VSFTPD CONFIG
Firstly, you have to setup VSFTD to display the number of connections, to do this, you have to add this variable setproctitle_enable=YES in the vsftpd.conf file and restart the service.
This setting allows you to monitor the clients, now you can see the connection in the output of ps command, in this case the output looks like this:
vsftpd_daemon_user 11203 1.0 0.3 56320 1548 ? Ss 15:12 0:00 vsftpd: 90.IP.IP.IP: connected
Counting the number of connections is very easy, one script like this is enough:
#!/bin/bash
ps aux | grep vsftp | grep connected | wc -l
We are going to save it as /scripts/ftp-who.sh to use it in the next examples.
Now is time to integrate it on SNMPD config.
SNMPD configuration
We assume that you have installed the net-snmpd package in your CentOS.
We are going to write a simplified config file, the original that comes with CentOS is full of examples, but unfortunately this made the config file more complex to read and harder to understand.
The snmpd.conf is what we call old style config file, with a lot of variables and hard to understand compared with the new XML based config files.
Here is our example and it is fully functional, but not very safe to use in a production environment:
# (ACL)
## com2sec ACLNAME NETWORK COMMUNITY STRING
com2sec local 127.0.0.1/32 compublic
com2sec mynetwork 10.170.90.0/24 compublic
#We create a group with RW permissions and assing an ACL
#Group GROUPNAME TYPE(V1,V2,V3)
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
#We create a group with RW permissions and assing an ACL
#Group GROUPNAME TYPE(V1,V2,V3)
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
# Ramas MIB que se permiten ver
# What MIBs trees that we can see , in this case we can see everything
## view name incl/excl subtree mask(optional)
view all included .1 80
# Establece permisos de lectura y escritura
## group context sec.model sec.level prefix read write notif
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all all
# We can add a script OID
#exec namescript shell file
exec shelltest /bin/sh /scripts/ftp-who.sh
# Contact information
syslocation MOON
syscontact Joe Smith (aaa@a.com)
Now we can restart the service with this config and execute snmpwalk command to be sure that the script is working:
snmpwalk -v1 localhost -c compublic .1.3.6.1.4.1.2021.8.1.extOutput.1
This command will show you the output of the script that you set in the config file, in this case /scripts/ftp-who.sh.
Now you can add your device to Cacti, as you usually do.
Here is an example:
Create devices --> Add (top right corner) --> Fill the fields and click "Create".
Next you have to add graph to the devices, clicking on "Create graph for this host"
Now you have to select in the combo "Create" the option "SNMP Generic OID Template" and click "Create" on the right bottom corner.
Wizard will ask you for the title, legend, color, etc. The important things here are the data source type and the OID fields.
There are four types of data sources:
Gauge: You can use it to see used memory in a server, it saves the value as it arrives and it is useful to our example of FTP users.
Counter: It saves the value rate of change of every step period.The rate of change is calculated as the difference between the present value and the previous value, divided by number of the second of the step (usually 300 seconds is the time fixed in crond for cacti execution), with counter you can assume that the value is always growing, it is good for plotting network bandwidth.
Derive: Is the same as counter, but it can manage negative values.
Absolute: It also saves the rate of change, but it always assumes the previous value is zero.Therefore the present value is saved divided by the number of seconds between the present and the previous value.
It is a little bit hard to understand, but in this url (Catalonian): http://acacha.org/mediawiki/index.php/RRDTool , there is a good example which we are going to copy here:
Values = 300, 600, 900, 1200
Step = 300 seconds
COUNTER DS = 1, 1, 1, 1
DERIVE DS = 1, 1, 1, 1
ABSOLUTE DS = 1, 2, 3, 4
GAUGE DS = 300, 600, 900, 1200
In the OID field, you have to write down the OID that we created in the snmpd.conf in this case .1.3.6.1.4.1.2021.8.1.extOutput.1 .
Finally click on "Create" and you have your Cacti graph generated from snmpd OID which points to a script output.
No comments:
Post a Comment