xi惯孤单 的BLOG
用户名：xi惯孤单
文章数：37
访问量：12257
注册日期：
阅读量：5863
阅读量：12276
阅读量：408502
阅读量：1096728
51CTO推荐博文
I.总览 & & & & & & & & & & & & & & & & & & & & &Cacti和Nagios的监控体系可以说是使用广泛而且支持丰富的国内外的运维人员都需要掌握的一套监控体系，这套体系的好处在于使用Cacti的强大画图和自定义画图能力，以及Nagios的可控报警。但是网上的大部分内容都是如何安装，在安装成功如何使用的方面介绍的很少，而真正开始用之后，为了工作需要就需要不断地去Cacti官网查看使用文档，或者论坛去翻别人的帖子，十分麻烦。于是我决定写一篇使用方面的手册，以让大家真正会用这套系统。本文不包含任何Cacti和Nagios的安装工作，如需安装，请移步：。本文所有监控项均使用SNMP监控。本文用的Cacti版本为最新的II.Cacti的使用 & & & & & & & & & & & & & & & & & & &Cacti的常用服务器的画图大部分都是使用模板的形式做的，而Cacti安装好之后本身自带了一部分模板，这些模板虽然可用，但是支持的项目太少，于是我们要寻求更多的模板以及更优化的内容。Cacti的官方的模板库：1：cacti模板的一般加载方法： & &一个Cacti的模板一般有两部分组成。一部分是xml模板文件，另一部分是xml的数据收集文件，虽然这两种文件都是xml格式的，但是你可以很显而易见的就能分出它们的不同。因为它们的文件大小一点都不相似。 & &举个简单的例子：这个是一个windows的监控模板，我们可以简单的根据文件的大小来看。 & &* &大小大于10KB的，那就是xml模板文件。 & &* &大小小于10KB的，那就是xml数据收集文件。Xml模板文件是要在cacti的Web页面的Console选项卡内Import Templates项进行添加： & &而xml数据收集文件，则是要放在Linux上Cacti的安装目录的cacti/resource/snmp_queries中： & &只要将两种类型的xml正确的导入/放入到应有的位置，那么模板就添加成功了。 2：如何在Cacti上添加一个新主机并监控相关的内容：(以添加Linux主机为例)1.创建画图a. 在Cacti的Web页面Console-&Import Templates导入响应的xml模板文件。b. 在Linux上cacti/resource/snmp_queries中放入模板相关的xml数据收集文件。并确保属主和属组均为cacti。c. 点击Console-&Devices，打开设备管理页面。d. 点击右上角的add，添加一个新的机器e. 当主机的信息填好之后，点击Createf. 此时你的页面左上角应该显示：Save Successful，并且已经显示出了主机信息和SNMP信息，如果SNMP信息显示 SNMP error，请查看最后的问题综述。g. 这时我们就可以添加相应的监控项了，在页面最下方的Associated Graph Templates中添加图形模板，在Associated Data Queries中添加数据模板。h. 添加好相应的模板之后点击Save。此时左上角会出现Save Successful.i. 点击右上角的Create Graphs for this Host，来为刚才通过模板所获得到的数据进行画图。j. 选中需要画图的项，其中依然分为两部分： & &通过Graph Templates中的内容都需要选中，而Data Query获取的内容比较详细，所以可以按需选择。k. 选择好需要画图的项目后，点击右下角的Create，左上角会出现被创建出来的画图项。2.在Graphs界面显示新添加主机。a. 在Cacti Web界面Graph Trees中，选择相应的列(或者系统默认的Default Tree)。b. 进去Tree之后，点击右上角的Add，添加一个新的显示项。c. 在Tree Item Type中选择Host，然后在下面的Host中选择我们刚才创建的主机。点击Create。d. 此时，再进入Graphs界面，就可以看到在Default Tree下加入了我们新创建的主机。III.Cacti的常用模板 & & & & & & & & & & & & 1.Windows常用模板 & &Windows一般所需要监控的基本内容有： & &1. & &CPU Use & &2. & &Memory Use & &3. & &Disk Size & &4. & &Interface Traffic & &为了解决基本的监控项，我们需要以下模板。 & &A. & & & &B. & &我们还需要在Windows主机上安装一个软件，以确保SNMP能发送更多的信息为我们提供数据采集： & &使用A模板来监控Windows的CPU项目 & &使用B模板来监控网络，硬盘，内存。 & &最终，添加完相关模板，在创建Windows主机之后，在Devices-&Your Windows host -&页面下方正确添加的各种Templates如下： & &由于Windows模板下都是Data Queries。所以请确保添加完相关的Data Queries之后，所有项目的Status下应该都是Success以及是能看到很多Items以及Rows的。这说明数据正确采集，如果没有，请移步最后问题综述的问题4。 & &最后添加完并且画图的监控结果：2.Linux常用模板 & &Linux与Windows监控的内容基本相同： & &1. & &CPU Use & &2. & &Load Average & &3. & &Memory Usage & &4. & &Swap Usage & &5. & &Disk I/O & &6. & &Disk Size & &7. & &Interface Traffic & &为了解决Linux监控内容，我们使用以下模板： & &A. & & & &B. & & & &C. & & & &最终，添加完相关模板，在创建Linux主机之后，在Devices-&Your Linux host -&页面下方正确添加的各种Templates如下： & &在所有的Linux监控添加后的内容如下：3.Switch && Router的相关模板 & &由于市面上Switch和Router的型号众多，而不同的型号可能就需要不同的模板，不能像Windows和Linux一样进行统一，所以当你需要监控Switch和Router的时候，请Google响应的型号的模板，或者在中进行查找。查找之后添加的过程都大同小异，这里不再赘述。IV：自定义脚本的添加以及监控 & & & & & & & & 很多时候，我们需要为我们独有的环境去指定监控内容，那么如何制定呢？就可以通过自己写脚本的方式进行收集数据。这里我用一个监控QQ在线人数的例子来举例。准备工作：1.我们需要一个脚本，脚本的语言随意，只要在Linux的机器上能够使用运行并且有返回内容。比如我们即将使用的脚本：#!/bin/bash echo "QQ_Now:`curl /online.shtml | grep qqdata | cut -d":" -f 3 | cut -d"&" -f 2 | cut -d"&" -f 1`"
& &此脚本运行之后输出内容为：这个里面只有最后一行是有用的，其他的为curl的抓取信息。2.我们的脚本要放在一个确保Cacti用户可访问的位置。常用的地方是：cacti/scripts/*中，那么当脚本准备停当之后，就开始我们的监控工作。1.创建数据输入方式 & &1. & &在Console--&点击Data Input Methods & &2. & &点击右上角的Add，添加一个新的数据获取方式 & &3. & &点击Create，出现新的项目 & &4. & &新的项目包括Input Fields和Output Fields，即输入内容和输出内容，输入内容其实就是向脚本传递函数，我们这个脚本不需要传递什么参数进去，于是没有，只有Output Fields。 & &5. & &在Output Fields上点击Add，添加新的输出内容。 & &6. & &在Field[Output]中输入我们脚本的输出项：这里我填写“QQ_Now” & &7. & &在Friendly Name中输入解释输出项的内容，内容随意。 & &8. & &勾选Update RRD File后，点击Create & &9. & &然后查看我们整个的数据获取方式信息，点击Save，左上角应出现“Save Successful”2.创建数据源 & &1. & &在Console-&点击Data Sources，进入数据源界面 & &2. & &点击右上角的Add，添加新的数据源 & &3. & &确保Data Template和Host均为None。直接点击Create & &4. & &在新出现的信息面板中输入相关内容 & &5. & &点击Create，此时左上角会出现Save Successful & &6. & &注意系统自动给生成的RRD文件路径，确保里面不会出现连续两个反斜线的路径信息。如果出现，请手动修改为一个反斜线。如：&path_rra&/1194.rrd & &7. & &点击Save，看到Save Successful，则数据源创建成功。3.创建图像 & &1. & &选择Console--& Graph Management，进入图像管理 & &2. & &点击右上角的Add，添加一个新的图像 & &3. & &选择Graph Template以及Host均为None，然后点击Create & &4. & &Title中输入图像的名字，其他保持不变。并点击Create & &5. & &然后你会看到多出的Graph Items，以及中间有一个看不到图的红叉，因为这个图我们还没有定义。 & &6. & &在Graph Items中点击Add，添加画图规则。 & &7. & &添加完画图内容之后，点击Create/Save，返回之前的页面，接下来还要添加数据的展示内容。 & &8. & &再次点击Graph Items中的Add，这次添加的是数据的展示，展示当前值。 & &9. & &设置好后点击Create创建这个项目，然后按照这个方法，分别创建最大值，最小值，平均值的展示内容。 & &10. & 添加好后内容如图。4.将自定义好的图形，加入到Graphs面板 & &1. & &在Cacti Web界面Graph Trees中，选择相应的列(或者系统默认的Default Tree)。 & &2. & &进去Tree之后，点击右上角的Add，添加一个新的显示项。 & &3. & &在Tree Item Type中选择Graph，然后在下面的Graph中选择我们刚才创建的图像。点击Create。 & &4. & &此时，再进入Graphs界面，就可以看到在Default Tree下已经出现了我们新创建的图像。V.Cacti问题 Q & A & & & & & & & & & & & & & 1.填完Drivers信息之后显示红色的SNMP error & &这是由于被监控机的SNMP设置问题，没有允许我们监控机进行监控，或者Community不匹配导致的。 & &Linux可以在/etc/snmp/snmpd.conf中修改/增加发送snmp的机器，以及community。 & &Windows可以在Snmp服务中增加允许发送snmp的机器，以及community。2.添加完图之后，等待了无数时间图依然无法绘制，反馈给我们一个红色的X。 & &首先，如果你是用添加的模板创建的图，那么显示不了的话，很有可能是由于模板太老，或者模板不正确导致的。可以考虑更新作者的最新模板以重新画图。当然，如果图像的确画不出来，那么我们可以打开画图的Debug日志的方式进行排错。 & &进入Graph Management，在Host中选择我们画不出图的那个Host，然后点Go，这样就在下面列出了所有在这个Host中的图像列表，点击那个无法画图的列表。这就进入了我们选定主机的相关图像的设置界面，我们应该可以看到这个界面下方依然有一个红X，证明我们无法画图，所以点击右上角的“Turn on Graph Debug Mode.”来打开Debug日志，这时候，就可以看到页面下方多出了"RRD Tool Command:"的列表，里面详细的描述了RRD工具是如何为我们画图的，这都不是关键，关键是最后的RRD Tool Says:比如 & &这里面是RRD Tool 告诉的我们为什么它无法画图，我们可以看到我当前例子的没有画图的原因是316.rrd这个文件不存在，说明在创建的时候rrd没有正确的创建出这个文件，这就有可能是所用的模板有问题了。 & &在这里，这是一个很好的查看为什么没有画出图的地方，没有画出的图RRD Tool会一一的告诉我们，我们只需要根据它说的来修正，直到RRD Tool Says: OK3.图什么的都有，但是数据都是N/A，这是要闹哪样？ & &这个的解决办法其实跟无法画图的解决一样，就是我们去看数据的Debug日志。 & &进入Data Sources，在Host中选择没有数据的Host，然后在下面的列表中选择没有数据的那个图。进入数据设置界面，然后点击右上角的“Turn on Data Source Debug mode”,然后去分析它的报错。4.在给主机添加Data Query的监控项的时候发现里面没有获取到数据。 & &这时候，如果它获取不到数据，我们就无法给它画图。因为在给它创建的图的界面上显示没有内容。 & &这时候可以直接点击上图中的Debugging下的相关内容，直接打开Debug查看状态。 & &这时就可以看到反馈出得信息，比如上图，发现SNMP无法获取数据。当然也有其他的，比如MIB文件不存在。只要你仔细看它反馈出来的问题，知道问题的根源，就一定能解决。当解决了数据获取之后，可以直接点击右边的绿色的小圆圈，就刷新了数据的获取状态。5.关于cacti下文件的权限问题。 & &Cacti目录中的内容权限并不统一，而且权限要求的也很少，并不像其他的比如Nagios要求的那么多。我们可以简单的保持整个Cacti目录的属主和属组都是Cacti即可。但是有两个特殊的例外： & &第一个是cacti/rra目录，整个目录里的内容是RRD的画图文件自动在里面生成的。而生成之后里面文件的属主和属组到底是谁，取决最终是由哪个用户来创建的，而这个就是在Cacti的那个crontab里控制，如果我们使用的是root用户添加的crontab，那么这个rra目录中的内容属主和属组都是root。同理，如果我们的crontab是在cacti中设置的，那么rra目录中的内容属主和属组都是cacti。 & &第二个目录是cacti/scripts目录,这里面存的大部分都是我们自定义的脚本，一定要确保里面的脚本是cacti用户可执行的。最好的检测方法就是su到cacti用户中，进入这个目录，手动运行一下脚本，查看脚本是否成功执行。========================================================转自：http://foreveryan./558
了这篇文章
类别：┆阅读(0)┆评论(0)We the Cacti Group are proud to release the following:
Cacti 1.0.0
Spine 1.0.0
Important Security Fixes
CVE- PHP Object Injection Vulnerabilities
CVE- allows remote authenticated users who use web authentication to bypass intended access
Important Updates
Remote data collectors (Pollers)
Network discovery and automation
Device management automation
Enhanced user, group and domain management
User interface enhancements
Additional RRDtool graph option support
Merged almost 20 plugins into core
For additional details check out the README located on GitHub -
Contribute
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Cacti 1.0.0 Change Log
feature: Support for remote data collectors
feature: Support Internationalization (i18n) for the main Cacti site, and supported plugins
feature: Data Source Profiles replace RRA settings allowing a single system to have multiple polling intervals
feature: Redesigned Tree page including Drag & Drop functionality
feature: New Graph Permissions system designed to make permissions simple to manage
feature: Add Themes 'Classic', 'Modern', 'Dark', and 'Paw'
feature: Debug Data Sources by comparing them to the Data Template
feature: New special Data Source type to detect the poller interval
feature: Bulk inserts in PHP poller to address latency issues
feature: Optimize data collection through in memory caching giving a 50% reduction in polling times when dealing with large sites
feature: Support RRDtool VDEFs
feature: Support new Graph Items: AREA:STACK, GPRINT:AVERAGE, GPRINT:LAST, GPRINT:MAX, GPRINT:MIN, LINE:STACK, TEXTALIGN, TICK
feature: Support RRDtool features: Right Axis Support, Dynamic Labels, Tab Width, Legend Position, Legend Direction
Resizeable table columns
feature: Deprecated Single Pane Tree View
feature: Role Based Access Control (RBAC)
feature: Support User Group Permissions
feature: Show number of in use Graphs, Data Sources, and Devices for a given Template
feature: Support bulk re-sync of graphs to assigned Graph Template
feature: Bulk Device Settings changes
feature: CDEFs, Colors, GPrint Presets consolidated to Presets menu
feature: Authentication cookies for 'remember me' functionality
feature: Automatic logout after session inactivity
feature: Replace Boost server in favor of RRDtool Proxy
feature: Graph Details include CSV output, zoom, debug, and download links
feature: Graph Export moved to a plugin
feature: User change password functionality
feature: Automation added to core functionality through the merge of the Discovery and AutoM8 plugins
feature: Change interface graphs from 32 bit to 64 bit with ease
feature: Plugins now have hooks in device templates and automation
feature: Allow users to preview template imports to determine if there will be issues from importing
feature: Automatic removal of orphaned graph items when importing newer versions of graph templates
feature: Support for MySQL 5.7
feature: Support for PHP 7.0
feature: Merge Aggregate Plugin - Aggregate graph creation
feature: Merge AutoM8 Plugin - Automation of graph creation
feature: Merge Boost Plugin - Faster polling, result caching, on-demand RRDtool file updates
feature: Merge CLog Plugin - View Cacti logs
feature: Merge Discovery Plugin - Device discovery
feature: Merge Domains Plugin - Support for domain (ADS/LDAP) specific user templates
feature: Merge DSStats Plugin - Cache Data Source values for easy retrieval
feature: Merge Logrotate Plugin - Rotate Cacti logs
feature: Merge Realtime Plugin - Realtime graph viewing
feature: Merge Reporting (Nectar) Plugin - Reporting
feature: Merge RRDclean Plugin - RRD file cleanup and management
feature: Merge Secpass Plugin - User password policy enforcement
feature: Merge Settings Plugin - Shared settings for plugins
feature: Merge SNMP Agent Plugin - SNMP Agent for Cacti providing system statistics
feature: Merge SpikeKill Plugin - Remove unwanted spikes from graphs
feature: Merge SSL Plugin - Force https
feature: Merge SuperLinks Plugin - Add external links within Cacti
feature: Merge UGroup Plugin - User groups with permissions
feature: Merge Watermark Plugin - Watermark your Cacti graphs
bug: Fixed issue where old graph templates (0.8.6-), could import bogus data causing issues with Data Input Methods
bug#0000168: Duplicate data sources should be avoided when creating new graphs
bug#0000851: Review an imported template
bug#0001155: When viewing graph tree do not show empty nodes
bug#0001337: Form to filter for graphs in host view mode
bug#0001552: Date ranges not shown on graphs in the view with Daily, Weekly, Monthly & Yearly graphs
bug#0001573: RRA templates/grouping
bug#0001577: Override session handling and store session in Database
bug#0001790: Allow for XML delimiter in fields of a script query
bug#0001820: Unable to use a Data Input Method Output Field in more than one Data Source Item
bug#0001827: Changing the graph template messes up the graph item fields
bug#0001836: Add mysql error message to log
bug#0001877: Cookies path is not properly set
bug#0001966: Expand Devices in tree view not honored
bug#0001970: Data query index order cache should be populated on re-index
bug#0001981: Cacti is not full UTF-8
bug#0001986: CLI allow add_graphs.php to have multiples --snmp-field and --snmp-value options
bug#0001996: Allow using data input field in graph title
bug#0002096: Enumerated SNMP values not parsed correctly
bug#0002112: CLI add configurable parameters for device_add.php
bug#0002133: Restrict User to only manage specific device(s)
bug#0002135: Regular expression support for filter
bug#0002137: Data query oid_suffix parameter does not function
bug#0002159: Database creation file not fully compliant with strict SQL mode
bug#0002162: Unable to authenticate user with password containing UTF-8
bug#0002196: Incorrect script server instance number in log
bug#0002225: Make -Cc SNMP option configurable
bug#0002255: Script query_unix_partitions.pl should only query local mounts
bug#0002336: Implement php-snmp class library
bug#0002340: Data query script execution should be escaped
bug#0002350: SNMP Data Query index_order ignored
bug#0002351: Ping does not work with non-English locale
bug#0002361: Spine does not log unknowns the same way cmd.php
bug#0002362: Poller cmd.php makes wrong hex-string to decimal conversion
bug#0002370: Cacti prints wrong date formats, does not honor a systems locale
bug#0002403: Typo in DELETE statement leading to poor graphing performance
bug#0002412: Graph Template duplication causes to be converted to TAB char
bug#0002418: Data Source Items named 'ds' break UI ability to add more items
bug#0002419: SNMP enum results not parsed correctly by cmd.php poller
bug#0002452: CVE- PHP Object Injection Vulnerabilities
bug#0002454: OS Command Injection
bug#0002468: Changing graph format to anything but PNG causes no output
bug#0002476: Add support for SNMP v3 EngineID
bug#0002483: Cisco ASA using Re-index method of verify all causes recache event every time
bug#0002484: Incorrect SQL request in cli script repair_database.php
bug#0002521: Unable to create two devices via CLI with the same IP-Address
bug#0002522: Zero padded hex strings are parsed incorrectly
bug#0002535: Graph Template Changes not updating RRDTool command
bug#0002636: Creating Data Template with &U& for min and max saves field data_input_field_id as 0 for first item
bug#0002697: CVE- allows remote authenticated users who use web authentication to bypass intended access
bug#0002698: When the host is down the wrong data type are used for some columns in the host table
bug#0002723: Renaming a disabled device still attempts to connect and get SNMP host information
bug#0002724: Multipage graphs the menu can disappear
bug#0002725: Changing graph template does not mark correct interfaces disabled on data query generated list
Reporting Issues
Download Cacti
Download Spine
The Cacti Group
We the Cacti Group are proud to release the following:
Cacti 0.8.8h
Spine 0.8.8h
We have moved source control to GitHub!
Read about it in announcement post! -
bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression)
bug:0002667: Cacti SQL Injection Vulnerability
bug:0002666: When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck
bug:0002673: CVE- - Cacti graph_view.php SQL Injection Vulnerability
bug:0002676: Outdated MIBs for non-unicast packets
bug:0002677: Index is a MySQL 5.6 reserved word
bug:0002681: generate_graph_def_name() generates reserved word &cf&
The Cacti Group
We the Cacti Group are proud to release the following:
Cacti 0.8.8g
Spine 0.8.8g
We have moved source control to GitHub!
Read about it in announcement post!
Cacti 0.8.8g Change Log
Reporting Bugs
Download Cacti
Download Spine
The Cacti Group
Release of Cacti 0.8.8f
We the Cacti Group are proud to release the following:
Cacti 0.8.8f
Spine 0.8.8f
Cacti 0.8.8f Change Log
bug:.8.8e Poller Script Parser is Broken
bug:0002600: cli/upgrade_database.php is missing releases
bug:0002603: Graph managment graphs.php save button does not work
bug:0002599: Poller Script Parser is Broken
Reporting Bugs
Download Cacti
Download Spine
The Cacti Group
Release of Cacti 0.8.8e
We the Cacti Group are proud to release the following and respectfully ask forgiveness for the disaster release 0.8.8d was...
Cacti 0.8.8e
Spine 0.8.8e
Important Security Fixes
Multiple XSS and SQL injection vulnerabilities
CVE- - SQL injection in graphs.php
Cacti 0.8.8e Change Log
bug: Fixed issue with graph zooming failing to work
bug: Fixed various SQL Injection vectors
bug#0002569: Impossible to have a URL pointing directly to a graph
bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
bug#0002577: CVE- - SQL injection in graphs.php
bug#0002579: SQL Injection Vulnerabilities in data sources
bug#0002580: SQL Injection in cdef.php
bug#0002582: SQL Injection in data_templates.php
bug#0002583: SQL Injection in graph_templates.php
bug#0002584: SQL Injection in host_templates.php
bug#0002586: Cannot delete data sources from the GUI
bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down
bug#0002597: Incorrect value in Hosts column on Host Templates page
bug#0002598: Incorrect row number in Devices -& (Edit) page
We the Cacti Group are proud to release the following:
Cacti 0.8.8d
Spine 0.8.8d
Important Security Fixes
Multiple XSS and SQL injection vulerabilities
Cacti 0.8.8d Change Log
bug: Fixed SQL injection VN: JVN# / TN:JPCERT#
bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
bug#0002391: Odd Behaviour on ReIndex of Data Query Data
bug#0002393: Broken thumbnail images for graph templates
bug#0002402: Subtree must not have the same header as the parent header
bug#0002474: CLI add_device.php dows not set availability_method correctly
bug#0002449: The Save button does not work: Invalid html on page Console -& Cacti Settings: empty form tag
bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
bug#0002439: Password with special character don't work with LDAP authentication
bug#0002461: invalid bn with ldap and anonymous bind
bug#0002465: Graph Export return empty CSV file
bug#0002484: Incorrect SQL request in cli script repair_database.php
bug#0002485: Broken pagenation on graph viewing
bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
bug#0002490: Can not select page for multiple datasources per device
bug#0002494: CSV export always shows last day
bug#0002504: Data template search not functional
bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
bug#0002544: Duplicate entry in $nav_url during list view
bug#0002571: SQL Injection and Location header injection from cdef id CVE-
bug#0002572: SQL injection in graph templates
Cacti Docs user ids are linked to your
The Cacti repository has been moved to github:
We the Cacti Group are proud to release the following:
Cacti 0.8.8c
Spine 0.8.8c
Important Security Fixes
CVE- - XSS issue via installer or device editing
CVE- - SQL injection vulnerability in device editing
CVE- - XSS issue via CDEF editing
CVE- - Cross-site request forgery (CSRF) vulnerability
CVE- - Remote Command Execution Vulnerability in graph export
CVE- - XSS issues in multiple files
CVE- - XSS issue via data source editing
CVE- - XSS issues in multiple files
Important Updates
New graph tree view
Updated graph list and graph preview
Refactor graph tree view to remove GPL incompatible code
Updated command line database upgrade utility
Graph zooming now from everywhere
Cacti 0.8.8c Change Log
bug#0002228: GPL incompatible files included in Cacti project in include/treeview
bug#0002383: Sanitize the step and id variables CVE-, CVE-
bug#0002385: Cannot export host templates while including dependencies
bug#0002386: cli/upgrade_database.php is missing the last two releases
bug#0002390: Poller/script issue with slash and backslash
bug#0002405: SQL injection in graph_xport.php
bug#0002431: CVE- Unspecified HTML Injection Vulnerability
bug#0002432: CVE- Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
bug#0002433: CVE- Unspecified Remote Command Execution Vulnerability
bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
bug#0002446: Subtract plugin processing time from Poller sleep time
bug#0002453: CVE- Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
bug#0002456: CVE- / CVE- - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
bug: Fix issues when SNMP data holds a ”=”; “explode” must be treated accordingly
bug: Fix filter highlighting on data sources for the data template field
bug: correct description of SNMP V3 parameters
feature: Added native jquery, jqueryui, and jstree
feature: Fixed issues with 'Clear' under preview not working
feature: Added new Tree navigation
feature: Added Columns and Thumbnails to Preview
feature: Added Columns to Tree (Preview only)
feature: Both Graphs and Columns default to 'Default'
feature: Resolved Left hand navigation taking entire page
feature: Added new graph zoom to tree view and preview offering a “quick” (default) and an “advanced” mode
Reporting Bugs
Download Cacti
Download Spine
The Cacti Group
Release of Cacti 0.8.8b
We the Cacti Group are proud to release the following:
Cacti 0.8.8b
Spine 0.8.8b
Cacti 0.8.8b Change Log
bug: Fixed issue with custom data source information being lost when saved from edit
bug: Repopulate the poller cache on new installations
bug: Fix issue with poller not escaping the script query path correctly
bug: Allow snmpv3 priv proto none
bug: Fix issue where host activate may flush the entire poller item cache
security: SQL injection and shell escaping issues
Reporting Bugs
Download Cacti
Download Spine
The Cacti Group
User Herve Donati has contributed the
plugin, which used the PREDICT RRDtool feature, allowing for future predictions.
Check it out.
We the Cacti Group are proud to release the following:
Cacti 0.8.8a
Spine 0.8.8a
The Plugin Architecture is now part of the official Cacti release!
Read more at
We the Cacti Group are proud to release the following:
Cacti 0.8.8
Spine 0.8.8
The Plugin Architecture is now part of the official Cacti release!
Read the full announcement:
On Friday December 16th 2011 we were informed by a very nice person that they where able to retrieve the users table for the Cacti forums.
Read more at this post:
We the Cacti Group are proud to release the following:
Cacti 0.8.7i
Spine 0.8.7i
Cacti 0.8.7i with Plugin Architecture version 3.1
Note with this release we are no longer making people patch Cacti to use the Plugin Architecture. We did the work for you and now provide a completely patched release of Cacti with Plugin Architecture version 3.1.
View the bug fixes and enhancements at
We the Cacti Group are proud to release the following:
Cacti 0.8.7h
Spine 0.8.7h
Cacti Plugin Architecture 3.0 for Cacti 0.8.7h
View the bug fixes and enhancements at
The Cacti Group is pleased to announce the beta release of:
Cacti 0.8.7h
Plugin Architecture 3.0 for Cacti 0.8.7h
Spine 0.8.7h
Please test the following in your TESTING environments. DO NOT INSTALL THIS IN YOUR PRODUCTION ENVIRONMENT.
Please report any bugs to
For support issues, please post in the beta discussion .
Beta files can be downloaded from:
has created a couple of walk-through videos for pending 1.0 releases.
You can see them on the bottom of the
The wiki has been upgraded.
If you notice any issues, please post them in this thread:
The Cacti Forums have been upgraded.
If you notice any issues, please post them in this thread:
The following patch was released on
Unified patch that fixes multiple issues and improves windows support.
The fixes include the following bugs:
bug#0001669: Problems with getting data from script using SPINE on Windows Server 2003 x32
bug#0001829: Wrong string numerical value got from Spine SNMP poller
bug: Net-snmp API issues cause spine crashes with some SNMP agents
bug: Host list not properly initialized
bug: Mutex locking issues cause deadlocks in Windows
bug: Escape windows type back slashes in scripts
The patch can be downloaded at
A Windows binary has also been uploaded.
The Windows binary can be downloaded at
Personal Tools
start.txt & Last modified:
11:22 by Linegod