Nkhaniyi idaperekedwa pazowunikira zida zama netiweki pogwiritsa ntchito protocol ya SNMPv3. Tidzakambirana za SNMPv3, ndigawana zomwe ndakumana nazo popanga ma tempulo athunthu mu Zabbix, ndipo ndikuwonetsa zomwe zingapezeke pokonzekera kuchenjeza kogawidwa mu netiweki yayikulu. Protocol ya SNMP ndiyomwe imayang'anira zida zapaintaneti, ndipo Zabbix ββndiyabwino kuyang'anira zinthu zambiri komanso kufotokoza mwachidule ma metric omwe akubwera.
Mawu ochepa okhudza SNMPv3
Tiyeni tiyambe ndi cholinga cha SNMPv3 protocol ndi mawonekedwe ake. Ntchito za SNMP ndikuwunika zida zama netiweki ndi kasamalidwe koyambira potumiza malamulo osavuta kwa iwo (mwachitsanzo, kuyatsa ndi kuletsa zolumikizira netiweki, kapena kuyambitsanso chipangizocho).
Kusiyana kwakukulu pakati pa protocol ya SNMPv3 ndi mitundu yake yam'mbuyomu ndi ntchito zapamwamba zachitetezo [1-3], zomwe ndi:
- Kutsimikizika, komwe kumatsimikizira kuti pempholo lalandiridwa kuchokera kugwero lodalirika;
- kubisa (Kubisa), kuteteza kuwululidwa kwa deta yopatsirana ikalandidwa ndi anthu ena;
- kukhulupirika, ndiko kuti, chitsimikizo kuti paketi sinasokonezedwe panthawi yopatsira.
SNMPv3 imatanthawuza kugwiritsa ntchito njira yachitetezo momwe njira yotsimikizirira imayikidwa kwa wogwiritsa ntchito komanso gulu lomwe ali nalo (m'matembenuzidwe am'mbuyomu a SNMP, pempho lochokera ku seva kupita ku chinthu chowunikira poyerekeza "gulu" lokha, mawu. chingwe chokhala ndi "password" yotumizidwa momveka bwino (mawu osavuta)).
SNMPv3 imayambitsa lingaliro la magawo achitetezo - magawo ovomerezeka otetezedwa omwe amatsimikizira kasinthidwe ka zida ndi machitidwe a SNMP wothandizira wa chinthu chowunikira. Kuphatikiza kwa mtundu wachitetezo ndi mulingo wachitetezo kumatsimikizira njira yachitetezo yomwe imagwiritsidwa ntchito pokonza paketi ya SNMP [4].
Gome limafotokoza mitundu yosakanikirana ndi magawo achitetezo a SNMPv3 (ndinaganiza zosiya mizati itatu yoyambirira monga momwe idayambilira):
Chifukwa chake, tidzagwiritsa ntchito SNMPv3 mumayendedwe otsimikizika pogwiritsa ntchito kubisa.
Kukonza SNMPv3
Kuwunika zida za netiweki kumafuna kusinthidwa komweko kwa protocol ya SNMPv3 pa seva yowunikira komanso chinthu choyang'aniridwa.
Tiyeni tiyambe ndikukhazikitsa chipangizo cha netiweki cha Cisco, kasinthidwe kake kochepa kofunikira ndi motere (pakusintha timagwiritsa ntchito CLI, ndidasinthiratu mayina ndi mapasiwedi kuti ndipewe chisokonezo):
snmp-server group snmpv3group v3 priv read snmpv3name
snmp-server user snmpv3user snmpv3group v3 auth md5 md5v3v3v3 priv des des56v3v3v3
snmp-server view snmpv3name iso includedGulu loyamba la snmp-server - limatanthawuza gulu la ogwiritsa ntchito a SNMPv3 (snmpv3group), njira yowerengera (werengani), ndi mwayi wopeza gulu la snmpv3group kuti muwone nthambi zina za mtengo wa MIB wa chinthu chowunikira (snmpv3name ndiye mu kasinthidwe kumatanthawuza kuti ndi nthambi ziti za mtengo wa MIB zomwe gulu lingathe kupeza snmpv3group azitha kupeza).
Mzere wachiwiri wogwiritsa ntchito snmp-server - amatanthauzira wosuta snmpv3user, umembala wake mu gulu la snmpv3group, komanso kugwiritsa ntchito md5 kutsimikizika (password kwa md5 ndi md5v3v3v3) ndi des encryption (password for des is des56v3v3v3). Inde, ndibwino kugwiritsa ntchito aes m'malo mwa des; ndikupereka apa monga chitsanzo. Komanso, pofotokoza wogwiritsa ntchito, mutha kuwonjezera mndandanda wofikira (ACL) womwe umayang'anira ma adilesi a IP a maseva oyang'anira omwe ali ndi ufulu kuyang'anira chipangizochi - izi ndizochita bwino, koma sindidzasokoneza chitsanzo chathu.
Mzere wachitatu wa snmp-server view umatanthawuza dzina la code lomwe limatchula nthambi za mtengo wa snmpv3name MIB kuti athe kufunsidwa ndi snmpv3group user group. ISO, m'malo mofotokoza mosamalitsa nthambi imodzi, imalola gulu la ogwiritsa ntchito snmpv3group kupeza zinthu zonse mumtengo wa MIB wa chinthu chowunikira.
Kukonzekera kofanana kwa zida za Huawei (komanso mu CLI) kumawoneka motere:
snmp-agent mib-view included snmpv3name iso
snmp-agent group v3 snmpv3group privacy read-view snmpv3name
snmp-agent usm-user v3 snmpv3user group snmpv3group
snmp-agent usm-user v3 snmpv3user authentication-mode md5
md5v3v3v3
snmp-agent usm-user v3 snmpv3user privacy-mode des56
des56v3v3v3Mukakhazikitsa zida zamaneti, muyenera kuyang'ana mwayi wopezeka pa seva yowunikira kudzera pa protocol ya SNMPv3, ndigwiritsa ntchito snmpwalk:
snmpwalk -v 3 -u snmpv3user -l authPriv -A md5v3v3v3 -a md5 -x des -X des56v3v3v3 10.10.10.252
Chida chowoneka bwino chofunsira zinthu za OID pogwiritsa ntchito mafayilo a MIB ndi snmpget:
Tsopano tiyeni tipitirire kukhazikitsa gawo la data la SNMPv3, mkati mwa template ya Zabbix. Kuti zikhale zosavuta komanso zodziyimira pawokha za MIB, ndimagwiritsa ntchito ma OID a digito:
Ndimagwiritsa ntchito ma macros m'magawo akuluakulu chifukwa adzakhala ofanana pazinthu zonse za data mu template. Mutha kuziyika mu template, ngati zida zonse za netiweki pamaneti yanu zili ndi magawo ofanana a SNMPv3, kapena mkati mwa node ya netiweki, ngati magawo a SNMPv3 azinthu zowunikira zosiyanasiyana ndi osiyana:
Chonde dziwani kuti makina owunikira ali ndi dzina lolowera ndi mawu achinsinsi kuti atsimikizire ndi kubisa. Gulu la ogwiritsa ntchito ndi kuchuluka kwa zinthu za MIB zomwe zimaloledwa kufikako zimatchulidwa pa chinthu chowunikira.
Tsopano tiyeni tipitirire kudzaza template.
Zabbix poll template
Lamulo losavuta popanga ma tempulo a kafukufuku aliyense ndikuwapanga mwatsatanetsatane momwe mungathere:
Ndimayang'ana kwambiri zosungirako kuti zikhale zosavuta kugwira ntchito ndi netiweki yayikulu. Zambiri pa izi pambuyo pake, koma pakadali pano - zoyambitsa:
Kuti muwone mosavuta zoyambitsa, ma macros a system {HOST.CONN} akuphatikizidwa m'maina awo kuti osati mayina a zida zokha, komanso ma adilesi a IP akuwonetsedwa pa dashboard mu gawo lochenjeza, ngakhale izi ndizosavuta kuposa zofunikira. . Kuti ndidziwe ngati chipangizo sichikupezeka, kuwonjezera pa pempho lachizolowezi la echo, ndimagwiritsa ntchito cheke kuti ndisapezeke pogwiritsa ntchito protocol ya SNMP, pamene chinthucho chikupezeka kudzera pa ICMP koma sichiyankha zopempha za SNMP - izi ndizotheka, mwachitsanzo. , ma adilesi a IP akapangidwanso pazida zosiyanasiyana, chifukwa cha ma firewall okonzedwa molakwika, kapena zoikamo zolakwika za SNMP pazowunikira zinthu. Ngati mumagwiritsa ntchito kupezeka kwa khamu poyang'ana kudzera pa ICMP, panthawi yofufuza zochitika pa intaneti, deta yowunikira sizingakhalepo, kotero kuti chiphaso chawo chiyenera kuyang'aniridwa.
Tiyeni tipitirire kuzindikira zolumikizira netiweki - pazida zamtaneti iyi ndiye ntchito yofunika kwambiri yowunikira. Popeza pakhoza kukhala mazana olumikizirana pa chipangizo cha intaneti, ndikofunikira kusefa zosafunikira kuti musasokoneze zowonera kapena kusokoneza nkhokwe.
Ndikugwiritsa ntchito njira yodziwikiratu ya SNMP, yokhala ndi magawo odziwika bwino, pakusefa kosavuta:
discovery[{#IFDESCR},1.3.6.1.2.1.2.2.1.2,{#IFALIAS},1.3.6.1.2.1.31.1.1.1.18,{#IFADMINSTATUS},1.3.6.1.2.1.2.2.1.7]
Ndi zomwe mwapezazi, mutha kusefa zolumikizira netiweki ndi mitundu yawo, mafotokozedwe ake, ndi madoko owongolera. Zosefera ndi mawu okhazikika pakusefa kwanga zikuwoneka motere:
Ngati zizindikirika, zolumikizira zotsatirazi sizidzaphatikizidwa:
- olemala pamanja (adminstatus<>1), chifukwa cha IFADMINSTATUS;
- popanda kufotokoza malemba, zikomo kwa IFALIAS;
- kukhala ndi chizindikiro * m'mawu ofotokozera, chifukwa cha IFALIAS;
- zomwe ndi ntchito kapena luso, chifukwa cha IFDESCR (kwa ine, m'mawu okhazikika IFALIAS ndi IFDESCR amawunikidwa ndi mawu amodzi okhazikika).
Template yosonkhanitsira deta pogwiritsa ntchito protocol ya SNMPv3 yatsala pang'ono kukonzeka. Sitikhala mwatsatanetsatane pazambiri zama data pama network; tiyeni tipitirire pazotsatira.
Zotsatira za kuwunika
Choyamba, yang'anani pa netiweki yaying'ono:
Ngati mukonzekera ma templates pamndandanda uliwonse wa zida zapaintaneti, mutha kukwaniritsa kusanthula kosavuta kwachidule cha data yachidule pamapulogalamu apano, manambala a seri, ndi chidziwitso cha choyeretsa chomwe chikubwera ku seva (chifukwa cha kutsika kwa Uptime). Chigawo cha mndandanda wanga wama template chili pansipa:
Ndipo tsopano - gulu lalikulu loyang'anira, lokhala ndi zoyambitsa zomwe zimagawidwa ndi mulingo wovuta:
Chifukwa cha njira yophatikizira ya ma templates pamtundu uliwonse wa chipangizo pa intaneti, ndizotheka kuonetsetsa kuti, mkati mwa dongosolo limodzi lowunikira, chida cholosera zolakwika ndi ngozi chidzakonzedwa (ngati masensa oyenera ndi ma metrics alipo). Zabbix ndiyoyenera kuyang'anira maukonde, ma seva, ndi magwiridwe antchito, ndipo ntchito yosamalira zida zama netiweki ikuwonetsa kuthekera kwake.
Mndandanda wazomwe zagwiritsidwa ntchito:1. Hucaby D. CCNP Njira ndi Kusintha SWITCH 300-115 Official Cert Guide. Cisco Press, 2014. pp. 325-329.
2. RFC 3410.
3. RFC 3415.
4. SNMP Configuration Guide, Cisco IOS XE Kutulutsa 3SE. Mutu: SNMP Version 3.
Source: www.habr.com