监控不明的 MAC 地址

<注意> 此范例仅供说明之用,本公司不提供技术支持。Ipswitch 为内容对象、SNMP API 和脚本环璄提供技术支持服务,但不对 JScript、VBScript,或活动脚本监控工具或操作的开发及侦错提供支持服务。如需此范例或自行编写脚本方面的协助,请造访 WhatsUp Gold 用户社群论坛

此主动监控工具会轮询通过 SNMP 管理的交换机与网桥 MIB,以观察网络中的 MAC 地址。在脚本范例中,您要配置可连接网络的 MAC 地址列表。若找到的设备不符合列表中的指定地址,监控任务就会失败。

// Modify the list below.It defines a list of allowed mac addresses with mapping to switch interface
// on the network.
// This script will poll a managed switch using SNMP and the bridge MIB to detect MAC addresses present
// on your network that should not be and to detect misplaced machines (connected to the wrong port).
//
// The MAC addresses should be typed lowercase with no padding using ':'between each bytes
// for instance "0:1:32:4c:ef:9" and not "00:01:32:4C:EF:09"
//
var arrAllowedMacToPortMapping = new ActiveXObject("Scripting.Dictionary");
arrAllowedMacToPortMapping.add("0:3:ff:3b:df:1f", 17);
arrAllowedMacToPortMapping.add("0:3:ff:72:5c:bf", 77);
arrAllowedMacToPortMapping.add("0:3:ff:e2:e5:76", 73);
arrAllowedMacToPortMapping.add("0:11:24:8e:e0:a5", 63);
arrAllowedMacToPortMapping.add("0:1c:23:ae:b0:4c", 48);
arrAllowedMacToPortMapping.add("0:1d:60:96:e5:58", 73);
arrAllowedMacToPortMapping.add("0:e0:db:8:aa:a3", 73);

var ERR_NOERROR = 0;
var ERR_NOTALLOWED = 1;
var ERR_MISPLACED = 2;
function CheckMacAddress(sMacAddress, nPort)
{
sMacAddress = sMacAddress.toLowerCase();

if (!arrAllowedMacToPortMapping.Exists(sMacAddress))
{
return ERR_NOTALLOWED;
}

var nAllowedPort = arrAllowedMacToPortMapping.Item(sMacAddress);
if (nAllowedPort != nPort)
{
return ERR_MISPLACED;
}
return ERR_NOERROR;
}

var oSnmpRqst = new ActiveXObject("CoreAsp.SnmpRqst");

var oComResult = oSnmpRqst.Initialize(Context.GetProperty("DeviceID"));

if (oComResult.Failed)
{
Context.SetResult(1, oComResult.GetErrorMsg);
}
else
{
var DOT1DTOFDBPORT_OID = "1.3.6.1.2.1.17.4.3.1.2";
var DOT1DTOFDBADDRESS_OID = "1.3.6.1.2.1.17.4.3.1.1";
var sOid = DOT1DTOFDBPORT_OID
var bStatus = true;
var arrMisplacedAddresses = new Array();
var arrNotAllowedAddresses = new Array();
var i=0;
while (i++<1000)
{
oComResult = oSnmpRqst.GetNext(sOid);
if (oComResult.Failed)
{
break;
}
sOid = oComResult.GetOID;
if (sOid.indexOf(DOT1DTOFDBPORT_OID) == -1)
{
// we are done walking
break;
}
var nPort = oComResult.GetPayload;

// the last 6 elements of the OID are the MAC address in OId format
var sInstance = sOid.substr(DOT1DTOFDBPORT_OID.length+1, sOid.length);

// get it in hex format...
oComResult = oSnmpRqst.Get(DOT1DTOFDBADDRESS_OID + "."+ sInstance);
if (oComResult.Failed)
{
continue;
}
var sMAC = oComResult.GetValue;

var nError = CheckMacAddress(sMAC, nPort);

switch (nError)
{
case ERR_NOTALLOWED:
arrNotAllowedAddresses.push(sMAC + "(" + nPort + ")");
break;
case ERR_MISPLACED:
arrMisplacedAddresses.push(sMAC + "(" + nPort + ")");
break;
case ERR_NOERROR:
default:
// no problem
}
}

//Write the status
Context.LogMessage("Found " + i + " MAC addresses on your network.");
if (arrMisplacedAddresses.length > 0)
{
Context.LogMessage("Warning:Found " + arrMisplacedAddresses.length + " misplaced addresses:" + arrMisplacedAddresses.toString());
}
if (arrNotAllowedAddresses.length > 0)
{
Context.SetResult(1, "ERROR:Found " + arrNotAllowedAddresses.length + " unknown MAC addresses on your network:" + arrNotAllowedAddresses.toString());
}
else
{
Context.SetResult(0, "SUCCESS.No anomaly detected on the network");
}
}

另请参阅

活动脚本主动监控工具范例

监控打印机墨水存量与利用率

在温度超过或低于范围时发出警报

判断无效的用户账号活动

网络接口的监控工具带宽利用率

监控在非标准端口上执行的 SNMP 代理程序