Guys hopefully some straight forward questions for someone with plugin/cacti experience. Totally new to me, but i'm quite conversed in unix. Could'nt find anything in various instructions.
Cacti is running as user cacti on my ubuntu system.
Downloaded netflow plugin
Installed flow-tools
mv flowview plugin folder to cacti/plugins
Installed on cacti and enabled.
Created folder under /var/netflow/flows as per plugin settings under misc on cacti
Question:
Does the /var/netflow/flows and dirs need to be chown to cacti user?
Does the cacti/plugins/flowview dir and subdirs need to be chown to cacti user?
The flow-capture startup script in plugins/flowview/ that gets put in /etc/init.d nicely creates a folder when you create a new listener in cacti, but wont that surely run as root? Would this stop cacti removing the files when it tries to expire them etc?
Rgds
Netflow plugin
Moderators: Developers, Moderators
Re: Netflow plugin
Not sure if you got these answered, but here goes...
1) Does the /var/netflow/flows and dirs need to be chown to cacti user?
I have my flows directory owned by the apache user (www-data, in my case), but the subdirectories (2012-07-etc.) are owned by root. If you do a "ps" and grep for your httpd/apache process you'll see what it's running as.
2) Does the cacti/plugins/flowview dir and subdirs need to be chown to cacti user?
My plugins/flowview directory is owned by root, so I would say as long as it's world/cacti readable it should be fine.
3) The flow-capture startup script in plugins/flowview/ that gets put in /etc/init.d nicely creates a folder when you create a new listener in cacti, but wont that surely run as root?
My flow-capture and flowscan are running as root. Is that a concern for you? I didn't really think too much of it because I'm running behind a firewall. The only issue I can see with that is being able to find a bug in the flow-capture process that would be remotely exploitable over port 2055, maybe.
4) Would this stop cacti removing the files when it tries to expire them etc?
Cacti shouldn't be the one expiring them, but flow-capture. If you look at the command line when it runs, there's a "-e" option, which specifies how many files to keep.
-e expire_count
Retain the maximum number of files so that the total file count is less than expire_count. Defaults to 0 (do not expire).
I chose 6 months and mine came out to "-e 263520", so after that many files, flow-capture would start rolling the old ones off.
1) Does the /var/netflow/flows and dirs need to be chown to cacti user?
I have my flows directory owned by the apache user (www-data, in my case), but the subdirectories (2012-07-etc.) are owned by root. If you do a "ps" and grep for your httpd/apache process you'll see what it's running as.
2) Does the cacti/plugins/flowview dir and subdirs need to be chown to cacti user?
My plugins/flowview directory is owned by root, so I would say as long as it's world/cacti readable it should be fine.
3) The flow-capture startup script in plugins/flowview/ that gets put in /etc/init.d nicely creates a folder when you create a new listener in cacti, but wont that surely run as root?
My flow-capture and flowscan are running as root. Is that a concern for you? I didn't really think too much of it because I'm running behind a firewall. The only issue I can see with that is being able to find a bug in the flow-capture process that would be remotely exploitable over port 2055, maybe.
4) Would this stop cacti removing the files when it tries to expire them etc?
Cacti shouldn't be the one expiring them, but flow-capture. If you look at the command line when it runs, there's a "-e" option, which specifies how many files to keep.
-e expire_count
Retain the maximum number of files so that the total file count is less than expire_count. Defaults to 0 (do not expire).
I chose 6 months and mine came out to "-e 263520", so after that many files, flow-capture would start rolling the old ones off.
Who is online
Users browsing this forum: No registered users and 0 guests