· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
snmp

*~firechoi*

Linux SNMPD 설치


* 방창현 (winchild@sds.co.kr) / (주)삼정데이터서비스 연구소* * 최세영 (firechoi@sds.co.kr) / (주)삼정데이터서비스 연구소*

*최종수정일자:* 2007년 2월 1일 15시57분


1.1. 소개

SNMP 프로토콜을 이용하여, 외부로 시스템의 상태를 전송할수 있게 해주는 데몬으로서 http://net-snmp.sourceforge.net 에서 입수할 수 있다.

1.2. 설치

보통 설치시에 SNMP 패키지를 설치하도록 선택함으로 설치. 아니면 RPM 으로 추후 설치 "--enable-mfd-rewrites" 옵션은 GIGA bit 이더넷을 지원하기 위한 옵션이다.

# configure --enable-mfd-rewrites
# make;
# make install 

1.3. 설정

/etc/snmp/snmpd.conf 파일을 편집하는데 보통 net-snmp 설치시에 포함되어 있는 EXAMPLE.conf 파일을 이용한다. net-snmp 설치한 디렉토리는 다를수 있다.

# cp /home/pkg-install/net-snmp-5.1.4.pre1/EXAMPLE.conf snmpd.conf

파일을 열어서 접근권한을 열어준다.
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY

이것중에서 local 은 로컬 호스트에서 접근할때 열어주는 권한이다. 아래의 것은 외부 네트웍에서 접근권한을 설정하는 것이다. 앞에 '#" 으로 커멘트로 막혀 있는 상태이다. 네트웍으로 입력하는것은 접근하는 호스트의 주소나 IP 대역을 넣는다.

com2sec local localhost public
com2sec direct.co.kr xxx.xxx.xxx.0/24 public

로컬과 네트웍으로 SNMP 를 긇어갈수 있도록 열어주면서 커뮤니티명은 "public" 으로 설정했다.

syslocation Right here, right now.
syscontact Me <me@somewhere.org>

시스템의 위치와 관리자 정보를 넣어준다.
syslocation Samjung Data Service, Seoul Korea.
syscontact ChangHyun-Bang <winchild@sds.co.kr>



1.4. 테스트

snmpwalk 로 데이터를 가져오는지 확인한다.

# snmpwalk -c public -v 2c localhost|more
SNMPv2-MIB::sysDescr.0 = STRING: Linux nms.direct.co.kr 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (65263) 0:10:52.63
SNMPv2-MIB::sysContact.0 = STRING: ChangHyun-Bang <winchild@sds.co.kr>
SNMPv2-MIB::sysName.0 = STRING: nms.direct.co.kr
SNMPv2-MIB::sysLocation.0 = STRING: Samjung Data Service, Seoul Korea.
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model
.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.9 = Timeticks: (1) 0:00:00.01
IF-MIB::ifNumber.0 = INTEGER: 4
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifIndex.4 = INTEGER: 4
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0
IF-MIB::ifDescr.3 = STRING: eth1
IF-MIB::ifDescr.4 = STRING: sit0
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
....
SNMPv2-SMI::mib-2.55.1.5.1.9.1 = INTEGER: 1
SNMPv2-SMI::mib-2.55.1.5.1.9.2 = INTEGER: 1
SNMPv2-SMI::mib-2.55.1.5.1.10.1 = INTEGER: 1
SNMPv2-SMI::mib-2.55.1.5.1.10.2 = INTEGER: 1


1.5. iptables 열어주기


/etc/sysconfig/iptables 파일의 맨끝의
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

의 앞에 SNMP 로 접근할 시스템의 SNMP 포트를 열어주는 정보를 추가한다.

-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp -s 211.239.157.113/32 --dport 161 -j ACCEPT

iptables 재기동
# /etc/rc.d/init.d/iptables restart
Flushing firewall rules:                                   [service:  OK  ]
Setting chains to policy ACCEPT: filter                    [service:  OK  ]
Unloading iptables modules:                                [service:  OK  ]
Applying iptables firewall rules:                          [service:  OK  ]
#



1.6. 디스크파티션 정보 추가


모니터링할 디스크의 파티션 정보를 추가한다. 일단 df 로 모니터링 할 파티션 정보를 알아둔다.
# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda8              4127076    145540   3771892   4% /
/dev/sda2             20161204     77888  19059176   1% /backup
/dev/sda1               256666     15856    227558   7% /boot
/dev/sda7              8064272     50832   7603788   1% /data
none                    517220         0    517220   0% /dev/shm
/dev/sda3             18145120    295076  16928316   2% /home
/dev/sda10              256666     10293    233121   5% /tmp
/dev/sda5              9068616   1486256   7121700  18% /usr
/dev/sda6              8277844    104896   7752452   2% /var

/etc/snmp/snmpd.conf 파일을 열고 disk 정보를 추가한다.

disk / 10000
disk /backup 10000
disk /boot 10000
disk /home 10000
disk /tmp 10000
disk /usr 10000
disk /var 10000
/dev/shm 은 공유메모리 부분이므로 모니터링 할 필요 없다. 이 중에서도 필요하지 않은것은 넣지 않아도 된다. 인수는 / 가 포함된 부분이 파티션이고 10000 은 단위를 이야기 한다. 최소 10 메가 단위로 snmp 리포트를 생성한다.

수정했으면 snmpd 를 재기동 시킨다.
# ./snmpd  restart
snmpd 를 정지함:                                           [service:  확인  ]
snmpd (을)를 시작합니다:                                   [service:  확인  ]
#

그리고 리부팅 하더라도 snmpd 가 구동되도록 daemon 을 등록한다.
# cd /etc/rc.d/init.d
# /sbin/chkconfig --level 345 snmpd on
#


1.7. snmpd.conf 예제파일


*(주) com2sec 는 꼭 수정해야 한다.*

###############################################################################
#
# EXAMPLE.conf:
#   An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be an example.  If, however, you want
# to use it, it should be placed in /usr/local/etc/snmp/snmpd.conf.
# When the snmpd agent starts up, this is where it will look for it.
#
# You might be interested in generating your own snmpd.conf file using
# the "snmpconf" program (perl script) instead.  It's a nice menu
# based interface to writing well commented configuration files.  Try it!
#
# Note: This file is automatically generated from EXAMPLE.conf.def.
# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
# configure & make, and then make sure you read the EXAMPLE.conf file
# instead, as it will tailor itself to your configuration.

# All lines beginning with a '#' are comments and are intended for you
# to read.  All other lines are configuration commands for the agent.

#
# PLEASE: read the snmpd.conf(5) manual page as well!
#


###############################################################################
# Access Control
###############################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU*MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec local     localhost       public
#com2sec mynetwork NETWORK/24      COMMUNITY

####
# Second, map the security names into group names:

#               sec.model  sec.name
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# -----------------------------------------------------------------------------


###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file. **PLEASE NOTE** that setting
# the value of these objects here makes these objects READ-ONLY
# (regardless of any access control settings).  Any attempt to set the
# value of an object whose value is given here will fail with an error
# status of notWritable.

syslocation Samjung Data Service, Seoul Korea.
syscontact ChangHyun-Bang <winchild@sds.co.kr>

# Example output of snmpwalk:
#   % snmpwalk -v 1 -c public localhost system
#   system.sysDescr.0 = "SunOS name sun4c"
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
#   system.sysContact.0 = "Me <me@somewhere.org>"
#   system.sysName.0 = "name"
#   system.sysLocation.0 = "Right here, right now."
#   system.sysServices.0 = 72


# -----------------------------------------------------------------------------


###############################################################################
# Process checks.
#
#  The following are examples of how to use the agent to check for
#  processes running on the host.  The syntax looks something like:
#
#  proc NAME [service:MAX=0] [service:MIN=0]
#
#  NAME:  the name of the process to check for.  It must match
#         exactly (ie, http will not find httpd processes).
#  MAX:   the maximum number allowed to be running.  Defaults to 0.
#  MIN:   the minimum number to be running.  Defaults to 0.

#
#  Examples:
#

#  Make sure mountd is running
proc mountd

#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
proc ntalkd 4

#  Make sure at least one sendmail, but less than or equal to 10 are running.
proc sendmail 10 1

#  A snmpwalk of the prTable would look something like this:
#
# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
#  Note that the errorFlag for mountd is set to 1 because one is not
#  running (in this case an rpc.mountd is, but thats not good enough),
#  and the ErrMessage tells you what's wrong.  The configuration
#  imposed in the snmpd.conf file is also shown.
#
#  Special Case:  When the min and max numbers are both 0, it assumes
#  you want a max of infinity and a min of 1.
#


# -----------------------------------------------------------------------------


###############################################################################
# Executables/scripts
#

#
#  You can also have programs run by the agent that return a single
#  line of output and an exit code.  Here are two examples.
#
#  exec NAME PROGRAM [service:ARGS ...]
#
#  NAME:     A generic name.
#  PROGRAM:  The program to run.  Include the path!
#  ARGS:     optional arguments to be passed to the program

# a simple hello world
exec echotest /bin/echo hello world

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest

# Then,
# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0

# Note that the second line of the /tmp/shtest shell script is cut
# off.  Also note that the exit status of 35 was returned.

# -----------------------------------------------------------------------------


###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.

# disk PATH [service:MIN=DEFDISKMINIMUMSPACE]
#
# PATH:  mount path to the disk in question.
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
#        Default value = DEFDISKMINIMUMSPACE.

# Check the / partition and make sure it contains at least 10 megs.

disk / 10000

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""

# -----------------------------------------------------------------------------


###############################################################################
# load average checks
#

# load [service:1MAX=DEFMAXLOADAVE] [service:5MAX=DEFMAXLOADAVE] [service:15MAX=DEFMAXLOADAVE]
#
# 1MAX:   If the 1 minute load average is above this limit at query
#         time, the errorFlag will be set.
# 5MAX:   Similar, but for 5 min average.
# 15MAX:  Similar, but for 15 min average.

# Check for loads:
load 12 14 14

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""

# -----------------------------------------------------------------------------


###############################################################################
# Extensible sections.
#

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

# -----------------------------------------------------------------------------


###############################################################################
# Pass through control.
#

# Usage:
#   pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note:  You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example:  (see the script for details)
#           (commented out here since it requires that you place the
#           script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh PREFIX/local/passtest

# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#

# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.

###############################################################################
# Subagent control
#

# The agent can support subagents using a number of extension mechanisms.
# From the 4.2.1 release, AgentX support is being compiled in by default.
# However, this is still experimental code, so should not be used on
# critical production systems.
#   Please see the file README.agentx for more details.
#
# If having read, marked, learnt and inwardly digested this information,
# you decide that you do wish to make use of this mechanism, simply
# uncomment the following directive.
#
#  master  agentx
#
# I repeat - this is*NOT* regarded as suitable for front-line production
# systems, though it is probably stable enough for day-to-day use.
# Probably.
#
# No refunds will be given.


###############################################################################
# Further Information
#
#  See the snmpd.conf manual page, and the output of "snmpd -H".
#  MUCH more can be done with the snmpd.conf than is shown as an
#  example here.


1.8. snmpd -H

# snmpd -H
Configuration directives understood:
No log handling enabled - turning on stderr logging
  In snmpd.conf and snmpd.local.conf:
    authtrapenable           1 | 2              (1 
h1.enable, 2 disable)
    trapsink                 host [service:community] [service:port]
    trap2sink                host [service:community] [service:port]
    informsink               host [service:community] [service:port]
    trapsess                 [service:snmpcmdargs] host
    trapcommunity            community-string
    agentuser                userid
    agentgroup               groupid
    agentaddress             SNMP bind address
    quit                     (1|yes|true|0|no|false)
    leave_pidfile            (1|yes|true|0|no|false)
    injectHandler            injectHandler NAME INTONAME [service:BEFORE_OTHER_NAME]
    table                    tableoid
    add_row                  indexes... values...
    com2sec                  name IPv4-network-address[/netmask] community
    com2sec6                 name IPv6-network-address[/netmask] community
    com2secunix              name sockpath community
    sysdescr                 description
    syslocation              location
    syscontact               contact-name
    sysname                  node-name
    sysservices              NUMBER
    sysobjectid              OID
    interface                name type speed
    group                    name v1|v2c|usm|... security
    access                   name context model level prefx read write notify
    view                     name type subtree [service:mask]
    rwcommunity              community [default|hostname|network/bits [service:oid]
    rocommunity              community [default|hostname|network/bits [service:oid]
    rwcommunity6             community [default|hostname|network/bits [service:oid]
    rocommunity6             community [default|hostname|network/bits [service:oid]
    rwuser                   user [noauth|auth|priv [service:oid]
    rouser                   user [noauth|auth|priv [service:oid]
    swap                     min-avail
    proc                     process-name [service:max-num] [service:min-num]
    procfix                  process-name program [service:arguments...]
    pass                     miboid command
    pass_persist             miboid program
    disk                     path [ minspace | service:minpercent% ]
    includeAllDisks          minpercent%
    load                     max1 [service:max5] [service:max15]
    exec                     [service:miboid] name program arguments
    sh                       [service:miboid] name program-or-script arguments
    execfix                  exec-or-sh-name program [service:arguments...]
    file                     file [service:maxsize]
    dlmod                    module-name module-path
    proxy                    [service:snmpcmd args] host oid [service:remoteoid]
    logmatch                 logmatch name path cycletime regex
    createUser               username (MD5|SHA) passphrase [DES [service:passphrase]
    override                 [service:-rw] mibnode type value
    storageUseNFS            1 | 2              (1 
h1.enable, 2 disable)
    ignoredisk               name
    smuxpeer                 OID-IDENTITY PASSWORD
    smuxsocket               SMUX bind address
    master                   specify 'agentx' for AgentX support
    agentxsocket             AgentX bind address
    agentxperms              AgentX socket permissions: socket_perms [directory_perms [username|userid [groupname|service:groupid]]
    agentxRetries            AgentX Retries
    agentxTimeout            AgentX Timeout (seconds)
    engineID                 string
    engineIDType             num
    engineIDNic              string
  In snmp.conf and snmp.local.conf:
    doDebugging              (1|0)
    debugTokens              token[service:,token...]
    logTimestamp             (1|yes|true|0|no|false)
    mibdirs                  [mib-dirs|service:+mib-dirs]
    mibs                     [mib-tokens|service:+mib-tokens]
    mibfile                  mibfile-to-read
    showMibErrors            (1|yes|true|0|no|false)
    strictCommentTerm        (1|yes|true|0|no|false)
    mibAllowUnderline        (1|yes|true|0|no|false)
    mibWarningLevel          integerValue
    mibReplaceWithLatest     (1|yes|true|0|no|false)
    printNumericEnums        (1|yes|true|0|no|false)
    printNumericOids         (1|yes|true|0|no|false)
    escapeQuotes             (1|yes|true|0|no|false)
    dontBreakdownOids        (1|yes|true|0|no|false)
    quickPrinting            (1|yes|true|0|no|false)
    numericTimeticks         (1|yes|true|0|no|false)
    oidOutputFormat          integerValue
    suffixPrinting           integerValue
    extendedIndex            (1|yes|true|0|no|false)
    printHexText             (1|yes|true|0|no|false)
    printValueOnly           (1|yes|true|0|no|false)
    dontPrintUnits           (1|yes|true|0|no|false)
    dumpPacket               (1|yes|true|0|no|false)
    reverseEncodeBER         (1|yes|true|0|no|false)
    defaultPort              integerValue
    defCommunity             string
    noTokenWarnings          (1|yes|true|0|no|false)
    noRangeCheck             (1|yes|true|0|no|false)
    persistentDir            string
    tempFilePattern          string
    noDisplayHint            (1|yes|true|0|no|false)
    16bitIDs                 (1|yes|true|0|no|false)
    clientaddr               string
    defSecurityModel         string
    defSecurityName          string
    defContext               string
    defPassphrase            string
    defAuthPassphrase        string
    defPrivPassphrase        string
    defVersion               1|2c|3
    defAuthType              MD5|SHA
    defPrivType              DES (AES support not available)
    defSecurityLevel         noAuthNoPriv|authNoPriv|authPriv


1.9. IANAifType

interface 를 정의 할때 인터페이스의 type 을 정의한다.
IANAifType   Textual Convention 
Status   current 
Description   This data type is used as the syntax of the ifType
object in the (updated) definition of MIB-II's
ifTable.

The definition of this textual convention with the
addition of newly assigned values is published
periodically by the IANA, in either the Assigned
Numbers RFC, or some derivative of it specific to
Internet Network Management number assignments.  (The
latest arrangements can be obtained by contacting the
IANA.)

Requests for new values should be made to IANA via
email (iana@iana.org).

The relationship between the assignment of ifType
values and of OIDs to particular media-specific MIBs
is solely the purview of IANA and is subject to change
without notice.  Quite often, a media-specific MIB's
OID-subtree assignment within MIB-II's 'transmission'
subtree will be the same as its ifType value.
However, in some circumstances this will not be the
case, and implementors must not pre-assume any
specific relationship between ifType values and
transmission subtree OIDs.  
 
Syntax   INTEGERother (1) 
regular1822 (2) 
hdh1822 (3) 
ddnX25 (4) 
rfc877x25 (5) 
ethernetCsmacd (6) 
iso88023Csmacd (7) 
iso88024TokenBus (8) 
iso88025TokenRing (9) 
iso88026Man (10) 
starLan (11) 
proteon10Mbit (12) 
proteon80Mbit (13) 
hyperchannel (14) 
fddi (15) 
lapb (16) 
sdlc (17) 
ds1 (18) 
e1 (19) 
basicISDN (20) 
primaryISDN (21) 
propPointToPointSerial (22) 
ppp (23) 
softwareLoopback (24) 
eon (25) 
ethernet3Mbit (26) 
nsip (27) 
slip (28) 
ultra (29) 
ds3 (30) 
sip (31) 
frameRelay (32) 
rs232 (33) 
para (34) 
arcnet (35) 
arcnetPlus (36) 
atm (37) 
miox25 (38) 
sonet (39) 
x25ple (40) 
iso88022llc (41) 
localTalk (42) 
smdsDxi (43) 
frameRelayService (44) 
v35 (45) 
hssi (46) 
hippi (47) 
modem (48) 
aal5 (49) 
sonetPath (50) 
sonetVT (51) 
smdsIcip (52) 
propVirtual (53) 
propMultiplexor (54) 
ieee80212 (55) 
fibreChannel (56) 
hippiInterface (57) 
frameRelayInterconnect (58) 
aflane8023 (59) 
aflane8025 (60) 
cctEmul (61) 
fastEther (62) 
isdn (63) 
v11 (64) 
v36 (65) 
g703at64k (66) 
g703at2mb (67) 
qllc (68) 
fastEtherFX (69) 
channel (70) 
ieee80211 (71) 
ibm370parChan (72) 
escon (73) 
dlsw (74) 
isdns (75) 
isdnu (76) 
lapd (77) 
ipSwitch (78) 
rsrb (79) 
atmLogical (80) 
ds0 (81) 
ds0Bundle (82) 
bsc (83) 
async (84) 
cnr (85) 
iso88025Dtr (86) 
eplrs (87) 
arap (88) 
propCnls (89) 
hostPad (90) 
termPad (91) 
frameRelayMPI (92) 
x213 (93) 
adsl (94) 
radsl (95) 
sdsl (96) 
vdsl (97) 
iso88025CRFPInt (98) 
myrinet (99) 
voiceEM (100) 
voiceFXO (101) 
voiceFXS (102) 
voiceEncap (103) 
voiceOverIp (104) 
atmDxi (105) 
atmFuni (106) 
atmIma (107) 
pppMultilinkBundle (108) 
ipOverCdlc (109) 
ipOverClaw (110) 
stackToStack (111) 
virtualIpAddress (112) 
mpc (113) 
ipOverAtm (114) 
iso88025Fiber (115) 
tdlc (116) 
gigabitEthernet (117) 
hdlc (118) 
lapf (119) 
v37 (120) 
x25mlp (121) 
x25huntGroup (122) 
trasnpHdlc (123) 
interleave (124) 
fast (125) 
ip (126) 
docsCableMaclayer (127) 
docsCableDownstream (128) 
docsCableUpstream (129) 
a12MppSwitch (130) 
tunnel (131) 
coffee (132) 
ces (133) 
atmSubInterface (134) 
l2vlan (135) 
l3ipvlan (136) 
l3ipxvlan (137) 
digitalPowerline (138) 
mediaMailOverIp (139) 
dtm (140) 
dcn (141) 
ipForward (142) 
msdsl (143) 
ieee1394 (144) 
if-gsn (145) 
dvbRccMacLayer (146) 
dvbRccDownstream (147) 
dvbRccUpstream (148) 
atmVirtual (149) 
mplsTunnel (150) 
srp (151) 
voiceOverAtm (152) 
voiceOverFrameRelay (153) 
idsl (154) 
compositeLink (155) 
ss7SigLink (156) 
propWirelessP2P (157) 
frForward (158) 
rfc1483 (159) 
usb (160) 
ieee8023adLag (161) 
bgppolicyaccounting (162) 
frf16MfrBundle (163) 
h323Gatekeeper (164) 
h323Proxy (165) 
mpls (166) 
mfSigLink (167) 
hdsl2 (168) 
shdsl (169) 
ds1FDL (170) 
pos (171) 
dvbAsiIn (172) 
dvbAsiOut (173) 
plc (174) 
nfas (175) 
tr008 (176) 
gr303RDT (177) 
gr303IDT (178) 
isup (179) 
propDocsWirelessMaclayer (180) 
propDocsWirelessDownstream (181) 
propDocsWirelessUpstream (182) 
hiperlan2 (183) 
propBWAp2Mp (184) 
sonetOverheadChannel (185) 
digitalWrapperOverheadChannel (186) 
aal2 (187) 
radioMAC (188) 
atmRadio (189) 
imt (190) 
mvl (191) 
reachDSL (192) 
frDlciEndPt (193) 
atmVciEndPt (194) 
opticalChannel (195) 
opticalTransport (196) 
propAtm (197) 
voiceOverCable (198) 
infiniband (199) 
teLink (200) 
q2931 (201) 
virtualTg (202) 
sipTg (203) 
sipSig (204) 
docsCableUpstreamChannel (205) 
econet (206) 
pon155 (207) 
pon622 (208) 
bridge (209) 
linegroup (210) 
voiceEMFGD (211) 
voiceFGDEANA (212) 
voiceDID (213) 
 



1.10. 64비트 네트웍 카운트를 지원하는 snmpd 설치

Giga 비트 네트웍 인터페이스를 지원하기 위해서는 이것을 지원하는 snmpd 가 설치 되어야 한다. 이것을 지원하는 snmpd 는 net-snmpd 5.2.x 이상으로 현재 시점에서 5.3.0 을 구할수 있었다.

이것을 모니터링 할 시스템에 설치한다. 경로는 /usr/local/src 에 설치. 그리고 64 비트 카운터를 지원할 수 있도록 *--enable-mfd-rewrites* 을 옵션으로 줘서 configure 를 실행시킨다.

# cd /usr/local/src
# tar xzf ~~winchild/net-snmp-5.3.0.1.tar.gz
# cd net-snmp-5.3.0.1/
# ./configure --enable-mfd-rewrites
.....
-Press return to continue-
<< 여기서 ENTER >>>

............
   At this prompt you can select "1", "2" (for SNMPv2c), or "3" as
the default version for the command tools (snmpget, ...) to use.  This
can always be overridden at runtime using the -v flag to the tools, or
by using the "defVersion" token in your snmp.conf file.
   Providing the --with-default-snmp-version="x" parameter to ./configure
will avoid this prompt.

Default version of SNMP to use (3): 2 << 디폴트로 어느 버전을 사용할것인가를 묻는것 2를 선택>>
....
  Providing the --with-sys-contact="contact" parameter to ./configure
will avoid this prompt.

System Contact Information (root@): master@sds.co.kr << 연락처를 넣으라는것 >>
.....
  Providing the --with-sys-location="location" parameter to ./configure
will avoid this prompt.

System Location (Unknown): Samjung Data Server <<시스템의 위치를 넣으라는것 >>

<< 나머지 로그위치와 configure 는 그냥 ENTER >>

................

---------------------------------------------------------
            Net-SNMP configuration summary:
---------------------------------------------------------

  SNMP Versions Supported:    1 2c 3
  Net-SNMP Version:           5.3.0.1
  Building for:               linux
  Network transport support:  Callback Unix TCP UDP
  SNMPv3 Security Modules:    usm
  Agent MIB code:             mibII ucd_snmp snmpv3mibs notification notification-log-mib target agent_mibs agentx disman/event-mib disman/schedule utilities host
  SNMP Perl modules:          disabled
  Embedded perl support:      disabled
  Authentication support:     MD5 SHA1
  Encryption support:         DES AES
  WARNING:  New version of the Event MIB which may be subtly different from the original implementation - configure with 'disman/old-event-mib' for the previous version


---------------------------------------------------------

# make
......
# make install
......
#

설치는 /usr/local 아래에 설치되며 snmpd 의 경우 /usr/local/sbin 아래에 설치된다.


1.11. snmpd.conf 파일에 Gigabit Interface 추가


Gigabit Interface 임을 /etc/snmpd.conf 파일에 추가한다. *117* 은 *IANAifType * 에서 gigabitEthernet (117) 에 해당하는 type 이다. view mib2 included .1.3.6.1.2.1.31.1.1.1.6 의 적용여부는 확실치 않다.
# Interface view mib set -test by winchild
view    mib2    included        .1.3.6.1.2.1.31.1.1.1.6

interface eth0 117 1000000000
interface eth1 117 1000000000



1.12. 기존의 snmpd 의 실행 스크립트 수정


snmpd 가 는 /usr/sbin/ 에 설치되어 있다.
# whereis snmpd
snmpd: /usr/sbin/snmpd /usr/local/sbin/snmpd /usr/share/man/man8/snmpd.8.gz
#

snmpd 를 실행시키는 스크립트인 /etc/rc.d/init.d/snmpd 를 vi 로 열어서 수정한다.

OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd -a"
==>
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd -a -c /etc/snmp/snmpd.conf"

 /usr/sbin/snmpd
==>
 /usr/local/sbin/snmpd

/usr/sbin/snmpd 는 모두 수정 해야한다. 4군데 정도 된다.


snmpd 재시작
# ./snmpd restart
Stopping snmpd:                                            [service:  OK  ]
Starting snmpd:                                            [service:  OK  ]
#


1.13. ifHCInOctets 동작확인

모니터링을 하는 시스템에서 64비트 카운트 MIB 를 지원하는지 확인.
$ snmpwalk -c public -v 2c 61.109.252.92 IF-MIB::ifHCInOctets
IF-MIB::ifHCInOctets.1 = Counter64: 161327
IF-MIB::ifHCInOctets.2 = Counter64: 163992004374
IF-MIB::ifHCInOctets.3 = Counter64: 90367881908
IF-MIB::ifHCInOctets.4 = Counter64: 0
$

결과 값이 나오면 정상적으로 동작하는 것이다. 나오지 않는 경우는

$ snmpwalk -c public -v 2c 61.109.252.92 IF-MIB::ifHCInOctets
IF-MIB::ifHCInOctets = No Such Object availavle on this agent at this OID
$

가 나온다. 이 경우는 옵션을 바로 주었는지 확인하고 재 컴파일 해야한다. cacti 에서 설정시에는 SNMP *VERSION 2* 로 해주어야 한다.


1.14. 64 bit 컴파일 시의 주의사항

64 비트 시스템에서 컴파일시에 아래와 같은 오류가 발생하고, 컴파일되지 않는다.

/bin/sh ../libtool  --mode=link gcc -g -O2 -Dlinux -I/usr/include/rpm  -o snmpd snmpd.lo    libnetsnmpmibs.la libnetsnmpagent.la helpers/libnetsnmphelpers.la  ../snmplib/libnetsnmp.la -ldl -lrpm -lrpmio -lpopt  -lz -lcrypto -lm
gcc -g -O2 -Dlinux -I/usr/include/rpm -o .libs/snmpd snmpd.o  ./.libs/libnetsnmpmibs.so ./.libs/libnetsnmpagent.so helpers/.libs/libnetsnmphelpers.so ../snmplib/.libs/libnetsnmp.so -ldl -lrpm -lrpmio /usr/lib/libpopt.so -lz -lcrypto -lm  -Wl,--rpath -Wl,/usr/local/lib
/usr/lib/libpopt.so: could not read symbols: File in wrong format
collect2: ld returned 1 exit status
make:*** [service:snmpd] Error 1
#

/usr/lib/libpopt.so 는 32비트용의 라이브러리 인데, 64 비트용의 라이브러리를 access 하지 않음으로서 발생하는 문제이다. 올바른 라이브러리는 /usr/lib64/libpopt.so 이다.

임시방편이지만 해당 디렉토리에 Makefile 을 직접 수정한다.

LIBS            = ../snmplib/libnetsnmp.$(LIB_EXTENSION)$(LIB_VERSION) -ldl -lrpm -lrpmio -lpopt -lz -lcrypto -lm  $(PERLLDOPTS)

의 부분에서 -lpopt 부분을 /usr/lib64/libpopt.so 으로 수정한다. 즉

LIBS            = ../snmplib/libnetsnmp.$(LIB_EXTENSION)$(LIB_VERSION) -ldl -lrpm -lrpmio /usr/lib64/libpopt.so  -lz -lcrypto -lm  $(PERLLDOPTS)

으로 수정한다.

agent 와 app 디렉토리 두군데에서 발생한다. 같은 방법으로 컴파일 할 수 있다.







sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2007-04-03 09:52:03
Processing time 0.0148 sec