Network Monitoring
SNMP
command
remote script(ssh)
SNMP(監控工具)
RRDTool(繪圖)
cacti(php)
展示
時間序列數據
Nagios
on->Off
Simple Network Management Protocol(SNMP)
The core of SNMP is a simple set of operations (and the information these operations gather)that gives administrators the ability to get or change the state of some SNMP-based device
SNMPv1
the initial version of the SNMP protocol
SNMPv1's security is based on communities,which are nothing more than passwords:plain-text strings that allow any SNMP-based application that knows the strings to goin access to a device's management information
There are typically three communities in SNMPv1:read-only(只讀) read-write(讀寫,關機),and trap(捕獲,通知,被監控端主動發送信息給監控端)
SNMPv2
It is often referred to as community-string-based SNMPv2
This version of SNMP is technically called SNMPv2c
SNMPv3
It adds support for strong authentication and private communication between managed entities
Managers and Agents
A manager is a server running some kind of software system that can handle management tasks for a network
A poll,in the context of network management,is the act of querying an agent(router,switch,Unix server,etc.)for some piece of informaiton
A trap is a way for the agent to tell the NMS that some thing has happened
Traps are sent asynchronously,not in response to queries from the NMS
MIBs(管理信息庫)
The Structur of Management Information(SMI) defines how management information is grouped and named;allowed operations;permitted data types;and the syntax for specifying MIBs
The Management Information Base(MIB) can be thought of as a database of managed objects that the agent tracks
An agent may implement many MIBs,but all agents implement a particular MIB clled MIB-II
The Concept of Network Management
Fault Management(故障管理)
To detect,log,and notify users of systems or networks of problems
Configuration Management(配置管理)
To monitor network and system configuration information
Such as the number of hard disks
Accounting Management(記賬管理)
To ensure that computing and network resources are used fairly by all groups or individuals who access them
Performance Mnagement(性能管理)
To measure and report on various aspects of network or system performance
Security Management(安全管理)
TCP/IP communication model and SNMP
SNMP Communities
SNMPv1 and SNMPv2 use the notion of communities to establish trust between managers and agents
An agent is configured with three community names: read-only, read-write, and trap
The community names are essentially passwords
public and private
SMI object tree
MIB-II subtree
Brief description of the MIB-II groups
SNMP Operations
Each of the following SNMP operations has a standard PDU format
get (獲取一個指定oid的信息)
getnext(獲取指定節點下的所有子節點的相關信息)
getbulk(SNMPv2 and SNMPv3)(獲取指定節點下的所有子節點及子子節點相關信息,遞歸)
set(發去控制指令)
getresponse(客戶端發起的獲取響應)
trap(由trap端發起)
notification(SNMPv2 and SNMPv3)
inform(SNMPv2 and SNMPv3)
report(SNMPv2 and SNMPv3)
get request sequence
The getnext Operation
The getnext operation lets you issue a sequence of commands to retrieve a group of values from a MIB
# snmpwalk -v 1 -c public 127.0.0.1 system
The getbulk Operation
SNMPv2 defines the getbulk operation,which allows a management application to retrieve a large section of a table at once
The standard get operation can attempt to retrieve more than one MIB object at ance,but message sizes are limited by the agent's capabilities
Host Management Revisited
Managing your hosts is an important part of network management
The Host Resources MIB deines the fllowing seven groups:
hrsystem: 系統
hrstorage: 存儲
hrdevice: 設備
hrswrun: 獲取操作系統版本
hrswrunperf: 系統性能
hrswinstalled: 操作系統安裝那些軟件;
Host Management Revisited
The host OID is 1.3.6.1.2.1.25
The hrSystem(1.3.6.1.2.1.25.1) group deines objects that pertion to the system itself.These objects include uptime.system date,system users,and system processes
The hrDevice(1.3.6.1.2.1.25.3) and Storate(1.3.6.1.2.1.25.2) groups define objects pertaining to filesystems and system storage,such as system memory,disk utilization,and CPU nonidle percentage
The hrSWRun(1.3.6.1.2.1.25.4),hrSWRunPerf(1.3.6.1.2.1.25.5),and hrSWInstalled(1.3.6.1.2.1.25.6) groups deine objects that represent various aspects of software running or installed on the system
From these groups,you can determine what operating system is running on the host,as well as what programs the host is currently running
The hrSWInstalled group can be used to track which software packages are installed
net-snmp(Agent)被監控端
net-snmp-utils(NMS::command)監控端,監控端要使用trap功能還要安裝net-snmp,並啓用snmptrapd服務;
[root@cacti ~]# yum -y install net-snmp net-snmp-utils
[root@cacti ~]# service snmpd start
正在啓動 snmpd: [確定]
[root@cacti ~]# netstat -unlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:68 0.0.0.0: 1500/dhclient
udp 0 0 0.0.0.0:161 0.0.0.0: 1645/snmpd
[root@cacti ~]# snmpwalk -v 2c -c public localhost host
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (144158) 0:24:01.58
HOST-RESOURCES-MIB::hrSystemUptime.0 = No more variables left in this MIB View (It is past the end of the MIB tree)
[root@cacti ~]# vim /etc/snmp/snmpd.conf
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
[root@cacti ~]# snmpget -v 2c -c public localhost HOST-RESOURCES-MIB::hrSystemUptime.0
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (182855) 0:30:28.55
[root@cacti ~]# vim /etc/snmp/snmpd.conf
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.2.1.6
[root@cacti ~]# service snmpd restart
停止 snmpd: [確定]
正在啓動 snmpd: [確定]
[root@cacti ~]# snmpwalk -v 2c -c public localhost tcp
TCP-MIB::tcpRtoAlgorithm.0 = INTEGER: other(1)
TCP-MIB::tcpRtoMin.0 = INTEGER: 200 milliseconds
TCP-MIB::tcpRtoMax.0 = INTEGER: 120000 milliseconds
TCP-MIB::tcpMaxConn.0 = INTEGER: -1
TCP-MIB::tcpActiveOpens.0 = Counter32: 26
TCP-MIB::tcpPassiveOpens.0 = Counter32: 4
TCP-MIB::tcpAttemptFails.0 = Counter32: 0
TCP-MIB::tcpEstabResets.0 = Counter32: 0
TCP-MIB::tcpCurrEstab.0 = Gauge32: 2
TCP-MIB::tcpInSegs.0 = Counter32: 24188
TCP-MIB::tcpOutSegs.0 = Counter32: 14189
TCP-MIB::tcpRetransSegs.0 = Counter32: 4
TCP-MIB::tcpConnState.0.0.0.0.22.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.25.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.199.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.6010.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.172.16.100.1.22.172.16.100.254.6230 = INTEGER: established(5)
TCP-MIB::tcpConnState.172.16.100.1.22.172.16.100.254.6231 = INTEGER: established(5)
TCP-MIB::tcpConnLocalAddress.0.0.0.0.22.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnLocalAddress.127.0.0.1.25.0.0.0.0.0 = IpAddress: 127.0.0.1
TCP-MIB::tcpConnLocalAddress.127.0.0.1.199.0.0.0.0.0 = IpAddress: 127.0.0.1
TCP-MIB::tcpConnLocalAddress.127.0.0.1.6010.0.0.0.0.0 = IpAddress: 127.0.0.1
TCP-MIB::tcpConnLocalAddress.172.16.100.1.22.172.16.100.254.6230 = IpAddress: 172.16.100.1
TCP-MIB::tcpConnLocalAddress.172.16.100.1.22.172.16.100.254.6231 = IpAddress: 172.16.100.1
TCP-MIB::tcpConnLocalPort.0.0.0.0.22.0.0.0.0.0 = INTEGER: 22
TCP-MIB::tcpConnLocalPort.127.0.0.1.25.0.0.0.0.0 = INTEGER: 25
TCP-MIB::tcpConnLocalPort.127.0.0.1.199.0.0.0.0.0 = INTEGER: 199
TCP-MIB::tcpConnLocalPort.127.0.0.1.6010.0.0.0.0.0 = INTEGER: 6010
TCP-MIB::tcpConnLocalPort.172.16.100.1.22.172.16.100.254.6230 = INTEGER: 22
TCP-MIB::tcpConnLocalPort.172.16.100.1.22.172.16.100.254.6231 = INTEGER: 22
TCP-MIB::tcpConnRemAddress.0.0.0.0.22.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.127.0.0.1.25.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.127.0.0.1.199.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.127.0.0.1.6010.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.172.16.100.1.22.172.16.100.254.6230 = IpAddress: 172.16.100.254
TCP-MIB::tcpConnRemAddress.172.16.100.1.22.172.16.100.254.6231 = IpAddress: 172.16.100.254
TCP-MIB::tcpConnRemPort.0.0.0.0.22.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.127.0.0.1.25.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.127.0.0.1.199.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.127.0.0.1.6010.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.172.16.100.1.22.172.16.100.254.6230 = INTEGER: 6230
TCP-MIB::tcpConnRemPort.172.16.100.1.22.172.16.100.254.6231 = INTEGER: 6231
TCP-MIB::tcpInErrs.0 = Counter32: 0
TCP-MIB::tcpOutRsts.0 = Counter32: 3
TCP-MIB::tcpConnectionState.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6230 = INTEGER: established(5)
TCP-MIB::tcpConnectionState.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6231 = INTEGER: established(5)
TCP-MIB::tcpConnectionProcess.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6230 = Gauge32: 1578
TCP-MIB::tcpConnectionProcess.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6231 = Gauge32: 1582
TCP-MIB::tcpListenerProcess.ipv4."0.0.0.0".22 = Gauge32: 947
TCP-MIB::tcpListenerProcess.ipv4."127.0.0.1".25 = Gauge32: 1026
TCP-MIB::tcpListenerProcess.ipv4."127.0.0.1".199 = Gauge32: 1712
TCP-MIB::tcpListenerProcess.ipv4."127.0.0.1".6010 = Gauge32: 1578
TCP-MIB::tcpListenerProcess.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00".22 = Gauge32: 947
TCP-MIB::tcpListenerProcess.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01".25 = Gauge32: 1026
[root@cacti ~]# snmpwalk -v 2c -c public localhost tcp | grep established | wc -l
4