Rrdtool – Perl Module • Net::Snmptrapd(Install It from CPAN by Root) • Netsnmp::Agent(Embedded on Net-Snmp) Requirement – SNMP Agent

Homework 5

DNS、HTTPD、SNMP Requirements

 One dedicated domain name for yourself  Setup DNS server with following records  SOA, NS, MX  Make them reasonable  NS Delegation (with team mates)  Dedicate a sub domain to each of your team mates  Building a slave server for your team mate  And a stub server for another team mate  Updates should be synchronized  Reverse resolution for your NAT  192.168.x.0/24 for each of team mates Requirements (Cont.)

slave a.nctucs.net 140.113.a.a stub 192.168.0.1/24

b.nctucs.net c.nctucs.net 140.113.b.b 140.113.c.c 192.168.0.2/24 192.168.0.3/24 Requirements (Cont.)

 View  Create view.example.csie.net A record:

 Queries from 192.168.0.0/24:  view.example.csie.net A 192.168.0.1  Otherwise, get your normal ip  Logging  Record all records to /var/log/named.log  Do log rotate  Note: you will be asked for explaining the what does the log entry means in named.log Requirements (Cont.)

 SPF/DomainKeys record for your server  Add resonable SPF/DomainKeys records  Configure your mail system to support these feature  SSHFP record for your server  Make a reasonable setting Requirements (Cont.)

 Dynamic DNS update  Your DNS should accept the update requests from 140.113.17.225 and your team mates  You should know how to update a dns record  Management  Your DNS server should support TSIG and allow the connection from 140.113.17.225  Your DNS server should only allow the AXFR request from 140.113.17.225  Only allow recursion query from your team mates and 140.113.17.225 Appendix

 Use ldap as backend database dns/bind9-sdb-ldap http://www.openldap.org/ http://bind9-ldap.bayour.com/  SPF setup wizard http://old.openspf.org/wizard.html  DKIMproxy http://dkimproxy.sourceforge.net HTTPD Requirements

 HTTPD apache, lighttpd, nginx, etc.. PHP with fastcgi HTTPS Virtual Hosts Reverse Proxy SNMP Requirement – Tools

• Goal – Implement simple SNMP agent and SNMP trapd for system resource monitoring • Prerequisites – SNMP Software • net-mgmt/net-snmp – Graphing tool • databases/rrdtool – Perl module • Net::SNMPTrapd(install it from CPAN by root) • NetSNMP::agent(embedded on Net-snmp) Requirement – SNMP Agent

 Functions of SNMP agent get set getnext(bonus) Auto trigger the trap if resource limit exceeded (every 30s)  To get system resources CPU/Memory/Disk usage Network flow(incoming/outgoing) Any resources you want(bonus) Requirement – SNMP Trapd

 SNMP trapd When server receives SNMP trap from client, then sends a mail to manager SNMP agent: SNMP trapd:

agent agent

SNMP SNMP collecter trapd

agent agent Requirement – Front End

 Graphing Multiple items with one graph Introduction to RRDtool

 RRDtool was written by Tobi Oetiker, the author of MRTG  Round Robin Database(RRD)  Command line based  Bindings exist for Perl, Python, Ruby, Tcl, PHP and Lua RRDtool – QuickStart

 Part of functions(man rrdtool) • Flow Create  create RRD file  Set up a new Round Robin Database (RRD).  update Fetch data  Store new data values into an RRD  graph  Create a graph from data stored in one or several update RRDs  dump  Dump the contents of an RRD in plain ASCII graphing Define Data Sources (Inputs)

 DS:cpu:COUNTER:600:0:100000000 DS = Data Source cpu = variable name COUNTER, GAUGE = variable type 600 = heartbeat, UNKNOWN returned for interval 0:100000000 = MIN:MAX, limits on variable Define Archives (Outputs)‏

 RRA:AVERAGE:0.5:1:24 RRA = Round Robin Archive AVERAGE, MIN, MAX, LAST = consolidation function 0.5 = xfiles factor 1:24 = this RRA keeps each sample (average over one 5 minute primary sample), 24 times (which is 2 hours worth)‏

Ps. All depends on step size which defaults to 5 minutes RRDtool – Create and Update // create.sh #!/bin/sh rrdtool create cpu.rrd -s 300 \ DS:rs:GAUGE:600:0:10000000 \ RRA:AVERAGE:0.5:1:603 \ RRA:AVERAGE:0.5:6:603 \ RRA:AVERAGE:0.5:24:603 \ RRA:AVERAGE:0.5:288:800 \ RRA:MAX:0.5:1:603 \ RRA:MAX:0.5:6:603 \ RRA:MAX:0.5:24:603 \ RRA:MAX:0.5:288:800

// update.sh data1=`hexdump -n4 -e\"%u\" /dev/random` data1c=`expr $data1 % 100` ${RRD_CMD} update ${CPU_RRD} ${NOW}:${data1c} RRDtool – Graph // update.sh for t in H d w m y do ${RRD_CMD} graph ${IMAGE_PATH}/rs-${t}.png \ --title "NA rrdtool example " \ DEF:rs=${CPU_RRD}:rs:AVERAGE \ COMMENT:"------\n" \ LINE1:rs#0055ff:"item1" \ GPRINT:rs:AVERAGE:"%6.0lf \n" \ -v "left (%%%%)" -l 0\ -Y -X b -h 250 -w 500 -s `date -v -1${t} +%s` done Appendix

• Using CPAN with a non-root account – http://sial.org/howto/perl/life-with-cpan/non-root • How to use rrdtool? – http://oss.oetiker.ch/rrdtool/ – rrdtool 中文教學 • http://www.study-area.org/tips/rrdtool/rrdtool.html • How to know OID is for? • MIB browser • Installation notes of NetSNMP – Configuration options • [X] PERL Install additional perl modules • [X] PERL_EMBEDDED Build embedded perl – Simply configure your /usr/local/share/snmp/snmpd.conf