■GNS3のルータでSNMP/Syslogを設定する。
snmp-server community public ro
ip access-list extended 102
60 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 range snmp snmptrap
end
Extended IP access list 102
10 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 eq ntp (21 matches)
20 permit udp 172.31.31.0 0.0.0.255 eq domain 172.31.31.0 0.0.0.255
30 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 eq domain
40 permit icmp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255
50 permit tcp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255
60 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 range snmp snmptrap
■LinuxからSNMPでバージョン情報を取得してみる。
SNMPトラップで受信する予定のf0/1のLink状態を取得。
$ sudo apt-get install -y snmpd
$ sudo grep community.*public /etc/snmp/snmpd.conf | grep -v ^#
rocommunity public default -V systemonly
rocommunity6 public default -V systemonly
$ snmpwalk -c public -v 1 172.31.31.21 iso.3.6.1.4.1.9.9.41.1.2.3.1.5.2
iso.3.6.1.4.1.9.9.41.1.2.3.1.5.2 = STRING: "Interface FastEthernet0/1, changed state to up"
■CiscoのSNMP通知の設定
「linkdown」「linkup」のイベント時にSNMPトラップを送信する。
snmp-server trap-source f0/0
snmp-server enable traps snmp linkdown linkup
snmp-server host 172.31.31.90 version 1 public
end
■LinuxでSNMPトラップを受信してみる。
$ sudo apt-get install -y snmptrapd
$ echo 'authCommunity log,execute,net public
traphandle default /usr/bin/mail -s "SNMP Trap" labunix@vm-jessie.myhome.local' | \
sudo tee -a /etc/snmp/snmptrapd.conf
$ sudo grep -v "^\$\|^#" /etc/snmp/snmptrapd.conf
authCommunity log,execute,net public
traphandle default /usr/bin/mail -s "SNMP Trap" labunix@vm-jessie.myhome.local
$ sudo systemctl restart snmptrapd.service
$ sudo systemctl restart snmpd.service
■CiscoでSNMPトラップ送信を確認
SNMP packet debugging is on
int f0/1
no shut
end
ec 12 12:46:28.865: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
Dec 12 12:46:29.865: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Dec 12 12:46:29.873: SNMP: Queuing packet to 172.31.31.60
Dec 12 12:46:29.877: SNMP: V1 Trap, ent snmpTraps, addr 172.31.31.21, gentrap 3, spectrap 0
ifIndex.2 = 2
ifDescr.2 = FastEthernet0/1
ifType.2 = 6
lifEntry.20.2 = up
Dec 12 12:46:30.125: SNMP: Packet sent via UDP to 172.31.31.60
■Linux側でのmail受信の確認
syslogとpostfixメールの確認
$ sudo awk '/SNMP/{a=$0}END{print a}' /var/log/syslog | sed -e 's/iso\|,\|(/\n&/g'
Dec 12 21:46:30 vm-jessie snmptrapd[31547]: 2017-12-12 21:46:30 172.31.31.21
(via UDP: [172.31.31.21]:62276->[172.31.31.60]:162) TRAP
, SNMP v1
, community public#012#011
iso.3.6.1.6.3.1.1.5 Link Up Trap
(0) Uptime: 0:35:54.20#012#011
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2#011
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "FastEthernet0/1"#011
iso.3.6.1.2.1.2.2.1.3.2 = INTEGER: 6#011
iso.3.6.1.4.1.9.2.2.1.1.20.2 = STRING: "up"
$ mail
Mail version 8.1.2 01/15/2001. Type ? for help.
"/var/mail/labunix": 1 message 1 new
>N 1 root@vm-jessie.my Tue Dec 12 21:46 27/981 SNMP Trap
&
Message 1:
From root@vm-jessie.myhome.local Tue Dec 12 21:46:30 2017
X-Original-To: labunix@vm-jessie.myhome.local
To: labunix@vm-jessie.myhome.local
Subject: SNMP Trap
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Date: Tue, 12 Dec 2017 21:46:30 +0900 (JST)
From: root@vm-jessie.myhome.local (root)
<UNKNOWN>
UDP: [172.31.31.21]:62276->[172.31.31.60]:162
iso.3.6.1.2.1.1.3.0 0:0:35:54.20
iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.6.3.1.1.5.4
iso.3.6.1.2.1.2.2.1.1.2 2
iso.3.6.1.2.1.2.2.1.2.2 "FastEthernet0/1"
iso.3.6.1.2.1.2.2.1.3.2 6
iso.3.6.1.4.1.9.2.2.1.1.20.2 "up"
iso.3.6.1.6.3.18.1.3.0 172.31.31.21
iso.3.6.1.6.3.18.1.4.0 "public"
iso.3.6.1.6.3.1.1.4.3.0 iso.3.6.1.6.3.1.1.5
■syslog転送設定
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service sequence-numbers
line console 0
logging synchronous
line vty 0 15
logging synchronous
logging buffered 512000
logging host 172.31.31.60
logging trap notifications
logging facility local5
end
■Linuxのrsyslogdで受信する。
$ sudo grep -A 1 GNS3 /etc/rsyslog.conf
fromhost-ip, isequal, "172.31.31.21" -/var/log/GNS3-Cisco.log
& stop
$ sudo systemctl restart rsyslog.service
$ sudo tail -f /var/log/GNS3-Cisco.log
Dec 12 21:58:37 172.31.31.21 48: 014258: Dec 12 21:58:36.253 JST: %SYS-5-CONFIG_I: Configured from console by console
Dec 12 22:00:24 172.31.31.21 50: 014261: Dec 12 22:00:23.829 JST: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
Dec 12 22:00:24 172.31.31.21 51: 014262: Dec 12 22:00:24.829 JST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down