Shulou(Shulou.com)06/02 Report--

1. Configure Huawei Firewall snmp

two。 Install and use snmpwalk tool to test whether you can use snmp to connect to Huawei firewall.

Yum install-y net-snmp net-snmp-utils # install the snmpwalk tool

Snmpwalk-v 3-u yang-a sha-A yang12345@-x AES-X yang12345@@-l authPriv 192.168.0.8 1.3.6.1.4.1.2011.5.25.31.1.1.1.1.7

# Test to obtain firewall memory utilization because Huawei's firewall can only use v3 protocol, so it can only be read in v3 format.

Only 67108873 show the correct value, so we conclude that "1.3.6.1.4.1.2011.5.25.31.1.1.1.1.7.67108873" is the correct OID.

Introduction to the use of snmpwalk

Snmpwalk has a lot of parameters, but the only parameters we use are-v and-c. As follows:

-h: displays help.

-v: specify the version of snmp, 1 or 2c or 3.

-c: specify the SNMP password of the connecting device.

-V: displays the current snmpwalk command line version.

-r: specify the number of retries. The default is 0.

-t: specifies the wait timeout for each request, only in seconds, and defaults to 3 seconds.

-l: specify the security level: noAuthNoPriv | authNoPriv | authPriv.

-a: verification protocol: MD5 | SHA. Required only if-l is specified as authNoPriv or authPriv.

-A: validate the string. Required only if-l is specified as authNoPriv or authPriv.

-x: encryption protocol: DES | AES,. Required only if-l is specified as authPriv.

-X: encrypted string. Required only if-l is specified as authPriv.

3. Configure zabbix monitoring items

Http://support.huawei.com/onlinetoolweb/infoM/index.do?lang=zh&domain=1

# this is where Huawei official documents query OID and key values

4. Monitor egress IN and OUT traffic

Let's see which interface my exit is.

I'm going to monitor GE1/0/0.

After using this command to get all the parameters of the firewall, this command will output all parameters without OID

Snmpwalk-v 3-u yang-a sha-A yang12345@-x AES-X yang12345@@-l authPriv 192.168.0.8

Find that GE1/0/0 corresponds to the ID of 7, and then find this ID number to take a seat.

Find the ifInOctets.7 field, followed by the inflow traffic

Then use the command snmpwalk to test and get OID.

"IF-MIB::ifInOctets.7" # OID inflow

"IF-MIB::ifOutOctets.7" # OID outflow

Configure zabbix monitoring items

Check Huawei's documents.

Http://support.huawei.com/onlinetoolweb/infoM/index.do?lang=zh&domain=1

Add one more outlet outflow

Final effect picture

Since I have a double exit, the traffic is a little strange.

The OID used in this experiment

Memory

1.3.6.1.4.1.2011.5.25.31.1.1.1.1.7.67108873

CPU

1.3.6.1.4.1.2011.5.25.31.1.1.1.1.5.67108873

In-oriented traffic on port 8

IF-MIB::ifInOctets.8

Port 8 out direction traffic

IF-MIB::ifOutOctets.8

IPv4 concurrent connection

1.3.6.1.4.1.2011.6.122.69.1.1.2

Need to convert

Enterprises.2011.6.122.69.1.1.2.0

Sometimes snmpwalk can get the value normally, but zabbix can not, so you can copy the OID output of the snmpwalk tool.

Note that the snmp protocol only requires an OID connection, and the key value is customized at will.

Expansion

Because I have two exits, it is difficult to calculate the total traffic. I am going to use a script custom key to monitor the total traffic.

Script content

If [$1 = = 'in'] Thenin50= `snmpwalk-v 3-u yang-a sha-A yang12345@-x AES-X yang12345@@-l authPriv 192.168.0.8 IF-MIB::ifInOctets.8 | awk-F "'{print $4} '`in200= `snmpwalk-v 3-u yang-a sha-x AES-X yang12345@@-l authPriv 192.168.0.8 IF-MIB::ifInOctets.7 | awk-F"''{print $4} '`inz=$ [$in50+$in200] inz=$ [inz / 1024] echo "$inz" [$1 = "out"] Thenout50= `snmpwalk-v 3-u yang-a sha-A yang12345@-x AES-X yang12345@@-l authPriv 192.168.0.8 IF-MIB::ifOutOctets.8 | awk-F "'{print $4} '`out200= `snmpwalk-v 3-u yang-a sha-x AES-X yang12345@@-l authPriv 192.168.0.8 IF-MIB::ifOutOctets.7 | awk-F"' {print $4} '`outz=$ [$out50+$out200] outz=$ [1024] echo "$outz" elseecho "input error fi

Vim / etc/zabbix/zabbix_agentd.d/hw.conf # create a new .conf configuration file in this directory.

UserParameter=echo [*], echo "$1" UserParameter=hw [*], bash / etc/zabbix/zabbix_agentd.d/hw.sh "$1"

Restart the agent side test

The successful test shows that hw [in] hw [out] are the key values we need.

Note that the script runs on the zabbix server side, so we set up a monitoring item on the server side

Create a graphic

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.