This is an old revision of the document!
Status of the Wiki
We have moved quite a bit of content to GitHub. We continue to maintain this site for the foreseeable future. We are working on re-enabling login access for people who wish to hold accounts and contribute Cacti Templates. Give us a little time.
Welcome to Cacti 1.x DocuWiki
The Cacti Group are on a tear! In 2017, we released almost 40 releases of Cacti 1.x. It's been a rapid pace, but we now have several contributors helping us not only perfect the user interface, but enhance it to be what it has been touted to be from the beginning 'the complete RRDtool graphing solution'.
Cacti 1.x has changed drastically from earlier versions. We have incorporated 20 Cacti Group plugins into the Core of Cacti to make it easier for you to get started using it. When those plugins were merged, careful thought was givin to compatibility and design. They should all behave as a unified tool today.
With that said, we have another 19 or so plugins available on GitHub. So, though we have merged a number of them into the core of Cacti, there are several additional plugins that may be required depending on your use case.
Additionally, we have implemented internationalization. What this means is that if your preferred language is not English, you may have an option. Translations are available today in Spanish, Dutch, and German. There are several partially complete translations. If you are not a developer, and interested in giving back to the Cacti community, consider contributing to a Cacti Translation. You just have to follow our translation instructions on GitHub. We could also use some help in Translating our 19 or so plugins.
Lastly, Cacti 1.x has theme support. So, if you need Cacti to look like your Corporate standard, hack away, or better yet, find a web developer.
Feature Highlights
- Remote data collectors (Pollers)
- Network discovery and automation
- Device management automation
- Expanded color sets
- Enhanced user, group and domain management
- User interface enhancements
- Additional RRDtool graph option support
- Multiple poller intervals
- Merged almost 20 plugins into core
For additional details check out the README.md located on GitHub
Contribute
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Thanks! The Cacti Group
Current Cacti 1.x Releases
Current Cacti 0.8.x Releases
The following Cacti releases are end of life. We believe that release is stable, though you should make plans to upgrade your environment to Cacti 1.x. In the mean time, if for some reason you can not use Cacti 1.x, this version is preserved here for your reference.
Announcements
Release of Cacti 1.0.0
We the Cacti Group are proud to release the following:
Cacti 1.0.0
Spine 1.0.0
Important Security Fixes
CVE-2014-4000 PHP Object Injection Vulnerabilities CVE-2016-2313 allows remote authenticated users who use web authentication to bypass intended access
Important Updates
Remote data collectors (Pollers) Network discovery and automation Device management automation Enhanced user, group and domain management User interface enhancements Additional RRDtool graph option support Merged almost 20 plugins into core
http://forums.cacti.net/viewtopic.php?f=4&t=56794
For additional details check out the README located on GitHub - https://github.com/Cacti/
Contribute
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Cacti 1.0.0 Change Log
feature: Support for remote data collectors feature: Support Internationalization (i18n) for the main Cacti site, and supported plugins feature: Data Source Profiles replace RRA settings allowing a single system to have multiple polling intervals feature: Redesigned Tree page including Drag & Drop functionality feature: New Graph Permissions system designed to make permissions simple to manage feature: Add Themes 'Classic', 'Modern', 'Dark', and 'Paw' feature: Debug Data Sources by comparing them to the Data Template feature: New special Data Source type to detect the poller interval feature: Bulk inserts in PHP poller to address latency issues feature: Optimize data collection through in memory caching giving a 50% reduction in polling times when dealing with large sites feature: Support RRDtool VDEFs feature: Support new Graph Items: AREA:STACK, GPRINT:AVERAGE, GPRINT:LAST, GPRINT:MAX, GPRINT:MIN, LINE:STACK, TEXTALIGN, TICK feature: Support RRDtool features: Right Axis Support, Dynamic Labels, Tab Width, Legend Position, Legend Direction feature; Resizeable table columns feature: Deprecated Single Pane Tree View feature: Role Based Access Control (RBAC) feature: Support User Group Permissions feature: Show number of in use Graphs, Data Sources, and Devices for a given Template feature: Support bulk re-sync of graphs to assigned Graph Template feature: Bulk Device Settings changes feature: CDEFs, Colors, GPrint Presets consolidated to Presets menu feature: Authentication cookies for 'remember me' functionality feature: Automatic logout after session inactivity feature: Replace Boost server in favor of RRDtool Proxy feature: Graph Details include CSV output, zoom, debug, and download links feature: Graph Export moved to a plugin feature: User change password functionality feature: Automation added to core functionality through the merge of the Discovery and AutoM8 plugins feature: Change interface graphs from 32 bit to 64 bit with ease feature: Plugins now have hooks in device templates and automation feature: Allow users to preview template imports to determine if there will be issues from importing feature: Automatic removal of orphaned graph items when importing newer versions of graph templates feature: Support for MySQL 5.7 feature: Support for PHP 7.0 feature: Merge Aggregate Plugin - Aggregate graph creation feature: Merge AutoM8 Plugin - Automation of graph creation feature: Merge Boost Plugin - Faster polling, result caching, on-demand RRDtool file updates feature: Merge CLog Plugin - View Cacti logs feature: Merge Discovery Plugin - Device discovery feature: Merge Domains Plugin - Support for domain (ADS/LDAP) specific user templates feature: Merge DSStats Plugin - Cache Data Source values for easy retrieval feature: Merge Logrotate Plugin - Rotate Cacti logs feature: Merge Realtime Plugin - Realtime graph viewing feature: Merge Reporting (Nectar) Plugin - Reporting feature: Merge RRDclean Plugin - RRD file cleanup and management feature: Merge Secpass Plugin - User password policy enforcement feature: Merge Settings Plugin - Shared settings for plugins feature: Merge SNMP Agent Plugin - SNMP Agent for Cacti providing system statistics feature: Merge SpikeKill Plugin - Remove unwanted spikes from graphs feature: Merge SSL Plugin - Force https feature: Merge SuperLinks Plugin - Add external links within Cacti feature: Merge UGroup Plugin - User groups with permissions feature: Merge Watermark Plugin - Watermark your Cacti graphs bug: Fixed issue where old graph templates (0.8.6-), could import bogus data causing issues with Data Input Methods bug#0000168: Duplicate data sources should be avoided when creating new graphs bug#0000851: Review an imported template bug#0001155: When viewing graph tree do not show empty nodes bug#0001337: Form to filter for graphs in host view mode bug#0001552: Date ranges not shown on graphs in the view with Daily, Weekly, Monthly & Yearly graphs bug#0001573: RRA templates/grouping bug#0001577: Override session handling and store session in Database bug#0001790: Allow for XML delimiter in fields of a script query bug#0001820: Unable to use a Data Input Method Output Field in more than one Data Source Item bug#0001827: Changing the graph template messes up the graph item fields bug#0001836: Add mysql error message to log bug#0001877: Cookies path is not properly set bug#0001966: Expand Devices in tree view not honored bug#0001970: Data query index order cache should be populated on re-index bug#0001981: Cacti is not full UTF-8 bug#0001986: CLI allow add_graphs.php to have multiples --snmp-field and --snmp-value options bug#0001996: Allow using data input field in graph title bug#0002096: Enumerated SNMP values not parsed correctly bug#0002112: CLI add configurable parameters for device_add.php bug#0002133: Restrict User to only manage specific device(s) bug#0002135: Regular expression support for filter bug#0002137: Data query oid_suffix parameter does not function bug#0002159: Database creation file not fully compliant with strict SQL mode bug#0002162: Unable to authenticate user with password containing UTF-8 bug#0002196: Incorrect script server instance number in log bug#0002225: Make -Cc SNMP option configurable bug#0002255: Script query_unix_partitions.pl should only query local mounts bug#0002336: Implement php-snmp class library bug#0002340: Data query script execution should be escaped bug#0002350: SNMP Data Query index_order ignored bug#0002351: Ping does not work with non-English locale bug#0002361: Spine does not log unknowns the same way cmd.php bug#0002362: Poller cmd.php makes wrong hex-string to decimal conversion bug#0002370: Cacti prints wrong date formats, does not honor a systems locale bug#0002403: Typo in DELETE statement leading to poor graphing performance bug#0002412: Graph Template duplication causes to be converted to TAB char bug#0002418: Data Source Items named 'ds' break UI ability to add more items bug#0002419: SNMP enum results not parsed correctly by cmd.php poller bug#0002452: CVE-2014-4000 PHP Object Injection Vulnerabilities bug#0002454: OS Command Injection bug#0002468: Changing graph format to anything but PNG causes no output bug#0002476: Add support for SNMP v3 EngineID bug#0002483: Cisco ASA using Re-index method of verify all causes recache event every time bug#0002484: Incorrect SQL request in cli script repair_database.php bug#0002521: Unable to create two devices via CLI with the same IP-Address bug#0002522: Zero padded hex strings are parsed incorrectly bug#0002535: Graph Template Changes not updating RRDTool command bug#0002636: Creating Data Template with "U" for min and max saves field data_input_field_id as 0 for first item bug#0002697: CVE-2016-2313 allows remote authenticated users who use web authentication to bypass intended access bug#0002698: When the host is down the wrong data type are used for some columns in the host table bug#0002723: Renaming a disabled device still attempts to connect and get SNMP host information bug#0002724: Multipage graphs the menu can disappear bug#0002725: Changing graph template does not mark correct interfaces disabled on data query generated list
Reporting Issues
http://www.cacti.net/issues.php
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks! The Cacti Group
Release of Cacti 0.8.8h
We the Cacti Group are proud to release the following:
Cacti 0.8.8h
Spine 0.8.8h
GitHub!
We have moved source control to GitHub!
Read about it in announcement post! - http://forums.cacti.net/viewtopic.php?f=4&t=55666&p=260306
Cacti 0.8.8h Change Log
bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression) bug:0002667: Cacti SQL Injection Vulnerability bug:0002666: When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability bug:0002676: Outdated MIBs for non-unicast packets bug:0002677: Index is a MySQL 5.6 reserved word bug:0002681: generate_graph_def_name() generates reserved word "cf"
Reporting Bugs
Download Cacti
Download Spine
http://www.cacti.net/spine_download.php
Thanks! The Cacti Group
Release of Cacti 0.8.8g
We the Cacti Group are proud to release the following:
Cacti 0.8.8g Spine 0.8.8g
GitHub!
We have moved source control to GitHub! Read about it in announcement post!
http://forums.cacti.net/viewtopic.php?f=4&t=55666&p=260306
Cacti 0.8.8g Change Log
http://www.cacti.net/release_notes_0_8_8g.php
Reporting Bugs
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks! The Cacti Group
Release of Cacti 0.8.8f
Release of Cacti 0.8.8f We the Cacti Group are proud to release the following: Cacti 0.8.8f Spine 0.8.8f Cacti 0.8.8f Change Log bug:0002599: 0.8.8e Poller Script Parser is Broken bug:0002600: cli/upgrade_database.php is missing releases bug:0002603: Graph managment graphs.php save button does not work bug:0002599: Poller Script Parser is Broken
Reporting Bugs
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks!
The Cacti Group
http://forums.cacti.net/viewtopic.php?f=21&t=54874
— Linegod 2015/07/23 01:39
Release of Cacti 0.8.8e
Release of Cacti 0.8.8e We the Cacti Group are proud to release the following and respectfully ask forgiveness for the disaster release 0.8.8d was... Cacti 0.8.8e Spine 0.8.8e Important Security Fixes Multiple XSS and SQL injection vulnerabilities CVE-2015-4634 - SQL injection in graphs.php Cacti 0.8.8e Change Log bug: Fixed issue with graph zooming failing to work bug: Fixed various SQL Injection vectors bug#0002569: Impossible to have a URL pointing directly to a graph bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items bug#0002577: CVE-2015-4634 - SQL injection in graphs.php bug#0002579: SQL Injection Vulnerabilities in data sources bug#0002580: SQL Injection in cdef.php bug#0002582: SQL Injection in data_templates.php bug#0002583: SQL Injection in graph_templates.php bug#0002584: SQL Injection in host_templates.php bug#0002586: Cannot delete data sources from the GUI bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down bug#0002597: Incorrect value in Hosts column on Host Templates page bug#0002598: Incorrect row number in Devices -> (Edit) page
Release of Cacti 0.8.8d
We the Cacti Group are proud to release the following: Cacti 0.8.8d Spine 0.8.8d Important Security Fixes Multiple XSS and SQL injection vulerabilities Cacti 0.8.8d Change Log bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540 bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors bug#0002391: Odd Behaviour on ReIndex of Data Query Data bug#0002393: Broken thumbnail images for graph templates bug#0002402: Subtree must not have the same header as the parent header bug#0002474: CLI add_device.php dows not set availability_method correctly bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag bug#0002428: Fail to delete all data input items when removing more than 1000 data sources bug#0002439: Password with special character don't work with LDAP authentication bug#0002461: invalid bn with ldap and anonymous bind bug#0002465: Graph Export return empty CSV file bug#0002484: Incorrect SQL request in cli script repair_database.php bug#0002485: Broken pagenation on graph viewing bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time bug#0002490: Can not select page for multiple datasources per device bug#0002494: CSV export always shows last day bug#0002504: Data template search not functional bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation bug#0002544: Duplicate entry in $nav_url during list view bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342 bug#0002572: SQL injection in graph templates
http://forums.cacti.net/viewtopic.php?f=21&t=54716
— Linegod 2015/06/10 02:12
Official Cacti Documentation Site
Cacti Docs user ids are linked to your http://bugs.cacti.net account.
Cacti on Github
Release of Cacti 0.8.8c
We the Cacti Group are proud to release the following:
- Cacti 0.8.8c
- Spine 0.8.8c
Important Security Fixes
- CVE-2013-5588 - XSS issue via installer or device editing
- CVE-2013-5589 - SQL injection vulnerability in device editing
- CVE-2014-2326 - XSS issue via CDEF editing
- CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
- CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
- CVE-2014-4002 - XSS issues in multiple files
- CVE-2014-5025 - XSS issue via data source editing
- CVE-2014-5026 - XSS issues in multiple files
Important Updates
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere
Cacti 0.8.8c Change Log
- bug#0002228: GPL incompatible files included in Cacti project in include/treeview
- bug#0002383: Sanitize the step and id variables CVE-2013-5588, CVE-2013-5589
- bug#0002385: Cannot export host templates while including dependencies
- bug#0002386: cli/upgrade_database.php is missing the last two releases
- bug#0002390: Poller/script issue with slash and backslash
- bug#0002405: SQL injection in graph_xport.php
- bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
- bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
- bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
- bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
- bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
- bug#0002446: Subtract plugin processing time from Poller sleep time
- bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
- bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
- bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
- bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
- bug: Fix issues when SNMP data holds a ”=”; “explode” must be treated accordingly
- bug: Fix filter highlighting on data sources for the data template field
- bug: correct description of SNMP V3 parameters
- feature: Added native jquery, jqueryui, and jstree
- feature: Fixed issues with 'Clear' under preview not working
- feature: Added new Tree navigation
- feature: Added Columns and Thumbnails to Preview
- feature: Added Columns to Tree (Preview only)
- feature: Both Graphs and Columns default to 'Default'
- feature: Resolved Left hand navigation taking entire page
- feature: Added new graph zoom to tree view and preview offering a “quick” (default) and an “advanced” mode
Reporting Bugs
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks!
The Cacti Group
http://forums.cacti.net/viewtopic.php?f=4&t=53725
— Linegod 2014/11/24 00:14
Release of Cacti 0.8.8b
Release of Cacti 0.8.8b
We the Cacti Group are proud to release the following:
- Cacti 0.8.8b
- Spine 0.8.8b
Cacti 0.8.8b Change Log
- bug: Fixed issue with custom data source information being lost when saved from edit
- bug: Repopulate the poller cache on new installations
- bug: Fix issue with poller not escaping the script query path correctly
- bug: Allow snmpv3 priv proto none
- bug: Fix issue where host activate may flush the entire poller item cache
- security: SQL injection and shell escaping issues
Reporting Bugs
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks! The Cacti Group
— Linegod 2013/08/06 23:20
Predict Plugin
User Herve Donati has contributed the Predict plugin, which used the PREDICT RRDtool feature, allowing for future predictions.
Check it out.
— Linegod 2012/11/07 01:08
Release of Cacti 0.8.8a
We the Cacti Group are proud to release the following:
Cacti 0.8.8a Spine 0.8.8a
The Plugin Architecture is now part of the official Cacti release!
Read more at http://forums.cacti.net/viewtopic.php?f=4&t=47167
Release of Cacti 0.8.8
We the Cacti Group are proud to release the following:
- Cacti 0.8.8
- Spine 0.8.8
The Plugin Architecture is now part of the official Cacti release!
Read the full announcement: http://forums.cacti.net/viewtopic.php?f=4&t=46926
Cacti Forums compromised
On Friday December 16th 2011 we were informed by a very nice person that they where able to retrieve the users table for the Cacti forums.
Read more at this post: http://forums.cacti.net/viewtopic.php?f=21&t=45953
— Linegod 2011/12/19 17:55
Release of Cacti 0.8.7i
We the Cacti Group are proud to release the following:
- Cacti 0.8.7i
- Spine 0.8.7i
- Cacti 0.8.7i with Plugin Architecture version 3.1
Note with this release we are no longer making people patch Cacti to use the Plugin Architecture. We did the work for you and now provide a completely patched release of Cacti with Plugin Architecture version 3.1.
View the bug fixes and enhancements at this forum post
Release of Cacti 0.8.7h
We the Cacti Group are proud to release the following:
- Cacti 0.8.7h
- Spine 0.8.7h
- Cacti Plugin Architecture 3.0 for Cacti 0.8.7h
View the bug fixes and enhancements at this forum post
— Linegod 2011/09/26 01:04
Cacti 0.8.7h Beta Release
The Cacti Group is pleased to announce the beta release of:
- Cacti 0.8.7h
- Plugin Architecture 3.0 for Cacti 0.8.7h
- Spine 0.8.7h
Please report any bugs to http://www.cacti.net/bugs.php
For support issues, please post in the beta discussion thread.
Beta files can be downloaded from: http://www.cacti.net/downloads/beta/
— Linegod 2011/03/13 10:52
Cacti Plugin Videos
TheWitness has created a couple of walk-through videos for pending 1.0 releases.
You can see them on the bottom of the aggregate and flowview pages
— Linegod 2011/01/04 21:21
Wiki Upgrade
The wiki has been upgraded.
If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=41266
— Linegod 2011/01/02 14:22
Forum Upgrade
The Cacti Forums have been upgraded.
If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=40082
— Linegod 2010/09/26 18:12
Spine 0.8.7g Patches
The following patch was released on 2010/08/31
Unified patch that fixes multiple issues and improves windows support. The fixes include the following bugs:
- bug#0001669: Problems with getting data from script using SPINE on Windows Server 2003 x32
- bug#0001829: Wrong string numerical value got from Spine SNMP poller
- bug: Net-snmp API issues cause spine crashes with some SNMP agents
- bug: Host list not properly initialized
- bug: Mutex locking issues cause deadlocks in Windows
- bug: Escape windows type back slashes in scripts
The patch can be downloaded at http://www.cacti.net/spine_download_patches.php
A Windows binary has also been uploaded.
The Windows binary can be downloaded at http://www.cacti.net/downloads/spine/packages/Windows/cacti-spine-0.8.7g.zip