NeDI: Instalasi di Ubuntu
1. Install dependencies:
sudo apt-get install apache2 libapache2-mod-php5 mysql-server libnet-snmp-perl php5-mysql \ libnet-telnet-cisco-perl php5-snmp php5-gd libalgorithm-diff-perl rrdtool librrds-perl
Note: The command listed above needs to be on one line
2. Setup SSL on the Apache2 webserver:
IMPORTANT – You should always use SSL because Nedi contains a great amount of information about your network. Here is a great step-by-step tutorial on How to setup SSL in Ubuntu
3. Download Nedi:
wget http://www.nedi.ch/pub/nedi-1.0.8.tgz
4. Uncompress and extract the archive:
tar -xzf nedi-1.0-rc6.tgz
5. Move Nedi directory to /opt and fix permissions:
sudo mv nedi /opt/ sudo chown -R www-data:www-data /opt/nedi sudo chmod 775 /opt/nedi/html/log/
6. Create a link to the webserver root:
sudo ln -s /opt/nedi/html/ /var/www/
7. Create a link to the configuration file:
sudo ln -s /opt/nedi/nedi.conf /etc/nedi.conf
8. Create a MySQL database password:
sudo mysqladmin -u root -p password "YourPasswordGoesHere"
9. Initialize the Nedi database:
cd /opt/nedi/ ./nedi.pl -i
10. Answer these prompts:
MySQL admin user: root
MySQL admin pass: <enter the password you created in step #8>
11. Edit /opt/nedi/nedi.conf:
List your SNMP read-only passwords (one per line) List your telnet usernames and passwords (one pair per line)
12. Optional - Edit /opt/nedi/seedlist and add your network devices:
List the IP addresses of your devices (one per line)
13. Restart the webserver (Apache2):
sudo /etc/init.d/apache2 restart
14. Run a discovery of your network and gather your device configurations
cd /opt/nedi/ ./nedi.pl -pob
15. Login to your Nedi website:
http://localhost/html/ User: admin Password: admin IMPORTANT - Change the admin password NOW!
16. Create a script to start/stop Nedi:
nano /opt/nedi/startnedi.sh
17. Paste this text into that file:
#start nedi from crontab. Creates logfiles opts="-pob" CMD="./nedi.pl $opts" LOGPATH="/var/log/nedi" LOGFILE="$LOGPATH/nedi.log" LASTRUN="$LOGPATH/lastrun.log" cd /opt/nedi now=`date +%Y%m%d:%H%M` echo "#$now start # $CMD" > $LASTRUN echo "#$now start" >> $LOGFILE $($CMD >> $LASTRUN) tail -8 $LASTRUN >> $LOGFILE now=`date +%Y%m%d:%H%M` echo "#$now stop" >> $LOGFILE echo "#$now stop" >> $LASTRUN'
Press “Control-O” and then “Enter” to save these changes.
18. Make “startnedi.sh” an executable file, and create a directory to hold Nedi log files:
chmod +x /opt/nedi/startnedi.sh sudo mkdir /var/log/nedi me=`whoami`;sudo chown $me:$me /var/log/nedi
19. Schedule Nedi to run periodically (every 4 hours) using cron:
crontab -e 15 */4 * * * /opt/nedi/startnedi.sh # Discover and gather device configurations
Press “Control-O” and then “Enter” to save these changes.
-or-
Create a file in /etc/cron.d/ containing this information:
15 */4 * * * root /opt/nedi/startnedi.sh # Discover and gather device configurations
Both of these methods will cause the script to run every 4 hours at :15 past the hour beginning with 4:00am.
You can get it running on Debian/Ubuntu within 5 minutes (more details in Generic Installation Procedure):
sudo apt-get install apache2 libapache2-mod-php5 mysql-server libnet-snmp-perl libcrypt-hcesha-perl \ libcrypt-des-perl libdigest-hmac-perl libio-pty-perl libnet-telnet-perl libalgorithm-diff-perl \ librrds-perl php5-mysql php5-snmp php5-gd php5-mcrypt rrdtool libsocket6-perl
Optional (read below for details): libweb-simple-perl libnet-ntp-perl libnet-dns-perl
Then perform the following steps:
create a /nedi folder somewhere (preferable in /var) and extract the tarball. Change permission to www-data In /etc edit apache2/sites-enabled/000-default.conf and adjust document root to /var/nedi/html edit apache2/apache2.conf and change /var/www to /var/nedi/html as well Optionally adjust php5/apache2/php.ini to increase max upload and post size run nedi -i and you should be able to login with admin/admin For security reasons, you should at least limit access to SSL and prohibit showing directory indexes…
Generic Installation Procedure
Satisfy the dependencies listed below. Extract the NeDi archive (e.g. to /var/nedi). Move the files in html to your webserver’s document root (e.g. /var/www/htdocs) or adjust the document root. Edit nedi.conf to fit your needs (Please use the new one as copying your existing config may lead to errors, if new items are missing). If you get ‘Dude, where is nedi.conf?’ link it to /etc. Cd to /var/nedi (or whatever you chose) and type ./nedi.pl -i to initialize the backend. Starting with NeDi 1.4, you can use -i nodrop for updating an existing DB structure without the need for DB admin credentials. Alternatively -i updatedb will do just that without any loss of data. The monitoring daemon moni.pl can be started from commandline, startup script or the GUI. Since syslog.pl requires a priviledged port (514) a simple workaround (to avoid running it as root) would be to forward a high port via system’s FW. This means something like this for Linux: iptables -A PREROUTING -t nat -p udp –dport 514 -j REDIRECT –to-port 1514. Just set $port in syslog.pl to 1514 (or whatever you chose the port to be). Now you can even restart it from the GUI with System-Services. A similar setup can be implemented for snmptrapd: iptables -A PREROUTING -t nat -p udp –dport 162 -j REDIRECT –to-port 1162.
Hardware Requirements
The computer requirements depend on the size of your network (surprised?). A single 2GHz core and 1GB Ram will do fine for networks with 500 devices and 10’000 nodes. You may consider increasing this for larger networks…
The NeDi script itself uses up to 150MB of RAM on a discovery run. If you want to include Tobi’s RRDtool, you’ll need ~200KB disk storage per interface (can be adjusted with rrdsize in nedi.conf).
Software Requirements
The discovery part is programmed in Perl and needs those additional modules:
Net::SNMP Net::Telnet Algorithm::Diff DBI DBD::MySQL RRDs Socket6 LWP::UserAgent (optional HTTP service monitoring and getting info from Cisco phones) Net::DNS::Resolver (optional DNS service monitoring) Net::NTP (optional NTP service monitoring, e.g monitor actual stratum) IO::Tty (optional SSH support) libnet (provides Net::SMTP for alerts)
The frontend requires a webserver providing PHP with the following addons:
SQL SNMP SESSION GD (for Topology-Map) MCRYPT for SHA256 password encryption