NetAudit

In this section, we offer step-by-step instructions providing you with specific guidance to successfully install the NetAudit module. It’s important that you have reviewed the Prerequisites section first, to ensure that any software and hardware dependencies, along with any limitations are fully understood prior to installation.

In this section, we have split functionality subject to the function of your server. The Network Audit module comprises two components, namely the ‘NetAudit master’ and ‘NetAudit collector’. You should choose the section that is relevant to your installation, i.e. whether you are installing the Opsview Monitor master or a collector.

NetAudit (master) Copied

The NetAudit is the central RANCID repository which retains the configuration data (stored using Subversion) and includes code for easy integration with Opsview Monitor; this is installed on the Opsview Monitor master.

The opsview-netaudit component in 6.0 version has replaced the old opsview-rancid and opsview-rancid-master components.

Dependencies Copied

Package installation Copied

To install Netaudit, you need to edit /opt/opsview/deploy/etc/user_vars.yml file and add or uncomment the following opsview_module_netaudit line:

## Uncomment below to activate these optional modules
opsview_module_netaudit: True

For a Fresh install, follow the instructions in the Advanced Automated Installation page.

If, however, you are installing Netaudit on an existing system (including Virtual Appliances), run the following command as root after activating Opsview:

# install and configure Netaudit
cd /opt/opsview/deploy
./bin/opsview-deploy lib/playbooks/setup-opsview.yml

# setup self monitoring for Netaudit
./bin/opsview-deploy lib/playbooks/setup-monitoring.yml

In either case, ensure that the optional module is included in your Opsview license.

Master configuration Copied

If you have installed NetAudit with Opsview-Deploy, you don’t need any manual configuration changes. The following configuration sections are just for information.

The user configuration options should be set in /opt/opsview/netaudit/etc/netaudit.yaml. Default values are shown in /opt/opsview/netaudit/etc/netaudit.defaults.yaml, but changes should not be made here since the file will get overwritten on package update.

The following options can be set:

path: Path of SVN repository.
sandbox: Path of SVN sandbox.
definition_file: Path of definition.xml file for hosts. (You shouldn't need to change this.)
error_directory: Location to store any corrupt data retrieved from hosts.

The repository path needs to be aligned with WebSVN php configuration which is kept in the following file:

<?php
    $config->setTemplatePath("./templates/calm/");
    $config->addRepository("rancid", "file:///opt/opsview/netaudit/var/repository/rancid");
    $config->useEnscript();
?>

Additional configuration Copied

Opsview Monitor keeps configuration file change history in SVN and uses WebSVN to display them in web UI.

WebSVN uses PHP5 and Apache web server. WebSVN Apache configuration is kept either in /etc/httpd/conf.d/opsview.conf or /etc/apache2/sites-available/opsview.conf depending on your OS.

The Apache configuration for WebSVN is shown below:

# Enables websvn for Netaudit/RANCID integration
Alias /websvn /opt/opsview/repository
ProxyPass /websvn !
<Location /websvn>
   AuthType None
 
   TKTAuthLoginURL /login?app=websvn
   TKTAuthTimeout 86400s
   #TKTAuthIgnoreIP on
   require valid-user
</Location>

You must not need to change this configuration.

Opsview Monitor NetAudit page Copied

Once logged in, go to Monitoring > NetAudit where you should see the WebSVN page indicating RANCID as the repository.

Backup Copied

The Subversion (SVN) repository for NetAudit is located at /opt/opsview/netaudit/var/repository/rancid. It retains all the changes made to the router configuration over time and is sufficient to back up the Opsview NetAudit.

If you use a file system back up, then there is the possibility that the SVN repository will be in an indeterminate state, especially if changes occur while the backup is in progress. Alternatively, you can use ‘svnadmin dump’ to take a full snapshot of the repository or ‘svnadmin hotcopy’ to make a copy of the repository where you can then use that hot copy as the backup.

NetAudit Collector Copied

The NetAudit Collector is an application that is used to collect router configuration data and is typically installed on Opsview Monitor Collector nodes.

The opsview-netaudit-collector component in 6.0 version has replaced the old opsview-rancid and opsview-rancid-collector components.

Dependencies Copied

None.

Collector configuration Copied

If you have installed NetAudit with Opsview-Deploy, you don’t need any manual configuration changes. The following section is just for information.

The user configuration options can be set in /opt/opsview/netauditcollector/etc/netauditcollector.yaml. Default configurations are shown in /opt/opsview/netauditcollector/etc/netauditcollector.defaults.yaml, but changes should not be made here since the file will get overwritten on package update.

NetAudit Collector configurations should not be changed unless there is a good reason for it.

NetAudit Collector is triggered by a cronjob from opsview user account. The cronjob runs every 4 hours:

# OPSVIEW-NETAUDIT-COLLECTOR-START and OPSVIEW-NETAUDIT-COLLECTOR-END
# will be automatically installed as part of an Opsview NetAudit Collector
22 2,6,10,14,18,22 * * * /opt/opsview/netauditcollector/bin/run_rancid_collect
# OPSVIEW-NETAUDIT-COLLECTOR-END

Backup Copied

No data is kept on NetAudit Collectors so there is no backup procedure for NetAudit Collector. The NetAudit backups need to be taken from NetAudit (master) module which is explained above.

["Opsview On-premises"] ["User Guide"]

Was this topic helpful?