Tìm hiểu triển khai giải pháp giám sát mạng

7/31/2019 Tm hiu trin khai gii php gim st mng

1/139

NHN XT CA GIO VIN HNG DN

Lt, ngy .. thng nm

Gio vin hng dn

[K tn v ghi r h tn]


2/139

NHN XT CA GIO VIN PHN BIN 1

Kha lun p ng yu cu ca Kha lun k s Cng ngh thng tin.

Lt, ngy .. thng nm

Gio vin phn bin

[K tn v ghi r h tn]


3/139

NHN XT CA GIO VIN PHN BIN 2

Kha lun p ng yu cu ca Kha lun k s Cng ngh thng tin.

Lt, ngy .. thng nm

Gio vin phn bin

[K tn v ghi r h tn]


4/139

LI CAM OAN

Ti xin cam oan nhng kt qu nghin cu trong ti ny cha c btk ai cng b trc y. Nu xy ra bt k trng hp no lin quan n bn

quyn, ti xin chu hon ton trch nhim.

Lt ngy 24/11/2010

Lng V Cng Khoa


5/139

LI CM N

u tin cho em xin gi li cm n n tt c cc thy c trong khoa CngNgh Thng Tin trng i hc Lt h tr, to iu kin v c s vt cht

cho em trong qu trnh thc hin kha lun.

c bit em xin gi li cm n n thy Trn Thng ngi trc tip

hng dnemhon thnh kha lun ny. Bn cnh l nhng kin ng gp

ca bn b, cho em ngun ng vin ln hon thnh nhim v ca kha lun.

Qua , em t c nhiu tin b v kin thc cng nh nhng k nng lm

vic b ch.

Em chn thnh gi li cm n su sc n ton th thy c v cc bn!

Lt ngy 24/11/2010

Lng V Cng Khoa


6/139

Trng i Hc Lt

Khoa Cng Ngh Thng Tin

CNG NGHIN CU KHA LUN TT NGHIP

Tn Ti: Tm hiu trin khai gii php gim st mng

Chuyn ngnh: Mng v Truyn thng

Sinh vin thc hin: Lng V Cng Khoa - 0612237

Kha: CTK30

Gio vin hng dn: ThS. Trn Thng

1. Mc tiu ti:

Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch

v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht

hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng

n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h

thng mng.

2. Ni Dung Ti:

Tm hiu giao thc qun l mng.

Nghin cu cc chng trnh gim st h thng, dch v, hiu sut

mng da trn m ngun m.

Tm kim gii php gim st mng ti u.

Trin khai m hnh gim st h thng mng.3. Phn mm v cng c s dng:

Nagios

CentOS

CS-MARS

4. D kin kt qu: da trn kt qu nghin cu a ra thit k v trin khai

mt m hnh gim st h thng mng ti u.


7/139

5. Ti liu tham kho chnh:

[1] Douglas Mauro & Kevin Schmidt, Essential SNMP, OReilly,

Sebastopol, CA 95472, 2001.

[2] Max Schubert & Derrick Bennett & Jonathan Gines & Andrew Hay &

John Strand, Nagios 3 Enterprise Network Monitoring Including Plug-Ins

and Hardware Devices, Syngress Publishing, Burlington, MA 01803, 2008.

[3] Woflgang Barth, Nagios System and Network Monitoring,

William Pollock, CA, 2006.

[4] Americans Headquarters, Cisco Security MARS Initial Configurationand Upgrade Guide, Release 6.x, Cisco System, Inc, San Jose, 2009.

[5] Gary Halleen & Greg Kellogg, Security Monitoring with Cisco

Security MARS, Cisco Press, Indianapolis, 2007.

[6] Augusto Ciuffoletti & Michalis Polychronakis, Architecture of a

Network Monitoring Element, 15th IEEE, 2006

Lt, ngy 11 thng 10 nm 2010

Gio vin hng dn SV Thc hin

(K tn) (K tn)

Trng khoa T trng B mn(K tn) (K tn)

MC LC

NHN XT CA GIO VIN HNG DN......................................................................1

NHN XT CA GIO VIN PHN BIN 1.......................................................................2

NHN XT CA GIO VIN PHN BIN 2.......................................................................3


8/139

LI CAM OAN.................................................................................................................4

LI CM N......................................................................................................................5

CNG NGHIN CU KHA LUN TT NGHIP...................................................6

TM TT KHA LUN....................................................................................................14

LI M U....................................................................................................................16

CHNG 1. TNG QUAN V TM QUAN TRNG CA VIC GIM ST H THNG18

1.1. Gii thiu ...................................................................................................18

1.2. Hiu bit v h thng .................................................................................19

1.3. Cn phi gim st nhng g v ti sao ......................................................20

1.4. Nhng yu t cn thit cho mt h thng gim st...................................23

1.5. Tng kt....................................................................................................23

CHNG 2. GIAO THC QUN L MNG N GIN.................................................24

1.6. SNMP l g? ..............................................................................................24

1.6.1. Qun l v gim st mng ..................................................................24

1.6.2. RFCs v cc phin bn SNMP ............................................................25

1.6.3. Managers v Agents ...........................................................................26

1.6.4. Structure of Management Information v MIBS ...................................27

1.6.5. Qun l my trm ................................................................................28

1.7. Chi tit v SNMP .......................................................................................281.7.1. SNMP v UDP ....................................................................................28

1.7.2. SNMP Communities ............................................................................31

1.7.3. Structure of Management Information (SMI) .......................................32

1.7.4. SMI version 2 ......................................................................................36

1.7.5. Chi tit v MIB-II.................................................................................39

1.7.6. Hot ng ca SNMP .........................................................................41

1.8. Tng kt....................................................................................................53CHNG 3. PHN MM GIM ST NAGIOS CORE.....................................................54

1.9. Gii thiu ...................................................................................................54

1.9.1. Li ch ca vic gim st ti nguyn ...................................................55

1.9.2. Cc chc nng chnh ..........................................................................57

1.9.3. Trng thi tm thi v c nh .............................................................59

1.10. Tng kt..................................................................................................60

CHNG 4 . CISCO SECURITY MONITORING, ANALYSIS, AND RESPONSE SYSTEM

.........................................................................................................................................60


9/139

1.11. H thng gim thiu mi e da an ninh .................................................61

1.12. M hnh ha v tnh trc quan .................................................................61

1.13. H thng bo co quy tc mnh ...........................................................62

1.14. Cnh bo v gim thiu nguy c .............................................................62

1.15. M t cc thut ng trong CS-MARS ......................................................62

1.15.1. S kin (Event) .................................................................................62

1.15.2. Phin (Session) .................................................................................63

1.15.3. Quy tc (Rules) .................................................................................63

1.15.4. S c (Incident) ................................................................................64

1.15.5. False Positive ....................................................................................64

1.16. S gim nh ri ro ...................................................................................65

1.17. Giao din ngi dng ca CS-MARS ......................................................65

1.18. Tng kt..................................................................................................65

CHNG 5. TRIN KHAI V NH GI H THNG GIM ST.................................66

1.19. M hnh trin khai....................................................................................66

1.20. Gii thiu m hnh ...................................................................................66

1.21. Nagios .....................................................................................................67

1.21.1. Ci t..............................................................................................67

1.21.2. Cu hnh Nagios ...............................................................................811.21.3. Kt qu gim st h thng ca Nagios ............................................106

1.22. Cu hnh CS-MARS v cc thit b gim st.........................................112

1.22.1. Cu hnh CS-MARS ........................................................................113

1.22.2. Cu hnh cc thit b giao tip vi CS-MARS .............................116

1.22.3. Kt qu gim st ca h thng CS-MARS ......................................129

1.23. So snh hai h thng Nagios v CS-MARS ...........................................132

1.24. nh gi h thng gim st trin khai da trn Nagios .........................1351.25. nh gi h thng gim st trin khai da trn CS-MARS ....................136

1.26. Tng kt................................................................................................136

THUT NG VIT TT & K HIU...............................................................................138

TI LIU THAM KHO...................................................................................................139


10/139


11/139

DANH MC CC HNH V

Hnh 2-1: M hnh hot ng gia NMS v Agent............................................................27

Hnh 2-2: M hnh trao i d liu gia NMS v Agent....................................................29

Hnh 2-3: S cy cc OID............................................................................................34

Hnh 2-4: S cc OID ca SMIv2.................................................................................37

Hnh 2-5: S chi tit OID..............................................................................................40

Hnh 2-6: M hnh hot ng ca SNMP..........................................................................42

Hnh 2-7: M hnh hot ng ca lnh get........................................................................42

Hnh 2-8: S ng i OID..........................................................................................45

Hnh 2-9: M hnh ly thng tin get-bulk...........................................................................46

Hnh 2-10: M hnh lnh set..............................................................................................47Hnh 2-11: M hnh gi Trap t Agent..............................................................................50

Hnh 3-12: Cc i tng cn gim st trn Nagios.........................................................54

Hnh 3-13: V d m t s c............................................................................................58

Hnh 3-14: Kim tra trng thi...........................................................................................60

Hnh 5-15: M hnh trin khai............................................................................................66

Hnh 5-16 Giao tip gia Nagios v Windows..................................................................81

Hnh 5-17: Phn mm NSClient++....................................................................................83

Hnh 5-18: Thng tin cc dch v trn Sample Client........................................................88

Hnh 5-19: Thng tin v Sample Client.............................................................................88

Hnh 5-20: Bng Interface ca plugin check_interface......................................................93

Hnh 5-21: Thng tin trng thi Dalat-CoreSW-1..............................................................96

Hnh 5-22: Thng tin cc dch v trn Dalat-CoreSW-1....................................................97

Hnh 5-23: Thng tin cc dch v trn DNS Server.........................................................104

Hnh 5-24: Thng tin trng thi DNS Server...................................................................105

Hnh 5-25: Thng tin cc dch v trn Web Server..........................................................105

Hnh 5-26: Thng tin trng thi Web Server....................................................................106

Hnh 5-27: Tnh trng h thng.......................................................................................107

Hnh 5-28: Danh sch cc thit b gim st.....................................................................107

Hnh 5-29: Danh sch cc dch v gim st....................................................................108

Hnh 5-30: Bo co v thit b Dalat-CoreSW-1..............................................................108

Hnh 5-31: Phn loi thit b theo nhm..........................................................................109

Hnh 5-32: Cc vn ca thit b gim st...................................................................109


12/139

Hnh 5-33: Cc cnh bo ca thit b..............................................................................110

Hnh 5-34: Tnh trng ca Nagios Server........................................................................111

Hnh 5-35: Cc cnh bo c sinh ra...........................................................................112

Hnh 5-36: Giao din ng nhp CS-MARS....................................................................113

Hnh 5-37: Cu hnh tn v IP cho CS-MARS................................................................113

Hnh 5-38: Cu hnh DNS...............................................................................................114

Hnh 5-39: Cc mc hot ng ca CS-MARS...............................................................114

Hnh 5-40: Danh sch cc thit b h tr bi CS-MARS.................................................115

Hnh 5-41: Phn in thng tin cho thit b.....................................................................115

Hnh 5-42: Thng tin cu cu hnh cho Cisco IOS 12.2..................................................116

Hnh 5-43: Thng tin cu cu hnh cho Cisco Switch IOS 12.2.......................................118

Hnh 5-44: Cu hnh cho IPS bt TLS v HTTP..............................................................118

Hnh 5-45: Cu hnh cho IPS cho php CS-MARS.........................................................119

Hnh 5-46: Cu hnh cho IPS..........................................................................................120

Hnh 5-47: Cu hnh cho ASA 7.0...................................................................................121

Hnh 5-48: Cu hnh Snare.............................................................................................122

Hnh 5-49: Cu hnh SNARE 2.......................................................................................122

Hnh 5-50: Cu hnh Local Security Settings..................................................................124

Hnh 5-51: Cu hnh cho my Windows..........................................................................125Hnh 5-52: Cu hnh thng tin ng nhp cho my Windows.........................................126

Hnh 5-53: Cu hnh SnareIIS.........................................................................................127

Hnh 5-54: Cu hnh cho WebServer..............................................................................127

Hnh 5-55: Cu hnh thng tin cho log.............................................................................128

Hnh 5-56: Cu hnh cho log trn CS-MARS...................................................................128

Hnh 5-57: Danh sch cc thit b...................................................................................129

Hnh 5-58: Min a ch gim st.....................................................................................129Hnh 5-59: Danh sch a ch t d tm...........................................................................130

Hnh 5-60: Cc quy tc trn CS-MARS...........................................................................130

Hnh 5-61: Cc bo co cn to trn CS-MARS.............................................................131

Hnh 5-62: S mng gim st....................................................................................131

Hnh 5-63: Bo co di dng th..............................................................................132


13/139

DANH SCH CC BNG BIU

Bng 1-1: Cc thit b v l do cn gim st.....................................................................21

Bng 2-2: Loi d liu ca trng SYNTAX.....................................................................36

Bng 2-3: Loi d liu trong SMIv2..................................................................................38

Bng 2-4: Cc trng d liu trong SMIv2.......................................................................38

Bng 2-5: Cc thng bo li trong SNMPv1.....................................................................48

Bng 2-6: Cc li trong SNMPv2......................................................................................50

Bng 2-7: Cc kiu Trap...................................................................................................52

Bng 5-8: So snh Nagios v CS-MARS........................................................................135


14/139

Kha Lun Tt Nghip Tm hiu trin khai gii php gim st mng

TM TT KHA LUN

VN NGHIN CUTm hiu giao thc qun l mng

Nghin cu cc chng trnh gim st h thng, dch v, hiu sut

mng da trn m ngun m.

Tm kim gii php gim st mng ti u.

Trin khai m hnh gim st h thng mng.

HNG TIP CN

Nghin cu l thuyt cc giao thc qun l h thng mng nh Simple

Network Management Protocol (SNMP). Trn c s l thuyt c c tin hnh

nghin cu cc gii php gim st h thng khc nhau.

ti c thc hin theo hng nghin cu h thng gim st bng m

ngun m v tin hnh trin khai th nghim h thng gim st bng cc phn mm

m ngun m trn h thng mng trng i hc Lt.

Bn cnh tin hnh nghin cu h thng gim st bng cc thit b phn

cng chuyn dng. ng thi trin khai th nghim h thng gim st bng cc

thit b chuyn dng trn h thng mng trng i hc Lt.

T vic trin khai hai h thng trn, rt ra kt lun v mi h thng v a ra

nh gi v tng h thng da trn cc tiu ch khc nhau.

B CC KHA LUN

Chng 1: Tng quan v tm quan trng ca vic gim st h thng

Chng ny trnh by v mc quan trng ca vic gim st h thng trong

th gii hin ti. Nu ln nhng hiu bit v h thng mng. a ra cc mc tiu

cn gim st v l do ti sao. ng thi cung cp thng tin v cc l do hng u

cho vic ti sao cn thit phi trin khai mt h thng gim st. Chng ny cng

a ra c nhng yu t cn thit cho mt h thng gim st ti u.

Trang 14


15/139


Chng 2: L thuyt SNMP

Gii thiu cho ngi c giao thc SNMP l g, cc phin bn ca SNMP,

cc yu t cn phi c trong giao thc SNMP. Bn cnh cng i su vo l

thuyt SNMP, cung cp thng tin v nhng ni dung ca SNMP cng nh cch

thc hot ng ca giao thc ny.

Chng 3: Nagios Core

Trnh by v phn mm m ngun m Nagios Core, li ch ca vic s dng

Nagios Core, cc chc nng chnh ca phn mm, cch hot ng ca phn mm

i vi h thng.

Chng 4: CS-MARS

Gii thiu v thit b CS-MARS. Trnh by cc chc nng chnh ca thit b,

cc thut ng c s dng v cch hot ng ca thit b, cch lm vic ca thit

b vi cc thit b khc trong h thng. ng thi nu cch gim st cc thit b,

dch v trong h thng.

Chng 5: Trin khai v nh gi

a ra m hnh trin khai. T tin hnh ci t v cu hnh Nagios Core

v CS-MARS tin hnh gim st trn m hnh ra. Sau khi trin khai v

chy th nghim t rt ra c nh gi v u nhc im ca tng h thng.

KT QU T C

Trin khai thnh cng h thng gim st bng phn mm m ngun

m Nagios Core.

Trin khai thnh cng h thng gim st bng thit b phn cng

chuyn dng ca Cisco CS-MARS.

C cc kin thc v gim st h thng, cc giao thc qun l mng.

Cu hnh Router, Switch, CS-MARS, Nagios, ASA, IPS, Windows,

Linux phc v cho qu trnh gim st.

Trang 15


16/139


17/139


L ngi qun tr th cn phi bit nhng g ang xy ra trn h thng ca

mnh vo mi lc, bao gm thi gian thc. Nm bt mi thng tin lch s v s

dng, hiu sut, v tnh trng ca tt c cc ng dng, thit b, v tt c d liu trn

mng. Chnh v vy vic gim st h thng l mt cng vic v cng quan trng vcp thit i vi mi t chc, doanh nghip, c quan.

NGHA KHOA HC V THC TIN

ngha khoa hc

o Cung cp l thuyt v gim st h thng.

o Ch ra tm quan trng ca vic gim st h thng.

o Cung cp ly thuyt v cc giao thc gim st.

ngha thc tin

o Ch ra cc u nhc im ca cc h thng gim st khc nhau.

o a ra gii php gim st ti u cho mt h thng thch hp.

MC CH NGHIN CU

Nghin cu, trin khai cc gii php thch hp gim st hot ng, dch

v trong mi trng mng v ti nguyn ca h thng. Thng qua c th pht

hin cc nguy c, mi e da n h thng trong thi gian sm nht c phng

n khc phc kp thi, nhm gim thiu nh hng v tng hiu qu lm vic ca h

thng mng.

I TNG HNG N

Tt c cc t chc, cc c quan, cc doanh nghip , ang v s p dng cng ngh

thng tin cho cc hot ng ca mnh.

PHM VI NGHIN CU

Trong kha lun ny ch yu tp trung nghin cu cc vn sau:

Tm hiu v gim st h thng.

Trin khai cc h thng gim st khc nhau trn cng mt c s htng ch ra u nhc im ca cc h thng gim st.

Trang 17


18/139


CHNG 1. TNG QUAN V TM QUAN TRNG

CA VIC GIM ST H THNG

1.1. Gii thiu

Tt c cc t chc, cc doanh nghip u khc nhau, nhng s nh hng

ca h thng mng i vi hot ng ca doanh nghip hu nh khng thay i.

Thc t, khi doanh nghip pht trin, mng li pht trin khng ch v quy m v

tnh phc tp, m cn trong ngha v gi tr. Rt nhanh chng, mng khng ch h

tr cc cng ty, m n chnh l i din cho cng ty. iu ny l hin nhin i vi

cc t chc m hot ng ca h ph thuc vo mng. Tuy nhin, cp c bnnht, mng c th xem nh l s hp tc, giao tip, v thng mi - tt c mi th

m gi cho mt doanh nghip hot ng v pht trin. l ni cc ng dng kinh

doanh c t chc, v l ni m cc thng tin quan trng ca khch hng, sn

phm, v thng tin kinh doanh c lu tr.

Vi mt ngun ti nguyn quan trng nh vy th vic m bo cho ngun

ti nguyn ny c th hot ng lin tc l mt vn thit yu. V y cng l mt

thch thc bi v c rt nhiu mi nguy c tim tng nh hackers, tn cng t chi

dch v, virus, mt cp thng tin e da n h thng ca t chc hay doanh nghip

dn ti vic h thng ngng hot ng, mt d liu lm gim tin cy cng nh

li ch thu c t h thng. Ngoi ra, cc h thng mng ngy cng pht trin

mnh, vi cng ngh mi, thit b mi, v cc cu trc mi, chng hn nh o ha

hay kin trc hng dch v.

Qun l mng l mt lnh vc rng tch hp cc chc nng gim st thit b,qun l ng dng, an ninh, bo tr, dch v, x l s c, v cc nhim v khc s

l l tng nu tt c cc cng vic c iu phi v gim st bi mt qun tr

vin mng ng tin cy v c kinh nghim. Tuy nhin, ngay c nhng qun tr mng

c kh nng hiu bit nht ch c c cc thng tin v h thng m c th nhn

thy. Qun tr vin cn phi bit nhng g ang xy ra trn mng ca h vo mi

lc, bao gm thi gian thc v thng tin lch s v s dng, hiu sut, v tnh trng

ca tt c cc ng dng, thit b, v tt c d liu trn mng.

Trang 18


19/139


y l lnh vc gim st mng, l chc nng quan trng nht trong qun l

mng. Cch duy nht bit c tt c mi th trn mng ang hot ng nh th

no l phi gim st n lin tc.

1.2. Hiu bit v h thng

Trong th gii hin ti chng ta c th khng khi b ng trc phc tp

ca h thng mng. Cc thit b nh router, switch, hub kt ni v s cc my

con n cc dch v trn my ch cng nh ra ngoi Internet. Thm vo l rt

nhiu cc tin ch bo mt v truyn thng c ci t bao gm c tng la,

mng ring o, cc dch v chng spam th v virus. S hiu bit v cu trc ca h

thng cng nh c c kh nng cnh bo v h thng l mt yu t quan trngtrong vic duy tr hiu sut cng nh tnh ton vn ca h thng. C hng ngn kh

nng c th xy ra i vi mt h thng v qun tr vin phi m bo c rng

cc nguy c xy ra c thng bo mt cch kp thi v chnh st.

H thng mng khng cn l mt cu trc cc b ring r. N bao gm

Internet, mng cc b (LAN), mng din rng (WAN), v tt c cc thit b, my

ch, ng dng chy trn h thng . D cho php ngi dng truy cp v chia s

thng tin, s dng cc ng dng, v giao tip vi nhau v vi th gii bn ngoi

bao gm c ging ni, d liu, hoc hnh nh th v bn cht vn l mng li h

thng.

Mt h thng mng thng c ngi dng bn trong v bn ngoi, bao gm

nhn vin, khch hng, i tc v cc bn lin quan. Ti u hiu sut mng nh

hng n t chc theo cc cch khc nhau. V d, nu nhn vin khng th truy

cp cc ng dng v thng tin m h cn dng lm vic th s nh hng n

nng xut cng vic. Hoc khi khch hng khng th hon thnh giao dch trc

tuyn, iu ny c ngha l mt doanh thu v nh hng ti uy tn ca t chc.

Ngay c khi cc bn lin quan nh cc nh u t khng th tm kim, xem xt cc

thng tin ca t chc cng gy nh hng ti t chc.

Thc t l mng rt phc tp v d sai v mi thnh phn trong mng i

din cho mt nguy c nh hng n h thng. cng l l do ti sao n cn thitphi c gim st gim thiu ti a cc nguy c tim tng. Tuy nhin khng

Trang 19


20/139


phi mi vn u c th c gii quyt mt cch ch ng trc bt k du

hiu cnh bo no. Nhng nu ta c th gim st h thng trong thi gian thc th

c th xc nh cc vn trc khi chng tr nn nguy him hn. V d, mt my

ch b qu ti c th c thay th trc khi n b treo. iu ny s lm gim thiucc nguy c i vi h thng v tng hiu sut lm vic ca h thng. Vi mt h

thng gim st, ta s bit c tnh trng ca tt c cc thit b trn mng m khng

cn phi kim tra mt cch c th tng thit b v cng nhanh chng xc nh chnh

xc vn khi cn thit.

1.3. Cn phi gim st nhng g v ti sao

i vi mt h thng mng, iu quan trng l c c thng tin chnh xcvo ng thi im. Tm quan trng chnh l nm bt thng tin trng thi ca thit

b vo thi im hin ti, cng nh bit c thng tin v cc dch v, ng dng ca

h thng.

Bng sau y cha cc i din ca mt vi thng tin trng thi h thng m

ta phi bit v l do ti sao.

Cn gim st g Ti sao

Tnh sn sng ca cc thit b (router,

switch, server,).

y l nhng thnh phn ch cht gi

cho mng hot ng.

Tnh sn sng ca cc dch v quan

trng trn h thng.

Ton b h thng khng c php

ngng hot ng dn ti vic mt mt

d liu hay email, hay cc dch v nh

HTTP, FTP d ch l 1 gi cng c thnh hng nghim trng ti t chc.

Dung lng a cn trng trn my ch. Cc ng dng i hi dung lng a.

Chnh v vy cn gim st thng tin ny

c th x l kp thi khng nh

hng ti cc ng dng quan trng.

Trang 20


21/139


Phn trm trung bnh mc ti ca cc

router.

Cn nng cp h thng trc khi xy ra

qu ti dn ti nh hng h thng.

Mc trung bnh ti ca b nh v b x

l trn cc my ch quan trng.

Nu b nh hay b x l b s dng ht

s lm ngng tr h thng.

Chc nng ca firewall, chng virus,

cp nht server, chng spyware,

malware.

Cn phi m bo an ninh cho h

thng.

Lng d liu vo v ra ca router. Cn xc nh chnh xc thng tin lng

d liu trnh qu ti h thng.

Cc s kin c vit ra log nh

WinEvent or Syslog.

C th thu c thng tin chnh xc cc

hin tng xy ra trong h thng.

SNMP traps nh l nhit trong

phng my ch hay thng tin my in.

Ta c th bit c thng tin v my in

b h hng hay cn thay mc trc khi

c ngi dng bo cng nh m

bo my ch khng b qu nng.

Bng 1-1: Cc thit b v l do cn gim st

Khi c s c xy ra, ta cn phi c cnh bo ngay lp tc, hoc thng qua

cc cnh bo bng m thanh, qua mn hnh hin th, qua email t ng c to ra

bi chng trnh gim st. Ta bit cng sm nhng g ang din ra v c cng nhiu

cc thng tin y trong cc cnh bo th cng sm c th khc phc cc s c .

10 l do hng u cho vic cn thit phi s dng h thng gim st mng:

Bit c nhng g ang xy ra trn h thng: gii php gim st h

thng cho php c thng bo tnh trng hot ng cng nh ti nguyn

ca h thng. Nu khng c nhng chc nng ny ta phi i n khi ngi

dng thng bo.

Ln k hoch cho vic nng cp, sa cha: nu mt thit b ngng

hot ng mt cch thng xuyn hay bng thng mng gn chm ti

ngng th lc ny cn phi c s thay i trong h thng. H thng gim st

Trang 21


22/139


mng cho php ta bit c nhng thng tin ny c th c nhng thay i

khi cn thit.

Chn on cc vn mt cch nhanh chng: gi s my ch ca ta

khng th kt ni ti c. Nu khng c h thng gim st ta khng th bit

c nguyn nhn t u, my ch hay router hay cng c th l switch.

Nu bit c chnh xc vn ta c th gii quyt mt cch nhanh chng.

Xem xt nhng g ang hot ng: cc bo co bng ha c th

gii thch tnh trng hot ng ca h thng. l nhng cng c rt tin li

phc v cho qu trnh gim st.

Bit c khi no cn p dng cc gii php sao lu phc hi: vi cc cnh bo cn thit ta nn sao lu d liu ca h thng phng trng hp

h thng c th b h hi bt k lc no. Nu khng c h thng gim st ta

khng th bit c vn xy ra khi qu tr.

m bo h thng bo mt hot ng tt: cc t chc tn rt nhiu

tin cho h thng bo mt. Nu khng c h thng gim st ta khng th bit

h thng bo mt ca ta c hot ng nh mong i hay khng.Theo di hot ng ca cc ti nguyn dch v trn h thng: h

thng gim st c th cung cp thng tin tnh trng cc dch v trn h thng,

m bo ngi dng c th kt ni n ngun d liu.

c thng bo v tnh trng ca h thng khp mi ni: rt nhiu

cc ng dng gim st cung cp kh nng gim st v thng bo t xa ch

cn c kt ni Internet.

m bo h thng hot ng lin tc: nu t chc ca ta ph thuc

nhiu vo h thng mng, th tt nht l ngi qun tr cn phi bit v x l

cc vn trc khi s c nghim trng xy ra.

Tit kim tin: vi tt c cc l do trn, ta c th gim thiu ti a

thi gian h thng ngng hot ng, lm nh hng ti li nhun ca t

chc v tit kim tin cho vic iu tra khi c s c xy ra.

Trang 22


23/139


1.4. Nhng yu t cn thit cho mt h thng gim st

hiu c v h thng, ta cn mt gii php gim st c th cung cp

cc thng tin quan trng trong thi gian thc v bt c u cng nh bt c thi

im no. i vi cc doanh nghip, t chc th cn cc gii php n gin trin

khai, s dng. Cn mt gii php vi kh nng ton din v ng tin cy. Nu mt

doanh nghip yu cu tnh sn sng cao, th ta cn mt gii php tin cy c

trin khai v chng minh l hot ng tt.

Cn nh l chng ta cn gim st rt nhiu thit b trn h thng v phi thu

thp rt nhiu thng tin lin quan. Chnh v vy cn mt gii php hin th thng

nh bn mng, bo co d liu, cnh bo, s c. Bn cnh vic x l s c ddng hn, iu ny s gip ta tn dng mng li d liu hiu c cc xu

hng trong vic s dng thit b, s dng mng, v dung lng mng tng th

thit k hiu qu mng li h thng.

Cnh bo l mt phn rt quan trng nhng cng cn c nhng cnh bo

chnh xc vo nhng thi im thch hp. H thng gim st cn c kh nng truy

cp t xa m bo cho vic gim st c th tin hnh ngay khi cn thit.

Cui cng, chng ta cn mt h thng c th h tr nhiu phng php gim

st trn cc thit b khc nhau. SNMP l mt cng ngh linh hot cho php qun l

v gim st cc thit b khc nhau. Cn m bo rng h thng gim st ca ta c h

tr giao thc ny.

1.5. Tng kt

Trong th gii hin ti, vic thc hin trin khai mt h thng gim st tonb cc thit b mng l vic cp thit cho tt c cc doanh nghip, t chc. Vic

trin khai h thng gim st nhm ti u ha h thng mng, tng cng an ninh

mng, v c th gii quyt cc s c kp thi.

Trang 23


24/139


CHNG 2. GIAO THC QUN L MNG N

GIN

1.6. SNMP l g?

Trong th gii hin ti vi mt mng li gm cc b nh tuyn (Router),

b chuyn mch (Switch), my ch (Server) v cc my trm (Workstation),

dng nh l mt vn kh khn cho vic qun l tt c cc thit b mng v m

bo chng lm vic tt cng nh hot ng ti u. h tr cho qu trnh qun l

qun l ngi ta cho pht trin giao thc qun tr mng n gin (Simple Network

Management Protocol) vit tt l SNMP. SNMP c gii thiu vo nm 1988 p ng cho nhu cu ngy cng tng ca vic qun tr cc thit b s dng giao thc

internet (Internet Protocol). SNMP cung cp mt tp cc lnh n gin cho php

vic qun l cc thit b t xa.

1.6.1. Qun l v gim st mng

Ct li ca SNMP l mt tp cc lnh n gin cho php ngi qun tr c

kh nng thay i trng thi ca cc thit b c qun l. V d nh c th s dng

SNMP tt mt cng trn router hay kim tra tc ca cng . SNMP c th

gim st nhit ca cc thit b v cnh bo khi nhit qu cao.

SNMP thng c kt hp vi qun l router nhng giao thc ny cn c

th dng qun l nhiu loi thit b khc. Trong khi ngi tin nhim ca SNMP

l Simple Gateway Management Protocol (SGMP) c pht trin qun l b

nh tuyn th SNMP c th dng qun l cc h thng Linux, Windows, my in,

modem v bt k thit b no c th chy phn mm cho php gi thng tinSNMP th c th c qun l.

Mt kha cnh khc ca qun l l gim st, iu ny c ngha l theo di

ton b mng. Gim st mng t xa (Remote Network Monitoring - RMON) c

pht trin gip chng ta hiu chc nng ca mng cng nh cc thit b khc nh

hng n ton b mng. RMON c th dng gim st lu lng mng LAN v

c cc cng mng WAN.

Trang 24


25/139


Trc v sau khi c SNMP

Gi s chng ta c mt mng gm 100 my trm s dng cc h iu hnh

khc nhau. Trong c cc my l my ch cha d liu, cc my khc th c kt

ni vi my in, cn li l cc my trm c nhn. Thm vo l cc b nh tuyn

v b chuyn mch. H thng mng c kt ni Internet.

iu g xy ra khi mt trong cc my ch cha d liu ngng hot ng?

Nu n xy ra vo gia tun th mi ngi c th thng bo cho ngi qun tr

mng sa cha. Nhng nu n xy ra vo cui tun khi mi ngi v nh bao

gm c qun tr mng th sao?

l l do ti sao chng ta cn SNMP. Thay v phi c ai thng bo rngh thng c vn th SNMP cho php ta gim st h thng mt cch lin tc k c

khi ta khng c . V d, SNMP s thng bo s gi tin b h ngy cng tng

trn b nh tuyn c th x l trc khi vn nghim trng xy ra. Ta c th

cu hnh c cnh bo t ng cc vn trong h thng mng ca mnh.

1.6.2. RFCs v cc phin bn SNMP

T chc Internet Engineering Task Force (IETF) chu trch nhim cho vicnh ngha cc chun giao thc hot ng trong mi trng mng, bao gm c

SNMP. IETF pht hnh cc ti liu Requests for Comments (RFCs) ch r cc giao

thc tn ti trong mi trng IP. IETF cng b cc phin bn ca SNMP nh

sau:

SNMP Version 1 (SNMPv1) c nh ngha trong RFC 1157. Kh

nng bo mt ca SNMPv1 da trn nguyn tc cng ng, cho php bt c

ng dng no chy SNMP cng c th truy xut thng tin ca cc thit b

chy SNMP khc. C 3 tiu chun l: read-only, read-write, v trap.

SNMP Version 2 (SNMPv2): tnh bo mt ca phin bn ny da trn

chui community. Do phin bn ny cn c gi l SNMPv2c v

c nh ngha trong RFC 1905,1906,1907.

SNMP Version 3 (SNMPv3): c nh ngha trong cc RFC 1905,

1906, 1907, 2571, 2572, 2573, 2574, v 2575. Phin bn ny h tr chc

Trang 25


26/139


thc mnh, cho php truyn thng ring t gia v c xc nhn gia cc thc

th.

1.6.3. Managers v Agents

Trong mi trng SNMP c 2 loi thc th l: managers v agents. Manager

l mt my ch chy cc phn mm qun l. Managers thng thng c xem nh

l Network Management Stations (NMSs). Mt NMS chu trch nhim cho vic

Poll v nhn Traps t cc agent trong mng.

Poll l mt hnh ng truy vn agent (router, switch, Unix server,) ly

cc thng tin cn thit.

Trap l cch agent thng bo cho NMS bit chuyn g xy ra. Trapkhng c gi mt cch ng b ngha l n khng chu trch nhim hi bo cc

truy vn ca NMS m ch thng bo khi c vn xy ra. V d, khi mt lin kt T1

ca router b mt kt ni, router c th gi mt Trap n NMS.

Thc th th hai l Agent: l mt phn mm chy trn thit b mng cn

qun l. N c th l mt chng trnh ring bit hoc cng c th c tch hp

vo h iu hnh (v d nh Cisco IOS trn router hay mt h iu hnh cp thpqun l UPS-b tch in). Ngy nay, hu ht cc thit b hot ng da trn nn

tng IP u i km vi cc phn mm SMNP agent gip ngi qun tr c th qun

l thit b mt cch d dng. Agent cung cp thng tin cho NMS bng cch theo di

cc hot ng ca thit b. V d, agent trn router theo di trng thi cc cng ca

router. NMS c th truy vn trng thi ca cc cng ny v c hnh ng thch hp

khi nu nh mt trong cc cng xy ra vn . Khi agent pht hin c vn xy ra

trn thit b n c th gi trap n NMS. Mt vi thit b s gi hi bo all cleartrap khi c s chuyn i t trng thi xu sang tt. iu ny cng c th c ch

trong vic xc nh vn c gii quyt. Hnh bn di m t mi quan h

gia NMS v Agent.

Trang 26


27/139


Hnh 2-1: M hnh hot ng gia NMS v Agent

iu quan trng cn phi xc nh r l Poll v Trap c th xy ra cng lc.

Khng c hn ch no khi NMS truy vn Agent v Agent gi trap n NMS.

1.6.4. Structure of Management Information v MIBSStructure of Management Information (SMI) cung cp cch nh ngha cc

i tng c qun l v hnh vi ca chng. Mt agent s hu mt danh sch cc

i tng m n theo di (cc i tng c th l trng thi hot ca mt cng

trn router hay dung lng cng my tnh). Danh sch ny nh ngha chung

cc thng tin m NMS c th dng xc nh tnh trng ca thit b m agent tn

ti.

Management Information Base (MIB) c th xem ging nh l c s d liu

ca cc i tng c qun l m agent theo di. Bt k tnh trng hay thng tin

thng k no c th c truy cp bi NMS th c nh ngha trong mt MIB.

SMI cung cp cch thc nh ngha i tng qun l, trong khi MIB l s

nh ngha chnh xc i tng (dng c php ca SMI).

Mt agent c th thc hin nhiu MIB nhng tt c cc agent u thc hin

MIB c bit l MIB-II (RFC 1213). Mc nh chnh ca MIB-II l cung cp thng

tin qun l chung ca TCP/IP. N khng bao gm tt c cc thng tin c bit m

nh sn xut thit b mun qun l. Ngi ta cn qun l rt nhiu thit b v mi

thit b c sn xut c cc tnh nng ring. l l do ti sao cho php nh sn

xut v c nhn c php nh ngha MIB ca ring h. V d nh sn xut bn

router mi. Agent tch hp bn trong router s hi p cc yu cu t NMS m

c nh ngha chung trong MIB-II. Thm vo router s c thm cc chc nng

Trang 27


28/139


mi nhng khng c nh ngha trong bt k chun MIB no. Chnh v th nh

sn xut phi nh ngha MIB ca ring h.

1.6.5. Qun l my trm

Vic qun l cc ti nguyn ca my trm (nh dung lng a cng, b nh

s dng) l mt phn quan trng trong vic qun l mng. Host Resources

MIB nh ngha mt tp cc i tng gip cho vic qun l cc h thng Unix v

Windows (tt c cc h thng chy SNMP agent u c th qun l khng ch ring

Unix v Windows).

1.7. Chi tit v SNMP

1.7.1. SNMP v UDP

SNMP s dng User Datagram Protocol (UDP) truyn ti d liu gia

managers v agents. UDP, c nh ngha trong RFC 768, c chn s dng

trong SNMP thay v Transmission Control Protocol (TCP) bi v n l giao thc phi

kt ni, ngha l khng c kt ni im ti im gia agent v NMS khi d liu

c truyn qua li. iu ny lm cho giao thc SNMP khng ng tin cy v

khng c kh nng pht hin khi d liu b mt. Do SNMP phi c cch phthin d liu truyn c b mt khng v truyn li d liu nu cn thit. n gin ch

ph thuc vo thi gian ch. Khi NMS gi yu cu n agent v ch hi bo. Thi

gian ch ca NMS ph thuc vo cu hnh ca ngi qun tr. Nu ht thi gian

ch v NMS khng nhn c thng tin phn hi t agent n s gi li yu cu. S

ln gi li cng ph thuc vo cu hnh ca ng dng SNMP.

Dng nh khng quan trng khi SNMP s dng UDP lm giao thc truyn

nhn d liu, nhng li gp kh khn khi agent gi trap cho NMS, v khng c cch

no NMS bit chuyn g xy ra khi agent gi trap m trap li khng n c

NMS v agent cng khng bit c cn phi gi li trap khng, do NMS khng gi

li hi bo cho agent khi nhn c trap.

Mt khc do UDP s dng t ti nguyn nn vic nh hng n hiu xut

mng thp. SNMP tng c trin khai trn TCP nhng dng nh l mt

mi trng khng thch hp do tnh hng kt ni ca giao thc ny.

Trang 28


29/139


SNMP dng cng UDP 161 gi v nhn yu cu, UDP 162 nhn trap.

Tt c cc thit b s dng SNMP phi dng 2 cng mc nh ny, nhng mt vi

nh sn xut cho php ta thay i cng trn cu hnh ca agent. Nu cu hnh mc

nh b thay i, NMS phi thay i ph hp vi cu hnh trn agent.

Hnh 2-2: M hnh trao i d liu gia NMS v Agent

Hnh trn m t m hnh TCP/IP, l m hnh c bn cho tt c cc qu trnh

truyn thng TCP/IP. Ngy nay, tt c cc thit b mun tham gia vo qu trnh

truyn thng trn Internet u phi tun theo b giao thc ny. Khi NMS hay agent

mun thc hin truyn thng phi theo cc tun t sau:

Trang 29


30/139


Application: u tin, ng dng SNMP (NMS hay agent) quyt nh

phi lm g. V d, n c th gi mt yu cu SNMP n agent, gi hi p

yu cu SNMP (c th c gi t agent), hay gi mt trap n NMS. Tng

ng dng cung cp dch v cho ngi dng cui, chng hn nh ngi iuhnh yu cu thng tin trng thi ca mt cng trn switch.

UDP: lp tip theo trong m hnh TCP/IP, UDP cho php 2 host

truyn thng vi nhau. Ni dng ca UDP header cha nhiu thng tin,

trong c cng ca thit b m n gi yu cu hay trap. Cng ch c th l

161 (truy vn) hoc 162 (trap).

IP: lp IP c gng truyn cc gi SNMP ti a ch ch c yucu.

Medium Access Control (MAC): s kin cui cng phi xy ra cho

mt gi SNMP c th n c ch l tng vt l, ni gi tin c nh

tuyn truyn ti ch. Lp MAC bao gm phn cng v trnh iu khin

thit b a d liu ti ch. Lp MAC cng chu trch nhim cho vic nhn

gi tin t tng vt l v chuyn gi tin ln tng trn tip theo trong m hnh

TCP/IP.

c th d hiu ta s ly mt v d m t. Gi s ta mun gi th

cho mt ngi bn xa mi ngi ti nh vo ma h ny. Bng cch

quyt nh gi mt l th mi, ta thc hin ging nh mt chng trnh

SNMP. in vo ba th a ch ca ngi nhn ging nh chc nng ca

lp UDP l xc nh cng ch trong UDP header, trong trng hp ny l

a ch ca ngi nhn. Dn tem v b vo thng th ngi a th ly iging nh chc nng ca lp IP. Hnh ng cui cng khi ngi a th

n v ly l th. T y l th c gi n ch, l hp th ca ngi bn.

Lp MAC ca my tnh ging nh xe a th hay my bay mang th. Khi

ngi bn nhn c th, ngi cng s thc hin mt qu trnh tng t

nh vy hi p.Thng qua v d trn s l ta hnh dung cch thc gi tin

c truyn.

Trang 30


31/139


1.7.2. SNMP Communities

SNMPv1 v SNMPv2 s dng khi nim community thit lp s tin

tng gia manager v agent. Mt agent c cu hnh vi 3 mc: read-only, read-

write, v trap. Tn community c th c xem nh mt khu. C 3 chuicommunity kim sot cc loi hot ng khc nhau. Ging nh tn ca chng, ta c

th thy, chui read-only ch cho php ta c gi tr ca d liu v khng cho php

thay i cc gi tr . V d, cho php c s gi d liu truyn thng trn mt

cng ca router nhng khng cho php ta xa hay thay i gi tr . Chui read-

write cho php c v thay i gi tr d liu. Cui cng, chui trap cho php nhn

traps t agent.

Hu ht cc nh sn xut bn thit b ca h trong chui community c

gn mc nh, thng thng public ngha l read-only v private l read-write.

Chng ta nn thay i gi tr mc nh ny trc khi s dng thit b m bo

tnh bo mt cho truyn thng SNMP gia cc thit b. Khi cu hnh mt SNMP

agent, ta s mun cu hnh a ch trap, l a ch m thit b s gi trap n. Thm

vo , do chui community c gi dng bn r, ta nn cu hnh agent gi mt

chng thc SNMP trap, khi c ai c gng truy vn thng tin thit b s khngbit c gi tr ca chui community nn khng th truy vn thnh cng. iu ny

gip tng tnh bo mt h thng.

Do bn cht ca chui community ging nh mt khu v th ta nn p dng

cc quy tc t mt khu an ton: t khng c trong t in, di ln, kt hp k

t hoa, thng, c bit Nh cp trn, chui community c gi di

dng khng m ha nn rt d ngi khc bit c, do giao thc SNMPv3

c nhiu ci tin nhm tng tnh bo mt cho h thng trong qu trnh truyn

thng gia cc thit b SNMP.

C nhiu cch gim nguy c b tn cng. S dng tng la hay b lc

gi tin c th gim thiu c hi ngi khc gy hi n h thng bng cch tn cng

thng qua SNMP. V d, ta c th cho php truyn thng trn cng UDP 161 (truy

vn SNMP) trong mng ch khi n n t a ch IP ca my NMS, tng t vi

Trang 31


32/139


cng UDP 162 cho gi tin trap. Tng la khng th ngn chn 100% nguy c b

tn cng, n ch gp phn gim thiu nguy c b tn cng cho h thng.

iu quan trng cn bit l mt khi c ngi bit c chui community

read-write trn cc thit b, ngi ny c th chim quyn iu khin cc thit b

(nh thay i cu hnh ca router hay switch). C mt cch m bo chui

community l s dng Virtual Private Network (VPN) m bo d liu c m

ha khi truyn. Mt cc khc l thay i chui community thng xuyn (cch ny

khng kh thi trong mi trng mng ln). Mt gii php n gin l vit mt Perl

script thay i chui community trn thit b.

1.7.3. Structure of Management Information (SMI)Structure of Management Information Version 1 (SMIv1, RFC 1155) nh

ngha mt cch chnh xc lm cch no qun l mt i tng c t tn v

ch ra mi quan h gia chng. Structure of Management Information Version 2

(SMIv2, RFC 2578) cung cp phng thc ci tin cho SNMPv2.

nh ngha ca cc i tng c qun l c th m t qua 3 thuc tnh

sau:

Name: hay cn gi l object identifier(OID), nh ngha duy nht mt

i tng qun l. Tn thng xut hin di 2 dng: s v loi c th c

(human readable). Trong c 2 dng trn, tn thng di v khng thun tin.

Trong cc ng dng SNMP, c nhiu cch h tr cho vic c tn ny

mt cch thun tin.

SYNTAX: loi d liu ca i tng c qun l c nh ngha

bng cch s mt tp cc k hiu Abstract Syntax Notation One (ASN.1).

ASN.1 l phng php ch ra cch d liu c biu din v truyn gia

manager v agent. Mt c im thun tin ca ASN.1 l cc k hiu c

lp. iu ny c ngha cc h thng khc nhau u c th truyn thng

SNMP vi nhau.

Encoding: mt i tng qun l c m ha thnh 1 chui cc

octets s dng Basic Encoding Rules (BER). BER nh ngha cch i tng

Trang 32


33/139


c m ha v gii m chng c th truyn thng qua mi trng

Ethernet.

1.7.3.1 t tn OIDs

Cc i tng qun l c t chc thnh cu trc dng cy. Cu trc ny l

c s t tn cho cc i tng. Mt OID c to thnh bng 1 chui cc s

nguyn da trn cc nt trn cy cu trc, c chia cch bi du chm (.). C mt

hnh thc khc thun tin c hn l mt chui s l t tn trn tng nt ca

cy.

Hnh di m t vi cp ca cy i tng bt u t root node. Trong cy

di, nu mt nt khng c nt con th gi l l, ngc li gi l nhnh. V d, btu cy l root, di root c ccitt, iso v joint. Trong hnh minh ha, duy nht iso l

nhnh, cn ccitt v joint l l. Trong v d, ta ch nhnh:

iso(1).org(3).dod(6).internet(1)c OID l 1.3.6.1,

Mi i tng qun l c 1 OID ring.

Cc doanh nghip, c nhn c th nh ngha OID ca mnh bng cch ng

k vi t chc IANA t chc ang qun l danh sch cc OID.

Trang 33


34/139


Hnh 2-3: S cy cc OID

1.7.3.2 nh ngha OIDs

Trong SMIv1 nh ngha mt OID ta cn khai bo cc thng tin sau:

SYNTAX, ACCESS, STATUS, DESCRIPTION

V d v mt khai bo OID:

ifTable OBJECT-TYPE

SYNTAX SEQUENCE OF IfEntry

ACCESS not-accessible

STATUS mandatory

DESCRIPTION

"A list of interface entries. The number of entries is

given by the value of ifNumber."

::= { interfaces 2 }

Trang 34


35/139


Loi d liu ca trng SYNTAX trong SMIv1 c m t trong bng sau:

Cc loi d liu ca SMIv1Loi d liu M t

Integer

L mt s 32-bit thng dng nh l loi d liu lit k

trong cc i tng. V d: trng thi hot ng ca 1

cng trn router 1: up, 2: down, 3: testing. Gi tr 0

khng c s dng nh l loi d liu lit k (theo

RFC 1155).

Octet String

L mt chui cc s thng dng i din cho 1

chui text, thnh thong cng dng i din cho 1

chui a ch vt l.

Counter

L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).

Khi n gi tr ti a, s ny tr v 0 v bt u li t

u. Thng dng theo di thng tin nh l s bit

gi v nhn trn mt interface. Counter l mt s t

tng v khng bao gi gim. Khi agent khi ng li th

Counter cng tr v gi tr 0.

Object Identifier

L mt chui cc s h 10 cch nhau bng du chm (.)

i din cho mt i tng trn cy i tng. V d:

1.3.6.1.4.1.9 i din cho OID ca Cisco.

Null Hin ti khng s dng trn SNMP.

Sequencenh ngha danh sch cha s 0 v cc loi d liu

ASN.1 khc.

Sequence ofnh ngha mt i tng c qun l m c to

nn bi loi ASN.1.

IpAddress L mt s 32-bit i din cho a ch IPv4 .

NetworkAddress Cng ging nh IpAddress nhng cc th i din cho

Trang 35


36/139


cc loi a ch mng khc.

Gauge

L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).

Khng ging nh Counter, Gauge c th tng v gim

nhng n khng bao gi c th t n gi tr ti a. V

d: tc ca interface trn router c th i din bng

Gauge.

Timeticks

L mt s 32-bit c gi tr t 0 - 232-1 (4 294 967 295).

L gi tr o lng thi gian tnh bng phn trm giy.

Gi tr uptime ca thit b c th i din bng loi d

liu ny.

Opaque

Cho php bt truyn mt gi tr t do c kiu ty

nhng c ng li thnh tng Octet String theo quy

nh ca ASN.1

Bng 2-2: Loi d liu ca trng SYNTAX

Mc ch ca cc loi d liu trn l nh ngha mt i tng c qun l.

iu ny rt quan trng c v hiu tp tin MIB.

1.7.4. SMI version 2

SMIv2 l phin bn m rng ca SMI bng cch thm nhnh snmpV2 vo

nhnh internet.

Trang 36


37/139


Hnh 2-4: S cc OID ca SMIv2

OID cho nhnh mi l: 1.3.6.1.6.3.1.1 hay l

iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects

nh ngha ca cc i tng trong SMIv2 c mt t thay i so vi SMIv1.Do c th kim sot i tng tt hn.

Cc kiu d liu mi trong SMIv2

Loi d liu M t

Integer32 Ging nh Integer

Counter32 Ging nh Counter

Gauge32 Ging nh Gauge

Trang 37


38/139


Unsigned32 C gi tr t 0 - 232-1

Counter64 Ging nh Counter nhng c gi tr trong khong t 0-

264-1.

BITS Kiu d liu lit k khng m dng bit

Bng 2-3: Loi d liu trong SMIv2

Cc trng mi c thm vo trong SMIv2 c m t trong bng sau:

Cc nh ngha ci tin trong SMIv2

nh ngha i tng M t

UnitsPartsMt m t nguyn vn dng i din cho i

tng

MAX-ACCESS

Tng ng vi trng ACCESS SMIv1. Cc gi

tr cho trng ny l: read-only, read-write, read-

create, not-accessible, v accessible-for-notify.

STATUS

Mt mnh m rng vi cc t kha nh: current

(nh ngha ca object ang c hiu lc v ang c

s dng), obsolete (nh ngha ny c v c th b

i), v deprecated (nh ngha ny c v cc

chun tip theo c th nh ngha li). current trong

SMIv2 ging nh mandatory trong SMIv1.

AUGMENTS

Trng ny cho php m rng mt bng bng cch

thm mt hay nhiu ct i din cho cc i tng.

Trng ny yu cu cn c tn ca bng c thm

i tng.

Bng 2-4: Cc trng d liu trong SMIv2

Trang 38


39/139


1.7.5. Chi tit v MIB-II

MIB-II l mt nhm qun l rt quan trng v mi thit b h tr SNMP u

phi h tr MIB-II.

RFC1155 m t cch trnh by mt mib file nh th no ch khng nh

ngha cc object. RFC1213 l mt chun nh ngha nhnh mib nm di

iso.org.dod.internet.mgmt.mib-2 (tt nhin phi theo cu trc m RFC1155 quy

nh). Chng ta s kho st mt phn RFC1213 hiu ngha ca mt s object

trc khi dng cng c c chng.

RFC1156 l c t mib chun cho cc thit b TCP/IP, c coi l Internet-

Standard Mib (mib version 1). RFC1213 l c t mib chun version 2, thng gil mib-2. Ch phn bit mib-1 v mib-2 l cc chun c t nh ngha ca cc

object, cn SMIv1 v SMIv2 l c t cu trc ca mib file. Mib-1 v mib-2 s

dng cu trc ca SMIv1.

Mib-2 l mt trong nhng mib c h tr rng ri nht. Nu mt thit b

c tuyn b l c h tr SNMP th hng sn xut phi ch ra n h tr cc RFC

no, v thng l RFC1213.

Trang 39


40/139


Hnh 2-5: S chi tit OID

MIB-II c 10 nhnh con c nh ngha trong RFC 1213, k tha t MIB-I

trong RFC 1066. Mi nhnh c 1 chc nng ring.

system (1.3.6.1.2.1.1) nh ngha mt danh sch cc i tng gn

lin vi hot ng ca h thng nh: thi gian h thng khi ng ti by

gi, thng tin lin lc ca h thng v tn ca h thng.

interfaces (1.3.6.1.2.1.2) Lu gi trng thi ca cc interface trn mt

thc th qun l. Theo di mt interface up hoc down, lu li cc octet

gi v nhn, octet li hay b hy b.

at (1.3.6.1.2.1.3) Nhm at (address translation) b phn i, n ch

cung cp kh nng tng thch ngc. Nhm ny c b t MIB-III tr i.

Trang 40


41/139


ip (1.3.6.1.2.1.4) Lu gi nhiu thng tin lin quan ti giao thc IP,

trong c phn nh tuyn IP.

icmp (1.3.6.1.2.1.5) Lu cc thng tin nh gi ICMP li, hy.

tcp (1.3.6.1.2.1.6) Lu cc thng tin khc dnh ring cho trng thi

cc kt ni TCP nh: ng, lng nghe, bo gi

udp (1.3.6.1.2.1.7) Tp hp cc thng tin thng k cho UDP, cc

datagram vo v ra,

egp (1.3.6.1.2.1.8) Lu cc tham s v EGP v bng EGP ln cn.

Transmission (1.3.6.1.2.1.10) Khng c i tng no trong nhm

ny, nhng n nh ngha cc mi trng c bit ca MIB.

snmp (1.3.6.1.2.1.11) o lng s thc thi ca SNMP trn cc thc

th qun l v lu cc thng tin nh s cc gi SNMP nhn v gi.

1.7.6. Hot ng ca SNMP

Protocol Data Unit (PDU) l nh dng thng ip m manager v agent s

dng gi v nhn thng tin. C mt nh dng chun PDU cho cc hot ng ca

SNMP sau:

Get

Get-next

Get-bulk (SNMPv2 v SNMPv3)

Set

Get-response

Trap

Notification (SNMPv2 v SNMPv3)

Inform (SNMPv2 v SNMPv3)

Report (SNMPv2 v SNMPv3)

Trang 41


42/139


Hnh 2-6: M hnh hot ng ca SNMP

1.7.6.1 Get

get: c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi

kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n

khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp

thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response:

Hnh 2-7: M hnh hot ng ca lnh get

agent hiu c NMS cn tm thng tin g, n da vo mt mc trong

get l variable binding hay varbind. Varbind l mt danh sch cc i tng

Trang 42


43/139


ca MIB m NMS mun ly t agent. Agent hiu cu hi theo dng: OID=value

tm thng tin tr li. Cu hi truy vn cho trng hp trong hnh 2-7:

$ snmpget cisco.ora.com public .1.3.6.1.2.1.1.6.0system.sysLocation.0 = ""

y l mt cu lnh snmpget trn Unix. cisco.ora.com l tn ca thit b,

public l chui ch y l yu cu ch c (read-only), .1.3.6.1.2.1.1.6.0 l OID.

.1.3.6.1.2.1.1 ch ti nhm system trong MIB. .6 ch ti mt trng trong

system l sysLocation. Trong cu lnh ny ta mun hi Cisco router rng vic

nh v h thng c ci t cha. Cu tr li system.sysLocation.0 = "" tc l

cha ci t. Cu tr li ca snmpget theo dng ca varbind: OID=value. Cn

phn cui trong OID snmpget; .0 nm trong quy c ca MIB. Khi hi mt

i tng trong MIB ta cn ch r 2 trng x.y, y l .6.0. x l OID thc t

ca i tng. Cn .y c dng trong cc i tng c hng nh mt bng

hiu hng no ca bng, vi trng hp i tng v hng nh trng hp ny

y = 0. Cc hng trong bng c nh s t s 1 tr i.

Cu lnh get hu ch trong vic truy vn mt i tng ring l trong MIB.

Khi mun bit thng tin v nhiu i tng th get tn kh nhiu thi gian. Cu

lnh get-next gii quyt c vn ny.

Trang 43


44/139


1.7.6.2 Get-next

get-next: a ra mt dy cc lnh ly thng tin t mt nhm trong MIB.

Agent s ln lt tr li tt c cc i tng c trong cu truy vn ca get-next

tng t nh get, cho n khi no ht cc i tng trong dy. V d ta dng lnhsnmpwalk. snmpwalk tng t nh snmpget nhng khng ch ti mt i

tng m ch ti mt nhnh no :

$snmpwalk cisco.ora.com public system

system.sysDescr.0 = "Cisco Internetwork Operating System Software

..IOS (tm) 2500 Software (C2500-I-L), Version 11.2(5), RELEASE

SOFTWARE (fc1)..Copyright (c) 1986-1997 by cisco Systems, Inc...

Compiled Mon 31-Mar-97 19:53 by ckralik"

system.sysObjectID.0 = OID: enterprises.9.1.19

system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23

system.sysContact.0 = ""

system.sysName.0 = "cisco.ora.com"

system.sysLocation.0 = ""system.sysServices.0 = 6

y ta mun ly thng tin ca nhm system, agent s gi tr ton b thng tin

ca system theo yu cu. Qu trnh tm nhm system trong MIB thc hin theo

cy t gc, n mt nt nu c nhiu nhnh th chn nhnh tm theo ch s ca

nhnh t nh n ln:

Trang 44


45/139


Hnh 2-8: S ng i OID

1.7.6.3 get-bulk

get-bulk c nh ngha trong SNMPv2. N cho php ly thng tin qun

l t nhiu phn trong bng. Dng get c th lm c iu ny. Tuy nhin, kch

thc ca cu hi c th b gii hn bi agent. Khi nu n khng th tr li ton

b yu cu, n gi tr mt thng ip li m khng c d liu. Vi trng hp dng

cu lnh get-bulk, agent s gi cng nhiu tr li nu n c th. Do , vic tr li

mt phn ca yu cu l c th xy ra. Hai trng cn khai bo trong get-bulk l:

nonrepeaters v max-repetitions. nonrepeaters bo cho agent bit N i tng

u tin c th tr li li nh mt cu lnh get n. max-repeaters bo choagent bit cn c gng tng ln ti a M yu cu get-next cho cc i tng cn

li:

Trang 45


46/139


Hnh 2-9: M hnh ly thng tin get-bulk

$ snmpbulkget -v2c -B 1 3 linux.ora.com public sysDescr ifInOctets ifOutOctets

system.sysDescr.0 = "Linux linux 2.2.5-15 #3 Thu May 27 19:33:18 EDT 1999

i686"

interfaces.ifTable.ifEntry.ifInOctets.1 = 70840

interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840





y, ta hi v 3 varbind: sysDescr, ifInOctets, v ifOutOctets. Tng s

varbind c tnh theo cng thc

N + (M * R)

N: nonrepeater, tc s cc i tng v hngM: max-repeatition

R: s cc i tng c hng trong yu cu ch c sysDescr l v hng N = 1

M c th t cho l 3 , tc l 3 trng cho mi ifInOctets v ifOutOctets. C 2 i

tng c hng l ifInOctets v ifOutOctets R = 2

Tng s c 1 + 3*2 = 7 varbind

Trang 46


47/139


Cn trng v2c l do get-bulk l cu lnh ca SNMPv2 nn s dng -

v2c ch rng s dng PDU ca SNMPv2. -B 1 3 l t tham s N v M cho

lnh.

1.7.6.4 Set

Set: thay i gi tr ca mt i tng hoc thm mt hng mi vo bng.

i tng ny cn phi c nh ngha trong MIB l read-write hay write-

only. NMS c th dng set t gi tr cho nhiu i tng cng mt lc:

Hnh 2-10: M hnh lnh set

$ snmpget cisco.ora.com public system.sysLocation.0

system.sysLocation.0 = ""

$ snmpset cisco.ora.com private system.sysLocation.0 s "Atlanta, GA"

system.sysLocation.0 = "Atlanta, GA"

$ snmpget cisco.ora.com public system.sysLocation.0system.sysLocation.0 = "Atlanta, GA"

Cu lnh u l dng get ly gi tr hin ti ca system.sysLocation.

Trong cu lnh snmpset cc trng cisco.ora.com v system.sysLocation.0

c ngha ging vi get. private ch i tng read-write, v t gi tr

mi bng: s "Atlanta, GA". s tc l t gi tr ca system.sysLocation.0 thnh

string, v gi tr mi l "Atlanta, GA" . Varbind ny c nh ngha trong RFC1213 l kiu string ti a 255 k t:

Trang 47


48/139


sysLocation OBJECT-TYPE

SYNTAX DisplayString (SIZE (0..255))

ACCESS read-writeSTATUS mandatory

DESCRIPTION

"The physical location of this node (e.g., 'telephone closet,

3rd floor')."

::= { system 6 }

C th ci t nhiu i tng cng lc, tuy nhin nu c mt hnh ng b

li, ton b s b hy b.

1.7.6.5 Error Response ca get, get-next, get-bulk, set

C nhiu loi li bo li t agent:

SNMPv1 Error Message M t

noError(0) Khng c li

tooBig(1) Yu cu qu ln c th dn vo mt cu tr li.

noSuchName(2)OID yu cu khng tm thy, tc khng tn ti

agent.

badValue(3)Cu lnh set dng khng ng vi cc object

read-write hay write-only.

readOnly(4)Li ny t dng. Li noSuchName tng ng

vi li ny.

genErr(5)Dng cho tt c cc li cn li, khng nm trong cc

li trn

Bng 2-5: Cc thng bo li trong SNMPv1

Trang 48


49/139


Cc loi li ca SNMPv1 mang tnh cht chung nht, khng r rng. Do

SNMPv2 a ra thm mt s loi li nh sau:

SNMPv2 Error Message M T

noAccess(6)Li khi lnh set c gng xm nhp vo mt

bin cm xm nhp. Khi , bin c trng

ACCESS l not-accessible

wrongType(7)

Li xy ra khi lnh set t mt kiu d liu

khc vi kiu nh ngha sn ca i tng. V d

khi set t gi tr kiu string cho mt i tng

kiu s nguyn INTEGER

wrongLength(8)

Li khi lnh set a vo mt gi tr c chiu di

ln hn chiu di ti a ca

i tng

wrongEncoding(9) Li khi lnh set s dng cch m ha khc vi

cch i tng nh ngha.

wrongValue(10)Mt bin c t mt gi tr m n khng hiu.

Khi mt bin theo kiu lit k enumeration

c t mt gi tr khng theo kiu lit k.

noCreation(11)

Li khi c t mt gi tr cho mt bin khng tn

ti hoc to mt bin khng c trong MIB

inconsistentValue Mt bin MIB trng thi

khng nht qun, v n khng chp nhn bt ccu lnh set no.

resourceUnavailable(13)Khng c ti nguyn h thng thc hin lnh

set

commitFailed(14) i din cho tt c cc li khi lnh set tht bi

undoFailed(15) Mt lnh set khng thnh cng v agent khng

th phc hi li trng thi trc khi lnh set bt

Trang 49


50/139


u tht bi.

authorizationError(16) Mt lnh SNMP khng c xc thc, khi mt

ngi no a ra mt m khng ng.

notWritable(17) Mt bin khng chp nhn lnh set.

inconsistentName(18)C gng t mt gi tr, nhng vic c gng tht

bi v bin ang tnh trng khng nht qun.

Bng 2-6: Cc li trong SNMPv2

1.7.6.6 Trap

Trap l cnh bo ca agent t ng gi cho NMS NMS bit c tnh trngxu agent.

Khi nhn c mt trap t agent, NMS khng tr li li bng ACK. Do

agent khng th no bit c l li cnh bo ca n c ti c NMS hay

khng. Khi nhn c mt trap t agent, n tm xem trap number hiu

ngha ca trap .

Hnh 2-11: M hnh gi Trap t Agent

Bn tin Trap c agent t ng gi cho manager mi khi c s kin xy ra

bn trong agent, cc s kin ny khng phi l cc hot ng thng xuyn ca

agent m l cc s kin mang tnh bin c. V d: Khi c mt port down, khi c mt

ngi dng login khng thnh cng, hoc khi thit b khi ng li, agent s gi

trap cho manager.

Trang 50


51/139


Tuy nhin khng phi mi bin c u c agent gi trap, cng khng phi

mi agent u gi trap khi xy ra cng mt bin c. Vic agent gi hay khng gi

trap cho bin c no l do hng sn xut device/agent quy nh.

Phng thc trap l c lp vi cc phng thc request/response. SNMP

request/response dng qun ln SNMP trap dng cnh bo. Ngun gi trap

gi l Trap Sender v ni nhn trap gi l Trap Receiver. Mt trap sender c th

c cu hnh gi trap n nhiu trap receiver cng lc.

C 2 loi trap : trap ph bin (generic trap) v trap c th (specific trap).

Generic trap c quy nh trong cc chun SNMP, specific trap do ngi dng t

nh ngha (ngi dng y l hng sn xut SNMP device). Loi trap l mt snguyn cha trong bn tin trap, da vo m pha nhn trap bit bn tin trap c

ngha g.

Theo SNMPv1, generic trap c 7 loi sau : coldStart(0), warmStart(1),

linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborloss(5),

enterpriseSpecific(6). Gi tr trong ngoc l m s ca cc loi trap. ngha ca cc

bn tin generic-trap nh sau:

S v tn kiu Trap nh ngha

coldStart (0)

Thng bo agent va khi ng li. Tt c cc

bin qun l s c reset, cc bin kiu

Counters v Gauges c t v 0.

coldStart dng xc nh mt thit b mi gia

nhp vo mng. Khi mt thit b khi ng xong,

n gi mt trap ti NMS. Nu a ch NMS l

ng, NMS c th nhn c v xc nh xem c

qun l thit b hay khng.

warmStart (1)Thng bo agent va khi to li, khng c bin

no b reset.

linkDown (2)

Gi i khi mt interface trn thit b chuyn sang

trng thi down.

Trang 51


52/139


linkUp (3) Gi i khi mt interface tr li trng thi up.

authenticationFailure (4)Cnh bo khi mt ngi no c truy cp vo

agent m khng c xc thc.

egpNeighborLoss (5) Cnh bo mt EGP ln cn b down

enterpriseSpecific (6)

y l mt trap ring, ch c bit bi agent

v NMS t nh ngha ring chng. NMS s

dng phng php gii m c bit hiu c

thng ip ny.

Bng 2-7: Cc kiu Trap

trap c nh ngha trong MIB l rdbmsOutOfSpace:

rdbmsOutOfSpace TRAP-TYPE

ENTERPRISE rdbmsTraps

VARIABLES { rdbmsSrvInfoDiskOutOfSpaces }

DESCRIPTION

"An rdbmsOutOfSpace trap signifies that one of the database servers managed by

this agent has been unable to allocate space for one of the databases managed by

this agent. Care should be taken to avoid flooding the network with these traps."

::= 2

Gi tr ca ENTERPRISE l rdbmsTraps, thng tin m t ca Trap c trong

DESCRIPTION v gi tr ca Trap l 2.

1.7.6.7 Notification

chun ha nh dng PDU trap ca SNMPv1 do PDU ca get v

set khc nhau, SNMPv2 a ra NOTIFICATION-TYPE. nh dng PDU ca

NOTIFICATION-TYPE l nhn ra get v set. NOTIFICATION-TYPE

c nh ngha trong RFC 2863:

linkDown NOTIFICATION-TYPE

OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }

Trang 52


53/139


STATUS current

DESCRIPTION

"A linkDown trap signifies that the SNMPv2 entity, acting in an agent role, has

detected that the ifOperStatus object for one of its communication links left thedown state and transitioned into some other state (but not into the notPresent

state). This other state is indicated by the included value of ifOperStatus."

::= { snmpTraps 3 }

OID ca trap ny l 1.3.6.1.6.3.1.1.5.3, tc

iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps

.linkDown.

1.7.6.8 Inform

SNMPv2 cung cp c ch truyn thng gia nhng NMS vi nhau, gi l

SNMP inform. Khi mt NMS gi mt SNMP inform cho mt NMS khc, NMS

nhn c s gi tr mt ACK xc nhn s kin. Vic ny ging vi c ch ca

get v set.

Ch : SNMP inform c th dng gi SNMPv2 Trap n 1 NMS. Trong

trng hp ny agent s c thng bo khi NMS nhn c Trap.

1.7.6.9 Report

c nh ngha trong bn nhp ca SNMPv2 nhng khng c pht trin.

Sau c a vo SNMPv3 v hy vng dng truyn thng gia cc h thng

SNMP vi nhau.

1.8. Tng kt

Ct li ca giao thc qun l mng (SNMP) l mt tp hp cc hot ng,

chc nng, gip nh qun tr mng c th qun l, theo di, thay i trng thi ca

cc thit b trn h thng.

Trang 53


54/139


CHNG 3. PHN MM GIM ST NAGIOS CORE

1.9. Gii thiu

Nagios l mt cng c gim st h thng. iu ny c ngha l n lin tckim tra trng thi ca my v dch v khc nhau trn cc my. Mc ch chnh ca

h thng gim st l pht hin v bo co v bt k h thng khng hot ng,

cng sm cng tt, do , ta nhn thc c vn trc khi ngi dng s dng.

Nagios khng thc hin bt k kim tra my ch hoc cc dch v no trn

ca my ch Nagios. N s dng plugin thc hin vic kim tra thc t. iu

ny lm cho n c tnh linh hot cao, v l gii php hiu qu cho vic thc hin v

kim tra dch v.

i tng gim st ca Nagios c chia thnh hai loi: host v dch v.

Host l cc my vt l (my ch, b nh tuyn, my trm, my in v vv), trong khi

dch v l nhng chc nng c th, v d, mt my ch web (mt qu trnh x l

http) c th c nh ngha nh l mt dch v c gim st. Mi dch v c lin

quan n mt my ch l dch v ang chy trn . Ngoi ra, c hai my v dch

v c th c nhm li thnh cc nhm dch cho ph hp.

Hnh 3-12: Cc i tng cn gim st trn Nagios

Trang 54


55/139


Nagios c hai u im ln khi ni n qu trnh gim st, thay v theo di

cc gi tr, n ch s dng bn mc m t tnh trng: OK, WARNING,

CRITICAL, v UNKNOW. Cc m t tnh trng ca cc i tng c gim st

cho php ngi qun tr quyt gii quyt hay b qua cc vn trn h thng mkhng tn nhiu thi gian. y chnh l iu Nagios lm. Nu ta ang theo di mt

gi tr s nh s lng khng gian a v ti CPU, ta c th nh ngha ngng

nhng gi tr c cnh bo khi cn thit.

Mt thun tin khc ca Nagios l cc bo co v trng thi ca cc dch v

ang hot ng. Bo co ny cung cp mt ci nhn tng quan tt v tnh trng c

s h tng. Nagios cng cung cp cc bo co tng t cho cc nhm my ch v

cc nhm dch v, cnh bo khi bt k dch v quan trng hoc c s d liu server

ngng hot ng. Bo co ny cng c th gip xc nh u tin ca cc vn

nh vn no cn c gii quyt trc.

Nagios thc hin tt c cc kim tra ca mnh bng cch s dng plugins.

y l nhng thnh phn bn ngoi m Nagios qua ly c thng tin v nhng

g cn c kim tra v cung cp cc cnh bo cho ngi qun tr. Plugins c trch

nhim thc hin cc kim tra v phn tch kt qu. Cc u ra t mt kim tra l

mt trng thi (OK, WARNING, CRITICAL, hoc UNKNOW) v cc vn bn b

sung cung cp thng tin v cc dch v c th. Vn bn ny ch yu dnh cho cc

qun tr vin h thng c th c mt trng thi chi tit ca mt dch v.

Nagios khng ch cung cp mt h thng ct li theo di, m cn cung

cp mt tp cc plugins tiu chun trong mt gi ring bit (xem

http://nagiosplugins.org/ bit thm chi tit). Nhng plugin ny cho php kim tracc dch v ang chy trn h thng. Ngoi ra nu ta mun thc thi mt kim tra

c bit, ta c th to mt plugin ring cho mnh.

1.9.1. Li ch ca vic gim st ti nguyn

C nhiu l do ti sao ta nn chc chn rng tt c cc ngun ti nguyn ang

lm vic nh mong i. Cc li th chnh l s ci thin v cht lng. Nu nhn

vin IT c th thng bo s c nhanh chng hn, h cng s c th x l cc vn nhanh hn. i khi, s mt vi gi hoc vi ngy c c bo co u tin ca

Trang 55


56/139


mt s c. Nagios s m bo rng nu c thit b hoc dch v g l khng lm

vic, ta bit v n mt cch nhanh nht.

N cng c th lm cho Nagios thc hin cc khi phc t ng, iu ny

c thc hin nh vo cc s kin c nh ngha trong Nagios. y l cc lnh

c chy sau khi tnh trng ca mt my ch lu tr hoc dch v thay i, v

d khi mt router chnh khng hot ng, Nagios s chuyn n mt gii php d

phng cho n khi router chnh c sa. Mt trng hp in hnh l mt kt ni

quay s nh d phng s c bt, trong trng hp mt kt ni VPN.

Mt li th l xc nh vn tt hn. Nagios c th xc nh c chnh

xc mt s c xy ra trn h thng nhng khng mt nhiu thi gian.Nagios cng rt linh hot khi thng bo cho mi ngi v nhng s c. Ta

c th thit lp n gi email cho nhng ngi khc nhau ty thuc vo nhng s

c . Trong hu ht cc trng hp, cng ty c mt lng ln i ng CNTT hoc

nhiu i. Thng thng, ta mun mt s ngi x l cc my ch, v nhng

ngi khc x l cc thit b switch / router / modem. Ta thm ch c th s

dng giao din web 'Nagios qun l ngi no ang lm vic v vn g. Ta

cng c th cu hnh cch Nagios gi cnh bo qua email, SMS , MSN

Gim st ngun ti nguyn khng ch hu ch xc nh vn , n cng c

th gip ta tit kim thi gian tm hiu chng. Nagios cnh bo v x l cc tnh

hung quan trng khc nhau. iu ny c ngha rng n c th nhn ra vn tnh

hung quan trng mt cch nhanh chng. V d, nu a cng lu tr trn mt my

ch email l s dng ht th tt hn ta nn c thng bo v tnh trng ny

trc khi n tr thnh mt vn nghim trng.

Gim st cng c th c thit lp trn nhiu my tnh trn khp cc a

im khc nhau m c th giao tip tt c cc kt qu n mt my ch Nagios

trung tm. Bng cch ny, thng tin v tt c cc host v dch v trong h thng c

th c truy cp t mt my tnh n l. iu ny s cho ta mt bc tranh hon

chnh c s h tng CNTT.

Trang 56


57/139


1.9.2. Cc chc nng chnh

Cc chc nng ca Nagios rt linh hot, n c th c cu hnh theo di

c s h tng CNTT theo cch ta mun. N cng c mt c ch t ng phn

ng vi cc vn , v mt h thng cnh bo mnh. Tt c iu ny c da trn

mt h thng nh ngha cc i tng r rng:

Commands: c nh ngha v cch Nagios cn thc hin cc loi kim

tra, chng l mt lp tru tng cho php ta nhm cc hot ng tng t li vi

nhau.

Time-periods: l ngy v thi gian ko di m trong mt hot ng nn

hay khng nn c thc hin, v d: Th hai n th su 9:00-17:00.

Contacts v Contact groups: l nhng ngi cn c cnh bo, cng vi

thng tin v cch thc v thi gian h cn c cnh bo. Contacts c th c

nhm li thnh Contact groups.

Host: l nhng my vt l, cng vi thng tin v vic ai s c lin lc, lm

th no kim tra phi c thc hin, v khi no. Host c th c nhm li thnh

cc Host group, mi host c th l mt thnh vin ca nhiu Host group.

Services: l cc chc nng khc nhau hoc cc ti nguyn cn c gim st,

cng vi thng tin v nhng ngi cn c lin lc, lm th no kim tra phi

c thc hin, v khi no. Service c th c nhm li thnh cc service group,

mi service c th l mt thnh vin ca nhiu service group.

Host v service escalation: nh ngha khong thi gian c ch ra m sau

ngi ph nn c cnh bo ca cc s kin no - v d mt my ch quantrng l ngng hot hn 4 gi nn cnh bo cho qun tr vin h bt u theo di

cc vn .

Mt tin ch quan trng ta s t c bng cch s dng Nagios l mt h

thng ph thuc. i vi cc qun tr vin, r rng l nu router b hng, tt c cc

my truy cp thng qua n s tht bi. Nagios cho php ta nh ngha ph thuc

gia cc my hnh thnh cu trc lin kt mng li thc t. V d, nu mt

switch, cho kt ni ta vi mt b nh tuyn ngng hot ng, Nagios s khng

Trang 57


58/139


thc hin bt k kim tra trn router hoc trn cc my tnh ph thuc vo router.

iu ny c minh ha trong v d sau y:

Hnh 3-13: V d m t s c

Ta cng c th nh ngha rng mt dch v ph thuc vo mt dch v khc,

hoc trn cng mt my ch hoc trn cc my ch khc nhau. Nu mt trong cc

dch v l ngng hot ng, mt kim tra cho mt dch v m ph thuc vo n s

khng c thc hin. V d, i vi mng ni b ca ng dng cng ty hot ng

tt, c hai my ch web c bn v c s d liu mt my ch u hot ng. Vvy, nu mt dch v c s d liu khng hot ng, Nagios s khng thc hin

kim tra cc ng dng. My ch c s d liu c th l trn cng mt my hot

khc my.Trong mt trng hp nh vy, nu my b hng hoc khng th truy

cp, cnh bo cho tt c cc dch v ph thuc vo cc dch v c s d liu s

khng c gi.

Nagios cng cung cp c ch ln lch cho k hoch ngng hot ng vmt vi l do no nh bo tr hoc nng cp h thng. Ta c th ln lch cho mt

Trang 58


59/139


my ch c th hoc dch v d kin khng c sn. iu ny s ngn chn Nagios

thng bo cho ngi c cu hnh cn gi cnh bo v cc vn lin quan n

i tng ny. Nagios cng c th thng bo cho mi ngi k hoch ngng hot

ng mt cch t ng. iu ny ch yu c s dng khi bo tr c s h tng ITv h thng cng nh dch v ngng hot ng trong mt thi gian di.

1.9.3. Trng thi tm thi v c nh

Nagios hot ng bng cch kim tra xem mt my ch hoc dch v c hot

ng tt khng v lu tr trng thi ca n. Bi v trng thi ca mt dch v ch l

mt trong bn gi tr OK, WARNING, CRITICAL, UNKNOW. iu quan trng l

n thc s xc nh c tnh trng hin ti. trnh pht hin tm thi v ngunhin vn , Nagios s dng trng thi tm thi v c nh m t tnh trng hin ti

ca mt my ch lu tr hoc dch v.

Hy tng tng rng mt qun tr vin khi ng li mt my ch web v

hot ng ny lm cho mt cc kt ni n my ch web trong 5s. Nh thng,

khi ng li nh vy c thc hin vo ban m gim s lng ngi dng b

nh hng, y l khong thi gian chp nhn c. Tuy nhin, mt vn c th

ny sinh khi Nagios c gng kt ni ti my ch v thng bo rng n thc s

ngng hot ng nu ch da vo mt kt qu duy nht.

x l tnh hung khi mt dch v ngng hot ng trong mt thi gian rt

ngn, hoc cc kim tra tm thi khng thnh cng, ngi ta a ra trng thi tm

thi. Khi trng thi ca mt kim tra l UNKNOW, hoc n l khc nhau cc trng

thi trc , Nagios s tin hnh kim tra li cc my ch, dch v nhiu ln

m bo rng thay i l c nh trong mt khong thi gian di. S ln kim trac cu hnh trong phn nh ngha cc dch v. Nagios gi nh rng cc kt qu

mi l mt trng tm thi. Sau khi tin hnh kim tra nhiu ln m trng thi khng

i, th n c coi l mt trng thi c nh.

Mi Host v Service c nh ngha s th kim tra s c thc hin trc

khi n c th c gi nh rng thay i l vnh vin. iu ny cho php linh hot

trong vic kim tra cc s c. Thit lp s lng kim tra mt s gy ra cc thay i

Trang 59


60/139


c coi l kh khn ngay lp tc. Sau y l mt minh ha cho trng thi tm thi

v c nh, gi s s ln kim tra l 3 ta s c:

Hnh 3-14: Kim tra trng thi

Tnh nng ny cho php b qua s c ngng hot ng trong thi gian ngn

ca mt dch v. N cng rt hu ch thc hin cc kim tra nh k ngay c khi

mi th hot ng tt.

1.10. Tng kt

C nhiu li ch khi s dng h thng gim st. N m bo rng cc dch v

ang lm vic mt cch chnh xc. N gip pht hin cc vn trc v m bo

rng nhng ngi thch hp s c cnh bo khi c s c xy ra. m bo rng tt

c cc dch v hot ng tt l iu cn thit. Trong trng hp xy cc vn , h

thng s gip trong vic a ra mt bc tranh r rng v nhng g ang lm vic,

v nhng g khng.

Nagios l mt ng dng rt mnh cho vic gim st ti nguyn. N ph hp

vi c cc h thng ln v nh. N c th gip t chc duy tr cht lng dch v

cao hn. Nagios cng gip trong vic xc nh nguyn nhn gc r ca vn . N

bao gm c ch rt linh hot theo di v thng bo v c s h tng.

Nagios l mt cng c cc k mnh m nh n c th c cu hnh theo bt

k cch no ta mun. Hn na n cng c th c m rng nu c nhu cu.

CHNG 4 . CISCO SECURITY MONITORING,

ANALYSIS, AND RESPONSE SYSTEM

Trang 60


61/139


1.11. H thng gim thiu mi e da an ninh

CS-MARS ban u c to ra gii quyt cc vn ca cc t chc c

lin quan n cc d liu c thu thp. Trong qu kh, tt c cc d liu c thu

thp t cc thit b bo mt v mng nh router, switch, firewall, IDS, server c

lu trong cc thit b ring bit. Mi nh sn xut v vi mi thit b khc nhau u

s dng cch thc ring lu tr cc bo co cng nh cc s kin thu thp c

t cc thit b . S tng quan khng tn ti, c bit l qua nhiu nh cung cp,

v qun tr vin phi t theo di cc thit b khc nhau. Mc ch ca MARS l t

ng thu thp thng tin d liu ca cc s kin v lu chng trong mt c s d

liu ln, thng qua c th xc nh chnh xc cc vn , s c ang xy ra trn

h thng.

1.12. M hnh ha v tnh trc quan

MARS c th bit c v tr cc thit b trong h thng. N c th ly c

thng tin m hnh h tng khi c thc thi khm ph cc thit b trong mng.

Trong qu trnh tm hiu h thng mng, MARS kt ni ti tt c cc thit b hoc

c thng tin t tp tin cu hnh v lu thng tin xung c s d liu. MARS tin

hnh qu trnh ny mt cch nh k cho thng tin c cp nht. MARS cng

rt linh hot trong vic cu hnh khm ph h thng.

Qu trnh tm hiu thng tin c thc thi theo yu cu, nh ta ang iu tra

s c bo mt. V d, CS-MARS c th pht hin mt my tnh trn h thng ang

b nhim worm. Khi ta chn cc iu tra s c lin quan n worm, MARS tin

hnh theo di cc my ch b nhim bng cch c cc giao thc phn gii a ch

(ARP) v b nh a ch ni dung (CAM) v cc thit b mng ta pht hin ccng ca switch kt ni n my b nhim. Ta c th xem thng tin ny cng nh

biu hin th ni cc my ch b nhim worm c quan h vi cc my ch v cc

thit b khc.

Cc tnh nng trc quan cng c th cho php ta xem s qu trnh ly

nhim worm. N cn c th khuyn ta nn hnh ng ngn chn mt tn cng

trong h thng. Bi v n c th pht hin cng ca switch kt ni n my tnh bly nhim, v khuyn ta nn tm thi tt cng .

Trang 61


62/139


1.13. H thng bo co quy tc mnh

CS-MARS cung cp cng c truy vn mnh cho php ta c th d dng to

mt bo co hay quy tc b sung cho h thng. Mc nh CS-MARS c mt tp cc

quy tc v bo co cho php ta c th thay i, ty chnh. Cng c truy vn cho

php nhanh chng hin th, mt trong cc nh dng cn bn, cc thng tin m ta

quan tm. Thng thng cc truy vn c lu li di dng bo co hoc quy tc

cho php t ng truy vn ln sau.

1.14. Cnh bo v gim thiu nguy c

MARS cho php ta ty bin cc cnh bo d trn cc loi s c. V d, hot

ng thu thp thng tin ca k tn cng c thc thi di hnh thc mt cuc tncng trn b m khng thnh cng c th l mt s c ta mun c thng bo.

MARS c nhiu cch cnh bo cho ta bit c s c trn h thng:

Email

Syslog

SNMP

Paging

Short Message Service (SMS)

Email vi tp tin XML nh km.

1.15. M t cc thut ng trong CS-MARS

CS-MARS s dng cc thut ng c th hi khc vi nhng g ta ang s

dng. hiu MARS v qu trnh iu tra hoc truy vn, ta nn hiu r nhng thut

ng ny.

1.15.1. S kin (Event)

Mi mt ghi nhn v cc s kin, bt k t cc thit b no, u c coi l

mt s kin. Mt s kin c th c thu nhn t nhiu ngun nh SNMP, syslog,

RDEP, SDEE, hoc t Server Message Block (SMB).

Trang 62


63/139


1.15.2. Phin (Session)

CS-MARS thu thp cc s lin quan vi nhau, kt qu ca s lin quan cc

s kin ny to ra mt session.

Mt session c to khi cc s kin c xc nh bi thi gian, IP ngun,

IP ch, port ngun, port ch, giao thc v MARS xc nh c rng chng c

lin quan n nhau.

Gi s ta xem xt mt cuc tn cng n my ch web, cc thit b mng v

bo mt u to ra mt bn ghi. Ta c th thy mt session c to bi mt tp cc

bn ghi s kin :

Firewall cho php truyn thng qua cng 80 TCP t my ca k tn

cng n my ch web v gi mt bn ghi n MARS qua syslog.

IDS hoc IPS xc nh c tn cng DDOS n my ch web v gi

bn ghi thng qua SDEE.

Router xc nh c truyn thng t my k tn cng n my ch

web qua TCP 80 v gi bn ghi qua syslog.

My ch web ghi nhn li thng tin ca k tn cng ri gi n

MARS.

Tt c cc bn ghi s kin ca d liu xut pht t cng mt mng s c

thu thp to thnh mt session.

1.15.3. Quy tc (Rules)

Rules l cc quy nh phi c p ng chnh xc CSMARS c mt

hnh ng. Theo mc nh, khi tt c cc iu kin ca Rule c p ng, mt s

c c to ra, ty thuc vo tng loi Rules, ta c th bit thm chi tit cc hnh

ng. Rules c th l nhng ci c bn, nh cc s kin bo co ca Firewall hoc

IDS, hoc phc tp hn l c im cc hnh ng v d nh mt my Server kt

ni vi my Client thng qua cc Port v sau gi n nhng hnh ng trn

mng.

Trang 63


64/139


n gin nh mt quy tc c th l bo cho ti bit khi c t kha ny xut

hin trong cc s kin hay phc tp hn nh bo cho ti tt c cc trng hp khi

c ngi c gng tn cng ng nhp vo h thng.

MARS s dng cc quy tc xc nh cc hot ng m ta mun kim tra.

Quy tc c th c to ra nh truy vn v thng s dng trong cc bo co.

1.15.4. S c (Incident)

Mt Incident l mt chui cc s kin tng quan ng vi mi Rule khi c

tn hiu mt cuc tn cng vo h thng mng. CS-MARS s pht hin, gim thiu,

bo co, v phn tch cc s c . Da trn bng iu khin mng v cc trang

Incident s gip chng ta pht hin v hin th cc s c trn h thng mng v gipa ra cc quy tc v cc s kin phng chng li cc tn cng.

1.15.5. False Positive

CS-MARS xem xt mt tn cng khng thnh cng hoc bi v khng th

xm nhp c vo mc tiu tn cng hoc b cc thit b bo mt ngn chn hay

cng c th do mt bo co sai v mt truyn thng c xem l mt tn cng. Lc

ny CS-MARS s sinh ra mt False Positive

CS-MARS s dng mt h thng tch hp nh gi tnh tn thng (VA) ca

mng c th c kch hot trn tt c hay mt phn ca mng. H thng VA xc

nh chnh xc hn cc cuc tn cng l c tht hay khng.

C 3 loi False Positive c s dng trn CS-MARS

Documents

Tìm hiểu triển khai giải pháp giám sát mạng