Syslog SNMP Netflow Explaining [PDF]

Zitiervorschau

Networking Technologies:1-understanding customer requirements 2- Preparing and configuring the desired topology 3-following & monitoring our project < after sale service >

Customer to provider relationship:Previously < active / reactive > Today < proactive >

SNMP :Short for Simple Network Management Protocol , is an application-layer protocol , for exchanging management information between network devices , with RFC 1157 & it was created on 1988 & it was a development state of another protocol < Simple Gateway Management Protocol … SGMP …. 1987 >

SNMP basic components and their functionalities:1-SNMP Manager:Administrative computer have the task of monitoring or managing a group of hosts or devices on a computer network 2-NMS (network management station):Software which runs on the manager 3-managed device :Host or device that we want to monitor or manage 4-SNMP agent :-

Software which runs on the agent causing overload on a CPU of a managed device 5- MIB (Management information base):Every SNMP agent maintains an information database describing the managed device parameters. The SNMP manager uses this database to request the agent for specific information. This commonly shared database between the Agent and the Manager is called Management information base (MIB)

Basic Commands of SNMP:1-Get message:Is a request sent by the manager to the managed device. It is performed to retrieve one or more values from the managed device (Manager –to- Agent message) 2-Get Response:It is the command used to carry back the value(s) or signal of actions requested by the snmp manager. Sent on port 161 (Agent –to- Manager message)

3-Get Next Request:Is a request sent by the manager to the managed device. It is performed to retrieve more specific values from the managed device about some controlled nodes sent on port 161 (Manager –to- Agent message)

4-Set message:This operation is used by the managers to modify or assign the value of the Managed device sent on port 161 (Manager –to- Agent message)

5-Trap message:This message forwarded from the Agent to the Manager to inform about change in controlled node (port up/down) sent on port 162 (Agent –toManager Message)

6-Get Bulk:Is the same as get-next message but get-next is SNMP v1 message replaced by Get bulk message in SNMP v2 ( Manager –to- Agent message ) 7-Inform:Is the same as Trap message but Trap is SNMP v1 message replaced by Inform message in SNMP v2 ( Agent –to- Manager message )

SNMP VERSIONS :SNMP V1:Oldest version. Easy to set up, poor in security SNMP V2 :So close to SNMP V1 the main difference between V1 and V2 is that SNMP V2 added a few more packet types like the Get Bulk which enable you to request a large number of Get Next in one packet . SNMP V2 uses form message instead of trap message SNMP V2 uses community string method in security (poor) SNMP V3:Adds security. SNMP version 3 adds Message Integrity. Encryption and authentication uses HMAC-MD5 or HMAC-SHA, which can be used together or separately. Setup is more complex

Syslog :Syslog is away for network devices to send event messages to a logging server – usually known as a Syslog sever –

-by default Syslog messages shown on time while taking configuration action . -if we want to store these message in RAM for later check we fetch the following command R1(config)# loggin buffered buffer size in kbyte And to view these message we fetch this command R1#show loggin -if we want to collect these Syslog messages and save in remote sever ((SYSLOG SERVER )) we must identify this server & identify the severity (TRAP) level through the following commands R1(config)#logging syslog server ip R1(config)#logging trap trap level *syslog may be software on pc such as kiwi syslog server program*

NETFLOW :Netflow is a network protocol developed by cisco for the collection and monitoring of network traffic flow data generated by Netflow-enabled routers and switches, used to analyze network traffic flow and volume to determine where traffic is coming from, where it is going to, and how much traffic is being generated. So it is not just used monitoring the network (determine each protocol reserved & used BW and so identify source of network congestion) but also in network security by monitoring panned IPS behavior …. And in network accounting & billing.

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes . This attributes are the IP packet identity or fingerprint of the packet and determine ih the packet is unique or similar to other packets. Traditionally, an IP flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by Netflow:-

. IP source address . IP destination address . Source port . Destination port . Layer 3 protocol . Class of service . Ingress router or switch Interface

.

Flexible Netflow:-

Flexible Netflow improves on original NetFlow by adding the capability to customize the traffic analysis parameters for your specific requirements. Flexible Netflow facilitates the creation of more complex configuration for traffic analysis and for specific purposes such as quality of service (Qos) and bandwidth monitoring, and security analysis, Flexible Netflow emulation of original Netflow requires the configuration of a flow monitor and the application of the flow monitor to at least one interface that is receiving the traffic that you want to analyze for example tracking IPV4 & IPV6 traffics.