snmp
*~firechoi*
Linux SNMPD ¼³Ä¡ ¶* ¹æâÇö (winchild@sds.co.kr) / (ÁÖ)»ïÁ¤µ¥ÀÌÅͼºñ½º ¿¬±¸¼Ò*
* ÃÖ¼¼¿µ (firechoi@sds.co.kr) / (ÁÖ)»ïÁ¤µ¥ÀÌÅͼºñ½º ¿¬±¸¼Ò*
*ÃÖÁ¾¼öÁ¤ÀÏÀÚ:* 2007³â 2¿ù 1ÀÏ 15½Ã57ºÐ
¸ñÂ÷
Contents
1.1. ¼Ò°³ ¶SNMP ÇÁ·ÎÅäÄÝÀ» ÀÌ¿ëÇÏ¿©, ¿ÜºÎ·Î ½Ã½ºÅÛÀÇ »óŸ¦ Àü¼ÛÇÒ¼ö ÀÖ°Ô ÇØÁÖ´Â µ¥¸óÀ¸·Î¼ http://net-snmp.sourceforge.net ¿¡¼ ÀÔ¼öÇÒ ¼ö ÀÖ´Ù.
1.2. ¼³Ä¡ ¶º¸Åë ¼³Ä¡½Ã¿¡ SNMP ÆÐÅ°Áö¸¦ ¼³Ä¡Çϵµ·Ï ¼±ÅÃÇÔÀ¸·Î ¼³Ä¡. ¾Æ´Ï¸é RPM À¸·Î ÃßÈÄ ¼³Ä¡ "--enable-mfd-rewrites" ¿É¼ÇÀº GIGA bit ÀÌ´õ³ÝÀ» Áö¿øÇϱâ À§ÇÑ ¿É¼ÇÀÌ´Ù.
# configure --enable-mfd-rewrites # make; # make install 1.3. ¼³Á¤ ¶/etc/snmp/snmpd.conf ÆÄÀÏÀ» ÆíÁýÇϴµ¥ º¸Åë net-snmp ¼³Ä¡½Ã¿¡ Æ÷ÇԵǾî ÀÖ´Â EXAMPLE.conf ÆÄÀÏÀ» ÀÌ¿ëÇÑ´Ù. net-snmp ¼³Ä¡ÇÑ µð·ºÅ丮´Â ´Ù¸¦¼ö ÀÖ´Ù.
# cp /home/pkg-install/net-snmp-5.1.4.pre1/EXAMPLE.conf snmpd.conf ÆÄÀÏÀ» ¿¾î¼ Á¢±Ù±ÇÇÑÀ» ¿¾îÁØ´Ù.
#com2sec local localhost COMMUNITY #com2sec mynetwork NETWORK/24 COMMUNITY ÀÌ°ÍÁß¿¡¼ local Àº ·ÎÄà ȣ½ºÆ®¿¡¼ Á¢±ÙÇÒ¶§ ¿¾îÁÖ´Â ±ÇÇÑÀÌ´Ù.
¾Æ·¡ÀÇ °ÍÀº ¿ÜºÎ ³×Æ®¿÷¿¡¼ Á¢±Ù±ÇÇÑÀ» ¼³Á¤ÇÏ´Â °ÍÀÌ´Ù. ¾Õ¿¡ '#" À¸·Î Ä¿¸àÆ®·Î ¸·Çô ÀÖ´Â »óÅÂÀÌ´Ù. ³×Æ®¿÷À¸·Î ÀÔ·ÂÇϴ°ÍÀº Á¢±ÙÇϴ ȣ½ºÆ®ÀÇ ÁÖ¼Ò³ª IP ´ë¿ªÀ» ³Ö´Â´Ù.
com2sec local localhost public com2sec direct.co.kr xxx.xxx.xxx.0/24 public ·ÎÄðú ³×Æ®¿÷À¸·Î SNMP ¸¦ 긇¾î°¥¼ö ÀÖµµ·Ï ¿¾îÁÖ¸é¼ Ä¿¹Â´ÏƼ¸íÀº "public" À¸·Î ¼³Á¤Çß´Ù.
syslocation Right here, right now. syscontact Me <me@somewhere.org> ½Ã½ºÅÛÀÇ À§Ä¡¿Í °ü¸®ÀÚ Á¤º¸¸¦ ³Ö¾îÁØ´Ù.
syslocation Samjung Data Service, Seoul Korea. syscontact ChangHyun-Bang <winchild@sds.co.kr> 1.4. Å×½ºÆ® ¶snmpwalk ·Î µ¥ÀÌÅ͸¦ °¡Á®¿À´ÂÁö È®ÀÎÇÑ´Ù.
# snmpwalk -c public -v 2c localhost|more SNMPv2-MIB::sysDescr.0 = STRING: Linux nms.direct.co.kr 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 SNMPv2-MIB::sysUpTime.0 = Timeticks: (65263) 0:10:52.63 SNMPv2-MIB::sysContact.0 = STRING: ChangHyun-Bang <winchild@sds.co.kr> SNMPv2-MIB::sysName.0 = STRING: nms.direct.co.kr SNMPv2-MIB::sysLocation.0 = STRING: Samjung Data Service, Seoul Korea. SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP. SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB. SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching. SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model . SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.5 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.6 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.9 = Timeticks: (1) 0:00:00.01 IF-MIB::ifNumber.0 = INTEGER: 4 IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: sit0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) .... SNMPv2-SMI::mib-2.55.1.5.1.9.1 = INTEGER: 1 SNMPv2-SMI::mib-2.55.1.5.1.9.2 = INTEGER: 1 SNMPv2-SMI::mib-2.55.1.5.1.10.1 = INTEGER: 1 SNMPv2-SMI::mib-2.55.1.5.1.10.2 = INTEGER: 1 1.5. iptables ¿¾îÁֱ⠶/etc/sysconfig/iptables ÆÄÀÏÀÇ ¸Ç³¡ÀÇ
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT ÀÇ ¾Õ¿¡ SNMP ·Î Á¢±ÙÇÒ ½Ã½ºÅÛÀÇ SNMP Æ÷Æ®¸¦ ¿¾îÁÖ´Â Á¤º¸¸¦ Ãß°¡ÇÑ´Ù.
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp -s 211.239.157.113/32 --dport 161 -j ACCEPT iptables Àç±âµ¿
# /etc/rc.d/init.d/iptables restart Flushing firewall rules: [service: OK ] Setting chains to policy ACCEPT: filter [service: OK ] Unloading iptables modules: [service: OK ] Applying iptables firewall rules: [service: OK ] # 1.6. µð½ºÅ©ÆÄƼ¼Ç Á¤º¸ Ãß°¡ ¶¸ð´ÏÅ͸µÇÒ µð½ºÅ©ÀÇ ÆÄƼ¼Ç Á¤º¸¸¦ Ãß°¡ÇÑ´Ù. ÀÏ´Ü df ·Î ¸ð´ÏÅ͸µ ÇÒ ÆÄƼ¼Ç Á¤º¸¸¦ ¾Ë¾ÆµÐ´Ù.
# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda8 4127076 145540 3771892 4% / /dev/sda2 20161204 77888 19059176 1% /backup /dev/sda1 256666 15856 227558 7% /boot /dev/sda7 8064272 50832 7603788 1% /data none 517220 0 517220 0% /dev/shm /dev/sda3 18145120 295076 16928316 2% /home /dev/sda10 256666 10293 233121 5% /tmp /dev/sda5 9068616 1486256 7121700 18% /usr /dev/sda6 8277844 104896 7752452 2% /var /etc/snmp/snmpd.conf ÆÄÀÏÀ» ¿°í disk Á¤º¸¸¦ Ãß°¡ÇÑ´Ù.
disk / 10000 disk /backup 10000 disk /boot 10000 disk /home 10000 disk /tmp 10000 disk /usr 10000 disk /var 10000 /dev/shm Àº °øÀ¯¸Þ¸ð¸® ºÎºÐÀ̹ǷΠ¸ð´ÏÅ͸µ ÇÒ ÇÊ¿ä ¾ø´Ù.
ÀÌ Áß¿¡¼µµ ÇÊ¿äÇÏÁö ¾ÊÀº°ÍÀº ³ÖÁö ¾Ê¾Æµµ µÈ´Ù. Àμö´Â / °¡ Æ÷ÇÔµÈ ºÎºÐÀÌ ÆÄƼ¼ÇÀÌ°í 10000 Àº ´ÜÀ§¸¦ À̾߱â ÇÑ´Ù. ÃÖ¼Ò 10 ¸Þ°¡ ´ÜÀ§·Î snmp ¸®Æ÷Æ®¸¦ »ý¼ºÇÑ´Ù.
¼öÁ¤ÇßÀ¸¸é snmpd ¸¦ Àç±âµ¿ ½ÃŲ´Ù.
# ./snmpd restart snmpd ¸¦ Á¤ÁöÇÔ: [service: È®ÀÎ ] snmpd (À»)¸¦ ½ÃÀÛÇÕ´Ï´Ù: [service: È®ÀÎ ] # ±×¸®°í ¸®ºÎÆà ÇÏ´õ¶óµµ snmpd °¡ ±¸µ¿µÇµµ·Ï daemon À» µî·ÏÇÑ´Ù.
# cd /etc/rc.d/init.d # /sbin/chkconfig --level 345 snmpd on # 1.7. snmpd.conf ¿¹Á¦ÆÄÀÏ ¶*(ÁÖ) com2sec ´Â ²À ¼öÁ¤ÇØ¾ß ÇÑ´Ù.*
############################################################################### # # EXAMPLE.conf: # An example configuration file for configuring the ucd-snmp snmpd agent. # ############################################################################### # # This file is intended to only be an example. If, however, you want # to use it, it should be placed in /usr/local/etc/snmp/snmpd.conf. # When the snmpd agent starts up, this is where it will look for it. # # You might be interested in generating your own snmpd.conf file using # the "snmpconf" program (perl script) instead. It's a nice menu # based interface to writing well commented configuration files. Try it! # # Note: This file is automatically generated from EXAMPLE.conf.def. # Do NOT read the EXAMPLE.conf.def file! Instead, after you have run # configure & make, and then make sure you read the EXAMPLE.conf file # instead, as it will tailor itself to your configuration. # All lines beginning with a '#' are comments and are intended for you # to read. All other lines are configuration commands for the agent. # # PLEASE: read the snmpd.conf(5) manual page as well! # ############################################################################### # Access Control ############################################################################### # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY # KNOWN AT YOUR SITE. YOU*MUST* CHANGE THE NETWORK TOKEN BELOW TO # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. # By far, the most common question I get about the agent is "why won't # it work?", when really it should be "how do I configure the agent to # allow me to access it?" # # By default, the agent responds to the "public" community for read # only access, if run out of the box without any configuration file in # place. The following examples show you other ways of configuring # the agent so that you can change the community names, and give # yourself write access as well. # # The following lines change the access permissions of the agent so # that the COMMUNITY string provides read-only access to your entire # NETWORK (EG: 10.10.10.0/24), and read/write access to only the # localhost (127.0.0.1, not its real ipaddress). # # For more information, read the FAQ as well as the snmpd.conf(5) # manual page. #### # First, map the community name (COMMUNITY) into a security name # (local and mynetwork, depending on where the request is coming # from): # sec.name source community com2sec local localhost public #com2sec mynetwork NETWORK/24 COMMUNITY #### # Second, map the security names into group names: # sec.model sec.name group MyRWGroup v1 local group MyRWGroup v2c local group MyRWGroup usm local group MyROGroup v1 mynetwork group MyROGroup v2c mynetwork group MyROGroup usm mynetwork #### # Third, create a view for us to let the groups have rights to: # incl/excl subtree mask view all included .1 80 #### # Finally, grant the 2 groups access to the 1 view with different # write permissions: # context sec.model sec.level match read write notif access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all none # ----------------------------------------------------------------------------- ############################################################################### # System contact information # # It is also possible to set the sysContact and sysLocation system # variables through the snmpd.conf file. **PLEASE NOTE** that setting # the value of these objects here makes these objects READ-ONLY # (regardless of any access control settings). Any attempt to set the # value of an object whose value is given here will fail with an error # status of notWritable. syslocation Samjung Data Service, Seoul Korea. syscontact ChangHyun-Bang <winchild@sds.co.kr> # Example output of snmpwalk: # % snmpwalk -v 1 -c public localhost system # system.sysDescr.0 = "SunOS name sun4c" # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 # system.sysContact.0 = "Me <me@somewhere.org>" # system.sysName.0 = "name" # system.sysLocation.0 = "Right here, right now." # system.sysServices.0 = 72 # ----------------------------------------------------------------------------- ############################################################################### # Process checks. # # The following are examples of how to use the agent to check for # processes running on the host. The syntax looks something like: # # proc NAME [service:MAX=0] [service:MIN=0] # # NAME: the name of the process to check for. It must match # exactly (ie, http will not find httpd processes). # MAX: the maximum number allowed to be running. Defaults to 0. # MIN: the minimum number to be running. Defaults to 0. # # Examples: # # Make sure mountd is running proc mountd # Make sure there are no more than 4 ntalkds running, but 0 is ok too. proc ntalkd 4 # Make sure at least one sendmail, but less than or equal to 10 are running. proc sendmail 10 1 # A snmpwalk of the prTable would look something like this: # # % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2 # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 # # Note that the errorFlag for mountd is set to 1 because one is not # running (in this case an rpc.mountd is, but thats not good enough), # and the ErrMessage tells you what's wrong. The configuration # imposed in the snmpd.conf file is also shown. # # Special Case: When the min and max numbers are both 0, it assumes # you want a max of infinity and a min of 1. # # ----------------------------------------------------------------------------- ############################################################################### # Executables/scripts # # # You can also have programs run by the agent that return a single # line of output and an exit code. Here are two examples. # # exec NAME PROGRAM [service:ARGS ...] # # NAME: A generic name. # PROGRAM: The program to run. Include the path! # ARGS: optional arguments to be passed to the program # a simple hello world exec echotest /bin/echo hello world # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # #exec shelltest /bin/sh /tmp/shtest # Then, # % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8 # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 # Note that the second line of the /tmp/shtest shell script is cut # off. Also note that the exit status of 35 was returned. # ----------------------------------------------------------------------------- ############################################################################### # disk checks # # The agent can check the amount of available disk space, and make # sure it is above a set limit. # disk PATH [service:MIN=DEFDISKMINIMUMSPACE] # # PATH: mount path to the disk in question. # MIN: Disks with space below this value will have the Mib's errorFlag set. # Default value = DEFDISKMINIMUMSPACE. # Check the / partition and make sure it contains at least 10 megs. disk / 10000 # % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9 # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" # ----------------------------------------------------------------------------- ############################################################################### # load average checks # # load [service:1MAX=DEFMAXLOADAVE] [service:5MAX=DEFMAXLOADAVE] [service:15MAX=DEFMAXLOADAVE] # # 1MAX: If the 1 minute load average is above this limit at query # time, the errorFlag will be set. # 5MAX: Similar, but for 5 min average. # 15MAX: Similar, but for 15 min average. # Check for loads: load 12 14 14 # % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" # ----------------------------------------------------------------------------- ############################################################################### # Extensible sections. # # This alleviates the multiple line output problem found in the # previous executable mib by placing each mib in its own mib table: # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest # % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50 # enterprises.ucdavis.50.1.1 = 1 # enterprises.ucdavis.50.2.1 = "shelltest" # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.50.100.1 = 35 # enterprises.ucdavis.50.101.1 = "hello world." # enterprises.ucdavis.50.101.2 = "hi there." # enterprises.ucdavis.50.102.1 = 0 # Now the Output has grown to two lines, and we can see the 'hi # there.' output as the second line from our shell script. # # Note that you must alter the mib.txt file to be correct if you want # the .50.* outputs above to change to reasonable text descriptions. # Other ideas: # # exec .1.3.6.1.4.1.2021.51 ps /bin/ps # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq # ----------------------------------------------------------------------------- ############################################################################### # Pass through control. # # Usage: # pass MIBOID EXEC-COMMAND # # This will pass total control of the mib underneath the MIBOID # portion of the mib to the EXEC-COMMAND. # # Note: You'll have to change the path of the passtest script to your # source directory or install it in the given location. # # Example: (see the script for details) # (commented out here since it requires that you place the # script in the right location. (its not installed by default)) # pass .1.3.6.1.4.1.2021.255 /bin/sh PREFIX/local/passtest # % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255 # enterprises.ucdavis.255.1 = "life the universe and everything" # enterprises.ucdavis.255.2.1 = 42 # enterprises.ucdavis.255.2.2 = OID: 42.42.42 # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 # enterprises.ucdavis.255.5 = 42 # enterprises.ucdavis.255.6 = Gauge: 42 # # % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5 # enterprises.ucdavis.255.5 = 42 # # % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string" # enterprises.ucdavis.255.1 = "New string" # # For specific usage information, see the man/snmpd.conf.5 manual page # as well as the local/passtest script used in the above example. ############################################################################### # Subagent control # # The agent can support subagents using a number of extension mechanisms. # From the 4.2.1 release, AgentX support is being compiled in by default. # However, this is still experimental code, so should not be used on # critical production systems. # Please see the file README.agentx for more details. # # If having read, marked, learnt and inwardly digested this information, # you decide that you do wish to make use of this mechanism, simply # uncomment the following directive. # # master agentx # # I repeat - this is*NOT* regarded as suitable for front-line production # systems, though it is probably stable enough for day-to-day use. # Probably. # # No refunds will be given. ############################################################################### # Further Information # # See the snmpd.conf manual page, and the output of "snmpd -H". # MUCH more can be done with the snmpd.conf than is shown as an # example here. 1.8. snmpd -H ¶# snmpd -H Configuration directives understood: No log handling enabled - turning on stderr logging In snmpd.conf and snmpd.local.conf: authtrapenable 1 | 2 (1 h1.enable, 2 disable) trapsink host [service:community] [service:port] trap2sink host [service:community] [service:port] informsink host [service:community] [service:port] trapsess [service:snmpcmdargs] host trapcommunity community-string agentuser userid agentgroup groupid agentaddress SNMP bind address quit (1|yes|true|0|no|false) leave_pidfile (1|yes|true|0|no|false) injectHandler injectHandler NAME INTONAME [service:BEFORE_OTHER_NAME] table tableoid add_row indexes... values... com2sec name IPv4-network-address[/netmask] community com2sec6 name IPv6-network-address[/netmask] community com2secunix name sockpath community sysdescr description syslocation location syscontact contact-name sysname node-name sysservices NUMBER sysobjectid OID interface name type speed group name v1|v2c|usm|... security access name context model level prefx read write notify view name type subtree [service:mask] rwcommunity community [default|hostname|network/bits [service:oid] rocommunity community [default|hostname|network/bits [service:oid] rwcommunity6 community [default|hostname|network/bits [service:oid] rocommunity6 community [default|hostname|network/bits [service:oid] rwuser user [noauth|auth|priv [service:oid] rouser user [noauth|auth|priv [service:oid] swap min-avail proc process-name [service:max-num] [service:min-num] procfix process-name program [service:arguments...] pass miboid command pass_persist miboid program disk path [ minspace | service:minpercent% ] includeAllDisks minpercent% load max1 [service:max5] [service:max15] exec [service:miboid] name program arguments sh [service:miboid] name program-or-script arguments execfix exec-or-sh-name program [service:arguments...] file file [service:maxsize] dlmod module-name module-path proxy [service:snmpcmd args] host oid [service:remoteoid] logmatch logmatch name path cycletime regex createUser username (MD5|SHA) passphrase [DES [service:passphrase] override [service:-rw] mibnode type value storageUseNFS 1 | 2 (1 h1.enable, 2 disable) ignoredisk name smuxpeer OID-IDENTITY PASSWORD smuxsocket SMUX bind address master specify 'agentx' for AgentX support agentxsocket AgentX bind address agentxperms AgentX socket permissions: socket_perms [directory_perms [username|userid [groupname|service:groupid]] agentxRetries AgentX Retries agentxTimeout AgentX Timeout (seconds) engineID string engineIDType num engineIDNic string In snmp.conf and snmp.local.conf: doDebugging (1|0) debugTokens token[service:,token...] logTimestamp (1|yes|true|0|no|false) mibdirs [mib-dirs|service:+mib-dirs] mibs [mib-tokens|service:+mib-tokens] mibfile mibfile-to-read showMibErrors (1|yes|true|0|no|false) strictCommentTerm (1|yes|true|0|no|false) mibAllowUnderline (1|yes|true|0|no|false) mibWarningLevel integerValue mibReplaceWithLatest (1|yes|true|0|no|false) printNumericEnums (1|yes|true|0|no|false) printNumericOids (1|yes|true|0|no|false) escapeQuotes (1|yes|true|0|no|false) dontBreakdownOids (1|yes|true|0|no|false) quickPrinting (1|yes|true|0|no|false) numericTimeticks (1|yes|true|0|no|false) oidOutputFormat integerValue suffixPrinting integerValue extendedIndex (1|yes|true|0|no|false) printHexText (1|yes|true|0|no|false) printValueOnly (1|yes|true|0|no|false) dontPrintUnits (1|yes|true|0|no|false) dumpPacket (1|yes|true|0|no|false) reverseEncodeBER (1|yes|true|0|no|false) defaultPort integerValue defCommunity string noTokenWarnings (1|yes|true|0|no|false) noRangeCheck (1|yes|true|0|no|false) persistentDir string tempFilePattern string noDisplayHint (1|yes|true|0|no|false) 16bitIDs (1|yes|true|0|no|false) clientaddr string defSecurityModel string defSecurityName string defContext string defPassphrase string defAuthPassphrase string defPrivPassphrase string defVersion 1|2c|3 defAuthType MD5|SHA defPrivType DES (AES support not available) defSecurityLevel noAuthNoPriv|authNoPriv|authPriv 1.9. IANAifType ¶interface ¸¦ Á¤ÀÇ ÇÒ¶§ ÀÎÅÍÆäÀ̽ºÀÇ type À» Á¤ÀÇÇÑ´Ù.
IANAifType Textual Convention Status current Description This data type is used as the syntax of the ifType object in the (updated) definition of MIB-II's ifTable. The definition of this textual convention with the addition of newly assigned values is published periodically by the IANA, in either the Assigned Numbers RFC, or some derivative of it specific to Internet Network Management number assignments. (The latest arrangements can be obtained by contacting the IANA.) Requests for new values should be made to IANA via email (iana@iana.org). The relationship between the assignment of ifType values and of OIDs to particular media-specific MIBs is solely the purview of IANA and is subject to change without notice. Quite often, a media-specific MIB's OID-subtree assignment within MIB-II's 'transmission' subtree will be the same as its ifType value. However, in some circumstances this will not be the case, and implementors must not pre-assume any specific relationship between ifType values and transmission subtree OIDs. Syntax INTEGERother (1) regular1822 (2) hdh1822 (3) ddnX25 (4) rfc877x25 (5) ethernetCsmacd (6) iso88023Csmacd (7) iso88024TokenBus (8) iso88025TokenRing (9) iso88026Man (10) starLan (11) proteon10Mbit (12) proteon80Mbit (13) hyperchannel (14) fddi (15) lapb (16) sdlc (17) ds1 (18) e1 (19) basicISDN (20) primaryISDN (21) propPointToPointSerial (22) ppp (23) softwareLoopback (24) eon (25) ethernet3Mbit (26) nsip (27) slip (28) ultra (29) ds3 (30) sip (31) frameRelay (32) rs232 (33) para (34) arcnet (35) arcnetPlus (36) atm (37) miox25 (38) sonet (39) x25ple (40) iso88022llc (41) localTalk (42) smdsDxi (43) frameRelayService (44) v35 (45) hssi (46) hippi (47) modem (48) aal5 (49) sonetPath (50) sonetVT (51) smdsIcip (52) propVirtual (53) propMultiplexor (54) ieee80212 (55) fibreChannel (56) hippiInterface (57) frameRelayInterconnect (58) aflane8023 (59) aflane8025 (60) cctEmul (61) fastEther (62) isdn (63) v11 (64) v36 (65) g703at64k (66) g703at2mb (67) qllc (68) fastEtherFX (69) channel (70) ieee80211 (71) ibm370parChan (72) escon (73) dlsw (74) isdns (75) isdnu (76) lapd (77) ipSwitch (78) rsrb (79) atmLogical (80) ds0 (81) ds0Bundle (82) bsc (83) async (84) cnr (85) iso88025Dtr (86) eplrs (87) arap (88) propCnls (89) hostPad (90) termPad (91) frameRelayMPI (92) x213 (93) adsl (94) radsl (95) sdsl (96) vdsl (97) iso88025CRFPInt (98) myrinet (99) voiceEM (100) voiceFXO (101) voiceFXS (102) voiceEncap (103) voiceOverIp (104) atmDxi (105) atmFuni (106) atmIma (107) pppMultilinkBundle (108) ipOverCdlc (109) ipOverClaw (110) stackToStack (111) virtualIpAddress (112) mpc (113) ipOverAtm (114) iso88025Fiber (115) tdlc (116) gigabitEthernet (117) hdlc (118) lapf (119) v37 (120) x25mlp (121) x25huntGroup (122) trasnpHdlc (123) interleave (124) fast (125) ip (126) docsCableMaclayer (127) docsCableDownstream (128) docsCableUpstream (129) a12MppSwitch (130) tunnel (131) coffee (132) ces (133) atmSubInterface (134) l2vlan (135) l3ipvlan (136) l3ipxvlan (137) digitalPowerline (138) mediaMailOverIp (139) dtm (140) dcn (141) ipForward (142) msdsl (143) ieee1394 (144) if-gsn (145) dvbRccMacLayer (146) dvbRccDownstream (147) dvbRccUpstream (148) atmVirtual (149) mplsTunnel (150) srp (151) voiceOverAtm (152) voiceOverFrameRelay (153) idsl (154) compositeLink (155) ss7SigLink (156) propWirelessP2P (157) frForward (158) rfc1483 (159) usb (160) ieee8023adLag (161) bgppolicyaccounting (162) frf16MfrBundle (163) h323Gatekeeper (164) h323Proxy (165) mpls (166) mfSigLink (167) hdsl2 (168) shdsl (169) ds1FDL (170) pos (171) dvbAsiIn (172) dvbAsiOut (173) plc (174) nfas (175) tr008 (176) gr303RDT (177) gr303IDT (178) isup (179) propDocsWirelessMaclayer (180) propDocsWirelessDownstream (181) propDocsWirelessUpstream (182) hiperlan2 (183) propBWAp2Mp (184) sonetOverheadChannel (185) digitalWrapperOverheadChannel (186) aal2 (187) radioMAC (188) atmRadio (189) imt (190) mvl (191) reachDSL (192) frDlciEndPt (193) atmVciEndPt (194) opticalChannel (195) opticalTransport (196) propAtm (197) voiceOverCable (198) infiniband (199) teLink (200) q2931 (201) virtualTg (202) sipTg (203) sipSig (204) docsCableUpstreamChannel (205) econet (206) pon155 (207) pon622 (208) bridge (209) linegroup (210) voiceEMFGD (211) voiceFGDEANA (212) voiceDID (213) 1.10. 64ºñÆ® ³×Æ®¿÷ Ä«¿îÆ®¸¦ Áö¿øÇÏ´Â snmpd ¼³Ä¡ ¶Giga ºñÆ® ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º¸¦ Áö¿øÇϱâ À§Çؼ´Â ÀÌ°ÍÀ» Áö¿øÇÏ´Â snmpd °¡ ¼³Ä¡ µÇ¾î¾ß ÇÑ´Ù. ÀÌ°ÍÀ» Áö¿øÇÏ´Â snmpd ´Â net-snmpd 5.2.x ÀÌ»óÀ¸·Î ÇöÀç ½ÃÁ¡¿¡¼ 5.3.0 À» ±¸ÇÒ¼ö ÀÖ¾ú´Ù.
ÀÌ°ÍÀ» ¸ð´ÏÅ͸µ ÇÒ ½Ã½ºÅÛ¿¡ ¼³Ä¡ÇÑ´Ù. °æ·Î´Â /usr/local/src ¿¡ ¼³Ä¡. ±×¸®°í 64 ºñÆ® Ä«¿îÅ͸¦ Áö¿øÇÒ ¼ö ÀÖµµ·Ï *--enable-mfd-rewrites* À» ¿É¼ÇÀ¸·Î Á༠configure ¸¦ ½ÇÇà½ÃŲ´Ù.
# cd /usr/local/src # tar xzf ~~winchild/net-snmp-5.3.0.1.tar.gz # cd net-snmp-5.3.0.1/ # ./configure --enable-mfd-rewrites ..... -Press return to continue- << ¿©±â¼ ENTER >>> ............ At this prompt you can select "1", "2" (for SNMPv2c), or "3" as the default version for the command tools (snmpget, ...) to use. This can always be overridden at runtime using the -v flag to the tools, or by using the "defVersion" token in your snmp.conf file. Providing the --with-default-snmp-version="x" parameter to ./configure will avoid this prompt. Default version of SNMP to use (3): 2 << µðÆúÆ®·Î ¾î´À ¹öÀüÀ» »ç¿ëÇÒ°ÍÀΰ¡¸¦ ¹¯´Â°Í 2¸¦ ¼±ÅÃ>> .... Providing the --with-sys-contact="contact" parameter to ./configure will avoid this prompt. System Contact Information (root@): master@sds.co.kr << ¿¬¶ôó¸¦ ³ÖÀ¸¶ó´Â°Í >> ..... Providing the --with-sys-location="location" parameter to ./configure will avoid this prompt. System Location (Unknown): Samjung Data Server <<½Ã½ºÅÛÀÇ À§Ä¡¸¦ ³ÖÀ¸¶ó´Â°Í >> << ³ª¸ÓÁö ·Î±×À§Ä¡¿Í configure ´Â ±×³É ENTER >> ................ --------------------------------------------------------- Net-SNMP configuration summary: --------------------------------------------------------- SNMP Versions Supported: 1 2c 3 Net-SNMP Version: 5.3.0.1 Building for: linux Network transport support: Callback Unix TCP UDP SNMPv3 Security Modules: usm Agent MIB code: mibII ucd_snmp snmpv3mibs notification notification-log-mib target agent_mibs agentx disman/event-mib disman/schedule utilities host SNMP Perl modules: disabled Embedded perl support: disabled Authentication support: MD5 SHA1 Encryption support: DES AES WARNING: New version of the Event MIB which may be subtly different from the original implementation - configure with 'disman/old-event-mib' for the previous version --------------------------------------------------------- # make ...... # make install ...... # ¼³Ä¡´Â /usr/local ¾Æ·¡¿¡ ¼³Ä¡µÇ¸ç snmpd ÀÇ °æ¿ì /usr/local/sbin ¾Æ·¡¿¡ ¼³Ä¡µÈ´Ù.
1.11. snmpd.conf ÆÄÀÏ¿¡ Gigabit Interface Ãß°¡ ¶Gigabit Interface ÀÓÀ» /etc/snmpd.conf ÆÄÀÏ¿¡ Ãß°¡ÇÑ´Ù.
*117* Àº *IANAifType * ¿¡¼ gigabitEthernet (117) ¿¡ ÇØ´çÇÏ´Â type ÀÌ´Ù.
view mib2 included .1.3.6.1.2.1.31.1.1.1.6 ÀÇ Àû¿ë¿©ºÎ´Â È®½ÇÄ¡ ¾Ê´Ù.
# Interface view mib set -test by winchild view mib2 included .1.3.6.1.2.1.31.1.1.1.6 interface eth0 117 1000000000 interface eth1 117 1000000000 1.12. ±âÁ¸ÀÇ snmpd ÀÇ ½ÇÇà ½ºÅ©¸³Æ® ¼öÁ¤ ¶snmpd °¡ ´Â /usr/sbin/ ¿¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
# whereis snmpd snmpd: /usr/sbin/snmpd /usr/local/sbin/snmpd /usr/share/man/man8/snmpd.8.gz # snmpd ¸¦ ½ÇÇà½ÃÅ°´Â ½ºÅ©¸³Æ®ÀÎ /etc/rc.d/init.d/snmpd ¸¦ vi ·Î ¿¾î¼ ¼öÁ¤ÇÑ´Ù.
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd -a" ==> OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd -a -c /etc/snmp/snmpd.conf" /usr/sbin/snmpd ==> /usr/local/sbin/snmpd /usr/sbin/snmpd ´Â ¸ðµÎ ¼öÁ¤ ÇؾßÇÑ´Ù. 4±ºµ¥ Á¤µµ µÈ´Ù.
snmpd Àç½ÃÀÛ
# ./snmpd restart Stopping snmpd: [service: OK ] Starting snmpd: [service: OK ] # 1.13. ifHCInOctets µ¿ÀÛÈ®ÀÎ ¶¸ð´ÏÅ͸µÀ» ÇÏ´Â ½Ã½ºÅÛ¿¡¼ 64ºñÆ® Ä«¿îÆ® MIB ¸¦ Áö¿øÇÏ´ÂÁö È®ÀÎ.
$ snmpwalk -c public -v 2c 61.109.252.92 IF-MIB::ifHCInOctets IF-MIB::ifHCInOctets.1 = Counter64: 161327 IF-MIB::ifHCInOctets.2 = Counter64: 163992004374 IF-MIB::ifHCInOctets.3 = Counter64: 90367881908 IF-MIB::ifHCInOctets.4 = Counter64: 0 $ °á°ú °ªÀÌ ³ª¿À¸é Á¤»óÀûÀ¸·Î µ¿ÀÛÇÏ´Â °ÍÀÌ´Ù. ³ª¿ÀÁö ¾Ê´Â °æ¿ì´Â
$ snmpwalk -c public -v 2c 61.109.252.92 IF-MIB::ifHCInOctets IF-MIB::ifHCInOctets = No Such Object availavle on this agent at this OID $ °¡ ³ª¿Â´Ù. ÀÌ °æ¿ì´Â ¿É¼ÇÀ» ¹Ù·Î ÁÖ¾ú´ÂÁö È®ÀÎÇÏ°í Àç ÄÄÆÄÀÏ ÇؾßÇÑ´Ù.
cacti ¿¡¼ ¼³Á¤½Ã¿¡´Â SNMP *VERSION 2* ·Î ÇØÁÖ¾î¾ß ÇÑ´Ù.
1.14. 64 bit ÄÄÆÄÀÏ ½ÃÀÇ ÁÖÀÇ»çÇ× ¶64 ºñÆ® ½Ã½ºÅÛ¿¡¼ ÄÄÆÄÀϽÿ¡ ¾Æ·¡¿Í °°Àº ¿À·ù°¡ ¹ß»ýÇÏ°í, ÄÄÆÄÀϵÇÁö ¾Ê´Â´Ù.
/bin/sh ../libtool --mode=link gcc -g -O2 -Dlinux -I/usr/include/rpm -o snmpd snmpd.lo libnetsnmpmibs.la libnetsnmpagent.la helpers/libnetsnmphelpers.la ../snmplib/libnetsnmp.la -ldl -lrpm -lrpmio -lpopt -lz -lcrypto -lm gcc -g -O2 -Dlinux -I/usr/include/rpm -o .libs/snmpd snmpd.o ./.libs/libnetsnmpmibs.so ./.libs/libnetsnmpagent.so helpers/.libs/libnetsnmphelpers.so ../snmplib/.libs/libnetsnmp.so -ldl -lrpm -lrpmio /usr/lib/libpopt.so -lz -lcrypto -lm -Wl,--rpath -Wl,/usr/local/lib /usr/lib/libpopt.so: could not read symbols: File in wrong format collect2: ld returned 1 exit status make:*** [service:snmpd] Error 1 # /usr/lib/libpopt.so ´Â 32ºñÆ®¿ëÀÇ ¶óÀ̺귯¸® Àε¥, 64 ºñÆ®¿ëÀÇ ¶óÀ̺귯¸®¸¦ access ÇÏÁö ¾ÊÀ½À¸·Î¼ ¹ß»ýÇÏ´Â ¹®Á¦ÀÌ´Ù. ¿Ã¹Ù¸¥ ¶óÀ̺귯¸®´Â /usr/lib64/libpopt.so ÀÌ´Ù.
ÀӽùæÆíÀÌÁö¸¸ ÇØ´ç µð·ºÅ丮¿¡ Makefile À» Á÷Á¢ ¼öÁ¤ÇÑ´Ù.
LIBS = ../snmplib/libnetsnmp.$(LIB_EXTENSION)$(LIB_VERSION) -ldl -lrpm -lrpmio -lpopt -lz -lcrypto -lm $(PERLLDOPTS) ÀÇ ºÎºÐ¿¡¼ -lpopt ºÎºÐÀ» /usr/lib64/libpopt.so À¸·Î ¼öÁ¤ÇÑ´Ù. Áï
LIBS = ../snmplib/libnetsnmp.$(LIB_EXTENSION)$(LIB_VERSION) -ldl -lrpm -lrpmio /usr/lib64/libpopt.so -lz -lcrypto -lm $(PERLLDOPTS) À¸·Î ¼öÁ¤ÇÑ´Ù.
agent ¿Í app µð·ºÅ丮 µÎ±ºµ¥¿¡¼ ¹ß»ýÇÑ´Ù. °°Àº ¹æ¹ýÀ¸·Î ÄÄÆÄÀÏ ÇÒ ¼ö ÀÖ´Ù.
|
Mind your own business, Spock. I'm sick of your halfbreed interference. |