Cacti

Integration of Cacti Network monitoring with Callgoose SQIBS

Overview

This document provides a detailed guide to integrating Cacti Network monitoring with Callgoose SQIBS for real-time Incident Management, Incident Auto Remediation, Event-Driven Automation, and other Automation purposes. The integration enables automatic creation, updating, and resolution of incidents in Callgoose SQIBS based on alerts triggered in Cacti Network monitoring. The guide includes steps for setting up alerts in Cacti Network monitoring, configuring webhook notifications, creating API filters in Callgoose SQIBS, and troubleshooting.

Prerequisites

• Cacti Network monitoring : Admin Access to Cacti Network monitoring for creating alerts and managing notifications.
• Callgoose SQIBS Account: With valid privileges to set up API filters and receive notifications.
• Webhook/API Endpoint: Available in Callgoose SQIBS to receive alerts from Cacti Network monitoring.

1. Obtain API Token and Endpoint Details To integrate with Callgoose SQIBS, you first need to obtain an API token and find the API endpoint details.

1. Generate an API Token:

• Follow the guide on How to Create API Token in Callgoose SQIBS: https://docs.callgoose.com/sqibs/api_token .

1. Find the API Endpoint:

• Refer to the Callgoose SQIBS API Endpoint Documentation: https://docs.callgoose.com/sqibs/api_end_point to get the endpoint details where the JSON payloads from Cacti Network monitoring will be sent.

2. Debugging and Troubleshooting

Enable debugging in the API tokens used with Cacti Network monitoring notifications for troubleshooting purposes.

• Enable Debugging:
• You can update the debug value when adding or updating an API token.
• When API tracking is enabled, logs are stored in the API log section for your review. The debugging option will automatically disable after 48 hours.
• When API tracking is turned off, no logs are saved in the API log.
• Using API Log for Troubleshooting:
• The API log provides detailed information on all API calls made to Callgoose SQIBS.
• You can check the JSON values in each API log entry for troubleshooting purposes.
• Use the information in the API log to create or refine API filters to ensure incidents are created correctly based on the API payloads received.
• Callgoose SQIBS creates incidents according to your API filter configuration, giving you full control over how alerts from different services trigger incidents and alerts for your support team or automation processes.

3. Configuring Cacti Network monitoring to Send JSON Payloads

Option 1 - Using the “thold” Plugin

This is the older but very mature alerting plugin for Cacti.

It can trigger alerts when monitored metrics exceed thresholds and run external scripts - perfect for calling Callgoose SQIBS’s webhook API.

Step 1 - Create a Threshold Rule

1. In the Cacti web UI, go to:
2. Console → Management → Thresholds (Thold)
3. Click Add Threshold
4. Configure:

• Data Source: Select a metric (e.g. router01 - CPU Usage or switch01 - Interface Traffic)
• Method: “High / Low”
• High Threshold: e.g., 90
• Low Threshold: leave blank if not needed
• Trigger Count: 1 (number of polling cycles before alert fires)
• Action: choose: Command Execution
• Email Notification (Legacy Not recommended) OR
• Command Execution (Recommended for webhook call only)

1. In Command Execution, enter a command line such as:

/usr/local/bin/sqibs_webhook.sh "<device>" "<data_source>" "<current_value>" "<threshold>"

1. Save your threshold.

Step 2 - Create the Webhook Script

Create a script file at /usr/local/bin/sqibs_webhook.sh:

#!/bin/bash
# sqibs_webhook.sh
# Usage: sqibs_webhook.sh <device> <metric> <value> <threshold>

DEVICE="$1"
METRIC="$2"
VALUE="$3"
THRESHOLD="$4"

# Callgoose SQIBS webhook endpoint
SQIBS_URL="https://xxx.callgoose.com/xxx"
Note:  Replace with Callgoose SQIBS API endpoints

# Construct JSON payload
PAYLOAD=$(cat <<EOF
{
  "source": "cacti",
  "device": "$DEVICE",
  "metric": "$METRIC",
  "current_value": "$VALUE",
  "threshold": "$THRESHOLD",
  "severity": "critical",
  "message": "Cacti Alert: $DEVICE $METRIC = $VALUE (threshold $THRESHOLD)"
}
EOF
)

# Send alert to SQIBS
curl -s -X POST "$SQIBS_URL" \
     -H "Content-Type: application/json" \
     -d "$PAYLOAD"

Make it executable:

chmod +x /usr/local/bin/sqibs_webhook.sh

✅ Verify

Trigger a threshold (e.g., simulate high CPU).

Then check:

• /var/log/cacti/cacti.log
• SQIBS alert ingestion dashboard/logs.

If Cacti executes the command correctly, you’ll see alerts appearing in Callgoose SQIBS.

Option 2 - Using the “Cacti Alerts” Plugin

This is newer, cleaner, and supports richer conditions and multiple notification types.

Step 1 - Access Alerts Configuration

Go to:

Console → Alerts → Rules → Add

1. Click Add New Rule
2. Set:

• Name: “High CPU Usage”
• Device Match: Select a device or use pattern (e.g. router.*)
• Data Source Match: Metric name (e.g., CPU)
• Condition: >= 90
• Severity: “Critical”
• Notification Type: choose: Command Notification
• Email Notification (Legacy Not recommended)
• Command Notification (Recommended for webhook call only)

Step 2 - Define the Command Notification

In the rule creation screen:

• Select Command Notification
• Enter command:

/usr/local/bin/sqibs_alerts_webhook.sh <device> <metric> <value> <condition>

Cacti passes these parameters automatically when the rule triggers.

Step 3 Create the Webhook Script

Create /usr/local/bin/sqibs_alerts_webhook.sh:

#!/bin/bash
# sqibs_alerts_webhook.sh
DEVICE="$1"
METRIC="$2"
VALUE="$3"
CONDITION="$4"

SQIBS_URL="https://xxx.callgoose.com/xxx"
Note:  Replace with Callgoose SQIBS API endpoints

PAYLOAD=$(cat <<EOF
{
  "source": "cacti-alerts",
  "device": "$DEVICE",
  "metric": "$METRIC",
  "value": "$VALUE",
  "condition": "$CONDITION",
  "severity": "critical",
  "message": "Cacti Alerts: $DEVICE $METRIC = $VALUE (Condition: $CONDITION)"
}
EOF
)

curl -s -X POST "$SQIBS_URL" \
     -H "Content-Type: application/json" \
     -d "$PAYLOAD"

Make it executable:

chmod +x /usr/local/bin/sqibs_alerts_webhook.sh

Step 4 - Test

You can manually trigger test alerts under:

Console → Alerts → Actions → Test Notification

Confirm:

• The webhook executes successfully.
• Callgoose SQIBS receives the alert in its dashboard/log.

How It Works:

1. Event Occurs: Cacti detects a predefined event within the monitored database.
2. Webhook Triggered: Cacti plugin sends a notification containing event details (e.g., user, time, query, data accessed) to the specified URL.
3. Action Taken: Callgoose SQIBS processes the webhook payload and triggers automated remediation workflows or alerts the relevant teams as per escalation policy.

Benefits of Using Cacti Network monitoring Webhooks with Callgoose SQIBS:

• Real-Time Threat Detection: Receive immediate alerts on potential security threats.
• Automated Response: Trigger automated workflows based on detected events.
• Improved Visibility: Gain deeper insights into network activity with detailed event logs.
• Centralized Security Management: Integrate with other tools for streamlined incident response.

4. Configuring Callgoose SQIBS To correctly map incidents from Cacti Network monitoring alerts, create API filters based on the JSON payloads received.

• Refer to the API Filter Instructions and FAQ: https://docs.callgoose.com/sqibs/api_integration for more details.

5. Testing and Validation

• Triggering Alerts:
• Simulate a alert in Cacti Network monitoring via plugins.
• Verify that an incident is created in Callgoose SQIBS with the correct details.
• Resolving Alerts:
• Investigate and resolve the alert in Cacti Network monitoring.
• Ensure that the corresponding incident in Callgoose SQIBS is updated or resolved accordingly.

6. Security Considerations

• API Security: Ensure that the Callgoose SQIBS API endpoint is correctly configured and that API tokens are securely stored.
• Cacti Network monitoring Permissions: Verify that plugins send the event data to Callgoose SQIBS.

7. Conclusion

This guide provides a comprehensive overview of how to integrate Cacti Network monitoring with Callgoose SQIBS for effective network monitoring management. By following these steps, organizations can ensure security alerts from Cacti Network monitoring trigger automated responses in Callgoose SQIBS, reducing manual intervention and improving incident response times.

For further customization or advanced use cases, refer to:

• Cacti Network monitoring Documentation: https://www.cacti.net
• https://github.com/Cacti
• Callgoose SQIBS API Token Documentation: https://docs.callgoose.com/sqibs/api_token
• Callgoose SQIBS API Endpoint Documentation: https://docs.callgoose.com/sqibs/api_end_point
• API Filter Instructions and FAQ: https://docs.callgoose.com/sqibs/api_integration
• How to Send API: https://docs.callgoose.com/sqibs/how_to_send_api