Monitor Your Devices Using LibreNMS on Ubuntu 16.04LibreNMS is a full-featured, open source network monitoring system. It uses SNMP to obtain the data from different devices. A variety of devices are supported in LibreNMS such as Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP, and more. It supports multiple authentication mechanisms as well as two-factor authentication. It has a customizable alerting system which can alert the network admin via email, IRC or slack.
- A DreamVPS Ubuntu 16.04 server instance.
- A sudo user.
Install Nginx and PHPThe front end of LibreNMS is written in PHP, thus you will need to install a web server and PHP. In this tutorial, you will install Nginx along with PHP 7.2 to obtain maximum security and performance. Install Nginx.
Start Nginx and enable it to start at boot automatically.
sudo apt -y install nginx
Add and enable the ‘Remi’ repository, as the default apt repository contains an older version of PHP.
sudo systemctl start nginx sudo systemctl enable nginx
Install PHP version 7.2 along with the modules required by LibreNMS.
sudo add-apt-repository --yes ppa:ondrej/php sudo apt update
Open the loaded configuration file in an editor.
sudo apt -y install php7.2 php7.2-cli php7.2-common php7.2-curl php7.2-fpm php7.2-gd php7.2-mysql php7.2-snmp php7.2-mbstring php7.2-xml php7.2-zip zip unzip
Find the following lines.
sudo nano /etc/php/7.2/fpm/php.ini
Uncomment and use these values instead, replace ‘Asia/Kolkata’ with your local timezone.
;cgi.fix_pathinfo=1 ;date.timezone =
You will also need to change the system timezone by running the following command.
cgi.fix_pathinfo=0 date.timezone = Asia/Kolkata
sudo ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
sudo systemctl restart php7.2-fpm
Install MariaDBMariaDB is an open source fork of MySQL. Add the MariaDB repository into your system, as the default Ubuntu repository contains an older version of MariaDB.
Install MariaDB. During installation, the installer will ask for the password of the MySQL root user. Provide a strong password.
sudo apt-key adv --yes --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mariadb.biz.net.id/repo/10.2/ubuntu xenial main' sudo apt update
Before starting to use MariaDB, you will need to tweak the configuration a little bit. Open the configuration file.
sudo apt -y install mariadb-server
Add the following code to the end of the file.
sudo nano /etc/mysql/conf.d/mariadb.cnf
[mysqld] innodb_file_per_table=1 sql-mode="" lower_case_table_names=0Restart MariaDB and enable it to automatically start at boot time.
Before configuring the database, you will need to secure the MariaDB instance.
sudo systemctl restart mariadb.service sudo systemctl enable mariadb.service
You will be asked for the current MariaDB root password, and then be prompted to change the root password. Since you have already set a strong password for the root user during installation, skip it by answering ’N’. For all other questions, answer ‘Y’. The questions asked are self-explanatory. Log into the MySQL shell as root.
Provide the password for the MariaDB root user to log in. Run the following queries to create a database and a database user for the LibreNMS installation.
mysql -u root -p
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'StrongPassword'; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; FLUSH PRIVILEGES; EXIT;You can replace the database name ‘librenms’ and username ‘librenms’ according to your choice. Please make sure to change ‘StrongPassword’ to a very strong password of your choosing.
Install LibreNMSApart from the dependencies above, LibreNMS needs few more dependencies.
Add a new unprivileged user for LibreNMS application.
sudo apt -y install fping git imagemagick jwhois mtr graphviz nmap python-memcache python-mysqldb rrdtool snmp snmpd whois composer
LibreNMS can be installed directly by cloning its Github repository.
sudo useradd librenms -d /opt/librenms -M -r sudo usermod -aG www-data librenms
Change the ownership.
cd /opt sudo git clone https://github.com/librenms/librenms.git librenms
Install the PHP dependencies.
sudo chown librenms:librenms -R /opt/librenms
LibreNMS relies on SNMP for many tasks. Since you have already installed SNMP, copy the example configuration file to its location.
cd /opt/librenms sudo su librenms -c "composer install"
Open the configuration file in the editor.
sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
Find this line.
sudo nano /etc/snmp/snmpd.conf
Edit the text ‘RANDOMSTRINGGOESHERE’ and replace the community string with any string of your choice. For example, the below.
com2sec readonly default RANDOMSTRINGGOESHERE
Remember the string as it will be required later when you add the first SNMP device. SNMP also needs information about the distribution version. Download and install the script to find the distribution version.
com2sec readonly default my-org
Start the ‘SNMP’ daemon service and enable it to automatically start at boot time.
sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro sudo chmod +x /usr/bin/distro
Now you will need to add some crontab entries to run the scheduled tasks. Create a new cron job file.
sudo systemctl enable snmpd sudo systemctl restart snmpd
Restart the cron daemon service.
sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
Setup ‘logrotate’ so that the log files are automatically refreshed over time.
sudo systemctl restart cron
Finally, set the appropriate ownership and permissions.
sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
sudo chown -R librenms:www-data /opt/librenms sudo chmod g+w -R /opt/librenms sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs
SSL and Nginx VHost configurationsLogins and other information sent through the web interface of LibreNMS are not secured if the connection is not encrypted with SSL. Configure Nginx to use the SSL generated with Let’s Encrypt free SSL. Add the Certbot repository.
Install Certbot, which is the client application for Let’s Encrypt CA.
sudo add-apt-repository --yes ppa:certbot/certbot sudo apt-get update
Note: To obtain certificates from Let’s Encrypt CA, the domain for which the certificates are to be generated must be pointed towards the server. If not, make the necessary changes to the DNS records of the domain and wait for the DNS to propagate before making the certificate request again. Certbot checks the domain authority before providing the certificates. Generate the SSL certificates.
sudo apt -y install certbot
The generated certificates are likely to be stored in the ‘/etc/letsencrypt/live/nms.example.com/’ directory. The SSL certificate will be stored as ‘fullchain.pem’ and the private key will be stored as ‘privkey.pem’. Let’s Encrypt certificates expire in 90 days, hence it is recommended to set up auto-renewal for the certificates using a cron job. Open the cron job file.
sudo certbot certonly --webroot -w /var/www/html -d nms.example.com
Add the following line at the end of the file.
sudo crontab -e
The above cron job will run every Monday at 5:30 AM local time. If the certificate is due for expiry, it will automatically be renewed. Create a new virtual host.
30 5 * * 1 /usr/bin/certbot renew --quiet
Populate the file.
sudo nano /etc/nginx/sites-available/librenms
sudo ln -s /etc/nginx/sites-available/librenms /etc/nginx/sites-enabled/librenms
sudo systemctl restart nginx
Installation using WebUITo finish the installation, open ‘https://nms.example.com’ on your favorite browser. You will see the requirements are satisfied. Provide your database details and create a new administrative account. Once installed, you will get a message to validate the installation. Click on the link and log in using the administrator account. You should see that everything except the ‘Poller’ has an ‘Ok’ status. Now, click on the link to add a device. On the ‘Add Device’ interface, provide the hostname as the localhost and leave everything as it is. Provide your community string in community field. It must be the exact same string which you have provided in ‘snmpd.conf’ during the configuration of SNMP. Once the device has been added, you can see the details by going to the ‘Devices’ tab. Similarly, you can add more devices into the LibreNMS application for ‘around the clock’ monitoring.
Updated on 28 Aug 2018
Add a comment