ProHoster > Blog > Utongi > Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Ichi chinyorwa chakazvipira kune maficha ekutarisa network michina uchishandisa iyo SNMPv3 protocol. Tichazotaura nezveSNMPv3, ini ndichagovera ruzivo rwangu mukugadzira yakazara-yakazara matemplate muZabbix, uye ini ndicharatidza izvo zvinogona kuwanikwa pakuronga yakagoverwa yambiro mune yakakura network. Iyo SNMP protocol ndiyo huru kana ichitarisisa network network, uye Zabbix yakanaka yekutarisa huwandu hukuru hwezvinhu uye muchidimbu mavhoriyamu makuru emametric anouya.

Mazwi mashoma nezveSNMPv3

Ngatitangei nechinangwa cheSNMPv3 protocol uye maficha ekushandiswa kwayo. Mabasa eSNMP anotarisisa maturusi etiweki uye manejimendi ekutanga nekutumira mirairo iri nyore kwavari (semuenzaniso, kugonesa uye kudzima network network, kana kutangazve mudziyo).

Musiyano mukuru pakati peSNMPv3 protocol uye neshanduro dzayo dzakapfuura ndeye ekare kuchengetedza mabasa [1-3], anoti:

  • Huchokwadi, iyo inosarudza kuti chikumbiro chakagamuchirwa kubva kune yakavimbika sosi;
  • encryption (Encryption), kudzivirira kuburitswa kwe data inofambiswa kana yabvumwa nevechitatu mapato;
  • kuvimbika, ndiko kuti, chivimbiso chekuti pakiti haina kukanganiswa panguva yekufambisa.

SNMPv3 inoreva kushandiswa kwemuenzaniso wekuchengetedza umo nzira yekusimbisa inogadzirirwa kune akapihwa mushandisi uye neboka raanogara (mushanduro dzakapfuura dzeSNMP, chikumbiro kubva kuseva kuenda kune chekutarisa chinhu chakaenzaniswa chete "nharaunda", chinyorwa. tambo ine "password" inotumirwa mumavara akajeka (plain text)).

SNMPv3 inosuma iyo pfungwa yemazinga ekuchengetedza - anogamuchirwa mazinga ekuchengetedza ayo anotaridza kumisikidzwa kwemidziyo uye maitiro eSNMP mumiriri wechinhu chekutarisa. Iko kusanganiswa kwemuenzaniso wekuchengetedza uye chiyero chekuchengetedza chinotarisa kuti ndeipi nzira yekuchengetedza inoshandiswa paunenge uchigadzira pakiti yeSNMP [4].

Tafura inotsanangura musanganiswa wemamodheru uye SNMPv3 mazinga ekuchengetedza (ndakafunga kusiya makoramu matatu ekutanga sepakutanga):

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Saizvozvo, isu tichashandisa SNMPv3 mune yekusimbisa modhi tichishandisa encryption.

Kugadzirisa SNMPv3

Kuongorora network michina inoda kurongeka kwakafanana kweSNMPv3 protocol pane ese ari maviri sevha yekutarisisa uye chinhu chakatariswa.

Ngatitangei nekumisikidza Cisco network mudziyo, kushomeka kwayo kushoma kunoda kunotevera (pakugadzirisa isu tinoshandisa CLI, ini ndakarerutsa mazita nemapassword kuti tisavhiringike):

snmp-server group snmpv3group v3 priv read snmpv3name 
snmp-server user snmpv3user snmpv3group v3 auth md5 md5v3v3v3 priv des des56v3v3v3
snmp-server view snmpv3name iso included

Mutsetse wekutanga snmp-server boka - inotsanangura boka revashandisi veSNMPv3 (snmpv3group), iyo yekuverenga modhi (verenga), uye kodzero yekuwana yeboka snmpv3group kuona mamwe matavi eMIB muti wechinhu chekutarisa (snmpv3name ipapo mune configuration inotsanangura kuti ndeapi mapazi eMIB muti boka rinogona kuwana snmpv3group richakwanisa kuwana).

Mutsara wechipiri snmp-server user - inotsanangura mushandisi snmpv3user, nhengo yake muboka re snmpv3group, pamwe nekushandiswa kwemd5 authentication (password ye md5 is md5v3v3v3) uye des encryption (password ye des is des56v3v3v3). Ehe, zviri nani kushandisa aes pachinzvimbo che des; ndiri kupa apa semuenzaniso. Zvakare, kana uchitsanangura mushandisi, unogona kuwedzera rondedzero yekuwana (ACL) inodzora IP kero dzekutarisa maseva ane kodzero yekutarisa mudziyo uyu - iyi zvakare yakanakisa maitiro, asi ini handizoomese muenzaniso wedu.

Mutsara wechitatu snmp-server maonero anotsanangura zita rekodhi rinotsanangura mapazi e snmpv3name MIB muti kuitira kuti vakwanise kubvunzwa neboka revashandisi re snmpv3group. ISO, panzvimbo yekunyatso tsanangura bazi rimwechete, inobvumira snmpv3group mushandisi boka kuwana zvinhu zvese muMIB muti wechinhu chekutarisa.

Iyo yakafanana setup yeHuawei midziyo (zvakare muCLI) inoita seizvi:

snmp-agent mib-view included snmpv3name iso
snmp-agent group v3 snmpv3group privacy read-view snmpv3name
snmp-agent usm-user v3 snmpv3user group snmpv3group
snmp-agent usm-user v3 snmpv3user authentication-mode md5 
            md5v3v3v3
snmp-agent usm-user v3 snmpv3user privacy-mode des56
            des56v3v3v3

Mushure mekugadzira maturusi etiweki, unofanirwa kutarisa kuwana kubva kune yekutarisa server kuburikidza neSNMPv3 protocol, ini ndichashandisa snmpwalk:

snmpwalk -v 3 -u snmpv3user -l authPriv -A md5v3v3v3 -a md5 -x des -X des56v3v3v3 10.10.10.252

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Chishandiso chinoonekwa chekukumbira chaiwo OID zvinhu uchishandisa MIB mafaera is snmpget:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Zvino ngatifambire mberi kumisikidza yakajairika data chinhu cheSNMPv3, mukati meZabbix template. Kuti zvive nyore uye rusununguko rweMIB, ini ndinoshandisa digital OIDs:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Ini ndinoshandisa macros akajairwa mumakiyi minda nekuti anozove akafanana kune ese data data mutemplate. Iwe unogona kuzvimisa mukati metemplate, kana ese maturusi etiweki munetiweki yako aine akafanana SNMPv3 paramita, kana mukati metiweki node, kana iyo SNMPv3 paramita yezvinhu zvakasiyana zvekutarisa zvakasiyana:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Ndokumbira utarise kuti iyo yekutarisa system ine chete zita rekushandisa uye mapassword ekusimbisa uye encryption. Boka revashandisi uye chiyero cheMIB zvinhu zvinotenderwa kupinda zvinotsanangurwa pane chekutarisa chinhu.
Iye zvino ngatienderere mberi nekuzadza template.

Zabbix poll template

Mutemo wakareruka paunenge uchigadzira chero matemplate ekuongorora ndewekuita iwo akatsanangurwa sezvinobvira:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Ini ndinobhadhara zvakanyanya kune hesiti kuti zvive nyore kushanda netiweki hombe. Zvimwe pane izvi gare gare, asi ikozvino - zvinokonzeresa:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Kuti zvive nyore kuona zvinokonzeresa, system macros {HOST.CONN} inosanganisirwa mumazita avo kuitira kuti kwete chete mazita emidziyo, asiwo IP kero inoratidzwa padhibhodhi muchikamu chekuzivisa, kunyangwe iyi iri nyaya yekureruka pane kudikanwa. . Kuti ndione kana mudziyo usipo, kuwedzera kune yakajairwa echo chikumbiro, ini ndinoshandisa cheki yekusavapo kwemugamuchiri uchishandisa SNMP protocol, kana chinhu chacho chinowanikwa kuburikidza neICMP asi chisingapindure zvikumbiro zveSNMP - mamiriro ezvinhu aya anogoneka, semuenzaniso. , kana IP kero ichidzokororwa pamidziyo yakasiyana, nekuda kwezvisizvo zvakagadziridzwa firewall, kana zvisizvo SNMP marongero pakutarisa zvinhu. Kana iwe ukashandisa kuwanikwa kwevaenzi kutarisa chete kuburikidza neICMP, panguva yekuferefeta zviitiko panetiweki, data rekutarisa rinogona kunge risipo, saka risiti yavo inofanirwa kutariswa.

Ngatienderere mberi nekuona network network - yetiweki michina iyi ndiyo inonyanya kukosha yekutarisa basa. Sezvo panogona kunge paine mazana ezviratidziro pane network network, zvinodikanwa kusefa kunze izvo zvisina kufanira kuitira kuti usakanganise kuona kana kusanganisa dhatabhesi.

Ndiri kushandisa yakajairwa SNMP yekuwana basa, ine mamwe maparamita anowanikwa, kune mamwe anochinjika kusefa:

discovery[{#IFDESCR},1.3.6.1.2.1.2.2.1.2,{#IFALIAS},1.3.6.1.2.1.31.1.1.1.18,{#IFADMINSTATUS},1.3.6.1.2.1.2.2.1.7]

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Nekuwanikwa uku, unogona kusefa network inosanganisirwa nemhando dzadzo, tsananguro yetsika, uye manejimendi echiteshi. Mafirita uye anogara achitaurwa ekusefa mune yangu anotaridzika seizvi:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Kana ikaonekwa, iyo inotevera interfaces ichabviswa:

  • manually disabled (adminstatus<>1), thanks to IFADMINSTATUS;
  • pasina tsananguro yemavara, nekuda kweIFALIAS;
  • kuva nechiratidzo * mune tsananguro yezvinyorwa, nekuda kweIFALIAS;
  • izvo zviri sevhisi kana tekinoroji, nekuda kweIFDESCR (munyaya yangu, mumatauriro enguva dzose IFALIAS uye IFDESCR anotariswa neimwe yenguva dzose kutaura alias).

Iyo template yekuunganidza data uchishandisa iyo SNMPv3 protocol yave kuda kugadzirira. Hatisi kuzogara mune zvakadzama pane prototypes ye data zvinhu zvetiweki interfaces; ngatienderere mberi kune mhedzisiro.

Mibairo yekutarisisa

Kutanga, tora zvinyorwa zvediki network:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Kana iwe ukagadzirira matemplate ega ega akatevedzana etiweki zvishandiso, unogona kuwana iri nyore-ku-kuongorora marongero epfupiso data pane yazvino software, nhamba dze serial, uye chiziviso cheanochenesa anouya kune server (nekuda kwekuderera Uptime). Chidimbu che template yangu chinyorwa chiri pazasi:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Uye zvino - iyo huru yekutarisisa pani, ine zvinokonzeresa zvakagoverwa nekuomarara nhanho:

Kutarisisa network zvishandiso kuburikidza neSNMPv3 muZabbix

Nekuda kweiyo yakabatanidzwa nzira yematemplate kune yega yega mudziyo modhi munetiweki, zvinokwanisika kuve nechokwadi chekuti, mukati megadziriro yeimwe yekutarisa sisitimu, chishandiso chekufungidzira kukanganisa uye tsaona ichave yakarongeka (kana ma sensors akakodzera uye metrics aripo). Zabbix yakanyatso kuenderana nekutarisa network, server, uye masevhisi zvivakwa, uye basa rekuchengetedza network michina rinoratidza zvakajeka kugona kwayo.

Rondedzero yezvinyorwa zvakashandiswa:1. Hucaby D. CCNP Routing uye Kushandura SWITCH 300-115 Official Cert Guide. Cisco Press, 2014. pp. 325-329.
2. RFC 3410. tools.ietf.org/html/rfc3410
3. RFC 3415. tools.ietf.org/html/rfc3415
4. SNMP Configuration Guide, Cisco IOS XE Release 3SE. Chitsauko: SNMP Shanduro 3. www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html

Source: www.habr.com

Voeg