snmp

wangxiuwen 技术 , , 评论

背景:机房新增了几台ubuntu服务器,需要用已有的cacti来监测它们,所以要在新服务器上安装和配置SNMP协议。动机:我参考网上很多资料安装和配置SNMP,没搞定,于是自己研究了一下如何配置,最终顺利完成,所以分享一下。

  1. SNMP安装运行如下两个命令apt-get install snmp apt-get install snmpd 顺利运行完毕,使用如下命令测试一下lsof -i:161如果输出了正在运行snmp协议,便说明安装OK。
  2. SNMP配置(重点)我的SNMP配置文件/etc/snmp/snmpd.conf与网上早年的一些资料不同,主要是 压根没有出现com2sec,下面附上我的snmpd.conf的前半部分:-----------------------------------下面是snmpd.conf---------------------------------###############################################################################

EXAMPLE.conf:

An example configuration file for configuring the Net-SNMP agent (‘snmpd’)

See the ‘snmpd.conf(5)’ man page for details

Some entries are deliberately commented out, and will need to be explicitly activated

###############################################################################

AGENT BEHAVIOUR

Listen for connections from the local system only

#agentAddress udp:127.0.0.1:161

Listen for connections on all interfaces (both IPv4 and IPv6)

agentAddress udp:161,udp6::161

###############################################################################

SNMPv3 AUTHENTICATION

Note that these particular settings don’t actually belong here.

They should be copied to the file /var/lib/snmp/snmpd.conf

and the passwords changed, before being uncommented in that file only.

Then restart the agent

createUser authOnlyUser MD5 “remember to change this password”

createUser authPrivUser SHA “remember to change this one too” DES

createUser internalUser MD5 “this is only ever used internally, but still change the password”

If you also change the usernames (which might be sensible),

then remember to update the other occurances in this example config file to match.

###############################################################################

ACCESS CONTROL

                                             #  system + hrSystem groups only

view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemonly included .1 80
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default -V systemonly

                                             #  Full access from an example network
                                             #     Adjust this network address to match your local
                                             #     settings, change the community string,
                                             #     and check the 'agentAddress' setting above

#rocommunity secret 10.0.0.0/16

                                             #  Full read-only access for SNMPv3

rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the ‘createUser’ lines above
#rwuser authPrivUser priv

It’s no longer typically necessary to use the full ‘com2sec/group/access’ configuration

ruser and rcommunity, together with suitable views, should cover most requirements

-----------------------------------上面是snmpd.conf---------------------------------

我的目的是进行远程SNMP连接,所以需要做如下的修改:

将下面这一行
agentAddress udp:127.0.0.1:161
注释掉,即
#agentAddress udp:127.0.0.1:161

然后将原来的这一行
#agentAddress udp:161,udp6::161
去掉注释,即
agentAddress udp:161,udp6::161
这样便可以实现snmp的远程监听了。

但修改后cacti服务器还是无法监测到CPU、内存、流量的数据,所以需要再做如下修改:
在snmpd.conf中找到下面的内容
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1

在下面加上一行
view systemonly included .1 80
这样就允许监听所有设备了。

完成所有修改后,重启snmp
service snmpd restart

本地测试SNMP是否监测各类指标的方法:运行如下命令
snmpwalk -v 2c -c public localhost

如果输出结果有好多页好多页,应该是设置成功了!