2004年5月19日

SNMP 服務設定

這篇是個人在 Gentoo Linux 1.4 上設定 snmp 服務的記錄。

安裝 snmp 服務套件

www snmp # emerge -pv net-snmp

These are the packages that I would merge, in order:

Calculating dependencies ...done! [ebuild N ] net-analyzer/net-snmp-5.0.9-r1 -ipv6 +ssl +tcpd 0 kB

Total size of downloads: 0 kB

www snmp # emerge -v net-snmp

透過公用程式 snmpconf 完成 snmpd.conf 設定檔設定作業

www snmp # snmpconf

I can create the following types of configuration files for you. Select the file type you wish to create: (you can create more than one as you run this program)

1: snmpd.conf 2: snmp.conf 3: snmptrapd.conf

Other options: quit

Select File: 1

逐一設定 snmpd.conf 各內容:

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

1: Access Control Setup 2: Trap Destinations 3: Monitor Various Aspects of the Running Host 4: Agent Operating Mode 5: System Information Setup 6: Extending the Agent

Other options: finished

Select section: 5

System Information Setup 內容:

Section: System Information Setup
Description:
  This section defines some of the information reported in
  the "system" mib group in the mibII tree.

Select from:

1: The [typically physical] location of the system. 2: The contact information for the administrator 3: The proper value for the sysServices object.

Other options: finished, list

Select section:

* The [typically physical] location of the system:

請填入系統所在的地理位置作為識別,一般應該會以設備名稱 + 部門、樓層等為識別字串。

Configuring: syslocation
Description:
  The [typically physical] location of the system.
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysLocation.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  location_string

The location of the system: room

* The contact information for the administrator

請填入聯絡人資訊,可以輸入電話或郵件地址等。

Configuring: syscontact
Description:
  The contact information for the administrator
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysContact.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  contact_string

The contact information: Ada Hsu

* The proper value for the sysServices object.

使用 0 (否) 或 1 (是) 回答相關問題,由系統算出 sysServices 的值。

Configuring: sysservices
Description:
  The proper value for the sysServices object.
    arguments:  sysservices_number

does this host offer physical services (eg, like a repeater) [answer 0 or 1]: 0 does this host offer datalink/subnetwork services (eg, like a bridge): 0 does this host offer internet services (eg, supports IP): 1 does this host offer end-to-end services (eg, supports TCP): 1 does this host offer application services (eg, supports SMTP): 1

Finished Output: sysservices 0*1 + 0*2 + 1*4 + 1*8 + 1*64

輸入 finished 後結束 System Information Setup 設定回主選單

Select section: finished

The configuration information which can be put into snmpd.conf is divided into sections. Select a configuration section for snmpd.conf that you wish to create:

1: Access Control Setup 2: Trap Destinations 3: Monitor Various Aspects of the Running Host 4: Agent Operating Mode 5: System Information Setup 6: Extending the Agent

Other options: finished

Select section: 1

進行存取控制設定 Access Control Setup

Section: Access Control Setup
Description:
  This section defines who is allowed to talk to your running
  snmp agent.

Select from:

1: a SNMPv3 read-write user 2: a SNMPv3 read-only user 3: a SNMPv1/SNMPv2c read-only access community name 4: a SNMPv1/SNMPv2c read-write access community name

Other options: finished, list

Select section:

* a SNMPv1/SNMPv2c read-only access community name

這是指定用來讀取 SNMP 訊息用的群組帳號名稱,大部份的 SNMP 代理者多以 public 為其預設的名稱,但建議要另行設定較好。設定完畢後請輸入 finished 回到主選單中。

Configuring: rocommunity
Description:
  a SNMPv1/SNMPv2c read-only access community name
    arguments:  community [default|hostname|network/bits] [oid]

The community name to add read-only access for: snmpmgr The hostname or network address to accept this community name from [RETURN for all]: The OID that this community should be restricted to [RETURN for no-restriction]:

Finished Output: rocommunity snmpmgr

啟動 snmpd 服務

當完成上述設定後即可在主選單中輸入 finished 結束 snmpd.conf 設定作業,最後輸入 quit 離開 snmpconf 設定工具。

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

1: snmpd.conf 2: snmp.conf 3: snmptrapd.conf

Other options: quit

Select File: quit

The following files were created:

snmpd.conf

These files should be moved to /usr/share/snmp/ if you want them used by everyone on the system. In the future, if you add the -i option to the command line I'll copy them there automatically for you.

Or, if you want them for your personal use only, copy them to /root/.snmp . In the future, if you add the -p option to the command line I'll copy them there automatically for you.

上述的說明似乎有點不正確,snmpd.conf 在 Gentoo 中應該要放入 /etc/snmp/ 下,否則 snmpd 是無法正確啟動的。當將 snmpd.conf 複製到 /etc/snmp/ 下後即可啟動 snmpd 服務。

www root # cp snmpd.conf /etc/snmp/
www root # /etc/init.d/snmpd start
 * Starting net-snmpd…                                                  [ ok ]
www root # ps -ef | grep snmp
root     18048     1  0 15:12 ?        00:00:00 /usr/sbin/snmpd -P /var/run/snmpd.pid -a -s -l /dev/null
root     18053 10326  0 15:13 pts/15   00:00:00 grep snmp

使用 snmpwalk 對本機進行訪談,snmpwalk 中要指定在 Access Control Setup 中所設定的帳號名稱,如範例。若 snmpd.conf 設定正確應可看到畫面輸出一長串好幾十頁的訊息。

www root # snmpwalk localhost -c snmpmgr -v 1

若想查看先前在 System Information Setup 所做的設定,可以使用以下方式達成。有關 1.3.6.1.2.1.1 所代表的意義表示為該 SNMP 代理者所記錄的系統資訊,詳細請參閱 SNMP 中有關 OID 的說明。

www root # snmpwalk localhost -c snmpmgr -v 1 1.3.6.1.2.1.1

你可能會發現主機名稱不是完整的領域名稱(FQDN),這可以透過修改 /etc/snmp/snmpd.conf 重新設定,只要加上 sysname 參數即可。但是請注意: 當使用 snmpconf 重新設定 snmpd.conf 內容時,sysname 的設定可能會遺失。

sysname "www.t-times.net"

重啟 snmpd 後重新查詢即可確定設定是否正確。

www root # snmpwalk localhost -c snmpmgr -v 1 1.3.6.1.2.1.1.sysName.0
SNMPv2-MIB::sysName.0 = STRING: "www.t-times.net"

snmp 中提供不少系統的各項資訊,如 1.3.6.1.2.1.2 中記載了系統各種網路界面的資訊,同樣可以使用 snmpwalk 進行查詢。

完成以上動作後,snmpd 即完成設定,最後記得將 snmpd 設定為開機後自動啟動。

www root # rc-update add snmpd default