這篇是個人在 Gentoo Linux 1.4 上設定 snmp 服務的記錄。
安裝 snmp 服務套件
www snmp # emerge -pv net-snmpThese are the packages that I would merge, in order:Calculating dependencies ...done!
[ebuild N ] net-analyzer/net-snmp-5.0.9-r1 -ipv6 +ssl +tcpd 0 kBTotal size of downloads: 0 kBwww snmp # emerge -v net-snmp
透過公用程式 snmpconf 完成 snmpd.conf 設定檔設定作業
www snmp # snmpconfI can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)1: snmpd.conf
2: snmp.conf
3: snmptrapd.confOther options: quitSelect File: 1
逐一設定 snmpd.conf 各內容:
The configuration information which can be put into snmpd.conf is divided
into sections. Select a configuration section for snmpd.conf
that you wish to create:1: Access Control Setup
2: Trap Destinations
3: Monitor Various Aspects of the Running Host
4: Agent Operating Mode
5: System Information Setup
6: Extending the AgentOther options: finishedSelect section: 5
System Information Setup 內容:
Section: System Information Setup
Description:
This section defines some of the information reported in
the "system" mib group in the mibII tree.Select from:1: The [typically physical] location of the system.
2: The contact information for the administrator
3: The proper value for the sysServices object.Other options: finished, listSelect section:
* The [typically physical] location of the system:
請填入系統所在的地理位置作為識別,一般應該會以設備名稱 + 部門、樓層等為識別字串。
Configuring: syslocation
Description:
The [typically physical] location of the system.
Note that setting this value here means that when trying to
perform an snmp SET operation to the sysLocation.0 variable will make
the agent return the "notWritable" error code. IE, including
this token in the snmpd.conf file will disable write access to
the variable.
arguments: location_stringThe location of the system: room* The contact information for the administrator
請填入聯絡人資訊,可以輸入電話或郵件地址等。
Configuring: syscontact
Description:
The contact information for the administrator
Note that setting this value here means that when trying to
perform an snmp SET operation to the sysContact.0 variable will make
the agent return the "notWritable" error code. IE, including
this token in the snmpd.conf file will disable write access to
the variable.
arguments: contact_stringThe contact information: Ada Hsu* The proper value for the sysServices object.
使用 0 (否) 或 1 (是) 回答相關問題,由系統算出 sysServices 的值。
Configuring: sysservices
Description:
The proper value for the sysServices object.
arguments: sysservices_numberdoes this host offer physical services (eg, like a repeater) [answer 0 or 1]: 0
does this host offer datalink/subnetwork services (eg, like a bridge): 0
does this host offer internet services (eg, supports IP): 1
does this host offer end-to-end services (eg, supports TCP): 1
does this host offer application services (eg, supports SMTP): 1Finished Output: sysservices 0*1 + 0*2 + 1*4 + 1*8 + 1*64輸入 finished 後結束 System Information Setup 設定回主選單
Select section: finishedThe configuration information which can be put into snmpd.conf is divided
into sections. Select a configuration section for snmpd.conf
that you wish to create:1: Access Control Setup
2: Trap Destinations
3: Monitor Various Aspects of the Running Host
4: Agent Operating Mode
5: System Information Setup
6: Extending the AgentOther options: finishedSelect section: 1
進行存取控制設定 Access Control Setup
Section: Access Control Setup
Description:
This section defines who is allowed to talk to your running
snmp agent.Select from:1: a SNMPv3 read-write user
2: a SNMPv3 read-only user
3: a SNMPv1/SNMPv2c read-only access community name
4: a SNMPv1/SNMPv2c read-write access community nameOther options: finished, listSelect section:
* a SNMPv1/SNMPv2c read-only access community name
這是指定用來讀取 SNMP 訊息用的群組帳號名稱,大部份的 SNMP 代理者多以 public 為其預設的名稱,但建議要另行設定較好。設定完畢後請輸入 finished 回到主選單中。
Configuring: rocommunity
Description:
a SNMPv1/SNMPv2c read-only access community name
arguments: community [default|hostname|network/bits] [oid]The community name to add read-only access for: snmpmgr
The hostname or network address to accept this community name from [RETURN for all]:
The OID that this community should be restricted to [RETURN for no-restriction]:Finished Output: rocommunity snmpmgr啟動 snmpd 服務
當完成上述設定後即可在主選單中輸入 finished 結束 snmpd.conf 設定作業,最後輸入 quit 離開 snmpconf 設定工具。
I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)1: snmpd.conf
2: snmp.conf
3: snmptrapd.confOther options: quitSelect File: quitThe following files were created:snmpd.confThese files should be moved to /usr/share/snmp/ if you
want them used by everyone on the system. In the future, if you add
the -i option to the command line I'll copy them there automatically for you.Or, if you want them for your personal use only, copy them to
/root/.snmp . In the future, if you add the -p option to the
command line I'll copy them there automatically for you.
上述的說明似乎有點不正確,snmpd.conf 在 Gentoo 中應該要放入 /etc/snmp/ 下,否則 snmpd 是無法正確啟動的。當將 snmpd.conf 複製到 /etc/snmp/ 下後即可啟動 snmpd 服務。
www root # cp snmpd.conf /etc/snmp/
www root # /etc/init.d/snmpd start
* Starting net-snmpd… [ ok ]
www root # ps -ef | grep snmp
root 18048 1 0 15:12 ? 00:00:00 /usr/sbin/snmpd -P /var/run/snmpd.pid -a -s -l /dev/null
root 18053 10326 0 15:13 pts/15 00:00:00 grep snmp
使用 snmpwalk 對本機進行訪談,snmpwalk 中要指定在 Access Control Setup 中所設定的帳號名稱,如範例。若 snmpd.conf 設定正確應可看到畫面輸出一長串好幾十頁的訊息。
www root # snmpwalk localhost -c snmpmgr -v 1
若想查看先前在 System Information Setup 所做的設定,可以使用以下方式達成。有關 1.3.6.1.2.1.1 所代表的意義表示為該 SNMP 代理者所記錄的系統資訊,詳細請參閱 SNMP 中有關 OID 的說明。
www root # snmpwalk localhost -c snmpmgr -v 1 1.3.6.1.2.1.1
你可能會發現主機名稱不是完整的領域名稱(FQDN),這可以透過修改 /etc/snmp/snmpd.conf 重新設定,只要加上 sysname 參數即可。但是請注意:
當使用 snmpconf 重新設定 snmpd.conf 內容時,sysname 的設定可能會遺失。sysname "www.t-times.net"
重啟 snmpd 後重新查詢即可確定設定是否正確。
www root # snmpwalk localhost -c snmpmgr -v 1 1.3.6.1.2.1.1.sysName.0
SNMPv2-MIB::sysName.0 = STRING: "www.t-times.net"
snmp 中提供不少系統的各項資訊,如 1.3.6.1.2.1.2 中記載了系統各種網路界面的資訊,同樣可以使用 snmpwalk 進行查詢。
完成以上動作後,snmpd 即完成設定,最後記得將 snmpd 設定為開機後自動啟動。
www root # rc-update add snmpd default
沒有留言:
張貼留言