cacti原理和安装

Network Monitoring

SNMP
command
remote script(ssh)

SNMP(监控工具)
RRDTool(绘图)
cacti(php)
展示
时间序列数据
Nagios
on->Off

Simple Network Management Protocol(SNMP)
The core of SNMP is a simple set of operations (and the information these operations gather)that gives administrators the ability to get or change the state of some SNMP-based device

SNMPv1
the initial version of the SNMP protocol
SNMPv1's security is based on communities,which are nothing more than passwords:plain-text strings that allow any SNMP-based application that knows the strings to goin access to a device's management information
There are typically three communities in SNMPv1:read-only(只读) read-write(读写,关机),and trap(捕获,通知,被监控端主动发送信息给监控端)
SNMPv2
It is often referred to as community-string-based SNMPv2
This version of SNMP is technically called SNMPv2c
SNMPv3
It adds support for strong authentication and private communication between managed entities

Managers and Agents
A manager is a server running some kind of software system that can handle management tasks for a network
A poll,in the context of network management,is the act of querying an agent(router,switch,Unix server,etc.)for some piece of informaiton
A trap is a way for the agent to tell the NMS that some thing has happened
Traps are sent asynchronously,not in response to queries from the NMS

MIBs(管理信息库)
The Structur of Management Information(SMI) defines how management information is grouped and named;allowed operations;permitted data types;and the syntax for specifying MIBs
The Management Information Base(MIB) can be thought of as a database of managed objects that the agent tracks
An agent may implement many MIBs,but all agents implement a particular MIB clled MIB-II

The Concept of Network Management
Fault Management(故障管理)
To detect,log,and notify users of systems or networks of problems
Configuration Management(配置管理)
To monitor network and system configuration information
Such as the number of hard disks
Accounting Management(记账管理)
To ensure that computing and network resources are used fairly by all groups or individuals who access them
Performance Mnagement(性能管理)
To measure and report on various aspects of network or system performance
Security Management(安全管理)

TCP/IP communication model and SNMP
cacti原理和安装

SNMP Communities
SNMPv1 and SNMPv2 use the notion of communities to establish trust between managers and agents
An agent is configured with three community names: read-only, read-write, and trap
The community names are essentially passwords
public and private

SMI object tree
cacti原理和安装

MIB-II subtree
cacti原理和安装

Brief description of the MIB-II groups
cacti原理和安装

SNMP Operations
Each of the following SNMP operations has a standard PDU format
get (获取一个指定oid的信息)
getnext(获取指定节点下的所有子节点的相关信息)
getbulk(SNMPv2 and SNMPv3)(获取指定节点下的所有子节点及子子节点相关信息,递归)
set(发去控制指令)
getresponse(客户端发起的获取响应)
trap(由trap端发起)
notification(SNMPv2 and SNMPv3)
inform(SNMPv2 and SNMPv3)
report(SNMPv2 and SNMPv3)

get request sequence
cacti原理和安装

The getnext Operation
The getnext operation lets you issue a sequence of commands to retrieve a group of values from a MIB
# snmpwalk -v 1 -c public 127.0.0.1 system

The getbulk Operation
SNMPv2 defines the getbulk operation,which allows a management application to retrieve a large section of a table at once
The standard get operation can attempt to retrieve more than one MIB object at ance,but message sizes are limited by the agent's capabilities

Host Management Revisited
Managing your hosts is an important part of network management
The Host Resources MIB deines the fllowing seven groups:
cacti原理和安装

hrsystem: 系统
hrstorage: 存储
hrdevice: 设备
hrswrun: 获取操作系统版本
hrswrunperf: 系统性能
hrswinstalled: 操作系统安装那些软件;

Host Management Revisited
The host OID is 1.3.6.1.2.1.25
The hrSystem(1.3.6.1.2.1.25.1) group deines objects that pertion to the system itself.These objects include uptime.system date,system users,and system processes
The hrDevice(1.3.6.1.2.1.25.3) and Storate(1.3.6.1.2.1.25.2) groups define objects pertaining to filesystems and system storage,such as system memory,disk utilization,and CPU nonidle percentage
The hrSWRun(1.3.6.1.2.1.25.4),hrSWRunPerf(1.3.6.1.2.1.25.5),and hrSWInstalled(1.3.6.1.2.1.25.6) groups deine objects that represent various aspects of software running or installed on the system
From these groups,you can determine what operating system is running on the host,as well as what programs the host is currently running
The hrSWInstalled group can be used to track which software packages are installed

net-snmp(Agent)被监控端
net-snmp-utils(NMS::command)监控端,监控端要使用trap功能还要安装net-snmp,并启用snmptrapd服务;

[root@cacti ~]# yum -y install net-snmp net-snmp-utils
[root@cacti ~]# service snmpd start
正在启动 snmpd: [确定]
[root@cacti ~]# netstat -unlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:68 0.0.0.0: 1500/dhclient
udp 0 0 0.0.0.0:161 0.0.0.0:
1645/snmpd
[root@cacti ~]# snmpwalk -v 2c -c public localhost host
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (144158) 0:24:01.58
HOST-RESOURCES-MIB::hrSystemUptime.0 = No more variables left in this MIB View (It is past the end of the MIB tree)
[root@cacti ~]# vim /etc/snmp/snmpd.conf
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
[root@cacti ~]# snmpget -v 2c -c public localhost HOST-RESOURCES-MIB::hrSystemUptime.0
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (182855) 0:30:28.55
[root@cacti ~]# vim /etc/snmp/snmpd.conf
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.2.1.6
[root@cacti ~]# service snmpd restart
停止 snmpd: [确定]
正在启动 snmpd: [确定]
[root@cacti ~]# snmpwalk -v 2c -c public localhost tcp
TCP-MIB::tcpRtoAlgorithm.0 = INTEGER: other(1)
TCP-MIB::tcpRtoMin.0 = INTEGER: 200 milliseconds
TCP-MIB::tcpRtoMax.0 = INTEGER: 120000 milliseconds
TCP-MIB::tcpMaxConn.0 = INTEGER: -1
TCP-MIB::tcpActiveOpens.0 = Counter32: 26
TCP-MIB::tcpPassiveOpens.0 = Counter32: 4
TCP-MIB::tcpAttemptFails.0 = Counter32: 0
TCP-MIB::tcpEstabResets.0 = Counter32: 0
TCP-MIB::tcpCurrEstab.0 = Gauge32: 2
TCP-MIB::tcpInSegs.0 = Counter32: 24188
TCP-MIB::tcpOutSegs.0 = Counter32: 14189
TCP-MIB::tcpRetransSegs.0 = Counter32: 4
TCP-MIB::tcpConnState.0.0.0.0.22.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.25.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.199.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.6010.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.172.16.100.1.22.172.16.100.254.6230 = INTEGER: established(5)
TCP-MIB::tcpConnState.172.16.100.1.22.172.16.100.254.6231 = INTEGER: established(5)
TCP-MIB::tcpConnLocalAddress.0.0.0.0.22.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnLocalAddress.127.0.0.1.25.0.0.0.0.0 = IpAddress: 127.0.0.1
TCP-MIB::tcpConnLocalAddress.127.0.0.1.199.0.0.0.0.0 = IpAddress: 127.0.0.1
TCP-MIB::tcpConnLocalAddress.127.0.0.1.6010.0.0.0.0.0 = IpAddress: 127.0.0.1
TCP-MIB::tcpConnLocalAddress.172.16.100.1.22.172.16.100.254.6230 = IpAddress: 172.16.100.1
TCP-MIB::tcpConnLocalAddress.172.16.100.1.22.172.16.100.254.6231 = IpAddress: 172.16.100.1
TCP-MIB::tcpConnLocalPort.0.0.0.0.22.0.0.0.0.0 = INTEGER: 22
TCP-MIB::tcpConnLocalPort.127.0.0.1.25.0.0.0.0.0 = INTEGER: 25
TCP-MIB::tcpConnLocalPort.127.0.0.1.199.0.0.0.0.0 = INTEGER: 199
TCP-MIB::tcpConnLocalPort.127.0.0.1.6010.0.0.0.0.0 = INTEGER: 6010
TCP-MIB::tcpConnLocalPort.172.16.100.1.22.172.16.100.254.6230 = INTEGER: 22
TCP-MIB::tcpConnLocalPort.172.16.100.1.22.172.16.100.254.6231 = INTEGER: 22
TCP-MIB::tcpConnRemAddress.0.0.0.0.22.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.127.0.0.1.25.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.127.0.0.1.199.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.127.0.0.1.6010.0.0.0.0.0 = IpAddress: 0.0.0.0
TCP-MIB::tcpConnRemAddress.172.16.100.1.22.172.16.100.254.6230 = IpAddress: 172.16.100.254
TCP-MIB::tcpConnRemAddress.172.16.100.1.22.172.16.100.254.6231 = IpAddress: 172.16.100.254
TCP-MIB::tcpConnRemPort.0.0.0.0.22.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.127.0.0.1.25.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.127.0.0.1.199.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.127.0.0.1.6010.0.0.0.0.0 = INTEGER: 0
TCP-MIB::tcpConnRemPort.172.16.100.1.22.172.16.100.254.6230 = INTEGER: 6230
TCP-MIB::tcpConnRemPort.172.16.100.1.22.172.16.100.254.6231 = INTEGER: 6231
TCP-MIB::tcpInErrs.0 = Counter32: 0
TCP-MIB::tcpOutRsts.0 = Counter32: 3
TCP-MIB::tcpConnectionState.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6230 = INTEGER: established(5)
TCP-MIB::tcpConnectionState.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6231 = INTEGER: established(5)
TCP-MIB::tcpConnectionProcess.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6230 = Gauge32: 1578
TCP-MIB::tcpConnectionProcess.ipv4."172.16.100.1".22.ipv4."172.16.100.254".6231 = Gauge32: 1582
TCP-MIB::tcpListenerProcess.ipv4."0.0.0.0".22 = Gauge32: 947
TCP-MIB::tcpListenerProcess.ipv4."127.0.0.1".25 = Gauge32: 1026
TCP-MIB::tcpListenerProcess.ipv4."127.0.0.1".199 = Gauge32: 1712
TCP-MIB::tcpListenerProcess.ipv4."127.0.0.1".6010 = Gauge32: 1578
TCP-MIB::tcpListenerProcess.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00".22 = Gauge32: 947
TCP-MIB::tcpListenerProcess.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01".25 = Gauge32: 1026
[root@cacti ~]# snmpwalk -v 2c -c public localhost tcp | grep established | wc -l
4

上一篇:迭代器模式


下一篇:Cacti CVE-2013-2618 POC