Commands preceded with "$" imply that you should execute the command as a general user - not as root.
Commands preceded with "#" imply that you should be working as root.
Commands with more specific command lines (e.g. "rtrX>" or "mysql>") imply that you are executing commands on remote equipment, or within another program.
These instructions assume you are the root user. If you are not, prepend ''sudo'' to the shell commands (the ones that aren't at ''mysql>'' prompts) or temporarily invoke root privileges with ''sudo -s''.
The LibreNMS software has already been installed on your Campus Network Monitoring and Management Server by the workshop instructors. All you will need to do is learn how to configure it, add devices, and then watch the system monitor your campus network.
If you are interested in reading how the software was installed, please consult the notes describing the installation and tuning of LibreNMS. It is quite straightforward, once you know how!
Before we configure LibreNMS, we need to configure the SNMP community string on all the routers and the switches in our campus.
The IP address of the management system we will be setting up is 100.68.X.130 (replace X with your campus number). We will create an access control list to permit SNMP queries from any address in the campus server subnet, and also from the central classroom servers on 100.68.100.0/24.
We will use the community string NetManage, and only allow members of access-list 99 access to the device. Finally, we tell the device to retain the interface index through reboots and the addition or removal of interfaces.
Here is a sample configuration:
access-list 99 permit 100.68.X.128 0.0.0.15
access-list 99 permit 100.68.100.0 0.0.0.255
!
snmp-server community NetManage RO 99
snmp-server ifindex persistIf your switch or router doesn't take the snmp-server ifindex command, try this SNMP command instead:
snmp ifmib ifindex persistEven though Cisco IOS is one operating system, the implementation details on different platforms can well be different. The latter format tends to be used on more modern devices, especially ethernet switches.
Before proceeding, check that all routers and switches in your campus have SNMP configured.
LibreNMS has two installers; we can choose either a web configuration or manual configuration at the command line. We're going to use the Web installer, which is by far the easier of the two methods.
You can launch the web installer from your laptop’s browser by going to http://librenms.campusX.ws.nsrc.org/install.php. (Of course, replace “X” with your campus number!)
Follow the onscreen instructions.
Stage 0 is a summary of the PHP modules installed, normally you should just click on ''Next Stage''
Stage 1 prompts you for the database settings. Enter
DB Host: localhost
DB User: librenms
DB Pass: <CLASS_PASSWORD>
DB Name: librenms
Stage 2 is the DB creating itself - it should finish correctly, and you simply click on ''Goto Add User'' at the bottom
Stage 3: enter a username, password and E-mail address. This will become the login you use to access the web interface.
We suggest you use ''sysadm'', the class password, and your own E-mail address.
Stage 4 should show you the successful user creation, click on ''Generate Config''
Stage 5: the interface should show, at this point:
The config file has been createdYou can now click ''Finish install''.
Note: IF the installer tells you it can't write the configuration file, you might need to log into your NMM server and change the ownership of the configuration file this:
$ sudo -s
# chown www-data /opt/librenmsYou should try and fix the problem, and reload http://librenms.campusX.ws.nsrc.org/install.php.
Ask the instructors if you still have problems.
You can now follow the instructions and click where it says ''click here to login to your new install''.
The installer will complain that some set up hasn’t been completed. This is referring to the fact that the /opt/librenms directory is owned by www-data rather than by librenms. So let’s fix this now. Still logged into your NMM server:
# chown -R librenms:librenms /opt/librenmsA useful tool is provided with LibreNMS to help verify that the software is installed correctly. Let’s try the tool out:
# cd /opt/librenms
# ./validate.phpYou may see warnings about the software not being up to date, and some more warnings about permissions. You’ll also see a complaint that the poller has never run - but don’t worry about that as we’ll fix that shortly.
We can now secure the /opt/librenms directory again:
# chown librenms /opt/librenmsWe also need to edit the LibreNMS configuration file /opt/librenms/config.php and change the commented out line :
#$config['rrdcached'] = "unix:/var/run/rrdcached.sock";to:
$config['rrdcached'] = "unix:/var/run/rrdcached/rrdcached.sock";so that we can make use of rrdcached, which makes LibreNMS operate more efficiently on our server.
Create the cronjob which will run periodic tasks required by LibreNMS:
# cd /opt/librenms
# cp librenms.nonroot.cron /etc/cron.d/librenmsOne last thing: edit the file /etc/cron.d/librenms and find the line:
*/5 * * * * librenms /opt/librenms/cronic /opt/librenms/poller-wrapper.py 16And change the ''16'' at the end to ''4'' (we have a single processor, and 4 threads is plenty)
*/5 * * * * librenms /opt/librenms/cronic /opt/librenms/poller-wrapper.py 4Save, and exit.
Now that we have LibreNMS ready to run, we can log in to the web interface (if not already there) and start adding devices. We can add them by the command line, or we could get LibreNMS to automatically discover the hosts, but it is easiest just to add via the web interface.
At the web interfaces, click on Devices and then Add Device. You need to add all of the following devices:
localhost - our NMM server
bdr1.campusX.ws.nsrc.org - our campus border router
core1.campusX.ws.nsrc.org - our campus core router
dist1-b1.campusX.ws.nsrc.org - distribution switch in building 1
edge1-b1.campusX.ws.nsrc.org - edge switch 1 in building 1
edge2-b1.campusX.ws.nsrc.org - edge switch 2 in building 1
dist1-b2.campusX.ws.nsrc.org - distribution switch in building 2
edge1-b2.campusX.ws.nsrc.org - edge switch 1 in building 2
edge2-b2.campusX.ws.nsrc.org - edge switch 2 in building 2
In all cases, the SNMP community string is NetManage, and the SNMP version is v2c.
Each time you add a device, LibreNMS will test the connectivity to it via ping and snmp poll. If either fails, LibreNMS will refuse to add the device. Don’t force it to accept the device if the connectivity tests fail - find out what has gone wrong and fix it:
Did you remember to add the SNMP configuration on the network device?
Is the network from the NMM server to the network device working?
Once you have successfully added the device, LibreNMS then will snmpwalk the entire MIB tree on the device, figure out what is what and build database entries for everything with initial counters set. 5 minutes later it will run again and just query the specific bits it has decided to measure and update the counter entries so that graphs can begin to form. This is why initial graphs in LibreNMS can take up to 10-15 minutes to appear.
Note: we have called our NMM Server localhost because that’s how the SNMP configuration was set up by the instructors. If you want to be able to use the full name of your NMM server, you will need to edit the /etc/hosts file to add an alias for srv1.campusX.ws.nsrc.org to the entry for the localhost:
127.0.0.1 localhost srv1.campusX.ws.nsrc.orgAfter that, references to srv1.campusX.ws.nsrc.org will use 127.0.0.1.
Once all the hosts are added, in a few minutes time you will start to see graphs and information appearing for all the devices in your network. Click on Devices and then All Devices, and browse through the graphs and information displayed for your network equipment.
You can add some additional devices via the LibreNMS web interface. Why not add:
noc.ws.nsrc.org
www.ws.nsrc.org
vtp.ws.nsrc.org
using the class SNMP community.
This appendix includes some of the command line tools for driving LibreNMS. Useful if you want to script any set up, or find that the command line is faster for getting started than working through the web interface.
By default, LibreNMS will try ask for the list of “neighbors” that network devices "see" on the network. This is done using the Link Layer Discovery Protocol (LLDP) or Cisco's CDP (Cisco Discovery Protocol).
But to be on the safe side, and not scan networks outside your organization, LibreNMS needs to be told which subnets it's allowed to scan for new devices.
Edit the /opt/librenms/config.php file and find the line:
#$config['nets'][] = "10.0.0.0/8";
#$config['nets'][] = "172.16.0.0/12";
#$config['nets'][] = "192.168.0.0/16";And replace this with the following to scan our specific subnets in use by our campus network and the workshop infrastructure. Where you see an X below replace that with your campus number:
$config['nets'][] = "10.10.0.0/16";
$config['nets'][] = "172.2X.0.0/19";
$config['nets'][] = "100.68.X.0/24";We need to make one more change...
A situation can happen where two devices have duplicate SNMP sysName. (that's hostname in IOS) They could be two different devices, so it would be a good idea to have LibreNMS automatically add and monitor them.
But it can also happen that the SAME device is seen multiple times by LibreNMS - once using LLDP/CDP, and another time via OSPF (for example).
In that case, it ends up added twice. For instance, you may suddenly see two devices called rtr2-fa0-0.ws.nsrc.org and rtr2, and this is not what we want.
Since "both" devices are in fact the same, their SNMP sysName will be identical, and we can tell LibreNMS to NOT add devices if one already exists with the same sysName - after all, this shouldn't happen in a well configured network! :)
Here's an example of this:
2016-07-06 20:16:47 rtr4 discovery Device rtr4 (10.10.0.224) (port FastEthernet0/0) autodiscovered through CDP on rtr1.ws.nsrc.org
2016-07-06 20:09:45 rtr4-fa0-0 discovery Device rtr4-fa0-0.ws.nsrc.org (10.10.0.224) (port ) autodiscovered through OSPF on rtr1-fa0-0.ws.nsrc.orgTo avoid this, we will add the following setting:
$config['allow_duplicate_sysName'] = false;... this will prevent LibreNMS from adding the device if it exists already with the same sysName. You will be able to see if there are duplicate devices deteced in the Event Log (Overview -> Event Log).
After you've added the above setting, save the file and exit - we’re nearly done!
Let's add localhost (i.e.: YOUR virtual server), using the following commands:
# cd /opt/librenms
# php addhost.php localhost NetManage v2cYou should see:
Trying community NetManage ...
Added device localhost (1)Notice we explicitly tell LibreNMS which SNMP community to use. We also assume it's SNMP v2c. If you're using v3, there are additional steps which aren't provided here.
Adding the campus devices into LibreNMS can be done by hand, at the command prompt, like this (replace X with your campus number):
# cd /opt/librenms
# php addhost.php bdr1.campusX.ws.nsrc.org NetManage v2c
# php addhost.php core1.campusX.ws.nsrc.org NetManage v2c
# php addhost.php dist1-b1.campusX.ws.nsrc.org NetManage v2c
# php addhost.php edge1-b1.campusX.ws.nsrc.org NetManage v2c
# php addhost.php edge2-b1.campusX.ws.nsrc.org NetManage v2c
# php addhost.php dist1-b2.campusX.ws.nsrc.org NetManage v2c
# php addhost.php edge1-b2.campusX.ws.nsrc.org NetManage v2c
# php addhost.php edge2-b2.campusX.ws.nsrc.org NetManage v2c
LibreNMS performs daily updates by default. At 00:15 system time every day, a git pull --no-edit --quiet is performed. If you don't want this, change the default by editing your ''config.php'' file. Remove the comment (the ''#'' mark) on the line:
#$config['update'] = 0;so that it looks like this:
$config['update'] = 0;