Upload
hai-duong
View
217
Download
0
Embed Size (px)
Citation preview
7/31/2019 Tm hiu trin khai gii php gim st mng
1/139
NHN XT CA GIO VIN HNG DN
Lt, ngy .. thng nm
Gio vin hng dn
[K tn v ghi r h tn]
7/31/2019 Tm hiu trin khai gii php gim st mng
2/139
NHN XT CA GIO VIN PHN BIN 1
Kha lun p ng yu cu ca Kha lun k s Cng ngh thng tin.
Lt, ngy .. thng nm
Gio vin phn bin
[K tn v ghi r h tn]
7/31/2019 Tm hiu trin khai gii php gim st mng
3/139
NHN XT CA GIO VIN PHN BIN 2
Kha lun p ng yu cu ca Kha lun k s Cng ngh thng tin.
Lt, ngy .. thng nm
Gio vin phn bin
[K tn v ghi r h tn]
7/31/2019 Tm hiu trin khai gii php gim st mng
4/139
LI CAM OAN
Ti xin cam oan nhng kt qu nghin cu trong ti ny cha c btk ai cng b trc y. Nu xy ra bt k trng hp no lin quan n bn
quyn, ti xin chu hon ton trch nhim.
Lt ngy 24/11/2010
Lng V Cng Khoa
7/31/2019 Tm hiu trin khai gii php gim st mng
5/139
LI CM N
u tin cho em xin gi li cm n n tt c cc thy c trong khoa CngNgh Thng Tin trng i hc Lt h tr, to iu kin v c s vt cht
cho em trong qu trnh thc hin kha lun.
c bit em xin gi li cm n n thy Trn Thng ngi trc tip
hng dnemhon thnh kha lun ny. Bn cnh l nhng kin ng gp
ca bn b, cho em ngun ng vin ln hon thnh nhim v ca kha lun.
Qua , em t c nhiu tin b v kin thc cng nh nhng k nng lm
vic b ch.
Em chn thnh gi li cm n su sc n ton th thy c v cc bn!
Lt ngy 24/11/2010
Lng V Cng Khoa
7/31/2019 Tm hiu trin khai gii php gim st mng
6/139
Trng i Hc Lt
Khoa Cng Ngh Thng Tin
CNG NGHIN CU KHA LUN TT NGHIP
Tn Ti: Tm hiu trin khai gii php gim st mng
Chuyn ngnh: Mng v Truyn thng
Sinh vin thc hin: Lng V Cng Khoa - 0612237
Kha: CTK30
Gio vin hng dn: ThS. Trn Thng
1. Mc tiu ti:
Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch
v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht
hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng
n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h
thng mng.
2. Ni Dung Ti:
Tm hiu giao thc qun l mng.
Nghin cu cc chng trnh gim st h thng, dch v, hiu sut
mng da trn m ngun m.
Tm kim gii php gim st mng ti u.
Trin khai m hnh gim st h thng mng.3. Phn mm v cng c s dng:
Nagios
CentOS
CS-MARS
4. D kin kt qu: da trn kt qu nghin cu a ra thit k v trin khai
mt m hnh gim st h thng mng ti u.
7/31/2019 Tm hiu trin khai gii php gim st mng
7/139
5. Ti liu tham kho chnh:
[1] Douglas Mauro & Kevin Schmidt, Essential SNMP, OReilly,
Sebastopol, CA 95472, 2001.
[2] Max Schubert & Derrick Bennett & Jonathan Gines & Andrew Hay &
John Strand, Nagios 3 Enterprise Network Monitoring Including Plug-Ins
and Hardware Devices, Syngress Publishing, Burlington, MA 01803, 2008.
[3] Woflgang Barth, Nagios System and Network Monitoring,
William Pollock, CA, 2006.
[4] Americans Headquarters, Cisco Security MARS Initial Configurationand Upgrade Guide, Release 6.x, Cisco System, Inc, San Jose, 2009.
[5] Gary Halleen & Greg Kellogg, Security Monitoring with Cisco
Security MARS, Cisco Press, Indianapolis, 2007.
[6] Augusto Ciuffoletti & Michalis Polychronakis, Architecture of a
Network Monitoring Element, 15th IEEE, 2006
Lt, ngy 11 thng 10 nm 2010
Gio vin hng dn SV Thc hin
(K tn) (K tn)
Trng khoa T trng B mn(K tn) (K tn)
MC LC
NHN XT CA GIO VIN HNG DN......................................................................1
NHN XT CA GIO VIN PHN BIN 1.......................................................................2
NHN XT CA GIO VIN PHN BIN 2.......................................................................3
7/31/2019 Tm hiu trin khai gii php gim st mng
8/139
LI CAM OAN.................................................................................................................4
LI CM N......................................................................................................................5
CNG NGHIN CU KHA LUN TT NGHIP...................................................6
TM TT KHA LUN....................................................................................................14
LI M U....................................................................................................................16
CHNG 1. TNG QUAN V TM QUAN TRNG CA VIC GIM ST H THNG18
1.1. Gii thiu ...................................................................................................18
1.2. Hiu bit v h thng .................................................................................19
1.3. Cn phi gim st nhng g v ti sao ......................................................20
1.4. Nhng yu t cn thit cho mt h thng gim st...................................23
1.5. Tng kt....................................................................................................23
CHNG 2. GIAO THC QUN L MNG N GIN.................................................24
1.6. SNMP l g? ..............................................................................................24
1.6.1. Qun l v gim st mng ..................................................................24
1.6.2. RFCs v cc phin bn SNMP ............................................................25
1.6.3. Managers v Agents ...........................................................................26
1.6.4. Structure of Management Information v MIBS ...................................27
1.6.5. Qun l my trm ................................................................................28
1.7. Chi tit v SNMP .......................................................................................281.7.1. SNMP v UDP ....................................................................................28
1.7.2. SNMP Communities ............................................................................31
1.7.3. Structure of Management Information (SMI) .......................................32
1.7.4. SMI version 2 ......................................................................................36
1.7.5. Chi tit v MIB-II.................................................................................39
1.7.6. Hot ng ca SNMP .........................................................................41
1.8. Tng kt....................................................................................................53CHNG 3. PHN MM GIM ST NAGIOS CORE.....................................................54
1.9. Gii thiu ...................................................................................................54
1.9.1. Li ch ca vic gim st ti nguyn ...................................................55
1.9.2. Cc chc nng chnh ..........................................................................57
1.9.3. Trng thi tm thi v c nh .............................................................59
1.10. Tng kt..................................................................................................60
CHNG 4 . CISCO SECURITY MONITORING, ANALYSIS, AND RESPONSE SYSTEM
.........................................................................................................................................60
7/31/2019 Tm hiu trin khai gii php gim st mng
9/139
1.11. H thng gim thiu mi e da an ninh .................................................61
1.12. M hnh ha v tnh trc quan .................................................................61
1.13. H thng bo co quy tc mnh ...........................................................62
1.14. Cnh bo v gim thiu nguy c .............................................................62
1.15. M t cc thut ng trong CS-MARS ......................................................62
1.15.1. S kin (Event) .................................................................................62
1.15.2. Phin (Session) .................................................................................63
1.15.3. Quy tc (Rules) .................................................................................63
1.15.4. S c (Incident) ................................................................................64
1.15.5. False Positive ....................................................................................64
1.16. S gim nh ri ro ...................................................................................65
1.17. Giao din ngi dng ca CS-MARS ......................................................65
1.18. Tng kt..................................................................................................65
CHNG 5. TRIN KHAI V NH GI H THNG GIM ST.................................66
1.19. M hnh trin khai....................................................................................66
1.20. Gii thiu m hnh ...................................................................................66
1.21. Nagios .....................................................................................................67
1.21.1. Ci t..............................................................................................67
1.21.2. Cu hnh Nagios ...............................................................................811.21.3. Kt qu gim st h thng ca Nagios ............................................106
1.22. Cu hnh CS-MARS v cc thit b gim st.........................................112
1.22.1. Cu hnh CS-MARS ........................................................................113
1.22.2. Cu hnh cc thit b giao tip vi CS-MARS .............................116
1.22.3. Kt qu gim st ca h thng CS-MARS ......................................129
1.23. So snh hai h thng Nagios v CS-MARS ...........................................132
1.24. nh gi h thng gim st trin khai da trn Nagios .........................1351.25. nh gi h thng gim st trin khai da trn CS-MARS ....................136
1.26. Tng kt................................................................................................136
THUT NG VIT TT & K HIU...............................................................................138
TI LIU THAM KHO...................................................................................................139
7/31/2019 Tm hiu trin khai gii php gim st mng
10/139
7/31/2019 Tm hiu trin khai gii php gim st mng
11/139
DANH MC CC HNH V
Hnh 2-1: M hnh hot ng gia NMS v Agent............................................................27
Hnh 2-2: M hnh trao i d liu gia NMS v Agent....................................................29
Hnh 2-3: S cy cc OID............................................................................................34
Hnh 2-4: S cc OID ca SMIv2.................................................................................37
Hnh 2-5: S chi tit OID..............................................................................................40
Hnh 2-6: M hnh hot ng ca SNMP..........................................................................42
Hnh 2-7: M hnh hot ng ca lnh get........................................................................42
Hnh 2-8: S ng i OID..........................................................................................45
Hnh 2-9: M hnh ly thng tin get-bulk...........................................................................46
Hnh 2-10: M hnh lnh set..............................................................................................47Hnh 2-11: M hnh gi Trap t Agent..............................................................................50
Hnh 3-12: Cc i tng cn gim st trn Nagios.........................................................54
Hnh 3-13: V d m t s c............................................................................................58
Hnh 3-14: Kim tra trng thi...........................................................................................60
Hnh 5-15: M hnh trin khai............................................................................................66
Hnh 5-16 Giao tip gia Nagios v Windows..................................................................81
Hnh 5-17: Phn mm NSClient++....................................................................................83
Hnh 5-18: Thng tin cc dch v trn Sample Client........................................................88
Hnh 5-19: Thng tin v Sample Client.............................................................................88
Hnh 5-20: Bng Interface ca plugin check_interface......................................................93
Hnh 5-21: Thng tin trng thi Dalat-CoreSW-1..............................................................96
Hnh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1....................................................97
Hnh 5-23: Thng tin cc dch v trn DNS Server.........................................................104
Hnh 5-24: Thng tin trng thi DNS Server...................................................................105
Hnh 5-25: Thng tin cc dch v trn Web Server..........................................................105
Hnh 5-26: Thng tin trng thi Web Server....................................................................106
Hnh 5-27: Tnh trng h thng.......................................................................................107
Hnh 5-28: Danh sch cc thit b gim st.....................................................................107
Hnh 5-29: Danh sch cc dch v gim st....................................................................108
Hnh 5-30: Bo co v thit b Dalat-CoreSW-1..............................................................108
Hnh 5-31: Phn loi thit b theo nhm..........................................................................109
Hnh 5-32: Cc vn ca thit b gim st...................................................................109
7/31/2019 Tm hiu trin khai gii php gim st mng
12/139
Hnh 5-33: Cc cnh bo ca thit b..............................................................................110
Hnh 5-34: Tnh trng ca Nagios Server........................................................................111
Hnh 5-35: Cc cnh bo c sinh ra...........................................................................112
Hnh 5-36: Giao din ng nhp CS-MARS....................................................................113
Hnh 5-37: Cu hnh tn v IP cho CS-MARS................................................................113
Hnh 5-38: Cu hnh DNS...............................................................................................114
Hnh 5-39: Cc mc hot ng ca CS-MARS...............................................................114
Hnh 5-40: Danh sch cc thit b h tr bi CS-MARS.................................................115
Hnh 5-41: Phn in thng tin cho thit b.....................................................................115
Hnh 5-42: Thng tin cu cu hnh cho Cisco IOS 12.2..................................................116
Hnh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2.......................................118
Hnh 5-44: Cu hnh cho IPS bt TLS v HTTP..............................................................118
Hnh 5-45: Cu hnh cho IPS cho php CS-MARS.........................................................119
Hnh 5-46: Cu hnh cho IPS..........................................................................................120
Hnh 5-47: Cu hnh cho ASA 7.0...................................................................................121
Hnh 5-48: Cu hnh Snare.............................................................................................122
Hnh 5-49: Cu hnh SNARE 2.......................................................................................122
Hnh 5-50: Cu hnh Local Security Settings..................................................................124
Hnh 5-51: Cu hnh cho my Windows..........................................................................125Hnh 5-52: Cu hnh thng tin ng nhp cho my Windows.........................................126
Hnh 5-53: Cu hnh SnareIIS.........................................................................................127
Hnh 5-54: Cu hnh cho WebServer..............................................................................127
Hnh 5-55: Cu hnh thng tin cho log.............................................................................128
Hnh 5-56: Cu hnh cho log trn CS-MARS...................................................................128
Hnh 5-57: Danh sch cc thit b...................................................................................129
Hnh 5-58: Min a ch gim st.....................................................................................129Hnh 5-59: Danh sch a ch t d tm...........................................................................130
Hnh 5-60: Cc quy tc trn CS-MARS...........................................................................130
Hnh 5-61: Cc bo co cn to trn CS-MARS.............................................................131
Hnh 5-62: S mng gim st....................................................................................131
Hnh 5-63: Bo co di dng th..............................................................................132
7/31/2019 Tm hiu trin khai gii php gim st mng
13/139
DANH SCH CC BNG BIU
Bng 1-1: Cc thit b v l do cn gim st.....................................................................21
Bng 2-2: Loi d liu ca trng SYNTAX.....................................................................36
Bng 2-3: Loi d liu trong SMIv2..................................................................................38
Bng 2-4: Cc trng d liu trong SMIv2.......................................................................38
Bng 2-5: Cc thng bo li trong SNMPv1.....................................................................48
Bng 2-6: Cc li trong SNMPv2......................................................................................50
Bng 2-7: Cc kiu Trap...................................................................................................52
Bng 5-8: So snh Nagios v CS-MARS........................................................................135
7/31/2019 Tm hiu trin khai gii php gim st mng
14/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
TM TT KHA LUN
VN NGHIN CUTm hiu giao thc qun l mng
Nghin cu cc chng trnh gim st h thng, dch v, hiu sut
mng da trn m ngun m.
Tm kim gii php gim st mng ti u.
Trin khai m hnh gim st h thng mng.
HNG TIP CN
Nghin cu l thuyt cc giao thc qun l h thng mng nh Simple
Network Management Protocol (SNMP). Trn c s l thuyt c c tin hnh
nghin cu cc gii php gim st h thng khc nhau.
ti c thc hin theo hng nghin cu h thng gim st bng m
ngun m v tin hnh trin khai th nghim h thng gim st bng cc phn mm
m ngun m trn h thng mng trng i hc Lt.
Bn cnh tin hnh nghin cu h thng gim st bng cc thit b phn
cng chuyn dng. ng thi trin khai th nghim h thng gim st bng cc
thit b chuyn dng trn h thng mng trng i hc Lt.
T vic trin khai hai h thng trn, rt ra kt lun v mi h thng v a ra
nh gi v tng h thng da trn cc tiu ch khc nhau.
B CC KHA LUN
Chng 1: Tng quan v tm quan trng ca vic gim st h thng
Chng ny trnh by v mc quan trng ca vic gim st h thng trong
th gii hin ti. Nu ln nhng hiu bit v h thng mng. a ra cc mc tiu
cn gim st v l do ti sao. ng thi cung cp thng tin v cc l do hng u
cho vic ti sao cn thit phi trin khai mt h thng gim st. Chng ny cng
a ra c nhng yu t cn thit cho mt h thng gim st ti u.
Trang 14
7/31/2019 Tm hiu trin khai gii php gim st mng
15/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Chng 2: L thuyt SNMP
Gii thiu cho ngi c giao thc SNMP l g, cc phin bn ca SNMP,
cc yu t cn phi c trong giao thc SNMP. Bn cnh cng i su vo l
thuyt SNMP, cung cp thng tin v nhng ni dung ca SNMP cng nh cch
thc hot ng ca giao thc ny.
Chng 3: Nagios Core
Trnh by v phn mm m ngun m Nagios Core, li ch ca vic s dng
Nagios Core, cc chc nng chnh ca phn mm, cch hot ng ca phn mm
i vi h thng.
Chng 4: CS-MARS
Gii thiu v thit b CS-MARS. Trnh by cc chc nng chnh ca thit b,
cc thut ng c s dng v cch hot ng ca thit b, cch lm vic ca thit
b vi cc thit b khc trong h thng. ng thi nu cch gim st cc thit b,
dch v trong h thng.
Chng 5: Trin khai v nh gi
a ra m hnh trin khai. T tin hnh ci t v cu hnh Nagios Core
v CS-MARS tin hnh gim st trn m hnh ra. Sau khi trin khai v
chy th nghim t rt ra c nh gi v u nhc im ca tng h thng.
KT QU T C
Trin khai thnh cng h thng gim st bng phn mm m ngun
m Nagios Core.
Trin khai thnh cng h thng gim st bng thit b phn cng
chuyn dng ca Cisco CS-MARS.
C cc kin thc v gim st h thng, cc giao thc qun l mng.
Cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS, Windows,
Linux phc v cho qu trnh gim st.
Trang 15
7/31/2019 Tm hiu trin khai gii php gim st mng
16/139
7/31/2019 Tm hiu trin khai gii php gim st mng
17/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
L ngi qun tr th cn phi bit nhng g ang xy ra trn h thng ca
mnh vo mi lc, bao gm thi gian thc. Nm bt mi thng tin lch s v s
dng, hiu sut, v tnh trng ca tt c cc ng dng, thit b, v tt c d liu trn
mng. Chnh v vy vic gim st h thng l mt cng vic v cng quan trng vcp thit i vi mi t chc, doanh nghip, c quan.
NGHA KHOA HC V THC TIN
ngha khoa hc
o Cung cp l thuyt v gim st h thng.
o Ch ra tm quan trng ca vic gim st h thng.
o Cung cp ly thuyt v cc giao thc gim st.
ngha thc tin
o Ch ra cc u nhc im ca cc h thng gim st khc nhau.
o a ra gii php gim st ti u cho mt h thng thch hp.
MC CH NGHIN CU
Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch
v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht
hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng
n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h
thng mng.
I TNG HNG N
Tt c cc t chc, cc c quan, cc doanh nghip , ang v s p dng cng ngh
thng tin cho cc hot ng ca mnh.
PHM VI NGHIN CU
Trong kha lun ny ch yu tp trung nghin cu cc vn sau:
Tm hiu v gim st h thng.
Trin khai cc h thng gim st khc nhau trn cng mt c s htng ch ra u nhc im ca cc h thng gim st.
Trang 17
7/31/2019 Tm hiu trin khai gii php gim st mng
18/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
CHNG 1. TNG QUAN V TM QUAN TRNG
CA VIC GIM ST H THNG
1.1. Gii thiu
Tt c cc t chc, cc doanh nghip u khc nhau, nhng s nh hng
ca h thng mng i vi hot ng ca doanh nghip hu nh khng thay i.
Thc t, khi doanh nghip pht trin, mng li pht trin khng ch v quy m v
tnh phc tp, m cn trong ngha v gi tr. Rt nhanh chng, mng khng ch h
tr cc cng ty, m n chnh l i din cho cng ty. iu ny l hin nhin i vi
cc t chc m hot ng ca h ph thuc vo mng. Tuy nhin, cp c bnnht, mng c th xem nh l s hp tc, giao tip, v thng mi - tt c mi th
m gi cho mt doanh nghip hot ng v pht trin. l ni cc ng dng kinh
doanh c t chc, v l ni m cc thng tin quan trng ca khch hng, sn
phm, v thng tin kinh doanh c lu tr.
Vi mt ngun ti nguyn quan trng nh vy th vic m bo cho ngun
ti nguyn ny c th hot ng lin tc l mt vn thit yu. V y cng l mt
thch thc bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi
dch v, virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip
dn ti vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh
li ch thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin
mnh, vi cng ngh mi, thit b mi, v cc cu trc mi, chng hn nh o ha
hay kin trc hng dch v.
Qun l mng l mt lnh vc rng tch hp cc chc nng gim st thit b,qun l ng dng, an ninh, bo tr, dch v, x l s c, v cc nhim v khc s
l l tng nu tt c cc cng vic c iu phi v gim st bi mt qun tr
vin mng ng tin cy v c kinh nghim. Tuy nhin, ngay c nhng qun tr mng
c kh nng hiu bit nht ch c c cc thng tin v h thng m c th nhn
thy. Qun tr vin cn phi bit nhng g ang xy ra trn mng ca h vo mi
lc, bao gm thi gian thc v thng tin lch s v s dng, hiu sut, v tnh trng
ca tt c cc ng dng, thit b, v tt c d liu trn mng.
Trang 18
7/31/2019 Tm hiu trin khai gii php gim st mng
19/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
y l lnh vc gim st mng, l chc nng quan trng nht trong qun l
mng. Cch duy nht bit c tt c mi th trn mng ang hot ng nh th
no l phi gim st n lin tc.
1.2. Hiu bit v h thng
Trong th gii hin ti chng ta c th khng khi b ng trc phc tp
ca h thng mng. Cc thit b nh router, switch, hub kt ni v s cc my
con n cc dch v trn my ch cng nh ra ngoi Internet. Thm vo l rt
nhiu cc tin ch bo mt v truyn thng c ci t bao gm c tng la,
mng ring o, cc dch v chng spam th v virus. S hiu bit v cu trc ca h
thng cng nh c c kh nng cnh bo v h thng l mt yu t quan trngtrong vic duy tr hiu sut cng nh tnh ton vn ca h thng. C hng ngn kh
nng c th xy ra i vi mt h thng v qun tr vin phi m bo c rng
cc nguy c xy ra c thng bo mt cch kp thi v chnh st.
H thng mng khng cn l mt cu trc cc b ring r. N bao gm
Internet, mng cc b (LAN), mng din rng (WAN), v tt c cc thit b, my
ch, ng dng chy trn h thng . D cho php ngi dng truy cp v chia s
thng tin, s dng cc ng dng, v giao tip vi nhau v vi th gii bn ngoi
bao gm c ging ni, d liu, hoc hnh nh th v bn cht vn l mng li h
thng.
Mt h thng mng thng c ngi dng bn trong v bn ngoi, bao gm
nhn vin, khch hng, i tc v cc bn lin quan. Ti u hiu sut mng nh
hng n t chc theo cc cch khc nhau. V d, nu nhn vin khng th truy
cp cc ng dng v thng tin m h cn dng lm vic th s nh hng n
nng xut cng vic. Hoc khi khch hng khng th hon thnh giao dch trc
tuyn, iu ny c ngha l mt doanh thu v nh hng ti uy tn ca t chc.
Ngay c khi cc bn lin quan nh cc nh u t khng th tm kim, xem xt cc
thng tin ca t chc cng gy nh hng ti t chc.
Thc t l mng rt phc tp v d sai v mi thnh phn trong mng i
din cho mt nguy c nh hng n h thng. cng l l do ti sao n cn thitphi c gim st gim thiu ti a cc nguy c tim tng. Tuy nhin khng
Trang 19
7/31/2019 Tm hiu trin khai gii php gim st mng
20/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
phi mi vn u c th c gii quyt mt cch ch ng trc bt k du
hiu cnh bo no. Nhng nu ta c th gim st h thng trong thi gian thc th
c th xc nh cc vn trc khi chng tr nn nguy him hn. V d, mt my
ch b qu ti c th c thay th trc khi n b treo. iu ny s lm gim thiucc nguy c i vi h thng v tng hiu sut lm vic ca h thng. Vi mt h
thng gim st, ta s bit c tnh trng ca tt c cc thit b trn mng m khng
cn phi kim tra mt cch c th tng thit b v cng nhanh chng xc nh chnh
xc vn khi cn thit.
1.3. Cn phi gim st nhng g v ti sao
i vi mt h thng mng, iu quan trng l c c thng tin chnh xcvo ng thi im. Tm quan trng chnh l nm bt thng tin trng thi ca thit
b vo thi im hin ti, cng nh bit c thng tin v cc dch v, ng dng ca
h thng.
Bng sau y cha cc i din ca mt vi thng tin trng thi h thng m
ta phi bit v l do ti sao.
Cn gim st g Ti sao
Tnh sn sng ca cc thit b (router,
switch, server,).
y l nhng thnh phn ch cht gi
cho mng hot ng.
Tnh sn sng ca cc dch v quan
trng trn h thng.
Ton b h thng khng c php
ngng hot ng dn ti vic mt mt
d liu hay email, hay cc dch v nh
HTTP, FTP d ch l 1 gi cng c thnh hng nghim trng ti t chc.
Dung lng a cn trng trn my ch. Cc ng dng i hi dung lng a.
Chnh v vy cn gim st thng tin ny
c th x l kp thi khng nh
hng ti cc ng dng quan trng.
Trang 20
7/31/2019 Tm hiu trin khai gii php gim st mng
21/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Phn trm trung bnh mc ti ca cc
router.
Cn nng cp h thng trc khi xy ra
qu ti dn ti nh hng h thng.
Mc trung bnh ti ca b nh v b x
l trn cc my ch quan trng.
Nu b nh hay b x l b s dng ht
s lm ngng tr h thng.
Chc nng ca firewall, chng virus,
cp nht server, chng spyware,
malware.
Cn phi m bo an ninh cho h
thng.
Lng d liu vo v ra ca router. Cn xc nh chnh xc thng tin lng
d liu trnh qu ti h thng.
Cc s kin c vit ra log nh
WinEvent or Syslog.
C th thu c thng tin chnh xc cc
hin tng xy ra trong h thng.
SNMP traps nh l nhit trong
phng my ch hay thng tin my in.
Ta c th bit c thng tin v my in
b h hng hay cn thay mc trc khi
c ngi dng bo cng nh m
bo my ch khng b qu nng.
Bng 1-1: Cc thit b v l do cn gim st
Khi c s c xy ra, ta cn phi c cnh bo ngay lp tc, hoc thng qua
cc cnh bo bng m thanh, qua mn hnh hin th, qua email t ng c to ra
bi chng trnh gim st. Ta bit cng sm nhng g ang din ra v c cng nhiu
cc thng tin y trong cc cnh bo th cng sm c th khc phc cc s c .
10 l do hng u cho vic cn thit phi s dng h thng gim st mng:
Bit c nhng g ang xy ra trn h thng: gii php gim st h
thng cho php c thng bo tnh trng hot ng cng nh ti nguyn
ca h thng. Nu khng c nhng chc nng ny ta phi i n khi ngi
dng thng bo.
Ln k hoch cho vic nng cp, sa cha: nu mt thit b ngng
hot ng mt cch thng xuyn hay bng thng mng gn chm ti
ngng th lc ny cn phi c s thay i trong h thng. H thng gim st
Trang 21
7/31/2019 Tm hiu trin khai gii php gim st mng
22/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
mng cho php ta bit c nhng thng tin ny c th c nhng thay i
khi cn thit.
Chn on cc vn mt cch nhanh chng: gi s my ch ca ta
khng th kt ni ti c. Nu khng c h thng gim st ta khng th bit
c nguyn nhn t u, my ch hay router hay cng c th l switch.
Nu bit c chnh xc vn ta c th gii quyt mt cch nhanh chng.
Xem xt nhng g ang hot ng: cc bo co bng ha c th
gii thch tnh trng hot ng ca h thng. l nhng cng c rt tin li
phc v cho qu trnh gim st.
Bit c khi no cn p dng cc gii php sao lu phc hi: vi cc cnh bo cn thit ta nn sao lu d liu ca h thng phng trng hp
h thng c th b h hi bt k lc no. Nu khng c h thng gim st ta
khng th bit c vn xy ra khi qu tr.
m bo h thng bo mt hot ng tt: cc t chc tn rt nhiu
tin cho h thng bo mt. Nu khng c h thng gim st ta khng th bit
h thng bo mt ca ta c hot ng nh mong i hay khng.Theo di hot ng ca cc ti nguyn dch v trn h thng: h
thng gim st c th cung cp thng tin tnh trng cc dch v trn h thng,
m bo ngi dng c th kt ni n ngun d liu.
c thng bo v tnh trng ca h thng khp mi ni: rt nhiu
cc ng dng gim st cung cp kh nng gim st v thng bo t xa ch
cn c kt ni Internet.
m bo h thng hot ng lin tc: nu t chc ca ta ph thuc
nhiu vo h thng mng, th tt nht l ngi qun tr cn phi bit v x l
cc vn trc khi s c nghim trng xy ra.
Tit kim tin: vi tt c cc l do trn, ta c th gim thiu ti a
thi gian h thng ngng hot ng, lm nh hng ti li nhun ca t
chc v tit kim tin cho vic iu tra khi c s c xy ra.
Trang 22
7/31/2019 Tm hiu trin khai gii php gim st mng
23/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.4. Nhng yu t cn thit cho mt h thng gim st
hiu c v h thng, ta cn mt gii php gim st c th cung cp
cc thng tin quan trng trong thi gian thc v bt c u cng nh bt c thi
im no. i vi cc doanh nghip, t chc th cn cc gii php n gin trin
khai, s dng. Cn mt gii php vi kh nng ton din v ng tin cy. Nu mt
doanh nghip yu cu tnh sn sng cao, th ta cn mt gii php tin cy c
trin khai v chng minh l hot ng tt.
Cn nh l chng ta cn gim st rt nhiu thit b trn h thng v phi thu
thp rt nhiu thng tin lin quan. Chnh v vy cn mt gii php hin th thng
nh bn mng, bo co d liu, cnh bo, s c. Bn cnh vic x l s c ddng hn, iu ny s gip ta tn dng mng li d liu hiu c cc xu
hng trong vic s dng thit b, s dng mng, v dung lng mng tng th
thit k hiu qu mng li h thng.
Cnh bo l mt phn rt quan trng nhng cng cn c nhng cnh bo
chnh xc vo nhng thi im thch hp. H thng gim st cn c kh nng truy
cp t xa m bo cho vic gim st c th tin hnh ngay khi cn thit.
Cui cng, chng ta cn mt h thng c th h tr nhiu phng php gim
st trn cc thit b khc nhau. SNMP l mt cng ngh linh hot cho php qun l
v gim st cc thit b khc nhau. Cn m bo rng h thng gim st ca ta c h
tr giao thc ny.
1.5. Tng kt
Trong th gii hin ti, vic thc hin trin khai mt h thng gim st tonb cc thit b mng l vic cp thit cho tt c cc doanh nghip, t chc. Vic
trin khai h thng gim st nhm ti u ha h thng mng, tng cng an ninh
mng, v c th gii quyt cc s c kp thi.
Trang 23
7/31/2019 Tm hiu trin khai gii php gim st mng
24/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
CHNG 2. GIAO THC QUN L MNG N
GIN
1.6. SNMP l g?
Trong th gii hin ti vi mt mng li gm cc b nh tuyn (Router),
b chuyn mch (Switch), my ch (Server) v cc my trm (Workstation),
dng nh l mt vn kh khn cho vic qun l tt c cc thit b mng v m
bo chng lm vic tt cng nh hot ng ti u. h tr cho qu trnh qun l
qun l ngi ta cho pht trin giao thc qun tr mng n gin (Simple Network
Management Protocol) vit tt l SNMP. SNMP c gii thiu vo nm 1988 p ng cho nhu cu ngy cng tng ca vic qun tr cc thit b s dng giao thc
internet (Internet Protocol). SNMP cung cp mt tp cc lnh n gin cho php
vic qun l cc thit b t xa.
1.6.1. Qun l v gim st mng
Ct li ca SNMP l mt tp cc lnh n gin cho php ngi qun tr c
kh nng thay i trng thi ca cc thit b c qun l. V d nh c th s dng
SNMP tt mt cng trn router hay kim tra tc ca cng . SNMP c th
gim st nhit ca cc thit b v cnh bo khi nhit qu cao.
SNMP thng c kt hp vi qun l router nhng giao thc ny cn c
th dng qun l nhiu loi thit b khc. Trong khi ngi tin nhim ca SNMP
l Simple Gateway Management Protocol (SGMP) c pht trin qun l b
nh tuyn th SNMP c th dng qun l cc h thng Linux, Windows, my in,
modem v bt k thit b no c th chy phn mm cho php gi thng tinSNMP th c th c qun l.
Mt kha cnh khc ca qun l l gim st, iu ny c ngha l theo di
ton b mng. Gim st mng t xa (Remote Network Monitoring - RMON) c
pht trin gip chng ta hiu chc nng ca mng cng nh cc thit b khc nh
hng n ton b mng. RMON c th dng gim st lu lng mng LAN v
c cc cng mng WAN.
Trang 24
7/31/2019 Tm hiu trin khai gii php gim st mng
25/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Trc v sau khi c SNMP
Gi s chng ta c mt mng gm 100 my trm s dng cc h iu hnh
khc nhau. Trong c cc my l my ch cha d liu, cc my khc th c kt
ni vi my in, cn li l cc my trm c nhn. Thm vo l cc b nh tuyn
v b chuyn mch. H thng mng c kt ni Internet.
iu g xy ra khi mt trong cc my ch cha d liu ngng hot ng?
Nu n xy ra vo gia tun th mi ngi c th thng bo cho ngi qun tr
mng sa cha. Nhng nu n xy ra vo cui tun khi mi ngi v nh bao
gm c qun tr mng th sao?
l l do ti sao chng ta cn SNMP. Thay v phi c ai thng bo rngh thng c vn th SNMP cho php ta gim st h thng mt cch lin tc k c
khi ta khng c . V d, SNMP s thng bo s gi tin b h ngy cng tng
trn b nh tuyn c th x l trc khi vn nghim trng xy ra. Ta c th
cu hnh c cnh bo t ng cc vn trong h thng mng ca mnh.
1.6.2. RFCs v cc phin bn SNMP
T chc Internet Engineering Task Force (IETF) chu trch nhim cho vicnh ngha cc chun giao thc hot ng trong mi trng mng, bao gm c
SNMP. IETF pht hnh cc ti liu Requests for Comments (RFCs) ch r cc giao
thc tn ti trong mi trng IP. IETF cng b cc phin bn ca SNMP nh
sau:
SNMP Version 1 (SNMPv1) c nh ngha trong RFC 1157. Kh
nng bo mt ca SNMPv1 da trn nguyn tc cng ng, cho php bt c
ng dng no chy SNMP cng c th truy xut thng tin ca cc thit b
chy SNMP khc. C 3 tiu chun l: read-only, read-write, v trap.
SNMP Version 2 (SNMPv2): tnh bo mt ca phin bn ny da trn
chui community. Do phin bn ny cn c gi l SNMPv2c v
c nh ngha trong RFC 1905,1906,1907.
SNMP Version 3 (SNMPv3): c nh ngha trong cc RFC 1905,
1906, 1907, 2571, 2572, 2573, 2574, v 2575. Phin bn ny h tr chc
Trang 25
7/31/2019 Tm hiu trin khai gii php gim st mng
26/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
thc mnh, cho php truyn thng ring t gia v c xc nhn gia cc thc
th.
1.6.3. Managers v Agents
Trong mi trng SNMP c 2 loi thc th l: managers v agents. Manager
l mt my ch chy cc phn mm qun l. Managers thng thng c xem nh
l Network Management Stations (NMSs). Mt NMS chu trch nhim cho vic
Poll v nhn Traps t cc agent trong mng.
Poll l mt hnh ng truy vn agent (router, switch, Unix server,) ly
cc thng tin cn thit.
Trap l cch agent thng bo cho NMS bit chuyn g xy ra. Trapkhng c gi mt cch ng b ngha l n khng chu trch nhim hi bo cc
truy vn ca NMS m ch thng bo khi c vn xy ra. V d, khi mt lin kt T1
ca router b mt kt ni, router c th gi mt Trap n NMS.
Thc th th hai l Agent: l mt phn mm chy trn thit b mng cn
qun l. N c th l mt chng trnh ring bit hoc cng c th c tch hp
vo h iu hnh (v d nh Cisco IOS trn router hay mt h iu hnh cp thpqun l UPS-b tch in). Ngy nay, hu ht cc thit b hot ng da trn nn
tng IP u i km vi cc phn mm SMNP agent gip ngi qun tr c th qun
l thit b mt cch d dng. Agent cung cp thng tin cho NMS bng cch theo di
cc hot ng ca thit b. V d, agent trn router theo di trng thi cc cng ca
router. NMS c th truy vn trng thi ca cc cng ny v c hnh ng thch hp
khi nu nh mt trong cc cng xy ra vn . Khi agent pht hin c vn xy ra
trn thit b n c th gi trap n NMS. Mt vi thit b s gi hi bo all cleartrap khi c s chuyn i t trng thi xu sang tt. iu ny cng c th c ch
trong vic xc nh vn c gii quyt. Hnh bn di m t mi quan h
gia NMS v Agent.
Trang 26
7/31/2019 Tm hiu trin khai gii php gim st mng
27/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-1: M hnh hot ng gia NMS v Agent
iu quan trng cn phi xc nh r l Poll v Trap c th xy ra cng lc.
Khng c hn ch no khi NMS truy vn Agent v Agent gi trap n NMS.
1.6.4. Structure of Management Information v MIBSStructure of Management Information (SMI) cung cp cch nh ngha cc
i tng c qun l v hnh vi ca chng. Mt agent s hu mt danh sch cc
i tng m n theo di (cc i tng c th l trng thi hot ca mt cng
trn router hay dung lng cng my tnh). Danh sch ny nh ngha chung
cc thng tin m NMS c th dng xc nh tnh trng ca thit b m agent tn
ti.
Management Information Base (MIB) c th xem ging nh l c s d liu
ca cc i tng c qun l m agent theo di. Bt k tnh trng hay thng tin
thng k no c th c truy cp bi NMS th c nh ngha trong mt MIB.
SMI cung cp cch thc nh ngha i tng qun l, trong khi MIB l s
nh ngha chnh xc i tng (dng c php ca SMI).
Mt agent c th thc hin nhiu MIB nhng tt c cc agent u thc hin
MIB c bit l MIB-II (RFC 1213). Mc nh chnh ca MIB-II l cung cp thng
tin qun l chung ca TCP/IP. N khng bao gm tt c cc thng tin c bit m
nh sn xut thit b mun qun l. Ngi ta cn qun l rt nhiu thit b v mi
thit b c sn xut c cc tnh nng ring. l l do ti sao cho php nh sn
xut v c nhn c php nh ngha MIB ca ring h. V d nh sn xut bn
router mi. Agent tch hp bn trong router s hi p cc yu cu t NMS m
c nh ngha chung trong MIB-II. Thm vo router s c thm cc chc nng
Trang 27
7/31/2019 Tm hiu trin khai gii php gim st mng
28/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
mi nhng khng c nh ngha trong bt k chun MIB no. Chnh v th nh
sn xut phi nh ngha MIB ca ring h.
1.6.5. Qun l my trm
Vic qun l cc ti nguyn ca my trm (nh dung lng a cng, b nh
s dng) l mt phn quan trng trong vic qun l mng. Host Resources
MIB nh ngha mt tp cc i tng gip cho vic qun l cc h thng Unix v
Windows (tt c cc h thng chy SNMP agent u c th qun l khng ch ring
Unix v Windows).
1.7. Chi tit v SNMP
1.7.1. SNMP v UDP
SNMP s dng User Datagram Protocol (UDP) truyn ti d liu gia
managers v agents. UDP, c nh ngha trong RFC 768, c chn s dng
trong SNMP thay v Transmission Control Protocol (TCP) bi v n l giao thc phi
kt ni, ngha l khng c kt ni im ti im gia agent v NMS khi d liu
c truyn qua li. iu ny lm cho giao thc SNMP khng ng tin cy v
khng c kh nng pht hin khi d liu b mt. Do SNMP phi c cch phthin d liu truyn c b mt khng v truyn li d liu nu cn thit. n gin ch
ph thuc vo thi gian ch. Khi NMS gi yu cu n agent v ch hi bo. Thi
gian ch ca NMS ph thuc vo cu hnh ca ngi qun tr. Nu ht thi gian
ch v NMS khng nhn c thng tin phn hi t agent n s gi li yu cu. S
ln gi li cng ph thuc vo cu hnh ca ng dng SNMP.
Dng nh khng quan trng khi SNMP s dng UDP lm giao thc truyn
nhn d liu, nhng li gp kh khn khi agent gi trap cho NMS, v khng c cch
no NMS bit chuyn g xy ra khi agent gi trap m trap li khng n c
NMS v agent cng khng bit c cn phi gi li trap khng, do NMS khng gi
li hi bo cho agent khi nhn c trap.
Mt khc do UDP s dng t ti nguyn nn vic nh hng n hiu xut
mng thp. SNMP tng c trin khai trn TCP nhng dng nh l mt
mi trng khng thch hp do tnh hng kt ni ca giao thc ny.
Trang 28
7/31/2019 Tm hiu trin khai gii php gim st mng
29/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
SNMP dng cng UDP 161 gi v nhn yu cu, UDP 162 nhn trap.
Tt c cc thit b s dng SNMP phi dng 2 cng mc nh ny, nhng mt vi
nh sn xut cho php ta thay i cng trn cu hnh ca agent. Nu cu hnh mc
nh b thay i, NMS phi thay i ph hp vi cu hnh trn agent.
Hnh 2-2: M hnh trao i d liu gia NMS v Agent
Hnh trn m t m hnh TCP/IP, l m hnh c bn cho tt c cc qu trnh
truyn thng TCP/IP. Ngy nay, tt c cc thit b mun tham gia vo qu trnh
truyn thng trn Internet u phi tun theo b giao thc ny. Khi NMS hay agent
mun thc hin truyn thng phi theo cc tun t sau:
Trang 29
7/31/2019 Tm hiu trin khai gii php gim st mng
30/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Application: u tin, ng dng SNMP (NMS hay agent) quyt nh
phi lm g. V d, n c th gi mt yu cu SNMP n agent, gi hi p
yu cu SNMP (c th c gi t agent), hay gi mt trap n NMS. Tng
ng dng cung cp dch v cho ngi dng cui, chng hn nh ngi iuhnh yu cu thng tin trng thi ca mt cng trn switch.
UDP: lp tip theo trong m hnh TCP/IP, UDP cho php 2 host
truyn thng vi nhau. Ni dng ca UDP header cha nhiu thng tin,
trong c cng ca thit b m n gi yu cu hay trap. Cng ch c th l
161 (truy vn) hoc 162 (trap).
IP: lp IP c gng truyn cc gi SNMP ti a ch ch c yucu.
Medium Access Control (MAC): s kin cui cng phi xy ra cho
mt gi SNMP c th n c ch l tng vt l, ni gi tin c nh
tuyn truyn ti ch. Lp MAC bao gm phn cng v trnh iu khin
thit b a d liu ti ch. Lp MAC cng chu trch nhim cho vic nhn
gi tin t tng vt l v chuyn gi tin ln tng trn tip theo trong m hnh
TCP/IP.
c th d hiu ta s ly mt v d m t. Gi s ta mun gi th
cho mt ngi bn xa mi ngi ti nh vo ma h ny. Bng cch
quyt nh gi mt l th mi, ta thc hin ging nh mt chng trnh
SNMP. in vo ba th a ch ca ngi nhn ging nh chc nng ca
lp UDP l xc nh cng ch trong UDP header, trong trng hp ny l
a ch ca ngi nhn. Dn tem v b vo thng th ngi a th ly iging nh chc nng ca lp IP. Hnh ng cui cng khi ngi a th
n v ly l th. T y l th c gi n ch, l hp th ca ngi bn.
Lp MAC ca my tnh ging nh xe a th hay my bay mang th. Khi
ngi bn nhn c th, ngi cng s thc hin mt qu trnh tng t
nh vy hi p.Thng qua v d trn s l ta hnh dung cch thc gi tin
c truyn.
Trang 30
7/31/2019 Tm hiu trin khai gii php gim st mng
31/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.7.2. SNMP Communities
SNMPv1 v SNMPv2 s dng khi nim community thit lp s tin
tng gia manager v agent. Mt agent c cu hnh vi 3 mc: read-only, read-
write, v trap. Tn community c th c xem nh mt khu. C 3 chuicommunity kim sot cc loi hot ng khc nhau. Ging nh tn ca chng, ta c
th thy, chui read-only ch cho php ta c gi tr ca d liu v khng cho php
thay i cc gi tr . V d, cho php c s gi d liu truyn thng trn mt
cng ca router nhng khng cho php ta xa hay thay i gi tr . Chui read-
write cho php c v thay i gi tr d liu. Cui cng, chui trap cho php nhn
traps t agent.
Hu ht cc nh sn xut bn thit b ca h trong chui community c
gn mc nh, thng thng public ngha l read-only v private l read-write.
Chng ta nn thay i gi tr mc nh ny trc khi s dng thit b m bo
tnh bo mt cho truyn thng SNMP gia cc thit b. Khi cu hnh mt SNMP
agent, ta s mun cu hnh a ch trap, l a ch m thit b s gi trap n. Thm
vo , do chui community c gi dng bn r, ta nn cu hnh agent gi mt
chng thc SNMP trap, khi c ai c gng truy vn thng tin thit b s khngbit c gi tr ca chui community nn khng th truy vn thnh cng. iu ny
gip tng tnh bo mt h thng.
Do bn cht ca chui community ging nh mt khu v th ta nn p dng
cc quy tc t mt khu an ton: t khng c trong t in, di ln, kt hp k
t hoa, thng, c bit Nh cp trn, chui community c gi di
dng khng m ha nn rt d ngi khc bit c, do giao thc SNMPv3
c nhiu ci tin nhm tng tnh bo mt cho h thng trong qu trnh truyn
thng gia cc thit b SNMP.
C nhiu cch gim nguy c b tn cng. S dng tng la hay b lc
gi tin c th gim thiu c hi ngi khc gy hi n h thng bng cch tn cng
thng qua SNMP. V d, ta c th cho php truyn thng trn cng UDP 161 (truy
vn SNMP) trong mng ch khi n n t a ch IP ca my NMS, tng t vi
Trang 31
7/31/2019 Tm hiu trin khai gii php gim st mng
32/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
cng UDP 162 cho gi tin trap. Tng la khng th ngn chn 100% nguy c b
tn cng, n ch gp phn gim thiu nguy c b tn cng cho h thng.
iu quan trng cn bit l mt khi c ngi bit c chui community
read-write trn cc thit b, ngi ny c th chim quyn iu khin cc thit b
(nh thay i cu hnh ca router hay switch). C mt cch m bo chui
community l s dng Virtual Private Network (VPN) m bo d liu c m
ha khi truyn. Mt cc khc l thay i chui community thng xuyn (cch ny
khng kh thi trong mi trng mng ln). Mt gii php n gin l vit mt Perl
script thay i chui community trn thit b.
1.7.3. Structure of Management Information (SMI)Structure of Management Information Version 1 (SMIv1, RFC 1155) nh
ngha mt cch chnh xc lm cch no qun l mt i tng c t tn v
ch ra mi quan h gia chng. Structure of Management Information Version 2
(SMIv2, RFC 2578) cung cp phng thc ci tin cho SNMPv2.
nh ngha ca cc i tng c qun l c th m t qua 3 thuc tnh
sau:
Name: hay cn gi l object identifier(OID), nh ngha duy nht mt
i tng qun l. Tn thng xut hin di 2 dng: s v loi c th c
(human readable). Trong c 2 dng trn, tn thng di v khng thun tin.
Trong cc ng dng SNMP, c nhiu cch h tr cho vic c tn ny
mt cch thun tin.
SYNTAX: loi d liu ca i tng c qun l c nh ngha
bng cch s mt tp cc k hiu Abstract Syntax Notation One (ASN.1).
ASN.1 l phng php ch ra cch d liu c biu din v truyn gia
manager v agent. Mt c im thun tin ca ASN.1 l cc k hiu c
lp. iu ny c ngha cc h thng khc nhau u c th truyn thng
SNMP vi nhau.
Encoding: mt i tng qun l c m ha thnh 1 chui cc
octets s dng Basic Encoding Rules (BER). BER nh ngha cch i tng
Trang 32
7/31/2019 Tm hiu trin khai gii php gim st mng
33/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
c m ha v gii m chng c th truyn thng qua mi trng
Ethernet.
1.7.3.1 t tn OIDs
Cc i tng qun l c t chc thnh cu trc dng cy. Cu trc ny l
c s t tn cho cc i tng. Mt OID c to thnh bng 1 chui cc s
nguyn da trn cc nt trn cy cu trc, c chia cch bi du chm (.). C mt
hnh thc khc thun tin c hn l mt chui s l t tn trn tng nt ca
cy.
Hnh di m t vi cp ca cy i tng bt u t root node. Trong cy
di, nu mt nt khng c nt con th gi l l, ngc li gi l nhnh. V d, btu cy l root, di root c ccitt, iso v joint. Trong hnh minh ha, duy nht iso l
nhnh, cn ccitt v joint l l. Trong v d, ta ch nhnh:
iso(1).org(3).dod(6).internet(1)c OID l 1.3.6.1,
Mi i tng qun l c 1 OID ring.
Cc doanh nghip, c nhn c th nh ngha OID ca mnh bng cch ng
k vi t chc IANA t chc ang qun l danh sch cc OID.
Trang 33
7/31/2019 Tm hiu trin khai gii php gim st mng
34/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-3: S cy cc OID
1.7.3.2 nh ngha OIDs
Trong SMIv1 nh ngha mt OID ta cn khai bo cc thng tin sau:
SYNTAX, ACCESS, STATUS, DESCRIPTION
V d v mt khai bo OID:
ifTable OBJECT-TYPE
SYNTAX SEQUENCE OF IfEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of interface entries. The number of entries is
given by the value of ifNumber."
::= { interfaces 2 }
Trang 34
7/31/2019 Tm hiu trin khai gii php gim st mng
35/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Loi d liu ca trng SYNTAX trong SMIv1 c m t trong bng sau:
Cc loi d liu ca SMIv1Loi d liu M t
Integer
L mt s 32-bit thng dng nh l loi d liu lit k
trong cc i tng. V d: trng thi hot ng ca 1
cng trn router 1: up, 2: down, 3: testing. Gi tr 0
khng c s dng nh l loi d liu lit k (theo
RFC 1155).
Octet String
L mt chui cc s thng dng i din cho 1
chui text, thnh thong cng dng i din cho 1
chui a ch vt l.
Counter
L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).
Khi n gi tr ti a, s ny tr v 0 v bt u li t
u. Thng dng theo di thng tin nh l s bit
gi v nhn trn mt interface. Counter l mt s t
tng v khng bao gi gim. Khi agent khi ng li th
Counter cng tr v gi tr 0.
Object Identifier
L mt chui cc s h 10 cch nhau bng du chm (.)
i din cho mt i tng trn cy i tng. V d:
1.3.6.1.4.1.9 i din cho OID ca Cisco.
Null Hin ti khng s dng trn SNMP.
Sequencenh ngha danh sch cha s 0 v cc loi d liu
ASN.1 khc.
Sequence ofnh ngha mt i tng c qun l m c to
nn bi loi ASN.1.
IpAddress L mt s 32-bit i din cho a ch IPv4 .
NetworkAddress Cng ging nh IpAddress nhng cc th i din cho
Trang 35
7/31/2019 Tm hiu trin khai gii php gim st mng
36/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
cc loi a ch mng khc.
Gauge
L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).
Khng ging nh Counter, Gauge c th tng v gim
nhng n khng bao gi c th t n gi tr ti a. V
d: tc ca interface trn router c th i din bng
Gauge.
Timeticks
L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).
L gi tr o lng thi gian tnh bng phn trm giy.
Gi tr uptime ca thit b c th i din bng loi d
liu ny.
Opaque
Cho php bt truyn mt gi tr t do c kiu ty
nhng c ng li thnh tng Octet String theo quy
nh ca ASN.1
Bng 2-2: Loi d liu ca trng SYNTAX
Mc ch ca cc loi d liu trn l nh ngha mt i tng c qun l.
iu ny rt quan trng c v hiu tp tin MIB.
1.7.4. SMI version 2
SMIv2 l phin bn m rng ca SMI bng cch thm nhnh snmpV2 vo
nhnh internet.
Trang 36
7/31/2019 Tm hiu trin khai gii php gim st mng
37/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-4: S cc OID ca SMIv2
OID cho nhnh mi l: 1.3.6.1.6.3.1.1 hay l
iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects
nh ngha ca cc i tng trong SMIv2 c mt t thay i so vi SMIv1.Do c th kim sot i tng tt hn.
Cc kiu d liu mi trong SMIv2
Loi d liu M t
Integer32 Ging nh Integer
Counter32 Ging nh Counter
Gauge32 Ging nh Gauge
Trang 37
7/31/2019 Tm hiu trin khai gii php gim st mng
38/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Unsigned32 C gi tr t 0 - 232-1
Counter64 Ging nh Counter nhng c gi tr trong khong t 0-
264-1.
BITS Kiu d liu lit k khng m dng bit
Bng 2-3: Loi d liu trong SMIv2
Cc trng mi c thm vo trong SMIv2 c m t trong bng sau:
Cc nh ngha ci tin trong SMIv2
nh ngha i tng M t
UnitsPartsMt m t nguyn vn dng i din cho i
tng
MAX-ACCESS
Tng ng vi trng ACCESS SMIv1. Cc gi
tr cho trng ny l: read-only, read-write, read-
create, not-accessible, v accessible-for-notify.
STATUS
Mt mnh m rng vi cc t kha nh: current
(nh ngha ca object ang c hiu lc v ang c
s dng), obsolete (nh ngha ny c v c th b
i), v deprecated (nh ngha ny c v cc
chun tip theo c th nh ngha li). current trong
SMIv2 ging nh mandatory trong SMIv1.
AUGMENTS
Trng ny cho php m rng mt bng bng cch
thm mt hay nhiu ct i din cho cc i tng.
Trng ny yu cu cn c tn ca bng c thm
i tng.
Bng 2-4: Cc trng d liu trong SMIv2
Trang 38
7/31/2019 Tm hiu trin khai gii php gim st mng
39/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.7.5. Chi tit v MIB-II
MIB-II l mt nhm qun l rt quan trng v mi thit b h tr SNMP u
phi h tr MIB-II.
RFC1155 m t cch trnh by mt mib file nh th no ch khng nh
ngha cc object. RFC1213 l mt chun nh ngha nhnh mib nm di
iso.org.dod.internet.mgmt.mib-2 (tt nhin phi theo cu trc m RFC1155 quy
nh). Chng ta s kho st mt phn RFC1213 hiu ngha ca mt s object
trc khi dng cng c c chng.
RFC1156 l c t mib chun cho cc thit b TCP/IP, c coi l Internet-
Standard Mib (mib version 1). RFC1213 l c t mib chun version 2, thng gil mib-2. Ch phn bit mib-1 v mib-2 l cc chun c t nh ngha ca cc
object, cn SMIv1 v SMIv2 l c t cu trc ca mib file. Mib-1 v mib-2 s
dng cu trc ca SMIv1.
Mib-2 l mt trong nhng mib c h tr rng ri nht. Nu mt thit b
c tuyn b l c h tr SNMP th hng sn xut phi ch ra n h tr cc RFC
no, v thng l RFC1213.
Trang 39
7/31/2019 Tm hiu trin khai gii php gim st mng
40/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-5: S chi tit OID
MIB-II c 10 nhnh con c nh ngha trong RFC 1213, k tha t MIB-I
trong RFC 1066. Mi nhnh c 1 chc nng ring.
system (1.3.6.1.2.1.1) nh ngha mt danh sch cc i tng gn
lin vi hot ng ca h thng nh: thi gian h thng khi ng ti by
gi, thng tin lin lc ca h thng v tn ca h thng.
interfaces (1.3.6.1.2.1.2) Lu gi trng thi ca cc interface trn mt
thc th qun l. Theo di mt interface up hoc down, lu li cc octet
gi v nhn, octet li hay b hy b.
at (1.3.6.1.2.1.3) Nhm at (address translation) b phn i, n ch
cung cp kh nng tng thch ngc. Nhm ny c b t MIB-III tr i.
Trang 40
7/31/2019 Tm hiu trin khai gii php gim st mng
41/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
ip (1.3.6.1.2.1.4) Lu gi nhiu thng tin lin quan ti giao thc IP,
trong c phn nh tuyn IP.
icmp (1.3.6.1.2.1.5) Lu cc thng tin nh gi ICMP li, hy.
tcp (1.3.6.1.2.1.6) Lu cc thng tin khc dnh ring cho trng thi
cc kt ni TCP nh: ng, lng nghe, bo gi
udp (1.3.6.1.2.1.7) Tp hp cc thng tin thng k cho UDP, cc
datagram vo v ra,
egp (1.3.6.1.2.1.8) Lu cc tham s v EGP v bng EGP ln cn.
Transmission (1.3.6.1.2.1.10) Khng c i tng no trong nhm
ny, nhng n nh ngha cc mi trng c bit ca MIB.
snmp (1.3.6.1.2.1.11) o lng s thc thi ca SNMP trn cc thc
th qun l v lu cc thng tin nh s cc gi SNMP nhn v gi.
1.7.6. Hot ng ca SNMP
Protocol Data Unit (PDU) l nh dng thng ip m manager v agent s
dng gi v nhn thng tin. C mt nh dng chun PDU cho cc hot ng ca
SNMP sau:
Get
Get-next
Get-bulk (SNMPv2 v SNMPv3)
Set
Get-response
Trap
Notification (SNMPv2 v SNMPv3)
Inform (SNMPv2 v SNMPv3)
Report (SNMPv2 v SNMPv3)
Trang 41
7/31/2019 Tm hiu trin khai gii php gim st mng
42/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-6: M hnh hot ng ca SNMP
1.7.6.1 Get
get: c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi
kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n
khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp
thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response:
Hnh 2-7: M hnh hot ng ca lnh get
agent hiu c NMS cn tm thng tin g, n da vo mt mc trong
get l variable binding hay varbind. Varbind l mt danh sch cc i tng
Trang 42
7/31/2019 Tm hiu trin khai gii php gim st mng
43/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
ca MIB m NMS mun ly t agent. Agent hiu cu hi theo dng: OID=value
tm thng tin tr li. Cu hi truy vn cho trng hp trong hnh 2-7:
$ snmpget cisco.ora.com public .1.3.6.1.2.1.1.6.0system.sysLocation.0 = ""
y l mt cu lnh snmpget trn Unix. cisco.ora.com l tn ca thit b,
public l chui ch y l yu cu ch c (read-only), .1.3.6.1.2.1.1.6.0 l OID.
.1.3.6.1.2.1.1 ch ti nhm system trong MIB. .6 ch ti mt trng trong
system l sysLocation. Trong cu lnh ny ta mun hi Cisco router rng vic
nh v h thng c ci t cha. Cu tr li system.sysLocation.0 = "" tc l
cha ci t. Cu tr li ca snmpget theo dng ca varbind: OID=value. Cn
phn cui trong OID snmpget; .0 nm trong quy c ca MIB. Khi hi mt
i tng trong MIB ta cn ch r 2 trng x.y, y l .6.0. x l OID thc t
ca i tng. Cn .y c dng trong cc i tng c hng nh mt bng
hiu hng no ca bng, vi trng hp i tng v hng nh trng hp ny
y = 0. Cc hng trong bng c nh s t s 1 tr i.
Cu lnh get hu ch trong vic truy vn mt i tng ring l trong MIB.
Khi mun bit thng tin v nhiu i tng th get tn kh nhiu thi gian. Cu
lnh get-next gii quyt c vn ny.
Trang 43
7/31/2019 Tm hiu trin khai gii php gim st mng
44/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.7.6.2 Get-next
get-next: a ra mt dy cc lnh ly thng tin t mt nhm trong MIB.
Agent s ln lt tr li tt c cc i tng c trong cu truy vn ca get-next
tng t nh get, cho n khi no ht cc i tng trong dy. V d ta dng lnhsnmpwalk. snmpwalk tng t nh snmpget nhng khng ch ti mt i
tng m ch ti mt nhnh no :
$snmpwalk cisco.ora.com public system
system.sysDescr.0 = "Cisco Internetwork Operating System Software
..IOS (tm) 2500 Software (C2500-I-L), Version 11.2(5), RELEASE
SOFTWARE (fc1)..Copyright (c) 1986-1997 by cisco Systems, Inc...
Compiled Mon 31-Mar-97 19:53 by ckralik"
system.sysObjectID.0 = OID: enterprises.9.1.19
system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23
system.sysContact.0 = ""
system.sysName.0 = "cisco.ora.com"
system.sysLocation.0 = ""system.sysServices.0 = 6
y ta mun ly thng tin ca nhm system, agent s gi tr ton b thng tin
ca system theo yu cu. Qu trnh tm nhm system trong MIB thc hin theo
cy t gc, n mt nt nu c nhiu nhnh th chn nhnh tm theo ch s ca
nhnh t nh n ln:
Trang 44
7/31/2019 Tm hiu trin khai gii php gim st mng
45/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-8: S ng i OID
1.7.6.3 get-bulk
get-bulk c nh ngha trong SNMPv2. N cho php ly thng tin qun
l t nhiu phn trong bng. Dng get c th lm c iu ny. Tuy nhin, kch
thc ca cu hi c th b gii hn bi agent. Khi nu n khng th tr li ton
b yu cu, n gi tr mt thng ip li m khng c d liu. Vi trng hp dng
cu lnh get-bulk, agent s gi cng nhiu tr li nu n c th. Do , vic tr li
mt phn ca yu cu l c th xy ra. Hai trng cn khai bo trong get-bulk l:
nonrepeaters v max-repetitions. nonrepeaters bo cho agent bit N i tng
u tin c th tr li li nh mt cu lnh get n. max-repeaters bo choagent bit cn c gng tng ln ti a M yu cu get-next cho cc i tng cn
li:
Trang 45
7/31/2019 Tm hiu trin khai gii php gim st mng
46/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Hnh 2-9: M hnh ly thng tin get-bulk
$ snmpbulkget -v2c -B 1 3 linux.ora.com public sysDescr ifInOctets ifOutOctets
system.sysDescr.0 = "Linux linux 2.2.5-15 #3 Thu May 27 19:33:18 EDT 1999
i686"
interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
interfaces.ifTable.ifEntry.ifInOctets.3 = 0
interfaces.ifTable.ifEntry.ifOutOctets.3 = 0
y, ta hi v 3 varbind: sysDescr, ifInOctets, v ifOutOctets. Tng s
varbind c tnh theo cng thc
N + (M * R)
N: nonrepeater, tc s cc i tng v hngM: max-repeatition
R: s cc i tng c hng trong yu cu ch c sysDescr l v hng N = 1
M c th t cho l 3 , tc l 3 trng cho mi ifInOctets v ifOutOctets. C 2 i
tng c hng l ifInOctets v ifOutOctets R = 2
Tng s c 1 + 3*2 = 7 varbind
Trang 46
7/31/2019 Tm hiu trin khai gii php gim st mng
47/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Cn trng v2c l do get-bulk l cu lnh ca SNMPv2 nn s dng -
v2c ch rng s dng PDU ca SNMPv2. -B 1 3 l t tham s N v M cho
lnh.
1.7.6.4 Set
Set: thay i gi tr ca mt i tng hoc thm mt hng mi vo bng.
i tng ny cn phi c nh ngha trong MIB l read-write hay write-
only. NMS c th dng set t gi tr cho nhiu i tng cng mt lc:
Hnh 2-10: M hnh lnh set
$ snmpget cisco.ora.com public system.sysLocation.0
system.sysLocation.0 = ""
$ snmpset cisco.ora.com private system.sysLocation.0 s "Atlanta, GA"
system.sysLocation.0 = "Atlanta, GA"
$ snmpget cisco.ora.com public system.sysLocation.0system.sysLocation.0 = "Atlanta, GA"
Cu lnh u l dng get ly gi tr hin ti ca system.sysLocation.
Trong cu lnh snmpset cc trng cisco.ora.com v system.sysLocation.0
c ngha ging vi get. private ch i tng read-write, v t gi tr
mi bng: s "Atlanta, GA". s tc l t gi tr ca system.sysLocation.0 thnh
string, v gi tr mi l "Atlanta, GA" . Varbind ny c nh ngha trong RFC1213 l kiu string ti a 255 k t:
Trang 47
7/31/2019 Tm hiu trin khai gii php gim st mng
48/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-writeSTATUS mandatory
DESCRIPTION
"The physical location of this node (e.g., 'telephone closet,
3rd floor')."
::= { system 6 }
C th ci t nhiu i tng cng lc, tuy nhin nu c mt hnh ng b
li, ton b s b hy b.
1.7.6.5 Error Response ca get, get-next, get-bulk, set
C nhiu loi li bo li t agent:
SNMPv1 Error Message M t
noError(0) Khng c li
tooBig(1) Yu cu qu ln c th dn vo mt cu tr li.
noSuchName(2)OID yu cu khng tm thy, tc khng tn ti
agent.
badValue(3)Cu lnh set dng khng ng vi cc object
read-write hay write-only.
readOnly(4)Li ny t dng. Li noSuchName tng ng
vi li ny.
genErr(5)Dng cho tt c cc li cn li, khng nm trong cc
li trn
Bng 2-5: Cc thng bo li trong SNMPv1
Trang 48
7/31/2019 Tm hiu trin khai gii php gim st mng
49/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Cc loi li ca SNMPv1 mang tnh cht chung nht, khng r rng. Do
SNMPv2 a ra thm mt s loi li nh sau:
SNMPv2 Error Message M T
noAccess(6)Li khi lnh set c gng xm nhp vo mt
bin cm xm nhp. Khi , bin c trng
ACCESS l not-accessible
wrongType(7)
Li xy ra khi lnh set t mt kiu d liu
khc vi kiu nh ngha sn ca i tng. V d
khi set t gi tr kiu string cho mt i tng
kiu s nguyn INTEGER
wrongLength(8)
Li khi lnh set a vo mt gi tr c chiu di
ln hn chiu di ti a ca
i tng
wrongEncoding(9) Li khi lnh set s dng cch m ha khc vi
cch i tng nh ngha.
wrongValue(10)Mt bin c t mt gi tr m n khng hiu.
Khi mt bin theo kiu lit k enumeration
c t mt gi tr khng theo kiu lit k.
noCreation(11)
Li khi c t mt gi tr cho mt bin khng tn
ti hoc to mt bin khng c trong MIB
inconsistentValue Mt bin MIB trng thi
khng nht qun, v n khng chp nhn bt ccu lnh set no.
resourceUnavailable(13)Khng c ti nguyn h thng thc hin lnh
set
commitFailed(14) i din cho tt c cc li khi lnh set tht bi
undoFailed(15) Mt lnh set khng thnh cng v agent khng
th phc hi li trng thi trc khi lnh set bt
Trang 49
7/31/2019 Tm hiu trin khai gii php gim st mng
50/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
u tht bi.
authorizationError(16) Mt lnh SNMP khng c xc thc, khi mt
ngi no a ra mt m khng ng.
notWritable(17) Mt bin khng chp nhn lnh set.
inconsistentName(18)C gng t mt gi tr, nhng vic c gng tht
bi v bin ang tnh trng khng nht qun.
Bng 2-6: Cc li trong SNMPv2
1.7.6.6 Trap
Trap l cnh bo ca agent t ng gi cho NMS NMS bit c tnh trngxu agent.
Khi nhn c mt trap t agent, NMS khng tr li li bng ACK. Do
agent khng th no bit c l li cnh bo ca n c ti c NMS hay
khng. Khi nhn c mt trap t agent, n tm xem trap number hiu
ngha ca trap .
Hnh 2-11: M hnh gi Trap t Agent
Bn tin Trap c agent t ng gi cho manager mi khi c s kin xy ra
bn trong agent, cc s kin ny khng phi l cc hot ng thng xuyn ca
agent m l cc s kin mang tnh bin c. V d: Khi c mt port down, khi c mt
ngi dng login khng thnh cng, hoc khi thit b khi ng li, agent s gi
trap cho manager.
Trang 50
7/31/2019 Tm hiu trin khai gii php gim st mng
51/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Tuy nhin khng phi mi bin c u c agent gi trap, cng khng phi
mi agent u gi trap khi xy ra cng mt bin c. Vic agent gi hay khng gi
trap cho bin c no l do hng sn xut device/agent quy nh.
Phng thc trap l c lp vi cc phng thc request/response. SNMP
request/response dng qun ln SNMP trap dng cnh bo. Ngun gi trap
gi l Trap Sender v ni nhn trap gi l Trap Receiver. Mt trap sender c th
c cu hnh gi trap n nhiu trap receiver cng lc.
C 2 loi trap : trap ph bin (generic trap) v trap c th (specific trap).
Generic trap c quy nh trong cc chun SNMP, specific trap do ngi dng t
nh ngha (ngi dng y l hng sn xut SNMP device). Loi trap l mt snguyn cha trong bn tin trap, da vo m pha nhn trap bit bn tin trap c
ngha g.
Theo SNMPv1, generic trap c 7 loi sau : coldStart(0), warmStart(1),
linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborloss(5),
enterpriseSpecific(6). Gi tr trong ngoc l m s ca cc loi trap. ngha ca cc
bn tin generic-trap nh sau:
S v tn kiu Trap nh ngha
coldStart (0)
Thng bo agent va khi ng li. Tt c cc
bin qun l s c reset, cc bin kiu
Counters v Gauges c t v 0.
coldStart dng xc nh mt thit b mi gia
nhp vo mng. Khi mt thit b khi ng xong,
n gi mt trap ti NMS. Nu a ch NMS l
ng, NMS c th nhn c v xc nh xem c
qun l thit b hay khng.
warmStart (1)Thng bo agent va khi to li, khng c bin
no b reset.
linkDown (2)
Gi i khi mt interface trn thit b chuyn sang
trng thi down.
Trang 51
7/31/2019 Tm hiu trin khai gii php gim st mng
52/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
linkUp (3) Gi i khi mt interface tr li trng thi up.
authenticationFailure (4)Cnh bo khi mt ngi no c truy cp vo
agent m khng c xc thc.
egpNeighborLoss (5) Cnh bo mt EGP ln cn b down
enterpriseSpecific (6)
y l mt trap ring, ch c bit bi agent
v NMS t nh ngha ring chng. NMS s
dng phng php gii m c bit hiu c
thng ip ny.
Bng 2-7: Cc kiu Trap
trap c nh ngha trong MIB l rdbmsOutOfSpace:
rdbmsOutOfSpace TRAP-TYPE
ENTERPRISE rdbmsTraps
VARIABLES { rdbmsSrvInfoDiskOutOfSpaces }
DESCRIPTION
"An rdbmsOutOfSpace trap signifies that one of the database servers managed by
this agent has been unable to allocate space for one of the databases managed by
this agent. Care should be taken to avoid flooding the network with these traps."
::= 2
Gi tr ca ENTERPRISE l rdbmsTraps, thng tin m t ca Trap c trong
DESCRIPTION v gi tr ca Trap l 2.
1.7.6.7 Notification
chun ha nh dng PDU trap ca SNMPv1 do PDU ca get v
set khc nhau, SNMPv2 a ra NOTIFICATION-TYPE. nh dng PDU ca
NOTIFICATION-TYPE l nhn ra get v set. NOTIFICATION-TYPE
c nh ngha trong RFC 2863:
linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }
Trang 52
7/31/2019 Tm hiu trin khai gii php gim st mng
53/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
STATUS current
DESCRIPTION
"A linkDown trap signifies that the SNMPv2 entity, acting in an agent role, has
detected that the ifOperStatus object for one of its communication links left thedown state and transitioned into some other state (but not into the notPresent
state). This other state is indicated by the included value of ifOperStatus."
::= { snmpTraps 3 }
OID ca trap ny l 1.3.6.1.6.3.1.1.5.3, tc
iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps
.linkDown.
1.7.6.8 Inform
SNMPv2 cung cp c ch truyn thng gia nhng NMS vi nhau, gi l
SNMP inform. Khi mt NMS gi mt SNMP inform cho mt NMS khc, NMS
nhn c s gi tr mt ACK xc nhn s kin. Vic ny ging vi c ch ca
get v set.
Ch : SNMP inform c th dng gi SNMPv2 Trap n 1 NMS. Trong
trng hp ny agent s c thng bo khi NMS nhn c Trap.
1.7.6.9 Report
c nh ngha trong bn nhp ca SNMPv2 nhng khng c pht trin.
Sau c a vo SNMPv3 v hy vng dng truyn thng gia cc h thng
SNMP vi nhau.
1.8. Tng kt
Ct li ca giao thc qun l mng (SNMP) l mt tp hp cc hot ng,
chc nng, gip nh qun tr mng c th qun l, theo di, thay i trng thi ca
cc thit b trn h thng.
Trang 53
7/31/2019 Tm hiu trin khai gii php gim st mng
54/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
CHNG 3. PHN MM GIM ST NAGIOS CORE
1.9. Gii thiu
Nagios l mt cng c gim st h thng. iu ny c ngha l n lin tckim tra trng thi ca my v dch v khc nhau trn cc my. Mc ch chnh ca
h thng gim st l pht hin v bo co v bt k h thng khng hot ng,
cng sm cng tt, do , ta nhn thc c vn trc khi ngi dng s dng.
Nagios khng thc hin bt k kim tra my ch hoc cc dch v no trn
ca my ch Nagios. N s dng plugin thc hin vic kim tra thc t. iu
ny lm cho n c tnh linh hot cao, v l gii php hiu qu cho vic thc hin v
kim tra dch v.
i tng gim st ca Nagios c chia thnh hai loi: host v dch v.
Host l cc my vt l (my ch, b nh tuyn, my trm, my in v vv), trong khi
dch v l nhng chc nng c th, v d, mt my ch web (mt qu trnh x l
http) c th c nh ngha nh l mt dch v c gim st. Mi dch v c lin
quan n mt my ch l dch v ang chy trn . Ngoi ra, c hai my v dch
v c th c nhm li thnh cc nhm dch cho ph hp.
Hnh 3-12: Cc i tng cn gim st trn Nagios
Trang 54
7/31/2019 Tm hiu trin khai gii php gim st mng
55/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
Nagios c hai u im ln khi ni n qu trnh gim st, thay v theo di
cc gi tr, n ch s dng bn mc m t tnh trng: OK, WARNING,
CRITICAL, v UNKNOW. Cc m t tnh trng ca cc i tng c gim st
cho php ngi qun tr quyt gii quyt hay b qua cc vn trn h thng mkhng tn nhiu thi gian. y chnh l iu Nagios lm. Nu ta ang theo di mt
gi tr s nh s lng khng gian a v ti CPU, ta c th nh ngha ngng
nhng gi tr c cnh bo khi cn thit.
Mt thun tin khc ca Nagios l cc bo co v trng thi ca cc dch v
ang hot ng. Bo co ny cung cp mt ci nhn tng quan tt v tnh trng c
s h tng. Nagios cng cung cp cc bo co tng t cho cc nhm my ch v
cc nhm dch v, cnh bo khi bt k dch v quan trng hoc c s d liu server
ngng hot ng. Bo co ny cng c th gip xc nh u tin ca cc vn
nh vn no cn c gii quyt trc.
Nagios thc hin tt c cc kim tra ca mnh bng cch s dng plugins.
y l nhng thnh phn bn ngoi m Nagios qua ly c thng tin v nhng
g cn c kim tra v cung cp cc cnh bo cho ngi qun tr. Plugins c trch
nhim thc hin cc kim tra v phn tch kt qu. Cc u ra t mt kim tra l
mt trng thi (OK, WARNING, CRITICAL, hoc UNKNOW) v cc vn bn b
sung cung cp thng tin v cc dch v c th. Vn bn ny ch yu dnh cho cc
qun tr vin h thng c th c mt trng thi chi tit ca mt dch v.
Nagios khng ch cung cp mt h thng ct li theo di, m cn cung
cp mt tp cc plugins tiu chun trong mt gi ring bit (xem
http://nagiosplugins.org/ bit thm chi tit). Nhng plugin ny cho php kim tracc dch v ang chy trn h thng. Ngoi ra nu ta mun thc thi mt kim tra
c bit, ta c th to mt plugin ring cho mnh.
1.9.1. Li ch ca vic gim st ti nguyn
C nhiu l do ti sao ta nn chc chn rng tt c cc ngun ti nguyn ang
lm vic nh mong i. Cc li th chnh l s ci thin v cht lng. Nu nhn
vin IT c th thng bo s c nhanh chng hn, h cng s c th x l cc vn nhanh hn. i khi, s mt vi gi hoc vi ngy c c bo co u tin ca
Trang 55
7/31/2019 Tm hiu trin khai gii php gim st mng
56/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
mt s c. Nagios s m bo rng nu c thit b hoc dch v g l khng lm
vic, ta bit v n mt cch nhanh nht.
N cng c th lm cho Nagios thc hin cc khi phc t ng, iu ny
c thc hin nh vo cc s kin c nh ngha trong Nagios. y l cc lnh
c chy sau khi tnh trng ca mt my ch lu tr hoc dch v thay i, v
d khi mt router chnh khng hot ng, Nagios s chuyn n mt gii php d
phng cho n khi router chnh c sa. Mt trng hp in hnh l mt kt ni
quay s nh d phng s c bt, trong trng hp mt kt ni VPN.
Mt li th l xc nh vn tt hn. Nagios c th xc nh c chnh
xc mt s c xy ra trn h thng nhng khng mt nhiu thi gian.Nagios cng rt linh hot khi thng bo cho mi ngi v nhng s c. Ta
c th thit lp n gi email cho nhng ngi khc nhau ty thuc vo nhng s
c . Trong hu ht cc trng hp, cng ty c mt lng ln i ng CNTT hoc
nhiu i. Thng thng, ta mun mt s ngi x l cc my ch, v nhng
ngi khc x l cc thit b switch / router / modem. Ta thm ch c th s
dng giao din web 'Nagios qun l ngi no ang lm vic v vn g. Ta
cng c th cu hnh cch Nagios gi cnh bo qua email, SMS , MSN
Gim st ngun ti nguyn khng ch hu ch xc nh vn , n cng c
th gip ta tit kim thi gian tm hiu chng. Nagios cnh bo v x l cc tnh
hung quan trng khc nhau. iu ny c ngha rng n c th nhn ra vn tnh
hung quan trng mt cch nhanh chng. V d, nu a cng lu tr trn mt my
ch email l s dng ht th tt hn ta nn c thng bo v tnh trng ny
trc khi n tr thnh mt vn nghim trng.
Gim st cng c th c thit lp trn nhiu my tnh trn khp cc a
im khc nhau m c th giao tip tt c cc kt qu n mt my ch Nagios
trung tm. Bng cch ny, thng tin v tt c cc host v dch v trong h thng c
th c truy cp t mt my tnh n l. iu ny s cho ta mt bc tranh hon
chnh c s h tng CNTT.
Trang 56
7/31/2019 Tm hiu trin khai gii php gim st mng
57/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.9.2. Cc chc nng chnh
Cc chc nng ca Nagios rt linh hot, n c th c cu hnh theo di
c s h tng CNTT theo cch ta mun. N cng c mt c ch t ng phn
ng vi cc vn , v mt h thng cnh bo mnh. Tt c iu ny c da trn
mt h thng nh ngha cc i tng r rng:
Commands: c nh ngha v cch Nagios cn thc hin cc loi kim
tra, chng l mt lp tru tng cho php ta nhm cc hot ng tng t li vi
nhau.
Time-periods: l ngy v thi gian ko di m trong mt hot ng nn
hay khng nn c thc hin, v d: Th hai n th su 9:00-17:00.
Contacts v Contact groups: l nhng ngi cn c cnh bo, cng vi
thng tin v cch thc v thi gian h cn c cnh bo. Contacts c th c
nhm li thnh Contact groups.
Host: l nhng my vt l, cng vi thng tin v vic ai s c lin lc, lm
th no kim tra phi c thc hin, v khi no. Host c th c nhm li thnh
cc Host group, mi host c th l mt thnh vin ca nhiu Host group.
Services: l cc chc nng khc nhau hoc cc ti nguyn cn c gim st,
cng vi thng tin v nhng ngi cn c lin lc, lm th no kim tra phi
c thc hin, v khi no. Service c th c nhm li thnh cc service group,
mi service c th l mt thnh vin ca nhiu service group.
Host v service escalation: nh ngha khong thi gian c ch ra m sau
ngi ph nn c cnh bo ca cc s kin no - v d mt my ch quantrng l ngng hot hn 4 gi nn cnh bo cho qun tr vin h bt u theo di
cc vn .
Mt tin ch quan trng ta s t c bng cch s dng Nagios l mt h
thng ph thuc. i vi cc qun tr vin, r rng l nu router b hng, tt c cc
my truy cp thng qua n s tht bi. Nagios cho php ta nh ngha ph thuc
gia cc my hnh thnh cu trc lin kt mng li thc t. V d, nu mt
switch, cho kt ni ta vi mt b nh tuyn ngng hot ng, Nagios s khng
Trang 57
7/31/2019 Tm hiu trin khai gii php gim st mng
58/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
thc hin bt k kim tra trn router hoc trn cc my tnh ph thuc vo router.
iu ny c minh ha trong v d sau y:
Hnh 3-13: V d m t s c
Ta cng c th nh ngha rng mt dch v ph thuc vo mt dch v khc,
hoc trn cng mt my ch hoc trn cc my ch khc nhau. Nu mt trong cc
dch v l ngng hot ng, mt kim tra cho mt dch v m ph thuc vo n s
khng c thc hin. V d, i vi mng ni b ca ng dng cng ty hot ng
tt, c hai my ch web c bn v c s d liu mt my ch u hot ng. Vvy, nu mt dch v c s d liu khng hot ng, Nagios s khng thc hin
kim tra cc ng dng. My ch c s d liu c th l trn cng mt my hot
khc my.Trong mt trng hp nh vy, nu my b hng hoc khng th truy
cp, cnh bo cho tt c cc dch v ph thuc vo cc dch v c s d liu s
khng c gi.
Nagios cng cung cp c ch ln lch cho k hoch ngng hot ng vmt vi l do no nh bo tr hoc nng cp h thng. Ta c th ln lch cho mt
Trang 58
7/31/2019 Tm hiu trin khai gii php gim st mng
59/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
my ch c th hoc dch v d kin khng c sn. iu ny s ngn chn Nagios
thng bo cho ngi c cu hnh cn gi cnh bo v cc vn lin quan n
i tng ny. Nagios cng c th thng bo cho mi ngi k hoch ngng hot
ng mt cch t ng. iu ny ch yu c s dng khi bo tr c s h tng ITv h thng cng nh dch v ngng hot ng trong mt thi gian di.
1.9.3. Trng thi tm thi v c nh
Nagios hot ng bng cch kim tra xem mt my ch hoc dch v c hot
ng tt khng v lu tr trng thi ca n. Bi v trng thi ca mt dch v ch l
mt trong bn gi tr OK, WARNING, CRITICAL, UNKNOW. iu quan trng l
n thc s xc nh c tnh trng hin ti. trnh pht hin tm thi v ngunhin vn , Nagios s dng trng thi tm thi v c nh m t tnh trng hin ti
ca mt my ch lu tr hoc dch v.
Hy tng tng rng mt qun tr vin khi ng li mt my ch web v
hot ng ny lm cho mt cc kt ni n my ch web trong 5s. Nh thng,
khi ng li nh vy c thc hin vo ban m gim s lng ngi dng b
nh hng, y l khong thi gian chp nhn c. Tuy nhin, mt vn c th
ny sinh khi Nagios c gng kt ni ti my ch v thng bo rng n thc s
ngng hot ng nu ch da vo mt kt qu duy nht.
x l tnh hung khi mt dch v ngng hot ng trong mt thi gian rt
ngn, hoc cc kim tra tm thi khng thnh cng, ngi ta a ra trng thi tm
thi. Khi trng thi ca mt kim tra l UNKNOW, hoc n l khc nhau cc trng
thi trc , Nagios s tin hnh kim tra li cc my ch, dch v nhiu ln
m bo rng thay i l c nh trong mt khong thi gian di. S ln kim trac cu hnh trong phn nh ngha cc dch v. Nagios gi nh rng cc kt qu
mi l mt trng tm thi. Sau khi tin hnh kim tra nhiu ln m trng thi khng
i, th n c coi l mt trng thi c nh.
Mi Host v Service c nh ngha s th kim tra s c thc hin trc
khi n c th c gi nh rng thay i l vnh vin. iu ny cho php linh hot
trong vic kim tra cc s c. Thit lp s lng kim tra mt s gy ra cc thay i
Trang 59
7/31/2019 Tm hiu trin khai gii php gim st mng
60/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
c coi l kh khn ngay lp tc. Sau y l mt minh ha cho trng thi tm thi
v c nh, gi s s ln kim tra l 3 ta s c:
Hnh 3-14: Kim tra trng thi
Tnh nng ny cho php b qua s c ngng hot ng trong thi gian ngn
ca mt dch v. N cng rt hu ch thc hin cc kim tra nh k ngay c khi
mi th hot ng tt.
1.10. Tng kt
C nhiu li ch khi s dng h thng gim st. N m bo rng cc dch v
ang lm vic mt cch chnh xc. N gip pht hin cc vn trc v m bo
rng nhng ngi thch hp s c cnh bo khi c s c xy ra. m bo rng tt
c cc dch v hot ng tt l iu cn thit. Trong trng hp xy cc vn , h
thng s gip trong vic a ra mt bc tranh r rng v nhng g ang lm vic,
v nhng g khng.
Nagios l mt ng dng rt mnh cho vic gim st ti nguyn. N ph hp
vi c cc h thng ln v nh. N c th gip t chc duy tr cht lng dch v
cao hn. Nagios cng gip trong vic xc nh nguyn nhn gc r ca vn . N
bao gm c ch rt linh hot theo di v thng bo v c s h tng.
Nagios l mt cng c cc k mnh m nh n c th c cu hnh theo bt
k cch no ta mun. Hn na n cng c th c m rng nu c nhu cu.
CHNG 4 . CISCO SECURITY MONITORING,
ANALYSIS, AND RESPONSE SYSTEM
Trang 60
7/31/2019 Tm hiu trin khai gii php gim st mng
61/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.11. H thng gim thiu mi e da an ninh
CS-MARS ban u c to ra gii quyt cc vn ca cc t chc c
lin quan n cc d liu c thu thp. Trong qu kh, tt c cc d liu c thu
thp t cc thit b bo mt v mng nh router, switch, firewall, IDS, server c
lu trong cc thit b ring bit. Mi nh sn xut v vi mi thit b khc nhau u
s dng cch thc ring lu tr cc bo co cng nh cc s kin thu thp c
t cc thit b . S tng quan khng tn ti, c bit l qua nhiu nh cung cp,
v qun tr vin phi t theo di cc thit b khc nhau. Mc ch ca MARS l t
ng thu thp thng tin d liu ca cc s kin v lu chng trong mt c s d
liu ln, thng qua c th xc nh chnh xc cc vn , s c ang xy ra trn
h thng.
1.12. M hnh ha v tnh trc quan
MARS c th bit c v tr cc thit b trong h thng. N c th ly c
thng tin m hnh h tng khi c thc thi khm ph cc thit b trong mng.
Trong qu trnh tm hiu h thng mng, MARS kt ni ti tt c cc thit b hoc
c thng tin t tp tin cu hnh v lu thng tin xung c s d liu. MARS tin
hnh qu trnh ny mt cch nh k cho thng tin c cp nht. MARS cng
rt linh hot trong vic cu hnh khm ph h thng.
Qu trnh tm hiu thng tin c thc thi theo yu cu, nh ta ang iu tra
s c bo mt. V d, CS-MARS c th pht hin mt my tnh trn h thng ang
b nhim worm. Khi ta chn cc iu tra s c lin quan n worm, MARS tin
hnh theo di cc my ch b nhim bng cch c cc giao thc phn gii a ch
(ARP) v b nh a ch ni dung (CAM) v cc thit b mng ta pht hin ccng ca switch kt ni n my b nhim. Ta c th xem thng tin ny cng nh
biu hin th ni cc my ch b nhim worm c quan h vi cc my ch v cc
thit b khc.
Cc tnh nng trc quan cng c th cho php ta xem s qu trnh ly
nhim worm. N cn c th khuyn ta nn hnh ng ngn chn mt tn cng
trong h thng. Bi v n c th pht hin cng ca switch kt ni n my tnh bly nhim, v khuyn ta nn tm thi tt cng .
Trang 61
7/31/2019 Tm hiu trin khai gii php gim st mng
62/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.13. H thng bo co quy tc mnh
CS-MARS cung cp cng c truy vn mnh cho php ta c th d dng to
mt bo co hay quy tc b sung cho h thng. Mc nh CS-MARS c mt tp cc
quy tc v bo co cho php ta c th thay i, ty chnh. Cng c truy vn cho
php nhanh chng hin th, mt trong cc nh dng cn bn, cc thng tin m ta
quan tm. Thng thng cc truy vn c lu li di dng bo co hoc quy tc
cho php t ng truy vn ln sau.
1.14. Cnh bo v gim thiu nguy c
MARS cho php ta ty bin cc cnh bo d trn cc loi s c. V d, hot
ng thu thp thng tin ca k tn cng c thc thi di hnh thc mt cuc tncng trn b m khng thnh cng c th l mt s c ta mun c thng bo.
MARS c nhiu cch cnh bo cho ta bit c s c trn h thng:
Syslog
SNMP
Paging
Short Message Service (SMS)
Email vi tp tin XML nh km.
1.15. M t cc thut ng trong CS-MARS
CS-MARS s dng cc thut ng c th hi khc vi nhng g ta ang s
dng. hiu MARS v qu trnh iu tra hoc truy vn, ta nn hiu r nhng thut
ng ny.
1.15.1. S kin (Event)
Mi mt ghi nhn v cc s kin, bt k t cc thit b no, u c coi l
mt s kin. Mt s kin c th c thu nhn t nhiu ngun nh SNMP, syslog,
RDEP, SDEE, hoc t Server Message Block (SMB).
Trang 62
7/31/2019 Tm hiu trin khai gii php gim st mng
63/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
1.15.2. Phin (Session)
CS-MARS thu thp cc s lin quan vi nhau, kt qu ca s lin quan cc
s kin ny to ra mt session.
Mt session c to khi cc s kin c xc nh bi thi gian, IP ngun,
IP ch, port ngun, port ch, giao thc v MARS xc nh c rng chng c
lin quan n nhau.
Gi s ta xem xt mt cuc tn cng n my ch web, cc thit b mng v
bo mt u to ra mt bn ghi. Ta c th thy mt session c to bi mt tp cc
bn ghi s kin :
Firewall cho php truyn thng qua cng 80 TCP t my ca k tn
cng n my ch web v gi mt bn ghi n MARS qua syslog.
IDS hoc IPS xc nh c tn cng DDOS n my ch web v gi
bn ghi thng qua SDEE.
Router xc nh c truyn thng t my k tn cng n my ch
web qua TCP 80 v gi bn ghi qua syslog.
My ch web ghi nhn li thng tin ca k tn cng ri gi n
MARS.
Tt c cc bn ghi s kin ca d liu xut pht t cng mt mng s c
thu thp to thnh mt session.
1.15.3. Quy tc (Rules)
Rules l cc quy nh phi c p ng chnh xc CSMARS c mt
hnh ng. Theo mc nh, khi tt c cc iu kin ca Rule c p ng, mt s
c c to ra, ty thuc vo tng loi Rules, ta c th bit thm chi tit cc hnh
ng. Rules c th l nhng ci c bn, nh cc s kin bo co ca Firewall hoc
IDS, hoc phc tp hn l c im cc hnh ng v d nh mt my Server kt
ni vi my Client thng qua cc Port v sau gi n nhng hnh ng trn
mng.
Trang 63
7/31/2019 Tm hiu trin khai gii php gim st mng
64/139
Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng
n gin nh mt quy tc c th l bo cho ti bit khi c t kha ny xut
hin trong cc s kin hay phc tp hn nh bo cho ti tt c cc trng hp khi
c ngi c gng tn cng ng nhp vo h thng.
MARS s dng cc quy tc xc nh cc hot ng m ta mun kim tra.
Quy tc c th c to ra nh truy vn v thng s dng trong cc bo co.
1.15.4. S c (Incident)
Mt Incident l mt chui cc s kin tng quan ng vi mi Rule khi c
tn hiu mt cuc tn cng vo h thng mng. CS-MARS s pht hin, gim thiu,
bo co, v phn tch cc s c . Da trn bng iu khin mng v cc trang
Incident s gip chng ta pht hin v hin th cc s c trn h thng mng v gipa ra cc quy tc v cc s kin phng chng li cc tn cng.
1.15.5. False Positive
CS-MARS xem xt mt tn cng khng thnh cng hoc bi v khng th
xm nhp c vo mc tiu tn cng hoc b cc thit b bo mt ngn chn hay
cng c th do mt bo co sai v mt truyn thng c xem l mt tn cng. Lc
ny CS-MARS s sinh ra mt False Positive
CS-MARS s dng mt h thng tch hp nh gi tnh tn thng (VA) ca
mng c th c kch hot trn tt c hay mt phn ca mng. H thng VA xc
nh chnh xc hn cc cuc tn cng l c tht hay khng.
C 3 loi False Positive c s dng trn CS-MARS