Difference between revisions of "SNMP client"

Line 97: Line 97:
 
####### SysInformation
 
####### SysInformation
 
sysLocation  Goteborg
 
sysLocation  Goteborg
sysContact    guillaume@qin-diaz.com
+
sysContact    Guillaume <guillaume@qin-diaz.com>
  
 
# Application + End-to-End layers (default)
 
# Application + End-to-End layers (default)
Line 163: Line 163:
  
  
Run the following command:
+
Run the following command, after reboot:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">

Revision as of 15:27, 12 June 2014


SNMP configuration

Simple Network Management Protocol (SNMP).

SNMP is a technnology use to monitor your network components, servers and workstations. Each component will expose some status, settings and events. All that can be use and process to generate health reports, alerts and trigger some actions.


Installation

You need to install SNMP + SNMPD packages. The daemon is required to start the SNMP agent automatically on each reboot.

apt-get install snmp snmpd
apt-get install libsnmp-perl libsnmp-info-perl


Since ubuntu 12.04 you need to install the sensors (MIBs) separatly due to legal issues.

apt-get install snmp-mibs-downloader


Zabbix server specific

Zabbix server also required some specific SNMP libraries:

apt-get install libnet-snmp-perl python-netsnmp


SNMP agent configuration

Edit the configuration file:

vim /etc/snmp/snmpd.conf


Adjust the following options:

####### General
# Run as SNMP agent
master   agentx

###############################################################################
#  AGENT BEHAVIOUR
#
# Listen for connection from all interfaces - required if you want to use a central monitoring server
agentAddress udp:161,udp6:[::1]:161

###############################################################################
#  SNMPv3 AUTHENTICATION
#
createUser vehco


###############################################################################
#  ACCESS CONTROL
#
# ... default "view" settings



####### SNMP v1 / SNMP v2
### Read / write communities
rwcommunity   vehco     172.16.50.0/24

### Read-only communities
# Allow full access from localhost
rocommunity   public    default           -V systemonly
# Allow full access to LAN community
rocommunity   vehco     172.16.50.0/24 

####### SNMP v3
## Read / write user
rwuser   vehco         noauth
 
## Read-only users
rouser   authOnlyUser
rouser   internalUser


###############################################################################
#  SYSTEM INFORMATION

####### SysInformation
sysLocation   Goteborg
sysContact    Guillaume <guillaume@qin-diaz.com>

# Application + End-to-End layers (default)
sysServices    72


# ... default value for all others settings


###############################################################################
#  ACTIVE MONITORING
#

####### Traps (SNMP event push)
#  Note that you typically only want *one* of these three lines
#  Uncommenting two (or all three) will result in multiple copies of each notification.
# 
#### SNMP v1 receiver
#trapsink      localhost              public
#### SNMP v2 receiver
trap2sink     smartcard-monitoring   vehco
#### SNMP v2 informer
#trap2sink     smartcard-monitoring   vehco


# Trap community
trapcommunity vehco

# Send traps on authentication failure
authtrapenable 1


# ... default value for all others settings



SNMP daemon configuration

Since you have installed the "snmp-mibs-downloader" package you need to comment the default daemon option.

vim /etc/snmp/snmp.conf


Comment the "mibs" line:

#mibs :


Restart the SNMP service:

service snmp restart


Service testing

Run the following command, after reboot:

# Localhost test
snmpwalk -v2c -c public localhost

# Check what's available on the network -- Use your own client's IP @
snmpwalk -v2c -c vehco 172.16.50.12


-Note-

  • v2c = SNMP v2
  • v3 = SNMP v3


Expected result:

  • You should see some key:value in form of "IF-MIB::ifOperStatus.116 = INTEGER: up(1)" or "SNMPv2-MIB::sysServices.0 = INTEGER: 2"


Known bugs:

  • if you see something like "iso.1.2.3.4 ... : value" then you forget to comment the mibs : in /etc/snmp/snmp.conf. You configuration is not correct.



Check that you can retrieve the rights params:

# Retrieve computer name [local]
snmpget -v2c -c public localhost "SNMPv2-MIB::sysName.0"

# Retrieve computer name [network]
snmpget -v2c -c vehco 172.16.50.12 "SNMPv2-MIB::sysName.0"



Interactive configuration

You can run the interactive configuration module if you'd like:


cd /tmp
snmpconf -g basic_setup

Then you'll have to answer a lot of questions!


- - - - - System configuration - - - - -

Which files should we use? all


- - - - - System info - - - - -

Config MIB info? yes

  • location? Goteborg
  • contact info? guillaume@qin-diaz.com

Set properly sysServices.0 UID? no


- - - - - Access control - - - - -

Configure access control? yes

Allow SNMPv3 user based read/write? yes

  • SNMPv3 r/w username: vehco
  • SNMPv3 user security: noauth
  • OID restrictions? blank
  • Another r/w user? no

Allow SNMPv3 user based read-only? no

Allow SNMPv2 r/w community? yes

  • community name: vehco
  • network: 172.16.50.0/24
  • OID restrictions: blank
  • Another r/w community? no

Allow SNMPv2 ro community? yes

  • community name: public
  • network: blank
  • OID restrictions: blank
  • Another ro community? no


- - - - - SNMP trap (= send event and push data to server) - - - - -

Configure trap agent? yes

Send SNMP trap on SNMP authentication failure? yes

Send SNMP trap on (Linux) authentication failure? 1 (1=yes)

Community to sent trap alerts and events? vehco

SNMPv2 - inform TRAP receiver? yes

  • hostname: smartcard-monitoring
  • community: vehco
  • trap port: blank
  • Another link? no

SNMPv2 - inform TRAP informer? no (!! if you say 'yes' then you'll have event duplication)

Send SNMPv1 trap? no


- - - - - Monitoring configuration - - - - -

Monitor various aspects of the system? yes


... From now on you can let the default option all the time ...




Check the "snmpd.conf" file. If ok, replace the old one with the new and restart SNMP:

# backup old file
cp /etc/snmp/snmpd.conf cp /etc/snmp/snmpd.conf.backup

# Copy new file
cp snmpd.conf /etc/snmpd/

# restart SNMP service
service snmp restart




References