Edere edemede a na njiri mara akụrụngwa netwọkụ na-eji usoro SNMPv3. Anyị ga-ekwu maka SNMPv3, m ga-ekekọrịta ahụmịhe m n'ịmepụta ndebiri zuru oke na Zabbix, m ga-egosikwa ihe enwere ike nweta mgbe ị na-ahazi ịdọ aka na ntị kesara na nnukwu netwọkụ. Usoro SNMP bụ isi mgbe ị na-enyocha akụrụngwa netwọkụ, yana Zabbix dị oke mma maka nyochaa ọtụtụ ihe na ichikota nnukwu mpịakọta nke metrik na-abata.
Okwu ole na ole gbasara SNMPv3
Ka anyị malite n'ebumnobi nke usoro SNMPv3 na njirimara nke ojiji ya. Ọrụ SNMP na-enyocha ngwaọrụ netwọkụ na njikwa bụ isi site na izipu ha iwu dị mfe (dịka ọmụmaatụ, inye ma gbanyụọ oghere netwọkụ, ma ọ bụ ịmalitegharị ngwaọrụ ahụ).
Isi ihe dị iche n'etiti usoro SNMPv3 na ụdị ya gara aga bụ ọrụ nchekwa oge ochie [1-3], ya bụ:
- Nyocha, nke na-ekpebi na a natara arịrịọ ahụ site na isi iyi ntụkwasị obi;
- ezoro ezo (Enyocha), iji gbochie mkpughe nke data ebufere mgbe ndị ọzọ na-egbochi ya;
- iguzosi ike n'ezi ihe, ya bụ, nkwa na emebibeghị ngwugwu ahụ n'oge nnyefe.
SNMPv3 na-egosi iji usoro nchekwa nke edobere atụmatụ nyocha maka onye ọrụ enyere ya na otu ọ nọ (na ụdị SNMP gara aga, arịrịọ sitere na sava na ihe nleba anya ma e jiri ya tụnyere naanị “obodo”), ederede. eriri nwere “paswọọdụ” ebufere na ederede doro anya (ederede doro anya)).
SNMPv3 na-ewebata echiche nke ọkwa nchekwa - ọkwa nchekwa a na-anabata nke na-ekpebi nhazi akụrụngwa na omume nke onye ọrụ SNMP nke ihe nlekota. Ngwakọta ụdị nchekwa na ọkwa nchekwa na-ekpebi usoro nchekwa a na-eji mgbe ị na-ahazi ngwugwu SNMP [4].
Tebụl ahụ na-akọwa njikọta nke ụdị na ọkwa nchekwa SNMPv3 (Ekpebiri m ịhapụ ogidi atọ mbụ dị ka ọ dị na mbụ):
N'ihi nke a, anyị ga-eji SNMPv3 na ọnọdụ nyocha site na iji ezoro ezo.
Na-ahazi SNMPv3
Ngwa netwọk nlekota oru chọrọ otu nhazi nke SNMPv3 protocol na ma ihe nkesa nlekota na ihe a na-enyocha.
Ka anyị bido n'ịtọlite ngwaọrụ netwọk Cisco, nhazi kacha nta achọrọ bụ nke a (maka nhazi anyị na-eji CLI, m mere ka aha na okwuntughe dị mfe iji zere ọgba aghara):
snmp-server group snmpv3group v3 priv read snmpv3name
snmp-server user snmpv3user snmpv3group v3 auth md5 md5v3v3v3 priv des des56v3v3v3
snmp-server view snmpv3name iso includedNke mbụ ahịrị snmp-server otu - na-akọwapụta otu ndị ọrụ SNMPv3 (snmpv3group), ụdị ọgụgụ (gụọ), na ohere ikike nke otu snmpv3group iji lelee ngalaba ụfọdụ nke osisi MIB nke ihe nlekota (snmpv3name wee na . nhazi na-akọwapụta alaka nke osisi MIB otu ahụ nwere ike ịnweta snmpv3group ga-enwe ike ịnweta).
Onye ọrụ snmp-server nke abụọ - na-akọwa onye ọrụ snmpv3user, ndị otu ya na snmpv3group group, yana iji md5 nyocha (paswọọdụ maka md5 bụ md5v3v3v3) na des encryption (paswọọdụ maka des bụ des56v3v3v3). N'ezie, ọ ka mma iji aes kama des; Ana m enye ya ebe a dịka ọmụmaatụ. Ọzọkwa, mgbe ị na-akọwa onye ọrụ, ị nwere ike itinye ndepụta ohere (ACL) nke na-achịkwa adreesị IP nke sava nlekota nke nwere ikike iji nyochaa ngwaọrụ a - nke a bụkwa omume kachasị mma, mana agaghị m agbagha ihe atụ anyị.
Ahịrị snmp-server nke atọ na-akọwa aha koodu nke na-akọwapụta alaka osisi snmpv3name MIB ka ndị ọrụ snmpv3group wee jụọ ha ajụjụ. ISO, kama ịkọwapụta otu alaka, na-enye ohere ka ndị ọrụ snmpv3group nweta ihe niile dị n'osisi MIB nke ihe nleba anya.
Ntọala yiri nke a maka akụrụngwa Huawei (nakwa na CLI) dị ka nke a:
snmp-agent mib-view included snmpv3name iso
snmp-agent group v3 snmpv3group privacy read-view snmpv3name
snmp-agent usm-user v3 snmpv3user group snmpv3group
snmp-agent usm-user v3 snmpv3user authentication-mode md5
md5v3v3v3
snmp-agent usm-user v3 snmpv3user privacy-mode des56
des56v3v3v3Mgbe ịtọlitechara ngwaọrụ netwọkụ, ịkwesịrị ịlele maka ịnweta site na sava nleba anya site na protocol SNMPv3, m ga-eji snmpwalk:
snmpwalk -v 3 -u snmpv3user -l authPriv -A md5v3v3v3 -a md5 -x des -X des56v3v3v3 10.10.10.252
Ngwa a na-ahụ anya maka ịrịọ ihe OID kpọmkwem site na iji faịlụ MIB bụ snmpget:
Ugbu a, ka anyị gaa n'ihu n'ịtọpụta ihe omume data maka SNMPv3, n'ime ụdị Zabbix. Maka mfe na nnwere onwe MIB, ana m eji OID dijitalụ:
M na-eji macros omenala na mpaghara igodo n'ihi na ha ga-abụ otu maka ihe niile data dị na template. Ị nwere ike ịtọ ha n'ime ndebiri, ma ọ bụrụ na ngwaọrụ netwọk niile dị na netwọk gị nwere otu SNMPv3 paramita, ma ọ bụ n'ime ọnụ netwọk, ma ọ bụrụ na ihe SNMPv3 maka ihe nlekota dị iche iche dị iche iche:
Biko mara na sistemụ nleba anya nwere naanị aha njirimara na okwuntughe maka nyocha na izo ya ezo. Otu onye ọrụ na oke ihe MIB nke enyere ohere ịnweta ka akọwapụtara n'ihe nleba anya.
Ugbu a, ka anyị gaa n'ihu na-ejuputa template.
Ụdị ntuli aka Zabbix
Iwu dị mfe mgbe ị na-emepụta ndebiri nyocha ọ bụla bụ ime ka ha zuo ezuo dịka o kwere mee:
M na-etinye uche dị ukwuu na ngwa ahịa iji mee ka ọ dịkwuo mfe ịrụ ọrụ na nnukwu netwọkụ. More na nke a obere oge ka e mesịrị, ma ugbu a - na-akpali:
Maka ịdị mfe nke ikiri ihe na-akpalite, a na-etinye macro sistem {HOST.CONN} n'aha ha nke mere na ọ bụghị naanị aha ngwaọrụ, kamakwa adreesị IP ka egosipụtara na dashboard na ngalaba ịdọ aka ná ntị, n'agbanyeghị na nke a bụ ihe dị mma karịa mkpa ọ dị. . Iji chọpụta ma ngwaọrụ adịghị, na mgbakwunye na arịrịọ echo a na-emekarị, m na-eji nlele maka enweghị onye ọbịa site na iji usoro SNMP, mgbe a na-enweta ihe ahụ site na ICMP mana ọ naghị aza arịrịọ SNMP - ọnọdụ a ga-ekwe omume, dịka ọmụmaatụ. , mgbe a na-emepụtagharị adreesị IP na ngwaọrụ dị iche iche, n'ihi ọkụ ahazi ezighi ezi, ma ọ bụ ntọala SNMP na-ezighi ezi na nlekota ihe. Ọ bụrụ na ị na-eji nlele nnabata nnabata naanị site na ICMP, n'oge nyocha ihe mere na netwọkụ ahụ, data nlekota nwere ike ọ gaghị adị, yabụ na a ga-enyocharịrị nnata ha.
Ka anyị gaa n'ihu ịchọpụta oghere netwọkụ - maka akụrụngwa netwọkụ nke a bụ ọrụ nlekota kacha mkpa. Ebe ọ bụ na enwere ike ịnwe ọtụtụ narị interfaces na ngwaọrụ netwọk, ọ dị mkpa iji kpochapụ ihe ndị na-adịghị mkpa ka ị ghara ime ka ọhụhụhụ anya ma ọ bụ ịkwanye nchekwa data.
M na-eji ọrụ nchọpụta SNMP ọkọlọtọ, yana parampat enwere ike ịchọpụta, maka nzacha na-agbanwe agbanwe:
discovery[{#IFDESCR},1.3.6.1.2.1.2.2.1.2,{#IFALIAS},1.3.6.1.2.1.31.1.1.1.18,{#IFADMINSTATUS},1.3.6.1.2.1.2.2.1.7]
Site na nchọta a, ị nwere ike yochaa ihu netwọkụ site n'ụdị ha, nkọwapụta omenala na ọkwa ọdụ ụgbọ mmiri nhazi. Ihe nzacha na nkwupụta oge niile maka nzacha n'ọnọdụ m dị ka nke a:
Ọ bụrụ na achọpụtara ya, a ga-ewepụ oghere ndị a:
- ejiri aka mee nkwarụ (adminstatus<>1), ekele IFADMINSTATUS;
- na-enweghị nkọwa ederede, ekele IFALIAS;
- inwe akara * na nkọwa ederede, ekele IFALIAS;
- nke ahụ bụ ọrụ ma ọ bụ teknụzụ, ekele IFDESCR (n'ọnọdụ m, na okwu oge niile IFALIAS na IFDESCR na-enyocha utu aha oge niile).
Ihe ndebiri maka ịnakọta data site na iji protocol SNMPv3 adịla njikere. Anyị agaghị ebi n'ụzọ zuru ezu na ụdị nke data ihe maka netwọk netwọk; ka anyị gaa n'ihu na nsonaazụ ya.
Nsonaazụ nke nlekota
Iji bido, buru ọnụ ahịa obere netwọkụ:
Ọ bụrụ na ị na-akwado ndebiri maka usoro ngwaọrụ netwọk ọ bụla, ị nwere ike nweta usoro nchịkọta data dị mfe iji nyochaa ngwa ngwa ugbu a, nọmba serial, na ngosi nke onye na-ehicha ihe na-abịa na ihe nkesa (n'ihi obere Uptime). Otu akụkụ nke ndepụta ndebiri m dị n'okpuru:
Ma ugbu a - isi panel nlekota oru, na-akpalite na-ekesa site na ogo ogo:
Ekele maka usoro ntinye aka na ndebiri maka ụdị ngwaọrụ ọ bụla na netwọk, ọ ga-ekwe omume iji hụ na, n'ime usoro nke otu usoro nlekota oru, a ga-ahazi ngwá ọrụ maka ịkọ mmejọ na ihe mberede (ọ bụrụ na sensọ na metric kwesịrị ekwesị dị). Zabbix dabara nke ọma maka nlekota netwọkụ, ihe nkesa, na akụrụngwa ọrụ, yana ọrụ idobe akụrụngwa netwọkụ na-egosipụta nke ọma ike ya.
Ndepụta isi mmalite ejiri:1. Hucaby D. CCNP Routing na ịgbanwee Mgbanwe 300-115 Ntuziaka Asambodo gọọmentị. Cisco Press, 2014. pp. 325-329.
2. RFC 3410.
3. RFC 3415.
4. Ntuziaka nhazi SNMP, Cisco IOS XE Mwepụta 3SE. Isi: SNMP Ụdị 3.
isi: www.habr.com