We have moved quite a bit of content to GitHub. We continue to maintain this site for the foreseeable future. We are working on re-enabling login access for people who wish to hold accounts and contribute Cacti Templates. Give us a little time.

The Cacti Group are on a tear! In 2017, we released almost 40 releases of Cacti 1.x. It's been a rapid pace, but we now have several contributors helping us not only perfect the user interface, but enhance it to be what it has been touted to be from the beginning 'the complete RRDtool graphing solution'.

Cacti 1.x has changed drastically from earlier versions. We have incorporated 20 Cacti Group plugins into the Core of Cacti to make it easier for you to get started using it. When those plugins were merged, careful thought was givin to compatibility and design. They should all behave as a unified tool today.

With that said, we have another 19 or so plugins available on GitHub. So, though we have merged a number of them into the core of Cacti, there are several additional plugins that may be required depending on your use case.

Additionally, we have implemented internationalization. What this means is that if your preferred language is not English, you may have an option. Translations are available today in Spanish, Dutch, and German. There are several partially complete translations. If you are not a developer, and interested in giving back to the Cacti community, consider contributing to a Cacti Translation. You just have to follow our translation instructions on GitHub. We could also use some help in Translating our 19 or so plugins.

Lastly, Cacti 1.x has theme support. So, if you need Cacti to look like your Corporate standard, hack away, or better yet, find a web developer.

• Remote data collectors (Pollers)
• Network discovery and automation
• Device management automation
• Expanded color sets
• Enhanced user, group and domain management
• User interface enhancements
• Additional RRDtool graph option support
• Multiple poller intervals
• Merged almost 20 plugins into core

For additional details check out the README.md located on GitHub

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Reporting Issues

Download Cacti

Download Spine

Thanks! The Cacti Group

Cacti 1.1.33

Spine 1.1.33

The following Cacti releases are end of life. We believe that release is stable, though you should make plans to upgrade your environment to Cacti 1.x. In the mean time, if for some reason you can not use Cacti 1.x, this version is preserved here for your reference.

Cacti 0.8.8h

Spine 0.8.8h

We the Cacti Group are proud to release the following:

Cacti 1.0.0

Spine 1.0.0

Important Security Fixes

CVE-2014-4000 PHP Object Injection Vulnerabilities
CVE-2016-2313 allows remote authenticated users who use web authentication to bypass intended access

Important Updates

Remote data collectors (Pollers)
Network discovery and automation
Device management automation
Enhanced user, group and domain management
User interface enhancements
Additional RRDtool graph option support
Merged almost 20 plugins into core

http://forums.cacti.net/viewtopic.php?f=4&t=56794

For additional details check out the README located on GitHub - https://github.com/Cacti/

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti 1.0.0 Change Log

feature: Support for remote data collectors
feature: Support Internationalization (i18n) for the main Cacti site, and supported plugins
feature: Data Source Profiles replace RRA settings allowing a single system to have multiple polling intervals
feature: Redesigned Tree page including Drag & Drop functionality
feature: New Graph Permissions system designed to make permissions simple to manage
feature: Add Themes 'Classic', 'Modern', 'Dark', and 'Paw'
feature: Debug Data Sources by comparing them to the Data Template
feature: New special Data Source type to detect the poller interval
feature: Bulk inserts in PHP poller to address latency issues
feature: Optimize data collection through in memory caching giving a 50% reduction in polling times when dealing with large sites
feature: Support RRDtool VDEFs
feature: Support new Graph Items: AREA:STACK, GPRINT:AVERAGE, GPRINT:LAST, GPRINT:MAX, GPRINT:MIN, LINE:STACK, TEXTALIGN, TICK
feature: Support RRDtool features: Right Axis Support, Dynamic Labels, Tab Width, Legend Position, Legend Direction
feature; Resizeable table columns
feature: Deprecated Single Pane Tree View
feature: Role Based Access Control (RBAC)
feature: Support User Group Permissions
feature: Show number of in use Graphs, Data Sources, and Devices for a given Template
feature: Support bulk re-sync of graphs to assigned Graph Template
feature: Bulk Device Settings changes
feature: CDEFs, Colors, GPrint Presets consolidated to Presets menu
feature: Authentication cookies for 'remember me' functionality
feature: Automatic logout after session inactivity
feature: Replace Boost server in favor of RRDtool Proxy
feature: Graph Details include CSV output, zoom, debug, and download links
feature: Graph Export moved to a plugin
feature: User change password functionality
feature: Automation added to core functionality through the merge of the Discovery and AutoM8 plugins
feature: Change interface graphs from 32 bit to 64 bit with ease
feature: Plugins now have hooks in device templates and automation
feature: Allow users to preview template imports to determine if there will be issues from importing
feature: Automatic removal of orphaned graph items when importing newer versions of graph templates
feature: Support for MySQL 5.7
feature: Support for PHP 7.0
feature: Merge Aggregate Plugin - Aggregate graph creation
feature: Merge AutoM8 Plugin - Automation of graph creation
feature: Merge Boost Plugin - Faster polling, result caching, on-demand RRDtool file updates
feature: Merge CLog Plugin - View Cacti logs
feature: Merge Discovery Plugin - Device discovery
feature: Merge Domains Plugin - Support for domain (ADS/LDAP) specific user templates
feature: Merge DSStats Plugin - Cache Data Source values for easy retrieval
feature: Merge Logrotate Plugin - Rotate Cacti logs
feature: Merge Realtime Plugin - Realtime graph viewing
feature: Merge Reporting (Nectar) Plugin - Reporting
feature: Merge RRDclean Plugin - RRD file cleanup and management
feature: Merge Secpass Plugin - User password policy enforcement
feature: Merge Settings Plugin - Shared settings for plugins
feature: Merge SNMP Agent Plugin - SNMP Agent for Cacti providing system statistics
feature: Merge SpikeKill Plugin - Remove unwanted spikes from graphs
feature: Merge SSL Plugin - Force https
feature: Merge SuperLinks Plugin - Add external links within Cacti
feature: Merge UGroup Plugin - User groups with permissions
feature: Merge Watermark Plugin - Watermark your Cacti graphs
bug: Fixed issue where old graph templates (0.8.6-), could import bogus data causing issues with Data Input Methods
bug#0000168: Duplicate data sources should be avoided when creating new graphs
bug#0000851: Review an imported template
bug#0001155: When viewing graph tree do not show empty nodes
bug#0001337: Form to filter for graphs in host view mode
bug#0001552: Date ranges not shown on graphs in the view with Daily, Weekly, Monthly & Yearly graphs
bug#0001573: RRA templates/grouping
bug#0001577: Override session handling and store session in Database
bug#0001790: Allow for XML delimiter in fields of a script query
bug#0001820: Unable to use a Data Input Method Output Field in more than one Data Source Item
bug#0001827: Changing the graph template messes up the graph item fields
bug#0001836: Add mysql error message to log
bug#0001877: Cookies path is not properly set
bug#0001966: Expand Devices in tree view not honored
bug#0001970: Data query index order cache should be populated on re-index
bug#0001981: Cacti is not full UTF-8
bug#0001986: CLI allow add_graphs.php to have multiples --snmp-field and --snmp-value options
bug#0001996: Allow using data input field in graph title
bug#0002096: Enumerated SNMP values not parsed correctly
bug#0002112: CLI add configurable parameters for device_add.php
bug#0002133: Restrict User to only manage specific device(s)
bug#0002135: Regular expression support for filter
bug#0002137: Data query oid_suffix parameter does not function
bug#0002159: Database creation file not fully compliant with strict SQL mode
bug#0002162: Unable to authenticate user with password containing UTF-8
bug#0002196: Incorrect script server instance number in log
bug#0002225: Make -Cc SNMP option configurable
bug#0002255: Script query_unix_partitions.pl should only query local mounts
bug#0002336: Implement php-snmp class library
bug#0002340: Data query script execution should be escaped
bug#0002350: SNMP Data Query index_order ignored
bug#0002351: Ping does not work with non-English locale
bug#0002361: Spine does not log unknowns the same way cmd.php
bug#0002362: Poller cmd.php makes wrong hex-string to decimal conversion
bug#0002370: Cacti prints wrong date formats, does not honor a systems locale
bug#0002403: Typo in DELETE statement leading to poor graphing performance
bug#0002412: Graph Template duplication causes to be converted to TAB char
bug#0002418: Data Source Items named 'ds' break UI ability to add more items
bug#0002419: SNMP enum results not parsed correctly by cmd.php poller
bug#0002452: CVE-2014-4000 PHP Object Injection Vulnerabilities
bug#0002454: OS Command Injection
bug#0002468: Changing graph format to anything but PNG causes no output
bug#0002476: Add support for SNMP v3 EngineID
bug#0002483: Cisco ASA using Re-index method of verify all causes recache event every time
bug#0002484: Incorrect SQL request in cli script repair_database.php
bug#0002521: Unable to create two devices via CLI with the same IP-Address
bug#0002522: Zero padded hex strings are parsed incorrectly
bug#0002535: Graph Template Changes not updating RRDTool command
bug#0002636: Creating Data Template with "U" for min and max saves field data_input_field_id as 0 for first item
bug#0002697: CVE-2016-2313 allows remote authenticated users who use web authentication to bypass intended access
bug#0002698: When the host is down the wrong data type are used for some columns in the host table
bug#0002723: Renaming a disabled device still attempts to connect and get SNMP host information
bug#0002724: Multipage graphs the menu can disappear
bug#0002725: Changing graph template does not mark correct interfaces disabled on data query generated list

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks! The Cacti Group

We the Cacti Group are proud to release the following:

Cacti 0.8.8h

Spine 0.8.8h

We have moved source control to GitHub!

Read about it in announcement post! - http://forums.cacti.net/viewtopic.php?f=4&t=55666&p=260306

bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression)
bug:0002667: Cacti SQL Injection Vulnerability
bug:0002666: When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck
bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability
bug:0002676: Outdated MIBs for non-unicast packets
bug:0002677: Index is a MySQL 5.6 reserved word
bug:0002681: generate_graph_def_name() generates reserved word "cf"

http://www.cacti.net/bugs.php

http://www.cacti.net/download_cacti.php

http://www.cacti.net/spine_download.php

Thanks! The Cacti Group

We the Cacti Group are proud to release the following:

Cacti 0.8.8g Spine 0.8.8g

GitHub!

We have moved source control to GitHub! Read about it in announcement post!

http://forums.cacti.net/viewtopic.php?f=4&t=55666&p=260306

Cacti 0.8.8g Change Log

http://www.cacti.net/release_notes_0_8_8g.php

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks! The Cacti Group

Release of Cacti 0.8.8f

We the Cacti Group are proud to release the following:
Cacti 0.8.8f
Spine 0.8.8f

Cacti 0.8.8f Change Log
bug:0002599: 0.8.8e Poller Script Parser is Broken
bug:0002600: cli/upgrade_database.php is missing releases
bug:0002603: Graph managment graphs.php save button does not work
bug:0002599: Poller Script Parser is Broken

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!

The Cacti Group

http://forums.cacti.net/viewtopic.php?f=21&t=54874

— Linegod 2015/07/23 01:39

Release of Cacti 0.8.8e

We the Cacti Group are proud to release the following and respectfully ask forgiveness for the disaster release 0.8.8d was...
Cacti 0.8.8e
Spine 0.8.8e

Important Security Fixes
Multiple XSS and SQL injection vulnerabilities
CVE-2015-4634 - SQL injection in graphs.php

Cacti 0.8.8e Change Log
bug: Fixed issue with graph zooming failing to work
bug: Fixed various SQL Injection vectors
bug#0002569: Impossible to have a URL pointing directly to a graph
bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
bug#0002579: SQL Injection Vulnerabilities in data sources
bug#0002580: SQL Injection in cdef.php
bug#0002582: SQL Injection in data_templates.php
bug#0002583: SQL Injection in graph_templates.php
bug#0002584: SQL Injection in host_templates.php
bug#0002586: Cannot delete data sources from the GUI
bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down
bug#0002597: Incorrect value in Hosts column on Host Templates page
bug#0002598: Incorrect row number in Devices -> (Edit) page

http://forums.cacti.net/viewtopic.php?f=4&t=54851

We the Cacti Group are proud to release the following:
Cacti 0.8.8d
Spine 0.8.8d

Important Security Fixes
Multiple XSS and SQL injection vulerabilities

Cacti 0.8.8d Change Log
bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
bug#0002391: Odd Behaviour on ReIndex of Data Query Data
bug#0002393: Broken thumbnail images for graph templates
bug#0002402: Subtree must not have the same header as the parent header
bug#0002474: CLI add_device.php dows not set availability_method correctly
bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
bug#0002439: Password with special character don't work with LDAP authentication
bug#0002461: invalid bn with ldap and anonymous bind
bug#0002465: Graph Export return empty CSV file
bug#0002484: Incorrect SQL request in cli script repair_database.php
bug#0002485: Broken pagenation on graph viewing
bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
bug#0002490: Can not select page for multiple datasources per device
bug#0002494: CSV export always shows last day
bug#0002504: Data template search not functional
bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
bug#0002544: Duplicate entry in $nav_url during list view
bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
bug#0002572: SQL injection in graph templates

http://forums.cacti.net/viewtopic.php?f=21&t=54716

— Linegod 2015/06/10 02:12

Cacti Docs user ids are linked to your http://bugs.cacti.net account.

The Cacti repository has been moved to github:

https://github.com/Cacti

— Linegod 2015/04/18 11:08

We the Cacti Group are proud to release the following:

• Cacti 0.8.8c
• Spine 0.8.8c

Important Security Fixes

• CVE-2013-5588 - XSS issue via installer or device editing
• CVE-2013-5589 - SQL injection vulnerability in device editing
• CVE-2014-2326 - XSS issue via CDEF editing
• CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
• CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
• CVE-2014-4002 - XSS issues in multiple files
• CVE-2014-5025 - XSS issue via data source editing
• CVE-2014-5026 - XSS issues in multiple files

Important Updates

• New graph tree view
• Updated graph list and graph preview
• Refactor graph tree view to remove GPL incompatible code
• Updated command line database upgrade utility
• Graph zooming now from everywhere

Cacti 0.8.8c Change Log

• bug#0002228: GPL incompatible files included in Cacti project in include/treeview
• bug#0002383: Sanitize the step and id variables CVE-2013-5588, CVE-2013-5589
• bug#0002385: Cannot export host templates while including dependencies
• bug#0002386: cli/upgrade_database.php is missing the last two releases
• bug#0002390: Poller/script issue with slash and backslash
• bug#0002405: SQL injection in graph_xport.php
• bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
• bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
• bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
• bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
• bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
• bug#0002446: Subtract plugin processing time from Poller sleep time
• bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
• bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
• bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
• bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
• bug: Fix issues when SNMP data holds a ”=”; “explode” must be treated accordingly
• bug: Fix filter highlighting on data sources for the data template field
• bug: correct description of SNMP V3 parameters
• feature: Added native jquery, jqueryui, and jstree
• feature: Fixed issues with 'Clear' under preview not working
• feature: Added new Tree navigation
• feature: Added Columns and Thumbnails to Preview
• feature: Added Columns to Tree (Preview only)
• feature: Both Graphs and Columns default to 'Default'
• feature: Resolved Left hand navigation taking entire page
• feature: Added new graph zoom to tree view and preview offering a “quick” (default) and an “advanced” mode

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!

The Cacti Group

http://forums.cacti.net/viewtopic.php?f=4&t=53725

— Linegod 2014/11/24 00:14

Release of Cacti 0.8.8b

We the Cacti Group are proud to release the following:

• Cacti 0.8.8b
• Spine 0.8.8b

Cacti 0.8.8b Change Log

• bug: Fixed issue with custom data source information being lost when saved from edit
• bug: Repopulate the poller cache on new installations
• bug: Fix issue with poller not escaping the script query path correctly
• bug: Allow snmpv3 priv proto none
• bug: Fix issue where host activate may flush the entire poller item cache
• security: SQL injection and shell escaping issues

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks! The Cacti Group

— Linegod 2013/08/06 23:20

User Herve Donati has contributed the Predict plugin, which used the PREDICT RRDtool feature, allowing for future predictions.

Check it out.

— Linegod 2012/11/07 01:08

We the Cacti Group are proud to release the following:

   Cacti 0.8.8a
   Spine 0.8.8a

The Plugin Architecture is now part of the official Cacti release!

Read more at http://forums.cacti.net/viewtopic.php?f=4&t=47167

We the Cacti Group are proud to release the following:

• Cacti 0.8.8
• Spine 0.8.8

The Plugin Architecture is now part of the official Cacti release!

Read the full announcement: http://forums.cacti.net/viewtopic.php?f=4&t=46926

On Friday December 16th 2011 we were informed by a very nice person that they where able to retrieve the users table for the Cacti forums.

Read more at this post: http://forums.cacti.net/viewtopic.php?f=21&t=45953

— Linegod 2011/12/19 17:55

We the Cacti Group are proud to release the following:

• Cacti 0.8.7i
• Spine 0.8.7i
• Cacti 0.8.7i with Plugin Architecture version 3.1

Note with this release we are no longer making people patch Cacti to use the Plugin Architecture. We did the work for you and now provide a completely patched release of Cacti with Plugin Architecture version 3.1.

View the bug fixes and enhancements at this forum post

We the Cacti Group are proud to release the following:

• Cacti 0.8.7h
• Spine 0.8.7h
• Cacti Plugin Architecture 3.0 for Cacti 0.8.7h

View the bug fixes and enhancements at this forum post

— Linegod 2011/09/26 01:04

The Cacti Group is pleased to announce the beta release of:

• Cacti 0.8.7h
• Plugin Architecture 3.0 for Cacti 0.8.7h
• Spine 0.8.7h

Please report any bugs to http://www.cacti.net/bugs.php

For support issues, please post in the beta discussion thread.

Beta files can be downloaded from: http://www.cacti.net/downloads/beta/

— Linegod 2011/03/13 10:52

TheWitness has created a couple of walk-through videos for pending 1.0 releases.

You can see them on the bottom of the aggregate and flowview pages

— Linegod 2011/01/04 21:21

The wiki has been upgraded.

If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=41266

— Linegod 2011/01/02 14:22

The Cacti Forums have been upgraded.

If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=40082

— Linegod 2010/09/26 18:12

The following patch was released on 2010/08/31

Unified patch that fixes multiple issues and improves windows support. The fixes include the following bugs:

• bug#0001669: Problems with getting data from script using SPINE on Windows Server 2003 x32
• bug#0001829: Wrong string numerical value got from Spine SNMP poller
• bug: Net-snmp API issues cause spine crashes with some SNMP agents
• bug: Host list not properly initialized
• bug: Mutex locking issues cause deadlocks in Windows
• bug: Escape windows type back slashes in scripts

The patch can be downloaded at http://www.cacti.net/spine_download_patches.php

A Windows binary has also been uploaded.

The Windows binary can be downloaded at http://www.cacti.net/downloads/spine/packages/Windows/cacti-spine-0.8.7g.zip

Older -->