labunix's blog

labunixのラボUnix

GNS3のルータでSNMP/Syslogを設定する。

■GNS3のルータでSNMP/Syslogを設定する。

#conf t
 snmp-server community public ro
 ip access-list extended 102
 60 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 range snmp snmptrap
 end
#show ip access-lists 102
Extended IP access list 102
    10 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 eq ntp (21 matches)
    20 permit udp 172.31.31.0 0.0.0.255 eq domain 172.31.31.0 0.0.0.255
    30 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 eq domain
    40 permit icmp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255
    50 permit tcp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255
    60 permit udp 172.31.31.0 0.0.0.255 172.31.31.0 0.0.0.255 range snmp snmptrap

■LinuxからSNMPでバージョン情報を取得してみる。
 SNMPトラップで受信する予定のf0/1のLink状態を取得。

$ sudo apt-get install -y snmpd 
$ sudo grep community.*public /etc/snmp/snmpd.conf  | grep -v ^#
 rocommunity public  default    -V systemonly
 rocommunity6 public  default   -V systemonly

$ snmpwalk -c public -v 1 172.31.31.21 iso.3.6.1.4.1.9.9.41.1.2.3.1.5.2
iso.3.6.1.4.1.9.9.41.1.2.3.1.5.2 = STRING: "Interface FastEthernet0/1, changed state to up"

■CiscoのSNMP通知の設定
 「linkdown」「linkup」のイベント時にSNMPトラップを送信する。

#conf t
 snmp-server trap-source f0/0
 snmp-server enable traps snmp linkdown linkup
 snmp-server host 172.31.31.90 version 1 public
 end

■LinuxでSNMPトラップを受信してみる。

$ sudo apt-get install -y snmptrapd

$ echo 'authCommunity log,execute,net public
traphandle default /usr/bin/mail -s "SNMP Trap" labunix@vm-jessie.myhome.local' | \
  sudo tee -a /etc/snmp/snmptrapd.conf

$ sudo grep -v "^\$\|^#" /etc/snmp/snmptrapd.conf
authCommunity log,execute,net public
traphandle default /usr/bin/mail -s "SNMP Trap" labunix@vm-jessie.myhome.local

$ sudo systemctl restart snmptrapd.service 
$ sudo systemctl restart snmpd.service 

■CiscoでSNMPトラップ送信を確認

#debug snmp packets
SNMP packet debugging is on

# conf t
  int f0/1
    no shut
  end

ec 12 12:46:28.865: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
Dec 12 12:46:29.865: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Dec 12 12:46:29.873: SNMP: Queuing packet to 172.31.31.60
Dec 12 12:46:29.877: SNMP: V1 Trap, ent snmpTraps, addr 172.31.31.21, gentrap 3, spectrap 0 
 ifIndex.2 = 2 
 ifDescr.2 = FastEthernet0/1 
 ifType.2 = 6 
 lifEntry.20.2 = up
Dec 12 12:46:30.125: SNMP: Packet sent via UDP to 172.31.31.60


■Linux側でのmail受信の確認
 syslogとpostfixメールの確認

$ sudo awk '/SNMP/{a=$0}END{print a}' /var/log/syslog | sed -e 's/iso\|,\|(/\n&/g'
Dec 12 21:46:30 vm-jessie snmptrapd[31547]: 2017-12-12 21:46:30 172.31.31.21
(via UDP: [172.31.31.21]:62276->[172.31.31.60]:162) TRAP
, SNMP v1
, community public#012#011
iso.3.6.1.6.3.1.1.5 Link Up Trap 
(0) Uptime: 0:35:54.20#012#011
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2#011
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "FastEthernet0/1"#011
iso.3.6.1.2.1.2.2.1.3.2 = INTEGER: 6#011
iso.3.6.1.4.1.9.2.2.1.1.20.2 = STRING: "up"

$ mail
Mail version 8.1.2 01/15/2001.  Type ? for help.
"/var/mail/labunix": 1 message 1 new
>N  1 root@vm-jessie.my  Tue Dec 12 21:46   27/981   SNMP Trap
& 
Message 1:
From root@vm-jessie.myhome.local  Tue Dec 12 21:46:30 2017
X-Original-To: labunix@vm-jessie.myhome.local
To: labunix@vm-jessie.myhome.local
Subject: SNMP Trap
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Date: Tue, 12 Dec 2017 21:46:30 +0900 (JST)
From: root@vm-jessie.myhome.local (root)

<UNKNOWN>
UDP: [172.31.31.21]:62276->[172.31.31.60]:162
iso.3.6.1.2.1.1.3.0 0:0:35:54.20
iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.6.3.1.1.5.4
iso.3.6.1.2.1.2.2.1.1.2 2
iso.3.6.1.2.1.2.2.1.2.2 "FastEthernet0/1"
iso.3.6.1.2.1.2.2.1.3.2 6
iso.3.6.1.4.1.9.2.2.1.1.20.2 "up"
iso.3.6.1.6.3.18.1.3.0 172.31.31.21
iso.3.6.1.6.3.18.1.4.0 "public"
iso.3.6.1.6.3.1.1.4.3.0 iso.3.6.1.6.3.1.1.5

■syslog転送設定

#conf t
 service timestamps debug datetime msec localtime show-timezone
 service timestamps log datetime msec localtime show-timezone
 service sequence-numbers
 # console logging off
 line console 0
  logging synchronous
 line vty 0 15
  logging synchronous
 logging buffered 512000
 logging host 172.31.31.60
 logging trap notifications
 logging facility local5
 end

■Linuxのrsyslogdで受信する。

$ sudo grep -A 1 GNS3 /etc/rsyslog.conf
:fromhost-ip, isequal, "172.31.31.21" -/var/log/GNS3-Cisco.log
& stop

$ sudo systemctl restart rsyslog.service

$ sudo tail -f /var/log/GNS3-Cisco.log 
Dec 12 21:58:37 172.31.31.21 48: 014258: Dec 12 21:58:36.253 JST: %SYS-5-CONFIG_I: Configured from console by console
Dec 12 22:00:24 172.31.31.21 50: 014261: Dec 12 22:00:23.829 JST: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
Dec 12 22:00:24 172.31.31.21 51: 014262: Dec 12 22:00:24.829 JST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down