snmp提供了发送自定义信息的功能。查看snmpd.conf会看到有一个小节是关于外部脚本的,Executables/scripts。这个小节里面也举了例子,告诉你怎么通过snmp发送信息。我的做法如下(下面假定你已经配置好了snmp,通过cacti已经能采集到信息了)。
修改/etc/snmp/snmpd.conf
在任意位置添加一行:
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
extend .1.3.6.1.4.1.2021.50 jkhttp /bin/sh /usr/local/apache/bin/jkhttp.sh
(as4上用exec)
为什么不用exec?报错
SNMP daemon version 5.0 and above from the NetSNMP project provides a way to access output of user supplied scripts via SNMP protocol. In other words: SNMP client on one machine can invoke a script on another machine just by sending a SNMP query. After the remote script finishes its standard/error output, return code and some other values are sent back to the client in a SNMP response.
(NOTE: See SNMP exec section below if you run older SNMP daemon than NetSNMP 5.0)
SNMP exec provides a similar functionality to extend, however exec is less flexible and slightly slower to work with. On the other hand it is supported in many older implementations of SNMP daemons including UCD-SNMP and NetSNMP 4.x which are still found on many servers.
其中jkhttp 是命令的名称,后面是命令以及参数。命令的名称可以随便起。脚本:
#!/bin/sh
num=$(ps -e |grep http|grep -v grep|grep -v jkhttp|wc -l)
echo $num
echo OK
重启snmpd,然后远程通过snmpwalk接收一下数据看看:
[root@db ~]# snmpwalk -v 2c 172.18.3.131 -c public .1.3.6.1.4.1.2021.50
UCD-SNMP-MIB::ucdavis.50.1.0 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1.2.6.106.107.104.116.116.112 = STRING: "/bin/sh"
UCD-SNMP-MIB::ucdavis.50.2.1.3.6.106.107.104.116.116.112 = STRING: "/usr/local/apache/bin/jkhttp.sh"
UCD-SNMP-MIB::ucdavis.50.2.1.4.6.106.107.104.116.116.112 = ""
UCD-SNMP-MIB::ucdavis.50.2.1.5.6.106.107.104.116.116.112 = INTEGER: 5
UCD-SNMP-MIB::ucdavis.50.2.1.6.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1.7.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1.20.6.106.107.104.116.116.112 = INTEGER: 4
UCD-SNMP-MIB::ucdavis.50.2.1.21.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.3.1.1.6.106.107.104.116.116.112 = STRING: "142"
UCD-SNMP-MIB::ucdavis.50.3.1.2.6.106.107.104.116.116.112 = STRING: "OK"
UCD-SNMP-MIB::ucdavis.50.3.1.3.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.3.1.4.6.106.107.104.116.116.112 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.4.1.2.6.106.107.104.116.116.112.1 = STRING: "142"
UCD-SNMP-MIB::ucdavis.50.4.1.2.6.106.107.104.116.116.112.2 = STRING: "OK"
其中我们需要的是UCD-SNMP-MIB::ucdavis.50.4.1.2.6.106.107.104.116.116.112.1 = STRING: "142"这一行
#snmpwalk -v 2c 172.18.3.131 -c public .1.3.6.1.4.1.2021.50.3.1.2.6.106.107.104.116.116.112.1
UCD-SNMP-MIB::ucdavis.50.3.1.2.6.106.107.104.116.116.112.1 = STRING: "86"
能采集到数据之后,就可以配置cacti来接收了。在cacti界面中console->Templates->Data Templates,然后点击右上角的Add,Data Templates中的name是给这个数据模板的命名,Data Source中的name将来显示在Data Sources中,我这里添加“|host_description| - HTTP NUM”,选get snmp data,Internal Data Source Name也可以随便添,这个用来给rrd文件命名 Unix - HTTP NUM。设置完后就可以save了,save之后会发现下面多了一些选项,在最下面那个添上我们需要的数据的 OID
“.1.3.6.1.4.1.2021.50.3.1.2.6.106.107.104.116.116.112.1”,可以保存了。
此后需要创建一个Graph Templates,好让cacti生成图片。在cacti界面中console->Templates->Graph Templates,然后点击右上角的Add,Templates中的name是给这个数据模板的命名Unix - HTTP NUM,Graph Template中的name是将来显示在图片上面中间的内容,我这里添加“|host_description| - HTTP NUM”,其他保持默认,保存之后上面会出来一些选项。
在Graph Template Items中添加一个item,Data Source选之前添加的,color选择一个图片的颜色,Graph Item Type选AREA,也就是区域,也可以选其他的线条,Text Format设置说明。
然后再添加一个item,Data Source选之前添加的,color选择none,Graph Item Type选GPRINT,Consolidation Function选LAST,也就是当前的值,Text Format输入Current。你还可以添加一些Graph Item Type为COMMENT的注释说明等。
现在只要为host添加这个画图模板就可以看到画出来的图了。
1.关于SELinux报错:
Jun 30 10:45:03 web1 setroubleshoot: SELinux is preventing /bin/ps (snmpd_t) "sys_ptrace" access to (snmpd_t). For complete SELinux messages. run sealert -l 32ec5849-2d38-49b8-a13c-faaba9239c98
解决:You can disable SELinux for snmpd by issuing the following command:
启动 setroubleshoot,以便可以使用sealert命令查询错误数据库,查询完毕后可以关闭
service setroubleshoot start
使用 sealert -l 32ec5849-2d38-49b8-a13c-faaba9239c98 查看错误数据库
按提示操作setsebool -P snmpd_disable_trans=1
-P参数是永久有效的意思
停止 setroubleshoot
service setroubleshoot stop
重起snmpd
service snmpd restart
2.关于报错:last message repeated 3 times
vi /etc/init.d/snmpd
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
OPTIONS="-LS 0-4 d -Lf /dev/null -p /var/run/snmpd.pid -a"
3.使用cacti监控一台比较老的centos4.2的apache连接数,自定义的脚本,运行报错
[root@send4 data]# /usr/local/net-snmp/bin/snmpwalk -v 1 172.18.1.9 -c public .1.3.6.1.4.1.2021.50
UCD-SNMP-MIB::ucdavis.50.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1 = STRING: "jkhttp"
UCD-SNMP-MIB::ucdavis.50.3.1 = STRING: "/bin/sh /usr/local/apache/bin/jkhttp.sh"
UCD-SNMP-MIB::ucdavis.50.100.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.101.1 = STRING: "/bin/sh: Permission denied"
UCD-SNMP-MIB::ucdavis.50.102.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.103.1 =
查看/var/log/message
Jul 17 11:06:37 server7 kernel: audit(1216263997.231:115): avc: denied { read } for pid=2697 comm="snmpd" name="sh" dev=sda2 ino=
1261577 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file
Jul 17 11:06:37 server7 kernel: audit(1216263997.237:116): avc: denied { read } for pid=2698 comm="snmpd" name="sh" dev=sda2 ino=
1261577 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file
Jul 17 11:06:37 server7 kernel: audit(1216263997.243:117): avc: denied { read } for pid=2699 comm="snmpd" name="sh" dev=sda2 ino=
1261577 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file
解决办法
查看selinux拒绝了那些snmp正常的操作
[root@server7 snmp]# audit2allow -d
allow snmpd_t bin_t:lnk_file read;
allow snmpd_t sysctl_net_t:dir search;
把上面的行输出加入到文件
/etc/selinux/targeted/src/policy/domains/program/snmpd.te中。发现没有这个文件
原因是没有安装selinux-policy-targeted-sources-1.17.30-2.110.noarch.rpm
安装后把上面几行输出加入到文件 /etc/selinux/targeted/src/policy/domains/program/snmpd.te中。
执行
[root@server7 snmp]# cd /etc/selinux/targeted/src/policy
[root@server7 policy]# make load
[root@server7 policy]# setfiles file_contexts/file_contexts /usr/share/snmp
OK了
[root@send4 data]# /usr/local/net-snmp/bin/snmpwalk -v 1 172.18.1.9 -c public .1.3.6.1.4.1.2021.50
UCD-SNMP-MIB::ucdavis.50.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1 = STRING: "jkhttp"
UCD-SNMP-MIB::ucdavis.50.3.1 = STRING: "/bin/sh /usr/local/apache/bin/jkhttp.sh"
UCD-SNMP-MIB::ucdavis.50.100.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.101.1 = STRING: "12"
UCD-SNMP-MIB::ucdavis.50.101.2 = STRING: "ok"
UCD-SNMP-MIB::ucdavis.50.102.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.103.1 = ""
数据出来了,可是后台又有新的错误
Jul 17 14:57:10 server7 kernel: audit(1216277829.987:1928): avc: denied { read } for pid=5663 comm="ps" name="2" dev=proc ino=234782722 scontext=root:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=lnk_file
Jul 17 14:57:10 server7 kernel: audit(1216277829.988:1929): avc: denied { search } for pid=5663 comm="ps" name="/" dev=devpts ino=1 scontext=root:system_r:snmpd_t tcontext=user_u:object_r:devpts_t tclass=dir
Jul 17 14:57:10 server7 kernel: audit(1216277829.988:1930): avc: denied { getattr } for pid=5663 comm="ps" name="/" dev=devpts ino=1 scontext=root:system_r:snmpd_t tcontext=user_u:object_r:devpts_t tclass=dir
同样的步骤
[root@server7 ~]# audit2allow -d
allow snmpd_t devpts_t:dir { getattr search };
allow snmpd_t tty_device_t:chr_file getattr;
allow snmpd_t unconfined_t:lnk_file read;
allow snmpd_t usr_t:file ioctl;
把上面的行输出加入到文件
/etc/selinux/targeted/src/policy/domains/program/snmpd.te中
[root@server7 snmp]# cd /etc/selinux/targeted/src/policy
[root@server7 policy]# make load
[root@server7 policy]# setfiles file_contexts/file_contexts /usr/share/snmp
阅读(1624) | 评论(0) | 转发(0) |