In Order to Get Detailed Information About trackerd Which is a Network Tracking System, and Its Components, Please Read That Document Until The End. What is trackerd ? ------------------ trackerd is a network tracking system; it basically performs the following tasks: - Infomation about the network devices are entered with a graphical user interface (trackerdbgui) into a MySQL database. - trackerd checks the devices in the database periodically with ping and SNMP, and informs by e-mail any device which is unavailable. - It provides the knowledge of the locations of the users (which switch, which interface) on the network by scanning MAC addresse tables in switches by SNMP. - It shows LAN and wireless active user numbers graphically like MRTG using gnuplot. What Are Its Components ? ------------------------- trackerd network tracking system is constituted from 5 components: 1. trackerd database 'takip': Data are stored in that MySQL database. 2. trackerdbgui: This a GUI which provides easy data entry/modification for the database. 3. trackerd: The main daemon program which checks the devices with ping/SNMP and informs by e-mail when any one is unavailable, and scans and records MAC addresses on the switches by SNMP. 4. tracker: Queries the database to find out where a user is connected on the network. 5. trackercgi*: Cgi programs which provides inventory reports on the Web. 6. trackersnmp How is the Structure of the Database ? -------------------------------------- The tables on the trackerd database: Settings Table: The parameters necessary to run the trackerd are stored in that table. ========================= The fields used to store informations about e-mail settings: MTAHost: Host name of the e-mail server (MTA). FromName: From address of the e-mail address. To1: To address of the e-mail. To2 and To3 fields are not used for the moment. Subject: Subject of the e-mail. Period: It determines how frequently the ping/SNMP device checking will do, unit is minute; 5 min. is suitable. TrackerRate: It determines in how many 'Period' the MAC scanning process will occur. For example 4 means, after 4 times ping/SNMP device checking, the MAC scanning will occur. Tracking: Determines generally if the MAC scanning will or will not do. If 'off' is set, don't do any MAC scanning. If 'on' is set do MAC scanning. SnmpRO: SNMP ReadOnly community string for all the devices. All the device must have the same string in their configuration. SnmpRW: Not used for the moment. Informations about network devices are stored in the 'Main' and 'Modules' in a master/detail relation. Informations about device chassis are stored in the 'Main' table, and informations about modules in the chassis are stored in the 'Modules' table. 'Main' Table: Main informations about network devices are stored in that table: ============= MainSerialNo: Device's main serial number; index of the table. ModelNo: Modele number/name of the main device. ModulSayisi: Number of the modules in the device. IP: IP address of the device. Name: Name of the device (IOS/CATOS prompt). BuildingName: The name of the building in which device is located. RoomNumber: The room number. IOS: IOS Version number. Password: Password, trackerd do not use these fields. EnablePassword: Enable password. tracking: Determines if the MAC scanning will be or will not be done for that device; 'on' and 'off' are the choices. If the device is a router the 'router' value should be set; these routers are used to find out IP addresses of the correspondig MAC addresses using ARP tables. 'Modules' Table: ================ MainSerialNo: Provides "one to many" relation with the 'Main' table; holds main serial number of the chassis in which it is located. SerialNo: Module's serial number; this is the index of that table. ModelNo: Model number/name of the module. Tracking: If MAC scanning will be done for that module this field must be 'on'. If the module is a router then 'router' value should be set. GEPortSayisi: Holds the gigabit ethernet port number in the module; this value is usen in the total port number report. FEPortSayisi: Holds the fast ethernet port number in the module; this value is usen in the total port number report. IP1: IP address in the module (in router modules there may be more than one IP addresses). IP2: IP address in the module (in router modules there may be more than one IP addresses). ... IP15: IP address in the module (in router modules there may be more than one IP addresses). 'Stats' Table: ============== Holds the statistical values which are generated by trackerd daemon; user don't enter any info into that table. How to Make trackerd System Work ? ---------------------------------- Programs are compiled and installed as explained in the INSTALL file. trackerd database is created as explained in the INSTALL file. The config file /etc/trackerd.conf must be edited according to the installation; all the programs use that config file. The sample trackerd.conf file can be used to edit. If LDAP support is enabled during compilation, LDAP parameters also should be entered into that file. The config file must be copied to /etc. The information about the network devices is entered into the database using trackerdbgui. For the devices in which MAC scanning will be done, the tracking 'field' must be set 'on'. In order to find out IP addresses of the correspondig MAC addresses using ARP tables, for the routers the tracking field must be set to 'router'. How trackerdbgui Program is Used ? ---------------------------------- trackerdbgui is prepared using GTK2 libraries, so it is easy to use it. It provides only entering/editing data into the database. Help information about the usage of that program is available in the Help menu; please, read it before using the program. Trackerdbgui takes care of the 'one to many - master/detail' relation between all the tables which have that relation. When a record on a master table is deleted, all of the related detail records are also deleted from the detail table. It provides also easy detail record addition for a master record. How the Logs of the trackerd Can Be Seen ? ------------------------------------------ trackerd sends log messages to the syslog daemon with the facility name LOCAL1. In order to route trackerd logs to a file, the sample config line below can be inserted into the /etc/syslog.conf file: local1.* -/var/log/trackerd.log Then, trackerd logs can be seen with the "tail -f /var/log/trackerd.log" command. Or, without any cofiguration, logs can be seen inside the system's log file. What trackerd Does When It Runs ? --------------------------------- First of all, it reads the config file /etc/trackerd.conf and connect to the database using these parameters. It starts to work according the settings in the 'Settings' table of the database. It cheks the devices in the 'Main' and 'Modules' tables at the defined periods; informs by e-mail any unavailable device. It sends two e-mails by day to inform that it works porperly at 8:00 and 16:00. MAC scanning process also runs at the defines periods. For every MAC, switch IP, interface number, and date recorded to the database. If LDAP support was enabled during compilation, the MAC which is found on the switch is searched and the related LDAP uid field is recorded to the database. When scanning MAC addresses present MAC records aren't deleted, they are only updated or new records are inseted. That provides to know where and when each user is connected on the LAN How the Results of the MAC Scanning Are Used ? ---------------------------------------------- trackerd records all the results it found to the database; tracker program is used to perform a query in the database. tracker can make queries using MAC address, IP address and UID; the result of the query shows where the user is connected (which switch, interface, IP, uid, and the time). The usage of the tracker can be seen with option --help When 'tracker -s' runs, it shows the statistical informations below: - Wheter the trackerd is currently running or sleeping. - The last start and finish times of the MAC scanning process. - Total MAC number found at the last MAC scanning process (current number of active user on the LAN). - The MAX. number of user in the scanning processes, and its date. Which Are The Reports ? ------------------------ - trackercgi_port_numbers - trackercgi_devices - trackercgi_devices_modules - trackercgi_modules - trackercgi_stock - trackercgi_defective How Defective and Stocked Devices Reports Are Created ? ------------------------------------------------------- There areb tables for defective and stocked devices; reports use these values. The information must be entered into the tables using trackerdbgui. How the Reports Can Be Seen ? ----------------------------- trackercgi* binaries must be copied to the cgi-bin/ directory of the server. trackerd_reports.html has the links for all of the reports; this file must be copied to the htdocs/ directory of the web server. Since trackercgi* programs uses the /etc/trackerd.conf config file, this file also must exist in the /etc directory. By accesing the trackerd_reports.html, the reports can be seen. What Does the trackerd System Provides to the Network Administrator ? --------------------------------------------------------------------- - First of all, thanks to that periodical cheks, it provides information about the states of the network devices. When a problem occurs, it informs be e-mail immediately. Since both ping and SNMP are used for checks, the results are reliable. - It provides to know the locations of the users on the LAN exactly. Starting by the point where the user is connected, can help to solve the problem when troubleshouting. - It facilitates to find the locations of the users which spread viruses/warms wich uses lots of bandwith; thus, it is easy to shutdown the network port of the infected user. - It finds the current active user on the network; that information can be used in network planning. - It finds MAX. spontaneous user number in the network. - It finds total number of network devices in the organisation. - It produces inventory reports for planning. On Which Platforms Does the System Can Run ? -------------------------------------------- The programs was initially developed under SuSE Linux 9.1 and they are worked on Solaris 2.7 in production. The System can work on any other system which have required GNU libraries and tools. The system runs now on gentoo 2007.01.25 With Which Network Devices the System Can Run ? ----------------------------------------------- The system tested with several Cisco devices and run without any problem. Since ping and SNMP protocol is used, it can work with other devices with have SNMP. Are There Any Screenshots ? ----------------------------- Yes, screenshots for all of the components are located in the sceenshots/ directory. What Will Be New Feature ? -------------------------- Pleas read the TODO file Suggestions and Problems ------------------------ Ali BASEL Ali BASEL http://www.basel.name.tr