読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

vSRX-HAからJessieにNTP/SNMP/SNMP Trap/DNSクライアント/syslogを転送してみる。

■vSRX-HAからJessieにNTP/SNMP/SNMP Trap/DNSクライアント/syslogを転送してみる。

$ lsb_release -d
Description:	Debian GNU/Linux 8.2 (jessie)

labunix@vSRX-node0> show version 
node0:
--------------------------------------------------------------------------
Hostname: vSRX-node0
Model: firefly-perimeter
JUNOS Software Release [12.1X47-D20.7]

node1:
--------------------------------------------------------------------------
Hostname: vSRX-node1
Model: firefly-perimeter
JUNOS Software Release [12.1X47-D20.7]

{secondary:node0}

■NTPの時刻同期
 上位NTPサーバ設定と下位NTPへの問い合わせの設定

# apt-get install -y ntp; awk '/^[sdr].*[rpt]$/ && !/drift/' /etc/ntp.conf
server -4 172.31.31.252 iburst
restrict -4 172.16.76.100 kod notrap
restrict -4 192.168.152.100 kod notrap
disable monitor

■debian側で同期が取れたら。

# ntpq -pn -c rv | awk '/stratum/{print $NF}'
stratum=3,

■vSRX側でもNTP同期
 数分待つ。その間例えば次のように監視する。
 「tcpdump -i vmnet1 -n -X -vvv udp port 123」

labunix@vSRX-node0> show configuration | display set | match ntp 
set system ntp server 172.16.76.100

{primary:node0}

labunix@vSRX-node0> set date ntp             
node0:
--------------------------------------------------------------------------
21 Dec 21:48:16 ntpdate[2263]: step time server 172.16.76.100 offset -0.000745 sec

node1:
--------------------------------------------------------------------------
21 Dec 21:48:16 ntpdate[2548]: step time server 172.16.76.100 offset -0.000654 sec

{primary:node0}

labunix@vSRX-node0> show ntp status          
status=0664 leap_none, sync_ntp, 6 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Tue Mar  3 22:07:26 UTC 2015 (1)",
processor="i386", system="JUNOS12.1X47-D20.7", leap=00, stratum=4,
precision=-19, rootdelay=46.474, rootdispersion=1.350, peer=32164,
refid=172.16.76.100,
reftime=da2273e7.de5aede6  Mon, Dec 21 2015 21:49:43.868, poll=6,
clock=da2273ea.e895f4cd  Mon, Dec 21 2015 21:49:46.908, state=3,
offset=0.000, frequency=0.000, jitter=0.079, stability=0.000

{primary:node0}

labunix@vSRX-node0> show ntp associations    
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*172.16.76.100   172.31.31.252    3 -    1   64    1    0.407   -1.005   0.096

{primary:node0}

■SNMPDの設定

$ sudo apt-get install -y snmpd snmptrapd ; \
    sudo /etc/init.d/snmpd restart ; \
    sudo tail -10 /var/log/syslog | awk -F\: '/line /{print $(NF-1),$NF}'
[ ok ] Restarting snmpd (via systemctl): snmpd.service.
 Unknown token  defaultMonitors.
 Unknown token  linkUpDownNotifications.

$ sudo sed -i -e 's/defaultMonitors/#&/' -e 's/linkUpDownNotifications/#&/' /etc/snmp/snmpd.conf
$ sudo /etc/init.d/snmpd restart ; sudo tail -10 /var/log/syslog | awk -F\: '/line /{print $(NF-1),$NF}'
[ ok ] Restarting snmpd (via systemctl): snmpd.service.

$ snmpwalk -v 1 -c public localhost | tail -1
End of MIB

■SNMP Trapdの設定

$ echo 'authCommunity log,execute,net private' | sudo tee -a /etc/snmp/snmptrapd.conf 
authCommunity log,execute,net private
$ sudo sed -i -e 's/\(TRAPDRUN=\)no/\1yes/' /etc/default/snmptrapd; \
    sudo /etc/init.d/snmpd restart; \
    sudo /etc/init.d/snmptrapd restart

$ netstat -an | awk '/16[12] /'
udp        0      0 127.0.0.1:161           0.0.0.0:*
udp        0      0 0.0.0.0:162             0.0.0.0:*

■SNMPクライアントを使ってdebianからvSRXの情報を取得

labunix@vSRX-node0> show configuration | display set | match public  
set snmp community public authorization read-only

{primary:node0}

$ snmpwalk -v 1 -c public 172.16.76.203 iso.3.6.1.2.1.2.2.1.2 | awk '/reth/'
iso.3.6.1.2.1.2.2.1.2.539 = STRING: "reth0"
iso.3.6.1.2.1.2.2.1.2.540 = STRING: "reth1"
iso.3.6.1.2.1.2.2.1.2.541 = STRING: "reth2"
iso.3.6.1.2.1.2.2.1.2.542 = STRING: "reth3"
iso.3.6.1.2.1.2.2.1.2.545 = STRING: "reth0.0"
iso.3.6.1.2.1.2.2.1.2.546 = STRING: "reth1.0"
iso.3.6.1.2.1.2.2.1.2.547 = STRING: "reth4"
iso.3.6.1.2.1.2.2.1.2.548 = STRING: "reth2.0"
iso.3.6.1.2.1.2.2.1.2.551 = STRING: "reth3.0"

■vSRXからのSNMP Trapをdebianで確認。

labunix@vSRX-node0> show configuration | display set | match private   
set snmp trap-group private targets 172.16.76.100

{primary:node0}

labunix@vSRX-node0> request routing-engine login node 1 

--- JUNOS 12.1X47-D20.7 built 2015-03-03 21:53:50 UTC
{secondary:node1}
labunix@vSRX-node1> request system reboot 
Reboot the system ? [yes,no] (no) yes 

Shutdown NOW!
[pid 2730]

{secondary:node1}
labunix@vSRX-node1>                                                                                
*** FINAL System shutdown message from labunix@vSRX-node1 ***                

System going down IMMEDIATELY                                                  

                                                                               
rlogin: connection closed

{primary:node0}

$ sudo tail -2 /var/log/syslog  | sed -e 's/[:,] /"&\n/g'
Dec 21 22:12:29 jessie snmptrapd[17955]": 
2015-12-21 22:12:29 172.16.76.203(via UDP": 
[172.16.76.203]:50528->[172.16.76.100]:162) TRAP", 
SNMP v1", 
community private#012#011iso.3.6.1.4.1.2636.3.39.1.14.1 Enterprise Specific Trap (4) Uptime": 
0:42:36.65#012#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.15.0 = STRING": 
"1"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.16.0 = STRING": 
"4"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.17.0 = STRING": 
"1"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.18.0 = STRING": 
"Unhealthy"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.19.0 = STRING": 
"0"
Dec 21 22:12:29 jessie snmptrapd[17955]": 
2015-12-21 22:12:29 <UNKNOWN> [UDP": 
[172.16.76.203]:50528->[172.16.76.100]:162]:#012iso.3.6.1.2.1.1.3.0 = Timeticks": 
(255665) 0:42:36.65#011iso.3.6.1.6.3.1.1.4.1.0 = OID": 
iso.3.6.1.4.1.2636.3.39.1.14.1.0.4#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.15.0 = STRING": 
"1"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.16.0 = STRING": 
"4"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.17.0 = STRING": 
"1"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.18.0 = STRING": 
"Unhealthy"#011iso.3.6.1.4.1.2636.3.39.1.14.1.1.19.0 = STRING": 
"0"#011iso.3.6.1.6.3.1.1.4.3.0 = OID": 
iso.3.6.1.4.1.2636.1.1.1.2.96

■debianの名前解決の確認。

$ sudo apt-get install -y bind9
$ grep -A 2 'forwarders {' /etc/bind/named.conf.options 
	forwarders {
		172.31.31.251;
	};
$ sudo /etc/init.d/bind9 restart

$ dig juniper.com @127.0.0.1 | grep ^[A-z]
juniper.com.		513	IN	A	192.107.16.40

$ nslookup juniper.com 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
	Name:	juniper.com
Address: 192.107.16.40

■vSRXでの名前解決の確認

root@vSRX-node0> show configuration | display set | match name-server   
set system name-server 172.16.76.100
set system name-server 192.168.152.100

{primary:node0}
root@vSRX-node0> show host juniper.com 
juniper.com has address 192.107.16.40
juniper.com mail is handled by 5 mail.global.frontbridge.com.
juniper.com mail is handled by 5 juniper-com.mail.protection.outlook.com.

{primary:node0}
root@vSRX-node0% dig juniper.com | awk '/^[A-z]/'
juniper.com.            347     IN      A       192.107.16.40

■ちなみに送信元は管理ポートのIPアドレスの様子。

$ sudo tcpdump -i eth1 -n udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
22:31:14.554410 IP 172.16.76.203.53881 > 172.16.76.100.53: 19718+ A? juniper.com. (29)
22:31:14.554717 IP 172.16.76.100.53 > 172.16.76.203.53881: 19718 1/13/0 A 192.107.16.40 (256)

■debian側でのsyslogの設定

$ sudo awk '/^\$.*udp|^\$.*UDP/ || /stop|fromhost/' /etc/rsyslog.conf 
$ModLoad imudp
$UDPServerRun 514
:fromhost-ip, isequal, "172.16.76.203" /var/log/vSRX-HA1.log
& stop
:fromhost-ip, isequal, "172.16.76.204" /var/log/vSRX-HA2.log
& stop

$ sudo touch /var/log/vSRX-HA{1,2}.log; \
    sudo /etc/init.d/rsyslog restart
[ ok ] Restarting rsyslog (via systemctl): rsyslog.service.

$ netstat -an | grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*
udp6       0      0 :::514                  :::*

■vSRXからのsyslogの転送確認

root@vSRX-node1> show configuration | display set | match "syslog host" 
set system syslog host 172.16.76.100 any warning
set system syslog host 172.16.76.100 facility-override local7

{primary:node1}

root@vSRX-node0> request routing-engine login node 1 

--- JUNOS 12.1X47-D20.7 built 2015-03-03 21:53:50 UTC
root@vSRX-node1% cli
{secondary:node1}
root@vSRX-node1> request system reboot 
Reboot the system ? [yes,no] (no) yes 

Shutdown NOW!
[pid 2470]
                                                                               
*** FINAL System shutdown message from root@vSRX-node1 ***                   

System going down IMMEDIATELY                                                  

                                                                               

{secondary:node1}

■vSRXの1号機も試してみる。

root@vSRX-node0> request system reboot 
Reboot the system ? [yes,no] (no) yes 

Shutdown NOW!
[pid 2354]

{primary:node0}
root@vSRX-node0>                                                                                
*** FINAL System shutdown message from root@vSRX-node0 ***                   

System going down IMMEDIATELY                                                  

■debianでの受け取りの確認

$ sudo tail -n 3 /var/log/vSRX-HA{1,2}.log | sed -e 's/: /&\n\t/g' 
==> /var/log/vSRX-HA1.log <==
Dec 21 22:57:46 vSRX-node0 jsrpd[1091]: 
	JSRPD_UNSET_CS_MON_FAILURE: 
	Cold-sync Monitor failure recovered for redundancy-group 4
Dec 21 22:57:46 vSRX-node0 jsrpd[1091]: 
	JSRPD_HA_HEALTH_WEIGHT_RECOVERY: 
	Detected cluster1-Node0-RG4's health weight(255) fully recovery, send out SNMP trap
Dec 21 22:57:57 vSRX-node0 alarmd[1080]: 
	syslog: 
	unknown facility/priority: 
	ff04

==> /var/log/vSRX-HA2.log <==
Dec 21 22:57:46 vSRX-node1 jsrpd[1091]: 
	JSRPD_HA_HEALTH_WEIGHT_RECOVERY: 
	Detected cluster1-Node0-RG2's health weight(255) fully recovery, send out SNMP trap
Dec 21 22:57:46 vSRX-node1 jsrpd[1091]: 
	JSRPD_HA_HEALTH_WEIGHT_RECOVERY: 
	Detected cluster1-Node0-RG3's health weight(255) fully recovery, send out SNMP trap
Dec 21 22:57:46 vSRX-node1 jsrpd[1091]: 
	JSRPD_HA_HEALTH_WEIGHT_RECOVERY: 
	Detected cluster1-Node0-RG4's health weight(255) fully recovery, send out SNMP trap