On 6/16/2010 8:44 AM, Whit Blauvelt wrote:
On Wed, Jun 16, 2010 at 08:01:26AM -0500, Les Mikesell wrote:
If have firewalling to protect from security issues, why not just run an older version of cacti?
Sensible suggestion. One, it's not obvious where to find an older version.
It's on sourceforge... If you expand the 'all files' list you can go back to 0.5 here: http://sourceforge.net/projects/cacti/files/ and you should be able to grab any revision you want with a subversion client, or browse them here: http://svn.cacti.net/viewvc/.
If you want old Centos RPMs, try http://vault.centos.org.
Two, hours of attempting to get cacti to work have led me to be underimpressed with the whole project.
That's odd because other than the usual php version issues I've always considered cacti to be the easiest of the graphing tools to get working - but I haven't tried the most recent versions.
Three, we have good external firewalling, and are a small enough shop not to worry about malicious employees. But if an employee manages to get a virus on their Windows box due to some new drive by zero day exploit, some viruses probe the LAN with requests to check if known-vulerable web apps exist there (ahem, this has happened to us, and I've seen the probes). While we could tighten internal firewall rules more, bottom line is running known-insecure web apps on an5 LAN isn't a brilliant idea, even if I did a few messages back indicate a willingness to make that compromise.
If you are willing to hack some ugly-looking xml files that specify the oids and time intervals you can probably make opennms work for you - and you might find its other features (thresholding, notifications, etc.) useful too.