Professional Documents
Culture Documents
166614345 Xay dựng hệ thống giam sat mạng cho cac doanh nghiệp Việt Nam
166614345 Xay dựng hệ thống giam sat mạng cho cac doanh nghiệp Việt Nam
Vit Nam
I- H thng gim st
1- Gim st mng l g?
2- Ti sao DN cn xy dng 1 h thng gim st
3- Cc yu t cn thit khi trin khai 1 h thng gim st
II- Cc gii php xy dng h thng gim st
1- nh hng trin khai s dng cho DN Vit Nam
- Gii php xy dng h thng gim st trn HDH Win Server (PRTG, SCOM)
- Gii php xy dng h thng gim st trn HDH m ngun m (Cacti, natigos)
- Gii php xy dng h thng gim st i km thit b Server (Hp openview, Cisco Work)
2- So snh cc gii php
III- Trin khai gii php gim st mng trong DN bng phn mm Cacti da vo nn HDH m ngun m.
1- Gii thiu v Cacti
a. Gii php Cacti
b. u im
c. C ch hot ng
2- Cc chc nng chnh ca Cacti
a. Qun l thit b
b. Gim st Traffic mng
c. Discovery
d. Cnh bo qua email
e. Cc chc nng khc
3- Trin khai thc nghim Cacti
M hnh thc nghim
3.1- Ci t Cacti
a. Update h thng
b. Ci t cc gi cn thit, ci RRDtool
c. Ci t cacti
d. Ci t cc plugin, template
3.2- Nng cp Cacti
3.3- Ci t thit b client cn theo di (Win, Linux, thit b mng, DT, My tnh bng)
3.4- Hng dn dng th theo di mng v thit b
3.5- Hng dn s dng cc templates
3.6- Thit lp qun tr ngi dng trong Cacti
3.7- Trin khai theo di thit b Cisco, HDH Win v Linux
3.8- nh gi qu trnh thc nghim
4- Kt lun
a. Kt qu
b. u v nhc ca gii php
I- H Thng Gim St
1- Gim st mng l g?
Gim st mng l cc hot ng gim st h thng, thit b ca mt mng my tnh thng qua cc cng c
phn mm qun l chuyn dng. H thng gim st mng thng c xy dng cc cng ty c quy m
va v ln khi c nhu cu kim tra qun l h thng ca h.
2- Ti sao DN VN cn xy dng h thng gim st:
Vic qun l tnh trng hot ng ca cc thit b mng, server, qun l bng thng kt ni, trng thi ca
cc dch v trong h thng l 1 khi lng cng vic khng l v kh khn vi bt c ngi qun tr no.
Nu khng c xy dng mt h thng gim st v cnh bo ngi qun tr s th ng trong vic phng
nga, sa cha cc li ca h thng mng t gy ra nhng tn tht nh hng n qu trnh kinh doanh
v hot ng ca DN.
Mt h thng gim st mng khi c trin khai cho DN s m bo h thng mng ca h lun c tnh
sn sng v m bo hiu sut hoat ng. N cung cp kh nng
- Pht hin cc s c, kt ni tht bi ca h thng, dch v hay thit b mng 24/7 ng thi gi ngay
cnh bo n ngi qun tr.
- Xc nhn vic tun th quy nh v chnh sch.
- Tit kim chi ph tim lc bng cch tm ngun d liu d tha.
- Gii quyt hiu qu vic b ly cp thng tin.
- Tr gip xc nh nng sut ca nhn vin.
- Thay th thit b qu ti trc khi n c th nh hng xung mng li.
- Xc nh lin kt mng din rng yu v tht c chai.
- o tr, hoc chuyn giao d liu b chm tr.
- Tm bt thng trong mng ni b c th cho bit mt mi e da an ninh.
V d sau khi trin khai h thng theo di nu thit b trong server, thit b mng c du hiu hng hc nh
nhit ln cao qu mc cho php, hiu sut hot ng chm bt thng ngi qun tr c th ch ng
lng trc v chun on ngay c nguyn do gy ra ng thi s tin hnh thay th sa cha nhanh gn
li pht snh m khng nh hng n hot ng chung ca ton h thng.
3- H thng gim st c th gim st nhng g :
Qun l topo gm nhiu kt ni, nhiu thit b trn ton b mng
Gim st bng thng Uplink/Downlink cc kt ni theo thi gian thc.
Gim st trng thi cc dch v (MAIL, WEB, DNS, VPN)
Cc khu vc thng c kim tra gim st l bng thng s dng, hiu sut ca ng dng v hiu sut ca
my ch.
Gim st lu lng l nhim v c bn. N thng tp chung vo cc vn h tr ngi dng ni b. V
vy h thng gim st mng c pht trin gim st cc loi thit b nh:
- BlackBerrys.
- Cell phones.
- Servers, desktops and laptops.
- Routers.
- Switches.
Mt s h thng mng i km vi vic pht hin t ng, kh nng ghi li thit b lin tc khi chng c
thm vo, g b hoc tri qua nhng thay i cu hnh. Nhng cng c ny tch ring cc thit b t ng:
IP address, Service, Type (switch, router...), Physical location .
Nhn chung h thng gim st c th gim st cc loi mng thng thng nh sau:
- Wireless or wired.
- Lan, Wan, VPN.
II- Cc gii php xy dng h thng gim st mng
Hin nay c rt nhiu cng c h tr cho vic gim st mng, mi cng c iu c nhng u im ring ty vo
nhu cu gim st v quy m ca DN m ngi qun tr c th la cho mnh mt cng c thch hp nht. C th
phn loi h thng gim st ra cc loi nh sau:
Cc cng c giao din dng lnh CLI (Command Line Interface). V d nh ping .
Cc cng c giao din web bao gm chi tit v cc tnh nng biu c sn. Nhng cng c ny c th
d dng ci t v s dng. vd : Spicework, PRTG
Cc cng c gim st xy dng trn m ngun m c trin khai rt nhiu, chng thng sng to, c
sc v tt hn tt c l hu nh min ph v r. Ngoi ra, cng c m ngun m th tng thch vi hu
ht cc cng c hoc nn tng. D liu cho nhng cng c m ngun m hu ht l XML. V d : Cc
cng c s dng SNMP (Simple network management protocol) nh OpenNMS, Nagios, Cacti, MRTG,
Net-snmp .v.v.; Cc cng c s dng RRD tool (Round-robin database tool ) nh OpenNMS , Cacti,
BigSister , WeatherMap4RRD , MailGraph .v.v.
Cc thit b h tr gim st mng : C nhng ng dng gip qun l lu lng n cc thit b v ng
dng, cc thit b cung cp ng dng cn bng ti trn cc mng con khc nhau. iu ny gip ng b
h thng mng.
Cc cng ty cung cp dch v gim st, qun l, phn tch h thng mng. Cc cng ty c tnh chuyn
nghip v tin cy cao.
2- So snh mt vi gii php:
Name IP Agen SNM Syslog Plugins WebAp Data Storage License Map Access
SLA t P p Method Control
Report
Cacti Yes No Yes Yes Yes Full RRDtool GPL Yes yes
Control MySQL
Hp Yes No Yes Via Yes Full Postgre SQL Commercial Yes Yes
Network Integrat Control Orcale
Node ion Database
nagios Via Supp Via Via Yes Yes Flat file GPL Yes Yes
plugin orted plugin Plugin SQL
PRTG Yes Supp Yes Yes Yes Full Proprietary Freeware Yes Yes
Network ort Control Commercial
Solarwin Yes Yes Yes Yes Yes Full SQL Commercial Yes Yes
ds Control
Tivoli Possibl No Yes Yes Yes Yes Mysql Commercial Yes Yes
e via Oracle
Config Database
uration
Ty vo chnh sch v trang thit b h tng thc t ca tng cng ty m ngi qun tr quyt nh xy dng
loi h thng gim st no. C th trin khai da trn vi gi sau:
i vi DN xy dng nn tng h tng Winserver chy qun l Active Directory th vic s dng cng
c System Center Operation Manages kt hp thm mt s cng c nh Wireshark, performance l gii
php kh tt trong vic qun l ton din h thng.
i vi cc DN trang b h tng vi phn nhiu l thit b Cisco c th xy dng h thng gim st h
tng bng Cisco Works.
Cc cng c i km vi cc my ch Server nh : IBM Samrt Cloud Monitoring, HP Open View, Dell
EquaLogic MPs
Cc cng c ni bt trong vic gim st mng nh: Solawinds, Tivoli, PRTG
Cc cng c c xy dng trn m ngun m nh : Cacti, Nagios, Zabixx..
Ly d liu
Cacti ly d liu thng qua poller. N l ng dng thc thi ti mt khong thi gian c nh nh l dch
v lp lch di cc h iu hnh khc nhau. N c lp lch trong h iu hnh. Trong Unix, n c
thit lp theo crontab.
Hin nay, c s h tng mng cha rt nhiu thit b nh routers, switches, servers, UPS, cc my tnh v
thit b mng khc nhau. ly d liu t dch v kt ni t xa, Cacti s dng SNMP. Cc thit b c s
dng SNMP c th c theo di bi CacTi.
Lu tr d liu
Cacti s dng RRDTool lu tr d liu.
RRD l h thng lu tr v cho bit chui thi gian d liu c thu gom t cc thit b cha SNMP.
N hp nht d liu trc bng cc hm nh AVERAGE, MINIMUM, MAXIMUM, v nh th vic
lu tr s nh . l l do ti sao n li nhanh, to ha d dng v nhng bo co t tp tin RRD.
# yum y update
b. Ci t cc gi cn thit :
RRDTool 1.0.49 hoc 1.2.x hoc mi hn
MySQL 4.1.x hoc 5.x hoc mi hn
PHP 4.3.6 hoc mi hn
A Web Server e.g. Apache or IIS
Ci cc gi cn thit :
Ci RRDtools:
Configure snmpd
# vi /etc/snmp/snmpd.conf
Thm vo on sau:
com2sec local localhost public
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
view all included .1 80
access MyRWGroup "" any noauth exact all all none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
To database tn Cacti
# /usr/sbin/groupadd cacti
# /usr/sbin/useradd -g cacti cacti
# passwd 123456
# mysql -u root -p
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY '123456';
mysql> FLUSH privileges;
mysql> \q
c. Ci t Cacti:
#wget http://www.cacti.net/downloads/cacti-0.8.8a.tar.gz
#tar -zvxf cacti-0.8.8a.tar.gz -C /var/www/html/
#cd /var/www/html/
#mv cacti-0.8.8a cacti
#vi /var/www/html/cacti/include/config.php
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "123456";
$database_port = "3306";
# cd /var/www/html/cacti
# chown -R cacti rra/ log/
Khi ng li 2 service http v mysql
# cd /usr/src/
# wget http://mirror.cactiusers.org/downloads/plugins/cacti-plugin-0.8.7e-PA-v2.5.zip
# unzip cacti-plugin-0.8.7e-PA-v2.5.zip
# cd files-0.8.7e/
# cp R * /var/www/html/cacti/
# cd /var/www/html/cacti/
# patch -p1 -N < /usr/src/cacti-plugin-0.8.7e-PA-v2.5.diff
# vi /var/www/html/cacti/include/global.php
Plugin Monitor:
# cd /usr/src
# wget http://cactiusers.org/downloads/monitor.zip
# unzip monitor.zip
# cp -R monitor/ /var/www/html/cacti/plugins/
Config file /var/www/html/cacti/include/global.php:
# vi /var/www/html/cacti/include/global.php
# Cp /var/www/html/cacti /usr/saoluu
# mysqldump -u root -p -1 --add-drop-table cacti >cacti_mysql_backup
b. Nng cp Cacti
Sau khi s dng yum upgrade thnh cng, truy cp localhost/cacti/install => Next => Chn
upgrade cacti => Finish hon thnh qu trnh updrage
3.3- Ci t thit b Client cn theo di:
3.3.1 Cu hnh dch v SNMP trn Client
Tt c cc client cn ci t dch v SNMP cung cp thng tin cho Cacti
a. Cu hnh SNMP trn my trm WinXp, win7, winserver 2k3, 2k8:
Ci t v kch hot cc dch v SNMP:
Trong WinXP or win 2k3 Vo hp thoi Add or Remove Programs, chn Add /
Remove Windows Components m Windows Components wizard.
Trong Windows 7 or Win 2k8 vo Control Panel. Nhp vo Programs v sau kch
vo Turn Windows features on or off.
Trong thnh phn ca Windows XP v 2003, nhp vo Management and Monitoring
Tools (nh du hoc b nh du hp kim ca n thay i cc la chn hin c),
v sau nhp vo Details.
Trong Windows Features of Vista,chn SNMP feature.
Chn v nh du vo hp kim tra ca Simple Network Management Protocol or
SNMP feature.
Nhp OK. Cng nhn Next nu bn ang trong Windows XP hoc 2003. Dch v
SNMP s c ci t trn h thng. H thng c th yu cu a CD /DVD ci t
Windows vo a.
SNMP s t khi ng sau khi ci t.
Click Add:
Mi mt thit b c cc thuc tnh v gi tr khc nhau. Bng sau y s gip bn hiu hn v cc
thuc tnh
Tn bin ngha
Description Nhp vo gii ngha cho thit b . Gii ngha ny s c hin ln trong ct
u tin ca thit b trong phn danh sch cc thit b.
Hostname Ch r hostname hoc IP ca thit b. Nu l hostname c chn, nh:
cacti.cmctelecom.vn, DNS s gii ngha hostname ra IP.
Host Template Host template s nh ngha cc kiu ca d liu cn tp hp li ca mt kiu
host.
Disable Host Check vo box ny v hiu tt c nhng vic kim tra cho thit b ny. C
ngha l khng kim sot cc thit b ny.
Down Host Nhp vo on vn bn m bn mun hin th khi thit b down
Message
Downed Device La chn phng thc m Cacti dng pht hin thit b c down hay khng.
Detection
C 5 ty chn: None, Ping and SNMP, Ping or SNPM, SNMP, Ping. Khuyn
ngh l phng thc SNMP lun c chn.
Ping Method La chn phng thc gi gi Ping. C 3 ty chn: ICMP Ping, TCP Ping, UDP
Ping.
Ping Port La chn ny ch c khi phng thc Ping chn l TCP Ping hay UDP Ping.
Xc nh port number. Bn phi chc chn firewall khng block port .
Ping Timeout Gi tr ny c tnh theo n v milliseconds. Xc nh khong thi gian m
Value
sau khong thi gian th Ping test fail.
Ping Retry Count Xc nh s ln Cacti s th Ping thit b trc khi khng nh thit b fail.
SNMP Version La chn phin bn SNMP. C 4 ty chn:
Sau khi nhp vo cc trng trn, n Create to thit b. Nu thnh cng s hin ra nh sau:
Nu bn nhn thy c cnh bo SNMP error, tc l c vn v SNMP gia thit b chy Cacti v
thit b m bn mun thm vo.
pha di ca hnh sau khi to thnh cng thit b, chng ta s thy nh sau:
C 2 ty chn:
Nu bn chn host template, s c vi items trong c 2 phn trn. Nu bn khng chn host
template, s khng c items no. Trong trng hp mun to th qun l thit b, s yu cu
c t nht 1 item cho Associated Graph Templates hoc Associated Data Queries. Bn c th tham
kho thm v tm thy cc template link sau: http://www.debianhelp.co.uk/cactitemplates.htm
b. T chc mt th:
Trong Cacti, cc th dc t chc theo cu trc hnh cy theo bc. Bn c th qun l cy
th bng cch click Graph Trees trong nhn Management:
Sau khi to xong cy v cc chi nhnh ca cy. Ta thm vo cc Graph hay cc thit b tng
ng trong nhnh . VD y ta thm vo thit b trong Network Monitor. Click vo Add ng
vi nhnh network monitor:
Kiu ca Item chn l Host, chn n host mun thm vo trong ty chn Host. Sau Click
Create:
Click Save. Sau khi to xong, ta vo trong tab Graphs kim tra:
a. To 1 graph template :
Click vo tab Console. Click vo Graph Templates di nhn Templates.
Trong , |host_description| l t kha ca Cacti. Khi tao mt graph t graph template ny, Cacti s thay th t kha
ny bng hostname.
Ima
ge
Kiu ca file nh s c to ra. Mc nh l file PNG. C 2 la chn khc l file SVG v file GIF.
For
mat
(--
imgf
orm
at)
Heig
ht (-
Chiu cao ca th. Gi tr mc nh l 120 pixels
-
heig
ht)
Widt
Chiu di ca th. Gi tr mc nh l 500 pixels.
h (--
widt
h)
Slop
e
Ty chn ny cho php lm mn th dng ng cong dc ln xung ch khng phi dng ng gp khc kiu
Mod cu thang.
e (--
slop
e-
mod
e)
Auto
Scal
Ty chn ny cho php t ng chia t l ca th
e
Auto
Nu Auto Scale c chn th bn phi chn mt trong 4 ty chn sau:
Scal
e
Opti - Use --alt-autoscale (ignoring given limits) : Ty chn ny cho php RRDTool b qua tt c cc gii hn.
ons
- Use --alt-autoscale-max (accepting a lower limit): Ty chn ny s chp nhn nhng gii hn thp,
nhng gi tr ti a s c to ra t ng ty thuc vo gi tr c lu tr.
- Use --alt-autoscale-min (accepting an upper limit, requires rrdtool 1.2.x): Ty chn ny s chp nhn
nhng gii hn cao, nhng gi tr ti thiu s c to ra t ng ty thuc vo gi tr c lu tr. Ty
chn ny ch c trong rrdtool ver 1.2.x hoc cao hn.
- Use --alt-autoscale (accepting both limits, rrdtool default): Ty chn ny chp nhn c gii hn trn v
gii hn di.
Loga
Check vo ty chn ny nu bn mun chia trc y theo cc bc tng logarit c s 10 ( Trn tru c y binh thng, 10
rith
mic c tip theo bi 20, 30, 40, v. v... Con trong thang logarit, 10 c ti p theo bi 100, 1. 000, 10. 000 v. v... iu
Scali
ng ny lm cho th loga dng r t thun l i khi bi u din cac gia tri d li u khac nhau qua nhi u. Trong thi bi
nh
(-- thng bn r t kho bi u din cho ro cac loa t d li u co tri s nho, nhng trong thi loga
nho c bi u
cc tri s
loga
rith din ro rang hn)
mic)
SI
Unit
S dng h o lng chun quc t cho vic biu din th loga. iu ny ch c ngha khi ty chn Logarithmic
s for Scaling (--logarithmic) c chn.
Loga
rith
mic
Scali
ng
(--
unit
s=si
)
Rigi
d
Thng thng, rrdgraph s t ng m rng gii hn thp v cao ca th nu th bao gm nhng gi tr ngoi
Bou gii hn a. Ty chn ny cho php chng ta v hiu ha vic m rng .
ndar
ies
Mod
e (--
rigid
)
Allo
w
Check vo ty chn ny nu bn mun cho php trch xut (export) graph template .
Grap
h
Exp
ort
Upp
er
Gi tr ln nht c biu din trn trc y. Gi tr ny s b b qua nu ty chn auto-scaling c chn.
Limi
t (--
upp
er-
limit
)
Low
Gi tr nh nht c biu din trn trc y. Gi tr ny s b b qua nu ty chn auto-scaling c chn.
er
Limi
t (--
lowe
r-
limit
)
Base
Valu
Ty chn ny thng c t gi tr l 1024 nu graph dng biu th b nh v gi tr l 1000 trong php o lu
e (-- lng mng.
base
)
Unit
Xc nh n v ca cc gi tr ca trc y.
Grid
Valu
e (--
unit
/--
y-
grid
)
Unit
Exp
Gi tr ca ty chn ny nm trong khong gii hn t -18 n 18. V d, gi tr l 3 nu bn mun biu din mi th
one vi n v l k (kilo) v l -6 nu mun biu din mi th vi n v l micro.
nt
Valu
e (--
unit
s-
expo
nent
)
Vert
ical
nhngha nhn c in pha cnh tri ca th. Thng thng l n v ca d liu trn th.
Labe
l (--
verti
cal-
label
)
Trong mi tham s trn, c ty chn Use Per-Graph Value (Ignore this Value). Ty chn
ny c hiu l s l i gi tr ny trong template v ngi dng c th nhp gi tr
trong qu trnh to th s dng graph template .
Sau khi in cc vng , click Create button to graph template.
Cng vic by gi l cn add cc Graph Template Item v Graph Item Inputs hon thnh
vic to graph template.
Sau khi hon thnh cc mc trn, click Create to Graph Template Item.
Tn bin ngha
Name
Tn xc nh cho graph item input trong graph template v graph edit
page
Description
Gi ngha ny c hin ra trong trang sa i ca graph (graph edit
page).
Field Type
La chn nhng kiu d liu no c hin th trn th
Associated Graph
Items
Chn graph item m bn mun ngi dng nhp vo
Sau khi hon thnh cc mc trn, click Create to Graph Item Input.
Nh ta thy hnh trn l m t cc thnh phn ca mt host template. Tn host template l Cisco
- 6500. N bao gm 5 graph template v 2 truy vn d liu lin quan. Khi bn thm mt thit b
mi, nu bn chn host template l Cisco 6500, th tt c nhng biu v cc truy vn d liu
lin quan s c thm vo thieestbij . Host template thc s hu dng i vi mt mng ln c
nhiu thit b cng kiu.
a. To Host Template :
Click vo Host Templates di nhn Templates.
Danh sch cc host template c hin ra. Click vo Add:
Mc nh, Cacti to ra 2 user: admin v guest. Ngi dng admin c th truy cp su vo h thng
ca Cacti, con ngi dng guest ch c th xem v truy cp vo nhng vng mc nh nh l mt
ngi dng cha c xc thc. Ngi dng cha c xc thc ch c php truy cp vo
graph_view.php v xem ch khng c php thay i.
- Show the page that user pointed their browser to: Ty chn
ny cho php ngi dng ng nhp li trang c xem trc
khi ngi dng ng nhp li sau khi phin ca ngi dng
ht hn.
- Show the default console screen: Ty chn ny s lun a
ngi dng n trang mc nh index.php khi ngi dng ng
nhp vo.
- Show the default graph screen: Ty chn ny s lun a
ngi dng n trang graph_view.php sau khi ng nhp.
Authentication Realm
Trong mt mng ln, c nhiu ngi dng khc nhau. Ty chn ny cho
php nhiu ngi dng khc nhau c th truy cp vo Cacti. C 3 ty chn
cho phn ny: Local, Web Basic v LDAP.
3.6.4- Cc ty chn qun tr ngi dng khc:
Cacti h tr thm cc ty chn ngi dng sau:
Delete
Copy
Enable
Disable
Batch Copy
Nhng ty chn ny trong menu tr xung ca phn choose an action trong giao din qun tr
ngi dng khi tick vo ngi dng (hay mt nhm ngi dng) m ta mun thc hin nhng thao
tc .