Professional Documents
Culture Documents
LI CAM OAN
Lt ngy 24/11/2010
Lng V Cng Khoa
LI CM N
Lt ngy 24/11/2010
Lng V Cng Khoa
Trng i Hc Lt
Khoa Cng Ngh Thng Tin
CNG NGHIN CU KHA LUN TT NGHIP
Tn Ti: Tm hiu trin khai gii php gim st mng
Chuyn ngnh: Mng v Truyn thng
Sinh vin thc hin: Lng V Cng Khoa - 0612237
Kha: CTK30
Gio vin hng dn: ThS. Trn Thng
1. Mc tiu ti:
Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch
v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht
hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng
n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h
thng mng.
2. Ni Dung Ti:
Tm hiu giao thc qun l mng.
Nghin cu cc chng trnh gim st h thng, dch v, hiu sut
mng da trn m ngun m.
Tm kim gii php gim st mng ti u.
Trin khai m hnh gim st h thng mng.
3. Phn mm v cng c s dng:
Nagios
CentOS
CS-MARS
4. D kin kt qu: da trn kt qu nghin cu a ra thit k v trin khai mt m
hnh gim st h thng mng ti u.
SV Thc hin
(K tn)
(K tn)
Trng khoa
T trng B mn
(K tn)
(K tn)
MC LC
NHN XT CA GIO VIN HNG DN......................................................................1
NHN XT CA GIO VIN PHN BIN 1.......................................................................2
NHN XT CA GIO VIN PHN BIN 2.......................................................................3
LI CAM OAN................................................................................................................. 4
LI CM N...................................................................................................................... 5
CNG NGHIN CU KHA LUN TT NGHIP...................................................6
TM TT KHA LUN....................................................................................................14
LI M U.................................................................................................................... 16
CHNG 1. TNG QUAN V TM QUAN TRNG CA VIC GIM ST H THNG18
1.1. Gii thiu...................................................................................................18
1.2. Hiu bit v h thng.................................................................................19
1.3. Cn phi gim st nhng g v ti sao......................................................20
1.4. Nhng yu t cn thit cho mt h thng gim st...................................23
1.5. Tng kt....................................................................................................23
CHNG 2. GIAO THC QUN L MNG N GIN.................................................24
1.6. SNMP l g?..............................................................................................24
1.6.1. Qun l v gim st mng..................................................................24
1.6.2. RFCs v cc phin bn SNMP............................................................25
1.6.3. Managers v Agents...........................................................................26
1.6.4. Structure of Management Information v MIBS...................................27
1.6.5. Qun l my trm................................................................................28
1.7. Chi tit v SNMP.......................................................................................28
1.7.1. SNMP v UDP....................................................................................28
1.7.2. SNMP Communities............................................................................31
1.7.3. Structure of Management Information (SMI).......................................32
1.7.4. SMI version 2......................................................................................36
1.7.5. Chi tit v MIB-II.................................................................................39
1.7.6. Hot ng ca SNMP.........................................................................41
1.8. Tng kt....................................................................................................53
CHNG 3. PHN MM GIM ST NAGIOS CORE.....................................................54
1.9. Gii thiu...................................................................................................54
1.9.1. Li ch ca vic gim st ti nguyn...................................................55
1.9.2. Cc chc nng chnh..........................................................................57
1.9.3. Trng thi tm thi v c nh.............................................................59
1.10. Tng kt..................................................................................................60
CHNG 4 . CISCO SECURITY MONITORING, ANALYSIS, AND RESPONSE SYSTEM
......................................................................................................................................... 60
1.11. H thng gim thiu mi e da an ninh.................................................61
DANH MC CC HNH V
Hinh 2-1: M hnh hot ng gia NMS v Agent............................................................27
Hinh 2-2: M hnh trao i d liu gia NMS v Agent....................................................29
Hinh 2-3: S cy cc OID............................................................................................34
Hinh 2-4: S cc OID ca SMIv2.................................................................................37
Hinh 2-5: S chi tit OID..............................................................................................40
Hinh 2-6: M hnh hot ng ca SNMP..........................................................................42
Hinh 2-7: M hnh hot ng ca lnh get........................................................................42
Hinh 2-8: S ng i OID..........................................................................................45
Hinh 2-9: M hnh ly thng tin get-bulk...........................................................................46
Hinh 2-10: M hnh lnh set..............................................................................................47
Hinh 2-11: M hnh gi Trap t Agent..............................................................................50
Hinh 3-12: Cc i tng cn gim st trn Nagios.........................................................54
Hinh 3-13: V d m t s c............................................................................................58
Hinh 3-14: Kim tra trng thi...........................................................................................60
Hinh 5-15: M hnh trin khai............................................................................................66
Hinh 5-16 Giao tip gia Nagios v Windows..................................................................81
Hinh 5-17: Phn mm NSClient++....................................................................................83
Hinh 5-18: Thng tin cc dch v trn Sample Client........................................................88
Hinh 5-19: Thng tin v Sample Client.............................................................................88
Hinh 5-20: Bng Interface ca plugin check_interface......................................................93
Hinh 5-21: Thng tin trng thi Dalat-CoreSW-1..............................................................96
Hinh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1....................................................97
Hinh 5-23: Thng tin cc dch v trn DNS Server.........................................................104
Hinh 5-24: Thng tin trng thi DNS Server...................................................................105
Hinh 5-25: Thng tin cc dch v trn Web Server..........................................................105
Hinh 5-26: Thng tin trng thi Web Server....................................................................106
Hinh 5-27: Tnh trng h thng.......................................................................................107
Hinh 5-28: Danh sch cc thit b gim st.....................................................................107
Hinh 5-29: Danh sch cc dch v gim st....................................................................108
Hinh 5-30: Bo co v thit b Dalat-CoreSW-1..............................................................108
Hinh 5-31: Phn loi thit b theo nhm..........................................................................109
Hinh 5-32: Cc vn ca thit b gim st...................................................................109
TM TT KHA LUN
VN NGHIN CU
Tm hiu giao thc qun l mng
Nghin cu cc chng trnh gim st h thng, dch v, hiu sut
mng da trn m ngun m.
Tm kim gii php gim st mng ti u.
Trin khai m hnh gim st h thng mng.
HNG TIP CN
Nghin cu l thuyt cc giao thc qun l h thng mng nh Simple
Network Management Protocol (SNMP). Trn c s l thuyt c c tin hnh
nghin cu cc gii php gim st h thng khc nhau.
ti c thc hin theo hng nghin cu h thng gim st bng m
ngun m v tin hnh trin khai th nghim h thng gim st bng cc phn mm
m ngun m trn h thng mng trng i hc Lt.
Bn cnh tin hnh nghin cu h thng gim st bng cc thit b phn
cng chuyn dng. ng thi trin khai th nghim h thng gim st bng cc
thit b chuyn dng trn h thng mng trng i hc Lt.
T vic trin khai hai h thng trn, rt ra kt lun v mi h thng v a ra
nh gi v tng h thng da trn cc tiu ch khc nhau.
B CC KHA LUN
Chng 1: Tng quan v tm quan trng ca vic gim st h thng
Chng ny trnh by v mc quan trng ca vic gim st h thng trong
th gii hin ti. Nu ln nhng hiu bit v h thng mng. a ra cc mc tiu
cn gim st v l do ti sao. ng thi cung cp thng tin v cc l do hng u
cho vic ti sao cn thit phi trin khai mt h thng gim st. Chng ny cng
a ra c nhng yu t cn thit cho mt h thng gim st ti u.
Trang 14
Trang 15
LI M U
TNH CP THIT CA TI
Ngy nay, vi cc nhu cu ngy cng cao ca con ngi, khoa hc v cng
ngh ngy cng pht trin p ng cc nhu cu . Trong mi t chc, mi
doanh nghip u c c s h tng ring ca mnh, ch khc nhau quy m v cch
t chc. Mi t chc, cc doanh nghip ngy cng mun pht trin tng li
nhun, chnh v vy c s h tng ngy cng c nng cp m rng p ng
cho cc hot ng . i km vi vic cng ngh pht trin l s m rng khng
ngng v quy m v cht lng ca c s vt cht, ca h tng mng. Tt c cc t
chc, cc doanh nghip u khc nhau, nhng s nh hng ca h thng mng i
vi hot ng ca doanh nghip hu nh khng thay i. Thc t, khi doanh nghip
pht trin, mng li pht trin khng ch v quy m v tnh phc tp, m cn trong
ngha v gi tr. H tng mng cn c bit quan trong khi mi hot ng ca cc
t chc, doanh nghip ph thuc hu ht vo chng.
Mng li gim st i vi mng ca mt doanh nghip hay mt t chc l
mt chc nng quan trng c th gip tit kim tin trong vic tng hiu sut mng,
tng nng sut lao ng v gim chi ph c s h tng. Mt h thng gim st theo
di h tng mt mng ni b xc nh cc vn . N c th tm kim v gip
gii quyt cc s c ca cc thit b v hot ng ca ngi dng.
Vi mt ngun ti nguyn quan trng th vic m bo cho ngun ti nguyn
ny c th hot ng lin tc l mt vn thit yu. V y cng l mt thch thc
bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi dch v,
virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip dn ti
vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh li ch
thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin mnh, vi
cng ngh mi, thit b mi, nn vic m bo cho h thng hot ng mt cch tri
chy l v cng kh khn v quan trng.
Trang 16
y l lnh vc gim st mng, l chc nng quan trng nht trong qun l
mng. Cch duy nht bit c tt c mi th trn mng ang hot ng nh th
no l phi gim st n lin tc.
1.2. Hiu bit v h thng
Trong th gii hin ti chng ta c th khng khi b ng trc phc tp
ca h thng mng. Cc thit b nh router, switch, hub kt ni v s cc my
con n cc dch v trn my ch cng nh ra ngoi Internet. Thm vo l rt
nhiu cc tin ch bo mt v truyn thng c ci t bao gm c tng la,
mng ring o, cc dch v chng spam th v virus. S hiu bit v cu trc ca h
thng cng nh c c kh nng cnh bo v h thng l mt yu t quan trng
trong vic duy tr hiu sut cng nh tnh ton vn ca h thng. C hng ngn kh
nng c th xy ra i vi mt h thng v qun tr vin phi m bo c rng
cc nguy c xy ra c thng bo mt cch kp thi v chnh st.
H thng mng khng cn l mt cu trc cc b ring r. N bao gm
Internet, mng cc b (LAN), mng din rng (WAN), v tt c cc thit b, my
ch, ng dng chy trn h thng . D cho php ngi dng truy cp v chia s
thng tin, s dng cc ng dng, v giao tip vi nhau v vi th gii bn ngoi
bao gm c ging ni, d liu, hoc hnh nh th v bn cht vn l mng li h
thng.
Mt h thng mng thng c ngi dng bn trong v bn ngoi, bao gm
nhn vin, khch hng, i tc v cc bn lin quan. Ti u hiu sut mng nh
hng n t chc theo cc cch khc nhau. V d, nu nhn vin khng th truy
cp cc ng dng v thng tin m h cn dng lm vic th s nh hng n
nng xut cng vic. Hoc khi khch hng khng th hon thnh giao dch trc
tuyn, iu ny c ngha l mt doanh thu v nh hng ti uy tn ca t chc.
Ngay c khi cc bn lin quan nh cc nh u t khng th tm kim, xem xt cc
thng tin ca t chc cng gy nh hng ti t chc.
Thc t l mng rt phc tp v d sai v mi thnh phn trong mng i
din cho mt nguy c nh hng n h thng. cng l l do ti sao n cn thit
phi c gim st gim thiu ti a cc nguy c tim tng. Tuy nhin khng
Trang 19
Ti sao
Trang 20
qu ti dn ti nh hng h thng.
s lm ngng tr h thng.
nht
server,
chng
spyware, thng.
malware.
Lng d liu vo v ra ca router.
Trang 21
Trang 22
Trang 23
Trang 24
Trang 25
thc mnh, cho php truyn thng ring t gia v c xc nhn gia cc thc
th.
1.6.3. Managers v Agents
Trong mi trng SNMP c 2 loi thc th l: managers v agents. Manager
l mt my ch chy cc phn mm qun l. Managers thng thng c xem nh
l Network Management Stations (NMSs). Mt NMS chu trch nhim cho vic
Poll v nhn Traps t cc agent trong mng.
Poll l mt hnh ng truy vn agent (router, switch, Unix server,) ly
cc thng tin cn thit.
Trap l cch agent thng bo cho NMS bit chuyn g xy ra. Trap
khng c gi mt cch ng b ngha l n khng chu trch nhim hi bo cc
truy vn ca NMS m ch thng bo khi c vn xy ra. V d, khi mt lin kt T1
ca router b mt kt ni, router c th gi mt Trap n NMS.
Thc th th hai l Agent: l mt phn mm chy trn thit b mng cn
qun l. N c th l mt chng trnh ring bit hoc cng c th c tch hp
vo h iu hnh (v d nh Cisco IOS trn router hay mt h iu hnh cp thp
qun l UPS-b tch in). Ngy nay, hu ht cc thit b hot ng da trn nn
tng IP u i km vi cc phn mm SMNP agent gip ngi qun tr c th qun
l thit b mt cch d dng. Agent cung cp thng tin cho NMS bng cch theo di
cc hot ng ca thit b. V d, agent trn router theo di trng thi cc cng ca
router. NMS c th truy vn trng thi ca cc cng ny v c hnh ng thch hp
khi nu nh mt trong cc cng xy ra vn . Khi agent pht hin c vn xy ra
trn thit b n c th gi trap n NMS. Mt vi thit b s gi hi bo all clear
trap khi c s chuyn i t trng thi xu sang tt. iu ny cng c th c ch
trong vic xc nh vn c gii quyt. Hnh bn di m t mi quan h
gia NMS v Agent.
Trang 26
Trang 27
Trang 28
SNMP dng cng UDP 161 gi v nhn yu cu, UDP 162 nhn trap.
Tt c cc thit b s dng SNMP phi dng 2 cng mc nh ny, nhng mt vi
nh sn xut cho php ta thay i cng trn cu hnh ca agent. Nu cu hnh mc
nh b thay i, NMS phi thay i ph hp vi cu hnh trn agent.
Trang 29
Trang 30
Trang 31
cng UDP 162 cho gi tin trap. Tng la khng th ngn chn 100% nguy c b
tn cng, n ch gp phn gim thiu nguy c b tn cng cho h thng.
iu quan trng cn bit l mt khi c ngi bit c chui community
read-write trn cc thit b, ngi ny c th chim quyn iu khin cc thit b
(nh thay i cu hnh ca router hay switch). C mt cch m bo chui
community l s dng Virtual Private Network (VPN) m bo d liu c m
ha khi truyn. Mt cc khc l thay i chui community thng xuyn (cch ny
khng kh thi trong mi trng mng ln). Mt gii php n gin l vit mt Perl
script thay i chui community trn thit b.
1.7.3. Structure of Management Information (SMI)
Structure of Management Information Version 1 (SMIv1, RFC 1155) nh
ngha mt cch chnh xc lm cch no qun l mt i tng c t tn v
ch ra mi quan h gia chng. Structure of Management Information Version 2
(SMIv2, RFC 2578) cung cp phng thc ci tin cho SNMPv2.
nh ngha ca cc i tng c qun l c th m t qua 3 thuc tnh
sau:
Name: hay cn gi l object identifier (OID), nh ngha duy nht mt
i tng qun l. Tn thng xut hin di 2 dng: s v loi c th c
(human readable). Trong c 2 dng trn, tn thng di v khng thun tin.
Trong cc ng dng SNMP, c nhiu cch h tr cho vic c tn ny
mt cch thun tin.
SYNTAX: loi d liu ca i tng c qun l c nh ngha
bng cch s mt tp cc k hiu Abstract Syntax Notation One (ASN.1).
ASN.1 l phng php ch ra cch d liu c biu din v truyn gia
manager v agent. Mt c im thun tin ca ASN.1 l cc k hiu c
lp. iu ny c ngha cc h thng khc nhau u c th truyn thng
SNMP vi nhau.
Encoding: mt i tng qun l c m ha thnh 1 chui cc
octets s dng Basic Encoding Rules (BER). BER nh ngha cch i tng
Trang 32
t tn OIDs
Cc i tng qun l c t chc thnh cu trc dng cy. Cu trc ny l
Trang 33
nh ngha OIDs
Trong SMIv1 nh ngha mt OID ta cn khai bo cc thng tin sau:
Trang 34
M t
L mt s 32-bit thng dng nh l loi d liu lit k
trong cc i tng. V d: trng thi hot ng ca 1
Integer
Octet String
Counter
Object Identifier
Null
Sequence
Sequence of
IpAddress
NetworkAddress
Timeticks
Opaque
Trang 36
M t
Integer32
Ging nh Integer
Counter32
Ging nh Counter
Gauge32
Ging nh Gauge
Trang 37
Unsigned32
C gi tr t 0 - 232-1
Counter64
BITS
nh ngha i tng
UnitsParts
M t
Mt m t nguyn vn dng i din cho i
tng
Tng ng vi trng ACCESS SMIv1. Cc gi
MAX-ACCESS
STATUS
AUGMENTS
Trang 38
Trang 39
Trang 40
Trang 41
Get
get: c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi
Trang 43
1.7.6.2
Get-next
get-next: a ra mt dy cc lnh ly thng tin t mt nhm trong MIB.
Trang 44
get-bulk
get-bulk c nh ngha trong SNMPv2. N cho php ly thng tin qun
l t nhiu phn trong bng. Dng get c th lm c iu ny. Tuy nhin, kch
thc ca cu hi c th b gii hn bi agent. Khi nu n khng th tr li ton
b yu cu, n gi tr mt thng ip li m khng c d liu. Vi trng hp dng
cu lnh get-bulk, agent s gi cng nhiu tr li nu n c th. Do , vic tr li
mt phn ca yu cu l c th xy ra. Hai trng cn khai bo trong get-bulk l:
nonrepeaters v max-repetitions. nonrepeaters bo cho agent bit N i tng
u tin c th tr li li nh mt cu lnh get n. max-repeaters bo cho
agent bit cn c gng tng ln ti a M yu cu get-next cho cc i tng cn
li:
Trang 45
N + (M * R)
N: nonrepeater, tc s cc i tng v hng
M: max-repeatition
R: s cc i tng c hng trong yu cu ch c sysDescr l v hng N = 1
M c th t cho l 3 , tc l 3 trng cho mi ifInOctets v ifOutOctets. C 2 i
tng c hng l ifInOctets v ifOutOctets R = 2
Tng s c 1 + 3*2 = 7 varbind
Trang 46
Cn trng v2c l do get-bulk l cu lnh ca SNMPv2 nn s dng v2c ch rng s dng PDU ca SNMPv2. -B 1 3 l t tham s N v M cho
lnh.
1.7.6.4 Set
Set: thay i gi tr ca mt i tng hoc thm mt hng mi vo bng.
i tng ny cn phi c nh ngha trong MIB l read-write hay writeonly. NMS c th dng set t gi tr cho nhiu i tng cng mt lc:
sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The physical location of this node (e.g., 'telephone closet,
3rd floor')."
::= { system 6 }
C th ci t nhiu i tng cng lc, tuy nhin nu c mt hnh ng b
li, ton b s b hy b.
1.7.6.5
M t
noError(0)
Khng c li
tooBig(1)
Yu cu qu ln c th dn vo mt cu tr li.
noSuchName(2)
badValue(3)
readOnly(4)
genErr(5)
Trang 48
M T
Li khi lnh set c gng xm nhp vo mt
bin cm xm nhp. Khi , bin c trng
ACCESS l not-accessible
Li xy ra khi lnh set t mt kiu d liu
wrongType(7)
wrongLength(8)
ln
hn
chiu
di
ti
ca
i tng
wrongEncoding(9)
wrongValue(10)
noCreation(11)
resourceUnavailable(13)
commitFailed(14)
undoFailed(15)
Trang 49
u tht bi.
authorizationError(16)
notWritable(17)
inconsistentName(18)
1.7.6.6
Trap
Trap l cnh bo ca agent t ng gi cho NMS NMS bit c tnh trng
xu agent.
Khi nhn c mt trap t agent, NMS khng tr li li bng ACK. Do
agent khng th no bit c l li cnh bo ca n c ti c NMS hay
khng. Khi nhn c mt trap t agent, n tm xem trap number hiu
ngha ca trap .
Trang 50
Tuy nhin khng phi mi bin c u c agent gi trap, cng khng phi
mi agent u gi trap khi xy ra cng mt bin c. Vic agent gi hay khng gi
trap cho bin c no l do hng sn xut device/agent quy nh.
Phng thc trap l c lp vi cc phng thc request/response. SNMP
request/response dng qun ln SNMP trap dng cnh bo. Ngun gi trap
gi l Trap Sender v ni nhn trap gi l Trap Receiver. Mt trap sender c th
c cu hnh gi trap n nhiu trap receiver cng lc.
C 2 loi trap : trap ph bin (generic trap) v trap c th (specific trap).
Generic trap c quy nh trong cc chun SNMP, specific trap do ngi dng t
nh ngha (ngi dng y l hng sn xut SNMP device). Loi trap l mt s
nguyn cha trong bn tin trap, da vo m pha nhn trap bit bn tin trap c
ngha g.
Theo SNMPv1, generic trap c 7 loi sau : coldStart(0), warmStart(1),
linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborloss(5),
enterpriseSpecific(6). Gi tr trong ngoc l m s ca cc loi trap. ngha ca cc
bn tin generic-trap nh sau:
S v tn kiu Trap
nh ngha
Thng bo agent va khi ng li. Tt c cc
bin qun l s c reset, cc bin kiu
Counters v Gauges c t v 0.
coldStart (0)
warmStart (1)
linkDown (2)
linkUp (3)
authenticationFailure (4)
egpNeighborLoss (5)
enterpriseSpecific (6)
Notification
chun ha nh dng PDU trap ca SNMPv1 do PDU ca get v
linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }
Trang 52
STATUS current
DESCRIPTION
"A linkDown trap signifies that the SNMPv2 entity, acting in an agent role, has
detected that the ifOperStatus object for one of its communication links left the
down state and transitioned into some other state (but not into the notPresent
state). This other state is indicated by the included value of ifOperStatus."
::= { snmpTraps 3 }
OID ca trap ny l 1.3.6.1.6.3.1.1.5.3, tc
iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps
.linkDown.
1.7.6.8
Inform
SNMPv2 cung cp c ch truyn thng gia nhng NMS vi nhau, gi l
SNMP inform. Khi mt NMS gi mt SNMP inform cho mt NMS khc, NMS
nhn c s gi tr mt ACK xc nhn s kin. Vic ny ging vi c ch ca
get v set.
Ch : SNMP inform c th dng gi SNMPv2 Trap n 1 NMS. Trong
trng hp ny agent s c thng bo khi NMS nhn c Trap.
1.7.6.9
Report
c nh ngha trong bn nhp ca SNMPv2 nhng khng c pht trin.
Trang 53
Trang 56
thc hin bt k kim tra trn router hoc trn cc my tnh ph thuc vo router.
iu ny c minh ha trong v d sau y:
Hinh 3-13: V d m t s c
Ta cng c th nh ngha rng mt dch v ph thuc vo mt dch v khc,
hoc trn cng mt my ch hoc trn cc my ch khc nhau. Nu mt trong cc
dch v l ngng hot ng, mt kim tra cho mt dch v m ph thuc vo n s
khng c thc hin. V d, i vi mng ni b ca ng dng cng ty hot ng
tt, c hai my ch web c bn v c s d liu mt my ch u hot ng. V
vy, nu mt dch v c s d liu khng hot ng, Nagios s khng thc hin
kim tra cc ng dng. My ch c s d liu c th l trn cng mt my hot
khc my.Trong mt trng hp nh vy, nu my b hng hoc khng th truy
cp, cnh bo cho tt c cc dch v ph thuc vo cc dch v c s d liu s
khng c gi.
Nagios cng cung cp c ch ln lch cho k hoch ngng hot ng v
mt vi l do no nh bo tr hoc nng cp h thng. Ta c th ln lch cho mt
Trang 58
Trang 59
c coi l kh khn ngay lp tc. Sau y l mt minh ha cho trng thi tm thi
v c nh, gi s s ln kim tra l 3 ta s c:
Trang 60
Trang 62
Trang 63
Trang 64
Trang 65
Trang 66
Trang 67
Trang 68
Trang 69
Chn Yes khi xut hin cu hi "Would you like to initialize this drive, erasing
ALL DATA?"
Trang 70
Trang 71
Trang 72
Trang 73
Trang 74
Ti y, ta chn Next
Trang 75
Trang 76
1.21.1.2 Ci t Nagios
Yu cu
ci t phn mm trc tin ta phi c quyn truy cp ti khon root.
m bo rng cc gi ci t sau c ci trn h iu hnh CentOS trc khi tip
tc:
Apache
PHP
Phn bin dch GCC
Th vin GD
Chng ta c th s dng lnh yum ci t cc gi ng dng bng cc lnh sau:
yum install httpd php
yum install gcc glibc glibc-common
yum install gd gd-devel
To thng tin ti khon ngi dng
Trc tin ta phi c quyn truy cp nh l root
su -l
To ti khon nagios v mt khu
/usr/sbin/useradd -m nagios
passwd nagios
To mt nhm ngi dng mi l nagcmd, cho php ti khon nagios c th truy
cp vo giao din web ta thm ti khon nagios v apache vo nhm nagcmd
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache
Trang 77
Trang 78
Ty chnh cu hnh
Nhng tp tin cu hnh ca nagios nm ti th mc /usr/local/Nagios/etc.
Chnh sa tp tin contacts.cfg ti/usr/local/Nagios/etc/objects/contacts.cfg thay
i thng tin a ch email cn dng cho vic nhn cc cnh bo.
vi /usr/local/nagios/etc/objects/contacts.cfg
Cu hnh giao din Web
Ci t tp tin cu hnh web Nagios trong th mc conf.d ca Apache.
make install-webconf
To ti khon nagiosadmin ng nhp vo giao din web ca Nagios.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Khi ng li Apache cc ci t mi c hiu lc.
service httpd restart
Bin dch v ci t cc Plugins ca Nagios
Gii nn m ngun ca Nagios Plugins
cd ~/downloads
tar xzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11
Bin dch v ci t plugins
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
Bt u Nagios
Thm Nagios vo danh sch cc dch v h thng t bt u khi h iu hnh c
khi ng.
chkconfig --add nagios
Trang 79
chkconfig nagios on
Xc nh tp tin cu hnh ca Nagios xem c li g khng.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nu kt qu tr v l khng c li th ta bt u dch v Nagios.
service nagios start
Sa i SELinux
H iu hnh CentOS c ng dng SELinux (Security Enhanced Linux)
c ci t mc nh v ch Enforcing. iu ny c th lm chng ta khng
truy cp c giao din ca Nagios.
Xem th ch ca SELinux c phi l Enforcing khng.
getenforce
t li ch cho SELinux l Permissive.
setenforce 0
thay i ny c nh, ta phi thay i cu hnh ca SELinux ti
/etc/selinux/config v khi ng li.
Thay v phi v hiu ha SELinux hoc chuyn n sang ch Permissive, ta c th
dng cc lnh sau chy CGIs ca Nagios di ch Enforcing:
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/
ng nhp vo giao din Web ca Nagios
By gi ta c th ng nhp vo giao din web ca Nagios vi ti khon
nagiosadmin v mt khu c thit lp lc u ti a ch:
http://localhost/nagios/
Ti y l thnh cng trong vic ci t phn mm Nagios.
Trang 80
Cc bc tin hnh
C mt vi qu trnh cn thc hin tin hnh gim st mt my Windows
l:
Kim tra cc yu cu.
Ci t agent trn my Windows.
To mt host v mt nh ngha service gim st my Windows.
Khi ng li tin trnh nagios cp nht thay i.
Yu cu
cu hnh Nagios gim st mt my tnh Windows ta cn cu hnh cc thng tin
sau:
Chnh sa tp tin cu hnh Nagios:
vi /usr/local/nagios/etc/nagios.cfg
B k t # dng sau:
#cfg_file=/usr/local/nagios/etc/objects/windows.cfg
Lu tp tin v thot.
Cng vic va lm cu hnh cho Nagios bit c cc thng tin trong tp tin
/usr/local/nagios/etc/objects l ni thm cc thng tin v my windows v cc
dch v cn gim st.
Ci t Agent trn Windows
Trc khi tin hnh gim st ta cn ci t agent trn Windows. y ta s
dng NSClient++ c th tm thy ti: http://nsclient.org/nscp/downloads
Ti
phin
bn
NSClient++
mi
http://nsclient.org/nscp/downloads
Gii nn tp tin ti v th mc C:\NSClient++
M ca s Command Prompt
G lnh sau ci t NSClient++:
Trang 82
nht
ti:
o nsclient++ /install
Bt biu tng NSClient++ trn thanh menu h thng
o nsclient++ SysTray
Bt trnh qun l dch v ca NSClient++ m bo cho php
truyn thng gia Nagios Server v my Windows.
windows-server
host_name
Sample Client
alias
My Windows Server
address
10.0.4.11
}
By gi ta s nh ngha cc dch v cn gim st trn my Windows
Theo di phin bn ca NSClient++. iu ny rt hu ch cho vic cn kim tra
nng cp phin bn NSClient++ khi cn thit:
define service{
use
generic-service
host_name
Sample Client
service_description
NSClient++ Version
check_command
check_nt!CLIENTVERSION
}
Gim st thi gian hot ng ca my Windows
Trang 84
define service{
use
generic-service
host_name
Sample Client
service_description
Uptime
check_command
check_nt!UPTIME
}
Gim st ti ca CPU v cu hnh Nagios bt cnh bo l WARNING nu ti ln
hn 80% trong 5 pht v CRITICAL nu ti ln hn 90% trong 5 pht.
define service{
use
generic-service
host_name
Sample Client
service_description
CPU Load
check_command
check_nt!CPULOAD!-l 5,80,90
}
nh ngha dch v gim st dung lng s dng ca b nh. WARNING nu s
dng trn 80% v CRITICAL nu s dng trn 90%
define service{
use
generic-service
host_name
Sample Client
service_description
Memory Usage
check_command
check_nt!MEMUSE!-w 80 -c 90
}
Gim st dung lng a C. Bt cnh bo WARNING khi s dng trn 80% dung
lng a cng v CRITICAL khi dng trn 90%.
define service{
Trang 85
use
generic-service
host_name
Sample Client
service_description
check_command
check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
nh ngha dch v gim st tin trnh Explorer.exe v bt CRITICAL nu tin trnh
ny khng chy.
define service{
use
generic-service
host_name
Sample Client
service_description
Explorer
check_command
check_nt!PROCSTATE!-d
SHOWALL
-l
Explorer.exe
}
Hin th tt c cc tin trnh ang chy
define service{
use
generic-service
hostgroup_name
windows-servers
service_description
Process
check_command
}
l mt vi dch v gim st my Windows c bn. Ta lu li tp tin cu hnh
Mt khu
Nu c cu hnh mt khu trong NSClient++ Windows, cn sa i lnh check_nt
cho php mt khu. M tp tin commands.cfg chnh sa.
Trang 86
vi /usr/local/nagios/etc/objects/commands.cfg
Thay i nh ngha ca lnh check_nt cho php mt khu vi ty chn s <mt
khu>
define command{
command_name check_nt
command_line
Trang 87
Khi qut
Gim st cc thit b router v swich c th c n gin ha ty thuc vo
loi thit b v thng tin cn gim st.
Switch v router c th c theo di d dng bi lnh ping xc nh
n nh ca ng truyn. Nu thit b h tr SNMP ta c th gim st nhiu thng
tin hn.
Lnh check_snmp ch hot ng khi h thng c ci t cc gi ng dng
net_snmp v net_snmp_utils. Nu cc ng dng ny cha c ci t th hy ci
chng trc v ci li cc plugin ca nagios.
Cc bc tin hnh
Cn tin hnh cc bc sau gim st thit b:
Kim tra cc yu cu.
To mt host v mt nh ngha service gim st my Router v
Switch
Khi ng li tin trnh nagios cp nht thay i.
Yu cu
cu hnh Nagios gim st mt router hay switch ta cn cu hnh cc thng
tin sau:
Chnh sa tp tin cu hnh Nagios:
vi /usr/local/nagios/etc/nagios.cfg
B k t # dng sau:
#cfg_file=/usr/local/nagios/etc/objects/switch.cfg
Lu tp tin v thot.
Cng vic va lm cu hnh cho Nagios bit c cc thng tin trong tp tin
/usr/local/nagios/etc/objects l ni thm cc thng tin v router hoc switch cng
cc dch v cn gim st.
Trang 89
Cu hnh Nagios
Ta cu hnh Nagios gim st switch Dalat-CoreSW-1 nh sau:
By gi ta s nh ngha cc object definitions trong tp tin cu hnh gim st
mt my router hoc switch mi
M tp tin switch.cfg
vi /usr/local/nagios/etc/objects/switch.cfg
Thm mt nh ngha mi cho router hoc switch tin hnh gim st. Thay i
cc thng tin nh host_name, alias, address thch hp:
define host{
use
generic-switch
host_name
Dalat-CoreSW-1
alias
address
hostgroups
10.0.255.1
Dalat Switch Core
}
Gim st cc dch v
gim st cc dch v ta tin hnh nh ngha cc dch v trong tp tin switch.cfg
Gim st cc gi d liu b mt v RTA
Thm nh ngha dch v sau theo di cc gi d liu b mt v thi gian
gi trung bnh gia Nagios server v host cn gim st mi 5 pht trong iu kin
bnh thng.
define service{
use
generic-service
host_name
Dalat-CoreSW-1
Trang 90
service_description PING
check_command
check_ping!200.0,20%!600.0,60%
normal_check_interval
retry_check_interval
}
ngha ca dch v:
OK nu RTA b hn 200ms v d liu b mt b hn 20%
Bt cnh bo WARNING nu RTA ln hn 200 ms hoc mt hn
20% d liu.
Nagios s thng bo CRITICAL nu RTA ln hn 600 milisecond
hoc mt hn 60% gi d liu.
Gim st thng tin trng thi bng SNMP
Nu router hoc switch h tr SNMP th c th theo di nhiu thng tin bng
giao thc ny.
Gim st thi gian hot ng:
define service{
use
generic-service
host_name
Dalat-CoreSW-1
service_description Uptime
check_command
}
Trong cu lnh check_snmp th ty chn C public l chui community v
sysUpTime.0 l ch ra OID cn c kim tra.
Nu mun kim tra trng thi ca cng trn router hoc switch ta nh ngha dch v
sau:
define service{
Trang 91
use
generic-service
host_name
Dalat-CoreSW-1
1 -m RFC1213-MIB
}
Trong v d trn th ty chn o ifOperStatus.1 ch ra kim tra trng thi
cng 1. Gi tr -r 1 ch ra kt qu tr v l OK nu trng thi l hot ng v
CRITICAL nu khng tm thy gi tr cng 1. Ty chn m RFC1213-MIB ch cho
check_snmp bit ch ti thng tin ca RFC1213-MIB thay v tt c cc MIB trn h
thng, iu ny gip tc kim tra nhanh hn.
Gim st cc interface trn router v switch
Dng plugin check_interface_table gim st tt c cc inerface trn router
hay switch. Ta khai bo plugin trong commands.cfg nh sau
define command{
command_name
check_interface_table
command_line
$USER1$/check_interface_table.pl -H
generic-service
hostgroup_name
Dalat-CoreSW-1
service_description
Interface Table
check_command
check_interface_table
Trang 92
max_check_attempts
normal_check_interval
retry_check_interval
}
Khai bo trn s tr v gi tr l mt bng tt cc cc interface trn router hay switch
check_temp
command_line
$USER1$/check_catalyst_temp.pl -s $HOSTADDRESS$
generic-service
hostgroup_name
Dalat-CoreSW-1
service_description
Temp
Trang 93
check_command
check_temp!70!80
max_check_attempts
normal_check_interval
retry_check_interval
}
Dch v trn s tin hnh kim tra nhit v sinh cnh bo WARNING nu
nhit ln hn 70 v CRITICAL nu nhit ln hn 80
Gim st ti
Dng plugin check_snmp_cisco_loadavg vi khai bo trong commands.cfg
nh sau
define command{
command_name
check_load
command_line
$USER1$/check_snmp_cisco_loadavg
generic-service
hostgroup_name
Dalat-CoreSW-1
service_description
CPU Load
check_command
check_load!70!80
max_check_attempts
normal_check_interval
retry_check_interval
Trang 94
-H
Dch v trn s tin hnh kim tra ti CPU v sinh cnh bo WARNING nu ti ln
hn 70% v CRITICAL nu ti ln hn 80%
Gim st tnh trng b nh
S dng plugin check_catalyst_mem gim st dung lng b nh ang
c s dng vi khai bo trong commands.cfg nh sau
define command{
command_name
check_mem
command_line
$USER1$/check_catalyst_mem.pl -s $HOSTADDRESS$
generic-service
host_name
Dalat-CoreSW-1
service_description
Memory
check_command
check_mem!20%!10%
max_check_attempts
normal_check_interval
retry_check_interval
}
Lu li tp tin switch.cfg
generic-host
host_name
DNS Server
Trang 97
alias
Application Server
address
hostgroups
10.0.4.12
allhosts
}
define host{
use
generic-host
host_name
Web Server
alias
Application Server
address
hostgroups
10.0.3.11
allhosts
check_http
command_name
check_http
command_line
$USER1$/check_http
$HOSTADDRESS$ $ARG1$
Trang 98
-I
}
Mt khai bo n gin gim st dch v HTTP trn Web Server s nh sau:
define service{
use
generic-service
host_name
Web Server
service_description HTTP
check_command
check_http
}
y l mt nh ngha n gin gim st dch v HTTP trn Web Server.
Nagios s cnh bo nu my ch web khng hi bo trong vng 10s hoc c th tr
v m li HTTP nh 403, 404,..
Mt khai bo khc ca check_http cho vic gim st dch v HTTP nh bn
di. Dch v ny c nh ngha kim tra xem ng dn
/download/index.php c cha chui latest-version.tar.gz hay khng. Nagios s
bt cnh bo nu khng cha chui trn hoc my ch khng hi bo trong 5s.
define service{
use
generic-service
host_name
Web Server
check_http!-u /download/index.php -t 5 -s
"latest-version.tar.gz"
}
Gim st FTP
Trang 99
check_ftp
command_line
$USER1$/check_ftp
-H
$HOSTADDRESS$
$ARG1$
}
Mt nh ngha n gin theo di dch v FTP trn my remotehost nh sau:
define service{
use
generic-service
host_name
Sample Server
service_description FTP
check_command
check_ftp
}
nh ngha dch v ny s gim st dch v FTP v to cnh bo nu my
ch FTP khng hi bo trong vng 10s.
Mt khai bo khc cho dch v FTP nh bn di. ngha ca khai bo ny
l Nagios s kim tra FTP trn cng 1023 ca my remotehost. Nagios s to cnh
bo nu my ch FTP khng hi bo trong vng 5s hoc my ch hi bo khng
cha chui Pure-FTPd [TLS]
define service{
use
generic-service
host_name
Sample Server
[TLS]"
Trang 100
}
Gim st SSH
Dng plugin check_ssh gim st dch v ny. Lnh check_ssh c nh
ngha trong commands.cfg nh sau:
define command{
command_name
check_ssh
command_line
$USER1$/check_ssh
$ARG1$
$HOSTADDRESS$
}
Mt khai bo kim tra dch v SSH n gin:
define service{
use
generic-service
host_name
Sample Server
service_description SSH
check_command
check_ssh
}
Nagios s sinh cnh bo nu khng c hi p trong vng 10s.
Khai bo di y s kim tra dch v SSH v sinh cnh bo nu my ch khng
hi bo trong vng 5s hoc trong phin bn ca SSH khng cha chui
OpenSSH_4.2
define service{
use
generic-service
host_name
Sample Server
check_ssh!-t 5 -r "OpenSSH_4.2"
Trang 101
}
Gim st SMTP
Dng plugin check_smtp gim st dch v ny. Lnh check_smtp c
nh ngha trong commands.cfg nh sau:
define command{
command_name
check_smtp
command_line
$USER1$/check_smtp
-H
$HOSTADDRESS$
$ARG1$
}
Mt khai bo dch v n gin ca smtp:
define service{
use
generic-service
host_name
Sample Server
service_description SMTP
check_command
check_smtp
}
Nagios s sinh cnh bo nu my ch SMTP khng hi bo trong vng 10s.
Khai bo sau s lm cho Nagios sinh cnh bo nu my ch SMTP khng hi bo
trong 5s hoc hi bo t my ch khng cha chui mygreatmailserver.com
define service{
use
generic-service
host_name
Sample Server
check_smtp!-t
"mygreatmailserver.com"
Trang 102
-e
check_dns
command_line
$USER1$/check_dns -s $HOSTADDRESS$ -H
generic-service
host_name
DNS Server
service_description DNS
check_command
check_dns!www.dlu.edu.vn!10.0.3.11!15!
25
}
Vi nh ngha dch v trn Nagios s kim tra my ch DNS Server vi
Host Name www.dlu.edu.vn c phi a ch 10.0.3.11 khng. Nu khng s sinh
cnh bo CRITICAL hoc nu DNS Server khng hi bo trong 15s s sinh cnh
bo WARNING v CRITICAL nu khng hi bo trong 25s.
Khi ng li Nagios
Trang 103
Trang 104
Trang 105
Trang 106
Trang 107
Trang 109
Cc thng tin tng qut v tnh trng hot ng ca Nagios: hin th thng tin chung
ca Nagios Server, cc dch v kim tra ch ng, cc dch v kim tra b ng, cc
thit b kim tra ch ng, cc thit b kim tra b ng
Trang 110
Trang 111
Cu hnh DNS
Trang 114
Chn submit.
1.22.2. Cu hnh cc thit b giao tip vi CS-MARS
1.22.2.1 Cisco IOS 12.2:
y ta s cu hnh mu mt thit b chy IOS 12.2 ca Cisco l DalatCoreSW-1 nh sau:
Config IOS:
Bt telnet.
Bt ssh.
Gi syslog n CS-MARS.
Router(config)# logging trap
Router(config)# logging 10.0.5.10
Cu hnh SNMP RO:
Router(config)# snmp-server community <community string> RO <ACL
name if required>
Cu hnh CS-MARS:
Chn Admin Security and Monitor Devices Add
Chn Cisco IOS 12.2
Trang 116
Trang 117
Chn Submit
Hinh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2
1.22.2.3 Cisco IPS 5.0 .
Cu hnh IPS:
Trang 118
Trang 119
Trang 121
Kim tra li :
Enable SYSLOG header.
Automatically set audit config
Automatically set file system audit config
Chn OK
i my Windows l domain:
Trn Domain Controller, chn Administrator Tools Default Domain Security
Policy Security Setting Local Policies User Rights Management
Manage auditing and security log.
Cu hnh Audit Policy.
i vi Windows 2003
Administratoive Tools Local Security Policy Local Policies.
User Rights Assignment, kim tra rng Manage Auditing and Security log c cp
cho user account ly bng event log
Trang 123
Trang 124
Trang 125
Trang 126
Cu hnh SnareIIS
Trang 127
Trang 128
Trang 129
Cc min a ch trn ton b h thng c CS-MARS t ng d tm ra: CSMARS c chc nng t ng khm ph ton b h thng, t s sinh ra cc
min a ch trn ton b h thng.
Trang 130
Trang 131
Ni Dung
Nagios Core
CS-MARS
Trin khai
Kin trc m
rng
Trang 132
K thut
Qun l tp
trung
gim st ton b h
thng mt cch tp
trung thng qua giao
din web.
Gim st ton
din
thng. Ngoi ra cn
tng thch vi cc
thit b chuyn dng
Trang 133
khc.
Cung cp cc cnh bo Cung cp cnh bo cho
Kh nng cnh
bo
qua
Email,
syslog.
Giao din qun
l
sut gii
php
Trang 134
Bo tr
Chi ph
phin
ngun m.
bn
Trang 135
cc chnh sch h tr cng nh gip cho vic trin khai nu ta s dng phin bn
min ph.
1.25. nh gi h thng gim st trin khai da trn CS-MARS
CS-MARS l mt thit b phn cng chuyn dng vi kh nng gim st, thu
thp, phn loi, phn tch d liu u vo rt mnh. CS-MARS thu thp tt c cc
s kin dng th. Phn loi cc s kin theo lung d liu qua cc thit b khc
nhau. To cc quy tc kim tra cc s kin bt thng. Sau tng hp cc thng
tin ny a ra nh gi chnh xc nht v tnh trng h thng v hin th cc
thng tin ny thnh cc biu , truy vn, bo co, thng bo. Ngoi ra n cn ng
vai tr l trung tm lu tr cc s kin c gi t cc thit b khc. Do l mt thit
b phn cng chuyn dng nn CS-MARS c kh nng giao tip, tng thch vi
cc thit b gim st, bo v chuyn dng khc nh IPS, IDS, FirewallNh cc
thng tin ny ta c th pht hin c nhng s kin bt thng, qua tm cch
khc phc hiu qu nht trong thi gian sm nht gip cho h thng hot ng
thng sut, hiu qu.
1.26. Tng kt
Vi cc chng trnh gim st h thng m ngun m nh hin nay ch p
ng c mt phn cc nhu cu cho vic gim st, theo di ton b mi trng
mng phc tp. Bn cnh cc thit b chuyn dng th p ng kh tt cc nhu
cu ny nhng chi ph cho vic trin khai li kh cao, ch ph hp vi cc h thng,
doanh nghip, t chc ln.
Vic trin khai mt h thng gim st cn da trn cc tiu ch nh: ln
ca h thng, cc chc nng m rng, chi ph cho cp cho vic trin khai h thng
gim st
Ty theo h thng ca tng t chc, doanh nghip, n v khc nhau m ta
trin khai h thng gim st cho ph hp.
KT LUN V HNG PHT TRIN
Kha lun nghin cu, trin khai v hon thnh nhng vn sau:
Trang 136
L thuyt
V vn gim st: kha lun i su phn tch v gim st h thng
v tm quan trng ca vic gim st h thng trong mi trng mng.
V giao thc qun l mng: kha lun trnh by rt k v giao thc
qun l mng n gin (Simple Network Management Protocol) bao gm:
khi nim giao thc qun l mng, cc thnh phn trong giao thc qun l
mng, v cch hot ng ca giao thc qun l mng.
Thc nghim
Kha lun a ra m hnh trin khai v trnh by ton b cc bc cu hnh cc h
thng gim st theo m hnh trin khai ra.
Nhng kt qu t c
C cc kin thc v gim st h thng, cc giao thc qun l mng.
Trin khai thnh cng m hnh gim st h thng bng cc thit b v
phn mm khc nhau.
C th cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS,
Windows, Linux phc v cho qu trnh gim st.
Tch ly kinh nghim trong vic cu hnh cc cng ngh trn.
Hng pht trin
Tch hp cc gii php gim st khc vo h thng gim st Nagios
c sn nhm ti u ha h thng ny.
Nng cp thit b CS-MARS tng cng kh nng x l pht hin,
x l cc s c trn h thng.
Trang 137
Trang 138
[1]
www.cisco.com
[2]
www.ciscopress.com
[3]
www.vnpro.org
[4]
www.nagios.com
[5]
www.cio.com
[6]
www.exchange.nagios.org
[7]
www.monitoringexchange.org
Trang 139