Top Banner

Click here to load reader

20141227 banyan

Apr 07, 2016

Download

Documents

banyan.tw

 
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

WHITE PAPER

BANYAN

http://banyan.com.tw Banyan

Module-1 Module-2 Module-3 Module-4 Module-5 Module-6 Module-7Module-8 Module-9 Port Monitor NetFlowModule-10 Module-11 Module-12 Module-13 Module-14 Port Block FW SessionITACK (Acknowledge) (CPU/HD)

:WindowsSNMP WMI Windows Event Log Linux SNMP Cisco SNMP NetFlow Log Nexus FW ASA Juniper SNMP Fortigate SNMP Microsoft SQL ServerSQLMySQL ServerSQL

telnet://IP

Module 1-VMWARE/ESXi,64CPU() 300 22(Intel i3 ) 300 24(Intel i7XEON)() 300 2~4G RAM 300 4~8G RAM PORT MONITOR (Flow) 2~4G RAM SATA/SAS HDD128G (log)(Firewall)Disk I/O OVF VMware Dashboard BitsBytesstatusErrors/Discarded Windows & Linux & AIX MSSQL& MYSQL Listen Port SNMPv1v2cv3CiscoJuniperFortinet(Flow) Netflow sflowPort Monitor(WeatherMap)Working DayWorking Time

Module 2-Guest OSBANYANVMware OVFhost ? NTP Server ? guest OS Host

Host guest OS Host Synchronize time with host NTP SERVERGuest OSGuest OS CPUMEMORY

OVF IP 192.168.100.100 /24 admin / admin -IP http://newip

OVF ->->

[2] 2 Recovering (Normal) [2] 2

SNMP SNMP

SNMP Timeout()SNMP ()Timeout500 ms()(Microsoft)Windows2000 Server1500 ms

NTP IPNTP IP NTP IP VMware Host ->->

(,)

(Relay Server) IPIP

Module 3-

(host templates)

CISCO 3750 SwitchCisco 5min CPU Cisco SNMP Cisco IP SLA Statistics:->->

:

:Cisco C3750 Switch

(Data Source) ()

()

()

() ()/Exact ValueCPU / Process / Interface status CDEF (RAW DATA)EX: Byte/sec Mb/secPercent () RPNEx:Process CPU usage / System CPU usage / Idle CPU usage 3 Process CPU usage System CPU usage [ Cisco Router 5 Minute CPU ] CPU 30% Email [email protected] 80% Email [email protected]:->

:->

SNMP(system description) CiscoCisco [ Cisco ] [ 03. ]:->,

Cisco (Module 4-)03. (Module 5-) SNMP SNMPSNMPSNMP

:->

Module 4-SNMPICMP SNMP :-> ,

:

Ex: Win-WEB

IP IPEX: 192.168.100.100

:Host Down NoneUP100%Ping or SNMP ()Ping SNMP 2 Ping and SNMP ()Ping SNMP 2, SNMPSNMP PingSNMP Ping TCP UDP ICMP Ping :SNMP

SNMP SNMP SNMP Community Community SNMP Port UDP 161 Port, SNMP (ms)(poller) SNMP SNMP v2 50:, ()

Re-Index MethodNoneIndex Ex: Socket Port Uptime Goes Backwards()SNMP SNMP1.3.6.1.2.1.1.3(sysUpTime)uptime Index Count ChangeVerify All Fields

SNMP Not In Use,Uptime Goes Backwards,

SNMP (system information)1.3.6.1.2.1.1.1- sysDescr1.3.6.1.2.1.1.2- sysObjectID1.3.6.1.2.1.1.3- sysUpTime1.3.6.1.2.1.1.4- sysContact1.3.6.1.2.1.1.5- sysName1.3.6.1.2.1.1.6 sysLocation

=,SNMP SNMP SNMP PingICMPEX:CPU:->

:

:->(total bandwidth) (1)(2)

1

2

3

Module 5-Ex:: [Host-Sample-] Cisco [Host-Sample-] :-> Host-Sample-:->Place on a Tree(Host-Sample-)

:->

::

:- ()

:add

:

:->->

->->

:->->

Module 6-Email ->

URLhttp://IP

[ 30 ]

HostDown

(global) HostDown

Module 3-

,:->->

:->-> ,

(Disable)->,

Module 7-:->->

PNGJPEGGIF

:

()

:->->

: Daily Report

:(partition):->

:

:

Today Last 1 Day-()Last 2 Day-2() , Last 1 DayLast 2 Day Last Week :->add

:->-Run Report

view

:

:201411/1511/3085

->, 1115-30add

->1115-30edit(5)

->1115-30Run Report: CPU, POT(Percent Over Threshold)

POT

Module 8-Local Remote Host(LOG), ->->

Cisco : err-disable Cisco Ex: port secureDec 26 14:10:22 GMT+8: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/38, putting Fa0/38 in err-disable state Cisco Ex: storm-controlDec 26 09:59:09 GMT+8: %PM-4-ERR_DISABLE: storm-control error detected on Fa0/15, putting Fa0/15 in err-disable state

: FAN_FAILED Cisco

: Line protocol on Interface Port-channel Cisco ether-channel

: Line protocol on Interface Tunnel tunnel link

: power supply detected Cisco

: RADIUS_ALIVE Cisco RADIUS SERVER

: STACKMGR Cisco(Stack)

->

(5min)Ex: 5MIN 30 [ Line protocol on Interface Tunnel ] Email [email protected]

threshold 3050Security Level Warning

Module 9- Flow ? (packet)Flow IP IPL3 (Protocol Type)(Port)(Port)ToS ( DSCP),(ifIndex)

Flow Netflowjflow sflowBanyan Flow Net Flow v1 v5 SFlow Port Monitor Banyan Netflow v5

Netflow Cisco NetFlow Flow NetFlow Cisco NetFlow :

Cisco 800,1700,2600Cisco 1800,2800,3800Cisco 4500 ( NetFlow Services Card )Cisco 6500Cisco 7200,7300,7500Cisco 7600Cisco 10000,12000,CRS-1

NetFlow Cisco Cisco 2900 SwitchCisco 3500 SwitchCisco 3560 SwitchCisco 3750 Switch()

Cisco Router ( NetFlow L3 NetFlow Cisco 3700 L3 NetFlow Banyan (collector)Netflow Cisco NetFlow

sflow http://www.sflow.org/products/network.php flow UDP 6343 (port) , (script)

->(flow), ,, (flow)0 IP (port) UDP 3055 Port sflow port monitor 3055sflow port monitor Netflow Netflow v5 Banyan v1v5v6 Version 1 Version 5 , Version 1NetFlow Version 5 BGP ( Border Gateway Protocol)AS (autonomous system) Flow (sequence number)(binary file)0

->

-

-

(:)-8 DAYS(8), -8 HOURS(8), -8 MINUTES(8)(:)NOW IP / IP(filter) IP, Ex: 192.168.1.1IPEx :192.168.1.1,192.168.1.1,192.168.1.2,192.168.100.100IPEx:-192.168.1.1,-192.168.1.0/24 192.168.1.1192.168.1.0/24 TCP FlagsTCP (Flag)SYNACKRSTFIN, 0x10x1b0x1a:

(source) IP IP(Destination) IP(Destination) IP, IP (Source) IP Bytes 2IP Port

:24multicast 224.0.0.0/8 ,

:08:00

:2IP

Module 10-: :->

:Flow-Sample->->

:Enter(Node)

Node

(action) Ex: telnet-> Submit

:192.168.1.1192.168.1.2:

100M->Filter():->->

:/admin

:12

1-1:(Image):->

150 150 60 60

1-2:(node)

LABELOFFSET -50 0 ()50 pixLABELOFFSET 0 -50()50 pix1-3:(node)

LABELOUTLINECOLOR noneLABELFONT 15FONTDEFINE 100 docs/example/Vera.ttf 10FONTDEFINE 10 fz.ttf 8FONTDEFINE 11 fz.ttf 10FONTDEFINE 12 fz.ttf 12FONTDEFINE 13 fz.ttf 14FONTDEFINE 14 fz.ttf 16FONTDEFINE 15 fz.ttf 30LABELFONTSHADOWCOLOR 128 128 128LABELBGCOLOR none

LABELFONTCOLOR 255 255 0Sample

LABEL LABELFONT 15LABELOUTLINECOLOR noneLABELFONTSHADOWCOLOR 128 128 128LABELBGCOLOR noneLABELFONTCOLOR 255 255 01-4: (Line) 2

1-5: (Line) 2

40pixNODES green:N40 red:N40 40pixNODES green:S40 red:S40 40pixNODES green:W40 blue:W40 40pixNODES green:E40 blue:E401-6: (Line)

http://network-weathermap.com/manual/0.97/pages/targets.html

Module 11-->->(,)B Class DNS DNS SNMP community SNMP Community (:)

->

VMware guest OS snapshot

11:30ICMP 172.16.4.0/24,172.16.14.0/24 [public] [public01 ] SNMP Community [Windows] Host-Sample-:->

: ->->

->Add

Module 12-->->-Router Configs

->->AuthenticationAdd->->DevicesAdd

Nexus N5KN5K IP 1921.68.1.123 vrf management/ Admin01/Admin01 running configuration() CiscoNexus Client Authentication , N5K-U+U

Device

Module 13-->/

(Disable) ? ? SNMP Error ??

? ?->/SNMP (FLOW) / banyan / naynab login as : banyan [email protected] password : naynabModule 14-(;;;;Port Block) IP PC (/)WindowsSNMP 1. [] [] ] [2. [] []3. [SNMP ]4. [] 5. [] [] 6. [] : : TCP/IP : TCP/IP [ IP () IP 7. []

8. SNMP WMI WMI,Windows,WMI,WMI.WMI.AD WMI,1-7AD.

1. Administrator2. 3.

4. 5. wmiuser,26. =wmipass7.

8. 9. wmiuser10. Performance Log UsersPerformance Monitor Users

11. 12. ,WMI13. 14. CMIV2

15. 16. wmiuser,,

17. 18. WMI

LinuxSNMP 1. rpm -ivh lm_sensors-2.10.7-9.el5.i386.rpm2. rpm -ivh lm_sensors-devel-2.10.7-9.el5.i386.rpm3. rpm -ivh net-snmp-5.3.2.2-9.el5.i386.rpm4. #vi /etc/snmp/snmpd.confview allincluded .180view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc access notConfigGroup "" any noauth exact all none none 5. setsebool -P snmpd_disable_trans 16. service snmpd restart7. chkconfig snmpd onCisco SNMP 1. Test2611#conf t 2. Test2611(config)# snmp-server community public RO3. Test2611(config)#snmp-server location Taipei-DC-014. Test2611(config)#snmp-server contact David5. Test2611(config)#exitCisco Pass + Enable pass1. Test2611 (config)#no username jty2. Test2611 (config)#line vty 0 43. Test2611 (config-line)#no login local4. Test2611 (config-line)#password Manager5. Test2611 (config-line)#loginCisco Username + pass1. Test2611 (config)#username jty pri 15 passw bjqsffeh2. Test2611 (config)#line vty 0 43. Test2611 (config-line)#login local4. Test2611 (config-line)#no passwordCisco NetFlow 1. Test2611#conf t 2. Test2611(config)#ip cef ip cef 3. Test2611(config)#int fastEthernet 0/0 router interface mode4. Test2611(config-if)#ip route-cache flow Flow 5. Test2611(config)#ip flow-export version 5 NetFlow Version 56. Test2611(config)#ip flow-export destination 192.168.100.100 2611 192.168.100.100 UDP 2611 port7. Test2611(config)#ip flow-cache timeout active 5 Flow 8. Test2611(config)#exit 9. Test2611#wr Cisco Log 1. Test2611#conf t 2. Test2611(config)# logging host ip3. Test2611(config)#exit4. Test2611#wr Cisco Auto Reboot1. Test2611#conf t2. Test2611(config)#access-list 99 permit 192.168.1.13. Test2611(config)#snmp-server community ytmisrt RO4. Test2611(config)#snmp-server community private RW 99192.168.1.1#snmpset -c private -v 2c 10.227.130.249 .1.3.6.1.4.1.9.2.9.9.0 i 2

: IF-MIB::ifAdminStatussnmpset syntax is: Interface UP/DOWNsnmpset -v1 -c community hostname IF-MIB::ifAdminStatus.interface i 1snmpset -v1 -c community hostname IF-MIB::ifAdminStatus.interface i 2Nexus CiscoNexus Client CISCO-N5K# sh ip route vrf ? WORD VRF name (Max Size 32) all Display information for all VRFs default Known VRF name management Known VRF name---> 2 vrf

CISCO-N5K# sh ip route vrf management---> vrf routing table

CISCO-N5K# ping 192.168.100.100 vrf management---> ping 192.168.100.100

CISCO-N5K# copy running-config tftp:Enter destination filename: [CISCO-N5K01-running-config]Enter vrf (If no input, current vrf 'default' is considered): managementEnter hostname for the tftp server: 192.168.100.100Trying to connect to tftp server......Connection to Server Established.TFTP put operation was successful--->

Cisco ASA 1. Local Cisco-5510-FW#aaa authorization command LOCAL2. 3 test Cisco-5510-FW#username test password test privilege 33. 3 Cisco-5510-FW#privilege cmd level 3 mode exec command copy4. Cisco-5510-FW#copy running-config tftp:Juniper SNMP 1. SNMP

2. SNMP

1. Juniper FW# set admin user name passwordFortigate SNMP Using Web UI:1. Log in to the FortiGate web interface2. Go toSystem > Config > SNMP v1/v2c3. SelectEnablefor the SNMP Agent4. EnterDescription,LocationandContactinformation.5. ClickApply.To activate SNMP traffic in the source interface:6. Go toSystem > Network > Interface.7. For the interface allowing SNMP traffic, selectEdit.8. SelectSNMPforAdministrative Access.9. SelectOK.

1. Fortigate FW# config system admin (admin) # edit teatnew entry 'teat' added2. Fortigate FW# set password test3. Fortigate FW# set accprofile super_admin_readonly4. Fortigate FW# endMicrosoft SQL Server SQLMySQLMSSQL DB MANAGER,/* SQL 2000 */

USE [master]GOEXEC master.dbo.sp_addlogin @loginame = N'mssqlmonitor', @passwd = N'mssqlpw', @defdb = N'master'GOEXEC master..sp_addsrvrolemember @loginame = N'mssqlmonitor', @rolename = N'processadmin'GOEXEC dbo.sp_grantdbaccess @loginame = N'mssqlmonitor', @name_in_db = N'mssqlmonitor'GOGRANT SELECT ON [dbo].[sysperfinfo] TO [mssqlmonitor]GO

/* SQL 2005/2008 */

USE [master]GOCREATE LOGIN [mssqlmonitor] WITH PASSWORD=N'mssqlpw', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFFGOEXEC sys.sp_addsrvrolemember @loginame = N'mssqlmonitor', @rolename = N'processadmin'GOCREATE USER [mssqlmonitor] FOR LOGIN [mssqlmonitor] WITH DEFAULT_SCHEMA=[dbo]GOGRANT SELECT ON [sys].[dm_os_performance_counters] TO [mssqlmonitor]GO

MySQL Server SQLConsoleMySQLroot>GRANT PROCESS,SUPER ON *.* TO 'mysqlmonitor'@'Host-IP' IDENTIFIED BY 'mysqlpw';>FLUSH PRIVILEGES;>quit

Host-IP IP,localhost( Telnet://IP ) http://forums.mozillazine.org/viewtopic.php?f=38&t=397160Windows XP or Windows 7IE10orChrometelnet://IP C:\Program Files PuTTY. EX: C:\Program Files\PuTTY putty.exe

->(regedit ) HKEY_CLASSES_ROOT\telnet\shell\open\command () (C:\Program Files\PuTTY\putty.exe %1)

yahoo ping www.yahoo.com.tw yahoo IP 119.160.242.96

Data QuerymURLin


Related Documents
Banyan Air Service

Banyan Air Service

Category: Documents
Banyan Tree Judgement

Banyan Tree Judgement

Category: Documents
Sustainability & Diversity - Banyan Tree Global Foundation · Banyan Tree ringha Banyan Tree Vabbinfaru Angsana Ihuru Banyan Tree ungasan laguna Bintan (Banyan Tree, Angsana, and

Sustainability & Diversity - Banyan Tree Global...

Category: Documents
BANYAN HOUSE

BANYAN HOUSE

Category: Documents
Project Banyan

Project Banyan

Category: Business
Beneath the Banyan Tree - ArtsAlive.caartsalive.ca/pdf/eth/activities/banyantree.pdf · • Learning about banyan trees, ... composer Edgardo Moreno have shaped Beneath the Banyan

Beneath the Banyan Tree -...

Category: Documents
Sustainability: Businesses Creating Value · •Laguna Bintan (BT Bintan, Angsana Bintan, Golf) •Banyan Tree Ungasan •Angsana Velavaru Banyan Tree Mayakoba •Laguna Phuket (Banyan

Sustainability: Businesses Creating Value · •Laguna...

Category: Documents
ABOUT BANYAN TREE FEATURES - … · ABOUT BANYAN TREE Banyan Tree operates internationally to provide the ultimate in tourism, accommodation and lifestyle experiences. Our dedication,

ABOUT BANYAN TREE FEATURES - … · ABOUT BANYAN TREE...

Category: Documents
Banyan: A framework for distributing tree-structured ...dwrensha/banyan/banyan.pdf · distribution of tree-structured search applications. Banyan abstracts from the application programmer

Banyan: A framework for distributing tree-structured...

Category: Documents
GROWING SUSTAINABILITY - Banyan Tree Global … · Banyan Tree Ringha, China GROWING SUSTAINABILITY Banyan Tree Holdings Limited Sustainability Report 2009

GROWING SUSTAINABILITY - Banyan Tree Global … · Banyan.....

Category: Documents
Banyan Herb

Banyan Herb

Category: Business
Mont Kiara Banyan

Mont Kiara Banyan

Category: Art & Photos