Mikrotik Traffic Flow dengan Cacti

Implementasi ini menggunakan Mikrotik OS dengan Server monitoring yang telah dipasang CACTI. Server monitoring yang digunakan bisa menggunakan Linux atau terserah anda sukanya pake apa, yang penting CACTI bisa good running di system. Cara ini sebagai alternatif lain dari fungsi port-mirror yg biasanya terdapat pada switch-switch managable. (untuk pemanfaatan Port-mirror akan dibahas di lain kesempatan)Tujuannya : Menampilkan Traffic IP yang lewat di Mikrotik Router/Bridge ke dalam Grafik Cacti Masing-masing User bisa memonitor Traffic nya sendiri

Dan untuk melakukan projek ini, saya sudah menyiapkan : Mikrotik OS v.2.9.27 yg di pasang PC difungsikan sebagai Bridge (bisa bareng difungsikan sebgai BW management dg simple queue atau Queue Tree nya.) Server Monitoring yg sudah di install Linux Fedora 7 Pmacct (Promiscuous mode IP Accounting package) Cacti (network graphing) Mysql server (database) Httpd server (webserver)

Server Monitoring Install PC server nya dengan Linux Fedora 7, yang ini mah ga usah diajarin, udah pada bisa kan nginstall Linux Fedora 7. Keterlaluan kalo masih blom bisa mahhiyaat dessigg.. (tah belaian nenek lampir)wekekeke. Inget ya Mysql, httpd harus sudah ikut terinstall beserta program2 dependency nya. CACTI

Install Cacti juga udah pada bisa kan ? bagooooeessss gampang banget koq ikuti aja tutorial dari official cacti nya nih di sini : http://www.cacti.net/downloads/docs/html/installation.html PMACCT Ini juga gampang koq installnya, wekekeke ga ada yang susah sama saya mah. Download di sini : #wget http://www.pmacct.net/pmacct-0.11.4.tar.gz #tar xzf pmacct-0.11.4.tar.gz #cd pmacct-0.11.4 #./configure #make && make install # ls -l /usr/local/sbin/ -rwxr-xr-x 1 root root 295652 2007-08-20 01:08 nfacctd -rwxr-xr-x 1 root root 291684 2007-08-20 01:08 pmacctd -rwxr-xr-x 1 root root 297236 2007-08-20 01:08 sfacctd

# ls -l /usr/local/bin/ -rwxr-xr-x 1 root root 26900 2007-08-20 01:07 pmacct -rwxr-xr-x 1 root root 39032 2007-08-20 01:07 pmmyplay Konfigurasi file nfacctd-hosts.conf # cat /usr/local/etc/nfacctd-hosts.conf ! ! nfacctd configuration, accept from mikrotik traffic flow. ! debug: false daemonize: true plugin_buffer_size: 2048 plugin_pipe_size: 2048000 ! networks_file: /usr/local/etc/hosts.def ! nfacctd_port: 5055 ! nfacctd_time_secs: true ! nfacctd_time_new: true ! plugins: memory[in], memory[out] aggregate[in]: dst_host aggregate[out]: src_host imt_path[in]: /tmp/in-host.pipe imt_path[out]: /tmp/out-host.pipe Konfigurasi File Definisi Host hosts.def # cat /usr/local/etc/hosts.def ! ! OUR HOST NETWORK ! 192.168.100.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24 192.168.104.0/24 Menjalankan nfacctd #/usr/local/sbin/nfacctd -f /usr/local/etc/nfacctd-hosts.conf Check Proses nfacctd # ps ax 24034 ? 24035 ? 24036 ? |grep nfacctd Ss 0:00 nfacctd: Core Process [default] S 0:00 nfacctd: IMT Plugin [in] S 0:00 nfacctd: IMT Plugin [out]

MIKROTIK TRAFFIC-FLOW Informasi detilnya ada di sini : http://www.mikrotik.com/testdocs/ros/2.9/ip/traffic-flow.php yang katanya Mikrotik Traffic-Flow adalah sebuah system yang menyediakan informasi statistik mengenai paket-paket yang lewat melalui router. Nah kan cocok dengan projek

kita kali ini. Mikrotik Traffic-Flow ini compatible dengan Cisco NetFlow nya, artinya PMACCT yang sudah kita pasang akan cocok juga dengan Mikrotik Traffic-Flow nya. Setting Traffic-Flow di Mikrotik [aa@MikroTik] > /ip traffic-flow set enabled=yes [aa@MikroTik] > /ip traffic-flow print enabled: yes interfaces: all cache-entries: 4k active-flow-timeout: 30m inactive-flow-timeout: 15s Setting IP-address dan port yang menerima paket traffic-flow ke server monitoring [aa@MikroTik] > /ip traffic-flow target add address=10.10.10.1:5055 [aa@MikroTik] > /ip traffic-flow target print Flags: X - disabled # ADDRESS VERSION 0 10.10.10.1:5055 9 Nah mulai sekarang Server monitoring kita sudah menerima paket Traffic-Flow dari mikrotik, ga percaya ? coba check dengan ini : Login ke Server monitoring, Check Traffic Download : # pmacct -s -p /tmp/in-host.pipe DST_IP PACKETS BYTES 192.168.103.125 165 168572 192.168.102.124 14 8685 192.168.105.101 81 8919 192.168.104.134 4 176 192.168.103.31 13 831 192.168.104.125 1 147 192.168.103.183 160 80570 192.168.102.4 2 120 Check Traffic Upload : # pmacct -s -p /tmp/out-host.pipe SRC_IP PACKETS BYTES 192.168.102.1 12 720 192.168.102.173 31 9687 192.168.100.55 6 360 192.168.103.183 461 116975 192.168.104.138 119 27141 192.168.103.104 13 1519 Setting & Konfigurasi CACTI Sekarang saatnya menampilkan Traffic yang di terima nfacctd ke Grafic Cacti, caranya sebagai berikut : Dokumen aslinya ada di sini : http://www.pmacct.net/docs/cacti.html Login pake admin ke cacti console, lakukan ini :

Data Input Methods, Add Name: Get pmacct data Input Type: Script/Command Input String: /usr/local/bin/pmacct -c <aggregation> -N <adata> -p <pipe> -r

Setelah created. Klik di Get pmacct data, then go for Input Fields, Add: Field [input]: aggregation Friendly Name: Aggregation string (Required) Save it and leave untouched remaining fields Field [input]: adata Friendly Name: Actual Data (Required) Save it and leave untouched remaining fields Field [input]: pipe Friendly Name: Pipe file (Required) Save it and leave untouched remaining fields

Now, go for Output Fields, Add: Field [output]: bytes Friendly Name: Bytes Transferred Update RRD File: yes Save it

Now, Data Templates, Add: Data Templates, Name: pmacct Data Template Data Source, Name: check Use Per-Data Source Value Data Input Method: Get pmacct data Step: 300 Data Source Active: yes Internal Data Source Name: bytes Data Source Type: ABSOLUTE Output Field: bytes - Bytes Transferred Save it

Once created, you will be able to see it in the list. Click over pmacct Data Template: Go to: Custom Data [data input: Get pmacct data] Check Use Per-Data Source Value for all fields Save it

Now, Graph Templates, Add: Name: pmacct Graph Title: check Use Per-Graph Value Image Format: PNG

Auto Scale: yes Rigid Boundaries Mode: yes Vertical Label: bits/s Save it

Once created, you will be able to see it in the list. Click over pmacct Graph: Add a new Graph Template Item: Data Source: pmacct Data Template - (bytes) Color: 00CF00 Graph Item Type: AREA Consolidation Function: AVERAGE CDEF Function: Turn Bytes into Bits Text Format: Download Save it

Add a new Graph Template Item: Data Source: pmacct Data Template - (bytes) Color: None Graph Item Type: LEGEND CDEF Function: Turn Bytes into Bits Save it

Add a new Graph Template Item: Data Source: pmacct Data Template - (bytes) Color: 002A97 Graph Item Type: STACK Consolidation Function: AVERAGE CDEF Function: Turn Bytes into Bits Text Format: Upload Save it

Add a new Graph Template Item: Data Source: pmacct Data Template - (bytes) Color: None Graph Item Type: LEGEND CDEF Function: Turn Bytes into Bits Save it

Add a new Graph Item Input: Name: Download [bits/s] Field Type: Data Source Associated Graph Items: check Item #1, #2, #3, #4 Save it

Add a new Graph Item Input:

Name: Upload [bits/s] Field Type: Data Source Associated Graph Items: check Item #5, #6, #7, #8 Save it

Go to Data Sources. In this menu you will need to setup queries to pmacct for all local networks you need graphs. Its very likely that you will iterate more times through the following steps. For brevity, I will show what ive done for my 192.168.100.0/24 network. Add: Selected Data Template: pmacct Data Template Host: localhost Create it Name: pmacct: DL - 192.168.103.125 Actual Data (Required): 192.168.103.125 Aggregation string (Required): dst_host Pipe file (Required): /tmp/in-hosts.pipe Save it

Add, again: Selected Data Template: pmacct Data Template Host: localhost Create it Name: pmacct: UL - 192.168.103.125 Actual Data (Required): 192.168.103.125 Aggregation string (Required): src_host Pipe file (Required): /tmp/out-hosts.pipe Save it

Once you are finished with queries setup, go finally to Graphic Management. Here, pmacct queries will be bound to real graphics. This is because, its likely that you will need to iterate more times through this final step. Add: Selected Graph Template: pmacct Graph Host: localhost Create it Title: KLIEN IP 192.168.103.125 Download [bits/s]: DL - 192.168.103.125 Upload [bits/s]: UL - 192.168.103.125 Save it