872 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 02:58:00 bsd11 sshd[2025]: Received disconnect from 127.0.0.1 port 57872:11: disconnected by user
Nov 19 02:58:00 bsd11 sshd[2025]: Disconnected from 127.0.0.1 port 57872
Nov 19 03:00:10 bsd11 sshd[2126]: Accepted publickey for cacti from 127.0.0.1 port 51733 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:00:10 bsd11 sshd[2128]: Received disconnect from 127.0.0.1 port 51733:11: disconnected by user
Nov 19 03:00:10 bsd11 sshd[2128]: Disconnected from 127.0.0.1 port 51733
Nov 19 03:01:00 bsd11 sshd[2292]: Accepted publickey for cacti from 127.0.0.1 port 41944 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:01:00 bsd11 sshd[2295]: Received disconnect from 127.0.0.1 port 41944:11: disconnected by user
Nov 19 03:01:00 bsd11 sshd[2295]: Disconnected from 127.0.0.1 port 41944
Nov 19 03:02:21 bsd11 sshd[2450]: Accepted keyboard-interactive/pam for root from 112.187.207.28 port 12688 ssh2
Nov 19 03:04:00 bsd11 sshd[2502]: Accepted publickey for cacti from 127.0.0.1 port 17207 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:04:01 bsd11 sshd[2504]: Received disconnect from 127.0.0.1 port 17207:11: disconnected by user
Nov 19 03:04:01 bsd11 sshd[2504]: Disconnected from 127.0.0.1 port 17207

 

비정상적인 로그

root@bsd11:~ # tail -f /var/log/auth.log
Nov 19 03:00:10 bsd11 sshd[2126]: Accepted publickey for cacti from 127.0.0.1 port 51733 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:00:10 bsd11 sshd[2128]: Received disconnect from 127.0.0.1 port 51733:11: disconnected by user
Nov 19 03:00:10 bsd11 sshd[2128]: Disconnected from 127.0.0.1 port 51733
Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost
Nov 19 03:01:00 bsd11 sshd[2292]: Accepted publickey for cacti from 127.0.0.1 port 41944 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:01:00 bsd11 sshd[2295]: Received disconnect from 127.0.0.1 port 41944:11: disconnected by user
Nov 19 03:01:00 bsd11 sshd[2295]: Disconnected from 127.0.0.1 port 41944
Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost
Nov 19 03:02:21 bsd11 sshd[2450]: Accepted keyboard-interactive/pam for root from 112.187.207.28 port 12688 ssh2
Nov 19 03:04:00 bsd11 sshd[2502]: Accepted publickey for cacti from 127.0.0.1 port 17207 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:04:01 bsd11 sshd[2504]: Received disconnect from 127.0.0.1 port 17207:11: disconnected by user
Nov 19 03:04:01 bsd11 sshd[2504]: Disconnected from 127.0.0.1 port 17207

Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost 메시지가 출력 됩니다.

 

 

댓글 남기기