Cacti (home)ForumsDocumentation

Differences

This shows you the differences between two versions of the page.

manual:100:1_installation.1_install_unix.4_configure_snmp [2012/05/20 12:13] (current)
Line 1: Line 1:
 +==== Setting Up SNMP ====
  
 +This HowTo will explain how to install and configure the Net-SNMP agent. At time of writing, the latest version available is 5.4 (published on 12/06/2006).
 +
 +==== Getting Net-SNMP binaries ====
 +
 +Depending on your operating system, you'll find packages or tarballs to install Net-SNMP :
 +
 +  * **Linux**\\  Usually every Linux distribution comes with Net-SNMP packages :
 +    * RedHat / Fedora : install the net-snmp, net-snmp-libs and net-snmp-utils packages
 +    * Debian / Ubuntu: install the libsnmp-base, libsnmp5, snmp and snmpd packages
 +    * SuSE : install the net-snmp package
 +    * Gentoo : simply emerge the net-snmp ebuild
 +    * Mandriva : install the libnet-snmp5, net-snmp and net-snmp-utils packages.
 +  * **AIX**\\  Packages were are available in the [[http://aixpdslib.seas.ucla.edu/packages/net-snmp.html|University of California Repository]], but it's no longer available.\\  You can find Net-SNMP 5.0.3 for AIX 5.1 on the [[http://www.bullfreeware.com/download/aix43/net-snmp-5.0.3.0.exe|Bull AIX freeware site]].
 +  * **Solaris**\\  Solaris 10 ships with Net-SNMP 5.0.9  For older Solaris releases, packages are available in the [[http://www.sunfreeware.com|Sunfreeware]] repository :
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/netsnmp-5.1.1-sol9-sparc-local.gz|release 5.1.1 for Solaris 9 Sparc]]
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/intel/9/netsnmp-5.1.1-sol9-intel-local.gz|release 5.1.1 for Solaris 9 Intel]]
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/netsnmp-5.1.1-sol8-sparc-local.gz|release 5.1.1 for Solaris 8 Sparc]]
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/intel/8/netsnmp-5.1.1-sol8-intel-local.gz|release 5.1.1 for Solaris 8 Intel]]
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/sparc/7/netsnmp-5.1.1-sol7-sparc-local.gz|release 5.1.1 for Solaris 7 Sparc]]
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/sparc/2.6/netsnmp-5.1.1-sol26-sparc-local.gz|release 5.1.1 for Solaris 2.6 Sparc]]
 +    * [[ftp://ftp.sunfreeware.com/pub/freeware/sparc/2.5/netsnmp-5.1.1-sol25-sparc-local.gz|release 5.1.1 for Solaris 2.5 Sparc]]For these packages to work, OpenSSL and GCC libraries need to be installed also.Tarballs are also available from the Net-SNMP [[http://www.net-snmp.org/download.html|main site]] :
 +    * [[http://prdownloads.sourceforge.net/net-snmp/net-snmp_5.2.2-SunOS_5.9_sun4u.tar.gz|release 5.2.2 for Solaris 9 on sun4u hardware]]
 +    * [[http://prdownloads.sourceforge.net/net-snmp/net-snmp_5.2.2-SunOS_5.8_sun4u.tar.gz|release 5.2.2 for Solaris 8 on sun4u hardware]]
 +    * [[http://prdownloads.sourceforge.net/net-snmp/net-snmp_5.2.2-SunOS_5.7_sun4u.tar.gz|release 5.2.2 for Solaris 7 on sun4u hardware]]These tarballs have to be extracted from / has they contain absolute paths.\\  Files are copied to /usr/local/share/snmp, /usr/local/libs, /usr/local/include/net-snmp, /usr/local/man, /usr/local/bin and /usr/local/sbin
 +  * **HP-UX**\\  Tarballs are available from the Net-SNMP [[http://www.net-snmp.org/download.html|main site]] :
 +    * [[http://prdownloads.sourceforge.net/net-snmp/net-snmp-5.4-1-HP-UX_B.11.11_9000_800.tar.gz?download|release 5.4 for HP-UX 11.11 PA-RISC]]
 +    * [[http://prdownloads.sourceforge.net/net-snmp/net-snmp-5.4-1-HP-UX_B.11.00_9000_712.tar.gz?download|release 5.4 for HP-UX 11.00 PA-RISC]]
 +    * [[http://prdownloads.sourceforge.net/net-snmp/net-snmp-5.4-1-HP-UX_B.10.20_9000_715.tar.gz?download|release 5.4 for HP-UX 10.20 PA-RISC]]These tarballs have to be extracted from / has they contain absolute paths. Beware that the binaries are not stripped in these tarballs, this waste a lot space.\\  Files are copied to /usr/local/share/snmp, /usr/local/libs, /usr/local/include/net-snmp, /usr/local/man, /usr/local/bin and /usr/local/sbin
 +  * **FreeBSD**\\  Net-SNMP is available through the [[http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/net-snmp/|ports]]
 +
 +==== Building the Net-SNMP agent from source ====
 +
 +If you can't find binaries for your architecture, you can build the Net-SNMP agent from [[http://prdownloads.sourceforge.net/net-snmp/net-snmp-5.3.1.tar.gz?download|sources]].
 +
 +Here's how to get the configure options of an already running Net-SNMP agent:<code>
 +$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.100.6.0 
 +UCD-SNMP-MIB::versionConfigureOptions.0 = STRING: "'-disable-shared' '--with-mib-modules=host/hr_system'" 
 +</code>
 +==== Configuring the Net-SNMP agent ====
 +
 +Depending on how you've installed Net-SNMP, the main configuration file (**snmpd.conf**) is located in /etc/snmp (installation from package) or /usr/local/share/snmp (installation from tarball).
 +
 +Please note that you need to restart (or send the HUP signal) the snmpd daemon whenever you modify **snmpd.conf**
 +
 +The minimum configuration is this one:<code>rocommunity public</code>
 +
 +This will enable SNMP version 1/2 read-only requests from any host, with the community name public.\\  With this minimal configuration, you'll be able to graph CPU usage, load average, network interfaces, memory/swap usage, logged in users and number of processes.
 +
 +You can restrict from which hosts SNMP queries are allowed:<code>rocommunity public 127.0.0.1
 +rocommunity test 87.65.43.21</code>
 +
 +By default Net-SNMP listens on UDP port 161 on all IPv4 interfaces.\\  With the following example, Net-SNMP will listen on UDP port 10000 on 10.20.30.40 IP address:<code>agentaddress 10.20.30.40:10000</code>
 +
 +You can also make it listens on TCP, which is supported by Cacti <code>agentaddress tcp:161</code>
 +
 +The "tcp" keyword can then be used in Cacti :
 +
 +{{:manual:088:listenstcpjt0.preview.png?640x113|listenstcpjt0}}
 +
 +For those who want some more security, you can use the SNMP version 3 protocol, with MD5 or SHA hashing:<code>createUser frederic MD5 mypassphrase DES
 +group groupv3             usm      frederic
 +view    all included   .iso      80
 +access groupv3         ""        any       auth      exact    all         all        all</code>
 +
 +This creates a user "frederic" whose password is "mypassphrase". To test it:<code># snmpget -v 3 -l AuthNoPriv -u frederic -A mypassphrase 10.50.80.45 sysName.0
 +SNMPv2-MIB::sysName.0 = STRING: cyclopes</code>
 +
 +In Cacti, add your device, choose SNMP version 3, and fill the username and password fields:\\ {{:manual:088:snmpv3gr1.preview.png?640x262|snmpv3gr1}}
 +
 +Now that you're done with access control, add these 2 lines in **snmpd.conf** to indicate the location and contact name of your device:<code>syslocation Bat. C2
 +syscontact [email protected]</code>
 +
 +They will then appear in Cacti management interface :
 +
 +{{:manual:088:syslocationhb2.png?495x115|syslocationhb2}}
 +
 +Some OIDs return a unit, eg "-153.1 dBm".\\  It's a safe idea to turn this off, by adding this to **snmpd.conf**:<code>dontPrintUnits true</code>
 +
 +Next step is to graph filesystems in Cacti; the easyest way is to add this line in **snmpd.conf**:<code>includeAllDisks</code>
 +
 +When you'll run the "ucd/net - Get Monitored Partitions" Data Query, all the mounted filesystems will show up:
 +
 +{{:manual:088:disktableuk6.preview.png?640x57|disktableuk6}}
 +
 +If you want a filesystem not to be listed here, add this line to **snmpd.conf**:<code>ignoredisk /dev/rdsk/c0t2d0</code>
 +
 +Unfortunatly, some older versions of Net-SNMP do not fully work with the includeAllDisks keyword :-?\\  You'll then have to list explicitly all filesystems you want to graph:<code>disk /
 +disk /usr
 +disk /var
 +disk /oracle </code>
 +
 +You can also specify NFS mount points.
 +
 +Please note that the Net-SNMP agent can only report filesystems which where mounted before its start.\\  If you manually mount filesystems later, you'll have to reload the Net-SNMP agent (send the HUP signal).
 +
 +You can also graph processes, by adding this to **snmpd.conf**:<code>proc httpd</code>
 +
 +The result will be accessible under the ucdavis.prTable.prEntry tree:
 +
 +  * prCount, number of current processes running with the name in question
 +  * prNames, the process name you're counting.
 +
 +In our example, the number of Apache processes will be available under the .1.3.6.1.4.1.2021.2.1.5 OID
 +Some useful mib modules are:
 +
 +  * mibII/mta_sendmail, to graph MTA (Sendmail, Postfix, etc.) statistics
 +  * diskio, to enable to graph I/O statistics
 +  * ucd-snmp/lmSensors, for hardware monitoring (Linux and Solaris only)
 +
 +Mib modules can be added like this:<code>$ ./configure --with-mib-modules="module1 module2" </code>
 +
 +To compile Net-SNMP and build a compressed archive, follow these steps:<code>$ ./configure --with-your-options
 +$ make
 +# mkdir /usr/local/dist
 +# make install prefix=/usr/local/dist/usr/local exec_prefix=/usr/local/dist/usr/local
 +# cd /usr/local/dist
 +# tar cvf /tmp/net-snmp-5.3.1-dist.tar usr
 +# gzip /tmp/net-snmp-5.3.1-dist.tar
 +# rm -rf /usr/local/dist </code>
 +
 +You can then copy the /tmp/net-snmp-5.3.1-dist.tar.gz file to other servers, and uncompress it from the root directory (everything will get extracted to /usr/local).
 +
 +==== Test your configuration ====
 +
 +Once Net-SNMP is configured and started, here's how to test it:<code>$ snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.1.1.0
 +SNMPv2-MIB::sysDescr.0 = STRING: Linux cronos 2.4.28 #2 SMP ven jan 14 14:12:01 CET 2005 i686</code>
 +This basic query shows that your Net-SNMP agent is reachable.
 +
 +You can even query which Net-SNMP version is running on a host:<code>$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.100.2.0
 +UCD-SNMP-MIB::versionTag.0 = STRING: 5.2.1.2</code>
 +
 +An answer like that one<code>$ snmpwalk -v 1 -c foo localhost .1.3.6.1.2.1.1.1.0
 +Timeout: No Response from localhost</code>indicates that either the agent is not started, or that the community string is incorrect, or that this device is unreachable.
 +Check your community string, add firewall rules if necessary, etc.
 +
 +If using SNMP version 3, specifying an unknown user will result in this error message :<code>$ snmpget -v 3 -l AuthNoPriv -u john -A mypassphrase 10.50.80.45 sysName.0
 +snmpget: Unknown user name</code>An incorrect passphrase will result in this error message :
 +<code>$ snmpget -v 3 -l AuthNoPriv -u frederic -A badpassphrase 10.50.80.45 sysName.0
 +snmpget: Authentication failure (incorrect password, community or key)</code>
 +
 +This query will show you what filesystems are mounted:<code>$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9.1.2
 +UCD-SNMP-MIB::dskPath.1 = STRING: /
 +UCD-SNMP-MIB::dskPath.2 = STRING: /BB
 +UCD-SNMP-MIB::dskPath.3 = STRING: /dev/shm</code>
 +If the answer is empty, usually it means the //includeAllDisks// is not supported by your Net-SNMP agent (you'll have to list each filesystem you want to graph as explained in previous chapter).
 +
 +Finally, this query will you display your network interfaces:<code>$ snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.2.2.1.2
 +IF-MIB::ifDescr.1 = STRING: lo
 +IF-MIB::ifDescr.2 = STRING: eth0
 +IF-MIB::ifDescr.3 = STRING: eth1</code>
 +==== Extending the SNMP Agent ====
 +
 +A great functionnality of Net-SNMP is that you can "extend" it.
 +
 +Let's run the /tmp/foo.sh script:<code>$ /tmp/foo.sh -arg1
 +123</code>Now put this in **snmpd.conf**:<code>exec foo /bin/sh /tmp/foo.sh -arg1</code>
 +The result of your script will be accessible under the //ucdavis.extTable.extEntry// tree:
 + * output of the script : //ucdavis.extTable.extEntry.extOutput//
 + * exit status: //ucdavis.extTable.extEntry.extResult//
 + * command: //ucdavis.extTable.extEntry.extCommand//
 +
 +You can check the result with this SNMP query:<code>$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8.1
 +UCD-SNMP-MIB::extIndex.1 = INTEGER: 1
 +UCD-SNMP-MIB::extNames.1 = STRING: foo
 +UCD-SNMP-MIB::extCommand.1 = STRING: /bin/sh /tmp/foo.sh -arg1
 +UCD-SNMP-MIB::extResult.1 = INTEGER: 0
 +UCD-SNMP-MIB::extOutput.1 = STRING: 123
 +UCD-SNMP-MIB::extErrFix.1 = INTEGER: 0
 +UCD-SNMP-MIB::extErrFixCmd.1 = STRING:</code>
 +//extOutput// translates to .1.3.6.1.4.1.2021.8.1.101
 +As "foo" is our first //exec// directive, add **.1** at the end of the OID.
 +
 +In Cacti, use the "SNMP - Generic OID Template" like this:
 +
 +{{:manual:088:footh8.preview.png?640x234|footh8}}
 +
 +Voila! Result of the /tmp/foo.sh script is now graphed in Cacti.
 +
 +Now let's run this second script, which returns more than one result:<code>$ /tmp/bar.sh
 +456
 +789</code>It returns two values, one per line (this is important).
 +
 +Another way to call scripts from **snmpd.conf** is by specifying an OID, like this:<code>exec .1.3.6.1.4.1.2021.555 /bin/sh /tmp/bar.sh</code>
 +Run this query:<code>$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.555
 +UCD-SNMP-MIB::ucdavis.555.1.1 = INTEGER: 1
 +UCD-SNMP-MIB::ucdavis.555.2.1 = STRING: "/bin/sh"
 +UCD-SNMP-MIB::ucdavis.555.3.1 = STRING: "/tmp/bar.sh"
 +UCD-SNMP-MIB::ucdavis.555.100.1 = INTEGER: 0
 +UCD-SNMP-MIB::ucdavis.555.101.1 = STRING: "456"
 +UCD-SNMP-MIB::ucdavis.555.101.2 = STRING: "789"
 +UCD-SNMP-MIB::ucdavis.555.102.1 = INTEGER: 0
 +UCD-SNMP-MIB::ucdavis.555.103.1 = ""</code>
 +First line returned by the script will be available at .1.3.6.1.4.1.2021.555**.101.1**, second one at .1.3.6.1.4.1.2021.555**.101.2**, and so on.
 +
 +You can then use the "SNMP - Generic OID Template" in Cacti (one Data Source per OID).
 +
 +Let's say you want to count the number of entries in a log file. Add this to **snmpd.conf**:<code>logmatch cactistats /home/cactiuser/cacti/log/cacti.log 120 SYSTEM STATS</code>
 + * the global count of matches will be available under the .1.3.6.1.4.1.2021.16.2.1.5.1 OID
 + * the "Regex match counter" (which is reset with each file rotation) will be available under the .1.3.6.1.4.1.2021.16.2.1.7.1 OID
 +
 +To list all the available variables, use this query:<code>$ snmpwalk -v 1 -c public localhost logMatch
 +UCD-SNMP-MIB::logMatchMaxEntries.0 = INTEGER: 50
 +UCD-SNMP-MIB::logMatchIndex.1 = INTEGER: 1
 +UCD-SNMP-MIB::logMatchName.1 = STRING: cactistats
 +UCD-SNMP-MIB::logMatchFilename.1 = STRING: /home/cactiuser/cacti/log/cacti.log
 +UCD-SNMP-MIB::logMatchRegEx.1 = STRING: SYSTEM STATS
 +UCD-SNMP-MIB::logMatchGlobalCounter.1 = Counter32: 301634
 +UCD-SNMP-MIB::logMatchGlobalCount.1 = INTEGER: 301634
 +UCD-SNMP-MIB::logMatchCurrentCounter.1 = Counter32: 6692
 +UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 6692
 +UCD-SNMP-MIB::logMatchCounter.1 = Counter32: 1
 +UCD-SNMP-MIB::logMatchCount.1 = INTEGER: 0
 +UCD-SNMP-MIB::logMatchCycle.1 = INTEGER: 120
 +UCD-SNMP-MIB::logMatchErrorFlag.1 = INTEGER: 0
 +UCD-SNMP-MIB::logMatchRegExCompilation.1 = STRING: Success</code>
 +
 +
 +We'll then use another interesting directive, the "proxy" one.
 +Let's take for example the Squid proxy : when enabled, its SNMP agent listen to UDP 3401 port.
 +If you want to have system graphs and Squid graphs without declaring 2 devices in Cacti, add this in **snmpd.conf**:<code>proxy -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1</code>The Squid SNMP tree will be available under the .1.3.6.1.4.1.3495.1 branch.
 +
 +Let's query this host:<code>$ snmpwalk -v 1 -c public 10.151.33.3 sysdescr
 +SNMPv2-MIB::sysDescr.0 = STRING: Linux srv1.foo.com 2.6.8.1-12mdk #1 Fri Oct 1 12:53:41 CEST 2004 i686</code>
 +And here's the Squid part (this specific OID returns the Squid version):<code>$ snmpwalk -v 1 -c public 10.151.33.3 .1.3.6.1.4.1.3495.1.2.3.0
 +SNMPv2-SMI::enterprises.3495.1.2.3.0 = STRING: "2.5.STABLE6"</code>
 +
 +Here, you'll find how to [[http://www.squid-cache.org/Doc/FAQ/FAQ-18.html|enable the Squid SNMP agent]].





Personal Tools