SNMP 2010-01-18 (月) 11:06:58

Net-SNMPとはSNMP(Simple Network Management Protocol)を使用してルータやホストを管理するためのデーモンやパッケージの集合です。
ルータにSNMPで情報を取得したい場合、ルータの設定変更を一括で行う場合、トラップを生成したい場合等にとても役立つでしょう。
SNMPでトラフィックやディスクの情報を取り出して、MRTGなどでグラフィカルに表示したりします。

  1. 環境
  2. インストール
  3. /etc/rc.confの編集
  4. snmp設定ファイル編集
  5. /etc/snmpd.configの設定
  6. hosts.allowファイル編集
  7. 確認

環境

FreeBSD 6.2

FreeBSD CoolMaster.smb.net 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #0: Sat Aug  4 05:34:33 JST 2007

net-snmpd 5.3.1

インストール

# cd /usr/ports/net-mgmt/net-snmp
# make install
**** This port installs snmp daemon, header files and libraries but don't
    invokes snmpd by default.
    If you want to invoke snmpd and/or snmptrapd at startup, put these
    lines into /etc/rc.conf.

       snmpd_enable="YES"
       snmpd_flags="-a -p /var/run/snmpd.pid"
       snmptrapd_enable="YES"
       snmptrapd_flags="-a -p /var/run/snmptrapd.pid"

**** You may specify the following make variables:

       NET_SNMP_SYS_CONTACT="kuriyama@FreeBSD.org"
       NET_SNMP_SYS_LOCATION="Tokyo, Japan"
       DEFAULT_SNMP_VERSION=3
       NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
       NET_SNMP_LOGFILE=/var/log/snmpd.log
       NET_SNMP_PERSISTENTDIR=/var/net-snmp

    to define default values (or overwriting defaults).  At least
    setting first two variables, you will not be prompted during
    configuration process.  You may also set

       BATCH="yes"

    to avoid interactive configuration.
===> Installing rc.d startup script(s)
===>   Compressing manual pages for net-snmp-5.3.1_3
===>   Running ldconfig
/sbin/ldconfig -m /usr/local/lib
===>   Registering installation for net-snmp-5.3.1_3
===> SECURITY REPORT:
     This port has installed the following files which may act as network
     servers and may therefore pose a remote security risk to the system.
/usr/local/lib/libnetsnmp.so.10
/usr/local/lib/libnetsnmpagent.so.10

     This port has installed the following startup scripts which may cause
     these network services to be started at boot time.
/usr/local/etc/rc.d/snmpd
/usr/local/etc/rc.d/snmptrapd

     If there are vulnerabilities in these programs there may be a security
     risk to the system. FreeBSD makes no guarantee about the security of
     ports included in the Ports Collection. Please type 'make deinstall'
     to deinstall the port if this is a concern.

     For more information, and contact details about the security
     status of this software, see the following webpage:
http://net-snmp.sourceforge.net/

/etc/rc.confの編集

■下記を追加して再起動時に自動起動させます

#SNMP
snmpd_enable="YES"
snmpd_flags="-a -p /var/run/snmpd.pid"
snmptrapd_enable="YES"
snmptrapd_flags="-a -p /var/run/snmptrapd.pid"
#snmpd_conffile="/usr/local/etc/snmpd.conf"

snmpdのデフォルトの設定ファイルは、/usr/local/share/snmp/snmpd.conf

CoolMaster:root {50} % ps aux|grep snmpd
root      815  0.0  0.2  6620  5104  ??  S     4:17PM   0:00.04 /usr/local/sbin/snmpd -a -p /var/run/snmpd.pid

snmp設定ファイル編集

■snmpの設定ファイル「/usr/local/share/snmp/snmpd.conf.example」をコピーして利用

# cp /usr/local/share/snmp/snmpd.conf.example /usr/local/share/snmp/snmpd.conf 
# vi /usr/local/share/snmp/snmpd.conf
下記のような感じでコミュニティ名とネットワークを設定する。
コミュニティー名とはパスワードみたいなものです。
#           sec.name   source                  community
com2sec     local      localhost               PRIVATE
com2sec     mynetwork  219.117.246.192/27      PUBLIC
# Second, map the security names into group names:
#              	sec.model  sec.name
group MyRWGroup	v1         local
group MyRWGroup	v2c        local
group MyRWGroup	usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

#           incl/excl subtree                          mask
view all    included  .1                               80

#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

syslocation SMB.
syscontact Root <hostmaster@smb.net>

proc mountd
proc ntalkd 4

# disk checks
# least 10 megs.
disk / 10000

# 1MAX:   If the 1 minute load average is above this limit at query
# 5MAX:   Similar, but for 5 min average.
# 15MAX:  Similar, but for 15 min average. 

# Check for loads:
#load 12 14 14

http://journal.mycom.co.jp/column/yetanother/080/index.html

/etc/snmpd.configの設定

# cp /etc/snmpd.config /etc/snmpd.config-dist
# Set some common variables
#
host := piano.smb.net  #ホスト名を記入
#host := foobar
location := "Room 200"
contact := "root@smb.net"
#contact := "sysmeister@example.com"
system := 1	# FreeBSD
traphost := localhost
trapport := 162

hosts.allowの設定

■snmp接続したいIPを通るようにしておく

# vi /etc/hosts.allow
snmpd : 219.117.246.192/255.255.255.224 : allow
snmpd : 127.0.0.1 : allow 

確認

■snmpdプロセスを立ち上げて確認

# /usr/local/sbin/snmpd
# /usr/local/bin/snmpwalk -v1 -c PUBLIC piano.smb.net

MIB情報が出力されればOKです。

SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD CoolMaster.smb.net 6.2-RELEASE-p7  FreeBSD 6.2-RELEASE-p7 #0: Sat Aug  4 05:34:33 JST 2007     kuji@CoolMaster.smb.net:/usr/obj/usr/src/sys/GENERIC i386
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.8
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (119928) 0:19:59.28
SNMPv2-MIB::sysContact.0 = STRING: Me <me@somewhere.org>
SNMPv2-MIB::sysName.0 = STRING: CoolMaster.smb.net
SNMPv2-MIB::sysLocation.0 = STRING: Right here, right now.
SNMPv2-MIB::sysServices.0 = INTEGER: 72
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (4) 0:00:00.04
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.2 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.3 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.4 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.5 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.6 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.7 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.8 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.9 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for managing TCP  implementations
SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing IP and ICMP   implementations
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing UDP  implementations
SNMPv2-MIB::sysORDescr.5 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.6 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB for Message Processing and  Dispatching.
SNMPv2-MIB::sysORDescr.8 = STRING: The management information definitions for  the SNMP User-based Security Model.
SNMPv2-MIB::sysORDescr.9 = STRING: The MIB module to describe generic objects  for network interface sub-layers
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (3) 0:00:00.03

http://matsui.homeunix.com/index.php?FreeBSD%2FSNMP#C


トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS