ãã®èšäºã§ã¯ãSNMPv3 ãããã³ã«ã䜿çšãããããã¯ãŒã¯æ©åšã®ç£èŠæ©èœã«ã€ããŠèª¬æããŸãã SNMPv3 ã«ã€ããŠèª¬æããZabbix ã§æ¬æ Œçãªãã³ãã¬ãŒããäœæããç§ã®çµéšãå
±æãã倧èŠæš¡ãªãããã¯ãŒã¯ã§åæ£ã¢ã©ãŒããçµç¹ãããšãã«äœãéæã§ãããã瀺ããŸãã SNMP ãããã³ã«ã¯ããããã¯ãŒã¯æ©åšãç£èŠããå Žåã®äž»ãªãããã³ã«ã§ãããZabbix ã¯ãå€æ°ã®ãªããžã§ã¯ããç£èŠãã倧éã®åä¿¡ã¡ããªã¯ã¹ãèŠçŽããã®ã«æé©ã§ãã
SNMPv3 ã«ã€ããŠäžèš
SNMPv3 ãããã³ã«ã®ç®çãšãã®äœ¿çšã®ç¹åŸŽããå§ããŸãããã SNMP ã®ã¿ã¹ã¯ã¯ããããã¯ãŒã¯ ããã€ã¹ã®ç£èŠãšãåçŽãªã³ãã³ã (ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã®æå¹åãšç¡å¹åãããã€ã¹ã®åèµ·åãªã©) ãéä¿¡ããããšã«ããåºæ¬çãªç®¡çã§ãã
SNMPv3 ãããã³ã«ãšãã®ä»¥åã®ããŒãžã§ã³ã®äž»ãªéãã¯ãå€å žçãªã»ãã¥ãªãã£æ©èœ [1-3]ãã€ãŸã次ã®ãšããã§ãã
- èªèšŒããªã¯ãšã¹ããä¿¡é Œã§ãããœãŒã¹ããåä¿¡ãããããšãå€æããŸãã
- æå·å (Encryption)ã第äžè ãååããå Žåã«éä¿¡ããŒã¿ã®é瀺ãé²æ¢ããŸãã
- å®å šæ§ãã€ãŸããã±ãããéä¿¡äžã«æ¹ãããããŠããªãããšã®ä¿èšŒã
SNMPv3 ã¯ãç¹å®ã®ãŠãŒã¶ãŒãšãã®ãŠãŒã¶ãŒãå±ããã°ã«ãŒãã«å¯ŸããŠèªèšŒæŠç¥ãèšå®ãããã»ãã¥ãªã㣠ã¢ãã«ã®äœ¿çšãæå³ããŸã (以åã®ããŒãžã§ã³ã® SNMP ã§ã¯ããµãŒããŒããç£èŠãªããžã§ã¯ããžã®ãªã¯ãšã¹ãã¯ããã¹ããã³ãã¥ããã£ãã®ã¿ãšæ¯èŒãããŸãã)å¹³æïŒãã¬ãŒã³ããã¹ãïŒã§éä¿¡ãããããã¹ã¯ãŒãããå«ãæååïŒã
SNMPv3 ã§ã¯ãã»ãã¥ãªã㣠ã¬ãã«ã®æŠå¿µãå°å ¥ãããŠããŸããããã¯ãæ©åšã®æ§æãšç£èŠãªããžã§ã¯ãã® SNMP ãšãŒãžã§ã³ãã®åäœã決å®ãã蚱容å¯èœãªã»ãã¥ãªã㣠ã¬ãã«ã§ãã ã»ãã¥ãªã㣠ã¢ãã«ãšã»ãã¥ãªã㣠ã¬ãã«ã®çµã¿åããã«ãã£ãŠãSNMP ãã±ãããåŠçãããšãã«ã©ã®ã»ãã¥ãªã㣠ã¡ã«ããºã ã䜿çšããããã決ãŸããŸã [4]ã
ãã®è¡šã¯ãã¢ãã«ãš SNMPv3 ã»ãã¥ãªã㣠ã¬ãã«ã®çµã¿åããã瀺ããŠããŸã (æåã® XNUMX ã€ã®åã¯å ã®ãšããã«ããããšã«ããŸãã)ã
ãããã£ãŠãæå·åã䜿çšããèªèšŒã¢ãŒã㧠SNMPv3 ã䜿çšããŸãã
SNMPv3ã®æ§æ
ãããã¯ãŒã¯æ©åšãç£èŠããã«ã¯ãç£èŠãµãŒããŒãšç£èŠå¯Ÿè±¡ãªããžã§ã¯ãã®äž¡æ¹ã§ SNMPv3 ãããã³ã«ã®åãæ§æãå¿ èŠã§ãã
Cisco ãããã¯ãŒã¯ ããã€ã¹ã®ã»ããã¢ããããå§ããŸããããæäœéå¿ èŠãªæ§æã¯æ¬¡ã®ãšããã§ã (æ§æã«ã¯ CLI ã䜿çšããŸããæ··ä¹±ãé¿ããããã«ååãšãã¹ã¯ãŒããç°¡ç¥åããŠããŸã)ã
snmp-server group snmpv3group v3 priv read snmpv3name
snmp-server user snmpv3user snmpv3group v3 auth md5 md5v3v3v3 priv des des56v3v3v3
snmp-server view snmpv3name iso included
æåã®è¡ snmp-server group â SNMPv3 ãŠãŒã¶ãŒã®ã°ã«ãŒã (snmpv3group)ãèªã¿åãã¢ãŒã (read)ãããã³ç£èŠãªããžã§ã¯ã (snmpv3name) ã® MIB ããªãŒã®ç¹å®ã®ãã©ã³ãã衚瀺ããããã® snmpv3group ã°ã«ãŒãã®ã¢ã¯ã»ã¹æš©ãå®çŸ©ããŸããèšå®ã§ã¯ãã°ã«ãŒããã¢ã¯ã»ã¹ã§ãã MIB ããªãŒã®ã©ã®ãã©ã³ãã« snmpv3group ãã¢ã¯ã»ã¹ã§ããããæå®ããŸã)ã
3 è¡ç®ã® snmp-server user â ãŠãŒã¶ãŒ snmpv3userããã® snmpv5group ã°ã«ãŒãã®ã¡ã³ããŒã·ãããããã³ md5 èªèšŒ (md5 ã®ãã¹ã¯ãŒã㯠md3v3v3v56) ãš des æå·å (des ã®ãã¹ã¯ãŒã㯠des3v3v3vXNUMX) ã®äœ¿çšãå®çŸ©ããŸãã ãã¡ãããdes ã®ä»£ããã« aes ã䜿çšããæ¹ãè¯ãã§ãããããã§ã¯åãªãäŸãšããŠç€ºããŠããŸãã ãŸãããŠãŒã¶ãŒãå®çŸ©ãããšãã«ããã®ããã€ã¹ãç£èŠããæš©éãæã€ç£èŠãµãŒããŒã® IP ã¢ãã¬ã¹ãèŠå¶ããã¢ã¯ã»ã¹ ãªã¹ã (ACL) ãè¿œå ã§ããŸããããããã¹ã ãã©ã¯ãã£ã¹ã§ãããäŸãè€éã«ããã€ããã¯ãããŸããã
3 è¡ç®ã® snmp-server ãã¥ãŒã¯ãsnmpv3name MIB ããªãŒã®ãã©ã³ããæå®ããã³ãŒãåãå®çŸ©ããsnmpv3group ãŠãŒã¶ãŒ ã°ã«ãŒããã¯ãšãªã§ããããã«ããŸãã ISO ã§ã¯ãåäžã®ãã©ã³ããå³å¯ã«å®çŸ©ãã代ããã«ãsnmpvXNUMXgroup ãŠãŒã¶ãŒ ã°ã«ãŒããç£èŠãªããžã§ã¯ãã® MIB ããªãŒå ã®ãã¹ãŠã®ãªããžã§ã¯ãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã
Huawei æ©åšã®åæ§ã®ã»ããã¢ãã (ããã CLI) ã¯æ¬¡ã®ããã«ãªããŸãã
snmp-agent mib-view included snmpv3name iso
snmp-agent group v3 snmpv3group privacy read-view snmpv3name
snmp-agent usm-user v3 snmpv3user group snmpv3group
snmp-agent usm-user v3 snmpv3user authentication-mode md5
md5v3v3v3
snmp-agent usm-user v3 snmpv3user privacy-mode des56
des56v3v3v3
ãããã¯ãŒã¯ ããã€ã¹ãèšå®ããåŸãSNMPv3 ãããã³ã«çµç±ã§ç£èŠãµãŒããŒããã®ã¢ã¯ã»ã¹ã確èªããå¿ èŠããããŸããããã§ã¯ snmpwalk ã䜿çšããŸãã
snmpwalk -v 3 -u snmpv3user -l authPriv -A md5v3v3v3 -a md5 -x des -X des56v3v3v3 10.10.10.252
MIB ãã¡ã€ã«ã䜿çšããŠç¹å®ã® OID ãªããžã§ã¯ãããªã¯ãšã¹ãããããã®ããèŠèŠçãªããŒã«ã¯ãsnmpget ã§ãã
ããã§ãZabbix ãã³ãã¬ãŒãå
ã§ã® SNMPv3 ã®äžè¬çãªããŒã¿èŠçŽ ã®èšå®ã«é²ã¿ãŸãããã ç°¡çŽ åãš MIB ã®ç¬ç«æ§ã®ããã«ãããžã¿ã« OID ã䜿çšããŸãã
ã㌠ãã£ãŒã«ãã§ã«ã¹ã¿ã ãã¯ãã䜿çšããã®ã¯ããã³ãã¬ãŒãå
ã®ãã¹ãŠã®ããŒã¿èŠçŽ ã§åãã«ãªãããã§ãã ãããã¯ãŒã¯å
ã®ãã¹ãŠã®ãããã¯ãŒã¯ ããã€ã¹ãåã SNMPv3 ãã©ã¡ãŒã¿ãæã€å Žåã¯ãã³ãã¬ãŒãå
ã§èšå®ã§ããç°ãªãç£èŠãªããžã§ã¯ãã® SNMPv3 ãã©ã¡ãŒã¿ãç°ãªãå Žåã¯ãããã¯ãŒã¯ ããŒãå
ã§èšå®ã§ããŸãã
ç£èŠã·ã¹ãã ã«ã¯èªèšŒãšæå·åã®ããã®ãŠãŒã¶ãŒåãšãã¹ã¯ãŒããããªãããšã«æ³šæããŠãã ããã ã¢ã¯ã»ã¹ãèš±å¯ãããŠãŒã¶ãŒã°ã«ãŒããšMIBãªããžã§ã¯ãã®ç¯å²ã¯ç£èŠãªããžã§ã¯ãã§æå®ããŸãã
ããã§ã¯ããã³ãã¬ãŒããžã®å
¥åã«é²ã¿ãŸãããã
Zabbix æ祚ãã³ãã¬ãŒã
ã¢ã³ã±ãŒã ãã³ãã¬ãŒããäœæãããšãã®ç°¡åãªã«ãŒã«ã¯ãã§ããã ã詳现ãªãã³ãã¬ãŒããäœæããããšã§ãã
倧èŠæš¡ãªãããã¯ãŒã¯ã§ã®äœæ¥ã容æã«ããããã«ãç§ã¯åšåº«ã«çŽ°å¿ã®æ³šæãæã£ãŠããŸãã ããã«ã€ããŠã¯å°ãåŸã»ã©è©³ãã説æããŸãããä»ã®ãšãããããªã¬ãŒã¯æ¬¡ã®ãšããã§ãã
ããªã¬ãŒã®èŠèŠåã容æã«ããããã«ãã·ã¹ãã ãã¯ã {HOST.CONN} ããã®ååã«å«ãŸããŠãããããã€ã¹åã ãã§ãªã IP ã¢ãã¬ã¹ãããã·ã¥ããŒãã®ã¢ã©ãŒã ã»ã¯ã·ã§ã³ã«è¡šç€ºãããŸãããã ããããã¯å¿
èŠæ§ãšããããå©äŸ¿æ§ã®åé¡ã§ãã ã ããã€ã¹ãå©çšã§ããªããã©ãããå€æããã«ã¯ãéåžžã®ãšã³ãŒ ãªã¯ãšã¹ãã«å ããŠããªããžã§ã¯ãã ICMP çµç±ã§ã¢ã¯ã»ã¹ã§ããã SNMP ãªã¯ãšã¹ãã«å¿çããªãå Žåã«ãSNMP ãããã³ã«ã䜿çšããŠãã¹ããå©çšã§ããªããã©ããã®ãã§ãã¯ã䜿çšããŸããããšãã°ããã®ãããªç¶æ³ãèããããŸãã ããã¡ã€ã¢ãŠã©ãŒã«ãæ£ããæ§æãããŠããªãããšããŸãã¯ç£èŠãªããžã§ã¯ãã® SNMP èšå®ãæ£ãããªãããšã«ãããIP ã¢ãã¬ã¹ãç°ãªãããã€ã¹ã§éè€ããŠããå Žåã ICMP çµç±ã®ã¿ã§ãã¹ãå¯çšæ§ãã§ãã¯ã䜿çšããå Žåããããã¯ãŒã¯äžã®ã€ã³ã·ãã³ãã®èª¿æ»æã«ç£èŠããŒã¿ãå©çšã§ããªãå¯èœæ§ãããããããã®åä¿¡ãç£èŠããå¿
èŠããããŸãã
ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã®æ€åºã«ç§»ããŸãããããããã¯ãŒã¯æ©åšã«ãšã£ãŠãããã¯æãéèŠãªç£èŠæ©èœã§ãã ãããã¯ãŒã¯ ããã€ã¹ã«ã¯äœçŸãã®ã€ã³ã¿ãŒãã§ã€ã¹ãååšããå¯èœæ§ããããããèŠèŠåãããŒã¿ããŒã¹ãä¹±éã«ãªããªãããã«ãäžèŠãªã€ã³ã¿ãŒãã§ã€ã¹ãé€å€ããå¿ èŠããããŸãã
ããæè»ãªãã£ã«ã¿ãªã³ã°ã®ããã«ãããå€ãã®æ€åºå¯èœãªãã©ã¡ãŒã¿ãåããæšæºã® SNMP æ€åºæ©èœã䜿çšããŠããŸãã
discovery[{#IFDESCR},1.3.6.1.2.1.2.2.1.2,{#IFALIAS},1.3.6.1.2.1.31.1.1.1.18,{#IFADMINSTATUS},1.3.6.1.2.1.2.2.1.7]
ãã®æ€åºã䜿çšãããšãã¿ã€ããã«ã¹ã¿ã 説æãããã³ç®¡çããŒãã®ã¹ããŒã¿ã¹ã«ãã£ãŠãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ããã£ã«ã¿ãªã³ã°ã§ããŸãã ç§ã®å Žåã®ãã£ã«ã¿ãšãã£ã«ã¿ãªã³ã°çšã®æ£èŠè¡šçŸã¯æ¬¡ã®ããã«ãªããŸãã
æ€åºãããå Žåã次ã®ã€ã³ã¿ãŒãã§ã€ã¹ãé€å€ãããŸãã
- IFADMINSTATUS ã®ãããã§æåã§ç¡å¹ã«ãªããŸãã (adminstatus<>1)ã
- IFALIAS ã®ãããã§ããã¹ãã«ãã説æã¯ãããŸããã
- IFALIAS ã®ãããã§ãããã¹ãã®èª¬æã« * ãšããèšå·ãå«ãŸããŠããŸãã
- IFDESCR ã®ãããã§ããµãŒãã¹ãŸãã¯æè¡çãªãã®ã«ãªããŸã (ç§ã®å Žåãæ£èŠè¡šçŸã§ã¯ãIFALIAS ãš IFDESCR 㯠XNUMX ã€ã®æ£èŠè¡šçŸãšã€ãªã¢ã¹ã«ãã£ãŠãã§ãã¯ãããŸã)ã
SNMPv3 ãããã³ã«ã䜿çšããŠããŒã¿ãåéããããã®ãã³ãã¬ãŒããã»ãŒå®æããŸããã ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã®ããŒã¿èŠçŽ ã®ãããã¿ã€ãã«ã€ããŠã¯ãã以äžè©³ãã説æããªãã®ã§ãçµæã«ç§»ããŸãããã
ã¢ãã¿ãªã³ã°çµæ
ãŸããå°èŠæš¡ãªãããã¯ãŒã¯ã®æ£åžãè¡ããŸãã
ãããã¯ãŒã¯ ããã€ã¹ã®ã·ãªãŒãºããšã«ãã³ãã¬ãŒããçšæãããšãçŸåšã®ãœãããŠã§ã¢ãã·ãªã¢ã«çªå·ããµãŒããŒã«ã¯ãªãŒããŒãæ¥ãéç¥ (皌åæéã®äœäžã«ãã) ã®æŠèŠããŒã¿ãåæããããã¬ã€ã¢ãŠãã§å®çŸã§ããŸãã ç§ã®ãã³ãã¬ãŒããªã¹ãã®æç²ã¯ä»¥äžã®ãšããã§ãã
ãããŠä»åºŠã¯ãé倧床ã¬ãã«ããšã«ããªã¬ãŒãåæ£ãããã¡ã€ã³ç£èŠããã«ã§ãã
ãããã¯ãŒã¯å
ã®åããã€ã¹ ã¢ãã«ã®ãã³ãã¬ãŒããžã®çµ±åã¢ãããŒãã®ãããã§ãXNUMX ã€ã®ç£èŠã·ã¹ãã ã®æ çµã¿å
ã§ãé害ãäºæ
ãäºæž¬ããããŒã«ã確å®ã«ç·šæããããšãã§ããŸã (é©åãªã»ã³ãµãŒãšã¡ããªã¯ã¹ãå©çšå¯èœãªå Žå)ã Zabbix ã¯ããããã¯ãŒã¯ããµãŒããŒãããã³ãµãŒãã¹ ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ç£èŠã«é©ããŠããããããã¯ãŒã¯æ©åšãä¿å®ããã¿ã¹ã¯ã§ãã®èœåãæ確ã«çºæ®ãããŸãã
䜿çšããããœãŒã¹ã®ãªã¹ã1. Hucaby D. CCNP ã«ãŒãã£ã³ã°ããã³ã¹ã€ããã³ã° SWITCH 300-115 å
¬åŒèªå®ã¬ã€ãã ã·ã¹ã³ ãã¬ã¹ã2014 幎ãpp. 325-329ã
2. RFC 3410ã
3. RFC 3415ã
4. SNMP èšå®ã¬ã€ããCisco IOS XE ãªãªãŒã¹ 3SEã ç« : SNMP ããŒãžã§ã³ 3ã
åºæïŒ habr.com