TP Supervision Réseau

Etape 1 : Configuration de la VM

Fichier de configuration réseau :

networks:
  ethernets:
    enp0s3:
      dhcp4: true
    enp0s8:
      dhcp4: false
      addresses: [10.8.0.2/24]

Je n’ai pas mis de gateway ou de DNS dans la seconde carte ethernet car on ne cherche pas à sortir du réseau ou naviguer sur internet.

Etape 2 : Configuration SSH Switch

Ajout du SSH

Configuration du SSH

Switch>en
Switch#conf t
Switch(config)#ip domain-name grp8.local
Switch(config)#crypto key generate rsa
How many bits in the modulus [512]: 4096
Switch(config)#username hyperion secret password
Switch(config)#line vty 0 15
Switch(config-line)#transport input ssh
Switch(config-line)#exit
Switch(config)#ip ssh version 2

Ajout d’un VLAN d’administration

Ajout d’un VLAN 400 sur le port utilisé

Switch#conf t
Switch(config)#interface range FastEthernet0/23
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 400
Switch(config-if-range)#exit
Switch(config)#
Switch(config)#interface Vlan 400
Switch(config-if)#ip address 10.8.0.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit

Ajout des protocoles SSH sur linux

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
HostkeyAlgorithms +ssh-dss,ssh-rsa

Etape 3 : Installation de SNMP

Configuration de la VM

Installation du package SNMP

apt install snmp snmpd libsnmp-dev snmp-mibs-downloader

Configuration du Switch

Switch#conf t
Switch(config)#snmp-server community admin ro
Switch(config)#end

Etape 4 : Récupérer les informations

Localisation des infos

Arborescence standard des OID : Lien CNRS

Utilisation des commandes Linux SNMP

Exemple :

# CPU (moyenne 5 min)
snmpget -v2c -c admin 10.8.0.1 1.3.6.1.4.1.9.9.109.1.1.1.1.8
# RAM (utilisée)
snmpget -v2c -c admin 10.8.0.1 1.3.6.1.4.1.9.9.48.1.1.1.5.1
# Ventilateurs
snmpget -v2c -c admin 10.8.0.1 1.3.6.1.4.1.9.9.13.1.4.1.3.1004
# Interface (actuellement connectée Fe0/23)
## Description
snmpget -v2c -c admin 10.8.0.1 1.3.6.1.2.1.2.2.1.5.10023
=> 100000000
## Nombre d'octets sortant
snmpget -v2c -c admin 10.8.0.1 1.3.6.1.2.1.2.2.1.5.10023
=> 7228005

Etape 5 : Comparaison SNMP v2 et v3

// TODO

Etape 6 : Installation de Observium

Utilisation ce tutoriel

Ajout du switch

Apercu après rafraichissement

Etape 7 : Rsyslog

Configuration de la VM

Suivre ce tuto

Verification de la version pour savoir quelle procédure utiliser

rsyslog -v
=> Version 8

Ajout dans le fichier /etc/rsyslog.conf

$ModLoad imudp
$UDPServerRun 514

Création du fichier /etc/rsyslog.d/30-observium.conf

#---------------------------------------------------------
# send remote logs to observium

# provides UDP syslog reception
module(load="imudp")

input(type="imudp"
      port="514"
      ruleset="observium")

## provides TCP syslog reception (uncomment if required)
#module(load="imptcp")
#
#input(type="imptcp"
#      port="514"
#      ruleset="observium")

module(load="omprog")

# observium syslog template
template(name="observium"
         type="string"
         string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg:::space-cc%||%programname%\n")

# observium RuleSets
ruleset(name="observium") {
    action(type="omprog"
           binary="/opt/observium/syslog.php"
           template="observium")
    stop
}

#---------------------------------------------------------

Redémarrage de syslog

service rsyslog restart

Ajout de rsyslog dans Observium (/opt/observium/config.php)

$config['enable_syslog']                = 1; // Enable Syslog

Configuration de l’envoi de log sur le switch

Switch#conf t
Switch(config)#logging 10.8.0.2

Configuration du switch

Building configuration...

Current configuration : 4350 bytes
!
! Last configuration change at 06:29:37 UTC Mon Mar 1 1993 by hyperion
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username hyperion secret 5 $1$zr68$TNVsiXoN8ve8AUiVPZ0901
aaa new-model
!
!
aaa authentication login default local
aaa authentication dot1x {default} group radius
aaa authorization exec default local
aaa authorization network {default} group radius
!
!
!
!
!
aaa session-id common
system mtu routing 1500
!
!
ip domain-name grp8.local
!
!
crypto pki trustpoint TP-self-signed-1564473984
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1564473984
 revocation-check none
 rsakeypair TP-self-signed-1564473984
!
!
crypto pki certificate chain TP-self-signed-1564473984
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353634 34373339 3834301E 170D3933 30333031 30303030
  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35363434
  37333938 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100CD05 631B1062 EA792E6F 5854F85A 3B38727A 0EB91CBB 455D5959 33C82E50
  ABD33C20 FF0E79B5 DC259CCE 5F0A9192 1039E8A3 E4402135 9BF377FC 82BED96C
  40DEFF2B C783D006 331ED59F CFAC0451 58A93631 712E386A F7640A22 242381C5
  A740EF93 DAAE8208 1B2DD519 85404AD4 E9271F0E C37262F9 209DEDE7 1176631D
  C7C50203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
  551D1104 0A300882 06537769 74636830 1F060355 1D230418 30168014 738ED561
  F9CC08B6 D69DBF95 9BA84D00 AB31AD81 301D0603 551D0E04 16041473 8ED561F9
  CC08B6D6 9DBF959B A84D00AB 31AD8130 0D06092A 864886F7 0D010104 05000381
  81007D4F 01FA28E9 80E09929 2356ED83 93037497 AEBEE0F7 1B16DEE7 D5435407
  FBCD1584 7093A100 7E000A5F AD9CB08F E9058123 484F203C 53A184C3 908FFFF2
  7B698BFA 4B7668A1 1B0A0436 C51D54E2 C681A3BC 5629F53C E03CF6FE 0C6B68A5
  E765217A 599CCC15 23083C8F 6AA239EB 19822E61 FF7399B1 B729D7FA 1F369957 9CAC
        quit
dot1x system-auth-control
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 10-12
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh version 2
!
!
!
!
!
interface FastEthernet0/1
 switchport trunk allowed vlan 10,11
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/6
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/7
 switchport access vlan 11
 switchport mode access
!
interface FastEthernet0/8
 switchport access vlan 11
 switchport mode access
 authentication port-control auto
 dot1x pae authenticator
!
interface FastEthernet0/9
 switchport access vlan 12
 switchport mode access
!
interface FastEthernet0/10
 switchport access vlan 12
 switchport mode access
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
 switchport access vlan 400
 switchport mode access
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 10.33.10.1 255.255.255.0
!
interface Vlan11
 ip address 10.33.11.1 255.255.255.0
!
interface Vlan12
 ip address 10.33.12.1 255.255.255.0
!
interface Vlan400
 ip address 10.8.0.1 255.255.255.0
!
ip http server
ip http secure-server
logging esm config
logging 10.8.0.2
snmp-server community admin RO
radius-server host 10.33.10.201
radius-server key TP-introSecu
!
!
!
line con 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
end