John's Home
又一个WordPress站点

ubuntu snmp 配置

1. SNMP安装

运行如下两个命令

apt-get install snmp [enter]

apt-get install snmpd [enter]

顺利运行完毕,使用如下命令测试一下

lsof -i:161

如果输出了正在运行snmp协议,便说明安装OK。

2. SNMP配置(重点)

我的SNMP配置文件/etc/snmp/snmpd.conf与网上早年的一些资料不同,主要是 压根没有出现com2sec,下面附上我的snmpd.conf的前半部分:

-----------------------------------下面是snmpd.conf---------------------------------

###############################################################################
#
# EXAMPLE.conf:
#   An example configuration file for configuring the Net-SNMP agent ('snmpd')
#   See the 'snmpd.conf(5)' man page for details
#
#  Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
#  AGENT BEHAVIOUR
#
#  Listen for connections from the local system only
#agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
###############################################################################
#
#  SNMPv3 AUTHENTICATION
#
#  Note that these particular settings don't actually belong here.
#  They should be copied to the file /var/lib/snmp/snmpd.conf
#     and the passwords changed, before being uncommented in that file *only*.
#  Then restart the agent
#  createUser authOnlyUser  MD5 "remember to change this password"
#  createUser authPrivUser  SHA "remember to change this one too"  DES
#  createUser internalUser  MD5 "this is only ever used internally, but still change the password"
#  If you also change the usernames (which might be sensible),

#  then remember to update the other occurances in this example config file to match.
###############################################################################
#
#  ACCESS CONTROL
#
                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1
view   systemonly  included   .1   80
                                                 #  Full access from the local host
#rocommunity public  localhost
                                                 #  Default access to basic system info
 rocommunity public  default    -V systemonly
                                                 #  Full access from an example network
                                                 #     Adjust this network address to match your local
                                                 #     settings, change the community string,
                                                 #     and check the 'agentAddress' setting above
#rocommunity secret  10.0.0.0/16
                                                 #  Full read-only access for SNMPv3
 rouser   authOnlyUser
                                                 #  Full write access for encrypted requests
                                                 #     Remember to activate the 'createUser' lines above
#rwuser   authPrivUser   priv
#  It's no longer typically necessary to use the full 'com2sec/group/access' configuration
#  r[ou]user and r[ow]community, together with suitable views, should cover most requirements

-----------------------------------上面是snmpd.conf---------------------------------

我的目的是进行远程SNMP连接,所以需要做如下的修改:

将下面这一行

agentAddress udp:127.0.0.1:161

注释掉,即 

#agentAddress udp:127.0.0.1:161

然后将原来的这一行

#agentAddress udp:161,udp6:[::1]:161

去掉注释,即

agentAddress udp:161,udp6:[::1]:161

这样便可以实现snmp的远程监听了。

但修改后cacti服务器还是无法监测到CPU、内存、流量的数据,所以需要再做如下修改:

在snmpd.conf中找到下面的内容
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

在下面加上一行

view   systemonly  included   .1   80 对齐上面的点

这样就允许监听所有设备了。

完成所有修改后,重启snmp

service snmpd restart

本地测试SNMP是否监测各类指标的方法:运行如下命令

snmpwalk -v 2c -c public localhost

如果输出结果有好多页好多页,应该是设置成功了!

防火墙增加相应端口

ufw allow 161/udp

AWS安全组开放相应端口

2020-07-02
暂无评论

Leave a Reply