安装snmp(yum安装)
rpm -Uvh lm_sensors-libs-3.1.1-10.el6.i686.rpm
rpm -Uvh net-snmp-libs-5.5-37.el6.i686.rpm
rpm -Uvh net-snmp-5.5-37.el6.i686.rpm
rpm -Uvh net-snmp-utils-5.5-37.el6.i686.rpm
rpm -Uvh lm_sensors-devel-3.1.1-10.el6.i686.rpm
rpm -Uvh file-devel-5.04-11.el6.i686.rpm
rpm -Uvh rpm-devel-4.8.0-19.el6.i686.rpm
rpm -Uvh tcp_wrappers-devel-7.6-57.el6.i686.rpm
rpm -Uvh net-snmp-devel-5.5-37.el6.i686.rpm
tar zxvf net-snmp-5.7.1.tar.gz
cd net-snmp-5.7.1
./configure --prefix=/usr/local/net-snmp --with-mid-modules=ucd-snmp/diskio --with-mid-modules选项让服务器支持磁盘IO监控
system contact information :heaven
System Location :China
后一路回车。
配置SNMP
cd /etc/snmp/
mv snmpd.conf snmpd.conf.bak
vi snmpd.conf V2c版本
com2sec Edong default EDSnmpUser
com2sec Edong 192.168.2.236 EDSnmpUser
group Edong-RW v1 local
group Edong-RW v2c local
group Edong-group v1 Edong
group Edong-group v2c Edong
view all included .1 80
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
access Edong-group "" any noauth exact all none none
access Edong-RW "" any noauth exact all all all
chkconfig --add snmpd
chkconfig --level 2345 snmpd on
启动snmpd
/etc/init.d/snmpd start
测试snmp是否正常
#/usr/local/net-snmp/bin/snmpwalk -c EDSnmpUser -v 2c localhost
#/usr/local/net-snmp/bin/snmpwalk -v 1 -c EDSnmpUser localhost IP-MIB::ipAdEntIfIndex
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.2.236 = INTEGER: 2
也可以用snmpd -f -Le 命令查看当前有没有出什么错
V3验证用户,并测试
service snmpd stop
cd /usr/local/net-snmp/bin/
chmod 777 net-snmp-config
./net-snmp-config --create-snmpv3-user -ro -a mypass -A MD5 myname
#注意上面一句,-a是密码,而用户名跟在最后面,-A是密码加密方式,
#很多垃圾站的文章都把大a和小A搞反了
#因为,在snmpwalk测试的时候,-a表示加密方式,-A是密码,所以这一点很重要
#我也是看了他自己的帮助文档才发现这个错误的,折腾死我了
service snmpd start
/usr/local/net-snmp/bin/snmpwalk -v3 -u myname -l auth -a MD5 -A mypass 127.0.0.1 if
如果能够返回信息
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.1 = INTEGER: 16436
IF-MIB::ifMtu.2 = INTEGER: 1500
IF-MIB::ifSpeed.1 = Gauge32: 10000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifPhysAddress.1 = STRING:
IF-MIB::ifPhysAddress.2 = STRING: 0:15:58:de:27:a3
IF-MIB::ifAdminStatus.1 = INTEGER: up(1)
IF-MIB::ifAdminStatus.2 = INTEGER: up(1)
IF-MIB::ifOperStatus.1 = INTEGER: up(1)
IF-MIB::ifOperStatus.2 = INTEGER: up(1)
IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00
IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00
IF-MIB::ifInOctets.1 = Counter32: 1036102784
IF-MIB::ifInOctets.2 = Counter32: 1896546331
IF-MIB::ifInUcastPkts.1 = Counter32: 6733501
IF-MIB::ifInUcastPkts.2 = Counter32: 260564072
IF-MIB::ifInNUcastPkts.1 = Counter32: 0
IF-MIB::ifInNUcastPkts.2 = Counter32: 57224
IF-MIB::ifInDiscards.1 = Counter32: 0
IF-MIB::ifInDiscards.2 = Counter32: 0
IF-MIB::ifInErrors.1 = Counter32: 0
IF-MIB::ifInErrors.2 = Counter32: 0
IF-MIB::ifInUnknownProtos.1 = Counter32: 0
IF-MIB::ifInUnknownProtos.2 = Counter32: 0
IF-MIB::ifOutOctets.1 = Counter32: 1036102784
IF-MIB::ifOutOctets.2 = Counter32: 3196067597
IF-MIB::ifOutUcastPkts.1 = Counter32: 6733501
IF-MIB::ifOutUcastPkts.2 = Counter32: 405123923
IF-MIB::ifOutNUcastPkts.1 = Counter32: 0
IF-MIB::ifOutNUcastPkts.2 = Counter32: 0
IF-MIB::ifOutDiscards.1 = Counter32: 0
IF-MIB::ifOutDiscards.2 = Counter32: 0
IF-MIB::ifOutErrors.1 = Counter32: 0
IF-MIB::ifOutErrors.2 = Counter32: 0
IF-MIB::ifOutQLen.1 = Gauge32: 0
IF-MIB::ifOutQLen.2 = Gauge32: 0
IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero
IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero
就表示OK了!
其中,-ro表示只读用户组,可以采集信息,但是不能更改系统设置
我创建用户的时候没有没有设定privpass,是为了简化过程,如果要创建带privpass验证,而且这个privpass也可以选择不同于密码的加密方式,比如,我密码采用MD5加密,而privpass采用AES加密,增加破解难度,那么可以这样写
net-snmp-config:
--create-snmpv3-user [-ro] [-a authpass] [-x privpass] [-X DES]
[-A MD5|SHA] [username]
snmpwalk:
V3验证常用参数
-v 1|2c|3 specifies SNMP version to use
-u USER-NAME set security name (e.g. bert)
-l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
-a PROTOCOL set authentication protocol (MD5|SHA)
-A PASSPHRASE set authentication protocol pass phrase
-x PROTOCOL set privacy protocol (DES|AES)
-X PASSPHRASE set privacy protocol pass phrase
V2c/V1验证常用
-c COMMUNITY set the community string
./net-snmp-config --create-snmpv3-user -ro -a mypass -A MD5 -x myprivpass -X DES myname
#snmpwalk要这样写
/usr/local/net-snmp/bin/snmpwalk -v3 -u myname -l authPriv -a MD5 -A mypass -x DES -X myprivpass 127.0.0.1 if
命令执行之后将自动建立新的配置文件snmpd.conf,而内容也十分简单。只有用户名和权限,而关于认证方式的信息则会存储在/var/net-snmp/snmpd.conf文件中。
阅读(2373) | 评论(0) | 转发(0) |