NetAudit
In this section, we offer step-by-step instructions providing you with specific guidance to successfully install the NetAudit module. It’s important that you have reviewed the Prerequisites section first, to ensure that any software and hardware dependencies, along with any limitations are fully understood prior to installation.
In this section, we have split functionality subject to the function of your server. The Network Audit module comprises two components, namely the ‘NetAudit master’ and ‘NetAudit collector’. You should choose the section that is relevant to your installation, i.e. whether you are installing the Opsview Monitor master or a collector.
NetAudit (master) Copied
The NetAudit is the central RANCID repository which retains the configuration data (stored using Subversion) and includes code for easy integration with Opsview Monitor; this is installed on the Opsview Monitor master.
The opsview-netaudit component in 6.0 version has replaced the old opsview-rancid and opsview-rancid-master components.
Dependencies Copied
- Opsview Web App
Package installation Copied
To install Netaudit, you need to edit /opt/opsview/deploy/etc/user_vars.yml
file and add or uncomment the following opsview_module_netaudit
line:
## Uncomment below to activate these optional modules
opsview_module_netaudit: True
For a Fresh install, follow the instructions in the Advanced Automated Installation page.
If, however, you are installing Netaudit on an existing system (including Virtual Appliances), run the following command as root after activating Opsview:
# install and configure Netaudit
cd /opt/opsview/deploy
./bin/opsview-deploy lib/playbooks/setup-opsview.yml
# setup self monitoring for Netaudit
./bin/opsview-deploy lib/playbooks/setup-monitoring.yml
In either case, ensure that the optional module is included in your Opsview license.
Master configuration Copied
If you have installed NetAudit with Opsview-Deploy, you don’t need any manual configuration changes. The following configuration sections are just for information.
The user configuration options should be set in /opt/opsview/netaudit/etc/netaudit.yaml
. Default values are shown in /opt/opsview/netaudit/etc/netaudit.defaults.yaml
, but changes should not be made here since the file will get overwritten on package update.
The following options can be set:
path: Path of SVN repository.
sandbox: Path of SVN sandbox.
definition_file: Path of definition.xml file for hosts. (You shouldn't need to change this.)
error_directory: Location to store any corrupt data retrieved from hosts.
The repository path needs to be aligned with WebSVN php configuration which is kept in the following file:
registry
: Connection configuration for the Registry
<?php
$config->setTemplatePath("./templates/calm/");
$config->addRepository("rancid", "file:///opt/opsview/netaudit/var/repository/rancid");
$config->useEnscript();
?>
Additional configuration Copied
Opsview Monitor keeps configuration file change history in SVN and uses WebSVN to display them in web UI.
WebSVN uses PHP5 and Apache web server. WebSVN Apache configuration is kept either in /etc/httpd/conf.d/opsview.conf or /etc/apache2/sites-available/opsview.conf depending on your OS.
The Apache configuration for WebSVN is shown below:
# Enables websvn for Netaudit/RANCID integration
Alias /websvn /opt/opsview/repository
ProxyPass /websvn !
<Location /websvn>
AuthType None
TKTAuthLoginURL /login?app=websvn
TKTAuthTimeout 86400s
#TKTAuthIgnoreIP on
require valid-user
</Location>
You must not need to change this configuration.
Opsview Monitor NetAudit page Copied
Once logged in, go to Monitoring > NetAudit where you should see the WebSVN page indicating RANCID as the repository.
Backup Copied
The Subversion (SVN) repository for NetAudit is located at /opt/opsview/netaudit/var/repository/rancid. It retains all the changes made to the router configuration over time and is sufficient to back up the Opsview NetAudit.
If you use a file system back up, then there is the possibility that the SVN repository will be in an indeterminate state, especially if changes occur while the backup is in progress. Alternatively, you can use ‘svnadmin dump’ to take a full snapshot of the repository or ‘svnadmin hotcopy’ to make a copy of the repository where you can then use that hot copy as the backup.
NetAudit Collector Copied
The NetAudit Collector is an application that is used to collect router configuration data and is typically installed on Opsview Monitor Collector nodes.
The opsview-netaudit-collector component in 6.0 version has replaced the old opsview-rancid and opsview-rancid-collector components.
Dependencies Copied
None.
Collector configuration Copied
If you have installed NetAudit with Opsview-Deploy, you don’t need any manual configuration changes. The following section is just for information.
The user configuration options can be set in /opt/opsview/netauditcollector/etc/netauditcollector.yaml
. Default configurations are shown in /opt/opsview/netauditcollector/etc/netauditcollector.defaults.yaml
, but changes should not be made here since the file will get overwritten on package update.
NetAudit Collector configurations should not be changed unless there is a good reason for it.
NetAudit Collector is triggered by a cronjob from opsview user account. The cronjob runs every 4 hours:
# OPSVIEW-NETAUDIT-COLLECTOR-START and OPSVIEW-NETAUDIT-COLLECTOR-END
# will be automatically installed as part of an Opsview NetAudit Collector
22 2,6,10,14,18,22 * * * /opt/opsview/netauditcollector/bin/run_rancid_collect
# OPSVIEW-NETAUDIT-COLLECTOR-END
Backup Copied
No data is kept on NetAudit Collectors so there is no backup procedure for NetAudit Collector. The NetAudit backups need to be taken from NetAudit (master) module which is explained above.