deserts |
2013-09-25 04:06 |
http://blog.chinaunix.net/uid-769212-id-59994.html
分类:
一、JUNIPER设备 1.Snmp的配置 set system static-host-mapping E450 inet 192.168.1.45 set system syslog user * any emergency set system syslog host E450 any any set system syslog host 192.168.1.251 any any set snmp community net123 authorization read-write set snmp community net123 clients 192.168.1.251 set snmp community net123 clients 192.168.1.251 set snmp community net123 clients 0.0.0.0/0 set snmp trap-group <group-name> version all set snmp trap-group <group-name> authentication chassis configuration link remote-operations rmon-alarm routing startup vrrp-events set snmp trap-group <group-name> targets 192.168.1.45 set snmp trap-options source-address lo0 set routing-options options syslog level emergency alert critical error warning notice info debug commit
2.NetFlow配置 set firewall filter gd-ipnet-m160-1 term net123 then sample set firewall filter gd-ipnet-m160-1 term net123 then accept set interfaces ge-4/1/1 unit 0 family inet filter input net123 "在ge-4/1/1口上对input包作采样 set interfaces ge-4/1/1 unit 0 family inet filter output net123 "对output包作采样 set forwarding-options sampling input family inet rate 1000 "采样率为1000 set forwarding-options sampling input family inet run-length 0 set forwarding-options sampling output cflowd 211.139.136.108 port 3055 "接受NetFlow采样包的目的主机为211.139.136.108 set forwarding-options sampling output cflowd 211.139.136.108 version 5 set forwarding-options sampling output cflowd 211.139.136.108 no-local-dump set forwarding-options sampling output cflowd 211.139.136.108 autonomous-system-type origin "origin和peer选一 commit "在这里,sampling_rate=(run_length+1)/rate, " 即sampling_rate=(1+1)/1000 "(set forwarding-options sampling input family inet run-length 1 "run-length缺省为0) 3.SLA配置 set snmp view ping-view oid .1.3.6.1.2.1.80 include "ping-mib set snmp view ping-view oid .1.3.6.1.4.1.2636.3.7 include "set snmp view ping-view oid .1.3.6.1.2.1.81 include "traceroute-mib "set snmp view ping-view oid .1.3.6.1.4.1.2636.3.8 include set snmp community ping-community authorization read-write set snmp community ping-community view ping-view set snmp community ping-community clients 211.139.136.108 commit
4.采样进程的停止与重新启动 先查出sampled进程的PID号: juniper>show system processes extensive 再juniper>start shell %su #kill PID号 退出:#exit %exit 如果要重新开起sampled进程: juniper>restart sampling immediately
二、CISCO设备 1、snmp、traps: router#config t router(config)#snmp community net123 rw router(config)#snmp host 192.168.1.45 traps version 2c xxxxxxxx router(config)#snmp enable traps router(config-if)#snmp trap link-status 2、syslog: router(config)#logging 192.168.1.45 router(config)#logging source-interface loopback0 3、netflow: cisco目前还不支持双向netflow,缺省是针对input router(config-if)#ip route-cache flow sampled "GSR支持sampled参数,其他的可能不支持sampled参数 router(config)#ip flow-export version 5 origin-as as_id router(config)#ip flow-export destination 192.168.1.45 3055 router(config)#ip flow-sampling-mode packet-interval 1000 router#ip flow-export source Loopback0 router#show ip flow sampling router#show ip flow export router#show ip cache flow "这些命令查看netflow的状态 从12.1(3)T版本开始,cisco IOS允许netflow发给多个目的主机(当前版本最多支持2个)。 (12.2T) (rsp-jsv-mz.123-4.T1.bin ,最少128M mem,最少32M flash MEM。) 4、PIX防火墙 PIX: conduit permit icmp any any conduit permit tcp host 172.10.17.141 eq 5016 host 139.126.254.1 conduit permit udp any host 132.96.20.9 route outside 10.3.81.0 255.255.255.0 172.10.17.150 1 snmp-server host outside 132.96.20.9 poll no snmp-server location no snmp-server contact snmp-server community net123 snmp-server enable traps PIX的规则: 外网的地址不能访问pix的outside接口的地址的 如果要访问inside接口的地址的话 那需要做nat 把采集机地址映射成内网的一个地址 然后才能snmp访问inside接口 如果不做nat要snmp访问inside接口的话 必须要走ipsec方式
三、华为设备 1、huawei R3640EP: [router]display saved-config !查看保存的配置 [router]undo ..... !相当于cisco里的no命令 [router]interface loopback1 [router-loopback1]ip address 1.1.1.1 255.255.255.255 [router]snmp-agent community read net123 [router]snmp-agent sys-info version all [router]snmp-agent trap enable [router]snmp-agent trap source loopback 0 [router]snmp-agent target-host trap address 10.243.191.2 parameters v1 port 162 securityname public [router]info-center enable [router]info-center loghost 0 10.243.191.2 514 Chinese [router]info-center loghost 1 10.243.191.3 514 Chinese [router]save [router]logout 2、其它型号的: huawei router: <router>sys [router]snmp-agent community read net123 [router]snmp-agent sys-info version all [router]snmp-agent trap enable [router]snmp-agent trap source loopback 0 [router]snmp-agent target-host trap address udp-domain *.*.*.* udp-port 162 params securityname net123 [router]quit <router>save 四、3COM设备 1)进入菜单:system/management/snmp/community ENTER new community for user 'admin'[admin] : 回车 ENTER new community for user 'manager' [XXX] : 回车 ENTER new community for user 'monitor' :设置 SNMP community string. 2)进入菜单:system/management/snmp/trap/create enter the trap community string [monitor]: 回车 enter the trap destination address: 192.168.9.157 NS防火墙 系统日志和SNMP: set syslog enable set syslog config 10.20.1.2 auth/sec local0 set syslog config 172.10.16.25 local0 local0 set syslog port 514 set syslog traffic set syslog vpn set log module system level notification destination syslog set log module system level notification destination webtrends set snmp community remote_admin read-write trap-on set snmp community JCarney read-only trap-on set snmp community TCooper read-write trap-on traffic set snmp vpn set snmp contact John Fisher set snmp location Miami set snmp host remote_admin 10.20.1.2 set snmp host JCarney 172.16.20.181 set snmp host JCarney 172.16.40.245 set snmp host JCarney 172.16.40.55 set snmp host TCooper 172.16.20.250 save 五、SUMMIT设备 # SNMP Configuration configure snmp add trapreceiver 169.254.70.255 community "ST.-1442953473.10550" configure snmp add trapreceiver 169.254.70.255 community "ST.-1442953473.10550" configure snmp delete community readonly all configure snmp delete community readwrite all configure snmp add community readonly V5rypted "rykfcb" configure snmp add community readwrite V5rypted "r~`|kug" configure snmp sysName "Summit200-24" 六、Solaris系统网管告警配置需求 一、对于snmp需要进行如下配置(包括trap): 1、修改/etc/snmp/conf/snmpd.conf文件,使相关内容如下 system-group-read-community net123 read-community net123 trap 172.16.63.129 2、root用户重新启动snmpd进程 /etc/rc3.d/S76snmpdx stop|start
二、对于syslog需要进行如下配置: 1、修改/etc/hosts文件,在文件末尾加入: 10.25.25.46 loghost1 2、修改/etc/syslog.conf在文件末尾增加下面一行 *.info @loghost1 注:*.info与@loghost1之间是TAB键 3、root用户重新启动syslog服务 /etc/rc2.d/S74syslog stop|start |
|