SNMP

From Gentoo Wiki
Revision as of 13:08, 18 May 2012 by Ni1s (Talk | contribs)

Jump to: navigation, search

SNMP - Simple Network Management Protocol. SNMP is supported by almost all network equipment available. SNMP is a powerful protocol able to configure and request network equipment data remotely.

This document describes howto install and to configure SNMP Read Only access to your equipment. The SNMP version used in this configuration below is SNMP v2c.

Contents

Installation

The following USE flags are supported by net-analyzer/net-snmp package:


→ Information about USE flags
USE flag Default Recommended Description
kernel_linux No
{{USEflag}}
No valid global USE flag.
X No Adds support for X11
bzip2 No Use the bzlib compression library
diskio No
{{USEflag}}
No valid global USE flag.
doc No Adds extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
elf No Enable the use of elf utils to check uptime on some systems
extensible No
{{USEflag}}
No valid global USE flag.
ipv6 No Adds support for IP version 6
lm_sensors No Adds linux lm_sensors (hardware sensors) support
mfd-rewrites No Use MFD rewrites of mib modules where available
minimal No Install a very minimal build (disables, for example, plugins, fonts, most drivers, non-critical features)
perl No Adds optional support/bindings for the Perl language
python No Adds optional support/bindings for the Python language
rpm No Enable monitoring of app-arch/rpm. This flag requires the bzip2 and zlib flags to be enabled as well.
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
sendmail No
{{USEflag}}
No valid global USE flag.
smux No
{{USEflag}}
No valid global USE flag.
ssl No Adds support for Secure Socket Layer connections
tcpd No Adds support for TCP wrappers
zlib No Adds support for zlib (de)compression

To install SNMP daemon use following command:

root # emerge --ask net-snmp

For basic Read Only SNMP access there is no specific USE flag needed. It is safe to disable all USE flags which are provided by the net-analyzer/net-snmp package.

Configuration

Edit the /etc/snmpd/snmpd.conf file and add the community and the IP access list.

Warning
NEVER use the default communities which are called public and private, these are considered a potential security risk, also if SNMP access is secured by a IP access list
  • Substitute the SNMP community my-own-SNMP-community with your own SNMP community.
  • Substitute the 10.255.255.0/24 network with your own IP network where SNMP access should be allowed from.
  • Substitute the syslocation and syscontact with your own valid data.
File/etc/snmp/snmpd.conf

com2sec local     127.0.0.1/32          my-own-SNMP-community
com2sec local     10.255.255.0/24       my-own-SNMP-community
#
group MyROGroup v1         local
group MyROGroup v2c        local
group MyROGroup usm        local
view all    included  .1                               80
access MyROGroup "" any     noauth    exact  all    none   none
#
syslocation London
syscontact Admin {Admin@example.com}

It is suggested to put valid data into the syslocation and syscontact fields, so in a support case when your hardware is monitored by a NMS (Network Management System) the responsible staff has the data right there where it is needed (in the NMS).

In a large network or enterprise it is not easy to describe for the network staff where particular network equipment has been placed. Sometimes there is a high fluctuation of the network staff, and after some time network equipment gets lost because nobody knows anymore where it has been placed, or whom to contact when a network equipment has failed.

So be aware to put valid data in there, your network staff will be thankful if you do so, it helps them to resolve outages quicker if something fails on a particular component that is monitored with SNMP.

Starting the daemon

To start the snmpd daemon do following

root # /etc/init.d/snmpd start

Testing SNMP Access

To test SNMP access, or rather poll SNMP data your SNMP client has to be within the IP range of the previously configured access list (here 10.255.255.0/24), to be allowed to ask for SNMP statistics.

  • Substitute the IP 192.168.10.254 with the target host where SNMP access is enabled
  • Substitute the SNMP community my-own-SNMP-community with your own SNMP community
user $ snmpwalk -v2c -c my-own-SNMP-community 192.168.10.254

Troubleshooting

Verify the SNMP daemon is running on a particular host:

root # netstat -tulpen | grep 161 
udp        0      0 0.0.0.0:161             0.0.0.0:*                           0          4307       2393/snmpd
  • SNMP v1 and SNMP v2c uses UDP
  • SNMP v3 uses TCP
Retrieved from "http://wiki.gentoo.org/index.php?title=SNMP&oldid=5874"
Personal tools
Namespaces

Variants
Actions
Gentoo Websites logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Navigation
Toolbox
Categories