読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

FreeBSD10.1-RC4にnet-snmp(snmpd/snmptrapd)をインストールしてみた。

■FreeBSD10.1-RC4にnet-snmp(snmpd/snmptrapd)をインストールしてみた。

$ pkg search ^net-snmp
net-snmp-5.7.2_16

$ su root -c 'pkg install -y net-snmp'

■サンプル設定をコピー。
 デフォルトではIPv4のlocalhostの許可。

$ sudo cp /usr/local/share/snmp/{snmpd.conf.example,snmpd.conf}
$ grep 161 /usr/local/share/snmp/snmpd.conf
agentAddress  udp:127.0.0.1:161
#agentAddress udp:161,udp6:[::1]:161

■snmpdサービスの起動
 ※「-p」オプションと「-c」はフラグとして使えない。

$ grep -A 1 "\-[pc]\*" /usr/local/etc/rc.d/snmpd 
		-p*)
			err 1 "\$snmpd_flags includes -p option." \
--
		-c*)
			err 1 "\$snmpd_flags includes -c option." \

$ grep "^# snmpd_" /usr/local/etc/rc.d/snmpd 
# snmpd_enable="YES"
# snmpd_flags="<set as needed>"
# snmpd_conffile="<set as needed>"

■snmpdを起動してみる。

$ echo 'snmpd_enable="YES"' | sudo tee -a /etc/rc.conf > /dev/null
$ sudo /usr/local/etc/rc.d/snmpd start
Starting snmpd.
$ netstat -an | grep 161
udp4       0      0 127.0.0.1.161          *.*

$ tail /var/log/snmpd.log 
Turning on AgentX master support.
NET-SNMP version 5.7.2

■snmpdの動作確認

$ snmpwalk -c public -v1 localhost sysUpTime
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (4058) 0:00:40.58

$ snmptranslate -On -IR system
.1.3.6.1.2.1.1

$ snmpwalk -c public -v 1 localhost system | tail -1
SNMPv2-MIB::sysORUpTime.12 = Timeticks: (6413) 0:01:04.13

$ snmptranslate -TB Cpu
UCD-SNMP-MIB::ssCpuRawGuestNice

$ snmpwalk -c public -v 1 localhost Cpu             
UCD-SNMP-MIB::ssCpuRawGuestNice.0 = Counter32: 0

$ snmptranslate -On -IR ssCpuIdle
.1.3.6.1.4.1.2021.11.11

$ snmpwalk -c public -v 1 localhost ssCpuIdle
UCD-SNMP-MIB::ssCpuIdle.0 = INTEGER: 99

■Debian風に多少の設定をして。。。

$ grep -A 6 ^com2sec /usr/local/share/snmp/snmpd.conf
com2sec readonly 127.0.0.1 public
group MyROGroup v1 readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Unknown
syscontact Root <root@localhost>

$ sudo /usr/local/etc/rc.d/snmpd restart;tail /var/log/snmpd.log 
Stopping snmpd.
Waiting for PIDS: 1381.
Starting snmpd.
Turning on AgentX master support.
NET-SNMP version 5.7.2

■snmptrapdの有効化

$ grep "#.*enable" /usr/local/etc/rc.d/snmptrapd 
# Add the following line to /etc/rc.conf to enable snmptrapd:
# snmptrapd_enable="YES"

$ echo 'snmptrapd_enable="YES"' | sudo tee -a /etc/rc.conf > /dev/null
$ sudo /usr/local/etc/rc.d/snmptrapd start
Starting snmptrapd.

$ netstat -an | grep 162
udp4       0      0 *.162                  *.*              

■このままだと失敗する。

$ tail -2 /var/log/messages | cut -c 22- | gsed s/"(\|)"/"\n\t&"/g
 snmptrapd[1783]: Warning: no access control information configured.   
	(Config search path: /usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/root/.snmp
	) This receiver will *NOT* accept any incoming notifications.
 snmptrapd[1784]: No access configuration - dropping trap.

■メッセージに従い、「snmptrapd.conf」を作成

$ sudo mkdir /usr/local/etc/snmp/
$ echo 'authCommunity log,execute,net public' | sudo tee -a /usr/local/etc/snmp/snmptrapd.conf> /dev/null

$ sudo /usr/local/etc/rc.d/snmpd restart; \
  sudo /usr/local/etc/rc.d/snmptrapd restart; \
  tail /var/log/snmpd.log; \
  tail -1 /var/log/messages | cut -c 22- | gsed s/"(\|)\|,"/"\n\t&"/g
Stopping snmpd.
Waiting for PIDS: 2078.
Starting snmpd.
Stopping snmptrapd.
Waiting for PIDS: 2096.
Starting snmptrapd.
Turning on AgentX master support.
NET-SNMP version 5.7.2
 snmptrapd[2096]: 172.16.115.128: Enterprise Specific Trap 
	(DISMAN-EVENT-MIB::mteTriggerFired
	) Uptime: 0:00:00.06
	, DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: dskTable
	, DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING: 
	, DISMAN-EVENT-MIB::mteHotContextName.0 = STRING: 
	, DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::dskErrorFlag.4
	, DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 1
	, UCD-SNMP-MIB::dskPath.4 = STRING: /dev
	, UCD-SNMP-MIB::dskErrorMsg.4 = STRING: /dev: less than 10% free 
	(= 0%
	)

■snmptrap通知がmessagesに残ることを確認

$ sudo snmptrap -v 1 -c public localhost .1.3.6.1.4.1.8072.99999 localhost \
    6 1 '' .1.3.6.1.4.1.8072.99999.1 s "Test Message"; \
  grep "Test Message" /var/log/messages | cut -c 22- |  gsed s/","/"\n\t&"/g
 snmptrapd[2135]: 127.0.0.1: Enterprise Specific Trap (.1) Uptime: 1:51:30.49
	, NET-SNMP-MIB::netSnmp.99999.1 = STRING: "Test Message"
 snmptrapd[2135]: 127.0.0.1: Enterprise Specific Trap (.1) Uptime: 1:51:39.23
	, NET-SNMP-MIB::netSnmp.99999.1 = STRING: "Test Message"
 snmptrapd[2135]: 127.0.0.1: Enterprise Specific Trap (.1) Uptime: 1:54:49.42
	, NET-SNMP-MIB::netSnmp.99999.1 = STRING: "Test Message"