NeDi is an open source discovery, management, and inventory system for Cisco (and limited non-Cisco) networks that packs a lot of features and capability into a deceptively friendly program for managing interprise networks. For example. NeDi may:
Discover and inventory Ethernet "devices" (switches, routers, wireless APs, etc.), including detailed Cisco device information.
Discover and inventory "nodes" (hosts), including TCP/IP address, MAC address, NIC type, and the switchport to which it is currently attached.
Graph Cisco device interface I/O, CPU, memory, and temperature by polling automatically during discovery runs (typical one hour interval) using RRDtool.
Cacti API support to selectively add graphs of NeDi discovered devices to a Cacti installation for dedicated low-interval (typically five minutes) SNMP graphs.
Monitor managed devices so that email alerts are sent when devices become unreachable.
Receive syslog messages from managed or unmanaged devices, allow easy viewing and searching of messages using NeDi's web GUI, and send email alerts for high-priority messages.
Receive SNMP traps from devices and send email alerts for high-priority traps.
NeDi’s user-friendly web GUI allows viewing and searching of all discovered data and also makes NeDi very useful for troubleshooting. For example, see the screenshot gallery showing network maps, Cisco configuration file management, node lists and graphing, and running services. You may see a demonstration of common problems you may solve using NeDi in this QuickTime movie.
NeDi is extremely simple to setup because it uses the default gateway as a “seed” device and automatically "walks" along your entire enterprise network using SNMP and the Cisco Discovery Protocol (CDP) to build a device list of switches and routers, while collecting node information from the switch and router tables.
This section covers installing general support software required for NeDi —MySQL and the PHP scripting language.
You may install the MacPorts package manager with these instructions, which include instructions for installing XWindows (X11). Follow the instructions carefully and perform all non-optional steps.
NeDi uses MySQL to store the information it gathers in a database.
Install MySQL with MacPorts.
%%sudo port install mysql5 +serverExecute the mysql_install_db5 command to do a first-time setup for MySQL 5.
%%sudo -u mysql mysql_install_db5Start MySQL and set it to run at system boot.
%%sudo launchctl load -w /Library/LaunchDaemons/org.macports.mysql5.plistVerify the MySQL process is running with this command.
%%ps -ax | grep mysqlIf MySQL is running you will see output similar to this.
26683 ?? Ss 0:00.05 /opt/local/bin/daemondo --label=mysql5 --start- 26692 ?? S 0:00.02 /bin/sh /opt/local/lib/mysql5/bin/mysqld_safe - 26712 ?? S 0:16.90 /opt/local/libexec/mysqld --basedir=/opt/local 20796 p2 R+ 0:00.00 grep mysql
Set the MySQL root password.
%%sudo /opt/local/lib/mysql5/bin/mysqladmin -u root password <mypassword>Perform a MySQL root account login test with the new root password.
%%mysql5 -u root -p
NeDi requires PHP with SNMP support enabled —SNMP support entails using PHP5 from MacPorts.
This command installs MacPorts Apache 2 and PHP5 with SNMP support.
%%sudo port install php5 +apache2 +mysql5 +snmpUse the httpd.conf sample file and edit it.
%%cd /opt/local/apache2/conf%%sudo cp httpd.conf.sample httpd.confThe Apache user and group must match the user you use to run NeDi. You may designate the default Apache user “www” as the NeDi user. Otherwise, change the Apache user/group to be your designated NeDi user as shown.
User <nedi-user> Group <nedi-group>
Set Apache directives for NeDi in httpd.conf.
Add these Apache directives to allow access for the NeDi "front-end" files. Put them right before the default scriptalias statement "ScriptAlias /cgi-bin/ ..."
Alias /nedi "/opt/local/share/nedi/html" <Directory "/opt/local/share/nedi/html"> Allow from all </Directory>
The NeDi web GUI uses the file index.php, so if you want a simple “/nedi” url, locate Apache's
DirectoryIndexdirective and appendindex.phpto it as shown.<IfModule dir_module> DirectoryIndex index.html index.php </IfModule>Apache setup for MacPorts PHP 5.
Add these statements to the httpd.conf section "<IfModule mime_module>".
AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps
Now we are done editing httpd.conf. Save the changes, exit your editor, and perform this command in a terminal window to enable MacPorts PHP 5.
%%sudo /opt/local/apache2/bin/apxs -a -e -n "php5" libphp5.soTurn on MacPorts Apache 2 with these steps.
Turn off Apple’s built-in Apache 1.3 by turning off Personal Web Sharing in System Preferences because you can’t have two versions of Apache running at the same time.
Start Apache 2 and set it to run at system boot.
%%sudo launchctl load -w /Library/LaunchDaemons/org.macports.apache2.plist
Finally, test PHP by creating a test.php file in /opt/local/apache2/htdocs that contains the line shown below.
<?php phpinfo() ?>.
Now go to url http://localhost/test.php in your web browser. When PHP is active, you will see a PHP status table where you may verify the PHP options that have been compiled into Apache. At the top of the report you'll see the PHP version, compile time, and options as shown in the screenshot below.
Note
If PHP 5 was installed using the snmp variant, but phpinfo still shows that SNMP support is not enabled, you may have another version of PHP installed. Run the terminal commands below and verify the responses for each to verify MacPorts' PHP 5 is active.
%%which php/opt/local/bin/php
%%php -i[... output trimmed ...] MYSQL_SOCKET => /opt/local/var/run/mysql5/mysqld.sock
To install and configure NeDi, follow the steps below.
Install NeDi using MacPorts. The NeDi MacPort installs all required Perl modules and RRDtool for graphs.
%%sudo port install nediSet NeDi file ownership to the NeDi user and group.
%%sudo chown -R <nedi-user>:<nedi-group> /opt/local/share/nedi/Copy the sample
nedi.confand edit it as root because the file is only readable by the root and NeDi user to protect the passwords in it. Then modify the variables in sections Backend, Authentication, and Device Access.%%cd /opt/local/share/nedi%%sudo cp nedi.conf.sample nedi.conf%%sudo pico nedi.confNote
You must use tabs (rather than spaces) to separate keys from values in nedi.conf, otherwise NeDi won't read the values and won't run.
Modify variables in sections Backend, Authentication, Device Access, and Messaging & Monitoring as shown.
backend MSQ dbname nedi dbuser nedi dbpass <nedidb-pwd> comm <my-commnity-string> (Cisco community strings) <usr> <pass> <enablepass> (Cisco user/passwords only if using config file management)
Initialize the NeDi MySQL database. This action removes any previous entries in the NeDi database, so it is only performed for new installations. You will be prompted for the MySQL user "root" and password.
%%cd /opt/local/share/nedi%%sudo ./nedi.pl –i
To login to the NeDi GUI open a web browser window and go to http://localhost/nedi. The initial user password is admin/admin.
NeDi's GUI is where all settings are made after initial setup and where you will view the information that the NeDi data collection scripts store in the NeDi database. See the sections below for details on data collection.
NeDi active data collection polls, in other words "pulls," data from devices. NeDi begins with a "seed" device —an Ethernet switch it uses as a starting point to begin querying for Cisco Discovery Protocol (CDP) neighbors, and then neighbors of those neighbors and so on until it has discovered all the devices in your enterprise. Then it parses all the switch tables it knows about for host information. NeDi uses the SNMP protocol to retrieve all information. If your NeDi workstation's default gateway is not a suitable seed device, or if you need to use multiple seed devices for noncontiguous networks, edit the file /opt/local/share/nedi.
Before NeDi may collect information from your Cisco devices you must set the SNMP community string, which is a type of password for SNMP queries. Also, set the location string because NeDi wants to categorize your devices by location. To set these parameters, use ssh or telnet to login to the Cisco device and execute these commands.
Ciscoswitch-22#snmp-server community <community-string> ROCiscoswitch-22#snmp-server location Computer Room
Run the nedi.pl script as the NeDi
user.
%%cd /opt/local/share/nedi%%sudo -u <nedi-user> ./nedi.pl -c -v(-c =cdp -v =verbose)
Here is an example of the screen output from
nedi.pl.
=============================================================================== Device Status Todo/Done ------------------------------------------------------------------------------- 10.10.10.33 C:community+ Schwann-4500 SV=6 TY=Cat4503 BI= CPU=7 memCPU=150448160 Temp=33 10.10.10.123 C:community+ Dorm1-4500-Flr3 SV=6 TY=Cat4506 BI= CPU=25 memCPU=121577496 Temp=31 10.10.10.124 C:community+ Dorm1-4500-Flr4 SV=6 TY=Cat4506 BI= CPU=26 memCPU=121569952 Temp=31 10.10.10.121 C:community+ Dorm1-4500-Flr1 SV=6 TY=Cat4506 BI= CPU=22 memCPU=122457552 Temp=25 [...trimmed ...] 1636 IP and 107 non-IP nodes processed 26 IP and 30 IF changes detected 0 nodes have been retired. 0 devices removed from MySQL:nedi.stock 129 devices written to MySQL:nedi.devices 6983 interfaces written to MySQL:nedi.interfaces (8 msg) 1817 vlans written to MySQL:nedi.vlans 125 modules written to MySQL:nedi.modules 263 links written to MySQL:nedi.links 166 networks written to MySQL:nedi.networks 2384 nodes written to MySQL:nedi.nodes Net::SSH::Perl loaded LWP loaded 12120 NIC vendor entries read. 129 devices read from MySQL:nedi.devices CDP-Discovery with 1 seed(s) on Fri Jun 15 13:01:00 2007
The NeDi user's crontab must be set so that
NeDi will perform active data collection on your network at regular
intervals. Keep in mind that you must allow enough time for NeDi active
collection to finish before the next scheduled run, so for larger
networks the data collection runs cannot be scheduled as frequently as
on smaller ones.
%%sudo -u <nedi-user> crontab -e
The following entry runs NeDi every hour.
0 * * * * cd /opt/local/share/nedi ; ./nedi.pl –c >> /dev/null 2>&1
NeDi automatically provides polls for graph performance data for
all interfaces for Cisco managed devices, in addition to temperature,
load, and memory during active data collection by
nedi.pl. This means that you can't pull graphing
metrics any more frequently than you are able to run
nedi.pl. For accurate RRDtool graphs, NeDi must
know how often you run nedi.pl, so the
nedi.conf variable rrdstep must
match your nedi.pl run frequency.
rrdstep 3600
Below is a screenshot of a Cisco device's status displayed using -> , including the modules installed. To display weekly graphs of all interfaces for a device, check the “IF graphs” box and click and weekly graphs are displayed at the bottom, as shown in the subsequent screenshot.
Here is a screenshot of a portion of an expanded Devices-Status window that appears when the “IF graphs” box is checked to display weekly interface graphs for a device.
To display monthly and yearly graphs, double-click a weekly graph to display the Device-Graphs page or use the menu -> , where you may select either , , , or from a pulldown menu (see below). The Device-Graphs page allows you to display a subset of a given device's interface graphs superimposed for easy comparisons. First select the device to be graphed, then select the interfaces on the device to be graphed, optionally select a graph period, and finally click . See the example screenshot below.
NeDi passive data collection is when a network device "pushes" information to NeDi. There are two ways for devices to push information to NeDi: syslog messages and SNMP traps. Setting up NeDi to receive syslog messages and devices to send them is by far the simpler option due the overall complexity of SNMP trap handling is much greater. For this reason, SNMP trap handling is not covered fully; it is covered only in outline and for the sake of completeness.
Note
If you setup NeDi for passive data collection, either syslog or
traps, NeDi sends email alerts when high-priority events are received.
This behavior is a part of the scripts themselves, so if you want to
disable this or adjust the level at which alerts are sent, you must hack
the syslog.pl or trap.pl
collection scripts.
NeDi makes a great syslog receiver. All you have to do is set your
Cisco devices to send their syslog messages to NeDi and start the
LaunchD item that runs syslog.pl.
To set your Cisco devices to send syslog messages to NeDi, enter the switch's global configuration mode and execute these commands.
Ciscoswitch-22#logging host 10.6.6.12Ciscoswitch-22#logging level [level]Start
syslog.plusing the LaunchD item from the MacPorts NeDi port.%%sudo launchctl load -w /Library/LaunchDaemons/org.macports.nedisyslog.plist
You may view received syslog messages in the messages window. You may want to turn up the syslog level on your devices higher than normal so that messages will be generated quickly to test your setup.
SNMP trap handling is more complex than syslog handling for both the sender and receiver, so using syslog for passive data collection is recommended. If you attempt to setup SNMP trap handling you are in for some script adjustments, so you should consider it a do-it-yourself project and only a rough outline is covered here mainly for the sake of completeness. You may want to use the snmptt program to load the relevant SNMP MIBS and translate the calls received by snmptrapd before passing the data to NeDi's trap handler.
Create an
snmptrapd.conffile with the snmpconf utility. snmptrapd is a utility of Mac OS X's built-in NET-SNMP libraries; it receives traps and passes them to the NeDitrap.pldaemon.%%sudo snmpconf -iWhen you've exited the snmpconf utility, verify that this snmptrapd.conf entry has been made.
traphandle default /opt/local/nedi/share/trap.pl
Load the snmptrapd LaunchD item. Though snmptrapd is a utility of NET-SNMP, the NeDi MacPort provides the startup script.
%%sudo launchctl load -w /Library/LaunchDaemons/org.macports.snmptrapd.plistAfter it completes, you may use the Unix command ps to verify that snmptrapd is running as shown.
%%ps -ax |grep snmp8863 ?? Ss 0:00.01 /usr/sbin/snmptrapd
Generate test traps from a device to test snmptrapd and then watch the system log file. If they show up in the system log then they will be passed to NeDi's trap.pl SNMP trap handler.
%%tail /var/log/system.logApr 24 00:17:42 NeDi-Mac snmptrapd[8863]: 10.10.10.105: EGP Neighbor Loss Trap (0) Apr 24 00:19:16 NeDi-Mac snmptrapd[8863]: 10.10.10.105: Authentication Failure Trap (0)
The messages window is where NeDi displays warning messages discovered during active data collection and also syslogs and SNMP traps collected passively. The messages window is activated from the Monitoring menu. You may search for messages by ID, Level, Time, Source, or message text.
NeDi can alert you via email when devices you've set to be actively monitored are unreachable for a specified period of time. In contrast, syslog and SNMP trap messages are passively monitored using syslog and trap handlers as “listeners”, and notifications are sent at the time they occur.
Note
The NeDi passive data collection scripts, syslog.pl and
trap.pl, send email alerts when high-priority
passive events are received. Unlike with monitoring, alerting with
passive data collection is a part of the scripts themselves, so to
disable alerting or adjust the level at which alerts are sent for
syslog.pl or trap.pl daemons,
you must modify those Perl scripts.
Modify the nedi.conf settings related to
monitoring. The default settings are shown below.
#============================================================================ # Messaging & Monitoring #============================================================================ # Generate messages during discovery related to: # d device # c configuration # n node # t traffic notify dcnt # Number of lost uptime queries until a device is marked down threshold 2 # Time in secondes between monitoring polls (and refresh of Monitoring GUI) pause 120
In your nedi.conf file, make sure that a
valid SMTP server and an address for the email "FROM" address for alerts
is set as shown in the nedi.conf snippet
below.
# Smtpserver to send notification emails to smtpserver smtp.yourdomain # Address where notification emails are sent from mailfrom nedi@nedihost
Note
NeDi does not support SMTP authorization, so be sure to set your SMTP server to relay mail for your NeDi host.
NeDi's moni.pl monitor daemon actively checks
the devices selected as “monitored” in the web GUI. The
checks that moni.pl performs are independent of
active data discovery, so it checks devices every few minutes (set in
nedi.conf). To load moni.pl
and run it at system boot, use launchctl as shown.
%%sudo launchctl load -w /Library/LaunchDaemons/org.macports.nedimoni.plist
Also, it is a good idea to send an alert test message using
moni.pl as shown below.
%%/opt/local/share/nedi/moni.pl -t
1 Message, 1 Incident, 0 SMS and 1 mail(s) generated...
For the email alert test to succeed, NeDi's
smtpserver variable in nedi.conf
must be set correctly, your SMTP server must allow mail relay for the
NeDi host, and you must have the email address in the NeDi GUI's admin
account set to the address you wish to collect alerts. If you do not
receive a test message from NeDi, check these three items.
To monitor a device, you use NeDi's GUI to choose devices to be monitored as shown in the steps below.
Select the menu option Monitoring -> Setup.
Click the "Show" button with no search criteria to display all your devices.
Click the button in the "Check Uptime" column, and then "Mail" under the notification column.
Select the device's upstream switch under the "Depends On" column so you won't get a flood of mail if many devices become unreachable.
See the screenshot below to see a monitoring setup screen after configuring monitoring for a few devices.
Nedi automatically provides RRDtool graphs of discovered device interfaces. However, the polling interval is typically one hour because the SNMP polls are done during device discovery. You may wish to have some device interfaces graphed at a lower interval using the dedicated Cacti SNMP grapher. NeDi supports the Cacti API to selectively add graphs to Cacti from within the NeDi interface for dedicated low-interval SNMP graphing.
To use NeDi's Cacti API support you must have a working version of Cacti on the NeDi workstation. You may install it using this Cacti Howto.
%%sudo port install cacti
After Cacti is configured, you may login to NeDi and select Ethernet interfaces for graphing in Cacti. Use the menu -> , select the interfaces to be graphed, and click from the Cacti area of the Device-Graphs window. See the screenshot below to see NeDi's response when graphs are added to Cacti using the API.
Now login to Cacti, and click -> . Cacti hosts correspond to NeDi devices, so a host will be present in Cacti for every NeDi Ethernet device for which you selected interface(s) for Cacti graphing. Now all you have to do in Cacti is add the host to a graph tree to display the interface graphs that were created using NeDi's Cacti API. To do this simply click the checkbox beside a given host, select from the menu, and click .
Adding a device to a Cacti graph tree is the only configuration required within Cacti when graphs have been added via NeDi. Select the Graphs tab at the top of the Cacti window to display the graphs on the tree.
To get help with NeDi, you may ask questions in the NeDi Forums. Before asking a question, be sure to search the forum to see if your question has already been answered.