Chinaunix首页 | 论坛 | 博客
  • 博客访问: 357130
  • 博文数量: 43
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 585
  • 用 户 组: 普通用户
  • 注册时间: 2013-03-29 20:57
文章分类

全部博文(43)

文章存档

2013年(43)

我的朋友

分类: 系统运维

2013-06-13 14:17:37

  • By: Bian Jiang ()
  • From: 
  • Date: 2008.11.11

1.mib 库文件 BVCOM-SYSTEMUPTIME-MIB.txt:

BVCOM-SYSTEMUPTIME-MIB DEFINITIONS ::= BEGIN

IMPORTS
    TimeTicks   FROM SNMPv2-SMI
    enterprises      FROM SNMPv2-SMI
    OBJECT-TYPE, Integer32, MODULE-IDENTITY      FROM SNMPv2-SMI;

bvcom    OBJECT IDENTIFIER ::= { enterprises 26814 }

ipq6800    OBJECT IDENTIFIER ::= { bvcom 6800 }

bvcomAgentModules   OBJECT IDENTIFIER ::= { ipq6800 1 }

bvcomAgentModuleObject OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "This is an object that simply supports a writable integer
     when compiled into the agent.  See
      for further
     implementation details."
    DEFVAL { 1 }
    ::= { bvcomAgentModules 1 }

bvcomAgentSubagentObject OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "This is an object that simply supports a writable integer
     when attached to the agent.  The object should be accessible
     when the agentx subagent containing this object is attached.
     See  for
     further implementation details."
    DEFVAL { 2 }
    ::= { bvcomAgentModules 2 }

bvcomAgentPluginObject OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "This is an object that simply supports a writable integer
     when attached to the agent.  This object should be accessible
     when the dynamic plugin has been loaded into the agent.  See
      for further
     implementation details."
    DEFVAL { 3 }
    ::= { bvcomAgentModules 3 }

END
PS: 如果找不到mib库可以在/etc/profile文件中增加SNMPCONFPATH环境变量
export SNMPCONFPATH=/usr/local/share/snmp/
export MIBS=ALL

2.复制mib库文件到/usr/local/share/snmp/mibs/:

sudo cp BVCOM-SYSTEMUPTIME-MIB.txt /usr/local/share/snmp/mibs/

3.加载mib库:

cat /usr/local/share/snmp/snmp.conf
mibs +BVCOM-SYSTEMUPTIME-MIB

4.检查mib是否正常加载:

border@debian:/work/border/snmp/example-demon$ snmptranslate -IR -Tp bvcom
+--bvcom(26814)
   |
   +--ipq6800(6800)
      |
      +--bvcomAgentModules(1)
         |
         +-- -RW- Integer32 bvcomAgentModuleObject(1)
         +-- -RW- Integer32 bvcomAgentSubagentObject(2)
         +-- -RW- Integer32 bvcomAgentPluginObject(3)

5.查看mib2c支持的模板:

border@debian:/work/border/snmp/example-demon$ ls /usr/local/share/snmp/
mib2c.access_functions.conf    mib2c.create-dataset.conf  mib2c.scalar.conf
mib2c.array-user.conf          mib2c-data                 mib2c.table_data.conf
mib2c.check_values.conf        mib2c.genhtml.conf         mibs
mib2c.check_values_local.conf  mib2c.int_watch.conf       snmp.conf
mib2c.column_defines.conf      mib2c.iterate_access.conf  snmp.conf~
mib2c.column_enums.conf        mib2c.iterate.conf         snmpconf-data
mib2c.column_storage.conf      mib2c.mfd.conf             snmpd.conf
mib2c.conf                     mib2c.notify.conf          snmp_perl.pl
mib2c.container.conf           mib2c.old-api.conf         snmp_perl_trapd.pl

6.通过模板生成.c 和 .h 文件:

border@debian:/work/border/snmp/example-demon$ mib2c -c mib2c.int_watch.conf bvcomAgentModules
writing to -
*** Warning: only generating code for nodes of MIB type INTEGER
writing to bvcomAgentModules.h
writing to bvcomAgentModules.c
running indent on bvcomAgentModules.c
running indent on bvcomAgentModules.h

7.通过 snmp_agent_api 编写守护程序 example-demon.c:

#include 
#include 
#include 
#include 
#include "bvcomAgentModules.h"

static int keep_running;

RETSIGTYPE
stop_server(int a) {
    keep_running = 0;
}

int
main (int argc, char **argv) {

    int agentx_subagent=0; /* change this if you want to be a SNMP master agent */
    int background = 0; /* change this if you want to run in the background */
    int syslog = 0; /* change this if you want to use syslog */

    /* print log errors to syslog or stderr */

    if (syslog)
        snmp_enable_calllog();
    else
        snmp_enable_stderrlog();

    /* we're an agentx subagent? */
    if (agentx_subagent) {
        /* make us a agentx client. */
        netsnmp_ds_set_boolean(NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_ROLE, 1);
    }

    /* run in background, if requested */
    if (background && netsnmp_daemonize(1, !syslog))
        exit(1);

    /* Initialize tcpip, if necessary */
    SOCK_STARTUP;

    /* Initialize the agent library */
    init_agent("example-demon"); // 配置文件名

    /* Initialize our mib code here */
    printf("Before init bvcomAgentModules \n");

    init_bvcomAgentModules(); // 加载节点信息

    printf("End init bvcomAgentModules \n");

    /* initialize vacm/usm access control  */
    if (!agentx_subagent) {
        void  init_vacm_vars();
        void  init_usmUser();
    }

    /* Example-demon will be used to read example-demon.conf files. */
    init_snmp("example-demon");

    /* If we're going to be a snmp master agent, initial the ports */
    if (!agentx_subagent)
        init_master_agent();  /* open the port to listen on (defaults to udp:161) */

    printf("---------------------\n");
    /* In case we recevie a request to stop (kill -TERM or kill -INT) */
    keep_running = 1;
    signal(SIGTERM, stop_server);

    signal(SIGINT, stop_server);

    snmp_log(LOG_INFO,"example-demon is up and running.\n");

    /* your main loop here... */
    while(keep_running) {
        /* if you use select(), see snmp_select_info() in snmp_api(3) */
        /*     --- OR ---  */
        agent_check_and_process(1); /* 0 == don't block */

    }

    /* at shutdown time */
    snmp_shutdown("example-demon");
    SOCK_CLEANUP;
    return 0;
}

8.Makefile:

CC=gcc

OBJS2=example-demon.o bvcomAgentModules.o
TARGETS=example-demon

CFLAGS=-I. `net-snmp-config --cflags`
BUILDLIBS=`net-snmp-config --libs`
BUILDAGENTLIBS=`net-snmp-config --agent-libs`

# shared library flags (assumes gcc)
DLFLAGS=-fPIC -shared

all: $(TARGETS)

example-demon: $(OBJS2)
    $(CC) -o example-demon $(OBJS2)  $(BUILDAGENTLIBS)

clean:
    rm $(OBJS2) $(OBJS2) $(TARGETS)

9.example-demon.conf:

###############################################################################
# Access Control
###############################################################################

#       sec.name  source          community
com2sec local     localhost       public
com2sec mynetwork 192.168.0.0/24      public

####
# Second, map the security names into group names:

#                 sec.model  sec.name
group MyRWGroup    v1         local
group MyRWGroup    v2c        local
group MyRWGroup    usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#              context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

agentaddress 161

10.运行example-demon 时要用超级管理员运行,不然会出错:

sudo ./example-demon

a.没有用超级管理员时,报的错误:

border@debian:/work/border/snmp/example-demon$ ./example-demon
netsnmp_assert !"registration != duplicate" failed agent_registry.c:535 netsnmp_subtree_load()
netsnmp_assert !"registration != duplicate" failed agent_registry.c:535 netsnmp_subtree_load()
netsnmp_assert !"registration != duplicate" failed agent_registry.c:535 netsnmp_subtree_load()
Before init bvcomAgentModules
End init bvcomAgentModules
Error opening specified endpoint "161"
---------------------
example-demon is up and running.
read_config_store open failure on /var/net-snmp/example-demon.conf
read_config_store open failure on /var/net-snmp/example-demon.conf
read_config_store open failure on /var/net-snmp/example-demon.conf

b.如果 报Error opening specified endpoint “”错,说明example-demon.conf配置文件没有agentaddress 161

11.拷贝配置文件到 ~/.snmp/目录下:

cp example-demon.conf /home/border/.snmp/

12.sudo ./example-demon:

border@debian:~$ snmpwalk -v1 -c public localhost bvcom
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentModuleObject.0 = INTEGER: 68001
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentSubagentObject.0 = INTEGER: 68002
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentPluginObject.0 = INTEGER: 68003
End of MIB

验证:

border@debian:~$ snmpget -v1 -c public localhost bvcomAgentModuleObject.0
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentModuleObject.0 = INTEGER: 68001

border@debian:~$ snmpgetnext -v1 -c public localhost bvcomAgentModuleObject.0
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentSubagentObject.0 = INTEGER: 68002

13.支持snmpv3 在配置文件中增加:

rwuser border
rwuser border1
createUser border MD5 "bvcombjbj" DES
createUser border1 SHA "bvcombjbj" AES
(最后一行也可以这样写:createUser border1 SHA "bvcombjbj" AES128)

通过如下命令验证:

a.验证MD5:

snmpwalk -v3 -l authPriv -u border -A bvcombjbj -X bvcombjbj localhost bvcom
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentModuleObject.0 = INTEGER: 68001
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentSubagentObject.0 = INTEGER: 68002
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentPluginObject.0 = INTEGER: 68003

b.验证SHA:

snmpwalk -v3 -l authPriv -u border1 -a SHA -x AES -A bvcombjbj -X bvcombjbj localhost bvcom
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentModuleObject.0 = INTEGER: 68001
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentSubagentObject.0 = INTEGER: 68002
BVCOM-SYSTEMUPTIME-MIB::bvcomAgentPluginObject.0 = INTEGER: 68003

如果你采用的是AES128,就需要把-x AES改为-x AES128:

snmpwalk -v3 -l authPriv -u border1 -a SHA -x AES128 -A bvcombjbj -X bvcombjbj localhost bvcom
参考:
  1. 用NET-SNMP软件包开发简单客户端代理 
  2. snmpd.examples 配置信息相关 
  3. snmp_agent_api 
  4. Tutorial 
  • By: Bian Jiang ()
  • From: 
  • Date: 2008.11.11

–EOF–

阅读(3146) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~