Net-Snmp安装参照链接完成并测试是否安装完成。
一、snmpd.conf
snmpd.conf是snmp的基本环境配置,在上述链接中有说明如何修改。在这里要注意的是如果要使用子代理模式,需要在conf配置中添加“master agentx”开启snmp主代理模式。以下是conf配置文件:
###############################################################################
#
# EXAMPLE.conf:
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See the 'snmpd.conf(5)' man page for details
#
# Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
# AGENT BEHAVIOUR
#
# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
agentAddress udp:161
###############################################################################
#
# SNMPv3 AUTHENTICATION
#
# Note that these particular settings don't actually belong here.
# They should be copied to the file /var/net-snmp/snmpd.conf
# and the passwords changed, before being uncommented in that file *only*.
# Then restart the agent
# createUser authOnlyUser MD5 "remember to change this password"
# createUser authPrivUser SHA "remember to change this one too" DES
# createUser internalUser MD5 "this is only ever used internally, but still change the password"
# If you also change the usernames (which might be sensible),
# then remember to update the other occurances in this example config file to match.
###############################################################################
#
# ACCESS CONTROL
#
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view all included .1 # Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default
rwcommunity public default
# Full access from an example network
# Adjust this network address to match your local
# settings, change the community string,
# and check the 'agentAddress' setting above
#rocommunity secret 10.0.0.0/16
# Full read-only access for SNMPv3
rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the 'createUser' lines above
#rwuser authPrivUser priv
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
# r[ou]user and r[ow]community, together with suitable views, should cover most requirements
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Sitting on the Dock of the Bay
sysContact Me <[email protected]>
# Application + End-to-End layers
sysServices 72
#
# Process Monitoring
#
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
#
# Disk Monitoring
#
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
includeAllDisks 10%
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
#
# System Load
#
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
###############################################################################
#
# ACTIVE MONITORING
#
# send SNMPv1 traps
# trapsink localhost public
# send SNMPv2c traps
trap2sink localhost public
# send SNMPv2c INFORMs
#informsink localhost public
# Note that you typically only want *one* of these three lines
# Uncommenting two (or all three) will result in multiple copies of each notification.
#
# Event MIB - automatically generate alerts
#
# Remember to activate the 'createUser' lines above
iquerySecName internalUser
rouser internalUser
# generate traps on UCD error conditions
defaultMonitors yes
# generate traps on linkUp/Down
linkUpDownNotifications yes
###############################################################################
#
# EXTENDING THE AGENT
#
#
# Arbitrary extension commands
#
extend test1 /bin/echo Hello, world!
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
#extend-sh test3 /bin/sh /tmp/shtest
# Note that this last entry requires the script '/tmp/shtest' to be created first,
# containing the same three shell commands, before the line is uncommented
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
# and nsExtendOutput2Table) to see the resulting output
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
# as well as the fuller results in the above tables.
#
# "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
# Note that this requires one of the two 'passtest' scripts to be installed first,
# before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
# and are not installed automatically.
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
#
# AgentX Sub-agents
#
# Run as an AgentX master agent
master agentx
# Listen for network connections (from localhost)
# rather than the default named socket /var/agentx/master
#agentXSocket tcp:localhost:705
mibs +MY-MIB
mibs +TEST-MIB
Note:#为注释
二、自定义MIB
MIB的编写和讲解参照了前辈的博客:https://blog.csdn.net/shanzhizi/article/details/11769491。讲述的很清楚了。
这里要注意的是在编写完直接的MIB后,需要放入snmp的search path,一般默认的地方是:
1. /root/.snmp/mibs
2. /usr/local/snmp/share/snmp/mibs
或者使用命令net-snmp-config --default-mibdirs,即可获得路径。详情见:载入第三方库
以下是我参照写的mib:
--MY-MIB
MY-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP
FROM SNMPv2-CONF
enterprises, Integer32, Unsigned32, OBJECT-TYPE, MODULE-IDENTITY,
NOTIFICATION-TYPE
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC;
--
-- 1.3.6.1.4.1.26536
Test MODULE-IDENTITY
LAST-UPDATED "201807050918Z"
ORGANIZATION
""
CONTACT-INFO
""
DESCRIPTION
"Video's Server MIB."
::= { enterprises 26536 }
-- Node definitions
-- This part will include all details about the Test.
-- 1.3.6.1.4.1.26536.1
Time OBJECT IDENTIFIER ::= { Test 1 }
-- 1.3.6.1.4.1.26536.1.1
GetTime OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..100))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
""
::= { Time 1 }
END
-- MY-MIB.my
Note:--为注释
Note:把该MIB放入search path,使用snmptranslate -Tp -IR xxx::xx来验证是否加载的时候,可能会出现"Unknown Object Identifier" 这样的错误。是因为未将该MIB放入CONF文件内。解决方法及注意事项见载入第三方库。如上方conf配置中mibs +xxx所示, xxx即如MyMIB DEFINITIONS::=BEGIN这句定义中的MyMIB.
三、生成源码
mib2c可以根据mib库生成对应的源代码,有多种模板,这里我们要生成子代理的代码,所以选择是固定的,执行env MIBS"+/usr/local/share/snmp/mibs/Test-MIB.my" mib2c Test,会引导你逐渐生成Test.h和Test.c, 先选2再选1。
在生成的.c文件中修改xxx或者TODO成自己的,
执行net-snmp-config --compile-subagent Test Test.c,就生成了Test程序,Test为可执行程序名(可自定义),Test.c是由你MIB生成的.c文件。可参照:代理agent。
最后用snmpget 或者snmpwalk等命令测试。
PS:记录下自己了解的过程。