[CentOS] Cacti/snmp question

Wed Jun 16 15:18:27 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 6/16/2010 8:44 AM, Whit Blauvelt wrote:
> On Wed, Jun 16, 2010 at 08:01:26AM -0500, Les Mikesell wrote:
>
>> If have firewalling to protect from security issues, why not just run an older
>> version of cacti?
>
> Sensible suggestion. One, it's not obvious where to find an older version.

It's on sourceforge...  If you expand the 'all files' list you can go 
back to 0.5 here: http://sourceforge.net/projects/cacti/files/ and you 
should be able to grab any revision you want with a subversion client, 
or browse them here: http://svn.cacti.net/viewvc/.

If you want old Centos RPMs, try http://vault.centos.org.

> Two, hours of attempting to get cacti to work have led me to be
> underimpressed with the whole project.

That's odd because other than the usual php version issues I've always 
considered cacti to be the easiest of the graphing tools to get working 
- but I haven't tried the most recent versions.

> Three, we have good external
> firewalling, and are a small enough shop not to worry about malicious
> employees. But if an employee manages to get a virus on their Windows box
> due to some new drive by zero day exploit, some viruses probe the LAN with
> requests to check if known-vulerable web apps exist there (ahem, this has
> happened to us, and I've seen the probes). While we could tighten internal
> firewall rules more, bottom line is running known-insecure web apps on an5
> LAN isn't a brilliant idea, even if I did a few messages back indicate a
> willingness to make that compromise.

If you are willing to hack some ugly-looking xml files that specify the 
oids and time intervals you can probably make opennms work for you - and 
you might find its other features (thresholding, notifications, etc.) 
useful too.

-- 
   Les Mikesell
    lesmikesell at gmail.com