Chinaunix首页 | 论坛 | 博客
  • 博客访问: 282037
  • 博文数量: 68
  • 博客积分: 125
  • 博客等级: 入伍新兵
  • 技术积分: 606
  • 用 户 组: 普通用户
  • 注册时间: 2012-12-12 15:35
文章分类

全部博文(68)

文章存档

2014年(5)

2013年(59)

2012年(4)

分类: LINUX

2013-04-16 19:29:59

原文地址:SNMP协议配置V2c、V3 作者:bestgolds

安装snmp(yum安装)
rpm -Uvh lm_sensors-libs-3.1.1-10.el6.i686.rpm
rpm -Uvh net-snmp-libs-5.5-37.el6.i686.rpm
rpm -Uvh net-snmp-5.5-37.el6.i686.rpm
rpm -Uvh net-snmp-utils-5.5-37.el6.i686.rpm
rpm -Uvh lm_sensors-devel-3.1.1-10.el6.i686.rpm
rpm -Uvh file-devel-5.04-11.el6.i686.rpm
rpm -Uvh rpm-devel-4.8.0-19.el6.i686.rpm
rpm -Uvh tcp_wrappers-devel-7.6-57.el6.i686.rpm
rpm -Uvh net-snmp-devel-5.5-37.el6.i686.rpm

tar zxvf net-snmp-5.7.1.tar.gz
cd net-snmp-5.7.1
./configure --prefix=/usr/local/net-snmp --with-mid-modules=ucd-snmp/diskio   --with-mid-modules选项让服务器支持磁盘IO监控
system contact information :heaven
System Location :China
后一路回车。

配置SNMP
cd /etc/snmp/
mv snmpd.conf snmpd.conf.bak
vi snmpd.conf  V2c版本
com2sec Edong  default          EDSnmpUser
com2sec Edong  192.168.2.236    EDSnmpUser
group   Edong-RW v1             local
group   Edong-RW v2c            local
group   Edong-group v1          Edong
group   Edong-group v2c         Edong
view all    included  .1                               80
view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
access Edong-group    ""     any       noauth  exact    all    none none
access Edong-RW      ""      any       noauth  exact      all    all    all

chkconfig --add snmpd
chkconfig --level 2345 snmpd on

启动snmpd
/etc/init.d/snmpd start

测试snmp是否正常
#/usr/local/net-snmp/bin/snmpwalk -c EDSnmpUser -v 2c localhost  
 
#/usr/local/net-snmp/bin/snmpwalk -v 1 -c EDSnmpUser localhost IP-MIB::ipAdEntIfIndex
 
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.2.236 = INTEGER: 2

 
也可以用snmpd -f -Le 命令查看当前有没有出什么错

V3验证用户,并测试
service snmpd stop
cd /usr/local/net-snmp/bin/
chmod 777 net-snmp-config

./net-snmp-config --create-snmpv3-user -ro -a mypass -A MD5 myname
#注意上面一句,-a是密码,而用户名跟在最后面,-A是密码加密方式,
#很多垃圾站的文章都把大a和小A搞反了
#因为,在snmpwalk测试的时候,-a表示加密方式,-A是密码,所以这一点很重要
#我也是看了他自己的帮助文档才发现这个错误的,折腾死我了
service snmpd start
/usr/local/net-snmp/bin/snmpwalk -v3 -u myname -l auth -a MD5 -A mypass 127.0.0.1 if

如果能够返回信息

    IF-MIB::ifIndex.1 = INTEGER: 1
    IF-MIB::ifIndex.2 = INTEGER: 2
    IF-MIB::ifDescr.1 = STRING: lo
    IF-MIB::ifDescr.2 = STRING: eth0
    IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
    IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
    IF-MIB::ifMtu.1 = INTEGER: 16436
    IF-MIB::ifMtu.2 = INTEGER: 1500
    IF-MIB::ifSpeed.1 = Gauge32: 10000000
    IF-MIB::ifSpeed.2 = Gauge32: 100000000
    IF-MIB::ifPhysAddress.1 = STRING:
    IF-MIB::ifPhysAddress.2 = STRING: 0:15:58:de:27:a3
    IF-MIB::ifAdminStatus.1 = INTEGER: up(1)
    IF-MIB::ifAdminStatus.2 = INTEGER: up(1)
    IF-MIB::ifOperStatus.1 = INTEGER: up(1)
    IF-MIB::ifOperStatus.2 = INTEGER: up(1)
    IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00
    IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00
    IF-MIB::ifInOctets.1 = Counter32: 1036102784
    IF-MIB::ifInOctets.2 = Counter32: 1896546331
    IF-MIB::ifInUcastPkts.1 = Counter32: 6733501
    IF-MIB::ifInUcastPkts.2 = Counter32: 260564072
    IF-MIB::ifInNUcastPkts.1 = Counter32: 0
    IF-MIB::ifInNUcastPkts.2 = Counter32: 57224
    IF-MIB::ifInDiscards.1 = Counter32: 0
    IF-MIB::ifInDiscards.2 = Counter32: 0
    IF-MIB::ifInErrors.1 = Counter32: 0
    IF-MIB::ifInErrors.2 = Counter32: 0
    IF-MIB::ifInUnknownProtos.1 = Counter32: 0
    IF-MIB::ifInUnknownProtos.2 = Counter32: 0
    IF-MIB::ifOutOctets.1 = Counter32: 1036102784
    IF-MIB::ifOutOctets.2 = Counter32: 3196067597
    IF-MIB::ifOutUcastPkts.1 = Counter32: 6733501
    IF-MIB::ifOutUcastPkts.2 = Counter32: 405123923
    IF-MIB::ifOutNUcastPkts.1 = Counter32: 0
    IF-MIB::ifOutNUcastPkts.2 = Counter32: 0
    IF-MIB::ifOutDiscards.1 = Counter32: 0
    IF-MIB::ifOutDiscards.2 = Counter32: 0
    IF-MIB::ifOutErrors.1 = Counter32: 0
    IF-MIB::ifOutErrors.2 = Counter32: 0
    IF-MIB::ifOutQLen.1 = Gauge32: 0
    IF-MIB::ifOutQLen.2 = Gauge32: 0
    IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero
    IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero

就表示OK了!
其中,-ro表示只读用户组,可以采集信息,但是不能更改系统设置
我创建用户的时候没有没有设定privpass,是为了简化过程,如果要创建带privpass验证,而且这个privpass也可以选择不同于密码的加密方式,比如,我密码采用MD5加密,而privpass采用AES加密,增加破解难度,那么可以这样写

    net-snmp-config:
    --create-snmpv3-user [-ro] [-a authpass] [-x privpass] [-X DES]
    [-A MD5|SHA] [username]

    snmpwalk:
    V3验证常用参数
    -v 1|2c|3             specifies SNMP version to use
    -u USER-NAME          set security name (e.g. bert)
    -l LEVEL              set security level (noAuthNoPriv|authNoPriv|authPriv)
    -a PROTOCOL           set authentication protocol (MD5|SHA)
    -A PASSPHRASE         set authentication protocol pass phrase
    -x PROTOCOL           set privacy protocol (DES|AES)
    -X PASSPHRASE         set privacy protocol pass phrase
    V2c/V1验证常用
    -c COMMUNITY          set the community string

./net-snmp-config --create-snmpv3-user -ro -a mypass -A MD5 -x myprivpass -X DES myname
#snmpwalk要这样写
/usr/local/net-snmp/bin/snmpwalk -v3 -u myname -l authPriv -a MD5 -A mypass -x DES -X myprivpass 127.0.0.1 if

命令执行之后将自动建立新的配置文件snmpd.conf,而内容也十分简单。只有用户名和权限,而关于认证方式的信息则会存储在/var/net-snmp/snmpd.conf文件中。
阅读(2358) | 评论(0) | 转发(0) |
0

上一篇:hadoop学习

下一篇:Linux小技巧_pushd/popd/dirs

给主人留下些什么吧!~~