ConfigStore Plugin

[sharekhan]

Hi sir,

How to take backup of firewall ( fortigate / juniper ISG 1000)

[chadd]

Hi sir,

How to take backup of firewall ( fortigate / juniper ISG 1000)

Sorry, but there currently is no support for fortigate, or Juniper equipment.. That being said, I am sure someone out there would be grateful if you were to write in support for it . A while back I responded to someone with a short bit about how to write in support for other equipment - you can find that tutorial here: http://forums.cacti.net/viewtopic.php?f=19&t=39573 toward the bottom of the page. I will make a few changes going forward to that, but it should be simple enough to follow.

Really, all you need to do is:

Write a script and have it return the following array back to the functions.php script:

$backup_results = array('device' => $device['id'],
'btime' => $t,
'directory' => $dir,
'filename' => $filename,
'config' => $data,
'lastchange' => $lastchange,
'username' => $lastuser,
'hostname' => $hostname,
);
It doesn't matter how you get this information, just that it gets sent back to the functions.php script in this format.

Right now, I only have Cisco equipment to test with. If I get time in the future (not any time soon), I can maybe work with someone to add support for more vendors, but right now, I am swamped. Good luck, and let me know if you come up with any code to contribute, and I will try to get it rolled into the next release.

-chadd.

[sharekhan]

SYSLOG not working after upgrade cacti

[noname]

>> SYSLOG not working after upgrade cacti

Does that issue relate to ConfigStore?
If not, create new topic in proper category.

[chadd]

>> SYSLOG not working after upgrade cacti

Does that issue relate to ConfigStore?
If not, create new topic in proper category.

No, not related.

I am however using the latest Syslog plugin with the latest Cacti version - and it is working properly. Good luck.

[gandalf]

I just scanned the docs site for your plugin and did not find it. Would you mind publishing it there?
R.

[chadd]

I just scanned the docs site for your plugin and did not find it. Would you mind publishing it there?
R.

Sure I can do that.

I am in training this week, so it might be a little bit. Are there instructions for this process somewhere? Also, I am doing a pretty extensive re-write of the plugin (lots of adds/improvements/fixes/etc.), so do you want me to just wait until I have the next release, or just put up the code I have? Thanks.

-chadd.

[gandalf]

That's all your choice.
Some hints how to publish are provided at the start of the plugins page.
Else ask.
R.

[sharekhan]

Hi sir,

The below message is getting after taking the backup from configstore ,pls suggest how to solve it

spawn /usr/bin/ssh cacti@192.168.95.3
Could not create directory '/var/www/.ssh'.
The authenticity of host '192.168.95.3 (192.168.95.3)' can't be established.
RSA key fingerprint is d3:d4:00:d5:35:f1:ea:ef:4c:f8:03:3a:c6:9c:72:e7.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/www/.ssh/known_hosts).
cacti@192.168.95.3's password:
Permission denied, please try again.
cacti@192.168.95.3's password: RETURN CODE: 1

[chadd]

Hi sir,

The below message is getting after taking the backup from configstore ,pls suggest how to solve it

spawn /usr/bin/ssh cacti@192.168.95.3
Could not create directory '/var/www/.ssh'.
The authenticity of host '192.168.95.3 (192.168.95.3)' can't be established.
RSA key fingerprint is d3:d4:00:d5:35:f1:ea:ef:4c:f8:03:3a:c6:9c:72:e7.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/www/.ssh/known_hosts).
cacti@192.168.95.3's password:
Permission denied, please try again.
cacti@192.168.95.3's password: RETURN CODE: 1

Your webserver user is doing the SSH to the device (it looks like). SSH, as part of the protocol, keeps a list of "known hosts" in a file in the users home directory (by default). Apparently, in your case, the .ssh directory (where your known_hosts file should exist) either does not exist, or the user does not have access to create/edit files in that directory. Make sure the user running your poller process has access to read/write to the /var/www/.ssh directory. What I do, is make the webserver user the owner of the poller process - that way there are no permission issues. Many people create a user called cactiuser (not sure if this is your case), to run the cacti poller. This is fine, but you just have to make sure that your cactiuser has the access it needs to do the job. I did think about this when writing the plugin, but figured people should be in control of their own security with respect to SSH. You will have issues with this in the future, where you change out a device (and reuse the IP). In that case, SSH will not allow you to connect to the device, because the signature in the known_hosts file does not match that of the new device you put in the network. In that case, you simply have to remove that line from the known_hosts file, and run the backup again. These are all "features" of SSH, intended to keep you safe from attackers - and I did not wish to remove those safe-guards in the interest of making things easy. You however, as the administrator of your Cacti box, can remove all/some of those security features. Just read up on SSH, and you'll find a slue of things you can modify in your server config to make your life easier (disable known_hosts, etc.), while making SSH less safe (it is a give and take - security over ease of use). Hope this answers your question.

-chadd.

[BrentW]

Hi there

Maybe some else will find this usefull...
We still have CatOS switches that require backing up......
So ammended some files and created a CatOS backup script
Put then into the ../configstore/lib/ folder.....
Files are:
- cisco_Catos-ssh.exp
- cisco_Catos-telnet.exp
- cisco-Catos.php

Thanks for configstore

Brent

[chadd]

Hi there

Maybe some else will find this usefull...
We still have CatOS switches that require backing up......
So ammended some files and created a CatOS backup script
Put then into the ../configstore/lib/ folder.....
Files are:
- cisco_Catos-ssh.exp
- cisco_Catos-telnet.exp
- cisco-Catos.php

Thanks for configstore

Brent

Thank you! I am working on 0.8 right now, and will roll your changes into that version.

[tbo34]

Hi
Could u help pls?

cacti v0.8.7g, pia v2.8, configstore v0.7;

The config of router goes to home direction with scp method account; not to config directory pointed in device properties.

Because of not seeing config under right directory; backup fails.
What may be the problem? (i have chmod'ed the configstore directory to 777)

I cannot see any warning-error in cacti log. debug output is as below.

spawn /usr/bin/ssh admin@192.168.2.1
Password:

Router#copy run scp://192.168.2.200
Address or name of remote host [192.168.2.200]? 192.168.2.200
Destination username [admin]? mrtg
Destination filename [router-confg]? Router_Config.cfg
Writing Router_Config.cfg
Password:
Sink: C0644 32935 Router_Config.cfg
!!!!!!!
32935 bytes copied in 5.392 secs (6108 bytes/sec)
Router#show version
Cisco Internetwork Operating System Software
..........
..........

Configuration register is 0x2102

Router#
Router#
RETURN CODE: 0

[chadd]

Hi
Could u help pls?

cacti v0.8.7g, pia v2.8, configstore v0.7;

The config of router goes to home direction with scp method account; not to config directory pointed in device properties.

Because of not seeing config under right directory; backup fails.
What may be the problem? (i have chmod'ed the configstore directory to 777)

I cannot see any warning-error in cacti log. debug output is as below.

spawn /usr/bin/ssh admin@192.168.2.1
Password:

Router#copy run scp://192.168.2.200
Address or name of remote host [192.168.2.200]? 192.168.2.200
Destination username [admin]? mrtg
Destination filename [router-confg]? Router_Config.cfg
Writing Router_Config.cfg
Password:
Sink: C0644 32935 Router_Config.cfg
!!!!!!!
32935 bytes copied in 5.392 secs (6108 bytes/sec)
Router#show version
Cisco Internetwork Operating System Software
..........
..........

Configuration register is 0x2102

Router#
Router#
RETURN CODE: 0

First thing I would do, is check to make sure you gave the correct path to your backup directory in the settings panel:

Backup Directory Path
The path to where your Configs will be backed up, it must be the path that the local TFTP Server, or SCP user writes to.

That is where the "server root" is.

Then, on a per device basis, you can point to a sub directory inside that root directory:

Directory
This is the relative directory structure used to store the configs.

Hope this helps.

-chadd.

[tbo34]

thanks for reply,
i have gone to one step further;
my first router's config goes to its config-subdirectory with its date-time in filename; does not give fail - no problem here.
(interestingly it also goes under main scp directory without date-time - is it supposed to be so?).

but the second router i added gives fail; it goes under main scp directory like the first one; but it doesn't go to subdirectory i pointed.
it gives RETURN CODE=1

spawn /usr/bin/ssh admin@192.168.100.242
admin@192.168.100.242's password:

Router_4507#copy run scp://192.168.2.200
Address or name of remote host [192.168.2.200]? 192.168.2.200
Destination username [admin]? mrtg
Destination filename [router_4507-confg]? Router_4507.cfg
Writing Router_4507.cfg
Password:
!!RETURN CODE: 1