You are on page 1of 139

NHN XT CA GIO VIN HNG DN

Lt, ngy .. thng nm


Gio vin hng dn
[K tn v ghi r h tn]

NHN XT CA GIO VIN PHN BIN 1

Kha lun p ng yu cu ca Kha lun k s Cng ngh thng tin.


Lt, ngy .. thng nm
Gio vin phn bin
[K tn v ghi r h tn]

NHN XT CA GIO VIN PHN BIN 2

Kha lun p ng yu cu ca Kha lun k s Cng ngh thng tin.


Lt, ngy .. thng nm
Gio vin phn bin
[K tn v ghi r h tn]

LI CAM OAN

Ti xin cam oan nhng kt qu nghin cu trong ti ny cha c bt


k ai cng b trc y. Nu xy ra bt k trng hp no lin quan n bn
quyn, ti xin chu hon ton trch nhim.

Lt ngy 24/11/2010
Lng V Cng Khoa

LI CM N

u tin cho em xin gi li cm n n tt c cc thy c trong khoa Cng


Ngh Thng Tin trng i hc Lt h tr, to iu kin v c s vt cht
cho em trong qu trnh thc hin kha lun.
c bit em xin gi li cm n n thy Trn Thng ngi trc tip
hng dn em hon thnh kha lun ny. Bn cnh l nhng kin ng gp
ca bn b, cho em ngun ng vin ln hon thnh nhim v ca kha lun.
Qua , em t c nhiu tin b v kin thc cng nh nhng k nng lm
vic b ch.
Em chn thnh gi li cm n su sc n ton th thy c v cc bn!

Lt ngy 24/11/2010
Lng V Cng Khoa

Trng i Hc Lt
Khoa Cng Ngh Thng Tin
CNG NGHIN CU KHA LUN TT NGHIP
Tn Ti: Tm hiu trin khai gii php gim st mng
Chuyn ngnh: Mng v Truyn thng
Sinh vin thc hin: Lng V Cng Khoa - 0612237
Kha: CTK30
Gio vin hng dn: ThS. Trn Thng
1. Mc tiu ti:
Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch
v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht
hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng
n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h
thng mng.
2. Ni Dung Ti:
Tm hiu giao thc qun l mng.
Nghin cu cc chng trnh gim st h thng, dch v, hiu sut
mng da trn m ngun m.
Tm kim gii php gim st mng ti u.
Trin khai m hnh gim st h thng mng.
3. Phn mm v cng c s dng:
Nagios
CentOS
CS-MARS
4. D kin kt qu: da trn kt qu nghin cu a ra thit k v trin khai mt m
hnh gim st h thng mng ti u.

5. Ti liu tham kho chnh:


[1] Douglas Mauro & Kevin Schmidt, Essential SNMP, OReilly, Sebastopol,
CA 95472, 2001.
[2] Max Schubert & Derrick Bennett & Jonathan Gines & Andrew Hay & John
Strand, Nagios 3 Enterprise Network Monitoring Including Plug-Ins and
Hardware Devices, Syngress Publishing, Burlington, MA 01803, 2008.
[3] Woflgang Barth, Nagios System and Network Monitoring, William
Pollock, CA, 2006.
[4] Americans Headquarters, Cisco Security MARS Initial Configuration and
Upgrade Guide, Release 6.x, Cisco System, Inc, San Jose, 2009.
[5] Gary Halleen & Greg Kellogg, Security Monitoring with Cisco Security
MARS, Cisco Press, Indianapolis, 2007.
[6] Augusto Ciuffoletti & Michalis Polychronakis, Architecture of a Network
Monitoring Element, 15th IEEE, 2006
Lt, ngy 11 thng 10 nm 2010
Gio vin hng dn

SV Thc hin

(K tn)

(K tn)

Trng khoa

T trng B mn

(K tn)

(K tn)

MC LC
NHN XT CA GIO VIN HNG DN......................................................................1
NHN XT CA GIO VIN PHN BIN 1.......................................................................2
NHN XT CA GIO VIN PHN BIN 2.......................................................................3
LI CAM OAN................................................................................................................. 4

LI CM N...................................................................................................................... 5
CNG NGHIN CU KHA LUN TT NGHIP...................................................6
TM TT KHA LUN....................................................................................................14
LI M U.................................................................................................................... 16
CHNG 1. TNG QUAN V TM QUAN TRNG CA VIC GIM ST H THNG18
1.1. Gii thiu...................................................................................................18
1.2. Hiu bit v h thng.................................................................................19
1.3. Cn phi gim st nhng g v ti sao......................................................20
1.4. Nhng yu t cn thit cho mt h thng gim st...................................23
1.5. Tng kt....................................................................................................23
CHNG 2. GIAO THC QUN L MNG N GIN.................................................24
1.6. SNMP l g?..............................................................................................24
1.6.1. Qun l v gim st mng..................................................................24
1.6.2. RFCs v cc phin bn SNMP............................................................25
1.6.3. Managers v Agents...........................................................................26
1.6.4. Structure of Management Information v MIBS...................................27
1.6.5. Qun l my trm................................................................................28
1.7. Chi tit v SNMP.......................................................................................28
1.7.1. SNMP v UDP....................................................................................28
1.7.2. SNMP Communities............................................................................31
1.7.3. Structure of Management Information (SMI).......................................32
1.7.4. SMI version 2......................................................................................36
1.7.5. Chi tit v MIB-II.................................................................................39
1.7.6. Hot ng ca SNMP.........................................................................41
1.8. Tng kt....................................................................................................53
CHNG 3. PHN MM GIM ST NAGIOS CORE.....................................................54
1.9. Gii thiu...................................................................................................54
1.9.1. Li ch ca vic gim st ti nguyn...................................................55
1.9.2. Cc chc nng chnh..........................................................................57
1.9.3. Trng thi tm thi v c nh.............................................................59
1.10. Tng kt..................................................................................................60
CHNG 4 . CISCO SECURITY MONITORING, ANALYSIS, AND RESPONSE SYSTEM
......................................................................................................................................... 60
1.11. H thng gim thiu mi e da an ninh.................................................61

1.12. M hnh ha v tnh trc quan.................................................................61


1.13. H thng bo co quy tc mnh...........................................................62
1.14. Cnh bo v gim thiu nguy c.............................................................62
1.15. M t cc thut ng trong CS-MARS......................................................62
1.15.1. S kin (Event).................................................................................62
1.15.2. Phin (Session).................................................................................63
1.15.3. Quy tc (Rules).................................................................................63
1.15.4. S c (Incident)................................................................................64
1.15.5. False Positive....................................................................................64
1.16. S gim nh ri ro...................................................................................65
1.17. Giao din ngi dng ca CS-MARS......................................................65
1.18. Tng kt..................................................................................................65
CHNG 5. TRIN KHAI V NH GI H THNG GIM ST.................................66
1.19. M hnh trin khai....................................................................................66
1.20. Gii thiu m hnh...................................................................................66
1.21. Nagios.....................................................................................................67
1.21.1. Ci t...............................................................................................67
1.21.2. Cu hnh Nagios...............................................................................81
1.21.3. Kt qu gim st h thng ca Nagios............................................106
1.22. Cu hnh CS-MARS v cc thit b gim st.........................................112
1.22.1. Cu hnh CS-MARS........................................................................113
1.22.2. Cu hnh cc thit b giao tip vi CS-MARS.............................116
1.22.3. Kt qu gim st ca h thng CS-MARS......................................129
1.23. So snh hai h thng Nagios v CS-MARS...........................................132
1.24. nh gi h thng gim st trin khai da trn Nagios.........................135
1.25. nh gi h thng gim st trin khai da trn CS-MARS....................136
1.26. Tng kt................................................................................................136
THUT NG VIT TT & K HIU...............................................................................138
TI LIU THAM KHO...................................................................................................139

DANH MC CC HNH V
Hinh 2-1: M hnh hot ng gia NMS v Agent............................................................27
Hinh 2-2: M hnh trao i d liu gia NMS v Agent....................................................29
Hinh 2-3: S cy cc OID............................................................................................34
Hinh 2-4: S cc OID ca SMIv2.................................................................................37
Hinh 2-5: S chi tit OID..............................................................................................40
Hinh 2-6: M hnh hot ng ca SNMP..........................................................................42
Hinh 2-7: M hnh hot ng ca lnh get........................................................................42
Hinh 2-8: S ng i OID..........................................................................................45
Hinh 2-9: M hnh ly thng tin get-bulk...........................................................................46
Hinh 2-10: M hnh lnh set..............................................................................................47
Hinh 2-11: M hnh gi Trap t Agent..............................................................................50
Hinh 3-12: Cc i tng cn gim st trn Nagios.........................................................54
Hinh 3-13: V d m t s c............................................................................................58
Hinh 3-14: Kim tra trng thi...........................................................................................60
Hinh 5-15: M hnh trin khai............................................................................................66
Hinh 5-16 Giao tip gia Nagios v Windows..................................................................81
Hinh 5-17: Phn mm NSClient++....................................................................................83
Hinh 5-18: Thng tin cc dch v trn Sample Client........................................................88
Hinh 5-19: Thng tin v Sample Client.............................................................................88
Hinh 5-20: Bng Interface ca plugin check_interface......................................................93
Hinh 5-21: Thng tin trng thi Dalat-CoreSW-1..............................................................96
Hinh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1....................................................97
Hinh 5-23: Thng tin cc dch v trn DNS Server.........................................................104
Hinh 5-24: Thng tin trng thi DNS Server...................................................................105
Hinh 5-25: Thng tin cc dch v trn Web Server..........................................................105
Hinh 5-26: Thng tin trng thi Web Server....................................................................106
Hinh 5-27: Tnh trng h thng.......................................................................................107
Hinh 5-28: Danh sch cc thit b gim st.....................................................................107
Hinh 5-29: Danh sch cc dch v gim st....................................................................108
Hinh 5-30: Bo co v thit b Dalat-CoreSW-1..............................................................108
Hinh 5-31: Phn loi thit b theo nhm..........................................................................109
Hinh 5-32: Cc vn ca thit b gim st...................................................................109

Hinh 5-33: Cc cnh bo ca thit b..............................................................................110


Hinh 5-34: Tnh trng ca Nagios Server........................................................................111
Hinh 5-35: Cc cnh bo c sinh ra...........................................................................112
Hinh 5-36: Giao din ng nhp CS-MARS....................................................................113
Hinh 5-37: Cu hnh tn v IP cho CS-MARS.................................................................113
Hinh 5-38: Cu hnh DNS...............................................................................................114
Hinh 5-39: Cc mc hot ng ca CS-MARS...............................................................114
Hinh 5-40: Danh sch cc thit b h tr bi CS-MARS.................................................115
Hinh 5-41: Phn in thng tin cho thit b.....................................................................115
Hinh 5-42: Thng tin cu cu hnh cho Cisco IOS 12.2..................................................116
Hinh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2.......................................118
Hinh 5-44: Cu hnh cho IPS bt TLS v HTTP..............................................................118
Hinh 5-45: Cu hnh cho IPS cho php CS-MARS.........................................................119
Hinh 5-46: Cu hnh cho IPS..........................................................................................120
Hinh 5-47: Cu hnh cho ASA 7.0...................................................................................121
Hinh 5-48: Cu hnh Snare.............................................................................................122
Hinh 5-49: Cu hnh SNARE 2.......................................................................................122
Hinh 5-50: Cu hnh Local Security Settings..................................................................124
Hinh 5-51: Cu hnh cho my Windows..........................................................................125
Hinh 5-52: Cu hnh thng tin ng nhp cho my Windows.........................................126
Hinh 5-53: Cu hnh SnareIIS.........................................................................................127
Hinh 5-54: Cu hnh cho WebServer..............................................................................127
Hinh 5-55: Cu hnh thng tin cho log.............................................................................128
Hinh 5-56: Cu hnh cho log trn CS-MARS...................................................................128
Hinh 5-57: Danh sch cc thit b...................................................................................129
Hinh 5-58: Min a ch gim st.....................................................................................129
Hinh 5-59: Danh sch a ch t d tm...........................................................................130
Hinh 5-60: Cc quy tc trn CS-MARS...........................................................................130
Hinh 5-61: Cc bo co cn to trn CS-MARS.............................................................131
Hinh 5-62: S mng gim st....................................................................................131
Hinh 5-63: Bo co di dng th..............................................................................132

DANH SCH CC BNG BIU


Bang 1-1: Cc thit b v l do cn gim st.....................................................................21
Bang 2-2: Loi d liu ca trng SYNTAX.....................................................................36
Bang 2-3: Loi d liu trong SMIv2..................................................................................38
Bang 2-4: Cc trng d liu trong SMIv2.......................................................................38
Bang 2-5: Cc thng bo li trong SNMPv1.....................................................................48
Bang 2-6: Cc li trong SNMPv2......................................................................................50
Bang 2-7: Cc kiu Trap...................................................................................................52
Bang 5-8: So snh Nagios v CS-MARS........................................................................135

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

TM TT KHA LUN

VN NGHIN CU
Tm hiu giao thc qun l mng
Nghin cu cc chng trnh gim st h thng, dch v, hiu sut
mng da trn m ngun m.
Tm kim gii php gim st mng ti u.
Trin khai m hnh gim st h thng mng.
HNG TIP CN
Nghin cu l thuyt cc giao thc qun l h thng mng nh Simple
Network Management Protocol (SNMP). Trn c s l thuyt c c tin hnh
nghin cu cc gii php gim st h thng khc nhau.
ti c thc hin theo hng nghin cu h thng gim st bng m
ngun m v tin hnh trin khai th nghim h thng gim st bng cc phn mm
m ngun m trn h thng mng trng i hc Lt.
Bn cnh tin hnh nghin cu h thng gim st bng cc thit b phn
cng chuyn dng. ng thi trin khai th nghim h thng gim st bng cc
thit b chuyn dng trn h thng mng trng i hc Lt.
T vic trin khai hai h thng trn, rt ra kt lun v mi h thng v a ra
nh gi v tng h thng da trn cc tiu ch khc nhau.
B CC KHA LUN
Chng 1: Tng quan v tm quan trng ca vic gim st h thng
Chng ny trnh by v mc quan trng ca vic gim st h thng trong
th gii hin ti. Nu ln nhng hiu bit v h thng mng. a ra cc mc tiu
cn gim st v l do ti sao. ng thi cung cp thng tin v cc l do hng u
cho vic ti sao cn thit phi trin khai mt h thng gim st. Chng ny cng
a ra c nhng yu t cn thit cho mt h thng gim st ti u.
Trang 14

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chng 2: L thuyt SNMP


Gii thiu cho ngi c giao thc SNMP l g, cc phin bn ca SNMP,
cc yu t cn phi c trong giao thc SNMP. Bn cnh cng i su vo l
thuyt SNMP, cung cp thng tin v nhng ni dung ca SNMP cng nh cch
thc hot ng ca giao thc ny.
Chng 3: Nagios Core
Trnh by v phn mm m ngun m Nagios Core, li ch ca vic s dng
Nagios Core, cc chc nng chnh ca phn mm, cch hot ng ca phn mm
i vi h thng.
Chng 4: CS-MARS
Gii thiu v thit b CS-MARS. Trnh by cc chc nng chnh ca thit b,
cc thut ng c s dng v cch hot ng ca thit b, cch lm vic ca thit
b vi cc thit b khc trong h thng. ng thi nu cch gim st cc thit b,
dch v trong h thng.
Chng 5: Trin khai v nh gi
a ra m hnh trin khai. T tin hnh ci t v cu hnh Nagios Core
v CS-MARS tin hnh gim st trn m hnh ra. Sau khi trin khai v
chy th nghim t rt ra c nh gi v u nhc im ca tng h thng.
KT QU T C
Trin khai thnh cng h thng gim st bng phn mm m ngun
m Nagios Core.
Trin khai thnh cng h thng gim st bng thit b phn cng
chuyn dng ca Cisco CS-MARS.
C cc kin thc v gim st h thng, cc giao thc qun l mng.
Cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS, Windows,
Linux phc v cho qu trnh gim st.

Trang 15

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

LI M U

TNH CP THIT CA TI
Ngy nay, vi cc nhu cu ngy cng cao ca con ngi, khoa hc v cng
ngh ngy cng pht trin p ng cc nhu cu . Trong mi t chc, mi
doanh nghip u c c s h tng ring ca mnh, ch khc nhau quy m v cch
t chc. Mi t chc, cc doanh nghip ngy cng mun pht trin tng li
nhun, chnh v vy c s h tng ngy cng c nng cp m rng p ng
cho cc hot ng . i km vi vic cng ngh pht trin l s m rng khng
ngng v quy m v cht lng ca c s vt cht, ca h tng mng. Tt c cc t
chc, cc doanh nghip u khc nhau, nhng s nh hng ca h thng mng i
vi hot ng ca doanh nghip hu nh khng thay i. Thc t, khi doanh nghip
pht trin, mng li pht trin khng ch v quy m v tnh phc tp, m cn trong
ngha v gi tr. H tng mng cn c bit quan trong khi mi hot ng ca cc
t chc, doanh nghip ph thuc hu ht vo chng.
Mng li gim st i vi mng ca mt doanh nghip hay mt t chc l
mt chc nng quan trng c th gip tit kim tin trong vic tng hiu sut mng,
tng nng sut lao ng v gim chi ph c s h tng. Mt h thng gim st theo
di h tng mt mng ni b xc nh cc vn . N c th tm kim v gip
gii quyt cc s c ca cc thit b v hot ng ca ngi dng.
Vi mt ngun ti nguyn quan trng th vic m bo cho ngun ti nguyn
ny c th hot ng lin tc l mt vn thit yu. V y cng l mt thch thc
bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi dch v,
virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip dn ti
vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh li ch
thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin mnh, vi
cng ngh mi, thit b mi, nn vic m bo cho h thng hot ng mt cch tri
chy l v cng kh khn v quan trng.

Trang 16

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

L ngi qun tr th cn phi bit nhng g ang xy ra trn h thng ca


mnh vo mi lc, bao gm thi gian thc. Nm bt mi thng tin lch s v s
dng, hiu sut, v tnh trng ca tt c cc ng dng, thit b, v tt c d liu trn
mng. Chnh v vy vic gim st h thng l mt cng vic v cng quan trng v
cp thit i vi mi t chc, doanh nghip, c quan.
NGHA KHOA HC V THC TIN
ngha khoa hc
o Cung cp l thuyt v gim st h thng.
o Ch ra tm quan trng ca vic gim st h thng.
o Cung cp ly thuyt v cc giao thc gim st.
ngha thc tin
o Ch ra cc u nhc im ca cc h thng gim st khc nhau.
o a ra gii php gim st ti u cho mt h thng thch hp.
MC CH NGHIN CU
Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch
v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht
hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng
n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h
thng mng.
I TNG HNG N
Tt c cc t chc, cc c quan, cc doanh nghip , ang v s p dng cng ngh
thng tin cho cc hot ng ca mnh.
PHM VI NGHIN CU
Trong kha lun ny ch yu tp trung nghin cu cc vn sau:
Tm hiu v gim st h thng.
Trin khai cc h thng gim st khc nhau trn cng mt c s h
tng ch ra u nhc im ca cc h thng gim st.
Trang 17

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 1. TNG QUAN V TM QUAN TRNG


CA VIC GIM ST H THNG
1.1. Gii thiu
Tt c cc t chc, cc doanh nghip u khc nhau, nhng s nh hng
ca h thng mng i vi hot ng ca doanh nghip hu nh khng thay i.
Thc t, khi doanh nghip pht trin, mng li pht trin khng ch v quy m v
tnh phc tp, m cn trong ngha v gi tr. Rt nhanh chng, mng khng ch h
tr cc cng ty, m n chnh l i din cho cng ty. iu ny l hin nhin i vi
cc t chc m hot ng ca h ph thuc vo mng. Tuy nhin, cp c bn
nht, mng c th xem nh l s hp tc, giao tip, v thng mi - tt c mi th
m gi cho mt doanh nghip hot ng v pht trin. l ni cc ng dng kinh
doanh c t chc, v l ni m cc thng tin quan trng ca khch hng, sn
phm, v thng tin kinh doanh c lu tr.
Vi mt ngun ti nguyn quan trng nh vy th vic m bo cho ngun
ti nguyn ny c th hot ng lin tc l mt vn thit yu. V y cng l mt
thch thc bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi
dch v, virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip
dn ti vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh
li ch thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin
mnh, vi cng ngh mi, thit b mi, v cc cu trc mi, chng hn nh o ha
hay kin trc hng dch v.
Qun l mng l mt lnh vc rng tch hp cc chc nng gim st thit b,
qun l ng dng, an ninh, bo tr, dch v, x l s c, v cc nhim v khc s
l l tng nu tt c cc cng vic c iu phi v gim st bi mt qun tr
vin mng ng tin cy v c kinh nghim. Tuy nhin, ngay c nhng qun tr mng
c kh nng hiu bit nht ch c c cc thng tin v h thng m c th nhn
thy. Qun tr vin cn phi bit nhng g ang xy ra trn mng ca h vo mi
lc, bao gm thi gian thc v thng tin lch s v s dng, hiu sut, v tnh trng
ca tt c cc ng dng, thit b, v tt c d liu trn mng.
Trang 18

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

y l lnh vc gim st mng, l chc nng quan trng nht trong qun l
mng. Cch duy nht bit c tt c mi th trn mng ang hot ng nh th
no l phi gim st n lin tc.
1.2. Hiu bit v h thng
Trong th gii hin ti chng ta c th khng khi b ng trc phc tp
ca h thng mng. Cc thit b nh router, switch, hub kt ni v s cc my
con n cc dch v trn my ch cng nh ra ngoi Internet. Thm vo l rt
nhiu cc tin ch bo mt v truyn thng c ci t bao gm c tng la,
mng ring o, cc dch v chng spam th v virus. S hiu bit v cu trc ca h
thng cng nh c c kh nng cnh bo v h thng l mt yu t quan trng
trong vic duy tr hiu sut cng nh tnh ton vn ca h thng. C hng ngn kh
nng c th xy ra i vi mt h thng v qun tr vin phi m bo c rng
cc nguy c xy ra c thng bo mt cch kp thi v chnh st.
H thng mng khng cn l mt cu trc cc b ring r. N bao gm
Internet, mng cc b (LAN), mng din rng (WAN), v tt c cc thit b, my
ch, ng dng chy trn h thng . D cho php ngi dng truy cp v chia s
thng tin, s dng cc ng dng, v giao tip vi nhau v vi th gii bn ngoi
bao gm c ging ni, d liu, hoc hnh nh th v bn cht vn l mng li h
thng.
Mt h thng mng thng c ngi dng bn trong v bn ngoi, bao gm
nhn vin, khch hng, i tc v cc bn lin quan. Ti u hiu sut mng nh
hng n t chc theo cc cch khc nhau. V d, nu nhn vin khng th truy
cp cc ng dng v thng tin m h cn dng lm vic th s nh hng n
nng xut cng vic. Hoc khi khch hng khng th hon thnh giao dch trc
tuyn, iu ny c ngha l mt doanh thu v nh hng ti uy tn ca t chc.
Ngay c khi cc bn lin quan nh cc nh u t khng th tm kim, xem xt cc
thng tin ca t chc cng gy nh hng ti t chc.
Thc t l mng rt phc tp v d sai v mi thnh phn trong mng i
din cho mt nguy c nh hng n h thng. cng l l do ti sao n cn thit
phi c gim st gim thiu ti a cc nguy c tim tng. Tuy nhin khng
Trang 19

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

phi mi vn u c th c gii quyt mt cch ch ng trc bt k du


hiu cnh bo no. Nhng nu ta c th gim st h thng trong thi gian thc th
c th xc nh cc vn trc khi chng tr nn nguy him hn. V d, mt my
ch b qu ti c th c thay th trc khi n b treo. iu ny s lm gim thiu
cc nguy c i vi h thng v tng hiu sut lm vic ca h thng. Vi mt h
thng gim st, ta s bit c tnh trng ca tt c cc thit b trn mng m khng
cn phi kim tra mt cch c th tng thit b v cng nhanh chng xc nh chnh
xc vn khi cn thit.
1.3. Cn phi gim st nhng g v ti sao
i vi mt h thng mng, iu quan trng l c c thng tin chnh xc
vo ng thi im. Tm quan trng chnh l nm bt thng tin trng thi ca thit
b vo thi im hin ti, cng nh bit c thng tin v cc dch v, ng dng ca
h thng.
Bng sau y cha cc i din ca mt vi thng tin trng thi h thng m
ta phi bit v l do ti sao.
Cn gim st g

Ti sao

Tnh sn sng ca cc thit b (router, y l nhng thnh phn ch cht gi


switch, server,).

cho mng hot ng.

Tnh sn sng ca cc dch v quan Ton b h thng khng c php


trng trn h thng.

ngng hot ng dn ti vic mt mt


d liu hay email, hay cc dch v nh
HTTP, FTP d ch l 1 gi cng c th
nh hng nghim trng ti t chc.

Dung lng a cn trng trn my ch. Cc ng dng i hi dung lng a.


Chnh v vy cn gim st thng tin ny
c th x l kp thi khng nh
hng ti cc ng dng quan trng.

Trang 20

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Phn trm trung bnh mc ti ca cc Cn nng cp h thng trc khi xy ra


router.

qu ti dn ti nh hng h thng.

Mc trung bnh ti ca b nh v b x Nu b nh hay b x l b s dng ht


l trn cc my ch quan trng.

s lm ngng tr h thng.

Chc nng ca firewall, chng virus, Cn phi m bo an ninh cho h


cp

nht

server,

chng

spyware, thng.

malware.
Lng d liu vo v ra ca router.

Cn xc nh chnh xc thng tin lng


d liu trnh qu ti h thng.

Cc s kin c vit ra log nh C th thu c thng tin chnh xc cc


WinEvent or Syslog.

hin tng xy ra trong h thng.

SNMP traps nh l nhit trong Ta c th bit c thng tin v my in


phng my ch hay thng tin my in.

b h hng hay cn thay mc trc khi


c ngi dng bo cng nh m
bo my ch khng b qu nng.

Bang 1-1: Cc thit b v l do cn gim st


Khi c s c xy ra, ta cn phi c cnh bo ngay lp tc, hoc thng qua
cc cnh bo bng m thanh, qua mn hnh hin th, qua email t ng c to ra
bi chng trnh gim st. Ta bit cng sm nhng g ang din ra v c cng nhiu
cc thng tin y trong cc cnh bo th cng sm c th khc phc cc s c .
10 l do hng u cho vic cn thit phi s dng h thng gim st mng:
Bit c nhng g ang xy ra trn h thng: gii php gim st h
thng cho php c thng bo tnh trng hot ng cng nh ti nguyn
ca h thng. Nu khng c nhng chc nng ny ta phi i n khi ngi
dng thng bo.
Ln k hoch cho vic nng cp, sa cha: nu mt thit b ngng
hot ng mt cch thng xuyn hay bng thng mng gn chm ti
ngng th lc ny cn phi c s thay i trong h thng. H thng gim st

Trang 21

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

mng cho php ta bit c nhng thng tin ny c th c nhng thay i


khi cn thit.
Chn on cc vn mt cch nhanh chng: gi s my ch ca ta
khng th kt ni ti c. Nu khng c h thng gim st ta khng th bit
c nguyn nhn t u, my ch hay router hay cng c th l switch. Nu
bit c chnh xc vn ta c th gii quyt mt cch nhanh chng.
Xem xt nhng g ang hot ng: cc bo co bng ha c th
gii thch tnh trng hot ng ca h thng. l nhng cng c rt tin li
phc v cho qu trnh gim st.
Bit c khi no cn p dng cc gii php sao lu phc hi: vi
cc cnh bo cn thit ta nn sao lu d liu ca h thng phng trng hp
h thng c th b h hi bt k lc no. Nu khng c h thng gim st ta
khng th bit c vn xy ra khi qu tr.
m bo h thng bo mt hot ng tt: cc t chc tn rt nhiu
tin cho h thng bo mt. Nu khng c h thng gim st ta khng th bit
h thng bo mt ca ta c hot ng nh mong i hay khng.
Theo di hot ng ca cc ti nguyn dch v trn h thng: h
thng gim st c th cung cp thng tin tnh trng cc dch v trn h thng,
m bo ngi dng c th kt ni n ngun d liu.
c thng bo v tnh trng ca h thng khp mi ni: rt nhiu
cc ng dng gim st cung cp kh nng gim st v thng bo t xa ch
cn c kt ni Internet.
m bo h thng hot ng lin tc: nu t chc ca ta ph thuc
nhiu vo h thng mng, th tt nht l ngi qun tr cn phi bit v x l
cc vn trc khi s c nghim trng xy ra.
Tit kim tin: vi tt c cc l do trn, ta c th gim thiu ti a
thi gian h thng ngng hot ng, lm nh hng ti li nhun ca t
chc v tit kim tin cho vic iu tra khi c s c xy ra.

Trang 22

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.4. Nhng yu t cn thit cho mt h thng gim st


hiu c v h thng, ta cn mt gii php gim st c th cung cp
cc thng tin quan trng trong thi gian thc v bt c u cng nh bt c thi
im no. i vi cc doanh nghip, t chc th cn cc gii php n gin trin
khai, s dng. Cn mt gii php vi kh nng ton din v ng tin cy. Nu mt
doanh nghip yu cu tnh sn sng cao, th ta cn mt gii php tin cy c
trin khai v chng minh l hot ng tt.
Cn nh l chng ta cn gim st rt nhiu thit b trn h thng v phi thu
thp rt nhiu thng tin lin quan. Chnh v vy cn mt gii php hin th thng
nh bn mng, bo co d liu, cnh bo, s c. Bn cnh vic x l s c d
dng hn, iu ny s gip ta tn dng mng li d liu hiu c cc xu
hng trong vic s dng thit b, s dng mng, v dung lng mng tng th
thit k hiu qu mng li h thng.
Cnh bo l mt phn rt quan trng nhng cng cn c nhng cnh bo
chnh xc vo nhng thi im thch hp. H thng gim st cn c kh nng truy
cp t xa m bo cho vic gim st c th tin hnh ngay khi cn thit.
Cui cng, chng ta cn mt h thng c th h tr nhiu phng php gim
st trn cc thit b khc nhau. SNMP l mt cng ngh linh hot cho php qun l
v gim st cc thit b khc nhau. Cn m bo rng h thng gim st ca ta c h
tr giao thc ny.
1.5. Tng kt
Trong th gii hin ti, vic thc hin trin khai mt h thng gim st ton
b cc thit b mng l vic cp thit cho tt c cc doanh nghip, t chc. Vic
trin khai h thng gim st nhm ti u ha h thng mng, tng cng an ninh
mng, v c th gii quyt cc s c kp thi.

Trang 23

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 2. GIAO THC QUN L MNG N


GIN
1.6. SNMP l g?
Trong th gii hin ti vi mt mng li gm cc b nh tuyn (Router),
b chuyn mch (Switch), my ch (Server) v cc my trm (Workstation),
dng nh l mt vn kh khn cho vic qun l tt c cc thit b mng v m
bo chng lm vic tt cng nh hot ng ti u. h tr cho qu trnh qun l
qun l ngi ta cho pht trin giao thc qun tr mng n gin (Simple Network
Management Protocol) vit tt l SNMP. SNMP c gii thiu vo nm 1988
p ng cho nhu cu ngy cng tng ca vic qun tr cc thit b s dng giao thc
internet (Internet Protocol). SNMP cung cp mt tp cc lnh n gin cho php
vic qun l cc thit b t xa.
1.6.1. Qun l v gim st mng
Ct li ca SNMP l mt tp cc lnh n gin cho php ngi qun tr c
kh nng thay i trng thi ca cc thit b c qun l. V d nh c th s dng
SNMP tt mt cng trn router hay kim tra tc ca cng . SNMP c th
gim st nhit ca cc thit b v cnh bo khi nhit qu cao.
SNMP thng c kt hp vi qun l router nhng giao thc ny cn c
th dng qun l nhiu loi thit b khc. Trong khi ngi tin nhim ca SNMP
l Simple Gateway Management Protocol (SGMP) c pht trin qun l b
nh tuyn th SNMP c th dng qun l cc h thng Linux, Windows, my in,
modem v bt k thit b no c th chy phn mm cho php gi thng tin
SNMP th c th c qun l.
Mt kha cnh khc ca qun l l gim st, iu ny c ngha l theo di
ton b mng. Gim st mng t xa (Remote Network Monitoring - RMON) c
pht trin gip chng ta hiu chc nng ca mng cng nh cc thit b khc nh
hng n ton b mng. RMON c th dng gim st lu lng mng LAN v
c cc cng mng WAN.

Trang 24

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Trc v sau khi c SNMP


Gi s chng ta c mt mng gm 100 my trm s dng cc h iu hnh
khc nhau. Trong c cc my l my ch cha d liu, cc my khc th c kt
ni vi my in, cn li l cc my trm c nhn. Thm vo l cc b nh tuyn
v b chuyn mch. H thng mng c kt ni Internet.
iu g xy ra khi mt trong cc my ch cha d liu ngng hot ng?
Nu n xy ra vo gia tun th mi ngi c th thng bo cho ngi qun tr
mng sa cha. Nhng nu n xy ra vo cui tun khi mi ngi v nh bao
gm c qun tr mng th sao?
l l do ti sao chng ta cn SNMP. Thay v phi c ai thng bo rng
h thng c vn th SNMP cho php ta gim st h thng mt cch lin tc k c
khi ta khng c . V d, SNMP s thng bo s gi tin b h ngy cng tng
trn b nh tuyn c th x l trc khi vn nghim trng xy ra. Ta c th
cu hnh c cnh bo t ng cc vn trong h thng mng ca mnh.
1.6.2. RFCs v cc phin bn SNMP
T chc Internet Engineering Task Force (IETF) chu trch nhim cho vic
nh ngha cc chun giao thc hot ng trong mi trng mng, bao gm c
SNMP. IETF pht hnh cc ti liu Requests for Comments (RFCs) ch r cc giao
thc tn ti trong mi trng IP. IETF cng b cc phin bn ca SNMP nh
sau:
SNMP Version 1 (SNMPv1) c nh ngha trong RFC 1157. Kh
nng bo mt ca SNMPv1 da trn nguyn tc cng ng, cho php bt c
ng dng no chy SNMP cng c th truy xut thng tin ca cc thit b
chy SNMP khc. C 3 tiu chun l: read-only, read-write, v trap.
SNMP Version 2 (SNMPv2): tnh bo mt ca phin bn ny da trn
chui community. Do phin bn ny cn c gi l SNMPv2c v
c nh ngha trong RFC 1905,1906,1907.
SNMP Version 3 (SNMPv3): c nh ngha trong cc RFC 1905,
1906, 1907, 2571, 2572, 2573, 2574, v 2575. Phin bn ny h tr chc

Trang 25

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

thc mnh, cho php truyn thng ring t gia v c xc nhn gia cc thc
th.
1.6.3. Managers v Agents
Trong mi trng SNMP c 2 loi thc th l: managers v agents. Manager
l mt my ch chy cc phn mm qun l. Managers thng thng c xem nh
l Network Management Stations (NMSs). Mt NMS chu trch nhim cho vic
Poll v nhn Traps t cc agent trong mng.
Poll l mt hnh ng truy vn agent (router, switch, Unix server,) ly
cc thng tin cn thit.
Trap l cch agent thng bo cho NMS bit chuyn g xy ra. Trap
khng c gi mt cch ng b ngha l n khng chu trch nhim hi bo cc
truy vn ca NMS m ch thng bo khi c vn xy ra. V d, khi mt lin kt T1
ca router b mt kt ni, router c th gi mt Trap n NMS.
Thc th th hai l Agent: l mt phn mm chy trn thit b mng cn
qun l. N c th l mt chng trnh ring bit hoc cng c th c tch hp
vo h iu hnh (v d nh Cisco IOS trn router hay mt h iu hnh cp thp
qun l UPS-b tch in). Ngy nay, hu ht cc thit b hot ng da trn nn
tng IP u i km vi cc phn mm SMNP agent gip ngi qun tr c th qun
l thit b mt cch d dng. Agent cung cp thng tin cho NMS bng cch theo di
cc hot ng ca thit b. V d, agent trn router theo di trng thi cc cng ca
router. NMS c th truy vn trng thi ca cc cng ny v c hnh ng thch hp
khi nu nh mt trong cc cng xy ra vn . Khi agent pht hin c vn xy ra
trn thit b n c th gi trap n NMS. Mt vi thit b s gi hi bo all clear
trap khi c s chuyn i t trng thi xu sang tt. iu ny cng c th c ch
trong vic xc nh vn c gii quyt. Hnh bn di m t mi quan h
gia NMS v Agent.

Trang 26

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-1: M hnh hot ng gia NMS v Agent


iu quan trng cn phi xc nh r l Poll v Trap c th xy ra cng lc.
Khng c hn ch no khi NMS truy vn Agent v Agent gi trap n NMS.
1.6.4. Structure of Management Information v MIBS
Structure of Management Information (SMI) cung cp cch nh ngha cc
i tng c qun l v hnh vi ca chng. Mt agent s hu mt danh sch cc
i tng m n theo di (cc i tng c th l trng thi hot ca mt cng
trn router hay dung lng cng my tnh). Danh sch ny nh ngha chung
cc thng tin m NMS c th dng xc nh tnh trng ca thit b m agent tn
ti.
Management Information Base (MIB) c th xem ging nh l c s d liu
ca cc i tng c qun l m agent theo di. Bt k tnh trng hay thng tin
thng k no c th c truy cp bi NMS th c nh ngha trong mt MIB.
SMI cung cp cch thc nh ngha i tng qun l, trong khi MIB l s
nh ngha chnh xc i tng (dng c php ca SMI).
Mt agent c th thc hin nhiu MIB nhng tt c cc agent u thc hin
MIB c bit l MIB-II (RFC 1213). Mc nh chnh ca MIB-II l cung cp thng
tin qun l chung ca TCP/IP. N khng bao gm tt c cc thng tin c bit m
nh sn xut thit b mun qun l. Ngi ta cn qun l rt nhiu thit b v mi
thit b c sn xut c cc tnh nng ring. l l do ti sao cho php nh sn
xut v c nhn c php nh ngha MIB ca ring h. V d nh sn xut bn
router mi. Agent tch hp bn trong router s hi p cc yu cu t NMS m
c nh ngha chung trong MIB-II. Thm vo router s c thm cc chc nng

Trang 27

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

mi nhng khng c nh ngha trong bt k chun MIB no. Chnh v th nh


sn xut phi nh ngha MIB ca ring h.
1.6.5. Qun l my trm
Vic qun l cc ti nguyn ca my trm (nh dung lng a cng, b nh
s dng) l mt phn quan trng trong vic qun l mng. Host Resources
MIB nh ngha mt tp cc i tng gip cho vic qun l cc h thng Unix v
Windows (tt c cc h thng chy SNMP agent u c th qun l khng ch ring
Unix v Windows).
1.7. Chi tit v SNMP
1.7.1. SNMP v UDP
SNMP s dng User Datagram Protocol (UDP) truyn ti d liu gia
managers v agents. UDP, c nh ngha trong RFC 768, c chn s dng
trong SNMP thay v Transmission Control Protocol (TCP) bi v n l giao thc phi
kt ni, ngha l khng c kt ni im ti im gia agent v NMS khi d liu
c truyn qua li. iu ny lm cho giao thc SNMP khng ng tin cy v
khng c kh nng pht hin khi d liu b mt. Do SNMP phi c cch pht
hin d liu truyn c b mt khng v truyn li d liu nu cn thit. n gin ch
ph thuc vo thi gian ch. Khi NMS gi yu cu n agent v ch hi bo. Thi
gian ch ca NMS ph thuc vo cu hnh ca ngi qun tr. Nu ht thi gian
ch v NMS khng nhn c thng tin phn hi t agent n s gi li yu cu. S
ln gi li cng ph thuc vo cu hnh ca ng dng SNMP.
Dng nh khng quan trng khi SNMP s dng UDP lm giao thc truyn
nhn d liu, nhng li gp kh khn khi agent gi trap cho NMS, v khng c cch
no NMS bit chuyn g xy ra khi agent gi trap m trap li khng n c
NMS v agent cng khng bit c cn phi gi li trap khng, do NMS khng gi
li hi bo cho agent khi nhn c trap.
Mt khc do UDP s dng t ti nguyn nn vic nh hng n hiu xut
mng thp. SNMP tng c trin khai trn TCP nhng dng nh l mt
mi trng khng thch hp do tnh hng kt ni ca giao thc ny.

Trang 28

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

SNMP dng cng UDP 161 gi v nhn yu cu, UDP 162 nhn trap.
Tt c cc thit b s dng SNMP phi dng 2 cng mc nh ny, nhng mt vi
nh sn xut cho php ta thay i cng trn cu hnh ca agent. Nu cu hnh mc
nh b thay i, NMS phi thay i ph hp vi cu hnh trn agent.

Hinh 2-2: M hnh trao i d liu gia NMS v Agent


Hnh trn m t m hnh TCP/IP, l m hnh c bn cho tt c cc qu trnh
truyn thng TCP/IP. Ngy nay, tt c cc thit b mun tham gia vo qu trnh
truyn thng trn Internet u phi tun theo b giao thc ny. Khi NMS hay agent
mun thc hin truyn thng phi theo cc tun t sau:

Trang 29

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Application: u tin, ng dng SNMP (NMS hay agent) quyt nh


phi lm g. V d, n c th gi mt yu cu SNMP n agent, gi hi p
yu cu SNMP (c th c gi t agent), hay gi mt trap n NMS. Tng
ng dng cung cp dch v cho ngi dng cui, chng hn nh ngi iu
hnh yu cu thng tin trng thi ca mt cng trn switch.
UDP: lp tip theo trong m hnh TCP/IP, UDP cho php 2 host
truyn thng vi nhau. Ni dng ca UDP header cha nhiu thng tin,
trong c cng ca thit b m n gi yu cu hay trap. Cng ch c th l
161 (truy vn) hoc 162 (trap).
IP: lp IP c gng truyn cc gi SNMP ti a ch ch c yu
cu.
Medium Access Control (MAC): s kin cui cng phi xy ra cho
mt gi SNMP c th n c ch l tng vt l, ni gi tin c nh
tuyn truyn ti ch. Lp MAC bao gm phn cng v trnh iu khin
thit b a d liu ti ch. Lp MAC cng chu trch nhim cho vic nhn
gi tin t tng vt l v chuyn gi tin ln tng trn tip theo trong m hnh
TCP/IP.
c th d hiu ta s ly mt v d m t. Gi s ta mun gi th
cho mt ngi bn xa mi ngi ti nh vo ma h ny. Bng cch
quyt nh gi mt l th mi, ta thc hin ging nh mt chng trnh
SNMP. in vo ba th a ch ca ngi nhn ging nh chc nng ca
lp UDP l xc nh cng ch trong UDP header, trong trng hp ny l
a ch ca ngi nhn. Dn tem v b vo thng th ngi a th ly i
ging nh chc nng ca lp IP. Hnh ng cui cng khi ngi a th
n v ly l th. T y l th c gi n ch, l hp th ca ngi bn.
Lp MAC ca my tnh ging nh xe a th hay my bay mang th. Khi
ngi bn nhn c th, ngi cng s thc hin mt qu trnh tng t
nh vy hi p.Thng qua v d trn s l ta hnh dung cch thc gi tin
c truyn.

Trang 30

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.7.2. SNMP Communities


SNMPv1 v SNMPv2 s dng khi nim community thit lp s tin
tng gia manager v agent. Mt agent c cu hnh vi 3 mc: read-only, readwrite, v trap. Tn community c th c xem nh mt khu. C 3 chui
community kim sot cc loi hot ng khc nhau. Ging nh tn ca chng, ta c
th thy, chui read-only ch cho php ta c gi tr ca d liu v khng cho php
thay i cc gi tr . V d, cho php c s gi d liu truyn thng trn mt
cng ca router nhng khng cho php ta xa hay thay i gi tr . Chui readwrite cho php c v thay i gi tr d liu. Cui cng, chui trap cho php nhn
traps t agent.
Hu ht cc nh sn xut bn thit b ca h trong chui community c
gn mc nh, thng thng public ngha l read-only v private l read-write.
Chng ta nn thay i gi tr mc nh ny trc khi s dng thit b m bo
tnh bo mt cho truyn thng SNMP gia cc thit b. Khi cu hnh mt SNMP
agent, ta s mun cu hnh a ch trap, l a ch m thit b s gi trap n. Thm
vo , do chui community c gi dng bn r, ta nn cu hnh agent gi mt
chng thc SNMP trap, khi c ai c gng truy vn thng tin thit b s khng
bit c gi tr ca chui community nn khng th truy vn thnh cng. iu ny
gip tng tnh bo mt h thng.
Do bn cht ca chui community ging nh mt khu v th ta nn p dng
cc quy tc t mt khu an ton: t khng c trong t in, di ln, kt hp k
t hoa, thng, c bit Nh cp trn, chui community c gi di
dng khng m ha nn rt d ngi khc bit c, do giao thc SNMPv3
c nhiu ci tin nhm tng tnh bo mt cho h thng trong qu trnh truyn
thng gia cc thit b SNMP.
C nhiu cch gim nguy c b tn cng. S dng tng la hay b lc
gi tin c th gim thiu c hi ngi khc gy hi n h thng bng cch tn cng
thng qua SNMP. V d, ta c th cho php truyn thng trn cng UDP 161 (truy
vn SNMP) trong mng ch khi n n t a ch IP ca my NMS, tng t vi

Trang 31

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cng UDP 162 cho gi tin trap. Tng la khng th ngn chn 100% nguy c b
tn cng, n ch gp phn gim thiu nguy c b tn cng cho h thng.
iu quan trng cn bit l mt khi c ngi bit c chui community
read-write trn cc thit b, ngi ny c th chim quyn iu khin cc thit b
(nh thay i cu hnh ca router hay switch). C mt cch m bo chui
community l s dng Virtual Private Network (VPN) m bo d liu c m
ha khi truyn. Mt cc khc l thay i chui community thng xuyn (cch ny
khng kh thi trong mi trng mng ln). Mt gii php n gin l vit mt Perl
script thay i chui community trn thit b.
1.7.3. Structure of Management Information (SMI)
Structure of Management Information Version 1 (SMIv1, RFC 1155) nh
ngha mt cch chnh xc lm cch no qun l mt i tng c t tn v
ch ra mi quan h gia chng. Structure of Management Information Version 2
(SMIv2, RFC 2578) cung cp phng thc ci tin cho SNMPv2.
nh ngha ca cc i tng c qun l c th m t qua 3 thuc tnh
sau:
Name: hay cn gi l object identifier (OID), nh ngha duy nht mt
i tng qun l. Tn thng xut hin di 2 dng: s v loi c th c
(human readable). Trong c 2 dng trn, tn thng di v khng thun tin.
Trong cc ng dng SNMP, c nhiu cch h tr cho vic c tn ny
mt cch thun tin.
SYNTAX: loi d liu ca i tng c qun l c nh ngha
bng cch s mt tp cc k hiu Abstract Syntax Notation One (ASN.1).
ASN.1 l phng php ch ra cch d liu c biu din v truyn gia
manager v agent. Mt c im thun tin ca ASN.1 l cc k hiu c
lp. iu ny c ngha cc h thng khc nhau u c th truyn thng
SNMP vi nhau.
Encoding: mt i tng qun l c m ha thnh 1 chui cc
octets s dng Basic Encoding Rules (BER). BER nh ngha cch i tng

Trang 32

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

c m ha v gii m chng c th truyn thng qua mi trng


Ethernet.
1.7.3.1

t tn OIDs
Cc i tng qun l c t chc thnh cu trc dng cy. Cu trc ny l

c s t tn cho cc i tng. Mt OID c to thnh bng 1 chui cc s


nguyn da trn cc nt trn cy cu trc, c chia cch bi du chm (.). C mt
hnh thc khc thun tin c hn l mt chui s l t tn trn tng nt ca
cy.
Hnh di m t vi cp ca cy i tng bt u t root node. Trong cy
di, nu mt nt khng c nt con th gi l l, ngc li gi l nhnh. V d, bt
u cy l root, di root c ccitt, iso v joint. Trong hnh minh ha, duy nht iso l
nhnh, cn ccitt v joint l l. Trong v d, ta ch nhnh:
iso(1).org(3).dod(6).internet(1)c OID l 1.3.6.1,
Mi i tng qun l c 1 OID ring.
Cc doanh nghip, c nhn c th nh ngha OID ca mnh bng cch ng
k vi t chc IANA t chc ang qun l danh sch cc OID.

Trang 33

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-3: S cy cc OID


1.7.3.2

nh ngha OIDs
Trong SMIv1 nh ngha mt OID ta cn khai bo cc thng tin sau:

SYNTAX, ACCESS, STATUS, DESCRIPTION


V d v mt khai bo OID:
ifTable OBJECT-TYPE
SYNTAX SEQUENCE OF IfEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of interface entries. The number of entries is
given by the value of ifNumber."
::= { interfaces 2 }

Trang 34

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Loi d liu ca trng SYNTAX trong SMIv1 c m t trong bng sau:


Cc loi d liu ca SMIv1
Loi d liu

M t
L mt s 32-bit thng dng nh l loi d liu lit k
trong cc i tng. V d: trng thi hot ng ca 1

Integer

cng trn router 1: up, 2: down, 3: testing. Gi tr 0


khng c s dng nh l loi d liu lit k (theo
RFC 1155).
L mt chui cc s thng dng i din cho 1

Octet String

chui text, thnh thong cng dng i din cho 1


chui a ch vt l.
L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).
Khi n gi tr ti a, s ny tr v 0 v bt u li t

Counter

u. Thng dng theo di thng tin nh l s bit


gi v nhn trn mt interface. Counter l mt s t
tng v khng bao gi gim. Khi agent khi ng li th
Counter cng tr v gi tr 0.
L mt chui cc s h 10 cch nhau bng du chm (.)

Object Identifier

i din cho mt i tng trn cy i tng. V d:


1.3.6.1.4.1.9 i din cho OID ca Cisco.

Null
Sequence

Sequence of

Hin ti khng s dng trn SNMP.


nh ngha danh sch cha s 0 v cc loi d liu
ASN.1 khc.
nh ngha mt i tng c qun l m c to
nn bi loi ASN.1.

IpAddress

L mt s 32-bit i din cho a ch IPv4 .

NetworkAddress

Cng ging nh IpAddress nhng cc th i din cho


Trang 35

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cc loi a ch mng khc.


L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).
Khng ging nh Counter, Gauge c th tng v gim
Gauge

nhng n khng bao gi c th t n gi tr ti a. V


d: tc ca interface trn router c th i din bng
Gauge.
L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).
L gi tr o lng thi gian tnh bng phn trm giy.

Timeticks

Gi tr uptime ca thit b c th i din bng loi d


liu ny.
Cho php bt truyn mt gi tr t do c kiu ty

Opaque

nhng c ng li thnh tng Octet String theo quy


nh ca ASN.1
Bang 2-2: Loi d liu ca trng SYNTAX

Mc ch ca cc loi d liu trn l nh ngha mt i tng c qun l.


iu ny rt quan trng c v hiu tp tin MIB.
1.7.4. SMI version 2
SMIv2 l phin bn m rng ca SMI bng cch thm nhnh snmpV2 vo
nhnh internet.

Trang 36

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-4: S cc OID ca SMIv2


OID cho nhnh mi l: 1.3.6.1.6.3.1.1 hay l
iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects
nh ngha ca cc i tng trong SMIv2 c mt t thay i so vi SMIv1.
Do c th kim sot i tng tt hn.
Cc kiu d liu mi trong SMIv2
Loi d liu

M t

Integer32

Ging nh Integer

Counter32

Ging nh Counter

Gauge32

Ging nh Gauge
Trang 37

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Unsigned32

C gi tr t 0 - 232-1

Counter64

Ging nh Counter nhng c gi tr trong khong t 0264-1.

BITS

Kiu d liu lit k khng m dng bit


Bang 2-3: Loi d liu trong SMIv2
Cc trng mi c thm vo trong SMIv2 c m t trong bng sau:
Cc nh ngha ci tin trong SMIv2

nh ngha i tng
UnitsParts

M t
Mt m t nguyn vn dng i din cho i
tng
Tng ng vi trng ACCESS SMIv1. Cc gi

MAX-ACCESS

tr cho trng ny l: read-only, read-write, readcreate, not-accessible, v accessible-for-notify.


Mt mnh m rng vi cc t kha nh: current
(nh ngha ca object ang c hiu lc v ang c

STATUS

s dng), obsolete (nh ngha ny c v c th b


i), v deprecated (nh ngha ny c v cc
chun tip theo c th nh ngha li). current trong
SMIv2 ging nh mandatory trong SMIv1.
Trng ny cho php m rng mt bng bng cch

AUGMENTS

thm mt hay nhiu ct i din cho cc i tng.


Trng ny yu cu cn c tn ca bng c thm
i tng.
Bang 2-4: Cc trng d liu trong SMIv2

Trang 38

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.7.5. Chi tit v MIB-II


MIB-II l mt nhm qun l rt quan trng v mi thit b h tr SNMP u
phi h tr MIB-II.
RFC1155 m t cch trnh by mt mib file nh th no ch khng nh
ngha cc object. RFC1213 l mt chun nh ngha nhnh mib nm di
iso.org.dod.internet.mgmt.mib-2 (tt nhin phi theo cu trc m RFC1155 quy
nh). Chng ta s kho st mt phn RFC1213 hiu ngha ca mt s object
trc khi dng cng c c chng.
RFC1156 l c t mib chun cho cc thit b TCP/IP, c coi l InternetStandard Mib (mib version 1). RFC1213 l c t mib chun version 2, thng gi
l mib-2. Ch phn bit mib-1 v mib-2 l cc chun c t nh ngha ca cc
object, cn SMIv1 v SMIv2 l c t cu trc ca mib file. Mib-1 v mib-2 s
dng cu trc ca SMIv1.
Mib-2 l mt trong nhng mib c h tr rng ri nht. Nu mt thit b
c tuyn b l c h tr SNMP th hng sn xut phi ch ra n h tr cc RFC
no, v thng l RFC1213.

Trang 39

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-5: S chi tit OID


MIB-II c 10 nhnh con c nh ngha trong RFC 1213, k tha t MIB-I
trong RFC 1066. Mi nhnh c 1 chc nng ring.
system (1.3.6.1.2.1.1) nh ngha mt danh sch cc i tng gn
lin vi hot ng ca h thng nh: thi gian h thng khi ng ti by
gi, thng tin lin lc ca h thng v tn ca h thng.
interfaces (1.3.6.1.2.1.2) Lu gi trng thi ca cc interface trn mt
thc th qun l. Theo di mt interface up hoc down, lu li cc octet
gi v nhn, octet li hay b hy b.
at (1.3.6.1.2.1.3) Nhm at (address translation) b phn i, n ch
cung cp kh nng tng thch ngc. Nhm ny c b t MIB-III tr i.

Trang 40

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

ip (1.3.6.1.2.1.4) Lu gi nhiu thng tin lin quan ti giao thc IP,


trong c phn nh tuyn IP.
icmp (1.3.6.1.2.1.5) Lu cc thng tin nh gi ICMP li, hy.
tcp (1.3.6.1.2.1.6) Lu cc thng tin khc dnh ring cho trng thi
cc kt ni TCP nh: ng, lng nghe, bo gi
udp (1.3.6.1.2.1.7) Tp hp cc thng tin thng k cho UDP, cc
datagram vo v ra,
egp (1.3.6.1.2.1.8) Lu cc tham s v EGP v bng EGP ln cn.
Transmission (1.3.6.1.2.1.10) Khng c i tng no trong nhm
ny, nhng n nh ngha cc mi trng c bit ca MIB.
snmp (1.3.6.1.2.1.11) o lng s thc thi ca SNMP trn cc thc
th qun l v lu cc thng tin nh s cc gi SNMP nhn v gi.
1.7.6. Hot ng ca SNMP
Protocol Data Unit (PDU) l nh dng thng ip m manager v agent s
dng gi v nhn thng tin. C mt nh dng chun PDU cho cc hot ng ca
SNMP sau:
Get
Get-next
Get-bulk (SNMPv2 v SNMPv3)
Set
Get-response
Trap
Notification (SNMPv2 v SNMPv3)
Inform (SNMPv2 v SNMPv3)
Report (SNMPv2 v SNMPv3)

Trang 41

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-6: M hnh hot ng ca SNMP


1.7.6.1

Get
get: c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi

kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n


khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp
thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response:

Hinh 2-7: M hnh hot ng ca lnh get


agent hiu c NMS cn tm thng tin g, n da vo mt mc trong
get l variable binding hay varbind. Varbind l mt danh sch cc i tng
Trang 42

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

ca MIB m NMS mun ly t agent. Agent hiu cu hi theo dng: OID=value


tm thng tin tr li. Cu hi truy vn cho trng hp trong hnh 2-7:
$ snmpget cisco.ora.com public .1.3.6.1.2.1.1.6.0
system.sysLocation.0 = ""

y l mt cu lnh snmpget trn Unix. cisco.ora.com l tn ca thit b,


public l chui ch y l yu cu ch c (read-only), .1.3.6.1.2.1.1.6.0 l OID.
.1.3.6.1.2.1.1 ch ti nhm system trong MIB. .6 ch ti mt trng trong
system l sysLocation. Trong cu lnh ny ta mun hi Cisco router rng vic
nh v h thng c ci t cha. Cu tr li system.sysLocation.0 = "" tc l
cha ci t. Cu tr li ca snmpget theo dng ca varbind: OID=value. Cn
phn cui trong OID snmpget; .0 nm trong quy c ca MIB. Khi hi mt
i tng trong MIB ta cn ch r 2 trng x.y, y l .6.0. x l OID thc t
ca i tng. Cn .y c dng trong cc i tng c hng nh mt bng
hiu hng no ca bng, vi trng hp i tng v hng nh trng hp ny
y = 0. Cc hng trong bng c nh s t s 1 tr i.
Cu lnh get hu ch trong vic truy vn mt i tng ring l trong MIB.
Khi mun bit thng tin v nhiu i tng th get tn kh nhiu thi gian. Cu
lnh get-next gii quyt c vn ny.

Trang 43

Kha Lun Tt Nghip

1.7.6.2

Tm hiu trin khai gii php gim st mng

Get-next
get-next: a ra mt dy cc lnh ly thng tin t mt nhm trong MIB.

Agent s ln lt tr li tt c cc i tng c trong cu truy vn ca get-next


tng t nh get, cho n khi no ht cc i tng trong dy. V d ta dng lnh
snmpwalk. snmpwalk tng t nh snmpget nhng khng ch ti mt i
tng m ch ti mt nhnh no :

$snmpwalk cisco.ora.com public system


system.sysDescr.0 = "Cisco Internetwork Operating System Software
..IOS (tm) 2500 Software (C2500-I-L), Version 11.2(5), RELEASE
SOFTWARE (fc1)..Copyright (c) 1986-1997 by cisco Systems, Inc...
Compiled Mon 31-Mar-97 19:53 by ckralik"
system.sysObjectID.0 = OID: enterprises.9.1.19
system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23
system.sysContact.0 = ""
system.sysName.0 = "cisco.ora.com"
system.sysLocation.0 = ""
system.sysServices.0 = 6

y ta mun ly thng tin ca nhm system, agent s gi tr ton b thng tin


ca system theo yu cu. Qu trnh tm nhm system trong MIB thc hin theo
cy t gc, n mt nt nu c nhiu nhnh th chn nhnh tm theo ch s ca
nhnh t nh n ln:

Trang 44

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-8: S ng i OID


1.7.6.3

get-bulk
get-bulk c nh ngha trong SNMPv2. N cho php ly thng tin qun

l t nhiu phn trong bng. Dng get c th lm c iu ny. Tuy nhin, kch
thc ca cu hi c th b gii hn bi agent. Khi nu n khng th tr li ton
b yu cu, n gi tr mt thng ip li m khng c d liu. Vi trng hp dng
cu lnh get-bulk, agent s gi cng nhiu tr li nu n c th. Do , vic tr li
mt phn ca yu cu l c th xy ra. Hai trng cn khai bo trong get-bulk l:
nonrepeaters v max-repetitions. nonrepeaters bo cho agent bit N i tng
u tin c th tr li li nh mt cu lnh get n. max-repeaters bo cho
agent bit cn c gng tng ln ti a M yu cu get-next cho cc i tng cn
li:

Trang 45

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-9: M hnh ly thng tin get-bulk


$ snmpbulkget -v2c -B 1 3 linux.ora.com public sysDescr ifInOctets ifOutOctets
system.sysDescr.0 = "Linux linux 2.2.5-15 #3 Thu May 27 19:33:18 EDT 1999
i686"
interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
interfaces.ifTable.ifEntry.ifInOctets.3 = 0
interfaces.ifTable.ifEntry.ifOutOctets.3 = 0

y, ta hi v 3 varbind: sysDescr, ifInOctets, v ifOutOctets. Tng s


varbind c tnh theo cng thc

N + (M * R)
N: nonrepeater, tc s cc i tng v hng
M: max-repeatition
R: s cc i tng c hng trong yu cu ch c sysDescr l v hng N = 1
M c th t cho l 3 , tc l 3 trng cho mi ifInOctets v ifOutOctets. C 2 i
tng c hng l ifInOctets v ifOutOctets R = 2
Tng s c 1 + 3*2 = 7 varbind

Trang 46

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cn trng v2c l do get-bulk l cu lnh ca SNMPv2 nn s dng v2c ch rng s dng PDU ca SNMPv2. -B 1 3 l t tham s N v M cho
lnh.
1.7.6.4 Set
Set: thay i gi tr ca mt i tng hoc thm mt hng mi vo bng.
i tng ny cn phi c nh ngha trong MIB l read-write hay writeonly. NMS c th dng set t gi tr cho nhiu i tng cng mt lc:

Hinh 2-10: M hnh lnh set


$ snmpget cisco.ora.com public system.sysLocation.0
system.sysLocation.0 = ""
$ snmpset cisco.ora.com private system.sysLocation.0 s "Atlanta, GA"
system.sysLocation.0 = "Atlanta, GA"
$ snmpget cisco.ora.com public system.sysLocation.0
system.sysLocation.0 = "Atlanta, GA"
Cu lnh u l dng get ly gi tr hin ti ca system.sysLocation.
Trong cu lnh snmpset cc trng cisco.ora.com v system.sysLocation.0
c ngha ging vi get. private ch i tng read-write, v t gi tr
mi bng: s "Atlanta, GA". s tc l t gi tr ca system.sysLocation.0 thnh
string, v gi tr mi l "Atlanta, GA" . Varbind ny c nh ngha trong RFC
1213 l kiu string ti a 255 k t:
Trang 47

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The physical location of this node (e.g., 'telephone closet,
3rd floor')."
::= { system 6 }
C th ci t nhiu i tng cng lc, tuy nhin nu c mt hnh ng b
li, ton b s b hy b.
1.7.6.5

Error Response ca get, get-next, get-bulk, set


C nhiu loi li bo li t agent:

SNMPv1 Error Message

M t

noError(0)

Khng c li

tooBig(1)

Yu cu qu ln c th dn vo mt cu tr li.

noSuchName(2)

badValue(3)

readOnly(4)

genErr(5)

OID yu cu khng tm thy, tc khng tn ti


agent.
Cu lnh set dng khng ng vi cc object
read-write hay write-only.
Li ny t dng. Li noSuchName tng ng
vi li ny.
Dng cho tt c cc li cn li, khng nm trong cc
li trn
Bang 2-5: Cc thng bo li trong SNMPv1

Trang 48

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cc loi li ca SNMPv1 mang tnh cht chung nht, khng r rng. Do


SNMPv2 a ra thm mt s loi li nh sau:
SNMPv2 Error Message
noAccess(6)

M T
Li khi lnh set c gng xm nhp vo mt
bin cm xm nhp. Khi , bin c trng
ACCESS l not-accessible
Li xy ra khi lnh set t mt kiu d liu

wrongType(7)

khc vi kiu nh ngha sn ca i tng. V d


khi set t gi tr kiu string cho mt i tng
kiu s nguyn INTEGER
Li khi lnh set a vo mt gi tr c chiu di

wrongLength(8)

ln

hn

chiu

di

ti

ca

i tng
wrongEncoding(9)

Li khi lnh set s dng cch m ha khc vi


cch i tng nh ngha.

wrongValue(10)

Mt bin c t mt gi tr m n khng hiu.


Khi mt bin theo kiu lit k enumeration
c t mt gi tr khng theo kiu lit k.
Li khi c t mt gi tr cho mt bin khng tn

noCreation(11)

ti hoc to mt bin khng c trong MIB


inconsistentValue Mt bin MIB trng thi
khng nht qun, v n khng chp nhn bt c
cu lnh set no.

resourceUnavailable(13)

Khng c ti nguyn h thng thc hin lnh


set

commitFailed(14)

i din cho tt c cc li khi lnh set tht bi

undoFailed(15)

Mt lnh set khng thnh cng v agent khng


th phc hi li trng thi trc khi lnh set bt

Trang 49

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

u tht bi.
authorizationError(16)

Mt lnh SNMP khng c xc thc, khi mt


ngi no a ra mt m khng ng.

notWritable(17)

Mt bin khng chp nhn lnh set.

inconsistentName(18)

C gng t mt gi tr, nhng vic c gng tht


bi v bin ang tnh trng khng nht qun.
Bang 2-6: Cc li trong SNMPv2

1.7.6.6

Trap
Trap l cnh bo ca agent t ng gi cho NMS NMS bit c tnh trng

xu agent.
Khi nhn c mt trap t agent, NMS khng tr li li bng ACK. Do
agent khng th no bit c l li cnh bo ca n c ti c NMS hay
khng. Khi nhn c mt trap t agent, n tm xem trap number hiu
ngha ca trap .

Hinh 2-11: M hnh gi Trap t Agent


Bn tin Trap c agent t ng gi cho manager mi khi c s kin xy ra
bn trong agent, cc s kin ny khng phi l cc hot ng thng xuyn ca
agent m l cc s kin mang tnh bin c. V d: Khi c mt port down, khi c mt
ngi dng login khng thnh cng, hoc khi thit b khi ng li, agent s gi
trap cho manager.

Trang 50

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Tuy nhin khng phi mi bin c u c agent gi trap, cng khng phi
mi agent u gi trap khi xy ra cng mt bin c. Vic agent gi hay khng gi
trap cho bin c no l do hng sn xut device/agent quy nh.
Phng thc trap l c lp vi cc phng thc request/response. SNMP
request/response dng qun ln SNMP trap dng cnh bo. Ngun gi trap
gi l Trap Sender v ni nhn trap gi l Trap Receiver. Mt trap sender c th
c cu hnh gi trap n nhiu trap receiver cng lc.
C 2 loi trap : trap ph bin (generic trap) v trap c th (specific trap).
Generic trap c quy nh trong cc chun SNMP, specific trap do ngi dng t
nh ngha (ngi dng y l hng sn xut SNMP device). Loi trap l mt s
nguyn cha trong bn tin trap, da vo m pha nhn trap bit bn tin trap c
ngha g.
Theo SNMPv1, generic trap c 7 loi sau : coldStart(0), warmStart(1),
linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborloss(5),
enterpriseSpecific(6). Gi tr trong ngoc l m s ca cc loi trap. ngha ca cc
bn tin generic-trap nh sau:
S v tn kiu Trap

nh ngha
Thng bo agent va khi ng li. Tt c cc
bin qun l s c reset, cc bin kiu
Counters v Gauges c t v 0.

coldStart (0)

coldStart dng xc nh mt thit b mi gia


nhp vo mng. Khi mt thit b khi ng xong,
n gi mt trap ti NMS. Nu a ch NMS l
ng, NMS c th nhn c v xc nh xem c
qun l thit b hay khng.

warmStart (1)

linkDown (2)

Thng bo agent va khi to li, khng c bin


no b reset.
Gi i khi mt interface trn thit b chuyn sang
trng thi down.
Trang 51

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

linkUp (3)

Gi i khi mt interface tr li trng thi up.


Cnh bo khi mt ngi no c truy cp vo

authenticationFailure (4)

agent m khng c xc thc.

egpNeighborLoss (5)

Cnh bo mt EGP ln cn b down


y l mt trap ring, ch c bit bi agent
v NMS t nh ngha ring chng. NMS s

enterpriseSpecific (6)

dng phng php gii m c bit hiu c


thng ip ny.
Bang 2-7: Cc kiu Trap

trap c nh ngha trong MIB l rdbmsOutOfSpace:


rdbmsOutOfSpace TRAP-TYPE
ENTERPRISE rdbmsTraps
VARIABLES { rdbmsSrvInfoDiskOutOfSpaces }
DESCRIPTION
"An rdbmsOutOfSpace trap signifies that one of the database servers managed by
this agent has been unable to allocate space for one of the databases managed by
this agent. Care should be taken to avoid flooding the network with these traps."
::= 2
Gi tr ca ENTERPRISE l rdbmsTraps, thng tin m t ca Trap c trong
DESCRIPTION v gi tr ca Trap l 2.
1.7.6.7

Notification
chun ha nh dng PDU trap ca SNMPv1 do PDU ca get v

set khc nhau, SNMPv2 a ra NOTIFICATION-TYPE. nh dng PDU ca


NOTIFICATION-TYPE l nhn ra get v set. NOTIFICATION-TYPE
c nh ngha trong RFC 2863:

linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }

Trang 52

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

STATUS current
DESCRIPTION
"A linkDown trap signifies that the SNMPv2 entity, acting in an agent role, has
detected that the ifOperStatus object for one of its communication links left the
down state and transitioned into some other state (but not into the notPresent
state). This other state is indicated by the included value of ifOperStatus."
::= { snmpTraps 3 }
OID ca trap ny l 1.3.6.1.6.3.1.1.5.3, tc
iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps
.linkDown.
1.7.6.8

Inform
SNMPv2 cung cp c ch truyn thng gia nhng NMS vi nhau, gi l

SNMP inform. Khi mt NMS gi mt SNMP inform cho mt NMS khc, NMS
nhn c s gi tr mt ACK xc nhn s kin. Vic ny ging vi c ch ca
get v set.
Ch : SNMP inform c th dng gi SNMPv2 Trap n 1 NMS. Trong
trng hp ny agent s c thng bo khi NMS nhn c Trap.
1.7.6.9

Report
c nh ngha trong bn nhp ca SNMPv2 nhng khng c pht trin.

Sau c a vo SNMPv3 v hy vng dng truyn thng gia cc h thng


SNMP vi nhau.
1.8. Tng kt
Ct li ca giao thc qun l mng (SNMP) l mt tp hp cc hot ng,
chc nng, gip nh qun tr mng c th qun l, theo di, thay i trng thi ca
cc thit b trn h thng.

Trang 53

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 3. PHN MM GIM ST NAGIOS CORE


1.9. Gii thiu
Nagios l mt cng c gim st h thng. iu ny c ngha l n lin tc
kim tra trng thi ca my v dch v khc nhau trn cc my. Mc ch chnh ca
h thng gim st l pht hin v bo co v bt k h thng khng hot ng,
cng sm cng tt, do , ta nhn thc c vn trc khi ngi dng s dng.
Nagios khng thc hin bt k kim tra my ch hoc cc dch v no trn
ca my ch Nagios. N s dng plugin thc hin vic kim tra thc t. iu
ny lm cho n c tnh linh hot cao, v l gii php hiu qu cho vic thc hin v
kim tra dch v.
i tng gim st ca Nagios c chia thnh hai loi: host v dch v.
Host l cc my vt l (my ch, b nh tuyn, my trm, my in v vv), trong khi
dch v l nhng chc nng c th, v d, mt my ch web (mt qu trnh x l
http) c th c nh ngha nh l mt dch v c gim st. Mi dch v c lin
quan n mt my ch l dch v ang chy trn . Ngoi ra, c hai my v dch
v c th c nhm li thnh cc nhm dch cho ph hp.

Hinh 3-12: Cc i tng cn gim st trn Nagios


Trang 54

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Nagios c hai u im ln khi ni n qu trnh gim st, thay v theo di


cc gi tr, n ch s dng bn mc m t tnh trng: OK, WARNING,
CRITICAL, v UNKNOW. Cc m t tnh trng ca cc i tng c gim st
cho php ngi qun tr quyt gii quyt hay b qua cc vn trn h thng m
khng tn nhiu thi gian. y chnh l iu Nagios lm. Nu ta ang theo di mt
gi tr s nh s lng khng gian a v ti CPU, ta c th nh ngha ngng
nhng gi tr c cnh bo khi cn thit.
Mt thun tin khc ca Nagios l cc bo co v trng thi ca cc dch v
ang hot ng. Bo co ny cung cp mt ci nhn tng quan tt v tnh trng c
s h tng. Nagios cng cung cp cc bo co tng t cho cc nhm my ch v
cc nhm dch v, cnh bo khi bt k dch v quan trng hoc c s d liu server
ngng hot ng. Bo co ny cng c th gip xc nh u tin ca cc vn
nh vn no cn c gii quyt trc.
Nagios thc hin tt c cc kim tra ca mnh bng cch s dng plugins.
y l nhng thnh phn bn ngoi m Nagios qua ly c thng tin v nhng
g cn c kim tra v cung cp cc cnh bo cho ngi qun tr. Plugins c trch
nhim thc hin cc kim tra v phn tch kt qu. Cc u ra t mt kim tra l
mt trng thi (OK, WARNING, CRITICAL, hoc UNKNOW) v cc vn bn b
sung cung cp thng tin v cc dch v c th. Vn bn ny ch yu dnh cho cc
qun tr vin h thng c th c mt trng thi chi tit ca mt dch v.
Nagios khng ch cung cp mt h thng ct li theo di, m cn cung
cp mt tp cc plugins tiu chun trong mt gi ring bit (xem
http://nagiosplugins.org/ bit thm chi tit). Nhng plugin ny cho php kim tra
cc dch v ang chy trn h thng. Ngoi ra nu ta mun thc thi mt kim tra
c bit, ta c th to mt plugin ring cho mnh.
1.9.1. Li ch ca vic gim st ti nguyn
C nhiu l do ti sao ta nn chc chn rng tt c cc ngun ti nguyn ang
lm vic nh mong i. Cc li th chnh l s ci thin v cht lng. Nu nhn
vin IT c th thng bo s c nhanh chng hn, h cng s c th x l cc vn
nhanh hn. i khi, s mt vi gi hoc vi ngy c c bo co u tin ca
Trang 55

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

mt s c. Nagios s m bo rng nu c thit b hoc dch v g l khng lm


vic, ta bit v n mt cch nhanh nht.
N cng c th lm cho Nagios thc hin cc khi phc t ng, iu ny
c thc hin nh vo cc s kin c nh ngha trong Nagios. y l cc lnh
c chy sau khi tnh trng ca mt my ch lu tr hoc dch v thay i, v
d khi mt router chnh khng hot ng, Nagios s chuyn n mt gii php d
phng cho n khi router chnh c sa. Mt trng hp in hnh l mt kt ni
quay s nh d phng s c bt, trong trng hp mt kt ni VPN.
Mt li th l xc nh vn tt hn. Nagios c th xc nh c chnh
xc mt s c xy ra trn h thng nhng khng mt nhiu thi gian.
Nagios cng rt linh hot khi thng bo cho mi ngi v nhng s c. Ta
c th thit lp n gi email cho nhng ngi khc nhau ty thuc vo nhng s
c . Trong hu ht cc trng hp, cng ty c mt lng ln i ng CNTT hoc
nhiu i. Thng thng, ta mun mt s ngi x l cc my ch, v nhng
ngi khc x l cc thit b switch / router / modem. Ta thm ch c th s
dng giao din web 'Nagios qun l ngi no ang lm vic v vn g. Ta
cng c th cu hnh cch Nagios gi cnh bo qua email, SMS , MSN
Gim st ngun ti nguyn khng ch hu ch xc nh vn , n cng c
th gip ta tit kim thi gian tm hiu chng. Nagios cnh bo v x l cc tnh
hung quan trng khc nhau. iu ny c ngha rng n c th nhn ra vn tnh
hung quan trng mt cch nhanh chng. V d, nu a cng lu tr trn mt my
ch email l s dng ht th tt hn ta nn c thng bo v tnh trng ny
trc khi n tr thnh mt vn nghim trng.
Gim st cng c th c thit lp trn nhiu my tnh trn khp cc a
im khc nhau m c th giao tip tt c cc kt qu n mt my ch Nagios
trung tm. Bng cch ny, thng tin v tt c cc host v dch v trong h thng c
th c truy cp t mt my tnh n l. iu ny s cho ta mt bc tranh hon
chnh c s h tng CNTT.

Trang 56

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.9.2. Cc chc nng chnh


Cc chc nng ca Nagios rt linh hot, n c th c cu hnh theo di
c s h tng CNTT theo cch ta mun. N cng c mt c ch t ng phn
ng vi cc vn , v mt h thng cnh bo mnh. Tt c iu ny c da trn
mt h thng nh ngha cc i tng r rng:
Commands: c nh ngha v cch Nagios cn thc hin cc loi kim
tra, chng l mt lp tru tng cho php ta nhm cc hot ng tng t li vi
nhau.
Time-periods: l ngy v thi gian ko di m trong mt hot ng nn
hay khng nn c thc hin, v d: Th hai n th su 9:00-17:00.
Contacts v Contact groups: l nhng ngi cn c cnh bo, cng vi
thng tin v cch thc v thi gian h cn c cnh bo. Contacts c th c
nhm li thnh Contact groups.
Host: l nhng my vt l, cng vi thng tin v vic ai s c lin lc, lm
th no kim tra phi c thc hin, v khi no. Host c th c nhm li thnh
cc Host group, mi host c th l mt thnh vin ca nhiu Host group.
Services: l cc chc nng khc nhau hoc cc ti nguyn cn c gim st,
cng vi thng tin v nhng ngi cn c lin lc, lm th no kim tra phi
c thc hin, v khi no. Service c th c nhm li thnh cc service group,
mi service c th l mt thnh vin ca nhiu service group.
Host v service escalation: nh ngha khong thi gian c ch ra m sau
ngi ph nn c cnh bo ca cc s kin no - v d mt my ch quan
trng l ngng hot hn 4 gi nn cnh bo cho qun tr vin h bt u theo di
cc vn .
Mt tin ch quan trng ta s t c bng cch s dng Nagios l mt h
thng ph thuc. i vi cc qun tr vin, r rng l nu router b hng, tt c cc
my truy cp thng qua n s tht bi. Nagios cho php ta nh ngha ph thuc
gia cc my hnh thnh cu trc lin kt mng li thc t. V d, nu mt
switch, cho kt ni ta vi mt b nh tuyn ngng hot ng, Nagios s khng
Trang 57

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

thc hin bt k kim tra trn router hoc trn cc my tnh ph thuc vo router.
iu ny c minh ha trong v d sau y:

Hinh 3-13: V d m t s c
Ta cng c th nh ngha rng mt dch v ph thuc vo mt dch v khc,
hoc trn cng mt my ch hoc trn cc my ch khc nhau. Nu mt trong cc
dch v l ngng hot ng, mt kim tra cho mt dch v m ph thuc vo n s
khng c thc hin. V d, i vi mng ni b ca ng dng cng ty hot ng
tt, c hai my ch web c bn v c s d liu mt my ch u hot ng. V
vy, nu mt dch v c s d liu khng hot ng, Nagios s khng thc hin
kim tra cc ng dng. My ch c s d liu c th l trn cng mt my hot
khc my.Trong mt trng hp nh vy, nu my b hng hoc khng th truy
cp, cnh bo cho tt c cc dch v ph thuc vo cc dch v c s d liu s
khng c gi.
Nagios cng cung cp c ch ln lch cho k hoch ngng hot ng v
mt vi l do no nh bo tr hoc nng cp h thng. Ta c th ln lch cho mt
Trang 58

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

my ch c th hoc dch v d kin khng c sn. iu ny s ngn chn Nagios


thng bo cho ngi c cu hnh cn gi cnh bo v cc vn lin quan n
i tng ny. Nagios cng c th thng bo cho mi ngi k hoch ngng hot
ng mt cch t ng. iu ny ch yu c s dng khi bo tr c s h tng IT
v h thng cng nh dch v ngng hot ng trong mt thi gian di.
1.9.3. Trng thi tm thi v c nh
Nagios hot ng bng cch kim tra xem mt my ch hoc dch v c hot
ng tt khng v lu tr trng thi ca n. Bi v trng thi ca mt dch v ch l
mt trong bn gi tr OK, WARNING, CRITICAL, UNKNOW. iu quan trng l
n thc s xc nh c tnh trng hin ti. trnh pht hin tm thi v ngu
nhin vn , Nagios s dng trng thi tm thi v c nh m t tnh trng hin ti
ca mt my ch lu tr hoc dch v.
Hy tng tng rng mt qun tr vin khi ng li mt my ch web v
hot ng ny lm cho mt cc kt ni n my ch web trong 5s. Nh thng,
khi ng li nh vy c thc hin vo ban m gim s lng ngi dng b
nh hng, y l khong thi gian chp nhn c. Tuy nhin, mt vn c th
ny sinh khi Nagios c gng kt ni ti my ch v thng bo rng n thc s
ngng hot ng nu ch da vo mt kt qu duy nht.
x l tnh hung khi mt dch v ngng hot ng trong mt thi gian rt
ngn, hoc cc kim tra tm thi khng thnh cng, ngi ta a ra trng thi tm
thi. Khi trng thi ca mt kim tra l UNKNOW, hoc n l khc nhau cc trng
thi trc , Nagios s tin hnh kim tra li cc my ch, dch v nhiu ln
m bo rng thay i l c nh trong mt khong thi gian di. S ln kim tra
c cu hnh trong phn nh ngha cc dch v. Nagios gi nh rng cc kt qu
mi l mt trng tm thi. Sau khi tin hnh kim tra nhiu ln m trng thi khng
i, th n c coi l mt trng thi c nh.
Mi Host v Service c nh ngha s th kim tra s c thc hin trc
khi n c th c gi nh rng thay i l vnh vin. iu ny cho php linh hot
trong vic kim tra cc s c. Thit lp s lng kim tra mt s gy ra cc thay i

Trang 59

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

c coi l kh khn ngay lp tc. Sau y l mt minh ha cho trng thi tm thi
v c nh, gi s s ln kim tra l 3 ta s c:

Hinh 3-14: Kim tra trng thi


Tnh nng ny cho php b qua s c ngng hot ng trong thi gian ngn
ca mt dch v. N cng rt hu ch thc hin cc kim tra nh k ngay c khi
mi th hot ng tt.
1.10. Tng kt
C nhiu li ch khi s dng h thng gim st. N m bo rng cc dch v
ang lm vic mt cch chnh xc. N gip pht hin cc vn trc v m bo
rng nhng ngi thch hp s c cnh bo khi c s c xy ra. m bo rng tt
c cc dch v hot ng tt l iu cn thit. Trong trng hp xy cc vn , h
thng s gip trong vic a ra mt bc tranh r rng v nhng g ang lm vic,
v nhng g khng.
Nagios l mt ng dng rt mnh cho vic gim st ti nguyn. N ph hp
vi c cc h thng ln v nh. N c th gip t chc duy tr cht lng dch v
cao hn. Nagios cng gip trong vic xc nh nguyn nhn gc r ca vn . N
bao gm c ch rt linh hot theo di v thng bo v c s h tng.
Nagios l mt cng c cc k mnh m nh n c th c cu hnh theo bt
k cch no ta mun. Hn na n cng c th c m rng nu c nhu cu.

CHNG 4 . CISCO SECURITY MONITORING,


ANALYSIS, AND RESPONSE SYSTEM

Trang 60

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.11. H thng gim thiu mi e da an ninh


CS-MARS ban u c to ra gii quyt cc vn ca cc t chc c
lin quan n cc d liu c thu thp. Trong qu kh, tt c cc d liu c thu
thp t cc thit b bo mt v mng nh router, switch, firewall, IDS, server c
lu trong cc thit b ring bit. Mi nh sn xut v vi mi thit b khc nhau u
s dng cch thc ring lu tr cc bo co cng nh cc s kin thu thp c
t cc thit b . S tng quan khng tn ti, c bit l qua nhiu nh cung cp,
v qun tr vin phi t theo di cc thit b khc nhau. Mc ch ca MARS l t
ng thu thp thng tin d liu ca cc s kin v lu chng trong mt c s d
liu ln, thng qua c th xc nh chnh xc cc vn , s c ang xy ra trn
h thng.
1.12. M hnh ha v tnh trc quan
MARS c th bit c v tr cc thit b trong h thng. N c th ly c
thng tin m hnh h tng khi c thc thi khm ph cc thit b trong mng.
Trong qu trnh tm hiu h thng mng, MARS kt ni ti tt c cc thit b hoc
c thng tin t tp tin cu hnh v lu thng tin xung c s d liu. MARS tin
hnh qu trnh ny mt cch nh k cho thng tin c cp nht. MARS cng
rt linh hot trong vic cu hnh khm ph h thng.
Qu trnh tm hiu thng tin c thc thi theo yu cu, nh ta ang iu tra
s c bo mt. V d, CS-MARS c th pht hin mt my tnh trn h thng ang
b nhim worm. Khi ta chn cc iu tra s c lin quan n worm, MARS tin
hnh theo di cc my ch b nhim bng cch c cc giao thc phn gii a ch
(ARP) v b nh a ch ni dung (CAM) v cc thit b mng ta pht hin c
cng ca switch kt ni n my b nhim. Ta c th xem thng tin ny cng nh
biu hin th ni cc my ch b nhim worm c quan h vi cc my ch v cc
thit b khc.
Cc tnh nng trc quan cng c th cho php ta xem s qu trnh ly
nhim worm. N cn c th khuyn ta nn hnh ng ngn chn mt tn cng
trong h thng. Bi v n c th pht hin cng ca switch kt ni n my tnh b
ly nhim, v khuyn ta nn tm thi tt cng .
Trang 61

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.13. H thng bo co quy tc mnh


CS-MARS cung cp cng c truy vn mnh cho php ta c th d dng to
mt bo co hay quy tc b sung cho h thng. Mc nh CS-MARS c mt tp cc
quy tc v bo co cho php ta c th thay i, ty chnh. Cng c truy vn cho
php nhanh chng hin th, mt trong cc nh dng cn bn, cc thng tin m ta
quan tm. Thng thng cc truy vn c lu li di dng bo co hoc quy tc
cho php t ng truy vn ln sau.
1.14. Cnh bo v gim thiu nguy c
MARS cho php ta ty bin cc cnh bo d trn cc loi s c. V d, hot
ng thu thp thng tin ca k tn cng c thc thi di hnh thc mt cuc tn
cng trn b m khng thnh cng c th l mt s c ta mun c thng bo.
MARS c nhiu cch cnh bo cho ta bit c s c trn h thng:
Email
Syslog
SNMP
Paging
Short Message Service (SMS)
Email vi tp tin XML nh km.
1.15. M t cc thut ng trong CS-MARS
CS-MARS s dng cc thut ng c th hi khc vi nhng g ta ang s
dng. hiu MARS v qu trnh iu tra hoc truy vn, ta nn hiu r nhng thut
ng ny.
1.15.1. S kin (Event)
Mi mt ghi nhn v cc s kin, bt k t cc thit b no, u c coi l
mt s kin. Mt s kin c th c thu nhn t nhiu ngun nh SNMP, syslog,
RDEP, SDEE, hoc t Server Message Block (SMB).

Trang 62

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.15.2. Phin (Session)


CS-MARS thu thp cc s lin quan vi nhau, kt qu ca s lin quan cc
s kin ny to ra mt session.
Mt session c to khi cc s kin c xc nh bi thi gian, IP ngun,
IP ch, port ngun, port ch, giao thc v MARS xc nh c rng chng c
lin quan n nhau.
Gi s ta xem xt mt cuc tn cng n my ch web, cc thit b mng v
bo mt u to ra mt bn ghi. Ta c th thy mt session c to bi mt tp cc
bn ghi s kin :
Firewall cho php truyn thng qua cng 80 TCP t my ca k tn
cng n my ch web v gi mt bn ghi n MARS qua syslog.
IDS hoc IPS xc nh c tn cng DDOS n my ch web v gi
bn ghi thng qua SDEE.
Router xc nh c truyn thng t my k tn cng n my ch
web qua TCP 80 v gi bn ghi qua syslog.
My ch web ghi nhn li thng tin ca k tn cng ri gi n
MARS.
Tt c cc bn ghi s kin ca d liu xut pht t cng mt mng s c
thu thp to thnh mt session.
1.15.3. Quy tc (Rules)
Rules l cc quy nh phi c p ng chnh xc CSMARS c mt
hnh ng. Theo mc nh, khi tt c cc iu kin ca Rule c p ng, mt s
c c to ra, ty thuc vo tng loi Rules, ta c th bit thm chi tit cc hnh
ng. Rules c th l nhng ci c bn, nh cc s kin bo co ca Firewall hoc
IDS, hoc phc tp hn l c im cc hnh ng v d nh mt my Server kt
ni vi my Client thng qua cc Port v sau gi n nhng hnh ng trn
mng.

Trang 63

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

n gin nh mt quy tc c th l bo cho ti bit khi c t kha ny xut


hin trong cc s kin hay phc tp hn nh bo cho ti tt c cc trng hp khi
c ngi c gng tn cng ng nhp vo h thng.
MARS s dng cc quy tc xc nh cc hot ng m ta mun kim tra.
Quy tc c th c to ra nh truy vn v thng s dng trong cc bo co.
1.15.4. S c (Incident)
Mt Incident l mt chui cc s kin tng quan ng vi mi Rule khi c
tn hiu mt cuc tn cng vo h thng mng. CS-MARS s pht hin, gim thiu,
bo co, v phn tch cc s c . Da trn bng iu khin mng v cc trang
Incident s gip chng ta pht hin v hin th cc s c trn h thng mng v gip
a ra cc quy tc v cc s kin phng chng li cc tn cng.
1.15.5. False Positive
CS-MARS xem xt mt tn cng khng thnh cng hoc bi v khng th
xm nhp c vo mc tiu tn cng hoc b cc thit b bo mt ngn chn hay
cng c th do mt bo co sai v mt truyn thng c xem l mt tn cng. Lc
ny CS-MARS s sinh ra mt False Positive
CS-MARS s dng mt h thng tch hp nh gi tnh tn thng (VA) ca
mng c th c kch hot trn tt c hay mt phn ca mng. H thng VA xc
nh chnh xc hn cc cuc tn cng l c tht hay khng.
C 3 loi False Positive c s dng trn CS-MARS
False Positive khng c xc nhn: c to ra khi MARS tin
nhng khng chc chn rng mt thit b trn h thng b tn cng.
False Positive c ngi dng xc nhn: sau khi xem xt cc
False Positive khng c xc nhn v ng vi s xc nh ca MARS,
ngi dng khng nh li false positive th s to ra False Positive ny.
False Positive c h thng xc nhn: xy ra khi mt thit b bo
co rng n chn c mt cuc tn cng. iu ny c ngha l khi c
mt vi thit b ch ra mt cuc tn cng trong khi t nht c mt cuc tn

Trang 64

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cng b tht bi hoc khi my b tn cng gi mt bn ghi cho bit c mt


tn cng tht bi n n.
1.16. S gim nh ri ro
CS-MARS c rt nhiu cch gim thiu cc mi e da v tn cng. V
MARS c c thng tin ton b ca m hnh h thng v n c th xc nh chnh
xc v tr ca cc mi e da. MARS c th xc nh phng php tt nht gim
nh mt cuc tn cng.
Trong khi ang iu tra v mt s c bo mt, ta c th yu cu a ra
mt ngh gim nh cc mi e da.
1.17. Giao din ngi dng ca CS-MARS
Giao din ny cho php ngi dng s dng mt cch d dng v thun tin
hn. Giao din ny chy trn nn web. Ngi dng ch cn dng trnh duyt web
truy cp vo CS-MARS. Ta c th c c tt c cc thng tin v h thng nh tnh
trng h thng, bo co, truy vn
1.18. Tng kt
CS-MARS ng hai vai tr quan trng trong h thng. u tin, n l mt
thit b rt quan trng trong vic ci tin s t v ca h thng mng. S t v ny
c gia tng l do s bo v trn ton h thng c truyn thng t cc thit b
vi nhau. Ngoi ra CS-MARS cn l mt thit b gim thiu cc nguy c, cung cp
cc thng tin mt cch nhanh chng v chnh xc cho vic phn ng li cc s c
trn h thng.

Trang 65

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 5. TRIN KHAI V NH GI H


THNG GIM ST
1.19. M hnh trin khai

Hinh 5-15: M hnh trin khai


1.20. Gii thiu m hnh
M hnh trin khai c xy dng da trn h thng thc t ca trng i
hc Lt. Vi cu trc h tng mng 3 lp, m hnh c xy dng nhm m
bo tnh n nh, sn sng v tng kh nng chu li cao cho h thng. H thng bao
gm cc lp sau:
Lp Core: bao gm 2 switch 4750R l Dalat-CoreSW-1 v DalatCoreSW-2. 2 switch ny ng vai tr ct li trong h thng. Do l switch lp
3 nn chng va c tc dng trong c nh tuyn nh router v chuyn mch
nh switch.
Lp Distribution: gm 3 switch 3750 l A4-Dis, A8-Dis, KTX-Dis. 3
switch ny nm lp trung gian, chu trch nhim cho vic truyn thng,
chuyn mch gia cc switch lp Core v lp Access.
Lp Access: l cc switch nm ti cc ta nh. Chng l thit b trc
tip kt ni vi ngi dng cui.

Trang 66

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Khu vc cc my ch ng dng: gm 3 my tnh chnh chy h iu


hnh Windows Server 2003 v Windows Server 2008, ng vai tr l Web
Server, DNS Server v Backup Server.
Khu vc qun tr: gm mt my tnh ng vai tr l Nagios Server
chy h iu hnh CentOS v thit b gim st chuyn dng CS-MARS.
1.21. Nagios
1.21.1. Ci t
1.21.1.1 Ci t h iu hnh CentOS
Cho a CentOS vo a CD.
Khi ng my v cho boot t CD, mn hnh hin th giao din nh hnh di, n
Enter.

Trang 67

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Skip khi phi kim tra a CD:

Khi mn hnh ci t CentOS hin ra, chn Next

Trang 68

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

La chn ngn ng, English Next

La chn ngn ng cho bn phm , English Next

Trang 69

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Yes khi xut hin cu hi "Would you like to initialize this drive, erasing
ALL DATA?"

mn hnh k tip, nn la chn "Remove linux partitions on selected drives


and create default layout." H thng s t ng to phn vng /boot v /.

Trang 70

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Yes mn hnh k tip:

Ti phn la chn cu hnh network, chn Edit

Trang 71

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ci t IP theo nh hnh di, chn OK Next

La chn Timezone Asia/Ho_Chi_Minh NEXT

Trang 72

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

t mt khu cho root Next

By gi ta s la chn cc packages cn ci t. Chn Customize Now Next

Trang 73

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Trong phn tip theo, tt c cc Menu bn tri, ta uncheck ton b cc packages,


ring phn Base system ch la chn Base packages Next

H thng s t tm cc packages tin hnh ci t

Trang 74

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ti y, ta chn Next

Phn vng cng s c format ...

Trang 75

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Bt u tin hnh ci t h iu hnh CentOS

Reboot sau khi tin trnh ci t hon tt.

Trang 76

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.21.1.2 Ci t Nagios
Yu cu
ci t phn mm trc tin ta phi c quyn truy cp ti khon root.
m bo rng cc gi ci t sau c ci trn h iu hnh CentOS trc khi tip
tc:
Apache
PHP
Phn bin dch GCC
Th vin GD
Chng ta c th s dng lnh yum ci t cc gi ng dng bng cc lnh sau:
yum install httpd php
yum install gcc glibc glibc-common
yum install gd gd-devel
To thng tin ti khon ngi dng
Trc tin ta phi c quyn truy cp nh l root
su -l
To ti khon nagios v mt khu
/usr/sbin/useradd -m nagios
passwd nagios
To mt nhm ngi dng mi l nagcmd, cho php ti khon nagios c th truy
cp vo giao din web ta thm ti khon nagios v apache vo nhm nagcmd
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache

Trang 77

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ti phn mm nagios v cc plug-in


To mt th mc lu tr phn mm ti v
mkdir ~/downloads
cd ~/downloads
Ti phn mm nagios v plug-in ti 2 a ch sau:
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins1.4.11.tar.gz
Bin dch v ci t Nagios
Gii nn m ngun ca nagios c ti v
cd ~/downloads
tar xzf nagios-3.2.3.tar.gz
cd nagios-3.2.3
Chy tp tin kch bn cu hnh ca nagios bng tn nhm ngi dng nagcmd
c to phn trn
./configure --with-command-group=nagcmd
Bin dch m ngun ca nagios
make all
Ci t chng trnh, tp lnh init, tp tin cu hnh mu v thit lp quyn cho cc
th mc cn thit.
make install
make install-init
make install-config
make install-commandmode

Trang 78

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ty chnh cu hnh
Nhng tp tin cu hnh ca nagios nm ti th mc /usr/local/Nagios/etc.
Chnh sa tp tin contacts.cfg ti/usr/local/Nagios/etc/objects/contacts.cfg thay
i thng tin a ch email cn dng cho vic nhn cc cnh bo.
vi /usr/local/nagios/etc/objects/contacts.cfg
Cu hnh giao din Web
Ci t tp tin cu hnh web Nagios trong th mc conf.d ca Apache.
make install-webconf
To ti khon nagiosadmin ng nhp vo giao din web ca Nagios.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Khi ng li Apache cc ci t mi c hiu lc.
service httpd restart
Bin dch v ci t cc Plugins ca Nagios
Gii nn m ngun ca Nagios Plugins
cd ~/downloads
tar xzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11
Bin dch v ci t plugins
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
Bt u Nagios
Thm Nagios vo danh sch cc dch v h thng t bt u khi h iu hnh c
khi ng.
chkconfig --add nagios

Trang 79

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

chkconfig nagios on
Xc nh tp tin cu hnh ca Nagios xem c li g khng.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nu kt qu tr v l khng c li th ta bt u dch v Nagios.
service nagios start
Sa i SELinux
H iu hnh CentOS c ng dng SELinux (Security Enhanced Linux)
c ci t mc nh v ch Enforcing. iu ny c th lm chng ta khng
truy cp c giao din ca Nagios.
Xem th ch ca SELinux c phi l Enforcing khng.
getenforce
t li ch cho SELinux l Permissive.
setenforce 0
thay i ny c nh, ta phi thay i cu hnh ca SELinux ti
/etc/selinux/config v khi ng li.
Thay v phi v hiu ha SELinux hoc chuyn n sang ch Permissive, ta c th
dng cc lnh sau chy CGIs ca Nagios di ch Enforcing:
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/
ng nhp vo giao din Web ca Nagios
By gi ta c th ng nhp vo giao din web ca Nagios vi ti khon
nagiosadmin v mt khu c thit lp lc u ti a ch:
http://localhost/nagios/
Ti y l thnh cng trong vic ci t phn mm Nagios.

Trang 80

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.21.2. Cu hnh Nagios


1.21.2.1 Cu hnh gim st h thng chy h iu hnh Windows
Gii thiu
Chng ta s tin hnh cu hnh Nagios gim st cc thng tin c bn ca
h thng Windows l mt my Client mu (Sample Client):
Memory s dng
Ti CPU
Dung lng a s dng
Trng thi cc dnh v
Cc tin trnh ang chy
Khi qut cch hot ng ca Nagios vi Windows

Hinh 5-16 Giao tip gia Nagios v Windows


Gim st cc dch v hay cc thuc tnh ca mt h thng Windows yu cu
ta phi ci mt Agent trn . Agent ny ging nh l mt trung gian gia cc
Plugin ca Nagios c dng gim st cc dch v v thuc tnh ca Windows.
Nu Agent khng c ci t trn h thng Windows th ta khng th gim st
c.
y ta s dng phn mm NSClient++ gim st my Windows v s
dng plugin check_nt giao tip vi NSClient++ (check_nt c ci t trn my
ch Nagios nh phn trn).
Ngoi NSClient++ ta c th s dng NC_Net c chc nng tng t
NSClient++.
Trang 81

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cc bc tin hnh
C mt vi qu trnh cn thc hin tin hnh gim st mt my Windows
l:
Kim tra cc yu cu.
Ci t agent trn my Windows.
To mt host v mt nh ngha service gim st my Windows.
Khi ng li tin trnh nagios cp nht thay i.
Yu cu
cu hnh Nagios gim st mt my tnh Windows ta cn cu hnh cc thng tin
sau:
Chnh sa tp tin cu hnh Nagios:
vi /usr/local/nagios/etc/nagios.cfg
B k t # dng sau:
#cfg_file=/usr/local/nagios/etc/objects/windows.cfg
Lu tp tin v thot.
Cng vic va lm cu hnh cho Nagios bit c cc thng tin trong tp tin
/usr/local/nagios/etc/objects l ni thm cc thng tin v my windows v cc
dch v cn gim st.
Ci t Agent trn Windows
Trc khi tin hnh gim st ta cn ci t agent trn Windows. y ta s
dng NSClient++ c th tm thy ti: http://nsclient.org/nscp/downloads
Ti

phin

bn

NSClient++

mi

http://nsclient.org/nscp/downloads
Gii nn tp tin ti v th mc C:\NSClient++
M ca s Command Prompt
G lnh sau ci t NSClient++:
Trang 82

nht

ti:

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

o nsclient++ /install
Bt biu tng NSClient++ trn thanh menu h thng
o nsclient++ SysTray
Bt trnh qun l dch v ca NSClient++ m bo cho php
truyn thng gia Nagios Server v my Windows.

Hinh 5-17: Phn mm NSClient++


Chnh sa tp tin NSC.INI (trong th mc C:\NSClient++):
B du ; tt c cc modules c lit k trong [modules] tr
CheckWMI.dll v RemoteConfiguration.dll
Ty chn mt khu c th thay i ti phn [Settings]
B du ; ca allowed_hosts trong phn [Settings]. Thm a ch IP
ca Nagios Server hoc trng cho php bt k host no kt ni n
m bo cng trong phn [NSClient] l 12489
G lnh sau bt u dch v NSClient++ trn windows
nsclient++ /start
Nu ci t ng th mt biu tng mi s xut hin trong khay h thng.
Trang 83

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

n y ta c th thm my Windows vo tp tin cu hnh ca Nagios bt u


gim st.
Cu hnh Nagios
By gi ta s nh ngha cc object definitions trong tp tin cu hnh gim
st mt my Windows mi
M tp tin windows.cfg
vi /usr/local/nagios/etc/objects/windows.cfg
Thm mt nh ngha mi cho my Windows tin hnh gim st. Thay i cc
thng tin nh host_name, alias, address thch hp:
define host{
use

windows-server

host_name

Sample Client

alias

My Windows Server

address

10.0.4.11

}
By gi ta s nh ngha cc dch v cn gim st trn my Windows
Theo di phin bn ca NSClient++. iu ny rt hu ch cho vic cn kim tra
nng cp phin bn NSClient++ khi cn thit:
define service{
use

generic-service

host_name

Sample Client

service_description

NSClient++ Version

check_command

check_nt!CLIENTVERSION

}
Gim st thi gian hot ng ca my Windows

Trang 84

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

define service{
use

generic-service

host_name

Sample Client

service_description

Uptime

check_command

check_nt!UPTIME

}
Gim st ti ca CPU v cu hnh Nagios bt cnh bo l WARNING nu ti ln
hn 80% trong 5 pht v CRITICAL nu ti ln hn 90% trong 5 pht.
define service{
use

generic-service

host_name

Sample Client

service_description

CPU Load

check_command

check_nt!CPULOAD!-l 5,80,90

}
nh ngha dch v gim st dung lng s dng ca b nh. WARNING nu s
dng trn 80% v CRITICAL nu s dng trn 90%
define service{
use

generic-service

host_name

Sample Client

service_description

Memory Usage

check_command

check_nt!MEMUSE!-w 80 -c 90

}
Gim st dung lng a C. Bt cnh bo WARNING khi s dng trn 80% dung
lng a cng v CRITICAL khi dng trn 90%.
define service{

Trang 85

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

use

generic-service

host_name

Sample Client

service_description

C:\ Drive Space

check_command

check_nt!USEDDISKSPACE!-l c -w 80 -c 90

}
nh ngha dch v gim st tin trnh Explorer.exe v bt CRITICAL nu tin trnh
ny khng chy.
define service{
use

generic-service

host_name

Sample Client

service_description

Explorer

check_command

check_nt!PROCSTATE!-d

SHOWALL

-l

Explorer.exe
}
Hin th tt c cc tin trnh ang chy
define service{
use

generic-service

hostgroup_name

windows-servers

service_description

Process

check_command

check_nt!INSTANCES!-d SHOWALL -l Process

}
l mt vi dch v gim st my Windows c bn. Ta lu li tp tin cu hnh
Mt khu
Nu c cu hnh mt khu trong NSClient++ Windows, cn sa i lnh check_nt
cho php mt khu. M tp tin commands.cfg chnh sa.

Trang 86

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

vi /usr/local/nagios/etc/objects/commands.cfg
Thay i nh ngha ca lnh check_nt cho php mt khu vi ty chn s <mt
khu>
define command{
command_name check_nt
command_line

$USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s

PASSWORD -v $ARG1$ $ARG2$


}
Lu li tp tin commands.cfg
Khi ng li dch v Nagios
Kim tra xem cc thng tin cu hnh c li g khng vi lnh
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nu qu trnh kim tra thng bo c li, tin hnh sa li ti tp tin c thng bo
ri khi ng li dch v nagios cp nht thay i
service nagios restart
Kt qu gim st trn Sample Client:
Thng tin cc dch v cu hnh kim tra trn Sample Client: dung
lng C, ti CPU, Explore, dung lng memory s dng, phin bn ca
NSClient++, cc tin trnh ang chy trn my, thi gian bt my.

Trang 87

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-18: Thng tin cc dch v trn Sample Client


Theo hnh 5-5 ta c th thy thng tin v Sample Client: IP Address, trng
thi host, trng thi thng tin, host c chp chn hay khng, thi gian cp nht cui
cng

Hinh 5-19: Thng tin v Sample Client


1.21.2.2 Gim st Router v Switch
Gii thiu
Phn m t trin khai di y trnh by cch gim st trng thi ca router
hoc switch. Chng ta khng th gim st nu cc thit b ny khng c a ch IP.
Mc khc nu cc thit b trn h tr giao thc SNMP s rt thun tin cho vic
gim st.
Cc thng tin gim st trn router hoc switch
Lng d liu b mt v thi gian truyn trung bnh ca lnh ping
Thng tin trng thi thit b
Trang 88

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Khi qut
Gim st cc thit b router v swich c th c n gin ha ty thuc vo
loi thit b v thng tin cn gim st.
Switch v router c th c theo di d dng bi lnh ping xc nh
n nh ca ng truyn. Nu thit b h tr SNMP ta c th gim st nhiu thng
tin hn.
Lnh check_snmp ch hot ng khi h thng c ci t cc gi ng dng
net_snmp v net_snmp_utils. Nu cc ng dng ny cha c ci t th hy ci
chng trc v ci li cc plugin ca nagios.
Cc bc tin hnh
Cn tin hnh cc bc sau gim st thit b:
Kim tra cc yu cu.
To mt host v mt nh ngha service gim st my Router v
Switch
Khi ng li tin trnh nagios cp nht thay i.
Yu cu
cu hnh Nagios gim st mt router hay switch ta cn cu hnh cc thng
tin sau:
Chnh sa tp tin cu hnh Nagios:
vi /usr/local/nagios/etc/nagios.cfg
B k t # dng sau:
#cfg_file=/usr/local/nagios/etc/objects/switch.cfg
Lu tp tin v thot.
Cng vic va lm cu hnh cho Nagios bit c cc thng tin trong tp tin
/usr/local/nagios/etc/objects l ni thm cc thng tin v router hoc switch cng
cc dch v cn gim st.
Trang 89

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cu hnh Nagios
Ta cu hnh Nagios gim st switch Dalat-CoreSW-1 nh sau:
By gi ta s nh ngha cc object definitions trong tp tin cu hnh gim st
mt my router hoc switch mi
M tp tin switch.cfg
vi /usr/local/nagios/etc/objects/switch.cfg
Thm mt nh ngha mi cho router hoc switch tin hnh gim st. Thay i
cc thng tin nh host_name, alias, address thch hp:
define host{
use

generic-switch

host_name

Dalat-CoreSW-1

alias

Dalat Switch Core

address
hostgroups

10.0.255.1
Dalat Switch Core

}
Gim st cc dch v
gim st cc dch v ta tin hnh nh ngha cc dch v trong tp tin switch.cfg
Gim st cc gi d liu b mt v RTA
Thm nh ngha dch v sau theo di cc gi d liu b mt v thi gian
gi trung bnh gia Nagios server v host cn gim st mi 5 pht trong iu kin
bnh thng.
define service{
use

generic-service

host_name

Dalat-CoreSW-1

Trang 90

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

service_description PING
check_command

check_ping!200.0,20%!600.0,60%

normal_check_interval

retry_check_interval

}
ngha ca dch v:
OK nu RTA b hn 200ms v d liu b mt b hn 20%
Bt cnh bo WARNING nu RTA ln hn 200 ms hoc mt hn
20% d liu.
Nagios s thng bo CRITICAL nu RTA ln hn 600 milisecond
hoc mt hn 60% gi d liu.
Gim st thng tin trng thi bng SNMP
Nu router hoc switch h tr SNMP th c th theo di nhiu thng tin bng
giao thc ny.
Gim st thi gian hot ng:
define service{
use

generic-service

host_name

Dalat-CoreSW-1

service_description Uptime
check_command

check_snmp!-C public -o sysUpTime.0

}
Trong cu lnh check_snmp th ty chn C public l chui community v
sysUpTime.0 l ch ra OID cn c kim tra.
Nu mun kim tra trng thi ca cng trn router hoc switch ta nh ngha dch v
sau:
define service{
Trang 91

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

use

generic-service

host_name

Dalat-CoreSW-1

service_description Port 1 Link Status


check_command

check_snmp!-C public -o ifOperStatus.1 -r

1 -m RFC1213-MIB
}
Trong v d trn th ty chn o ifOperStatus.1 ch ra kim tra trng thi
cng 1. Gi tr -r 1 ch ra kt qu tr v l OK nu trng thi l hot ng v
CRITICAL nu khng tm thy gi tr cng 1. Ty chn m RFC1213-MIB ch cho
check_snmp bit ch ti thng tin ca RFC1213-MIB thay v tt c cc MIB trn h
thng, iu ny gip tc kim tra nhanh hn.
Gim st cc interface trn router v switch
Dng plugin check_interface_table gim st tt c cc inerface trn router
hay switch. Ta khai bo plugin trong commands.cfg nh sau
define command{
command_name

check_interface_table

command_line

$USER1$/check_interface_table.pl -H

$HOSTADDRESS$ -C $ARG1$ -w $ARG2$ -c $ARG3$ -Exclude $ARG4$


-Include $ARG5$ -host $ARG6$
}
nh ngha dch v tin hnh gim st
define service{
use

generic-service

hostgroup_name

Dalat-CoreSW-1

service_description

Interface Table

check_command

check_interface_table

Trang 92

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

max_check_attempts

normal_check_interval

retry_check_interval

}
Khai bo trn s tr v gi tr l mt bng tt cc cc interface trn router hay switch

Hinh 5-20: Bng Interface ca plugin check_interface


Gim st nhit
Khai bo plugin ca check_catalyst_temp trong commands.cfg nh sau
define command{
command_name

check_temp

command_line

$USER1$/check_catalyst_temp.pl -s $HOSTADDRESS$

-C $ARG1$ -w $ARG2$ -c $ARG3$


}
gim st nhit ca router hoc switch ta nh ngha dch v sau
define service{
use

generic-service

hostgroup_name

Dalat-CoreSW-1

service_description

Temp

Trang 93

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

check_command

check_temp!70!80

max_check_attempts

normal_check_interval

retry_check_interval

}
Dch v trn s tin hnh kim tra nhit v sinh cnh bo WARNING nu
nhit ln hn 70 v CRITICAL nu nhit ln hn 80
Gim st ti
Dng plugin check_snmp_cisco_loadavg vi khai bo trong commands.cfg
nh sau
define command{
command_name

check_load

command_line

$USER1$/check_snmp_cisco_loadavg

$HOSTADDRESS$ -C $ARG1$ -w $ARG2$ -c $ARG3$


}
nh ngha dch v tin hnh gim st
define service{
use

generic-service

hostgroup_name

Dalat-CoreSW-1

service_description

CPU Load

check_command

check_load!70!80

max_check_attempts

normal_check_interval

retry_check_interval

Trang 94

-H

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Dch v trn s tin hnh kim tra ti CPU v sinh cnh bo WARNING nu ti ln
hn 70% v CRITICAL nu ti ln hn 80%
Gim st tnh trng b nh
S dng plugin check_catalyst_mem gim st dung lng b nh ang
c s dng vi khai bo trong commands.cfg nh sau
define command{
command_name

check_mem

command_line

$USER1$/check_catalyst_mem.pl -s $HOSTADDRESS$

-C $ARG1$ -w $ARG2$ -c $ARG3$


}
Dch v trn s tin hnh kim tra dung lng b nh v sinh cnh bo
WARNING nu dung lng b nh cha s dng cn t hn 20% v CRITICAL
nu t hn 10%
define service{
use

generic-service

host_name

Dalat-CoreSW-1

service_description

Memory

check_command

check_mem!20%!10%

max_check_attempts

normal_check_interval

retry_check_interval

}
Lu li tp tin switch.cfg

Khi ng li dch v Nagios


Trang 95

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Kim tra xem cc thng tin cu hnh c li g khng vi lnh


/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nu qu trnh kim tra thng bo c li, tin hnh sa li ti tp tin c thng bo
ri khi ng li dch v nagios cp nht thay i
service nagios restart
Thng tin kt qu gim st trn Dalat-CoreSW-1
Theo hnh 5-7 ta c th thy thng tin v Dalat-CoreSW-1: IP Address, trng
thi host, trng thi thng tin, host c chp chn hay khng, thi gian cp nht cui
cng

Hinh 5-21: Thng tin trng thi Dalat-CoreSW-1

Thng tin cc dch v trn Dalat-CoreSW-1: ti CPU, bng cc Interface ca


host, dung lng b nh s dng, PING, nhit , thi gian hot ng.
Trang 96

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1


1.21.2.3 Gim st mt s dch v ph bin
Gii thiu
Cc dch v ph bin c cp sau y l cc dch v thng hay c s
dng v trin khai trn cc h thng nh HTTP, FTP, SSH
Ngc li vi mt s dch v khng ph bin ta phi s dng cc agent c
th thu c thng tin cn nh l ti CPU, memory, dung lng a cng
Cc plugin dng gim st mt s dch v c bn
Khi chng ta cn gim st trng thi ca cc ng dng, dch v hoc giao
thc ta cn cc plugin thc thi vic . Nagios cung cp chnh thc cc plugin
ny c th s dng vi mc ch c nhn.
Mc khc nu khng tm thy plugin thch hp, Nagios c th h tr cc
plugin t pht trin bi cc c nhn. Do vy kh nng pht trin ca Nagios hu nh
khng b gii hn.
Khai bo mt host
Trc khi tin hnh gim st cc dch v ta phi nh ngha mt host ni
m cc dch v hoc ng dng c ci t.
define host{
use

generic-host

host_name

DNS Server
Trang 97

Kha Lun Tt Nghip

alias

Tm hiu trin khai gii php gim st mng

Application Server

address
hostgroups

10.0.4.12
allhosts

}
define host{
use

generic-host

host_name

Web Server

alias

Application Server

address
hostgroups

10.0.3.11
allhosts

Khai bo cc dch v cn gim st


Vi mi dch v cn gim st, ta phi nh ngha dch v trong Nagios vi
host c to.
Gim st HTTP
Plugin check_http c dng gim st giao thc HTTP, dng plugin ny
ta c th gim st c thi gian hi bo, m li, chui tr v ca HTML, chng ch
chng thc ca my ch
Trong tp tin commands.cfg ta c nh ngha ca lnh check_http nh sau:
define command{
name

check_http

command_name

check_http

command_line

$USER1$/check_http

$HOSTADDRESS$ $ARG1$

Trang 98

-I

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

}
Mt khai bo n gin gim st dch v HTTP trn Web Server s nh sau:
define service{
use

generic-service

host_name

Web Server

service_description HTTP
check_command

check_http

}
y l mt nh ngha n gin gim st dch v HTTP trn Web Server.
Nagios s cnh bo nu my ch web khng hi bo trong vng 10s hoc c th tr
v m li HTTP nh 403, 404,..
Mt khai bo khc ca check_http cho vic gim st dch v HTTP nh bn
di. Dch v ny c nh ngha kim tra xem ng dn
/download/index.php c cha chui latest-version.tar.gz hay khng. Nagios s
bt cnh bo nu khng cha chui trn hoc my ch khng hi bo trong 5s.
define service{
use

generic-service

host_name

Web Server

service_description Product Download Link


check_command

check_http!-u /download/index.php -t 5 -s

"latest-version.tar.gz"
}

Gim st FTP

Trang 99

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Khi cn gim st cc my ch FTP ta c th s dng dch v check_ftp. Tp


tin commands.cfg cha nh ngha cho lnh check_ftp nh sau:
define command{
command_name

check_ftp

command_line

$USER1$/check_ftp

-H

$HOSTADDRESS$

$ARG1$
}
Mt nh ngha n gin theo di dch v FTP trn my remotehost nh sau:
define service{
use

generic-service

host_name

Sample Server

service_description FTP
check_command

check_ftp

}
nh ngha dch v ny s gim st dch v FTP v to cnh bo nu my
ch FTP khng hi bo trong vng 10s.
Mt khai bo khc cho dch v FTP nh bn di. ngha ca khai bo ny
l Nagios s kim tra FTP trn cng 1023 ca my remotehost. Nagios s to cnh
bo nu my ch FTP khng hi bo trong vng 5s hoc my ch hi bo khng
cha chui Pure-FTPd [TLS]
define service{
use

generic-service

host_name

Sample Server

service_description Special FTP


check_command

check_ftp!-p 1023 -t 5 -e "Pure-FTPd

[TLS]"

Trang 100

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

}
Gim st SSH
Dng plugin check_ssh gim st dch v ny. Lnh check_ssh c nh
ngha trong commands.cfg nh sau:
define command{
command_name

check_ssh

command_line

$USER1$/check_ssh

$ARG1$

$HOSTADDRESS$
}
Mt khai bo kim tra dch v SSH n gin:
define service{
use

generic-service

host_name

Sample Server

service_description SSH
check_command

check_ssh

}
Nagios s sinh cnh bo nu khng c hi p trong vng 10s.
Khai bo di y s kim tra dch v SSH v sinh cnh bo nu my ch khng
hi bo trong vng 5s hoc trong phin bn ca SSH khng cha chui
OpenSSH_4.2
define service{
use

generic-service

host_name

Sample Server

service_description SSH Version Check


check_command

check_ssh!-t 5 -r "OpenSSH_4.2"

Trang 101

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

}
Gim st SMTP
Dng plugin check_smtp gim st dch v ny. Lnh check_smtp c
nh ngha trong commands.cfg nh sau:
define command{
command_name

check_smtp

command_line

$USER1$/check_smtp

-H

$HOSTADDRESS$

$ARG1$
}
Mt khai bo dch v n gin ca smtp:
define service{
use

generic-service

host_name

Sample Server

service_description SMTP
check_command

check_smtp

}
Nagios s sinh cnh bo nu my ch SMTP khng hi bo trong vng 10s.
Khai bo sau s lm cho Nagios sinh cnh bo nu my ch SMTP khng hi bo
trong 5s hoc hi bo t my ch khng cha chui mygreatmailserver.com
define service{
use

generic-service

host_name

Sample Server

service_description SMTP Response Check


check_command

check_smtp!-t

"mygreatmailserver.com"

Trang 102

-e

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Gim st dch v DNS


Dng plugin check_dns c sn trong th vin ca Nagios gim st dch v
ny. Do cha c nh ngha trong commands.cfg nn ta tin hnh nh ngha cho
plugin ny.
define command{
command_name

check_dns

command_line

$USER1$/check_dns -s $HOSTADDRESS$ -H

$ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$


}
Sau khi nh ngha ta khai bo mt dch v kim tra DNS Server c hot ng
ng hay khng
define service{
use

generic-service

host_name

DNS Server

service_description DNS
check_command

check_dns!www.dlu.edu.vn!10.0.3.11!15!

25
}
Vi nh ngha dch v trn Nagios s kim tra my ch DNS Server vi
Host Name www.dlu.edu.vn c phi a ch 10.0.3.11 khng. Nu khng s sinh
cnh bo CRITICAL hoc nu DNS Server khng hi bo trong 15s s sinh cnh
bo WARNING v CRITICAL nu khng hi bo trong 25s.
Khi ng li Nagios

Trang 103

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Kim tra xem cc thng tin cu hnh c li g khng vi lnh


/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nu qu trnh kim tra thng bo c li, tin hnh sa li ti tp tin c thng bo
ri khi ng li dch v nagios cp nht thay i
service nagios restart
Kt qu gim st trn DNS Server
Thng tin cc dch v trn DNS Server: dung lng C, ti CPU, Explore,
dung lng memory s dng, phin bn ca NSClient++, cc tin trnh ang chy
trn my, thi gian bt my, dch v DNS ca DNS Server.

Hinh 5-23: Thng tin cc dch v trn DNS Server


Thng tin trng thi ca DNS Server: Theo hnh 5-10 ta c th thy thng tin
v DNS Server: IP Address, trng thi host, trng thi thng tin, host c chp chn
hay khng, thi gian cp nht cui cng

Trang 104

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-24: Thng tin trng thi DNS Server


Thng tin cc dnh v trn Web Server : dung lng C, ti CPU, Explore,
dung lng memory s dng, phin bn ca NSClient++, cc tin trnh ang chy
trn my, thi gian bt my, dch v HTTP ca Web Server.

Hinh 5-25: Thng tin cc dch v trn Web Server


Thng tin trng thi trn Web Server: Theo hnh 5-11 ta c th thy thng tin
v Web Server: IP Address, trng thi host, trng thi thng tin, host c chp chn
hay khng, thi gian cp nht cui cng

Trang 105

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-26: Thng tin trng thi Web Server


1.21.3. Kt qu gim st h thng ca Nagios
Vi cch cu hnh gim st cc thit b nh my tnh, router, switch,
server nh trn. Ta trin khai chng trnh Nagios trn h thng mng ca trng
i hc Lt gim st cc hot ng trn h thng ny v thu c kt qu nh
sau:
Thng tin tng qut v tnh trng h thng: trng thi chung ca ton h thng,
thng tin cc host down-up, thng tin cc dch v kim tra, thng tin cc cnh
bo....

Trang 106

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-27: Tnh trng h thng


Thng tin cc thit b c gim st: hin th tt c cc thit b c cu hnh gim
st trn Nagios Server, trng thi down-up, ln kim tra cui cng, thng tin trng
thi chung

Hinh 5-28: Danh sch cc thit b gim st


Thng tin cc dch v c gim st trn cc thit b: hin th tt c cc thit b, cc
dch v cu hnh trn tng thit b v trng thi ca chng, ln kim tra cui cng,
s ln kim tra

Trang 107

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-29: Danh sch cc dch v gim st


Bo co v tnh trng ca mt thit b: to bo co theo yu cu, hin th thng tin
v 1 thit b ring bit ( y l Dalat-CoreSW-1) theo thi gian to bo co.

Hinh 5-30: Bo co v thit b Dalat-CoreSW-1


Phn loi cc thit b theo nhm: hin th thng tin cc thit b theo tng nhm,
Linux, Network Switch, Core and Distribution, Windows, hin th trng thi ca cc
thit b , tng s cc dch v.
Trang 108

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-31: Phn loi thit b theo nhm


Cc dch v c vn ti thi im hin ti: thng tin cc dch v c vn gm,
tn thit b, dch v c vn , trng thi dch v, s ln kim tra

Hinh 5-32: Cc vn ca thit b gim st

Cnh bo ca tt c cc thit b v dch v trn h thng: thng tin cc cnh bo


c lit k theo mi gi ca tng ngy. Thng tin cnh bo bao gm ngy gi pht
sinh cnh bo, tn thit b, dch v cnh bo

Trang 109

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-33: Cc cnh bo ca thit b

Cc thng tin tng qut v tnh trng hot ng ca Nagios: hin th thng tin chung
ca Nagios Server, cc dch v kim tra ch ng, cc dch v kim tra b ng, cc
thit b kim tra ch ng, cc thit b kim tra b ng

Trang 110

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-34: Tnh trng ca Nagios Server

Cc cnh bo c sinh ra ti thi im h ti: hin th thng tin cc dch v b cnh


bo (chuyn t up down hay ngc li, critical hay warning).

Trang 111

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-35: Cc cnh bo c sinh ra

1.22. Cu hnh CS-MARS v cc thit b gim st


ng nhp
Trang 112

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Dng trnh duyt web vi a ch IP: 10.1.1.10 vo giao din ng nhp


ca CS-MARS.

Hinh 5-36: Giao din ng nhp CS-MARS


1.22.1. Cu hnh CS-MARS
Cu hnh a ch IP v mt khu mi cho thit b
a ch IP
Chn Tab Admin Configuration Information

Hinh 5-37: Cu hnh tn v IP cho CS-MARS


Thm/sa ip address cho eth0 v eth1.
Mail Gateway.
Domain name.
Trang 113

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cu hnh DNS

Hinh 5-38: Cu hnh DNS


Thm thng tin DNS.
nh tn Domain v Textbox Search Domain v nhn Add.
Khm ph h thng mng
Cc mc hot ng

Hinh 5-39: Cc mc hot ng ca CS-MARS


Level 1: ti mc ny CS-MARS ging nh mt server syslog thng
minh, n chn mt vi log v thc thi truy vn v bo co. in thng tin a
ch tn thit b enable mc ny.
Level 2: yu cu nhiu thng tin v network cn monitor,
Level 3: yu cu chui community v thng tin v network c th
giao tip vi cc thit b.
Thm cc thit b cn gim st
Cu hnh bng tay:

Trang 114

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Admin Security and Monitor devices Add


Chn thit b t drop-down list:

Hinh 5-40: Danh sch cc thit b h tr bi CS-MARS


in cc thng tin cn thit
Chn Submit
Thm cc thit b dng seed file:
Chn Admin Security and monitor devices Load from seed file

Hinh 5-41: Phn in thng tin cho thit b


in thng tin v a ch, tn user, pass ca FTP Server v ng dn
ca tp tin.
Trang 115

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn submit.
1.22.2. Cu hnh cc thit b giao tip vi CS-MARS
1.22.2.1 Cisco IOS 12.2:
y ta s cu hnh mu mt thit b chy IOS 12.2 ca Cisco l DalatCoreSW-1 nh sau:
Config IOS:
Bt telnet.
Bt ssh.
Gi syslog n CS-MARS.
Router(config)# logging trap
Router(config)# logging 10.0.5.10
Cu hnh SNMP RO:
Router(config)# snmp-server community <community string> RO <ACL
name if required>
Cu hnh CS-MARS:
Chn Admin Security and Monitor Devices Add
Chn Cisco IOS 12.2

Hinh 5-42: Thng tin cu cu hnh cho Cisco IOS 12.2


Nhp thng tin Device Name, Access IP, Reporting IP

Trang 116

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Access type:


SNMP:Login( to access the reporting device) Enable password(to get into
Cisco enable mode)> enter its SNMP RO community.
Chn discover
Chn submit
Chn activate.
1.22.2.2 Cisco Switch-IOS 12.2:
y ta s cu hnh mu 1 thit b l Switch Dalat-A4-3750 nh sau:
Config IOS:
Bt telnet.
Bt ssh.
Gi syslog n CS-MARS.
Router(config)# logging trap
Router(config)# logging 10.0.5.10
Cu hnh SNMP RO:
Router(config)# snmp-server community <community name> RO <ACL
name if required>
Cu hnh CS-MARS:
Chn Admin Security and Monitor Devices Add
Chn Cisco Switch-IOS 12.2
Nhp thng tin Device Name, Access IP, Reporting IP
Chn Access type:
SNMP:Login( to access the reporting device) Enable password(to get into
Cisco enable mode)> enter its SNMP RO community.
Chn Discover

Trang 117

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Submit

Hinh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2
1.22.2.3 Cisco IPS 5.0 .
Cu hnh IPS:

Hinh 5-44: Cu hnh cho IPS bt TLS v HTTP


Bt HTTP.

Trang 118

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Bt TLS cho php HTTPS truy xut.


To access cho php CS-MARS.

Hinh 5-45: Cu hnh cho IPS cho php CS-MARS


Cu hnh CS-MARS:
Chn Admin Security and Monitor Devices Add.
Chn Cisco IPS 5.x
Thm tn ca thit b v a ch.
Thm username v password, port mc nh l 443.
Thm vng gim st ca IPS vo.
Chn Test Connectivity Submit.

Trang 119

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-46: Cu hnh cho IPS


1.22.2.4 ASA 7.0:
Ta cu hnh gim st Dalat-Internet-FW nh sau:
Cu hnh ASA:
Bt Telnet:
ng nhp vo ASA vi quyn Administrator
telnet 10.0.5.10 255.255.255.0 inside
Bt SSH:
ng nhp vo ASA vi quyn Administrator.
ssh 10.0.5.10 255.255.255.0 inside

Gi log file n CS-MARS:


Trang 120

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

ng nhp vo ASA vi quyn Administrator.


logging host inside 10.0.5.10
Nu Cisco ASA c gn thm module AIP (Advanced Inspection and Prevention) th
ta cu hnh ging nh IPS 5.x
Cu hnh CS-MARS:
Chn Admin Security and monitor devices Add.
Chn ASA 7.0

Hinh 5-47: Cu hnh cho ASA 7.0


Thm tn Cisco ASA, a ch IP
Nu c thm phn Access IP th chn thm FTP, SSH hoc TELNET
Nhp thng tin chui SNMP RO
Chn Discover.
1.22.2.5 Cu hnh CS-MARS gim st my Windows
Ta cu hnh gim st mt Client mu l Backup Server
Cu hnh Windows:
Bt SNARE: Setup Audit config

Trang 121

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-48: Cu hnh Snare


Thm IP Add hoc DNS name ca local host vo vng Enter the local host name.
Thm IP Add hoc DNS name ca CS-MARS vo vng Enter the remote ip or dns
add.

Hinh 5-49: Cu hnh SNARE 2


Trang 122

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Kim tra li :
Enable SYSLOG header.
Automatically set audit config
Automatically set file system audit config
Chn OK
i my Windows l domain:
Trn Domain Controller, chn Administrator Tools Default Domain Security
Policy Security Setting Local Policies User Rights Management
Manage auditing and security log.
Cu hnh Audit Policy.
i vi Windows 2003
Administratoive Tools Local Security Policy Local Policies.
User Rights Assignment, kim tra rng Manage Auditing and Security log c cp
cho user account ly bng event log

Trang 123

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-50: Cu hnh Local Security Settings


Cu hnh CS-MARS:
Thm thit b:
Chn Admin Sercurity and Monitor Devices Add
Chn Add SW Secrity apps on a new host hoc Add SW Secrity apps on
existing host
Nhp Device Name v IP Add cho host mi.
Chn h iu hnh.
Thm NetBIOS name

Trang 124

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-51: Cu hnh cho my Windows


Chn Logging Info cu hnh thng tin ng nhp.
Windows Operating System 2000/2003/Generic/NT
Thm vo Domain name, host login v password.
Chn Submit

Trang 125

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-52: Cu hnh thng tin ng nhp cho my Windows


Chn Submit
Thm Interface IP Add, Netmask, chn Apply Active.
1.22.2.6 Cu hnh gim st Web Server Windows
Cu hnh tng t nh phn Cu hnh gim st trn Windows v thm vo:

Trang 126

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cu hnh SnareIIS

Hinh 5-53: Cu hnh SnareIIS


Chn Start Programs Administrative Tools Internet Services Manager.
Trn cy th mc trn tri, right-click vo Default Web Site.
Chn Properties.

Hinh 5-54: Cu hnh cho WebServer

Trang 127

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Enable Loggin


T danh sch Active log format, chn W3C Extended Log Format.
Chn Properties.

Hinh 5-55: Cu hnh thng tin cho log


Trong Tab General Properties, chn gi tr ca New Log Time Period l Daily
phn cu hnh CS-MARS sau khi thm thit b l my windows ta thm phn sau:
Chn Reporting Applications.
T danh sch Select Application, chn Generic Web Server Generic.
Chn Add

Hinh 5-56: Cu hnh cho log trn CS-MARS

Trang 128

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Web log format l W3C_EXTENDED_LOG


Chn Submit.
1.22.3. Kt qu gim st ca h thng CS-MARS
Sau khi trin khai thit b CS-MARS theo m hnh trn ta thu c kt qu sau.
Thng tin cc thit b c cu hnh gim st trn CS-MARS: hin th thng tin
tt c cc thit b c cu hnh gim st bao gm: tn thit b, loi thit b, a
ch.

Hinh 5-57: Danh sch cc thit b


Min a ch c cu hnh gim st s c: cu hnh min a ch m CS-MARS
qun l trong vic gim st.

Hinh 5-58: Min a ch gim st

Trang 129

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cc min a ch trn ton b h thng c CS-MARS t ng d tm ra: CSMARS c chc nng t ng khm ph ton b h thng, t s sinh ra cc
min a ch trn ton b h thng.

Hinh 5-59: Danh sch a ch t d tm


Cc quy tc c cu hnh trn thit b. C cc quy tc h thng mc nh c cu
hnh trn CS-MARS v cc quy tc do ngi dng t nh ngha. CS-MARS da
vo cc quy tc ny kim tra cc s c trn h thng,

Hinh 5-60: Cc quy tc trn CS-MARS


Cu hnh thit b to cc bo co t ng: l cc nh ngha v cch to bo co
v mt vn m ngi dng cn thng tin. Nh hnh 6-47, ta c th thy c nhiu
nh ngha v cc bo co cn thit nh: top cc a ch ch nhn truyn d liu,
top cc cng truyn ti nhiu d liu, top cc nhm s kin c ghi nhn

Trang 130

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-61: Cc bo co cn to trn CS-MARS


S m hnh h thng c xy dng thng qua qu trnh gim st: sau khi CSMARS t ng d tm ton b h thng, CS-MARS s hin th s m hnh ton
b h thng.

Hinh 5-62: S mng gim st

Trang 131

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Bo co c biu din mt cch trc quan di dng th: vi cc nh ngha v


bo co trn, CS-MARS s biu din cc thng tin mt cch trc quan di
dng th, gip ngi qun tr nm bt thng tin mt cch nhanh chng. Nh hnh
6-49 ta c thng tin v top cc interface truyn nhiu d liu, top cc interface nhn
nhiu d liu, top cc thit b c ti CPU cao

Hinh 5-63: Bo co di dng th


1.23. So snh hai h thng Nagios v CS-MARS
Tiu Ch

Ni Dung

Nagios Core

CS-MARS

Trin khai

Kin trc m

C kh nng thch ng Tng t nh Nagios.

rng

v lm vic vi h CS-MARS c kh nng


thng ln cng nh c p ng cho vic gim
kh nng gim st khi st trn cc h thng t
h thng nng cp m ln n rt ln.
rng quy m.

Trang 132

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cch cu hnh rt phc c h tr bi cu


Cch cu hnh

tp v mt nhiu thi hnh thng qua giao


gian.

din qun l nn vic


cu hnh n gin hn.

H tr ngi dng t Cc chc nng l c


Linh hot

lp trnh thm cc nh.


tnh nng cho vic
gim st.
H tr vic theo di Tng t nh Nagios.

K thut

Qun l tp
trung

gim st ton b h
thng mt cch tp
trung thng qua giao
din web.

Thng tin hin


th
Hiu qu

Giao din cung cp Cung cp y v chi


thng tin cn hn ch.

tit thng tin cho ngi


qun tr.

Hot ng n nh khi L thit b phn cng


gim st h thng ln.
Tnh n nh

chuyn dng nn hot


ng rt n nh trn
h tng mng ln n
rt ln.

Cung cp cc cnh bo Tng t Nagios


Tnh chnh xc

chnh xc cho ngi


qun tr.

Gim st ton

Cho php gim st hu Gim st tt c cc

din

ht cc thit b v cc thit b v dch v ph


dnh v ph thng.

thng. Ngoi ra cn
tng thch vi cc
thit b chuyn dng

Trang 133

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

khc.
Cung cp cc cnh bo Cung cp cnh bo cho
Kh nng cnh

cho ngi dng thng ngi dng thng qua

bo

qua

Email,

syslog.
Giao din qun
l

SMS, Email, SMS, syslog,


SNMP

Thng tin gim st Qun l thng qua giao


c xem thng qua din web.
giao din web.
Khng c kh nng T cc d liu thu
phn tch d liu.

c dng th, phn


loi d liu qua cc
thit b khc nhau,

Phn tch d liu

phn tch cc thng tin


thu c a ra cc
cnh bo chnh xc
nht i vi h thng.

sut gii

Khng c kh nng Vi kh nng phn loi

php

a ra cc gii php v phn tch thng tin


nhm ngn chn, gim thu c. L mt thit
nh cc s c ca h b phn cng chuyn
thng.

dng thng minh c th


phn on tnh hung
trn h thng cng nh
a ra cc gii php
nhm ngn chn gim
nh cc s c.

Trang 134

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Thng tin d liu c Cc d liu thu c


Tnh bo mt

th b truy xut nu qu c m bo tnh bo


trnh trin khai khng mt mt cch tuyt i.
tt.
Phc tp trong qu Vic bo tr, nng cp
trnh bo tr nu phn c tin hnh mt

Bo tr

trin khai khng tt do cch d dnh.


khng h tr cu hnh
thng qua giao din
qun l.
Hon ton min ph i Do l thit b phn
vi

Chi ph

phin

ngun m.

bn

m cng thng minh v


chuyn dng nn cn
chi ph cao trong vic
lp t trin khai.

Bang 5-8: So snh Nagios v CS-MARS


1.24. nh gi h thng gim st trin khai da trn Nagios
Vi h thng ln s dng Nagios c th p ng nhu cu gim st ton b h
thng vi cc thit b v cc giao thc ph bin. H thng gim st bng Nagios c
th chy rt n nh v d dng cho vic qun l nu ta cu hnh ng. Nhng th
mnh ca Nagios l tnh n nh cao v kh nng t pht trin cc plugin dng cho
vic kim tra cc dch v ca ngi dng. Tuy nhin vic cu hnh cho Nagios
rt phc tp v mt nhiu thi gian. Phn mm Nagios cng cn nhiu hn ch
trong vic hin th d liu, khng c cc th s liu cng nh s m hnh
mng h thng. Bn cnh cc phn mm agent khng c kh nng tng thch
tt vi cc phin bn mi ca Nagios do cc nhm pht trin phn mm ny khng
cn pht trin nhm phn mm ny na. Nagios l mt cng c rt mnh nhng ch
h tr tt cho cc qun tr vin chuyn nghip do vic kh khn trong vn trin
khai. Ngoi ra Nagios khng quan tm nhiu n nhng ngi dng mi. Khng c

Trang 135

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cc chnh sch h tr cng nh gip cho vic trin khai nu ta s dng phin bn
min ph.
1.25. nh gi h thng gim st trin khai da trn CS-MARS
CS-MARS l mt thit b phn cng chuyn dng vi kh nng gim st, thu
thp, phn loi, phn tch d liu u vo rt mnh. CS-MARS thu thp tt c cc
s kin dng th. Phn loi cc s kin theo lung d liu qua cc thit b khc
nhau. To cc quy tc kim tra cc s kin bt thng. Sau tng hp cc thng
tin ny a ra nh gi chnh xc nht v tnh trng h thng v hin th cc
thng tin ny thnh cc biu , truy vn, bo co, thng bo. Ngoi ra n cn ng
vai tr l trung tm lu tr cc s kin c gi t cc thit b khc. Do l mt thit
b phn cng chuyn dng nn CS-MARS c kh nng giao tip, tng thch vi
cc thit b gim st, bo v chuyn dng khc nh IPS, IDS, FirewallNh cc
thng tin ny ta c th pht hin c nhng s kin bt thng, qua tm cch
khc phc hiu qu nht trong thi gian sm nht gip cho h thng hot ng
thng sut, hiu qu.
1.26. Tng kt
Vi cc chng trnh gim st h thng m ngun m nh hin nay ch p
ng c mt phn cc nhu cu cho vic gim st, theo di ton b mi trng
mng phc tp. Bn cnh cc thit b chuyn dng th p ng kh tt cc nhu
cu ny nhng chi ph cho vic trin khai li kh cao, ch ph hp vi cc h thng,
doanh nghip, t chc ln.
Vic trin khai mt h thng gim st cn da trn cc tiu ch nh: ln
ca h thng, cc chc nng m rng, chi ph cho cp cho vic trin khai h thng
gim st
Ty theo h thng ca tng t chc, doanh nghip, n v khc nhau m ta
trin khai h thng gim st cho ph hp.
KT LUN V HNG PHT TRIN
Kha lun nghin cu, trin khai v hon thnh nhng vn sau:

Trang 136

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

L thuyt
V vn gim st: kha lun i su phn tch v gim st h thng
v tm quan trng ca vic gim st h thng trong mi trng mng.
V giao thc qun l mng: kha lun trnh by rt k v giao thc
qun l mng n gin (Simple Network Management Protocol) bao gm:
khi nim giao thc qun l mng, cc thnh phn trong giao thc qun l
mng, v cch hot ng ca giao thc qun l mng.
Thc nghim
Kha lun a ra m hnh trin khai v trnh by ton b cc bc cu hnh cc h
thng gim st theo m hnh trin khai ra.
Nhng kt qu t c
C cc kin thc v gim st h thng, cc giao thc qun l mng.
Trin khai thnh cng m hnh gim st h thng bng cc thit b v
phn mm khc nhau.
C th cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS,
Windows, Linux phc v cho qu trnh gim st.
Tch ly kinh nghim trong vic cu hnh cc cng ngh trn.
Hng pht trin
Tch hp cc gii php gim st khc vo h thng gim st Nagios
c sn nhm ti u ha h thng ny.
Nng cp thit b CS-MARS tng cng kh nng x l pht hin,
x l cc s c trn h thng.

Trang 137

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

THUT NG VIT TT & K HIU


SNMP (Simple Network Management
Protocol)
RFC (Request For Comments)
NMS (Network Management Station)
SMI (Structure of Management
Information)

CS-MARS: Cisco Security


Monitoring, Analysis, and Response
System.
Manager: my trm qun l.
Agent: phn mm trn my cn qun
l.
Router: b nh tuyn.

MIB (Management Information Base)

Switch: b chuyn mch.

UDP (User Datagram Protocol)

ASA: tng la ca Cisco.

RMON (Remote Network


Monitoring)

IPS: h thng phng chng xm nhp.

HTTP (Hypertext Transfer Protocol)


FTP (File Transfer Protocol)
DNS (Domain Name System)
SSH (Secure Shell)
SMTP (Simple Mail Transfer Protocol)

Trang 138

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

TI LIU THAM KHO


[1] Douglas Mauro & Kevin Schmidt, Essential SNMP, OReilly, Sebastopol,
CA 95472, 2001.
[2] Max Schubert & Derrick Bennett & Jonathan Gines & Andrew Hay & John
Strand, Nagios 3 Enterprise Network Monitoring Including Plug-Ins and
Hardware Devices, Syngress Publishing, Burlington, MA 01803, 2008.
[3] Woflgang Barth, Nagios System and Network Monitoring, William
Pollock, CA, 2006.
[4] Americans Headquarters, Cisco Security MARS Initial Configuration and
Upgrade Guide, Release 6.x, Cisco System, Inc, San Jose, 2009.
[5] Gary Halleen & Greg Kellogg, Security Monitoring with Cisco Security
MARS, Cisco Press, Indianapolis, 2007.
[6] Augusto Ciuffoletti & Michalis Polychronakis, Architecture of a Network
Monitoring Element, 15th IEEE, 2006
[7] Julian Hein, Watching your systems with Nagios, Nagios Workshop, 2008
[8] IPSwitch, The Value of Network Monitoring, IPSwitch, 2007
Cc trang web:

[1]

www.cisco.com

[2]

www.ciscopress.com

[3]

www.vnpro.org

[4]

www.nagios.com

[5]

www.cio.com

[6]

www.exchange.nagios.org

[7]

www.monitoringexchange.org

Trang 139

You might also like