netflow配置

一、JUNIPER设备
1.Snmp的配置
set system static-host-mapping E450 inet 192.168.1.45
set system syslog user * any emergency
set system syslog host E450 any any
set system syslog host 192.168.1.251 any any
set snmp community net123 authorization read-write
set snmp community net123 clients 192.168.1.251
set snmp community net123 clients 192.168.1.251
set snmp community net123 clients 0.0.0.0/0
set snmp trap-group version all
set snmp trap-group authentication chassis configuration link remote-operations rmon-alarm routing startup vrrp-events
set snmp trap-group targets 192.168.1.45
set snmp trap-options source-address lo0
set routing-options options syslog level emergency alert critical error warning notice info debug
commit

2.NetFlow配置
set firewall filter gd-ipnet-m160-1 term net123 then sample
set firewall filter gd-ipnet-m160-1 term net123 then accept
set interfaces ge-4/1/1 unit 0 family inet filter input net123 "在ge-4/1/1口上对input包作采样
set interfaces ge-4/1/1 unit 0 family inet filter output net123 "对output包作采样
set forwarding-options sampling input family inet rate 1000 "采样率为1000
set forwarding-options sampling input family inet run-length 0
set forwarding-options sampling output cflowd 211.139.136.108 port 3055 "接受NetFlow采样包的目的主机为211.139.136.108
set forwarding-options sampling output cflowd 211.139.136.108 version 5
set forwarding-options sampling output cflowd 211.139.136.108 no-local-dump
set forwarding-options sampling output cflowd 211.139.136.108 autonomous-system-type origin "origin和peer选一
commit
"在这里,sampling_rate=(run_length+1)/rate,
" 即sampling_rate=(1+1)/1000
"(set forwarding-options sampling input family inet run-length 1 "run-length缺省为0)

3.SLA配置
set snmp view ping-view oid .1.3.6.1.2.1.80 include "ping-mib
set snmp view ping-view oid .1.3.6.1.4.1.2636.3.7 include
"set snmp view ping-view oid .1.3.6.1.2.1.81 include "traceroute-mib
"set snmp view ping-view oid .1.3.6.1.4.1.2636.3.8 include
set snmp community ping-community authorization read-write
set snmp community ping-community view ping-view
set snmp community ping-community clients 211.139.136.108
commit

4.采样进程的停止与重新启动
先查出sampled进程的PID号:
juniper>show system processes extensive
再juniper>start shell
%su

kill PID号

退出:#exit
%exit
如果要重新开起sampled进程:
juniper>restart sampling immediately

二、CISCO设备
1、snmp、traps:
router#config t
router(config)#snmp community net123 rw
router(config)#snmp host 192.168.1.45 traps version 2c xxxxxxxx
router(config)#snmp enable traps
router(config-if)#snmp trap link-status

2、syslog:
router(config)#logging 192.168.1.45
router(config)#logging source-interface loopback0

3、netflow:
cisco目前还不支持双向netflow,缺省是针对input
router(config-if)#ip route-cache flow sampled "GSR支持sampled参数,其他的可能不支持sampled参数
router(config)#ip flow-export version 5 origin-as as_id
router(config)#ip flow-export destination 192.168.1.45 3055
router(config)#ip flow-sampling-mode packet-interval 1000
router#ip flow-export source Loopback0
router#show ip flow sampling
router#show ip flow export
router#show ip cache flow "这些命令查看netflow的状态
从12.1(3)T版本开始,cisco IOS允许netflow发给多个目的主机(当前版本最多支持2个)。
(12.2T)
(rsp-jsv-mz.123-4.T1.bin ,最少128M mem,最少32M flash MEM。)

4、PIX防火墙
PIX:conduit permit icmp any any
conduit permit tcp host 172.10.17.141 eq 5016 host 139.126.254.1
conduit permit udp any host 132.96.20.9
route outside 10.3.81.0 255.255.255.0 172.10.17.150 1
snmp-server host outside 132.96.20.9 poll
no snmp-server location
no snmp-server contact
snmp-server community net123
snmp-server enable traps
PIX的规则:
外网的地址不能访问pix的outside接口的地址的
如果要访问inside接口的地址的话
那需要做nat
把采集机地址映射成内网的一个地址
然后才能snmp访问inside接口
如果不做nat要snmp访问inside接口的话
必须要走ipsec方式

三、华为设备
1、huawei R3640EP:
[router]display saved-config !查看保存的配置
[router]undo ….. !相当于cisco里的no命令
[router]interface loopback1
[router-loopback1]ip address 1.1.1.1 255.255.255.255
[router]snmp-agent community read net123
[router]snmp-agent sys-info version all
[router]snmp-agent trap enable
[router]snmp-agent trap source loopback 0
[router]snmp-agent target-host trap address 10.243.191.2 parameters v1 port 162 securityname public
[router]info-center enable
[router]info-center loghost 0 10.243.191.2 514 Chinese
[router]info-center loghost 1 10.243.191.3 514 Chinese
[router]save
[router]logout

2、其它型号的:
huawei router:
sys
[router]snmp-agent community read net123
[router]snmp-agent sys-info version all
[router]snmp-agent trap enable
[router]snmp-agent trap source loopback 0
[router]snmp-agent target-host trap address udp-domain ... udp-port 162 params securityname net123
[router]quit
save

四、3COM设备
1)进入菜单:system/management/snmp/community
ENTER new community for user 'admin'[admin] : 回车
ENTER new community for user 'manager' [XXX] : 回车
ENTER new community for user 'monitor' :设置SNMP community string.

2)进入菜单:system/management/snmp/trap/create
enter the trap community string [monitor]: 回车
enter the trap destination address: 192.168.9.157
NS防火墙
系统日志和SNMP:
set syslog enable
set syslog config 10.20.1.2 auth/sec local0
set syslog config 172.10.16.25 local0 local0
set syslog port 514
set syslog traffic
set syslog ***
set log module system level notification destination syslog
set log module system level notification destination webtrends
set snmp community remote_admin read-write trap-on
set snmp community JCarney read-only trap-on
set snmp community TCooper read-write trap-on traffic
set snmp ***
set snmp contact John Fisher
set snmp location Miami
set snmp host remote_admin 10.20.1.2
set snmp host JCarney 172.16.20.181
set snmp host JCarney 172.16.40.245
set snmp host JCarney 172.16.40.55
set snmp host TCooper 172.16.20.250
save

五、SUMMIT设备

SNMP Configuration

configure snmp add trapreceiver 169.254.70.255 community "ST.-1442953473.10550"
configure snmp add trapreceiver 169.254.70.255 community "ST.-1442953473.10550"
configure snmp delete community readonly all
configure snmp delete community readwrite all
configure snmp add community readonly V5rypted "rykfcb"
configure snmp add community readwrite V5rypted "r~`|kug"
configure snmp sysName "Summit200-24"

六、Solaris系统网管告警配置需求
一、对于snmp需要进行如下配置(包括trap):
1、修改/etc/snmp/conf/snmpd.conf文件,使相关内容如下
system-group-read-community net123
read-community net123
trap 172.16.63.129
2、root用户重新启动snmpd进程
/etc/rc3.d/S76snmpdx stop|start
二、对于syslog需要进行如下配置:
1、修改/etc/hosts文件,在文件末尾加入:
10.25.25.46 loghost1
2、修改/etc/syslog.conf在文件末尾增加下面一行
.info @loghost1
注:
.info与@loghost1之间是TAB键
3、root用户重新启动syslog服务
/etc/rc2.d/S74syslog stop|start
华为

[router]interface loopback1
[router-loopback1]ip address 1.1.1.1 255.255.255.255(BSM服务器的IP)
[router]snmp-agent community read net123
[router]snmp-agent sys-info version all
[router]snmp-agent trap enable
[router]snmp-agent trap source loopback 0
[router]snmp-agent target-host trap address 10.243.191.2 parameters v1 port 162 securityname public
[router]save