Installing jffnms

Installing jffnms

This chapter describes the method to get and install JFFNMS. You probably also want to setup the external programs too. To do this refer to the External Programs for more information.

Getting JFFNMS

JFFNMS is available from SourceForge and its mirrors. For more information on getting JFFNMS look at the JFFNMS website at http://www.jffnms.org/.

Hardware Requirements

A very commonly asked question on the email list is what sort of hardware is required to monitor X number of hosts or interfaces. The problem is there is no simple answer because there are many variables in play. Not only is there inter-dependencies within the hardware itself (e.g. swapping is less of an issue with faster disks) but each poller consumes different amount of resources.

However all is not lost. I have asked members of the mail list to send me their list of hardware and a few other parameters. You have look at the table to get some idea of what people are currently doing. For dual systems that have a separate database server, the database appears on the line below.

Required Packages

For JFFNMS to work, or to enable some optional features, you will need some packages. For those who don't have packages, you'll need to find the various sources and compile it yourself.

An important point is one package you should NOT install is the rrdtool module for PHP. This could be called something like php-rrdtool or php4-rrdtool depending on your distribution. In any case don't install it otherwise you'll get problems.

Source Code

If you have no packaging system listed below, you will either need to work out what packages corresponds to the ones below or find these source code archives and build the programs yourself.

• Apache - Apache web server, essential.
• PHP - Needs to have MySQL, GD and SNMP enabled.
• net-snmp - Optional if you want SNMP alerts so you use snmptrapd. You can use an alternative one if you prefer, but it has to be able to call an external program.
• MySQL - Need this for the libraries (eg to enable PHP MySQL) as well as to supply the main database.
• rrdtool - Round Robin Database, for MRTGlike graphs. See http://www.rrdtool.org/ .
• nmap - Provides TCP ports discovery
• tac-plus - TACACS+ Server for AAA. Optional but handy to have. (get it from the jffnms site)
• msyslog - Modular syslog daemon to insert syslog lines into MySQL or PostgreSQL databases. (get it from the jffnms site)

RedHat-like Packages RPM

• apache - The webserver, essential
• cron - Most likely installed but you need it.
• mysql-server - Holds all the information for JFFNMS
• php - Apache module for running PHP4 scripts
• php-snmp - SNMP module for PHP
• php-mysql - Mysql library so PHP can talk to MySQL.
• php-pgsql - Mysql library so PHP can talk to PostgreSQL.
• rrdtool - Examine and manipulate the RRD graphs. (www.rrdtool.org)
• fping - Fast Ping program (www.fping.com)
• net-snmp* - Provides snmp commands and daemons (was UCD-SNMP)
• nmap - Provides TCP ports discovery
• tac-plus - TACACS+ Server for AAA. Optional but handy to have. (get it from the jffnms site)
• msyslog - Modular syslog daemon to insert syslog lines into MySQL or PostgreSQL databases. (get it from the jffnms site)

Debian Packages

• apache2 - The webserver, essential
• cron - Most likely installed but you need it.
• libapache2-mod-php4 - PHP4 module for apache webserver
• msyslog - Modular syslog daemon to insert syslog lines into MySQL or PostgreSQL databases. (get it from the jffnms site)
• mysql-server - Holds all the information for JFFNMS
• php4-cli - The php cli (command line interface) part
• php4-gd - Drawing graphs.
• php4-mysql - Mysql library so PHP can talk to database.
• rrdtool - Examine and manipulate the RRD graphs.
• snmpd - Provides snmptrapd for SNMP events.
• tac-plus - TACACS+ Server for AAA. Optional but handy to have. Doesn't need to be installed on same server

Initial Configuration

Before you can work with JFFNMS, you will need to tell it where to find the various paths etc. To do this, go to the web location http://sername/admin/setup.php For example if you are installing JFFNMS on your local computer the URL will be http://localhost/admin/setup.php

For details about what the various parameters do, see the section JFFNMS Global Setup.

Cron Jobs

JFFNMS uses cron for a lot of its tasks. Without it no status will be updated or statistics collected. JFFNMS is shipped with an example cron file that you should install.

What does each task do?

• consolidate - Runs the Consolidator Process 3 times every minute.
• poller - Executes the Polling Plan every 5 minutes for each host in parallel, one "thread" for each host.
• autodiscovery_interfaces - Executes the discovery scripts agains each host every 30 minutes and evaluates if it has to add, modify or delete and interface, based on the applied Autodiscovery Policy.
• rrd_analizer - Evaluates SLA conformance based on the SLA Definition applied to each interface.
• tftp get host config - Gets the Host Configuration file via one plugin and stores it in the database. Currently it works for Cisco Routers and Switches using TFTP and SNMP RW.
• cleanup_raw_tables - Deletes one week older "raw" events from the trap, syslog and acct tables.
• satellite_distribution - Distributes Polling information to peer Satellites. (Optional)
• tmpwatch.sh - Cleans the Temporary files folders and old logs in GNU/Linux/Unix systems.

Installing SNMP Extension

If you want JFFNMS to measure your iptables and tc information on a Linux server, you will need to put a SNMP extension in. This extension allows the SNMP daemon to get values about iptables and tc. These values are in turn read and processed by JFFNMS.

The target computer will need PHP4 on it, but only the cli or cgi version. For example, Debian users would install only php4-cli and not php4 (which is the apache version). You will need to note what the php binary is called, on Debian it is called /usr/bin/php.

In the directory docs/utils/jffnms-snmp you will find some PHP files. Copy these files to a target host. It doesn't matter what directory you put them in (but remember which one it is for the next step).

Next, change the snmpd configuration, the file will be something like /etc/snmp/snmpd.conf. I put my php files into the directory /usr/local/share/jffnms-snmp so the configuration lines will look like:

Reload the snmpd so it takes the new configuration and you should be complete.

To test, use the snmpwalk program. For a remote host with IP address 192.168.1.22 using the community of public, the command is "snmpwalk -v 1 -c public 192.168.1.11 .1.3.6.1.4.1.2021.5001". Also try it with the last number of 5002. Both should return some tables.

If all is well, you should now have two new sets of interfaces if you do a manual discovery.

JFFNMS Global Setup

The main setup of JFFNMS is done in the Administration menu item System Setup . The page is also displayed when you are initially setup the system with the url http://servername/admin/setup.php. This page will setup things like the paths and directories as well as check that certain modules are loaded.

This page is also the one you will first see when setting up JFFNMS as certain paths will need to be specified before it can work properly.

Basic Details

The first two items are the version of JFFNMS and the Site Name. You cannot set the version but the Site Name is used for the login screen. Most people put their company's or department's name here.

Database Configuration

JFFNMS needs a database to do its work. This section is how you tell it the details of the database.

Database Type

- JFFNMS can work with either MySQL or PostgreSQL databases. The important thing is to ensure that whatever one you choose that you have the relevant PHP module installed and enabled.

Database Host

- The host or server where the database is located. If the database is on the same computer as where JFFNMS is installed then this field should be "localhost".

Database Name

- Name of the database. This is the same name you created the database with the mysql "mysqladmin create database" or postgresql "createdb" commands.

Database Username and Password

- The database should be protected with a username and password. Enter them here so JFFNMS knows what values to use.

Database Working?

- This field will be a green `Yes' if the parameters are correct and the database is available. If there is a problem it will be a red `No'. See Database Problems for ways to fix this.

System Configuration

It is best to keep them at the defaults. The Operating System should be set correctly to whatever you are using.

Operating System

- JFFNMS can usually work out what sort of system it is on. Set this to either UNIX or windows depending what platform you are running it on.

GUI Access Methods

- Used for satellite mode. Most people should leave this as local.

Satellite Server

- For a server that is a satellite, this is the hostname or IP address of the main JFFNMS server. For non-satellite mode this is blank.

Satellite URI

- The URI for the satellite information. This is only set on the satellite server and is in the format http://satellite hostname/admin/satellite.php. If this field is needed, it should be set automatically.

Paths Configuration

Paths have a lot to play with JFFNMS. There are directories for all sorts of information. Each item in this section has a label for the path, a text box to see or change the path and a state to check if the path is ok or not.

Generally JFFNMS only checks that the directory exists, it currently does not check if the directory is readable (or writable when appropriate).

There can be basically two users that are important to JFFNMS and directory permissions. The first is the "webserver user", that is the user that the webserver runs as, which would be something like www-data, http or www. On badly setup servers it might be nobody. The second user is the "cron user" which is the user that the cron jobs run as. This is really up to the administrator on how they would like to set it up. Systems using the Debian packages have a JFFNMS user for this purpose.

Paths come in two forms. People often get them confused and wonder why some location is not available when they can see it on the server or website.

Filesystem Path

- This is path that exists on the filesystem or the disk drive. Paths like /opt/jffnms or C:
JFFNMS
would be filesystem paths. You can check paths using things like command line prompts. JFFNMS sometimes calls these sorts paths absolute paths.

Webserver Path

- This path is part of a URL for a webserver. It may map directly to a Filesystem path or, using things like symbolic links or apache aliases for example, be just a virtual directory. Webserver paths are accessed from a browser and JFFNMS sometimes calls them relative paths.

Absolute Path

- The filesystem path to the top of the JFFNMS directory tree. Subdirectories of this path would be things like htdocs, lib and engine. Both users need to read the files in the subdirectories.

Webserver Relative Path

- The top of the webserver path or the directory part of the URL. If JFFNMS is installed on a server called mynoc.example.net and you set this field to /jffnms then the URL to get to JFFNMS would be http://mynoc.example.net/jffnms/

TFTP Server Files Path

- The filesystem path where TFTP files will be temporarily put. The cron user needs write access to this directory. When setting up the TFTP server its "root directory" needs to be the same as this value.

RRD Files Path

- The filesystem path where RRD (Round Robin Database) files will be stored. The cron user needs write access and webserver user needs read access.

Engine Temp Files Path

- A filesystem path for temporary files that the poller and other systems use. Both users need write access.

Log Files Path

- A filesystem path for the log files, if they are enabled. cron user needs write access.

Temp Images Absolute Path

- A filesystem path for putting the temporary files that make the images, such as the interface alarm icons. Needs to be writable by webserver user.

WebServer Temp Images Relative Path

- The webserver path for the URLs for the images. In other words the system should be setup so that requests for items that have this field in their URL will get the webserver serving files from the "Temp Images Absolute Path" real directory.

PHP Executable Path

- The full filename of the PHP executable. JFFNMS requires both the PHP module and the separate executable. For most installations it would be either /usr/bin/php or /usr/bin/php4.

GraphViz Neato Executable Path

- Full filename to the neato program which is part of the graphviz package.

RRDTool Executable Path

- Full filename to the rrdtool program.

GNU Diff Executable Path

- Full filename to the GNU diff program. The program is used for things like displaying the differences in configurations of hosts.

NMAP Portscanner Executable Path

- Full filename for the nmap program. Nmap is used for finding TCP and UDP ports on remote hosts.

FPING Executable Path

- Fping is an improved version of the ping program. This executable is used for the reachability interfaces.

SMSClient for SMS via Modem - optional

- The full filename for the smsclient program. You only need this if you are going to send pagers via a telephone modem.

NTPQ Executable - optional

- The full filename for the ntpq program. This is a query client for the NTP protocol and with this you can check that local or remote hosts have their time server synchronized.

PHP Status

The PHP Status section is not for setting parameters, but helps with debugging by checking that various modules and PHP settings have been set.

Changing the PHP setting is done with the php.ini file. Adding PHP modules is highly operating system (and distribution) dependent. Remember that for some distributions installing the module is not enough, you will also need to change the php.ini file to load the module too.

Register Globals set to On

- This means the globals are available everywhere. Most PHP versions now ship with this turned off by default.

Allow URL fopen set to On

- This option allows PHP programs to open connections to URLs (or remote sites). Required for TCP Port content check to work.

SNMP Module Loaded

- You need to have SNMP module loaded if you want to do any SNMP gets. JFFNMS could be used without this module loaded but it would be severely limited in what it could do.

Sockets Module Loaded

- Used to make external connections to remote hosts.

GD Module Loaded

- The GD module is used to generate some graphics, such as the hosts and interfaces alarm boxes.

optional MySQL Module Loaded

- This module allows you to store the information in a MySQL database. Either this module or the PgSQL module needs to be enable for JFFNMS to work.

optional PgSQL Module Loaded

- The module to allow access to a PostgreSQL database.

Perl RegExps Module Loaded

- If you want to use Perl Compatible Regular Expressions (PCREs) this module needs to be loaded. PCREs are generally better and faster than the old POSIX REs.

optional - WDDX Module Loaded

- This module can be used for transferring information from the satellite servers. Recommended if you are using satellites but otherwise not needed.

GUI Options

GUI options are only used to set some of the cosmetic aspects of JFFNMS.

GUI/Auth Login Method

- Most people leave it as login screen, HTTP authentication means you get the standard ugly login box instead.

Login Screen Image URL

- The URL for the login graphic

Login Screen Image Link URL

- The link the user will go to if they click the image.

Custom CSS Stylesheet URL

- If you want to change from the default look, create a CSS Stylesheet and put its URL here.

Installing jffnms