You are on page 1of 133

1.

Mc tiu ti: Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h thng mng. 2. Ni Dung Ti: Tm hiu giao thc qun l mng. Nghin cu cc chng trnh gim st h thng, dch v, hiu sut mng da trn m ngun m. Tm kim gii php gim st mng ti u. Trin khai m hnh gim st h thng mng. 3. Phn mm v cng c s dng: Nagios CentOS CS-MARS 4. D kin kt qu: da trn kt qu nghin cu a ra thit k v trin khai mt m hnh gim st h thng mng ti u. 5. Ti liu tham kho chnh:

[1]

Douglas Mauro & Kevin Schmidt, Essential SNMP, OReilly,

Sebastopol, CA 95472, 2001.

[2]

Max Schubert & Derrick Bennett & Jonathan Gines & Andrew Hay &

John Strand, Nagios 3 Enterprise Network Monitoring Including Plug-Ins and Hardware Devices, Syngress Publishing, Burlington, MA 01803, 2008.

[3]

Woflgang Barth, Nagios System and Network Monitoring,

William Pollock, CA, 2006.

[4]

Americans Headquarters, Cisco Security MARS Initial Configuration

and Upgrade Guide, Release 6.x, Cisco System, Inc, San Jose, 2009.

[5]

Gary Halleen & Greg Kellogg, Security Monitoring with Cisco

Security MARS, Cisco Press, Indianapolis, 2007.

[6]

Augusto Ciuffoletti & Michalis Polychronakis, Architecture of a

Network Monitoring Element, 15th IEEE, 2006 Lt, ngy 11 thng 10 nm 2010 Gio vin hng dn (K tn) SV Thc hin (K tn)

Trng khoa (K tn)

T trng B mn (K tn)

MC LC
TM TT KHA LUN......................................................................................................8 LI M U....................................................................................................................10 CHNG 1. TNG QUAN V TM QUAN TRNG CA VIC GIM ST H THNG12 1.1. Gii thiu...................................................................................................12 1.2. Hiu bit v h thng.................................................................................13 1.3. Cn phi gim st nhng g v ti sao......................................................14 1.4. Nhng yu t cn thit cho mt h thng gim st...................................17 1.5. Tng kt....................................................................................................17 CHNG 2. GIAO THC QUN L MNG N GIN.................................................18 1.6. SNMP l g?..............................................................................................18 1.6.1. Qun l v gim st mng..................................................................18 1.6.2. RFCs v cc phin bn SNMP............................................................19 1.6.3. Managers v Agents...........................................................................20 1.6.4. Structure of Management Information v MIBS...................................21 1.6.5. Qun l my trm................................................................................22

1.7. Chi tit v SNMP.......................................................................................22 1.7.1. SNMP v UDP....................................................................................22 1.7.2. SNMP Communities............................................................................25 1.7.3. Structure of Management Information (SMI).......................................26 1.7.4. SMI version 2......................................................................................30 1.7.5. Chi tit v MIB-II.................................................................................33 1.7.6. Hot ng ca SNMP.........................................................................35 1.8. Tng kt....................................................................................................47 CHNG 3. PHN MM GIM ST NAGIOS CORE.....................................................48 1.9. Gii thiu...................................................................................................48 1.9.1. Li ch ca vic gim st ti nguyn...................................................49 1.9.2. Cc chc nng chnh..........................................................................51 1.9.3. Trng thi tm thi v c nh.............................................................53 1.10. Tng kt..................................................................................................54 CHNG 4 . CISCO SECURITY MONITORING, ANALYSIS, AND RESPONSE SYSTEM .........................................................................................................................................54 1.11. H thng gim thiu mi e da an ninh.................................................55 1.12. M hnh ha v tnh trc quan.................................................................55 1.13. H thng bo co quy tc mnh...........................................................56 1.14. Cnh bo v gim thiu nguy c.............................................................56 1.15. M t cc thut ng trong CS-MARS......................................................56 1.15.1. S kin (Event).................................................................................56 1.15.2. Phin (Session).................................................................................57 1.15.3. Quy tc (Rules).................................................................................57 1.15.4. S c (Incident)................................................................................58 1.15.5. False Positive....................................................................................58 1.16. S gim nh ri ro...................................................................................59 1.17. Giao din ngi dng ca CS-MARS......................................................59 1.18. Tng kt..................................................................................................59 CHNG 5. TRIN KHAI V NH GI H THNG GIM ST.................................60 1.19. M hnh trin khai....................................................................................60 1.20. Gii thiu m hnh...................................................................................60 1.21. Nagios.....................................................................................................61 1.21.1. Ci t...............................................................................................61

1.21.2. Cu hnh Nagios...............................................................................75 1.21.3. Kt qu gim st h thng ca Nagios............................................100 1.22. Cu hnh CS-MARS v cc thit b gim st.........................................106 1.22.1. Cu hnh CS-MARS........................................................................107 1.22.2. Cu hnh cc thit b giao tip vi CS-MARS.............................110 1.22.3. Kt qu gim st ca h thng CS-MARS......................................123 1.23. So snh hai h thng Nagios v CS-MARS...........................................126 1.24. nh gi h thng gim st trin khai da trn Nagios.........................129 1.25. nh gi h thng gim st trin khai da trn CS-MARS....................130 1.26. Tng kt................................................................................................130 THUT NG VIT TT & K HIU...............................................................................132 TI LIU THAM KHO...................................................................................................133

DANH MC CC HNH V
Hinh 2-1: M hnh hot ng gia NMS v Agent............................................................21 Hinh 2-2: M hnh trao i d liu gia NMS v Agent....................................................23 Hinh 2-3: S cy cc OID............................................................................................28 Hinh 2-4: S cc OID ca SMIv2.................................................................................31 Hinh 2-5: S chi tit OID..............................................................................................34 Hinh 2-6: M hnh hot ng ca SNMP..........................................................................36 Hinh 2-7: M hnh hot ng ca lnh get........................................................................36 Hinh 2-8: S ng i OID..........................................................................................39 Hinh 2-9: M hnh ly thng tin get-bulk...........................................................................40 Hinh 2-10: M hnh lnh set..............................................................................................41 Hinh 2-11: M hnh gi Trap t Agent..............................................................................44 Hinh 3-12: Cc i tng cn gim st trn Nagios.........................................................48 Hinh 3-13: V d m t s c............................................................................................52 Hinh 3-14: Kim tra trng thi...........................................................................................54 Hinh 5-15: M hnh trin khai............................................................................................60 Hinh 5-16 Giao tip gia Nagios v Windows..................................................................75 Hinh 5-17: Phn mm NSClient++....................................................................................77 Hinh 5-18: Thng tin cc dch v trn Sample Client........................................................82 Hinh 5-19: Thng tin v Sample Client.............................................................................82 Hinh 5-20: Bng Interface ca plugin check_interface......................................................87 Hinh 5-21: Thng tin trng thi Dalat-CoreSW-1..............................................................90 Hinh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1....................................................91 Hinh 5-23: Thng tin cc dch v trn DNS Server...........................................................98 Hinh 5-24: Thng tin trng thi DNS Server.....................................................................99 Hinh 5-25: Thng tin cc dch v trn Web Server............................................................99 Hinh 5-26: Thng tin trng thi Web Server....................................................................100 Hinh 5-27: Tnh trng h thng.......................................................................................101 Hinh 5-28: Danh sch cc thit b gim st.....................................................................101 Hinh 5-29: Danh sch cc dch v gim st....................................................................102 Hinh 5-30: Bo co v thit b Dalat-CoreSW-1..............................................................102 Hinh 5-31: Phn loi thit b theo nhm..........................................................................103 Hinh 5-32: Cc vn ca thit b gim st...................................................................103

Hinh 5-33: Cc cnh bo ca thit b..............................................................................104 Hinh 5-34: Tnh trng ca Nagios Server........................................................................105 Hinh 5-35: Cc cnh bo c sinh ra...........................................................................106 Hinh 5-36: Giao din ng nhp CS-MARS....................................................................107 Hinh 5-37: Cu hnh tn v IP cho CS-MARS.................................................................107 Hinh 5-38: Cu hnh DNS...............................................................................................108 Hinh 5-39: Cc mc hot ng ca CS-MARS...............................................................108 Hinh 5-40: Danh sch cc thit b h tr bi CS-MARS.................................................109 Hinh 5-41: Phn in thng tin cho thit b.....................................................................109 Hinh 5-42: Thng tin cu cu hnh cho Cisco IOS 12.2..................................................110 Hinh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2.......................................112 Hinh 5-44: Cu hnh cho IPS bt TLS v HTTP..............................................................112 Hinh 5-45: Cu hnh cho IPS cho php CS-MARS.........................................................113 Hinh 5-46: Cu hnh cho IPS..........................................................................................114 Hinh 5-47: Cu hnh cho ASA 7.0...................................................................................115 Hinh 5-48: Cu hnh Snare.............................................................................................116 Hinh 5-49: Cu hnh SNARE 2.......................................................................................116 Hinh 5-50: Cu hnh Local Security Settings..................................................................118 Hinh 5-51: Cu hnh cho my Windows..........................................................................119 Hinh 5-52: Cu hnh thng tin ng nhp cho my Windows.........................................120 Hinh 5-53: Cu hnh SnareIIS.........................................................................................121 Hinh 5-54: Cu hnh cho WebServer..............................................................................121 Hinh 5-55: Cu hnh thng tin cho log.............................................................................122 Hinh 5-56: Cu hnh cho log trn CS-MARS...................................................................122 Hinh 5-57: Danh sch cc thit b...................................................................................123 Hinh 5-58: Min a ch gim st.....................................................................................123 Hinh 5-59: Danh sch a ch t d tm...........................................................................124 Hinh 5-60: Cc quy tc trn CS-MARS...........................................................................124 Hinh 5-61: Cc bo co cn to trn CS-MARS.............................................................125 Hinh 5-62: S mng gim st....................................................................................125 Hinh 5-63: Bo co di dng th..............................................................................126

DANH SCH CC BNG BIU


Bang 1-1: Cc thit b v l do cn gim st.....................................................................15 Bang 2-2: Loi d liu ca trng SYNTAX.....................................................................30 Bang 2-3: Loi d liu trong SMIv2..................................................................................32 Bang 2-4: Cc trng d liu trong SMIv2.......................................................................32 Bang 2-5: Cc thng bo li trong SNMPv1.....................................................................42 Bang 2-6: Cc li trong SNMPv2......................................................................................44 Bang 2-7: Cc kiu Trap...................................................................................................46 Bang 5-8: So snh Nagios v CS-MARS........................................................................129

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

TM TT KHA LUN

VN NGHIN CU Tm hiu giao thc qun l mng Nghin cu cc chng trnh gim st h thng, dch v, hiu sut mng da trn m ngun m. Tm kim gii php gim st mng ti u. Trin khai m hnh gim st h thng mng. HNG TIP CN Nghin cu l thuyt cc giao thc qun l h thng mng nh Simple Network Management Protocol (SNMP). Trn c s l thuyt c c tin hnh nghin cu cc gii php gim st h thng khc nhau. ti c thc hin theo hng nghin cu h thng gim st bng m ngun m v tin hnh trin khai th nghim h thng gim st bng cc phn mm m ngun m trn h thng mng trng i hc Lt. Bn cnh tin hnh nghin cu h thng gim st bng cc thit b phn cng chuyn dng. ng thi trin khai th nghim h thng gim st bng cc thit b chuyn dng trn h thng mng trng i hc Lt. T vic trin khai hai h thng trn, rt ra kt lun v mi h thng v a ra nh gi v tng h thng da trn cc tiu ch khc nhau. B CC KHA LUN Chng 1: Tng quan v tm quan trng ca vic gim st h thng Chng ny trnh by v mc quan trng ca vic gim st h thng trong th gii hin ti. Nu ln nhng hiu bit v h thng mng. a ra cc mc tiu cn gim st v l do ti sao. ng thi cung cp thng tin v cc l do hng u cho vic ti sao cn thit phi trin khai mt h thng gim st. Chng ny cng a ra c nhng yu t cn thit cho mt h thng gim st ti u.
Trang 8

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chng 2: L thuyt SNMP Gii thiu cho ngi c giao thc SNMP l g, cc phin bn ca SNMP, cc yu t cn phi c trong giao thc SNMP. Bn cnh cng i su vo l thuyt SNMP, cung cp thng tin v nhng ni dung ca SNMP cng nh cch thc hot ng ca giao thc ny. Chng 3: Nagios Core Trnh by v phn mm m ngun m Nagios Core, li ch ca vic s dng Nagios Core, cc chc nng chnh ca phn mm, cch hot ng ca phn mm i vi h thng. Chng 4: CS-MARS Gii thiu v thit b CS-MARS. Trnh by cc chc nng chnh ca thit b, cc thut ng c s dng v cch hot ng ca thit b, cch lm vic ca thit b vi cc thit b khc trong h thng. ng thi nu cch gim st cc thit b, dch v trong h thng. Chng 5: Trin khai v nh gi a ra m hnh trin khai. T tin hnh ci t v cu hnh Nagios Core v CS-MARS tin hnh gim st trn m hnh ra. Sau khi trin khai v chy th nghim t rt ra c nh gi v u nhc im ca tng h thng. KT QU T C Trin khai thnh cng h thng gim st bng phn mm m ngun m Nagios Core. Trin khai thnh cng h thng gim st bng thit b phn cng chuyn dng ca Cisco CS-MARS. C cc kin thc v gim st h thng, cc giao thc qun l mng. Cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS, Windows, Linux phc v cho qu trnh gim st.

Trang 9

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

LI M U

TNH CP THIT CA TI Ngy nay, vi cc nhu cu ngy cng cao ca con ngi, khoa hc v cng ngh ngy cng pht trin p ng cc nhu cu . Trong mi t chc, mi doanh nghip u c c s h tng ring ca mnh, ch khc nhau quy m v cch t chc. Mi t chc, cc doanh nghip ngy cng mun pht trin tng li nhun, chnh v vy c s h tng ngy cng c nng cp m rng p ng cho cc hot ng . i km vi vic cng ngh pht trin l s m rng khng ngng v quy m v cht lng ca c s vt cht, ca h tng mng. Tt c cc t chc, cc doanh nghip u khc nhau, nhng s nh hng ca h thng mng i vi hot ng ca doanh nghip hu nh khng thay i. Thc t, khi doanh nghip pht trin, mng li pht trin khng ch v quy m v tnh phc tp, m cn trong ngha v gi tr. H tng mng cn c bit quan trong khi mi hot ng ca cc t chc, doanh nghip ph thuc hu ht vo chng. Mng li gim st i vi mng ca mt doanh nghip hay mt t chc l mt chc nng quan trng c th gip tit kim tin trong vic tng hiu sut mng, tng nng sut lao ng v gim chi ph c s h tng. Mt h thng gim st theo di h tng mt mng ni b xc nh cc vn . N c th tm kim v gip gii quyt cc s c ca cc thit b v hot ng ca ngi dng. Vi mt ngun ti nguyn quan trng th vic m bo cho ngun ti nguyn ny c th hot ng lin tc l mt vn thit yu. V y cng l mt thch thc bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi dch v, virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip dn ti vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh li ch thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin mnh, vi cng ngh mi, thit b mi, nn vic m bo cho h thng hot ng mt cch tri chy l v cng kh khn v quan trng.

Trang 10

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

L ngi qun tr th cn phi bit nhng g ang xy ra trn h thng ca mnh vo mi lc, bao gm thi gian thc. Nm bt mi thng tin lch s v s dng, hiu sut, v tnh trng ca tt c cc ng dng, thit b, v tt c d liu trn mng. Chnh v vy vic gim st h thng l mt cng vic v cng quan trng v cp thit i vi mi t chc, doanh nghip, c quan. NGHA KHOA HC V THC TIN ngha khoa hc o Cung cp l thuyt v gim st h thng. o Ch ra tm quan trng ca vic gim st h thng. o Cung cp ly thuyt v cc giao thc gim st. ngha thc tin o Ch ra cc u nhc im ca cc h thng gim st khc nhau. o a ra gii php gim st ti u cho mt h thng thch hp. MC CH NGHIN CU Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h thng mng. I TNG HNG N Tt c cc t chc, cc c quan, cc doanh nghip , ang v s p dng cng ngh thng tin cho cc hot ng ca mnh. PHM VI NGHIN CU Trong kha lun ny ch yu tp trung nghin cu cc vn sau: Tm hiu v gim st h thng. Trin khai cc h thng gim st khc nhau trn cng mt c s h tng ch ra u nhc im ca cc h thng gim st.
Trang 11

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 1. TNG QUAN V TM QUAN TRNG CA VIC GIM ST H THNG


1.1. Gii thiu Tt c cc t chc, cc doanh nghip u khc nhau, nhng s nh hng ca h thng mng i vi hot ng ca doanh nghip hu nh khng thay i. Thc t, khi doanh nghip pht trin, mng li pht trin khng ch v quy m v tnh phc tp, m cn trong ngha v gi tr. Rt nhanh chng, mng khng ch h tr cc cng ty, m n chnh l i din cho cng ty. iu ny l hin nhin i vi cc t chc m hot ng ca h ph thuc vo mng. Tuy nhin, cp c bn nht, mng c th xem nh l s hp tc, giao tip, v thng mi - tt c mi th m gi cho mt doanh nghip hot ng v pht trin. l ni cc ng dng kinh doanh c t chc, v l ni m cc thng tin quan trng ca khch hng, sn phm, v thng tin kinh doanh c lu tr. Vi mt ngun ti nguyn quan trng nh vy th vic m bo cho ngun ti nguyn ny c th hot ng lin tc l mt vn thit yu. V y cng l mt thch thc bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi dch v, virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip dn ti vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh li ch thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin mnh, vi cng ngh mi, thit b mi, v cc cu trc mi, chng hn nh o ha hay kin trc hng dch v. Qun l mng l mt lnh vc rng tch hp cc chc nng gim st thit b, qun l ng dng, an ninh, bo tr, dch v, x l s c, v cc nhim v khc s l l tng nu tt c cc cng vic c iu phi v gim st bi mt qun tr vin mng ng tin cy v c kinh nghim. Tuy nhin, ngay c nhng qun tr mng c kh nng hiu bit nht ch c c cc thng tin v h thng m c th nhn thy. Qun tr vin cn phi bit nhng g ang xy ra trn mng ca h vo mi lc, bao gm thi gian thc v thng tin lch s v s dng, hiu sut, v tnh trng ca tt c cc ng dng, thit b, v tt c d liu trn mng.
Trang 12

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

y l lnh vc gim st mng, l chc nng quan trng nht trong qun l mng. Cch duy nht bit c tt c mi th trn mng ang hot ng nh th no l phi gim st n lin tc. 1.2. Hiu bit v h thng Trong th gii hin ti chng ta c th khng khi b ng trc phc tp ca h thng mng. Cc thit b nh router, switch, hub kt ni v s cc my con n cc dch v trn my ch cng nh ra ngoi Internet. Thm vo l rt nhiu cc tin ch bo mt v truyn thng c ci t bao gm c tng la, mng ring o, cc dch v chng spam th v virus. S hiu bit v cu trc ca h thng cng nh c c kh nng cnh bo v h thng l mt yu t quan trng trong vic duy tr hiu sut cng nh tnh ton vn ca h thng. C hng ngn kh nng c th xy ra i vi mt h thng v qun tr vin phi m bo c rng cc nguy c xy ra c thng bo mt cch kp thi v chnh st. H thng mng khng cn l mt cu trc cc b ring r. N bao gm Internet, mng cc b (LAN), mng din rng (WAN), v tt c cc thit b, my ch, ng dng chy trn h thng . D cho php ngi dng truy cp v chia s thng tin, s dng cc ng dng, v giao tip vi nhau v vi th gii bn ngoi bao gm c ging ni, d liu, hoc hnh nh th v bn cht vn l mng li h thng. Mt h thng mng thng c ngi dng bn trong v bn ngoi, bao gm nhn vin, khch hng, i tc v cc bn lin quan. Ti u hiu sut mng nh hng n t chc theo cc cch khc nhau. V d, nu nhn vin khng th truy cp cc ng dng v thng tin m h cn dng lm vic th s nh hng n nng xut cng vic. Hoc khi khch hng khng th hon thnh giao dch trc tuyn, iu ny c ngha l mt doanh thu v nh hng ti uy tn ca t chc. Ngay c khi cc bn lin quan nh cc nh u t khng th tm kim, xem xt cc thng tin ca t chc cng gy nh hng ti t chc. Thc t l mng rt phc tp v d sai v mi thnh phn trong mng i din cho mt nguy c nh hng n h thng. cng l l do ti sao n cn thit phi c gim st gim thiu ti a cc nguy c tim tng. Tuy nhin khng
Trang 13

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

phi mi vn u c th c gii quyt mt cch ch ng trc bt k du hiu cnh bo no. Nhng nu ta c th gim st h thng trong thi gian thc th c th xc nh cc vn trc khi chng tr nn nguy him hn. V d, mt my ch b qu ti c th c thay th trc khi n b treo. iu ny s lm gim thiu cc nguy c i vi h thng v tng hiu sut lm vic ca h thng. Vi mt h thng gim st, ta s bit c tnh trng ca tt c cc thit b trn mng m khng cn phi kim tra mt cch c th tng thit b v cng nhanh chng xc nh chnh xc vn khi cn thit. 1.3. Cn phi gim st nhng g v ti sao i vi mt h thng mng, iu quan trng l c c thng tin chnh xc vo ng thi im. Tm quan trng chnh l nm bt thng tin trng thi ca thit b vo thi im hin ti, cng nh bit c thng tin v cc dch v, ng dng ca h thng. Bng sau y cha cc i din ca mt vi thng tin trng thi h thng m ta phi bit v l do ti sao. Cn gim st g Ti sao

Tnh sn sng ca cc thit b (router, y l nhng thnh phn ch cht gi switch, server,). cho mng hot ng.

Tnh sn sng ca cc dch v quan Ton b h thng khng c php trng trn h thng. ngng hot ng dn ti vic mt mt d liu hay email, hay cc dch v nh HTTP, FTP d ch l 1 gi cng c th nh hng nghim trng ti t chc. Dung lng a cn trng trn my ch. Cc ng dng i hi dung lng a. Chnh v vy cn gim st thng tin ny c th x l kp thi khng nh hng ti cc ng dng quan trng.

Trang 14

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Phn trm trung bnh mc ti ca cc Cn nng cp h thng trc khi xy ra router. qu ti dn ti nh hng h thng.

Mc trung bnh ti ca b nh v b x Nu b nh hay b x l b s dng ht l trn cc my ch quan trng. s lm ngng tr h thng.

Chc nng ca firewall, chng virus, Cn phi m bo an ninh cho h cp nht server, chng spyware, thng. malware. Lng d liu vo v ra ca router. Cn xc nh chnh xc thng tin lng d liu trnh qu ti h thng. Cc s kin c vit ra log nh C th thu c thng tin chnh xc cc WinEvent or Syslog. hin tng xy ra trong h thng.

SNMP traps nh l nhit trong Ta c th bit c thng tin v my in phng my ch hay thng tin my in. b h hng hay cn thay mc trc khi c ngi dng bo cng nh m bo my ch khng b qu nng. Bang 1-1: Cc thit b v l do cn gim st Khi c s c xy ra, ta cn phi c cnh bo ngay lp tc, hoc thng qua cc cnh bo bng m thanh, qua mn hnh hin th, qua email t ng c to ra bi chng trnh gim st. Ta bit cng sm nhng g ang din ra v c cng nhiu cc thng tin y trong cc cnh bo th cng sm c th khc phc cc s c . 10 l do hng u cho vic cn thit phi s dng h thng gim st mng: Bit c nhng g ang xy ra trn h thng: gii php gim st h thng cho php c thng bo tnh trng hot ng cng nh ti nguyn ca h thng. Nu khng c nhng chc nng ny ta phi i n khi ngi dng thng bo. Ln k hoch cho vic nng cp, sa cha: nu mt thit b ngng hot ng mt cch thng xuyn hay bng thng mng gn chm ti ngng th lc ny cn phi c s thay i trong h thng. H thng gim st

Trang 15

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

mng cho php ta bit c nhng thng tin ny c th c nhng thay i khi cn thit. Chn on cc vn mt cch nhanh chng: gi s my ch ca ta khng th kt ni ti c. Nu khng c h thng gim st ta khng th bit c nguyn nhn t u, my ch hay router hay cng c th l switch. Nu bit c chnh xc vn ta c th gii quyt mt cch nhanh chng. Xem xt nhng g ang hot ng: cc bo co bng ha c th gii thch tnh trng hot ng ca h thng. l nhng cng c rt tin li phc v cho qu trnh gim st. Bit c khi no cn p dng cc gii php sao lu phc hi: vi cc cnh bo cn thit ta nn sao lu d liu ca h thng phng trng hp h thng c th b h hi bt k lc no. Nu khng c h thng gim st ta khng th bit c vn xy ra khi qu tr. m bo h thng bo mt hot ng tt: cc t chc tn rt nhiu tin cho h thng bo mt. Nu khng c h thng gim st ta khng th bit h thng bo mt ca ta c hot ng nh mong i hay khng. Theo di hot ng ca cc ti nguyn dch v trn h thng: h thng gim st c th cung cp thng tin tnh trng cc dch v trn h thng, m bo ngi dng c th kt ni n ngun d liu. c thng bo v tnh trng ca h thng khp mi ni: rt nhiu cc ng dng gim st cung cp kh nng gim st v thng bo t xa ch cn c kt ni Internet. m bo h thng hot ng lin tc: nu t chc ca ta ph thuc nhiu vo h thng mng, th tt nht l ngi qun tr cn phi bit v x l cc vn trc khi s c nghim trng xy ra. Tit kim tin: vi tt c cc l do trn, ta c th gim thiu ti a thi gian h thng ngng hot ng, lm nh hng ti li nhun ca t chc v tit kim tin cho vic iu tra khi c s c xy ra.

Trang 16

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.4. Nhng yu t cn thit cho mt h thng gim st hiu c v h thng, ta cn mt gii php gim st c th cung cp cc thng tin quan trng trong thi gian thc v bt c u cng nh bt c thi im no. i vi cc doanh nghip, t chc th cn cc gii php n gin trin khai, s dng. Cn mt gii php vi kh nng ton din v ng tin cy. Nu mt doanh nghip yu cu tnh sn sng cao, th ta cn mt gii php tin cy c trin khai v chng minh l hot ng tt. Cn nh l chng ta cn gim st rt nhiu thit b trn h thng v phi thu thp rt nhiu thng tin lin quan. Chnh v vy cn mt gii php hin th thng nh bn mng, bo co d liu, cnh bo, s c. Bn cnh vic x l s c d dng hn, iu ny s gip ta tn dng mng li d liu hiu c cc xu hng trong vic s dng thit b, s dng mng, v dung lng mng tng th thit k hiu qu mng li h thng. Cnh bo l mt phn rt quan trng nhng cng cn c nhng cnh bo chnh xc vo nhng thi im thch hp. H thng gim st cn c kh nng truy cp t xa m bo cho vic gim st c th tin hnh ngay khi cn thit. Cui cng, chng ta cn mt h thng c th h tr nhiu phng php gim st trn cc thit b khc nhau. SNMP l mt cng ngh linh hot cho php qun l v gim st cc thit b khc nhau. Cn m bo rng h thng gim st ca ta c h tr giao thc ny. 1.5. Tng kt Trong th gii hin ti, vic thc hin trin khai mt h thng gim st ton b cc thit b mng l vic cp thit cho tt c cc doanh nghip, t chc. Vic trin khai h thng gim st nhm ti u ha h thng mng, tng cng an ninh mng, v c th gii quyt cc s c kp thi.

Trang 17

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 2. GIAO THC QUN L MNG N GIN


1.6. SNMP l g? Trong th gii hin ti vi mt mng li gm cc b nh tuyn (Router), b chuyn mch (Switch), my ch (Server) v cc my trm (Workstation), dng nh l mt vn kh khn cho vic qun l tt c cc thit b mng v m bo chng lm vic tt cng nh hot ng ti u. h tr cho qu trnh qun l qun l ngi ta cho pht trin giao thc qun tr mng n gin (Simple Network Management Protocol) vit tt l SNMP. SNMP c gii thiu vo nm 1988 p ng cho nhu cu ngy cng tng ca vic qun tr cc thit b s dng giao thc internet (Internet Protocol). SNMP cung cp mt tp cc lnh n gin cho php vic qun l cc thit b t xa. 1.6.1. Qun l v gim st mng Ct li ca SNMP l mt tp cc lnh n gin cho php ngi qun tr c kh nng thay i trng thi ca cc thit b c qun l. V d nh c th s dng SNMP tt mt cng trn router hay kim tra tc ca cng . SNMP c th gim st nhit ca cc thit b v cnh bo khi nhit qu cao. SNMP thng c kt hp vi qun l router nhng giao thc ny cn c th dng qun l nhiu loi thit b khc. Trong khi ngi tin nhim ca SNMP l Simple Gateway Management Protocol (SGMP) c pht trin qun l b nh tuyn th SNMP c th dng qun l cc h thng Linux, Windows, my in, modem v bt k thit b no c th chy phn mm cho php gi thng tin SNMP th c th c qun l. Mt kha cnh khc ca qun l l gim st, iu ny c ngha l theo di ton b mng. Gim st mng t xa (Remote Network Monitoring - RMON) c pht trin gip chng ta hiu chc nng ca mng cng nh cc thit b khc nh hng n ton b mng. RMON c th dng gim st lu lng mng LAN v c cc cng mng WAN.

Trang 18

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Trc v sau khi c SNMP Gi s chng ta c mt mng gm 100 my trm s dng cc h iu hnh khc nhau. Trong c cc my l my ch cha d liu, cc my khc th c kt ni vi my in, cn li l cc my trm c nhn. Thm vo l cc b nh tuyn v b chuyn mch. H thng mng c kt ni Internet. iu g xy ra khi mt trong cc my ch cha d liu ngng hot ng? Nu n xy ra vo gia tun th mi ngi c th thng bo cho ngi qun tr mng sa cha. Nhng nu n xy ra vo cui tun khi mi ngi v nh bao gm c qun tr mng th sao? l l do ti sao chng ta cn SNMP. Thay v phi c ai thng bo rng h thng c vn th SNMP cho php ta gim st h thng mt cch lin tc k c khi ta khng c . V d, SNMP s thng bo s gi tin b h ngy cng tng trn b nh tuyn c th x l trc khi vn nghim trng xy ra. Ta c th cu hnh c cnh bo t ng cc vn trong h thng mng ca mnh. 1.6.2. RFCs v cc phin bn SNMP T chc Internet Engineering Task Force (IETF) chu trch nhim cho vic nh ngha cc chun giao thc hot ng trong mi trng mng, bao gm c SNMP. IETF pht hnh cc ti liu Requests for Comments (RFCs) ch r cc giao thc tn ti trong mi trng IP. IETF cng b cc phin bn ca SNMP nh sau: SNMP Version 1 (SNMPv1) c nh ngha trong RFC 1157. Kh nng bo mt ca SNMPv1 da trn nguyn tc cng ng, cho php bt c ng dng no chy SNMP cng c th truy xut thng tin ca cc thit b chy SNMP khc. C 3 tiu chun l: read-only, read-write, v trap. SNMP Version 2 (SNMPv2): tnh bo mt ca phin bn ny da trn chui community. Do phin bn ny cn c gi l SNMPv2c v c nh ngha trong RFC 1905,1906,1907. SNMP Version 3 (SNMPv3): c nh ngha trong cc RFC 1905, 1906, 1907, 2571, 2572, 2573, 2574, v 2575. Phin bn ny h tr chc

Trang 19

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

thc mnh, cho php truyn thng ring t gia v c xc nhn gia cc thc th. 1.6.3. Managers v Agents Trong mi trng SNMP c 2 loi thc th l: managers v agents. Manager l mt my ch chy cc phn mm qun l. Managers thng thng c xem nh l Network Management Stations (NMSs). Mt NMS chu trch nhim cho vic Poll v nhn Traps t cc agent trong mng. Poll l mt hnh ng truy vn agent (router, switch, Unix server,) ly cc thng tin cn thit. Trap l cch agent thng bo cho NMS bit chuyn g xy ra. Trap khng c gi mt cch ng b ngha l n khng chu trch nhim hi bo cc truy vn ca NMS m ch thng bo khi c vn xy ra. V d, khi mt lin kt T1 ca router b mt kt ni, router c th gi mt Trap n NMS. Thc th th hai l Agent: l mt phn mm chy trn thit b mng cn qun l. N c th l mt chng trnh ring bit hoc cng c th c tch hp vo h iu hnh (v d nh Cisco IOS trn router hay mt h iu hnh cp thp qun l UPS-b tch in). Ngy nay, hu ht cc thit b hot ng da trn nn tng IP u i km vi cc phn mm SMNP agent gip ngi qun tr c th qun l thit b mt cch d dng. Agent cung cp thng tin cho NMS bng cch theo di cc hot ng ca thit b. V d, agent trn router theo di trng thi cc cng ca router. NMS c th truy vn trng thi ca cc cng ny v c hnh ng thch hp khi nu nh mt trong cc cng xy ra vn . Khi agent pht hin c vn xy ra trn thit b n c th gi trap n NMS. Mt vi thit b s gi hi bo all clear trap khi c s chuyn i t trng thi xu sang tt. iu ny cng c th c ch trong vic xc nh vn c gii quyt. Hnh bn di m t mi quan h gia NMS v Agent.

Trang 20

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-1: M hnh hot ng gia NMS v Agent iu quan trng cn phi xc nh r l Poll v Trap c th xy ra cng lc. Khng c hn ch no khi NMS truy vn Agent v Agent gi trap n NMS. 1.6.4. Structure of Management Information v MIBS Structure of Management Information (SMI) cung cp cch nh ngha cc i tng c qun l v hnh vi ca chng. Mt agent s hu mt danh sch cc i tng m n theo di (cc i tng c th l trng thi hot ca mt cng trn router hay dung lng cng my tnh). Danh sch ny nh ngha chung cc thng tin m NMS c th dng xc nh tnh trng ca thit b m agent tn ti. Management Information Base (MIB) c th xem ging nh l c s d liu ca cc i tng c qun l m agent theo di. Bt k tnh trng hay thng tin thng k no c th c truy cp bi NMS th c nh ngha trong mt MIB. SMI cung cp cch thc nh ngha i tng qun l, trong khi MIB l s nh ngha chnh xc i tng (dng c php ca SMI). Mt agent c th thc hin nhiu MIB nhng tt c cc agent u thc hin MIB c bit l MIB-II (RFC 1213). Mc nh chnh ca MIB-II l cung cp thng tin qun l chung ca TCP/IP. N khng bao gm tt c cc thng tin c bit m nh sn xut thit b mun qun l. Ngi ta cn qun l rt nhiu thit b v mi thit b c sn xut c cc tnh nng ring. l l do ti sao cho php nh sn xut v c nhn c php nh ngha MIB ca ring h. V d nh sn xut bn router mi. Agent tch hp bn trong router s hi p cc yu cu t NMS m c nh ngha chung trong MIB-II. Thm vo router s c thm cc chc nng

Trang 21

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

mi nhng khng c nh ngha trong bt k chun MIB no. Chnh v th nh sn xut phi nh ngha MIB ca ring h. 1.6.5. Qun l my trm Vic qun l cc ti nguyn ca my trm (nh dung lng a cng, b nh s dng) l mt phn quan trng trong vic qun l mng. Host Resources MIB nh ngha mt tp cc i tng gip cho vic qun l cc h thng Unix v Windows (tt c cc h thng chy SNMP agent u c th qun l khng ch ring Unix v Windows). 1.7. Chi tit v SNMP 1.7.1. SNMP v UDP SNMP s dng User Datagram Protocol (UDP) truyn ti d liu gia managers v agents. UDP, c nh ngha trong RFC 768, c chn s dng trong SNMP thay v Transmission Control Protocol (TCP) bi v n l giao thc phi kt ni, ngha l khng c kt ni im ti im gia agent v NMS khi d liu c truyn qua li. iu ny lm cho giao thc SNMP khng ng tin cy v khng c kh nng pht hin khi d liu b mt. Do SNMP phi c cch pht hin d liu truyn c b mt khng v truyn li d liu nu cn thit. n gin ch ph thuc vo thi gian ch. Khi NMS gi yu cu n agent v ch hi bo. Thi gian ch ca NMS ph thuc vo cu hnh ca ngi qun tr. Nu ht thi gian ch v NMS khng nhn c thng tin phn hi t agent n s gi li yu cu. S ln gi li cng ph thuc vo cu hnh ca ng dng SNMP. Dng nh khng quan trng khi SNMP s dng UDP lm giao thc truyn nhn d liu, nhng li gp kh khn khi agent gi trap cho NMS, v khng c cch no NMS bit chuyn g xy ra khi agent gi trap m trap li khng n c NMS v agent cng khng bit c cn phi gi li trap khng, do NMS khng gi li hi bo cho agent khi nhn c trap. Mt khc do UDP s dng t ti nguyn nn vic nh hng n hiu xut mng thp. SNMP tng c trin khai trn TCP nhng dng nh l mt mi trng khng thch hp do tnh hng kt ni ca giao thc ny.

Trang 22

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

SNMP dng cng UDP 161 gi v nhn yu cu, UDP 162 nhn trap. Tt c cc thit b s dng SNMP phi dng 2 cng mc nh ny, nhng mt vi nh sn xut cho php ta thay i cng trn cu hnh ca agent. Nu cu hnh mc nh b thay i, NMS phi thay i ph hp vi cu hnh trn agent.

Hinh 2-2: M hnh trao i d liu gia NMS v Agent Hnh trn m t m hnh TCP/IP, l m hnh c bn cho tt c cc qu trnh truyn thng TCP/IP. Ngy nay, tt c cc thit b mun tham gia vo qu trnh truyn thng trn Internet u phi tun theo b giao thc ny. Khi NMS hay agent mun thc hin truyn thng phi theo cc tun t sau:

Trang 23

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Application: u tin, ng dng SNMP (NMS hay agent) quyt nh phi lm g. V d, n c th gi mt yu cu SNMP n agent, gi hi p yu cu SNMP (c th c gi t agent), hay gi mt trap n NMS. Tng ng dng cung cp dch v cho ngi dng cui, chng hn nh ngi iu hnh yu cu thng tin trng thi ca mt cng trn switch. UDP: lp tip theo trong m hnh TCP/IP, UDP cho php 2 host truyn thng vi nhau. Ni dng ca UDP header cha nhiu thng tin, trong c cng ca thit b m n gi yu cu hay trap. Cng ch c th l 161 (truy vn) hoc 162 (trap). IP: lp IP c gng truyn cc gi SNMP ti a ch ch c yu cu. Medium Access Control (MAC): s kin cui cng phi xy ra cho mt gi SNMP c th n c ch l tng vt l, ni gi tin c nh tuyn truyn ti ch. Lp MAC bao gm phn cng v trnh iu khin thit b a d liu ti ch. Lp MAC cng chu trch nhim cho vic nhn gi tin t tng vt l v chuyn gi tin ln tng trn tip theo trong m hnh TCP/IP. c th d hiu ta s ly mt v d m t. Gi s ta mun gi th cho mt ngi bn xa mi ngi ti nh vo ma h ny. Bng cch quyt nh gi mt l th mi, ta thc hin ging nh mt chng trnh SNMP. in vo ba th a ch ca ngi nhn ging nh chc nng ca lp UDP l xc nh cng ch trong UDP header, trong trng hp ny l a ch ca ngi nhn. Dn tem v b vo thng th ngi a th ly i ging nh chc nng ca lp IP. Hnh ng cui cng khi ngi a th n v ly l th. T y l th c gi n ch, l hp th ca ngi bn. Lp MAC ca my tnh ging nh xe a th hay my bay mang th. Khi ngi bn nhn c th, ngi cng s thc hin mt qu trnh tng t nh vy hi p.Thng qua v d trn s l ta hnh dung cch thc gi tin c truyn.

Trang 24

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.7.2. SNMP Communities SNMPv1 v SNMPv2 s dng khi nim community thit lp s tin tng gia manager v agent. Mt agent c cu hnh vi 3 mc: read-only, readwrite, v trap. Tn community c th c xem nh mt khu. C 3 chui community kim sot cc loi hot ng khc nhau. Ging nh tn ca chng, ta c th thy, chui read-only ch cho php ta c gi tr ca d liu v khng cho php thay i cc gi tr . V d, cho php c s gi d liu truyn thng trn mt cng ca router nhng khng cho php ta xa hay thay i gi tr . Chui readwrite cho php c v thay i gi tr d liu. Cui cng, chui trap cho php nhn traps t agent. Hu ht cc nh sn xut bn thit b ca h trong chui community c gn mc nh, thng thng public ngha l read-only v private l read-write. Chng ta nn thay i gi tr mc nh ny trc khi s dng thit b m bo tnh bo mt cho truyn thng SNMP gia cc thit b. Khi cu hnh mt SNMP agent, ta s mun cu hnh a ch trap, l a ch m thit b s gi trap n. Thm vo , do chui community c gi dng bn r, ta nn cu hnh agent gi mt chng thc SNMP trap, khi c ai c gng truy vn thng tin thit b s khng bit c gi tr ca chui community nn khng th truy vn thnh cng. iu ny gip tng tnh bo mt h thng. Do bn cht ca chui community ging nh mt khu v th ta nn p dng cc quy tc t mt khu an ton: t khng c trong t in, di ln, kt hp k t hoa, thng, c bit Nh cp trn, chui community c gi di dng khng m ha nn rt d ngi khc bit c, do giao thc SNMPv3 c nhiu ci tin nhm tng tnh bo mt cho h thng trong qu trnh truyn thng gia cc thit b SNMP. C nhiu cch gim nguy c b tn cng. S dng tng la hay b lc gi tin c th gim thiu c hi ngi khc gy hi n h thng bng cch tn cng thng qua SNMP. V d, ta c th cho php truyn thng trn cng UDP 161 (truy vn SNMP) trong mng ch khi n n t a ch IP ca my NMS, tng t vi

Trang 25

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cng UDP 162 cho gi tin trap. Tng la khng th ngn chn 100% nguy c b tn cng, n ch gp phn gim thiu nguy c b tn cng cho h thng. iu quan trng cn bit l mt khi c ngi bit c chui community read-write trn cc thit b, ngi ny c th chim quyn iu khin cc thit b (nh thay i cu hnh ca router hay switch). C mt cch m bo chui community l s dng Virtual Private Network (VPN) m bo d liu c m ha khi truyn. Mt cc khc l thay i chui community thng xuyn (cch ny khng kh thi trong mi trng mng ln). Mt gii php n gin l vit mt Perl script thay i chui community trn thit b. 1.7.3. Structure of Management Information (SMI) Structure of Management Information Version 1 (SMIv1, RFC 1155) nh ngha mt cch chnh xc lm cch no qun l mt i tng c t tn v ch ra mi quan h gia chng. Structure of Management Information Version 2 (SMIv2, RFC 2578) cung cp phng thc ci tin cho SNMPv2. nh ngha ca cc i tng c qun l c th m t qua 3 thuc tnh sau: Name: hay cn gi l object identifier (OID), nh ngha duy nht mt i tng qun l. Tn thng xut hin di 2 dng: s v loi c th c (human readable). Trong c 2 dng trn, tn thng di v khng thun tin. Trong cc ng dng SNMP, c nhiu cch h tr cho vic c tn ny mt cch thun tin. SYNTAX: loi d liu ca i tng c qun l c nh ngha bng cch s mt tp cc k hiu Abstract Syntax Notation One (ASN.1). ASN.1 l phng php ch ra cch d liu c biu din v truyn gia manager v agent. Mt c im thun tin ca ASN.1 l cc k hiu c lp. iu ny c ngha cc h thng khc nhau u c th truyn thng SNMP vi nhau. Encoding: mt i tng qun l c m ha thnh 1 chui cc octets s dng Basic Encoding Rules (BER). BER nh ngha cch i tng

Trang 26

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

c m ha v gii m chng c th truyn thng qua mi trng Ethernet. 1.7.3.1 t tn OIDs Cc i tng qun l c t chc thnh cu trc dng cy. Cu trc ny l c s t tn cho cc i tng. Mt OID c to thnh bng 1 chui cc s nguyn da trn cc nt trn cy cu trc, c chia cch bi du chm (.). C mt hnh thc khc thun tin c hn l mt chui s l t tn trn tng nt ca cy. Hnh di m t vi cp ca cy i tng bt u t root node. Trong cy di, nu mt nt khng c nt con th gi l l, ngc li gi l nhnh. V d, bt u cy l root, di root c ccitt, iso v joint. Trong hnh minh ha, duy nht iso l nhnh, cn ccitt v joint l l. Trong v d, ta ch nhnh: iso(1).org(3).dod(6).internet(1)c OID l 1.3.6.1, Mi i tng qun l c 1 OID ring. Cc doanh nghip, c nhn c th nh ngha OID ca mnh bng cch ng k vi t chc IANA t chc ang qun l danh sch cc OID.

Trang 27

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-3: S cy cc OID 1.7.3.2 nh ngha OIDs Trong SMIv1 nh ngha mt OID ta cn khai bo cc thng tin sau: SYNTAX, ACCESS, STATUS, DESCRIPTION V d v mt khai bo OID: ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of interface entries. The number of entries is given by the value of ifNumber." ::= { interfaces 2 }

Trang 28

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Loi d liu ca trng SYNTAX trong SMIv1 c m t trong bng sau: Cc loi d liu ca SMIv1 Loi d liu M t L mt s 32-bit thng dng nh l loi d liu lit k trong cc i tng. V d: trng thi hot ng ca 1 Integer cng trn router 1: up, 2: down, 3: testing. Gi tr 0 khng c s dng nh l loi d liu lit k (theo RFC 1155). L mt chui cc s thng dng i din cho 1 Octet String chui text, thnh thong cng dng i din cho 1 chui a ch vt l. L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295). Khi n gi tr ti a, s ny tr v 0 v bt u li t Counter u. Thng dng theo di thng tin nh l s bit gi v nhn trn mt interface. Counter l mt s t tng v khng bao gi gim. Khi agent khi ng li th Counter cng tr v gi tr 0. L mt chui cc s h 10 cch nhau bng du chm (.) Object Identifier i din cho mt i tng trn cy i tng. V d: 1.3.6.1.4.1.9 i din cho OID ca Cisco. Null Sequence Hin ti khng s dng trn SNMP. nh ngha danh sch cha s 0 v cc loi d liu ASN.1 khc. nh ngha mt i tng c qun l m c to nn bi loi ASN.1. L mt s 32-bit i din cho a ch IPv4 . Cng ging nh IpAddress nhng cc th i din cho
Trang 29

Sequence of IpAddress NetworkAddress

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cc loi a ch mng khc. L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295). Khng ging nh Counter, Gauge c th tng v gim Gauge nhng n khng bao gi c th t n gi tr ti a. V d: tc ca interface trn router c th i din bng Gauge. L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295). Timeticks L gi tr o lng thi gian tnh bng phn trm giy. Gi tr uptime ca thit b c th i din bng loi d liu ny. Cho php bt truyn mt gi tr t do c kiu ty Opaque nhng c ng li thnh tng Octet String theo quy nh ca ASN.1 Bang 2-2: Loi d liu ca trng SYNTAX Mc ch ca cc loi d liu trn l nh ngha mt i tng c qun l. iu ny rt quan trng c v hiu tp tin MIB. 1.7.4. SMI version 2 SMIv2 l phin bn m rng ca SMI bng cch thm nhnh snmpV2 vo nhnh internet.

Trang 30

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-4: S cc OID ca SMIv2 OID cho nhnh mi l: 1.3.6.1.6.3.1.1 hay l iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects nh ngha ca cc i tng trong SMIv2 c mt t thay i so vi SMIv1. Do c th kim sot i tng tt hn. Cc kiu d liu mi trong SMIv2 Loi d liu Integer32 Counter32 Gauge32 Ging nh Integer Ging nh Counter Ging nh Gauge
Trang 31

M t

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Unsigned32 Counter64

C gi tr t 0 - 232-1 Ging nh Counter nhng c gi tr trong khong t 0264-1.

BITS

Kiu d liu lit k khng m dng bit Bang 2-3: Loi d liu trong SMIv2 Cc trng mi c thm vo trong SMIv2 c m t trong bng sau: Cc nh ngha ci tin trong SMIv2

nh ngha i tng UnitsParts

M t Mt m t nguyn vn dng i din cho i tng Tng ng vi trng ACCESS SMIv1. Cc gi

MAX-ACCESS

tr cho trng ny l: read-only, read-write, readcreate, not-accessible, v accessible-for-notify. Mt mnh m rng vi cc t kha nh: current (nh ngha ca object ang c hiu lc v ang c s dng), obsolete (nh ngha ny c v c th b i), v deprecated (nh ngha ny c v cc chun tip theo c th nh ngha li). current trong SMIv2 ging nh mandatory trong SMIv1. Trng ny cho php m rng mt bng bng cch

STATUS

AUGMENTS

thm mt hay nhiu ct i din cho cc i tng. Trng ny yu cu cn c tn ca bng c thm i tng. Bang 2-4: Cc trng d liu trong SMIv2

Trang 32

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.7.5. Chi tit v MIB-II MIB-II l mt nhm qun l rt quan trng v mi thit b h tr SNMP u phi h tr MIB-II. RFC1155 m t cch trnh by mt mib file nh th no ch khng nh ngha cc object. RFC1213 l mt chun nh ngha nhnh mib nm di iso.org.dod.internet.mgmt.mib-2 (tt nhin phi theo cu trc m RFC1155 quy nh). Chng ta s kho st mt phn RFC1213 hiu ngha ca mt s object trc khi dng cng c c chng. RFC1156 l c t mib chun cho cc thit b TCP/IP, c coi l InternetStandard Mib (mib version 1). RFC1213 l c t mib chun version 2, thng gi l mib-2. Ch phn bit mib-1 v mib-2 l cc chun c t nh ngha ca cc object, cn SMIv1 v SMIv2 l c t cu trc ca mib file. Mib-1 v mib-2 s dng cu trc ca SMIv1. Mib-2 l mt trong nhng mib c h tr rng ri nht. Nu mt thit b c tuyn b l c h tr SNMP th hng sn xut phi ch ra n h tr cc RFC no, v thng l RFC1213.

Trang 33

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-5: S chi tit OID MIB-II c 10 nhnh con c nh ngha trong RFC 1213, k tha t MIB-I trong RFC 1066. Mi nhnh c 1 chc nng ring. system (1.3.6.1.2.1.1) nh ngha mt danh sch cc i tng gn lin vi hot ng ca h thng nh: thi gian h thng khi ng ti by gi, thng tin lin lc ca h thng v tn ca h thng. interfaces (1.3.6.1.2.1.2) Lu gi trng thi ca cc interface trn mt thc th qun l. Theo di mt interface up hoc down, lu li cc octet gi v nhn, octet li hay b hy b. at (1.3.6.1.2.1.3) Nhm at (address translation) b phn i, n ch cung cp kh nng tng thch ngc. Nhm ny c b t MIB-III tr i.

Trang 34

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

ip (1.3.6.1.2.1.4) Lu gi nhiu thng tin lin quan ti giao thc IP, trong c phn nh tuyn IP. icmp (1.3.6.1.2.1.5) Lu cc thng tin nh gi ICMP li, hy. tcp (1.3.6.1.2.1.6) Lu cc thng tin khc dnh ring cho trng thi cc kt ni TCP nh: ng, lng nghe, bo gi udp (1.3.6.1.2.1.7) Tp hp cc thng tin thng k cho UDP, cc datagram vo v ra, egp (1.3.6.1.2.1.8) Lu cc tham s v EGP v bng EGP ln cn. Transmission (1.3.6.1.2.1.10) Khng c i tng no trong nhm ny, nhng n nh ngha cc mi trng c bit ca MIB. snmp (1.3.6.1.2.1.11) o lng s thc thi ca SNMP trn cc thc th qun l v lu cc thng tin nh s cc gi SNMP nhn v gi. 1.7.6. Hot ng ca SNMP Protocol Data Unit (PDU) l nh dng thng ip m manager v agent s dng gi v nhn thng tin. C mt nh dng chun PDU cho cc hot ng ca SNMP sau: Get Get-next Get-bulk (SNMPv2 v SNMPv3) Set Get-response Trap Notification (SNMPv2 v SNMPv3) Inform (SNMPv2 v SNMPv3) Report (SNMPv2 v SNMPv3)

Trang 35

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-6: M hnh hot ng ca SNMP 1.7.6.1 Get get: c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response:

Hinh 2-7: M hnh hot ng ca lnh get agent hiu c NMS cn tm thng tin g, n da vo mt mc trong get l variable binding hay varbind. Varbind l mt danh sch cc i tng
Trang 36

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

ca MIB m NMS mun ly t agent. Agent hiu cu hi theo dng: OID=value tm thng tin tr li. Cu hi truy vn cho trng hp trong hnh 2-7: $ snmpget cisco.ora.com public .1.3.6.1.2.1.1.6.0 system.sysLocation.0 = ""

y l mt cu lnh snmpget trn Unix. cisco.ora.com l tn ca thit b, public l chui ch y l yu cu ch c (read-only), .1.3.6.1.2.1.1.6.0 l OID. .1.3.6.1.2.1.1 ch ti nhm system trong MIB. .6 ch ti mt trng trong system l sysLocation. Trong cu lnh ny ta mun hi Cisco router rng vic nh v h thng c ci t cha. Cu tr li system.sysLocation.0 = "" tc l cha ci t. Cu tr li ca snmpget theo dng ca varbind: OID=value. Cn phn cui trong OID snmpget; .0 nm trong quy c ca MIB. Khi hi mt i tng trong MIB ta cn ch r 2 trng x.y, y l .6.0. x l OID thc t ca i tng. Cn .y c dng trong cc i tng c hng nh mt bng hiu hng no ca bng, vi trng hp i tng v hng nh trng hp ny y = 0. Cc hng trong bng c nh s t s 1 tr i. Cu lnh get hu ch trong vic truy vn mt i tng ring l trong MIB. Khi mun bit thng tin v nhiu i tng th get tn kh nhiu thi gian. Cu lnh get-next gii quyt c vn ny.

Trang 37

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.7.6.2

Get-next get-next: a ra mt dy cc lnh ly thng tin t mt nhm trong MIB.

Agent s ln lt tr li tt c cc i tng c trong cu truy vn ca get-next tng t nh get, cho n khi no ht cc i tng trong dy. V d ta dng lnh snmpwalk. snmpwalk tng t nh snmpget nhng khng ch ti mt i tng m ch ti mt nhnh no :

$snmpwalk cisco.ora.com public system system.sysDescr.0 = "Cisco Internetwork Operating System Software ..IOS (tm) 2500 Software (C2500-I-L), Version 11.2(5), RELEASE SOFTWARE (fc1)..Copyright (c) 1986-1997 by cisco Systems, Inc... Compiled Mon 31-Mar-97 19:53 by ckralik" system.sysObjectID.0 = OID: enterprises.9.1.19 system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23 system.sysContact.0 = "" system.sysName.0 = "cisco.ora.com" system.sysLocation.0 = "" system.sysServices.0 = 6

y ta mun ly thng tin ca nhm system, agent s gi tr ton b thng tin ca system theo yu cu. Qu trnh tm nhm system trong MIB thc hin theo cy t gc, n mt nt nu c nhiu nhnh th chn nhnh tm theo ch s ca nhnh t nh n ln:

Trang 38

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-8: S ng i OID 1.7.6.3 get-bulk get-bulk c nh ngha trong SNMPv2. N cho php ly thng tin qun l t nhiu phn trong bng. Dng get c th lm c iu ny. Tuy nhin, kch thc ca cu hi c th b gii hn bi agent. Khi nu n khng th tr li ton b yu cu, n gi tr mt thng ip li m khng c d liu. Vi trng hp dng cu lnh get-bulk, agent s gi cng nhiu tr li nu n c th. Do , vic tr li mt phn ca yu cu l c th xy ra. Hai trng cn khai bo trong get-bulk l: nonrepeaters v max-repetitions. nonrepeaters bo cho agent bit N i tng u tin c th tr li li nh mt cu lnh get n. max-repeaters bo cho agent bit cn c gng tng ln ti a M yu cu get-next cho cc i tng cn li:

Trang 39

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 2-9: M hnh ly thng tin get-bulk $ snmpbulkget -v2c -B 1 3 linux.ora.com public sysDescr ifInOctets ifOutOctets system.sysDescr.0 = "Linux linux 2.2.5-15 #3 Thu May 27 19:33:18 EDT 1999 i686" interfaces.ifTable.ifEntry.ifInOctets.1 = 70840 interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840 interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020 interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152 interfaces.ifTable.ifEntry.ifInOctets.3 = 0 interfaces.ifTable.ifEntry.ifOutOctets.3 = 0

y, ta hi v 3 varbind: sysDescr, ifInOctets, v ifOutOctets. Tng s varbind c tnh theo cng thc

N + (M * R) N: nonrepeater, tc s cc i tng v hng M: max-repeatition R: s cc i tng c hng trong yu cu ch c sysDescr l v hng N = 1 M c th t cho l 3 , tc l 3 trng cho mi ifInOctets v ifOutOctets. C 2 i tng c hng l ifInOctets v ifOutOctets R = 2 Tng s c 1 + 3*2 = 7 varbind

Trang 40

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cn trng v2c l do get-bulk l cu lnh ca SNMPv2 nn s dng v2c ch rng s dng PDU ca SNMPv2. -B 1 3 l t tham s N v M cho lnh. 1.7.6.4 Set Set: thay i gi tr ca mt i tng hoc thm mt hng mi vo bng. i tng ny cn phi c nh ngha trong MIB l read-write hay writeonly. NMS c th dng set t gi tr cho nhiu i tng cng mt lc:

Hinh 2-10: M hnh lnh set $ snmpget cisco.ora.com public system.sysLocation.0 system.sysLocation.0 = "" $ snmpset cisco.ora.com private system.sysLocation.0 s "Atlanta, GA" system.sysLocation.0 = "Atlanta, GA" $ snmpget cisco.ora.com public system.sysLocation.0 system.sysLocation.0 = "Atlanta, GA" Cu lnh u l dng get ly gi tr hin ti ca system.sysLocation. Trong cu lnh snmpset cc trng cisco.ora.com v system.sysLocation.0 c ngha ging vi get. private ch i tng read-write, v t gi tr mi bng: s "Atlanta, GA". s tc l t gi tr ca system.sysLocation.0 thnh string, v gi tr mi l "Atlanta, GA" . Varbind ny c nh ngha trong RFC 1213 l kiu string ti a 255 k t:
Trang 41

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

sysLocation OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "The physical location of this node (e.g., 'telephone closet, 3rd floor')." ::= { system 6 } C th ci t nhiu i tng cng lc, tuy nhin nu c mt hnh ng b li, ton b s b hy b. 1.7.6.5 Error Response ca get, get-next, get-bulk, set C nhiu loi li bo li t agent:

SNMPv1 Error Message noError(0) tooBig(1) noSuchName(2) Khng c li

M t

Yu cu qu ln c th dn vo mt cu tr li. OID yu cu khng tm thy, tc khng tn ti agent. Cu lnh set dng khng ng vi cc object read-write hay write-only. Li ny t dng. Li noSuchName tng ng vi li ny. Dng cho tt c cc li cn li, khng nm trong cc li trn Bang 2-5: Cc thng bo li trong SNMPv1

badValue(3)

readOnly(4)

genErr(5)

Trang 42

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cc loi li ca SNMPv1 mang tnh cht chung nht, khng r rng. Do SNMPv2 a ra thm mt s loi li nh sau: SNMPv2 Error Message noAccess(6) M T Li khi lnh set c gng xm nhp vo mt bin cm xm nhp. Khi , bin c trng ACCESS l not-accessible Li xy ra khi lnh set t mt kiu d liu wrongType(7) khc vi kiu nh ngha sn ca i tng. V d khi set t gi tr kiu string cho mt i tng kiu s nguyn INTEGER Li khi lnh set a vo mt gi tr c chiu di wrongLength(8) ln hn chiu di ti a ca i tng wrongEncoding(9) Li khi lnh set s dng cch m ha khc vi cch i tng nh ngha. wrongValue(10) Mt bin c t mt gi tr m n khng hiu. Khi mt bin theo kiu lit k enumeration c t mt gi tr khng theo kiu lit k. Li khi c t mt gi tr cho mt bin khng tn noCreation(11) ti hoc to mt bin khng c trong MIB inconsistentValue Mt bin MIB trng thi khng nht qun, v n khng chp nhn bt c cu lnh set no. resourceUnavailable(13) commitFailed(14) undoFailed(15) Khng c ti nguyn h thng thc hin lnh set i din cho tt c cc li khi lnh set tht bi Mt lnh set khng thnh cng v agent khng th phc hi li trng thi trc khi lnh set bt

Trang 43

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

u tht bi. authorizationError(16) Mt lnh SNMP khng c xc thc, khi mt ngi no a ra mt m khng ng. notWritable(17) inconsistentName(18) Mt bin khng chp nhn lnh set. C gng t mt gi tr, nhng vic c gng tht bi v bin ang tnh trng khng nht qun. Bang 2-6: Cc li trong SNMPv2 1.7.6.6 Trap Trap l cnh bo ca agent t ng gi cho NMS NMS bit c tnh trng xu agent. Khi nhn c mt trap t agent, NMS khng tr li li bng ACK. Do agent khng th no bit c l li cnh bo ca n c ti c NMS hay khng. Khi nhn c mt trap t agent, n tm xem trap number hiu ngha ca trap .

Hinh 2-11: M hnh gi Trap t Agent Bn tin Trap c agent t ng gi cho manager mi khi c s kin xy ra bn trong agent, cc s kin ny khng phi l cc hot ng thng xuyn ca agent m l cc s kin mang tnh bin c. V d: Khi c mt port down, khi c mt ngi dng login khng thnh cng, hoc khi thit b khi ng li, agent s gi trap cho manager.

Trang 44

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Tuy nhin khng phi mi bin c u c agent gi trap, cng khng phi mi agent u gi trap khi xy ra cng mt bin c. Vic agent gi hay khng gi trap cho bin c no l do hng sn xut device/agent quy nh. Phng thc trap l c lp vi cc phng thc request/response. SNMP request/response dng qun ln SNMP trap dng cnh bo. Ngun gi trap gi l Trap Sender v ni nhn trap gi l Trap Receiver. Mt trap sender c th c cu hnh gi trap n nhiu trap receiver cng lc. C 2 loi trap : trap ph bin (generic trap) v trap c th (specific trap). Generic trap c quy nh trong cc chun SNMP, specific trap do ngi dng t nh ngha (ngi dng y l hng sn xut SNMP device). Loi trap l mt s nguyn cha trong bn tin trap, da vo m pha nhn trap bit bn tin trap c ngha g. Theo SNMPv1, generic trap c 7 loi sau : coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborloss(5), enterpriseSpecific(6). Gi tr trong ngoc l m s ca cc loi trap. ngha ca cc bn tin generic-trap nh sau: S v tn kiu Trap nh ngha Thng bo agent va khi ng li. Tt c cc bin qun l s c reset, cc bin kiu Counters v Gauges c t v 0. coldStart (0) coldStart dng xc nh mt thit b mi gia nhp vo mng. Khi mt thit b khi ng xong, n gi mt trap ti NMS. Nu a ch NMS l ng, NMS c th nhn c v xc nh xem c qun l thit b hay khng. warmStart (1) Thng bo agent va khi to li, khng c bin no b reset. Gi i khi mt interface trn thit b chuyn sang trng thi down.
Trang 45

linkDown (2)

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

linkUp (3) authenticationFailure (4) egpNeighborLoss (5)

Gi i khi mt interface tr li trng thi up. Cnh bo khi mt ngi no c truy cp vo agent m khng c xc thc. Cnh bo mt EGP ln cn b down y l mt trap ring, ch c bit bi agent

enterpriseSpecific (6)

v NMS t nh ngha ring chng. NMS s dng phng php gii m c bit hiu c thng ip ny. Bang 2-7: Cc kiu Trap

trap c nh ngha trong MIB l rdbmsOutOfSpace: rdbmsOutOfSpace TRAP-TYPE ENTERPRISE rdbmsTraps VARIABLES { rdbmsSrvInfoDiskOutOfSpaces } DESCRIPTION "An rdbmsOutOfSpace trap signifies that one of the database servers managed by this agent has been unable to allocate space for one of the databases managed by this agent. Care should be taken to avoid flooding the network with these traps." ::= 2 Gi tr ca ENTERPRISE l rdbmsTraps, thng tin m t ca Trap c trong DESCRIPTION v gi tr ca Trap l 2. 1.7.6.7 Notification chun ha nh dng PDU trap ca SNMPv1 do PDU ca get v set khc nhau, SNMPv2 a ra NOTIFICATION-TYPE. nh dng PDU ca NOTIFICATION-TYPE l nhn ra get v set. NOTIFICATION-TYPE c nh ngha trong RFC 2863:

linkDown NOTIFICATION-TYPE OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }

Trang 46

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

STATUS current DESCRIPTION "A linkDown trap signifies that the SNMPv2 entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state (but not into the notPresent state). This other state is indicated by the included value of ifOperStatus." ::= { snmpTraps 3 } OID ca trap ny l 1.3.6.1.6.3.1.1.5.3, tc iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps .linkDown. 1.7.6.8 Inform SNMPv2 cung cp c ch truyn thng gia nhng NMS vi nhau, gi l SNMP inform. Khi mt NMS gi mt SNMP inform cho mt NMS khc, NMS nhn c s gi tr mt ACK xc nhn s kin. Vic ny ging vi c ch ca get v set. Ch : SNMP inform c th dng gi SNMPv2 Trap n 1 NMS. Trong trng hp ny agent s c thng bo khi NMS nhn c Trap. 1.7.6.9 Report c nh ngha trong bn nhp ca SNMPv2 nhng khng c pht trin. Sau c a vo SNMPv3 v hy vng dng truyn thng gia cc h thng SNMP vi nhau. 1.8. Tng kt Ct li ca giao thc qun l mng (SNMP) l mt tp hp cc hot ng, chc nng, gip nh qun tr mng c th qun l, theo di, thay i trng thi ca cc thit b trn h thng.

Trang 47

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 3. PHN MM GIM ST NAGIOS CORE


1.9. Gii thiu Nagios l mt cng c gim st h thng. iu ny c ngha l n lin tc kim tra trng thi ca my v dch v khc nhau trn cc my. Mc ch chnh ca h thng gim st l pht hin v bo co v bt k h thng khng hot ng, cng sm cng tt, do , ta nhn thc c vn trc khi ngi dng s dng. Nagios khng thc hin bt k kim tra my ch hoc cc dch v no trn ca my ch Nagios. N s dng plugin thc hin vic kim tra thc t. iu ny lm cho n c tnh linh hot cao, v l gii php hiu qu cho vic thc hin v kim tra dch v. i tng gim st ca Nagios c chia thnh hai loi: host v dch v. Host l cc my vt l (my ch, b nh tuyn, my trm, my in v vv), trong khi dch v l nhng chc nng c th, v d, mt my ch web (mt qu trnh x l http) c th c nh ngha nh l mt dch v c gim st. Mi dch v c lin quan n mt my ch l dch v ang chy trn . Ngoi ra, c hai my v dch v c th c nhm li thnh cc nhm dch cho ph hp.

Hinh 3-12: Cc i tng cn gim st trn Nagios


Trang 48

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Nagios c hai u im ln khi ni n qu trnh gim st, thay v theo di cc gi tr, n ch s dng bn mc m t tnh trng: OK, WARNING, CRITICAL, v UNKNOW. Cc m t tnh trng ca cc i tng c gim st cho php ngi qun tr quyt gii quyt hay b qua cc vn trn h thng m khng tn nhiu thi gian. y chnh l iu Nagios lm. Nu ta ang theo di mt gi tr s nh s lng khng gian a v ti CPU, ta c th nh ngha ngng nhng gi tr c cnh bo khi cn thit. Mt thun tin khc ca Nagios l cc bo co v trng thi ca cc dch v ang hot ng. Bo co ny cung cp mt ci nhn tng quan tt v tnh trng c s h tng. Nagios cng cung cp cc bo co tng t cho cc nhm my ch v cc nhm dch v, cnh bo khi bt k dch v quan trng hoc c s d liu server ngng hot ng. Bo co ny cng c th gip xc nh u tin ca cc vn nh vn no cn c gii quyt trc. Nagios thc hin tt c cc kim tra ca mnh bng cch s dng plugins. y l nhng thnh phn bn ngoi m Nagios qua ly c thng tin v nhng g cn c kim tra v cung cp cc cnh bo cho ngi qun tr. Plugins c trch nhim thc hin cc kim tra v phn tch kt qu. Cc u ra t mt kim tra l mt trng thi (OK, WARNING, CRITICAL, hoc UNKNOW) v cc vn bn b sung cung cp thng tin v cc dch v c th. Vn bn ny ch yu dnh cho cc qun tr vin h thng c th c mt trng thi chi tit ca mt dch v. Nagios khng ch cung cp mt h thng ct li theo di, m cn cung cp mt tp cc plugins tiu chun trong mt gi ring bit (xem http://nagiosplugins.org/ bit thm chi tit). Nhng plugin ny cho php kim tra cc dch v ang chy trn h thng. Ngoi ra nu ta mun thc thi mt kim tra c bit, ta c th to mt plugin ring cho mnh. 1.9.1. Li ch ca vic gim st ti nguyn C nhiu l do ti sao ta nn chc chn rng tt c cc ngun ti nguyn ang lm vic nh mong i. Cc li th chnh l s ci thin v cht lng. Nu nhn vin IT c th thng bo s c nhanh chng hn, h cng s c th x l cc vn nhanh hn. i khi, s mt vi gi hoc vi ngy c c bo co u tin ca
Trang 49

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

mt s c. Nagios s m bo rng nu c thit b hoc dch v g l khng lm vic, ta bit v n mt cch nhanh nht. N cng c th lm cho Nagios thc hin cc khi phc t ng, iu ny c thc hin nh vo cc s kin c nh ngha trong Nagios. y l cc lnh c chy sau khi tnh trng ca mt my ch lu tr hoc dch v thay i, v d khi mt router chnh khng hot ng, Nagios s chuyn n mt gii php d phng cho n khi router chnh c sa. Mt trng hp in hnh l mt kt ni quay s nh d phng s c bt, trong trng hp mt kt ni VPN. Mt li th l xc nh vn tt hn. Nagios c th xc nh c chnh xc mt s c xy ra trn h thng nhng khng mt nhiu thi gian. Nagios cng rt linh hot khi thng bo cho mi ngi v nhng s c. Ta c th thit lp n gi email cho nhng ngi khc nhau ty thuc vo nhng s c . Trong hu ht cc trng hp, cng ty c mt lng ln i ng CNTT hoc nhiu i. Thng thng, ta mun mt s ngi x l cc my ch, v nhng ngi khc x l cc thit b switch / router / modem. Ta thm ch c th s dng giao din web 'Nagios qun l ngi no ang lm vic v vn g. Ta cng c th cu hnh cch Nagios gi cnh bo qua email, SMS , MSN Gim st ngun ti nguyn khng ch hu ch xc nh vn , n cng c th gip ta tit kim thi gian tm hiu chng. Nagios cnh bo v x l cc tnh hung quan trng khc nhau. iu ny c ngha rng n c th nhn ra vn tnh hung quan trng mt cch nhanh chng. V d, nu a cng lu tr trn mt my ch email l s dng ht th tt hn ta nn c thng bo v tnh trng ny trc khi n tr thnh mt vn nghim trng. Gim st cng c th c thit lp trn nhiu my tnh trn khp cc a im khc nhau m c th giao tip tt c cc kt qu n mt my ch Nagios trung tm. Bng cch ny, thng tin v tt c cc host v dch v trong h thng c th c truy cp t mt my tnh n l. iu ny s cho ta mt bc tranh hon chnh c s h tng CNTT.

Trang 50

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.9.2. Cc chc nng chnh Cc chc nng ca Nagios rt linh hot, n c th c cu hnh theo di c s h tng CNTT theo cch ta mun. N cng c mt c ch t ng phn ng vi cc vn , v mt h thng cnh bo mnh. Tt c iu ny c da trn mt h thng nh ngha cc i tng r rng: Commands: c nh ngha v cch Nagios cn thc hin cc loi kim tra, chng l mt lp tru tng cho php ta nhm cc hot ng tng t li vi nhau. Time-periods: l ngy v thi gian ko di m trong mt hot ng nn hay khng nn c thc hin, v d: Th hai n th su 9:00-17:00. Contacts v Contact groups: l nhng ngi cn c cnh bo, cng vi thng tin v cch thc v thi gian h cn c cnh bo. Contacts c th c nhm li thnh Contact groups. Host: l nhng my vt l, cng vi thng tin v vic ai s c lin lc, lm th no kim tra phi c thc hin, v khi no. Host c th c nhm li thnh cc Host group, mi host c th l mt thnh vin ca nhiu Host group. Services: l cc chc nng khc nhau hoc cc ti nguyn cn c gim st, cng vi thng tin v nhng ngi cn c lin lc, lm th no kim tra phi c thc hin, v khi no. Service c th c nhm li thnh cc service group, mi service c th l mt thnh vin ca nhiu service group. Host v service escalation: nh ngha khong thi gian c ch ra m sau ngi ph nn c cnh bo ca cc s kin no - v d mt my ch quan trng l ngng hot hn 4 gi nn cnh bo cho qun tr vin h bt u theo di cc vn . Mt tin ch quan trng ta s t c bng cch s dng Nagios l mt h thng ph thuc. i vi cc qun tr vin, r rng l nu router b hng, tt c cc my truy cp thng qua n s tht bi. Nagios cho php ta nh ngha ph thuc gia cc my hnh thnh cu trc lin kt mng li thc t. V d, nu mt switch, cho kt ni ta vi mt b nh tuyn ngng hot ng, Nagios s khng
Trang 51

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

thc hin bt k kim tra trn router hoc trn cc my tnh ph thuc vo router. iu ny c minh ha trong v d sau y:

Hinh 3-13: V d m t s c Ta cng c th nh ngha rng mt dch v ph thuc vo mt dch v khc, hoc trn cng mt my ch hoc trn cc my ch khc nhau. Nu mt trong cc dch v l ngng hot ng, mt kim tra cho mt dch v m ph thuc vo n s khng c thc hin. V d, i vi mng ni b ca ng dng cng ty hot ng tt, c hai my ch web c bn v c s d liu mt my ch u hot ng. V vy, nu mt dch v c s d liu khng hot ng, Nagios s khng thc hin kim tra cc ng dng. My ch c s d liu c th l trn cng mt my hot khc my.Trong mt trng hp nh vy, nu my b hng hoc khng th truy cp, cnh bo cho tt c cc dch v ph thuc vo cc dch v c s d liu s khng c gi. Nagios cng cung cp c ch ln lch cho k hoch ngng hot ng v mt vi l do no nh bo tr hoc nng cp h thng. Ta c th ln lch cho mt
Trang 52

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

my ch c th hoc dch v d kin khng c sn. iu ny s ngn chn Nagios thng bo cho ngi c cu hnh cn gi cnh bo v cc vn lin quan n i tng ny. Nagios cng c th thng bo cho mi ngi k hoch ngng hot ng mt cch t ng. iu ny ch yu c s dng khi bo tr c s h tng IT v h thng cng nh dch v ngng hot ng trong mt thi gian di. 1.9.3. Trng thi tm thi v c nh Nagios hot ng bng cch kim tra xem mt my ch hoc dch v c hot ng tt khng v lu tr trng thi ca n. Bi v trng thi ca mt dch v ch l mt trong bn gi tr OK, WARNING, CRITICAL, UNKNOW. iu quan trng l n thc s xc nh c tnh trng hin ti. trnh pht hin tm thi v ngu nhin vn , Nagios s dng trng thi tm thi v c nh m t tnh trng hin ti ca mt my ch lu tr hoc dch v. Hy tng tng rng mt qun tr vin khi ng li mt my ch web v hot ng ny lm cho mt cc kt ni n my ch web trong 5s. Nh thng, khi ng li nh vy c thc hin vo ban m gim s lng ngi dng b nh hng, y l khong thi gian chp nhn c. Tuy nhin, mt vn c th ny sinh khi Nagios c gng kt ni ti my ch v thng bo rng n thc s ngng hot ng nu ch da vo mt kt qu duy nht. x l tnh hung khi mt dch v ngng hot ng trong mt thi gian rt ngn, hoc cc kim tra tm thi khng thnh cng, ngi ta a ra trng thi tm thi. Khi trng thi ca mt kim tra l UNKNOW, hoc n l khc nhau cc trng thi trc , Nagios s tin hnh kim tra li cc my ch, dch v nhiu ln m bo rng thay i l c nh trong mt khong thi gian di. S ln kim tra c cu hnh trong phn nh ngha cc dch v. Nagios gi nh rng cc kt qu mi l mt trng tm thi. Sau khi tin hnh kim tra nhiu ln m trng thi khng i, th n c coi l mt trng thi c nh. Mi Host v Service c nh ngha s th kim tra s c thc hin trc khi n c th c gi nh rng thay i l vnh vin. iu ny cho php linh hot trong vic kim tra cc s c. Thit lp s lng kim tra mt s gy ra cc thay i

Trang 53

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

c coi l kh khn ngay lp tc. Sau y l mt minh ha cho trng thi tm thi v c nh, gi s s ln kim tra l 3 ta s c:

Hinh 3-14: Kim tra trng thi Tnh nng ny cho php b qua s c ngng hot ng trong thi gian ngn ca mt dch v. N cng rt hu ch thc hin cc kim tra nh k ngay c khi mi th hot ng tt. 1.10. Tng kt C nhiu li ch khi s dng h thng gim st. N m bo rng cc dch v ang lm vic mt cch chnh xc. N gip pht hin cc vn trc v m bo rng nhng ngi thch hp s c cnh bo khi c s c xy ra. m bo rng tt c cc dch v hot ng tt l iu cn thit. Trong trng hp xy cc vn , h thng s gip trong vic a ra mt bc tranh r rng v nhng g ang lm vic, v nhng g khng. Nagios l mt ng dng rt mnh cho vic gim st ti nguyn. N ph hp vi c cc h thng ln v nh. N c th gip t chc duy tr cht lng dch v cao hn. Nagios cng gip trong vic xc nh nguyn nhn gc r ca vn . N bao gm c ch rt linh hot theo di v thng bo v c s h tng. Nagios l mt cng c cc k mnh m nh n c th c cu hnh theo bt k cch no ta mun. Hn na n cng c th c m rng nu c nhu cu.

CHNG 4 . CISCO SECURITY MONITORING, ANALYSIS, AND RESPONSE SYSTEM

Trang 54

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.11. H thng gim thiu mi e da an ninh CS-MARS ban u c to ra gii quyt cc vn ca cc t chc c lin quan n cc d liu c thu thp. Trong qu kh, tt c cc d liu c thu thp t cc thit b bo mt v mng nh router, switch, firewall, IDS, server c lu trong cc thit b ring bit. Mi nh sn xut v vi mi thit b khc nhau u s dng cch thc ring lu tr cc bo co cng nh cc s kin thu thp c t cc thit b . S tng quan khng tn ti, c bit l qua nhiu nh cung cp, v qun tr vin phi t theo di cc thit b khc nhau. Mc ch ca MARS l t ng thu thp thng tin d liu ca cc s kin v lu chng trong mt c s d liu ln, thng qua c th xc nh chnh xc cc vn , s c ang xy ra trn h thng. 1.12. M hnh ha v tnh trc quan MARS c th bit c v tr cc thit b trong h thng. N c th ly c thng tin m hnh h tng khi c thc thi khm ph cc thit b trong mng. Trong qu trnh tm hiu h thng mng, MARS kt ni ti tt c cc thit b hoc c thng tin t tp tin cu hnh v lu thng tin xung c s d liu. MARS tin hnh qu trnh ny mt cch nh k cho thng tin c cp nht. MARS cng rt linh hot trong vic cu hnh khm ph h thng. Qu trnh tm hiu thng tin c thc thi theo yu cu, nh ta ang iu tra s c bo mt. V d, CS-MARS c th pht hin mt my tnh trn h thng ang b nhim worm. Khi ta chn cc iu tra s c lin quan n worm, MARS tin hnh theo di cc my ch b nhim bng cch c cc giao thc phn gii a ch (ARP) v b nh a ch ni dung (CAM) v cc thit b mng ta pht hin c cng ca switch kt ni n my b nhim. Ta c th xem thng tin ny cng nh biu hin th ni cc my ch b nhim worm c quan h vi cc my ch v cc thit b khc. Cc tnh nng trc quan cng c th cho php ta xem s qu trnh ly nhim worm. N cn c th khuyn ta nn hnh ng ngn chn mt tn cng trong h thng. Bi v n c th pht hin cng ca switch kt ni n my tnh b ly nhim, v khuyn ta nn tm thi tt cng .
Trang 55

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.13. H thng bo co quy tc mnh CS-MARS cung cp cng c truy vn mnh cho php ta c th d dng to mt bo co hay quy tc b sung cho h thng. Mc nh CS-MARS c mt tp cc quy tc v bo co cho php ta c th thay i, ty chnh. Cng c truy vn cho php nhanh chng hin th, mt trong cc nh dng cn bn, cc thng tin m ta quan tm. Thng thng cc truy vn c lu li di dng bo co hoc quy tc cho php t ng truy vn ln sau. 1.14. Cnh bo v gim thiu nguy c MARS cho php ta ty bin cc cnh bo d trn cc loi s c. V d, hot ng thu thp thng tin ca k tn cng c thc thi di hnh thc mt cuc tn cng trn b m khng thnh cng c th l mt s c ta mun c thng bo. MARS c nhiu cch cnh bo cho ta bit c s c trn h thng: Email Syslog SNMP Paging Short Message Service (SMS) Email vi tp tin XML nh km. 1.15. M t cc thut ng trong CS-MARS CS-MARS s dng cc thut ng c th hi khc vi nhng g ta ang s dng. hiu MARS v qu trnh iu tra hoc truy vn, ta nn hiu r nhng thut ng ny. 1.15.1. S kin (Event) Mi mt ghi nhn v cc s kin, bt k t cc thit b no, u c coi l mt s kin. Mt s kin c th c thu nhn t nhiu ngun nh SNMP, syslog, RDEP, SDEE, hoc t Server Message Block (SMB).

Trang 56

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.15.2. Phin (Session) CS-MARS thu thp cc s lin quan vi nhau, kt qu ca s lin quan cc s kin ny to ra mt session. Mt session c to khi cc s kin c xc nh bi thi gian, IP ngun, IP ch, port ngun, port ch, giao thc v MARS xc nh c rng chng c lin quan n nhau. Gi s ta xem xt mt cuc tn cng n my ch web, cc thit b mng v bo mt u to ra mt bn ghi. Ta c th thy mt session c to bi mt tp cc bn ghi s kin : Firewall cho php truyn thng qua cng 80 TCP t my ca k tn cng n my ch web v gi mt bn ghi n MARS qua syslog. IDS hoc IPS xc nh c tn cng DDOS n my ch web v gi bn ghi thng qua SDEE. Router xc nh c truyn thng t my k tn cng n my ch web qua TCP 80 v gi bn ghi qua syslog. My ch web ghi nhn li thng tin ca k tn cng ri gi n MARS. Tt c cc bn ghi s kin ca d liu xut pht t cng mt mng s c thu thp to thnh mt session. 1.15.3. Quy tc (Rules) Rules l cc quy nh phi c p ng chnh xc CSMARS c mt hnh ng. Theo mc nh, khi tt c cc iu kin ca Rule c p ng, mt s c c to ra, ty thuc vo tng loi Rules, ta c th bit thm chi tit cc hnh ng. Rules c th l nhng ci c bn, nh cc s kin bo co ca Firewall hoc IDS, hoc phc tp hn l c im cc hnh ng v d nh mt my Server kt ni vi my Client thng qua cc Port v sau gi n nhng hnh ng trn mng.

Trang 57

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

n gin nh mt quy tc c th l bo cho ti bit khi c t kha ny xut hin trong cc s kin hay phc tp hn nh bo cho ti tt c cc trng hp khi c ngi c gng tn cng ng nhp vo h thng. MARS s dng cc quy tc xc nh cc hot ng m ta mun kim tra. Quy tc c th c to ra nh truy vn v thng s dng trong cc bo co. 1.15.4. S c (Incident) Mt Incident l mt chui cc s kin tng quan ng vi mi Rule khi c tn hiu mt cuc tn cng vo h thng mng. CS-MARS s pht hin, gim thiu, bo co, v phn tch cc s c . Da trn bng iu khin mng v cc trang Incident s gip chng ta pht hin v hin th cc s c trn h thng mng v gip a ra cc quy tc v cc s kin phng chng li cc tn cng. 1.15.5. False Positive CS-MARS xem xt mt tn cng khng thnh cng hoc bi v khng th xm nhp c vo mc tiu tn cng hoc b cc thit b bo mt ngn chn hay cng c th do mt bo co sai v mt truyn thng c xem l mt tn cng. Lc ny CS-MARS s sinh ra mt False Positive CS-MARS s dng mt h thng tch hp nh gi tnh tn thng (VA) ca mng c th c kch hot trn tt c hay mt phn ca mng. H thng VA xc nh chnh xc hn cc cuc tn cng l c tht hay khng. C 3 loi False Positive c s dng trn CS-MARS False Positive khng c xc nhn: c to ra khi MARS tin nhng khng chc chn rng mt thit b trn h thng b tn cng. False Positive c ngi dng xc nhn: sau khi xem xt cc False Positive khng c xc nhn v ng vi s xc nh ca MARS, ngi dng khng nh li false positive th s to ra False Positive ny. False Positive c h thng xc nhn: xy ra khi mt thit b bo co rng n chn c mt cuc tn cng. iu ny c ngha l khi c mt vi thit b ch ra mt cuc tn cng trong khi t nht c mt cuc tn

Trang 58

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cng b tht bi hoc khi my b tn cng gi mt bn ghi cho bit c mt tn cng tht bi n n. 1.16. S gim nh ri ro CS-MARS c rt nhiu cch gim thiu cc mi e da v tn cng. V MARS c c thng tin ton b ca m hnh h thng v n c th xc nh chnh xc v tr ca cc mi e da. MARS c th xc nh phng php tt nht gim nh mt cuc tn cng. Trong khi ang iu tra v mt s c bo mt, ta c th yu cu a ra mt ngh gim nh cc mi e da. 1.17. Giao din ngi dng ca CS-MARS Giao din ny cho php ngi dng s dng mt cch d dng v thun tin hn. Giao din ny chy trn nn web. Ngi dng ch cn dng trnh duyt web truy cp vo CS-MARS. Ta c th c c tt c cc thng tin v h thng nh tnh trng h thng, bo co, truy vn 1.18. Tng kt CS-MARS ng hai vai tr quan trng trong h thng. u tin, n l mt thit b rt quan trng trong vic ci tin s t v ca h thng mng. S t v ny c gia tng l do s bo v trn ton h thng c truyn thng t cc thit b vi nhau. Ngoi ra CS-MARS cn l mt thit b gim thiu cc nguy c, cung cp cc thng tin mt cch nhanh chng v chnh xc cho vic phn ng li cc s c trn h thng.

Trang 59

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

CHNG 5. TRIN KHAI V NH GI H THNG GIM ST


1.19. M hnh trin khai

Hinh 5-15: M hnh trin khai 1.20. Gii thiu m hnh M hnh trin khai c xy dng da trn h thng thc t ca trng i hc Lt. Vi cu trc h tng mng 3 lp, m hnh c xy dng nhm m bo tnh n nh, sn sng v tng kh nng chu li cao cho h thng. H thng bao gm cc lp sau: Lp Core: bao gm 2 switch 4750R l Dalat-CoreSW-1 v DalatCoreSW-2. 2 switch ny ng vai tr ct li trong h thng. Do l switch lp 3 nn chng va c tc dng trong c nh tuyn nh router v chuyn mch nh switch. Lp Distribution: gm 3 switch 3750 l A4-Dis, A8-Dis, KTX-Dis. 3 switch ny nm lp trung gian, chu trch nhim cho vic truyn thng, chuyn mch gia cc switch lp Core v lp Access. Lp Access: l cc switch nm ti cc ta nh. Chng l thit b trc tip kt ni vi ngi dng cui.

Trang 60

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Khu vc cc my ch ng dng: gm 3 my tnh chnh chy h iu hnh Windows Server 2003 v Windows Server 2008, ng vai tr l Web Server, DNS Server v Backup Server. Khu vc qun tr: gm mt my tnh ng vai tr l Nagios Server chy h iu hnh CentOS v thit b gim st chuyn dng CS-MARS. 1.21. Nagios 1.21.1. Ci t 1.21.1.1 Ci t h iu hnh CentOS Cho a CentOS vo a CD. Khi ng my v cho boot t CD, mn hnh hin th giao din nh hnh di, n Enter.

Trang 61

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Skip khi phi kim tra a CD:

Khi mn hnh ci t CentOS hin ra, chn Next

Trang 62

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

La chn ngn ng, English Next

La chn ngn ng cho bn phm , English Next

Trang 63

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Yes khi xut hin cu hi "Would you like to initialize this drive, erasing ALL DATA?"

mn hnh k tip, nn la chn "Remove linux partitions on selected drives and create default layout." H thng s t ng to phn vng /boot v /.

Trang 64

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Yes mn hnh k tip:

Ti phn la chn cu hnh network, chn Edit

Trang 65

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ci t IP theo nh hnh di, chn OK Next

La chn Timezone Asia/Ho_Chi_Minh NEXT

Trang 66

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

t mt khu cho root Next

By gi ta s la chn cc packages cn ci t. Chn Customize Now Next

Trang 67

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Trong phn tip theo, tt c cc Menu bn tri, ta uncheck ton b cc packages, ring phn Base system ch la chn Base packages Next

H thng s t tm cc packages tin hnh ci t

Trang 68

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ti y, ta chn Next

Phn vng cng s c format ...

Trang 69

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Bt u tin hnh ci t h iu hnh CentOS

Reboot sau khi tin trnh ci t hon tt.

Trang 70

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.21.1.2 Ci t Nagios Yu cu ci t phn mm trc tin ta phi c quyn truy cp ti khon root. m bo rng cc gi ci t sau c ci trn h iu hnh CentOS trc khi tip tc: Apache PHP Phn bin dch GCC Th vin GD Chng ta c th s dng lnh yum ci t cc gi ng dng bng cc lnh sau: yum install httpd php yum install gcc glibc glibc-common yum install gd gd-devel To thng tin ti khon ngi dng Trc tin ta phi c quyn truy cp nh l root su -l To ti khon nagios v mt khu /usr/sbin/useradd -m nagios passwd nagios To mt nhm ngi dng mi l nagcmd, cho php ti khon nagios c th truy cp vo giao din web ta thm ti khon nagios v apache vo nhm nagcmd /usr/sbin/groupadd nagcmd /usr/sbin/usermod -a -G nagcmd nagios /usr/sbin/usermod -a -G nagcmd apache

Trang 71

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ti phn mm nagios v cc plug-in To mt th mc lu tr phn mm ti v mkdir ~/downloads cd ~/downloads Ti phn mm nagios v plug-in ti 2 a ch sau: http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins1.4.11.tar.gz Bin dch v ci t Nagios Gii nn m ngun ca nagios c ti v cd ~/downloads tar xzf nagios-3.2.3.tar.gz cd nagios-3.2.3 Chy tp tin kch bn cu hnh ca nagios bng tn nhm ngi dng nagcmd c to phn trn ./configure --with-command-group=nagcmd Bin dch m ngun ca nagios make all Ci t chng trnh, tp lnh init, tp tin cu hnh mu v thit lp quyn cho cc th mc cn thit. make install make install-init make install-config make install-commandmode

Trang 72

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Ty chnh cu hnh Nhng tp tin cu hnh ca nagios nm ti th mc /usr/local/Nagios/etc. Chnh sa tp tin contacts.cfg ti/usr/local/Nagios/etc/objects/contacts.cfg thay i thng tin a ch email cn dng cho vic nhn cc cnh bo. vi /usr/local/nagios/etc/objects/contacts.cfg Cu hnh giao din Web Ci t tp tin cu hnh web Nagios trong th mc conf.d ca Apache. make install-webconf To ti khon nagiosadmin ng nhp vo giao din web ca Nagios. htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin Khi ng li Apache cc ci t mi c hiu lc. service httpd restart Bin dch v ci t cc Plugins ca Nagios Gii nn m ngun ca Nagios Plugins cd ~/downloads tar xzf nagios-plugins-1.4.11.tar.gz cd nagios-plugins-1.4.11 Bin dch v ci t plugins ./configure --with-nagios-user=nagios --with-nagios-group=nagios make make install Bt u Nagios Thm Nagios vo danh sch cc dch v h thng t bt u khi h iu hnh c khi ng. chkconfig --add nagios

Trang 73

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

chkconfig nagios on Xc nh tp tin cu hnh ca Nagios xem c li g khng. /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Nu kt qu tr v l khng c li th ta bt u dch v Nagios. service nagios start Sa i SELinux H iu hnh CentOS c ng dng SELinux (Security Enhanced Linux) c ci t mc nh v ch Enforcing. iu ny c th lm chng ta khng truy cp c giao din ca Nagios. Xem th ch ca SELinux c phi l Enforcing khng. getenforce t li ch cho SELinux l Permissive. setenforce 0 thay i ny c nh, ta phi thay i cu hnh ca SELinux ti /etc/selinux/config v khi ng li. Thay v phi v hiu ha SELinux hoc chuyn n sang ch Permissive, ta c th dng cc lnh sau chy CGIs ca Nagios di ch Enforcing: chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/ chcon -R -t httpd_sys_content_t /usr/local/nagios/share/ ng nhp vo giao din Web ca Nagios By gi ta c th ng nhp vo giao din web ca Nagios vi ti khon nagiosadmin v mt khu c thit lp lc u ti a ch: http://localhost/nagios/ Ti y l thnh cng trong vic ci t phn mm Nagios.

Trang 74

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

1.21.2. Cu hnh Nagios 1.21.2.1 Cu hnh gim st h thng chy h iu hnh Windows Gii thiu Chng ta s tin hnh cu hnh Nagios gim st cc thng tin c bn ca h thng Windows l mt my Client mu (Sample Client): Memory s dng Ti CPU Dung lng a s dng Trng thi cc dnh v Cc tin trnh ang chy Khi qut cch hot ng ca Nagios vi Windows

Hinh 5-16 Giao tip gia Nagios v Windows Gim st cc dch v hay cc thuc tnh ca mt h thng Windows yu cu ta phi ci mt Agent trn . Agent ny ging nh l mt trung gian gia cc Plugin ca Nagios c dng gim st cc dch v v thuc tnh ca Windows. Nu Agent khng c ci t trn h thng Windows th ta khng th gim st c. y ta s dng phn mm NSClient++ gim st my Windows v s dng plugin check_nt giao tip vi NSClient++ (check_nt c ci t trn my ch Nagios nh phn trn). Ngoi NSClient++ ta c th s dng NC_Net c chc nng tng t NSClient++.
Trang 75

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cc bc tin hnh C mt vi qu trnh cn thc hin tin hnh gim st mt my Windows l: Kim tra cc yu cu. Ci t agent trn my Windows. To mt host v mt nh ngha service gim st my Windows. Khi ng li tin trnh nagios cp nht thay i. Yu cu cu hnh Nagios gim st mt my tnh Windows ta cn cu hnh cc thng tin sau: Chnh sa tp tin cu hnh Nagios: vi /usr/local/nagios/etc/nagios.cfg B k t # dng sau: #cfg_file=/usr/local/nagios/etc/objects/windows.cfg Lu tp tin v thot. Cng vic va lm cu hnh cho Nagios bit c cc thng tin trong tp tin /usr/local/nagios/etc/objects l ni thm cc thng tin v my windows v cc dch v cn gim st. Ci t Agent trn Windows Trc khi tin hnh gim st ta cn ci t agent trn Windows. y ta s dng NSClient++ c th tm thy ti: http://nsclient.org/nscp/downloads Ti phin bn NSClient++ mi nht ti:

http://nsclient.org/nscp/downloads Gii nn tp tin ti v th mc C:\NSClient++ M ca s Command Prompt G lnh sau ci t NSClient++:


Trang 76

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

o nsclient++ /install Bt biu tng NSClient++ trn thanh menu h thng o nsclient++ SysTray Bt trnh qun l dch v ca NSClient++ m bo cho php truyn thng gia Nagios Server v my Windows.

Hinh 5-17: Phn mm NSClient++ Chnh sa tp tin NSC.INI (trong th mc C:\NSClient++): B du ; tt c cc modules c lit k trong [modules] tr CheckWMI.dll v RemoteConfiguration.dll Ty chn mt khu c th thay i ti phn [Settings] B du ; ca allowed_hosts trong phn [Settings]. Thm a ch IP ca Nagios Server hoc trng cho php bt k host no kt ni n m bo cng trong phn [NSClient] l 12489 G lnh sau bt u dch v NSClient++ trn windows nsclient++ /start Nu ci t ng th mt biu tng mi s xut hin trong khay h thng.
Trang 77

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

n y ta c th thm my Windows vo tp tin cu hnh ca Nagios bt u gim st. Cu hnh Nagios By gi ta s nh ngha cc object definitions trong tp tin cu hnh gim st mt my Windows mi M tp tin windows.cfg vi /usr/local/nagios/etc/objects/windows.cfg Thm mt nh ngha mi cho my Windows tin hnh gim st. Thay i cc thng tin nh host_name, alias, address thch hp: define host{ use host_name alias address } By gi ta s nh ngha cc dch v cn gim st trn my Windows Theo di phin bn ca NSClient++. iu ny rt hu ch cho vic cn kim tra nng cp phin bn NSClient++ khi cn thit: define service{ use host_name service_description check_command } Gim st thi gian hot ng ca my Windows generic-service Sample Client NSClient++ Version check_nt!CLIENTVERSION windows-server Sample Client My Windows Server 10.0.4.11

Trang 78

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

define service{ use host_name service_description check_command } Gim st ti ca CPU v cu hnh Nagios bt cnh bo l WARNING nu ti ln hn 80% trong 5 pht v CRITICAL nu ti ln hn 90% trong 5 pht. define service{ use host_name service_description check_command } nh ngha dch v gim st dung lng s dng ca b nh. WARNING nu s dng trn 80% v CRITICAL nu s dng trn 90% define service{ use host_name service_description check_command } Gim st dung lng a C. Bt cnh bo WARNING khi s dng trn 80% dung lng a cng v CRITICAL khi dng trn 90%. define service{ generic-service Sample Client Memory Usage check_nt!MEMUSE!-w 80 -c 90 generic-service Sample Client CPU Load check_nt!CPULOAD!-l 5,80,90 generic-service Sample Client Uptime check_nt!UPTIME

Trang 79

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

use host_name service_description check_command }

generic-service Sample Client C:\ Drive Space check_nt!USEDDISKSPACE!-l c -w 80 -c 90

nh ngha dch v gim st tin trnh Explorer.exe v bt CRITICAL nu tin trnh ny khng chy. define service{ use host_name service_description check_command Explorer.exe } Hin th tt c cc tin trnh ang chy define service{ use hostgroup_name service_description check_command } l mt vi dch v gim st my Windows c bn. Ta lu li tp tin cu hnh Mt khu Nu c cu hnh mt khu trong NSClient++ Windows, cn sa i lnh check_nt cho php mt khu. M tp tin commands.cfg chnh sa. generic-service windows-servers Process check_nt!INSTANCES!-d SHOWALL -l Process generic-service Sample Client Explorer check_nt!PROCSTATE!-d SHOWALL -l

Trang 80

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

vi /usr/local/nagios/etc/objects/commands.cfg Thay i nh ngha ca lnh check_nt cho php mt khu vi ty chn s <mt khu> define command{ command_name check_nt command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s

PASSWORD -v $ARG1$ $ARG2$ } Lu li tp tin commands.cfg Khi ng li dch v Nagios Kim tra xem cc thng tin cu hnh c li g khng vi lnh /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Nu qu trnh kim tra thng bo c li, tin hnh sa li ti tp tin c thng bo ri khi ng li dch v nagios cp nht thay i service nagios restart Kt qu gim st trn Sample Client: Thng tin cc dch v cu hnh kim tra trn Sample Client: dung lng C, ti CPU, Explore, dung lng memory s dng, phin bn ca NSClient++, cc tin trnh ang chy trn my, thi gian bt my.

Trang 81

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-18: Thng tin cc dch v trn Sample Client Theo hnh 5-5 ta c th thy thng tin v Sample Client: IP Address, trng thi host, trng thi thng tin, host c chp chn hay khng, thi gian cp nht cui cng

Hinh 5-19: Thng tin v Sample Client 1.21.2.2 Gim st Router v Switch Gii thiu Phn m t trin khai di y trnh by cch gim st trng thi ca router hoc switch. Chng ta khng th gim st nu cc thit b ny khng c a ch IP. Mc khc nu cc thit b trn h tr giao thc SNMP s rt thun tin cho vic gim st. Cc thng tin gim st trn router hoc switch Lng d liu b mt v thi gian truyn trung bnh ca lnh ping Thng tin trng thi thit b
Trang 82

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Khi qut Gim st cc thit b router v swich c th c n gin ha ty thuc vo loi thit b v thng tin cn gim st. Switch v router c th c theo di d dng bi lnh ping xc nh n nh ca ng truyn. Nu thit b h tr SNMP ta c th gim st nhiu thng tin hn. Lnh check_snmp ch hot ng khi h thng c ci t cc gi ng dng net_snmp v net_snmp_utils. Nu cc ng dng ny cha c ci t th hy ci chng trc v ci li cc plugin ca nagios. Cc bc tin hnh Cn tin hnh cc bc sau gim st thit b: Kim tra cc yu cu. To mt host v mt nh ngha service gim st my Router v Switch Khi ng li tin trnh nagios cp nht thay i. Yu cu cu hnh Nagios gim st mt router hay switch ta cn cu hnh cc thng tin sau: Chnh sa tp tin cu hnh Nagios: vi /usr/local/nagios/etc/nagios.cfg B k t # dng sau: #cfg_file=/usr/local/nagios/etc/objects/switch.cfg Lu tp tin v thot. Cng vic va lm cu hnh cho Nagios bit c cc thng tin trong tp tin /usr/local/nagios/etc/objects l ni thm cc thng tin v router hoc switch cng cc dch v cn gim st.
Trang 83

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cu hnh Nagios Ta cu hnh Nagios gim st switch Dalat-CoreSW-1 nh sau: By gi ta s nh ngha cc object definitions trong tp tin cu hnh gim st mt my router hoc switch mi M tp tin switch.cfg vi /usr/local/nagios/etc/objects/switch.cfg Thm mt nh ngha mi cho router hoc switch tin hnh gim st. Thay i cc thng tin nh host_name, alias, address thch hp: define host{ use host_name alias address hostgroups } Gim st cc dch v gim st cc dch v ta tin hnh nh ngha cc dch v trong tp tin switch.cfg Gim st cc gi d liu b mt v RTA Thm nh ngha dch v sau theo di cc gi d liu b mt v thi gian gi trung bnh gia Nagios server v host cn gim st mi 5 pht trong iu kin bnh thng. define service{ use host_name generic-service Dalat-CoreSW-1 generic-switch Dalat-CoreSW-1 Dalat Switch Core 10.0.255.1 Dalat Switch Core

Trang 84

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

service_description PING check_command normal_check_interval retry_check_interval } ngha ca dch v: OK nu RTA b hn 200ms v d liu b mt b hn 20% Bt cnh bo WARNING nu RTA ln hn 200 ms hoc mt hn 20% d liu. Nagios s thng bo CRITICAL nu RTA ln hn 600 milisecond hoc mt hn 60% gi d liu. Gim st thng tin trng thi bng SNMP Nu router hoc switch h tr SNMP th c th theo di nhiu thng tin bng giao thc ny. Gim st thi gian hot ng: define service{ use host_name generic-service Dalat-CoreSW-1 check_ping!200.0,20%!600.0,60% 5 1

service_description Uptime check_command } Trong cu lnh check_snmp th ty chn C public l chui community v sysUpTime.0 l ch ra OID cn c kim tra. Nu mun kim tra trng thi ca cng trn router hoc switch ta nh ngha dch v sau: define service{
Trang 85

check_snmp!-C public -o sysUpTime.0

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

use host_name

generic-service Dalat-CoreSW-1

service_description Port 1 Link Status check_command 1 -m RFC1213-MIB } Trong v d trn th ty chn o ifOperStatus.1 ch ra kim tra trng thi cng 1. Gi tr -r 1 ch ra kt qu tr v l OK nu trng thi l hot ng v CRITICAL nu khng tm thy gi tr cng 1. Ty chn m RFC1213-MIB ch cho check_snmp bit ch ti thng tin ca RFC1213-MIB thay v tt c cc MIB trn h thng, iu ny gip tc kim tra nhanh hn. Gim st cc interface trn router v switch Dng plugin check_interface_table gim st tt c cc inerface trn router hay switch. Ta khai bo plugin trong commands.cfg nh sau define command{ command_name command_line check_interface_table $USER1$/check_interface_table.pl -H check_snmp!-C public -o ifOperStatus.1 -r

$HOSTADDRESS$ -C $ARG1$ -w $ARG2$ -c $ARG3$ -Exclude $ARG4$ -Include $ARG5$ -host $ARG6$ } nh ngha dch v tin hnh gim st define service{ use hostgroup_name service_description check_command generic-service Dalat-CoreSW-1 Interface Table check_interface_table

Trang 86

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

max_check_attempts normal_check_interval retry_check_interval }

3 2 2

Khai bo trn s tr v gi tr l mt bng tt cc cc interface trn router hay switch

Hinh 5-20: Bng Interface ca plugin check_interface Gim st nhit Khai bo plugin ca check_catalyst_temp trong commands.cfg nh sau define command{ command_name command_line check_temp $USER1$/check_catalyst_temp.pl -s $HOSTADDRESS$

-C $ARG1$ -w $ARG2$ -c $ARG3$ } gim st nhit ca router hoc switch ta nh ngha dch v sau define service{ use hostgroup_name service_description generic-service Dalat-CoreSW-1 Temp

Trang 87

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

check_command max_check_attempts normal_check_interval retry_check_interval }

check_temp!70!80 3 2 2

Dch v trn s tin hnh kim tra nhit v sinh cnh bo WARNING nu nhit ln hn 70 v CRITICAL nu nhit ln hn 80 Gim st ti Dng plugin check_snmp_cisco_loadavg vi khai bo trong commands.cfg nh sau define command{ command_name command_line check_load $USER1$/check_snmp_cisco_loadavg -H

$HOSTADDRESS$ -C $ARG1$ -w $ARG2$ -c $ARG3$ } nh ngha dch v tin hnh gim st define service{ use hostgroup_name service_description check_command max_check_attempts normal_check_interval retry_check_interval } generic-service Dalat-CoreSW-1 CPU Load check_load!70!80 3 2 2

Trang 88

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Dch v trn s tin hnh kim tra ti CPU v sinh cnh bo WARNING nu ti ln hn 70% v CRITICAL nu ti ln hn 80% Gim st tnh trng b nh S dng plugin check_catalyst_mem gim st dung lng b nh ang c s dng vi khai bo trong commands.cfg nh sau define command{ command_name command_line check_mem $USER1$/check_catalyst_mem.pl -s $HOSTADDRESS$

-C $ARG1$ -w $ARG2$ -c $ARG3$ } Dch v trn s tin hnh kim tra dung lng b nh v sinh cnh bo WARNING nu dung lng b nh cha s dng cn t hn 20% v CRITICAL nu t hn 10% define service{ use host_name service_description check_command max_check_attempts normal_check_interval retry_check_interval } Lu li tp tin switch.cfg generic-service Dalat-CoreSW-1 Memory check_mem!20%!10% 3 2 2

Khi ng li dch v Nagios


Trang 89

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Kim tra xem cc thng tin cu hnh c li g khng vi lnh /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Nu qu trnh kim tra thng bo c li, tin hnh sa li ti tp tin c thng bo ri khi ng li dch v nagios cp nht thay i service nagios restart Thng tin kt qu gim st trn Dalat-CoreSW-1 Theo hnh 5-7 ta c th thy thng tin v Dalat-CoreSW-1: IP Address, trng thi host, trng thi thng tin, host c chp chn hay khng, thi gian cp nht cui cng

Hinh 5-21: Thng tin trng thi Dalat-CoreSW-1

Thng tin cc dch v trn Dalat-CoreSW-1: ti CPU, bng cc Interface ca host, dung lng b nh s dng, PING, nhit , thi gian hot ng.
Trang 90

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1 1.21.2.3 Gim st mt s dch v ph bin Gii thiu Cc dch v ph bin c cp sau y l cc dch v thng hay c s dng v trin khai trn cc h thng nh HTTP, FTP, SSH Ngc li vi mt s dch v khng ph bin ta phi s dng cc agent c th thu c thng tin cn nh l ti CPU, memory, dung lng a cng Cc plugin dng gim st mt s dch v c bn Khi chng ta cn gim st trng thi ca cc ng dng, dch v hoc giao thc ta cn cc plugin thc thi vic . Nagios cung cp chnh thc cc plugin ny c th s dng vi mc ch c nhn. Mc khc nu khng tm thy plugin thch hp, Nagios c th h tr cc plugin t pht trin bi cc c nhn. Do vy kh nng pht trin ca Nagios hu nh khng b gii hn. Khai bo mt host Trc khi tin hnh gim st cc dch v ta phi nh ngha mt host ni m cc dch v hoc ng dng c ci t. define host{ use host_name generic-host DNS Server
Trang 91

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

alias address hostgroups } define host{ use host_name alias address hostgroups }

Application Server 10.0.4.12 allhosts

generic-host Web Server Application Server 10.0.3.11 allhosts

Khai bo cc dch v cn gim st Vi mi dch v cn gim st, ta phi nh ngha dch v trong Nagios vi host c to. Gim st HTTP Plugin check_http c dng gim st giao thc HTTP, dng plugin ny ta c th gim st c thi gian hi bo, m li, chui tr v ca HTML, chng ch chng thc ca my ch Trong tp tin commands.cfg ta c nh ngha ca lnh check_http nh sau: define command{ name command_name command_line $HOSTADDRESS$ $ARG1$ check_http check_http $USER1$/check_http -I

Trang 92

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

} Mt khai bo n gin gim st dch v HTTP trn Web Server s nh sau: define service{ use host_name generic-service Web Server

service_description HTTP check_command } y l mt nh ngha n gin gim st dch v HTTP trn Web Server. Nagios s cnh bo nu my ch web khng hi bo trong vng 10s hoc c th tr v m li HTTP nh 403, 404,.. Mt khai bo khc ca check_http cho vic gim st dch v HTTP nh bn di. Dch v ny c nh ngha kim tra xem ng dn /download/index.php c cha chui latest-version.tar.gz hay khng. Nagios s bt cnh bo nu khng cha chui trn hoc my ch khng hi bo trong 5s. define service{ use host_name generic-service Web Server check_http

service_description Product Download Link check_command "latest-version.tar.gz" } check_http!-u /download/index.php -t 5 -s

Gim st FTP

Trang 93

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Khi cn gim st cc my ch FTP ta c th s dng dch v check_ftp. Tp tin commands.cfg cha nh ngha cho lnh check_ftp nh sau: define command{ command_name command_line $ARG1$ } Mt nh ngha n gin theo di dch v FTP trn my remotehost nh sau: define service{ use host_name generic-service Sample Server check_ftp $USER1$/check_ftp -H $HOSTADDRESS$

service_description FTP check_command } nh ngha dch v ny s gim st dch v FTP v to cnh bo nu my ch FTP khng hi bo trong vng 10s. Mt khai bo khc cho dch v FTP nh bn di. ngha ca khai bo ny l Nagios s kim tra FTP trn cng 1023 ca my remotehost. Nagios s to cnh bo nu my ch FTP khng hi bo trong vng 5s hoc my ch hi bo khng cha chui Pure-FTPd [TLS] define service{ use host_name generic-service Sample Server check_ftp

service_description Special FTP check_command [TLS]" check_ftp!-p 1023 -t 5 -e "Pure-FTPd

Trang 94

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

} Gim st SSH Dng plugin check_ssh gim st dch v ny. Lnh check_ssh c nh ngha trong commands.cfg nh sau: define command{ command_name command_line $HOSTADDRESS$ } Mt khai bo kim tra dch v SSH n gin: define service{ use host_name generic-service Sample Server check_ssh $USER1$/check_ssh $ARG1$

service_description SSH check_command } Nagios s sinh cnh bo nu khng c hi p trong vng 10s. Khai bo di y s kim tra dch v SSH v sinh cnh bo nu my ch khng hi bo trong vng 5s hoc trong phin bn ca SSH khng cha chui OpenSSH_4.2 define service{ use host_name generic-service Sample Server check_ssh

service_description SSH Version Check check_command check_ssh!-t 5 -r "OpenSSH_4.2"

Trang 95

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

} Gim st SMTP Dng plugin check_smtp gim st dch v ny. Lnh check_smtp c nh ngha trong commands.cfg nh sau: define command{ command_name command_line $ARG1$ } Mt khai bo dch v n gin ca smtp: define service{ use host_name generic-service Sample Server check_smtp $USER1$/check_smtp -H $HOSTADDRESS$

service_description SMTP check_command } Nagios s sinh cnh bo nu my ch SMTP khng hi bo trong vng 10s. Khai bo sau s lm cho Nagios sinh cnh bo nu my ch SMTP khng hi bo trong 5s hoc hi bo t my ch khng cha chui mygreatmailserver.com define service{ use host_name generic-service Sample Server check_smtp

service_description SMTP Response Check check_command "mygreatmailserver.com" check_smtp!-t 5 -e

Trang 96

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Gim st dch v DNS Dng plugin check_dns c sn trong th vin ca Nagios gim st dch v ny. Do cha c nh ngha trong commands.cfg nn ta tin hnh nh ngha cho plugin ny. define command{ command_name command_line check_dns $USER1$/check_dns -s $HOSTADDRESS$ -H

$ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ } Sau khi nh ngha ta khai bo mt dch v kim tra DNS Server c hot ng ng hay khng define service{ use host_name generic-service DNS Server

service_description DNS check_command 25 } Vi nh ngha dch v trn Nagios s kim tra my ch DNS Server vi Host Name www.dlu.edu.vn c phi a ch 10.0.3.11 khng. Nu khng s sinh cnh bo CRITICAL hoc nu DNS Server khng hi bo trong 15s s sinh cnh bo WARNING v CRITICAL nu khng hi bo trong 25s. Khi ng li Nagios check_dns!www.dlu.edu.vn!10.0.3.11!15!

Trang 97

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Kim tra xem cc thng tin cu hnh c li g khng vi lnh /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Nu qu trnh kim tra thng bo c li, tin hnh sa li ti tp tin c thng bo ri khi ng li dch v nagios cp nht thay i service nagios restart Kt qu gim st trn DNS Server Thng tin cc dch v trn DNS Server: dung lng C, ti CPU, Explore, dung lng memory s dng, phin bn ca NSClient++, cc tin trnh ang chy trn my, thi gian bt my, dch v DNS ca DNS Server.

Hinh 5-23: Thng tin cc dch v trn DNS Server Thng tin trng thi ca DNS Server: Theo hnh 5-10 ta c th thy thng tin v DNS Server: IP Address, trng thi host, trng thi thng tin, host c chp chn hay khng, thi gian cp nht cui cng

Trang 98

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-24: Thng tin trng thi DNS Server Thng tin cc dnh v trn Web Server : dung lng C, ti CPU, Explore, dung lng memory s dng, phin bn ca NSClient++, cc tin trnh ang chy trn my, thi gian bt my, dch v HTTP ca Web Server.

Hinh 5-25: Thng tin cc dch v trn Web Server Thng tin trng thi trn Web Server: Theo hnh 5-11 ta c th thy thng tin v Web Server: IP Address, trng thi host, trng thi thng tin, host c chp chn hay khng, thi gian cp nht cui cng

Trang 99

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-26: Thng tin trng thi Web Server 1.21.3. Kt qu gim st h thng ca Nagios Vi cch cu hnh gim st cc thit b nh my tnh, router, switch, server nh trn. Ta trin khai chng trnh Nagios trn h thng mng ca trng i hc Lt gim st cc hot ng trn h thng ny v thu c kt qu nh sau: Thng tin tng qut v tnh trng h thng: trng thi chung ca ton h thng, thng tin cc host down-up, thng tin cc dch v kim tra, thng tin cc cnh bo....

Trang 100

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-27: Tnh trng h thng Thng tin cc thit b c gim st: hin th tt c cc thit b c cu hnh gim st trn Nagios Server, trng thi down-up, ln kim tra cui cng, thng tin trng thi chung

Hinh 5-28: Danh sch cc thit b gim st Thng tin cc dch v c gim st trn cc thit b: hin th tt c cc thit b, cc dch v cu hnh trn tng thit b v trng thi ca chng, ln kim tra cui cng, s ln kim tra

Trang 101

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-29: Danh sch cc dch v gim st Bo co v tnh trng ca mt thit b: to bo co theo yu cu, hin th thng tin v 1 thit b ring bit ( y l Dalat-CoreSW-1) theo thi gian to bo co.

Hinh 5-30: Bo co v thit b Dalat-CoreSW-1 Phn loi cc thit b theo nhm: hin th thng tin cc thit b theo tng nhm, Linux, Network Switch, Core and Distribution, Windows, hin th trng thi ca cc thit b , tng s cc dch v.
Trang 102

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-31: Phn loi thit b theo nhm Cc dch v c vn ti thi im hin ti: thng tin cc dch v c vn gm, tn thit b, dch v c vn , trng thi dch v, s ln kim tra

Hinh 5-32: Cc vn ca thit b gim st

Cnh bo ca tt c cc thit b v dch v trn h thng: thng tin cc cnh bo c lit k theo mi gi ca tng ngy. Thng tin cnh bo bao gm ngy gi pht sinh cnh bo, tn thit b, dch v cnh bo

Trang 103

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-33: Cc cnh bo ca thit b

Cc thng tin tng qut v tnh trng hot ng ca Nagios: hin th thng tin chung ca Nagios Server, cc dch v kim tra ch ng, cc dch v kim tra b ng, cc thit b kim tra ch ng, cc thit b kim tra b ng

Trang 104

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-34: Tnh trng ca Nagios Server

Cc cnh bo c sinh ra ti thi im h ti: hin th thng tin cc dch v b cnh bo (chuyn t up down hay ngc li, critical hay warning).

Trang 105

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-35: Cc cnh bo c sinh ra

1.22. Cu hnh CS-MARS v cc thit b gim st ng nhp


Trang 106

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Dng trnh duyt web vi a ch IP: 10.1.1.10 vo giao din ng nhp ca CS-MARS.

Hinh 5-36: Giao din ng nhp CS-MARS 1.22.1. Cu hnh CS-MARS Cu hnh a ch IP v mt khu mi cho thit b a ch IP Chn Tab Admin Configuration Information

Hinh 5-37: Cu hnh tn v IP cho CS-MARS Thm/sa ip address cho eth0 v eth1. Mail Gateway. Domain name.
Trang 107

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cu hnh DNS

Hinh 5-38: Cu hnh DNS Thm thng tin DNS. nh tn Domain v Textbox Search Domain v nhn Add. Khm ph h thng mng Cc mc hot ng

Hinh 5-39: Cc mc hot ng ca CS-MARS Level 1: ti mc ny CS-MARS ging nh mt server syslog thng minh, n chn mt vi log v thc thi truy vn v bo co. in thng tin a ch tn thit b enable mc ny. Level 2: yu cu nhiu thng tin v network cn monitor, Level 3: yu cu chui community v thng tin v network c th giao tip vi cc thit b. Thm cc thit b cn gim st Cu hnh bng tay:

Trang 108

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Admin Security and Monitor devices Add Chn thit b t drop-down list:

Hinh 5-40: Danh sch cc thit b h tr bi CS-MARS in cc thng tin cn thit Chn Submit Thm cc thit b dng seed file: Chn Admin Security and monitor devices Load from seed file

Hinh 5-41: Phn in thng tin cho thit b in thng tin v a ch, tn user, pass ca FTP Server v ng dn ca tp tin.
Trang 109

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn submit. 1.22.2. Cu hnh cc thit b giao tip vi CS-MARS 1.22.2.1 Cisco IOS 12.2: y ta s cu hnh mu mt thit b chy IOS 12.2 ca Cisco l DalatCoreSW-1 nh sau: Config IOS: Bt telnet. Bt ssh. Gi syslog n CS-MARS. Router(config)# logging trap Router(config)# logging 10.0.5.10 Cu hnh SNMP RO: Router(config)# snmp-server community <community string> RO <ACL name if required> Cu hnh CS-MARS: Chn Admin Security and Monitor Devices Add Chn Cisco IOS 12.2

Hinh 5-42: Thng tin cu cu hnh cho Cisco IOS 12.2 Nhp thng tin Device Name, Access IP, Reporting IP

Trang 110

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Access type: SNMP:Login( to access the reporting device) Enable password(to get into Cisco enable mode)> enter its SNMP RO community. Chn discover Chn submit Chn activate. 1.22.2.2 Cisco Switch-IOS 12.2: y ta s cu hnh mu 1 thit b l Switch Dalat-A4-3750 nh sau: Config IOS: Bt telnet. Bt ssh. Gi syslog n CS-MARS. Router(config)# logging trap Router(config)# logging 10.0.5.10 Cu hnh SNMP RO: Router(config)# snmp-server community <community name> RO <ACL name if required> Cu hnh CS-MARS: Chn Admin Security and Monitor Devices Add Chn Cisco Switch-IOS 12.2 Nhp thng tin Device Name, Access IP, Reporting IP Chn Access type: SNMP:Login( to access the reporting device) Enable password(to get into Cisco enable mode)> enter its SNMP RO community. Chn Discover

Trang 111

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Submit

Hinh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2 1.22.2.3 Cisco IPS 5.0 . Cu hnh IPS:

Hinh 5-44: Cu hnh cho IPS bt TLS v HTTP Bt HTTP.

Trang 112

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Bt TLS cho php HTTPS truy xut. To access cho php CS-MARS.

Hinh 5-45: Cu hnh cho IPS cho php CS-MARS Cu hnh CS-MARS: Chn Admin Security and Monitor Devices Add. Chn Cisco IPS 5.x Thm tn ca thit b v a ch. Thm username v password, port mc nh l 443. Thm vng gim st ca IPS vo. Chn Test Connectivity Submit.

Trang 113

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-46: Cu hnh cho IPS 1.22.2.4 ASA 7.0: Ta cu hnh gim st Dalat-Internet-FW nh sau: Cu hnh ASA: Bt Telnet: ng nhp vo ASA vi quyn Administrator telnet 10.0.5.10 255.255.255.0 inside Bt SSH: ng nhp vo ASA vi quyn Administrator. ssh 10.0.5.10 255.255.255.0 inside

Gi log file n CS-MARS:


Trang 114

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

ng nhp vo ASA vi quyn Administrator. logging host inside 10.0.5.10 Nu Cisco ASA c gn thm module AIP (Advanced Inspection and Prevention) th ta cu hnh ging nh IPS 5.x Cu hnh CS-MARS: Chn Admin Security and monitor devices Add. Chn ASA 7.0

Hinh 5-47: Cu hnh cho ASA 7.0 Thm tn Cisco ASA, a ch IP Nu c thm phn Access IP th chn thm FTP, SSH hoc TELNET Nhp thng tin chui SNMP RO Chn Discover. 1.22.2.5 Cu hnh CS-MARS gim st my Windows Ta cu hnh gim st mt Client mu l Backup Server Cu hnh Windows: Bt SNARE: Setup Audit config

Trang 115

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-48: Cu hnh Snare Thm IP Add hoc DNS name ca local host vo vng Enter the local host name. Thm IP Add hoc DNS name ca CS-MARS vo vng Enter the remote ip or dns add.

Hinh 5-49: Cu hnh SNARE 2


Trang 116

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Kim tra li : Enable SYSLOG header. Automatically set audit config Automatically set file system audit config Chn OK i my Windows l domain: Trn Domain Controller, chn Administrator Tools Default Domain Security Policy Security Setting Local Policies User Rights Management Manage auditing and security log. Cu hnh Audit Policy. i vi Windows 2003 Administratoive Tools Local Security Policy Local Policies. User Rights Assignment, kim tra rng Manage Auditing and Security log c cp cho user account ly bng event log

Trang 117

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-50: Cu hnh Local Security Settings Cu hnh CS-MARS: Thm thit b: Chn Admin Sercurity and Monitor Devices Add Chn Add SW Secrity apps on a new host hoc Add SW Secrity apps on existing host Nhp Device Name v IP Add cho host mi. Chn h iu hnh. Thm NetBIOS name

Trang 118

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-51: Cu hnh cho my Windows Chn Logging Info cu hnh thng tin ng nhp. Windows Operating System 2000/2003/Generic/NT Thm vo Domain name, host login v password. Chn Submit

Trang 119

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-52: Cu hnh thng tin ng nhp cho my Windows Chn Submit Thm Interface IP Add, Netmask, chn Apply Active. 1.22.2.6 Cu hnh gim st Web Server Windows Cu hnh tng t nh phn Cu hnh gim st trn Windows v thm vo:

Trang 120

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cu hnh SnareIIS

Hinh 5-53: Cu hnh SnareIIS Chn Start Programs Administrative Tools Internet Services Manager. Trn cy th mc trn tri, right-click vo Default Web Site. Chn Properties.

Hinh 5-54: Cu hnh cho WebServer

Trang 121

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Enable Loggin T danh sch Active log format, chn W3C Extended Log Format. Chn Properties.

Hinh 5-55: Cu hnh thng tin cho log Trong Tab General Properties, chn gi tr ca New Log Time Period l Daily phn cu hnh CS-MARS sau khi thm thit b l my windows ta thm phn sau: Chn Reporting Applications. T danh sch Select Application, chn Generic Web Server Generic. Chn Add

Hinh 5-56: Cu hnh cho log trn CS-MARS

Trang 122

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Chn Web log format l W3C_EXTENDED_LOG Chn Submit. 1.22.3. Kt qu gim st ca h thng CS-MARS Sau khi trin khai thit b CS-MARS theo m hnh trn ta thu c kt qu sau. Thng tin cc thit b c cu hnh gim st trn CS-MARS: hin th thng tin tt c cc thit b c cu hnh gim st bao gm: tn thit b, loi thit b, a ch.

Hinh 5-57: Danh sch cc thit b Min a ch c cu hnh gim st s c: cu hnh min a ch m CS-MARS qun l trong vic gim st.

Hinh 5-58: Min a ch gim st

Trang 123

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cc min a ch trn ton b h thng c CS-MARS t ng d tm ra: CSMARS c chc nng t ng khm ph ton b h thng, t s sinh ra cc min a ch trn ton b h thng.

Hinh 5-59: Danh sch a ch t d tm Cc quy tc c cu hnh trn thit b. C cc quy tc h thng mc nh c cu hnh trn CS-MARS v cc quy tc do ngi dng t nh ngha. CS-MARS da vo cc quy tc ny kim tra cc s c trn h thng,

Hinh 5-60: Cc quy tc trn CS-MARS Cu hnh thit b to cc bo co t ng: l cc nh ngha v cch to bo co v mt vn m ngi dng cn thng tin. Nh hnh 6-47, ta c th thy c nhiu nh ngha v cc bo co cn thit nh: top cc a ch ch nhn truyn d liu, top cc cng truyn ti nhiu d liu, top cc nhm s kin c ghi nhn

Trang 124

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Hinh 5-61: Cc bo co cn to trn CS-MARS S m hnh h thng c xy dng thng qua qu trnh gim st: sau khi CSMARS t ng d tm ton b h thng, CS-MARS s hin th s m hnh ton b h thng.

Hinh 5-62: S mng gim st

Trang 125

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Bo co c biu din mt cch trc quan di dng th: vi cc nh ngha v bo co trn, CS-MARS s biu din cc thng tin mt cch trc quan di dng th, gip ngi qun tr nm bt thng tin mt cch nhanh chng. Nh hnh 6-49 ta c thng tin v top cc interface truyn nhiu d liu, top cc interface nhn nhiu d liu, top cc thit b c ti CPU cao

Hinh 5-63: Bo co di dng th 1.23. So snh hai h thng Nagios v CS-MARS Tiu Ch Trin khai Ni Dung Kin trc m rng Nagios Core CS-MARS

C kh nng thch ng Tng t nh Nagios. v lm vic vi h CS-MARS c kh nng thng ln cng nh c p ng cho vic gim kh nng gim st khi st trn cc h thng t h thng nng cp m ln n rt ln. rng quy m.

Trang 126

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Cch cu hnh rt phc c h tr bi cu Cch cu hnh tp v mt nhiu thi hnh thng qua giao gian. din qun l nn vic cu hnh n gin hn. H tr ngi dng t Cc chc nng l c Linh hot lp trnh thm cc nh. tnh nng cho vic gim st. H tr vic theo di Tng t nh Nagios. K thut Qun l tp trung gim st ton b h thng mt cch tp trung thng qua giao din web. Thng tin hin th Hiu qu Tnh n nh Giao din cung cp Cung cp y v chi thng tin cn hn ch. tit thng tin cho ngi qun tr. Hot ng n nh khi L thit b phn cng gim st h thng ln. chuyn dng nn hot ng rt n nh trn h tng mng ln n rt ln. Cung cp cc cnh bo Tng t Nagios Tnh chnh xc chnh xc cho ngi qun tr. Gim st ton din Cho php gim st hu Gim st tt c cc ht cc thit b v cc thit b v dch v ph dnh v ph thng. thng. Ngoi ra cn tng thch vi cc thit b chuyn dng

Trang 127

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

khc. Cung cp cc cnh bo Cung cp cnh bo cho Kh nng cnh bo cho ngi dng thng ngi dng thng qua qua syslog. Giao din qun l Email, SMS, Email, SMS, syslog, SNMP

Thng tin gim st Qun l thng qua giao c xem thng qua din web. giao din web. Khng c kh nng T cc d liu thu phn tch d liu. c dng th, phn loi d liu qua cc thit b khc nhau, phn tch cc thng tin thu c a ra cc cnh bo chnh xc nht i vi h thng.

Phn tch d liu

sut gii php

Khng c kh nng Vi kh nng phn loi a ra cc gii php v phn tch thng tin nhm ngn chn, gim thu c. L mt thit nh cc s c ca h b phn cng chuyn thng. dng thng minh c th phn on tnh hung trn h thng cng nh a ra cc gii php nhm ngn chn gim nh cc s c.

Trang 128

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

Thng tin d liu c Cc d liu thu c Tnh bo mt th b truy xut nu qu c m bo tnh bo trnh trin khai khng mt mt cch tuyt i. tt. Phc tp trong qu Vic bo tr, nng cp trnh bo tr nu phn c tin hnh mt Bo tr trin khai khng tt do cch d dnh. khng h tr cu hnh thng qua giao din qun l. Hon ton min ph i Do l thit b phn vi Chi ph phin bn m cng thng minh v chuyn dng nn cn chi ph cao trong vic lp t trin khai. Bang 5-8: So snh Nagios v CS-MARS 1.24. nh gi h thng gim st trin khai da trn Nagios Vi h thng ln s dng Nagios c th p ng nhu cu gim st ton b h thng vi cc thit b v cc giao thc ph bin. H thng gim st bng Nagios c th chy rt n nh v d dng cho vic qun l nu ta cu hnh ng. Nhng th mnh ca Nagios l tnh n nh cao v kh nng t pht trin cc plugin dng cho vic kim tra cc dch v ca ngi dng. Tuy nhin vic cu hnh cho Nagios rt phc tp v mt nhiu thi gian. Phn mm Nagios cng cn nhiu hn ch trong vic hin th d liu, khng c cc th s liu cng nh s m hnh mng h thng. Bn cnh cc phn mm agent khng c kh nng tng thch tt vi cc phin bn mi ca Nagios do cc nhm pht trin phn mm ny khng cn pht trin nhm phn mm ny na. Nagios l mt cng c rt mnh nhng ch h tr tt cho cc qun tr vin chuyn nghip do vic kh khn trong vn trin khai. Ngoi ra Nagios khng quan tm nhiu n nhng ngi dng mi. Khng c ngun m.

Trang 129

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

cc chnh sch h tr cng nh gip cho vic trin khai nu ta s dng phin bn min ph. 1.25. nh gi h thng gim st trin khai da trn CS-MARS CS-MARS l mt thit b phn cng chuyn dng vi kh nng gim st, thu thp, phn loi, phn tch d liu u vo rt mnh. CS-MARS thu thp tt c cc s kin dng th. Phn loi cc s kin theo lung d liu qua cc thit b khc nhau. To cc quy tc kim tra cc s kin bt thng. Sau tng hp cc thng tin ny a ra nh gi chnh xc nht v tnh trng h thng v hin th cc thng tin ny thnh cc biu , truy vn, bo co, thng bo. Ngoi ra n cn ng vai tr l trung tm lu tr cc s kin c gi t cc thit b khc. Do l mt thit b phn cng chuyn dng nn CS-MARS c kh nng giao tip, tng thch vi cc thit b gim st, bo v chuyn dng khc nh IPS, IDS, FirewallNh cc thng tin ny ta c th pht hin c nhng s kin bt thng, qua tm cch khc phc hiu qu nht trong thi gian sm nht gip cho h thng hot ng thng sut, hiu qu. 1.26. Tng kt Vi cc chng trnh gim st h thng m ngun m nh hin nay ch p ng c mt phn cc nhu cu cho vic gim st, theo di ton b mi trng mng phc tp. Bn cnh cc thit b chuyn dng th p ng kh tt cc nhu cu ny nhng chi ph cho vic trin khai li kh cao, ch ph hp vi cc h thng, doanh nghip, t chc ln. Vic trin khai mt h thng gim st cn da trn cc tiu ch nh: ln ca h thng, cc chc nng m rng, chi ph cho cp cho vic trin khai h thng gim st Ty theo h thng ca tng t chc, doanh nghip, n v khc nhau m ta trin khai h thng gim st cho ph hp. KT LUN V HNG PHT TRIN Kha lun nghin cu, trin khai v hon thnh nhng vn sau:

Trang 130

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

L thuyt V vn gim st: kha lun i su phn tch v gim st h thng v tm quan trng ca vic gim st h thng trong mi trng mng. V giao thc qun l mng: kha lun trnh by rt k v giao thc qun l mng n gin (Simple Network Management Protocol) bao gm: khi nim giao thc qun l mng, cc thnh phn trong giao thc qun l mng, v cch hot ng ca giao thc qun l mng. Thc nghim Kha lun a ra m hnh trin khai v trnh by ton b cc bc cu hnh cc h thng gim st theo m hnh trin khai ra. Nhng kt qu t c C cc kin thc v gim st h thng, cc giao thc qun l mng. Trin khai thnh cng m hnh gim st h thng bng cc thit b v phn mm khc nhau. C th cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS, Windows, Linux phc v cho qu trnh gim st. Tch ly kinh nghim trong vic cu hnh cc cng ngh trn. Hng pht trin Tch hp cc gii php gim st khc vo h thng gim st Nagios c sn nhm ti u ha h thng ny. Nng cp thit b CS-MARS tng cng kh nng x l pht hin, x l cc s c trn h thng.

Trang 131

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

THUT NG VIT TT & K HIU


SNMP (Simple Network Management Protocol) RFC (Request For Comments) NMS (Network Management Station) SMI (Structure of Management Information) MIB (Management Information Base) UDP (User Datagram Protocol) RMON (Remote Network Monitoring) HTTP (Hypertext Transfer Protocol) FTP (File Transfer Protocol) DNS (Domain Name System) SSH (Secure Shell) SMTP (Simple Mail Transfer Protocol) CS-MARS: Cisco Security Monitoring, Analysis, and Response System. Manager: my trm qun l. Agent: phn mm trn my cn qun l. Router: b nh tuyn. Switch: b chuyn mch. ASA: tng la ca Cisco. IPS: h thng phng chng xm nhp.

Trang 132

Kha Lun Tt Nghip

Tm hiu trin khai gii php gim st mng

TI LIU THAM KHO [1]


Douglas Mauro & Kevin Schmidt, Essential SNMP, OReilly,

Sebastopol, CA 95472, 2001.

[2]

Max Schubert & Derrick Bennett & Jonathan Gines & Andrew Hay &

John Strand, Nagios 3 Enterprise Network Monitoring Including Plug-Ins and Hardware Devices, Syngress Publishing, Burlington, MA 01803, 2008.

[3]

Woflgang Barth, Nagios System and Network Monitoring,

William Pollock, CA, 2006.

[4]

Americans Headquarters, Cisco Security MARS Initial Configuration

and Upgrade Guide, Release 6.x, Cisco System, Inc, San Jose, 2009.

[5]

Gary Halleen & Greg Kellogg, Security Monitoring with Cisco

Security MARS, Cisco Press, Indianapolis, 2007.

[6]

Augusto Ciuffoletti & Michalis Polychronakis, Architecture of a

Network Monitoring Element, 15th IEEE, 2006

[7]

Julian Hein, Watching your systems with Nagios, Nagios

Workshop, 2008

[8]

IPSwitch, The Value of Network Monitoring, IPSwitch, 2007

Cc trang web:

[1] [2] [3] [4] [5] [6] [7]

www.cisco.com www.ciscopress.com www.vnpro.org www.nagios.com www.cio.com www.exchange.nagios.org www.monitoringexchange.org

Trang 133