LibreNMS dump devices in MySQL database

Posted on June 26, 2019 by admin

All the devices are stored in the librenms datebase devices table.

You can dump all of them with the following command from a shell prompt.

sudo mysql -u librenms  -p librenms -e "select hostname,sysName from devices"

Example output

[jim@localhost ~]$ sudo mysql -p librenms -e "select hostname,sysName from devices"
 Enter password:
 +----------------------------------------+--------------------------------+
 | hostname                               | sysName                        |
 +----------------------------------------+--------------------------------+
 | 192.168.1.1                            | linksys                        |
 | 192.168.1.9                            | wifi-unifi                     |
 +----------------------------------------+--------------------------------+

Install Oxidized on LibreNMS

Posted on March 1, 2019 by admin

Install Oxidized

Install Instructions from here

Install prerequisites

For CentOS, RockyLinux, and Alma Linux.

sudo yum -y install make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++

Install Ruby Gems

If you run into issues with installing the oxidized-web gem because of a ruby version, try installing ruby 2.6.1 via rvm the docs say install 2.1.2, but was having issues with it. 2.6.1 seems fine.

Install Oxidized

Note: If you run into issues with oxidized not being able to ssh into devices, and showing “OpenSSL::PKey::PKeyError with msg “dh#set_pqg= is incompatible with OpenSSL 3.0″” in the log, try installing from git.

gem install oxidized 
gem install oxidized-script
gem install oxidized-web

Run Oxidized twice to generate the config

oxidized

If you have issues running oxidized due to an invalid or self signed ssl cert, you can either fix the cert or ignore it in the oxidized config. https://github.com/ytti/oxidized/pull/618/files

Modify the Oxidized config file in “/root/.config/oxidized/config” to look like this.

Modify the http portion of the config file to look like the following.

http:

    url: https://localhost/api/v0/oxidized

    scheme: https

    secure: false

Setup Config

Put the config file in the users home directory.

vi .config/oxidized/config

Setup the config, Basic config below, edit as needed

---
username: admin
password: password
model: airos
resolve_dns: true
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 127.0.0.1:8888
next_adds_job: false
vars: {}
groups:
   airos:
     username: ubnt
     password: ubnt
   routeros:
     username: admin
     password: 
     vars:
       ssh_port: 2222
 models: {}
 pid: /home/incredigeek/.config/oxidized/pid
 crash:
   directory: /home/incredigeek/.config/oxidized/crashes
   hostnames: false
 stats:
   history_size: 10
 input:
   default: ssh, telnet
   debug: false
   ssh:
     secure: false
   ftp:
     passive: true
   utf8_encoded: true
 output:
   default: file
   file:
     directory: /home/incredigeek/.config/oxidized/configs
 source:
   default: http
   debug: false
   http:
     secure: false
     scheme: https
     url: https://localhost/api/v0/oxidized
     map:
       name: hostname
       model: os
       group: group
     headers:
       X-Auth-Token: '3wq2b87fj4e6fb5987b5812t6ej9709g'
 model_map:
   cisco: ios
   juniper: junos
   mikrotik: routeros

Setup as system service

Find the “oxidized.service” file, should be in

  /usr/local/rvm/gems/ruby-2.6.1/gems/oxidized-0.25.1/extra/oxidized.service

/usr/local/share/gems/gems/oxidized-0.28.0/extra/oxidized.service

and copy it to

  /usr/lib/systemd/system/

Edit it and change the user and try to launch it

systemctl start oxidized

If it fails, you may need to substitute the ExecStart= variable to the following more info

ExecStart=/usr/local/rvm/gems/ruby-2.6.1/wrappers/oxidize

Change the ruby number if yours is different.

Enable the service on system boot up and start

systemctl enable --now oxidized

Check that oxidized is running

systemctl status oxidized

LibreNMS config

Add the following to your /opt/librenms/config.php config file.

# Oxidized configuration
 $config['oxidized']['enabled']                  = TRUE;
 $config['oxidized']['url']                      = 'http://127.0.0.1:8888';
 $config['oxidized']['features']['versioning']   = true;
 $config['oxidized']['group_support']            = true;
 $config['oxidized']['default_group']            = 'default';
 $config['oxidized']['reload_nodes']             = true;
 $config['oxidized']['ignore_os'] = array('linux','windows');
 $config['oxidized']['ignore_types'] = array('server','power');

LibreNMS should now feed Oxidized the devices.

You can check in the LibreNMS interface to see if it is getting the configs. https://librenms/oxidized

Where librenms is your LibreNMS servers ip/hostname.

LibreNMS enable RRDCached on CentOS 7

Posted on February 26, 2019 by admin

Commands from https://docs.librenms.org/Extensions/RRDCached/

Create System Service

sudo vi /etc/systemd/system/rrdcached.service

[Unit]
 Description=Data caching daemon for rrdtool
 After=network.service
 [Service]
 Type=forking
 PIDFile=/run/rrdcached.pid
 ExecStart=/usr/bin/rrdcached -w 1800 -z 1800 -f 3600 -s librenms -U librenms -G librenms -B -R -j /var/tmp -l unix:/run/rrdcached.sock -t 4 -F -b /opt/librenms/rrd/
 [Install]
 WantedBy=default.target

Save with esc + :wq

Enable rrdcached service on boot up and start the service now

systemctl enable --now rrdcached.service

Enable RRDcached in librenms config

vi /opt/librenms/config.php

add/edit the following line. If it is commented out, uncomment it

$config['rrdcached'] = "unix:/run/rrdcached.sock";

Save with esc + :wq

Check the disk IO after a little bit to see if it went down.

Define ssh port for Oxidized group

Posted on February 22, 2019 by admin

Open your Oxidized config

vi .config/oxidized/config

Now edit your groups to include the following, part in bold is what specifies the SSH port. Note it needs to have the vars: line above it.

groups:
   routeros:
     username: admin
     password: password
     vars:
       ssh_port: 2222

Save and quit with esc+:wq and run Oxidized

LibreNMS manually clean up MySQL Syslog Database

Posted on January 7, 2019 by admin

Adding the following option to the config.php file is supposed to delete anything over 30 days.

$config['syslog_purge']                                 = 30;

You can also manually delete the entries out of the MySQL database by logging into MySQL, selecting the librenms database, and running the command below.

The command deletes all entries older than 12/9/2018 at 08:00. Change the date and time as needed.

DELETE FROM syslog WHERE timestamp < '2018-12-9 08:00:00';

The following link has some more clean up options.
https://docs.librenms.org/Support/Cleanup-options/

LibreNMS bulk delete

Posted on November 22, 2018 by admin

There is a php script in /opt/librenms/ that lets you delete a host from the command line.

sudo /opt/librenms/delhost.php 192.168.1.20

Replace 192.168.1.20 with the hostname/ip address of the host you want to delete.

Delete Multiple Hosts

First you’ll need to get a list of devices you want to remove. You can do this by viewing the devices in the LibreNMS MySQL database;

Example:

$ mysql -u librenms -p librenms
MariaDB [librenms]> select hostname from devices;
+----------------------------------------+
| hostname |
+----------------------------------------+
| 192.168.88.1 |
| 192.168.1.20 |
| 192.168.1.12 |
| 192.168.88.5 |
4 rows in set (0.00 sec)
MariaDB [librenms]> exit

Put all the IP addresses you want to remove into a file and run the following for loop. Replace “remove_ip.lst” with the name of your ip list file.

for i in `cat ~/remove_ip.lst`; do sudo /opt/librenms/delhost.php $i; done

LibreNMS Error: Missing dependencies! Run the following command to fix:

Posted on May 14, 2018 by admin

Received this error while trying to access LibreNMS in web browser.

Error: Missing dependencies! Run the following command to fix:

./scripts/composer_wrapper.php install –no-dev

Tried sshing into the LibreNMS server and running the script, but that didn’t fix the issue.

Ran ./validate.php and it came up with the some of the following errors.

[FAIL] Missing PHP extension: mbstring
[FIX] Please install mbstring
[FAIL] The poller (localhost.localdomain) has not completed within the last 5 minutes, check the cron job.
[WARN] Your install is over 24 hours out of date, last update: Thu, 7 May 2018 19:18:35 +0000
[FIX] Make sure your daily.sh cron is running and run ./daily.sh by hand to see if there are any errors.

Installed mbstring. You may need to change the number if yum is complaining about package conflicts. Use “yum search mbstring” to show all the versions available.

yum install php71w-mbstring

Ran ./validate.php again and it wanted this script run

./scripts/composer_wrapper.php install --no-dev

Restart Apache

systemctl restart httpd

Add Self Signed SSL certificate to LibreNMS in CentOS

Posted on February 8, 2018 by admin

Install mod_ssl

yum install mod_ssl -y

Create Directory for SSL key.

mkdir /etc/ssl/key
chmod 700 /etc/ssl/key

Create certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt

Fill out the info or what is applicable.

Now edit the LibreNMS Apache config file /etc/httpd/conf.d/librenms.conf

All you have to do is add the following three lines under the VirtualHost and change *:80 to *:443.

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSL CertificateKeyFile /etc/pki/tls/private/localhost.key

So when your finished the file should look like this.

<VirtualHost *:443>
 DocumentRoot /opt/librenms/html/
 ServerName server_hostname_or_IP
 SSLEngine on
 SSLCertificateFile /etc/pki/tls/certs/localhost.crt
 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
 CustomLog /opt/librenms/logs/access_log combined
 ErrorLog /opt/librenms/logs/error_log
 AllowEncodedSlashes NoDecode
 <Directory "/opt/librenms/html/">
 Require all granted
 AllowOverride All
 Options FollowSymLinks MultiViews
 </Directory>
</VirtualHost>

Don’t forget to allow https/port 443 traffic through the firewall. Guide here

If you have any issues, you may need to chmod the key and crt file.

chmod 644 /etc/pki/tls/certs/localhost.crt
chmod 644 /etc/pki/tls/private/localhost.key

You should now be able to access LibreNMS using https. Note, you’ll need to allow an exception in your browser for your self signed certificate.

https://LibreNMS_IP_Address

Recovering LibreNMS from crashed XenServer VM

Posted on February 6, 2018 by admin

Had a LibreNMS instance crash, or the VM crashed, not bootable anymore. Was able to boot it up on a CentOS iso with rescue mode, which gave me access to the files. So the idea is to manually copy off the LibreNMS files and LibreNMS database and import them to a new LibreNMS instance

Issues

Need to access the the system files
MySQL doesn’t start in a chroot environment, so no way to do a mysqldump — (Has to do with systemv or something)

Steps

Create new LibreNMS VM with a new instance of LibreNMS installed
Gain access to the crashed system
Copy over LibreNMS MySQL databases to new LibreNMS instance
Copy over LibreNMS files “/opt/librenms” to new LibreNMS instance
Clean up. Set users on directories, check SELinux etc.

1. Installing New LibreNMS VM

Guide for Ubuntu/Debian distro’s here
Guide for for Fedora/CentOS/RedHat here

2. Gaining access to crashed VM

There can be a couple of ways to gain access to a crashed XenServer VM. One of the easiest ways is to boot up in recovery mode and go through the installers rescue mode. Guide to boot up XenServer VM in recovery mode here.

The installer rescue mode should detect the OS and mount everything. If not you should be able to mount the root partition manually.

Once booted up, you’ll need to enable network access if your going to use sftp or scp to copy files. There are a few different ways to do this

Run “dhclient” to pull an address via DHCP
Set a static IP address
- Guide for Ubuntu/Debian distro’s here
- Guide for fedora/CentOS/RedHat here

3.Copy LibreNMS Mysql Database

Backup the LibreNMS MySQL database directory

tar czvf librenms_mysql.tgz /var/lib/mysql

Use scp or sftp to copy it to the new LibreNMS instance

scp librenms_mysql.tgz user@new_LibreNMS_ip

Now on the new LibreNMS instance we need to run the following few commands

systemctl stop mariadb
rm -rf /var/lib/mysql/*
tar xzvf librenms_mysql.tgz -C /
chown -R mysql:mysql /var/lib/mysql

4. Copy LibreNMS directory

Backup the LibreNMS directory

tar czvf librenms.tgz /opt/librenms

Use scp or sftp to copy it to the new LibreNMS instance

scp librenms.tgz user@new_LibreNMS_ip

Now on the new LibreNMS instance we need to run the following few commands

rm -rf /opt/librenms/*
tar xzvf librenms.tgz -C /
chown -R librenms:librenms /opt/librenms

5. Clean up

Disable SELinux if you have not already. Guide here

Restart apache, and start mysql. If your on Ubuntu, the services are named apache2 and mysql

systemctl restart httpd
systemctl restart mariadb

That should get it working, if not try a reboot.

Special notes

The whole MySQL directory needs to be copied, there are innodb files that will keep MySQL from starting if they are not copied.

There is some good info here
https://stackoverflow.com/questions/1795176/how-to-change-mysql-data-directory

Install LibreNMS on CentOS

Posted on January 27, 2018 by admin

Install prerequisites

yum install -y epel-release 
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install -y policycoreutils-python cronie fping git httpd ImageMagick jwhois mariadb mariadb-server mtr MySQL-python net-snmp net-snmp-utils nmap php71w php71w-cli php71w-common php71w-curl php71w-gd php71w-mcrypt php71w-mysql php71w-process php71w-snmp php71w-xml php71w-zip python-memcached rrdtool

Setup LibreNMS user

useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms apache

Install LibreNMS

cd /opt
git clone https://github.com/librenms/librenms.git librenms

Configure MySQL

Start MySQL

systemctl start mariadb
mysql -u root

Create the Database and database user. Change password to a different password

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit

Disable MySQL strict mode

vi /etc/my.cnf

Add the following in the [mysqld] section

innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0

Enable and restart mariadb i.e.(MySQL)

systemctl enable mariadb
systemctl restart mariadb

Configure PHP. Set Timezone

You can go here to figure out which time zone you need.

vi  /etc/php.ini

Find the [Date] Section and change the timezone

Example:

date.timezone = America/New_York

Configure Apache

vi /etc/httpd/conf.d/librenms.conf

Add the following, change the server name.

<VirtualHost *:80>
  DocumentRoot /opt/librenms/html/
  ServerName  librenms.example.com

  AllowEncodedSlashes NoDecode
  <Directory "/opt/librenms/html/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>

Enable and restart apache

systemctl enable httpd
systemctl restart httpd

Allow fping

cd /opt/librenms
vi http_fping.tt

Add the following

module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

Configure SELinux

You can disable SELinux completely in the /etc/selinux/config file or run these commands to make LibreNMS and SELinux play together.

semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
setsebool -P httpd_can_sendmail=1
checkmodule -M -m -o http_fping.mod http_fping.tt
semodule_package -o http_fping.pp -m http_fping.mod
semodule -i http_fping.pp

Configure Firewall

firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https

Configure snmpd

cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

Edit the snmpd file and change RANDOMSTRINGGOESHERE to your community string

vi /etc/snmp/snmpd.conf

Enable and restart snmpd

curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd

Setup Cron Job and Cycle logs

cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Set Permisions

chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs

Finish Install

Finish the install by

http://your-server-ip/install.php

Incredigeek

Category Archives: LibreNMS