Net-SNMP(V3协议)安装配置笔记(CentOS 5.2)

为了这颗仙人掌(cacti),我必须先部署(Net-SNMP),

同时我为了安全因素,也为了简便考虑,决定采用采用Net-SNMP(V3协议)来部署,

可是国内中文环境下面部署V3协议的是在是太少哦(找来找去都是一些垃圾站机器人抓取的文章,该空格的地方不空格,改大写的地方不大写。。。),折腾了我两天才搞定

1.前期安装必备套件

yum install net-snmp net-snmp-utils

我以为这样就可以了,然后开始满世界的找SNMP配置文件的Sample样例,可是,找来找去无非就是两个结果,要么全部是V1或者V2c协议的配置,要么是涉及V3,但是不适合于CentOS5.2的,我所说的不适于,是因为那些文章要么采用SUSE,所指示的配置文件位置和CentOS5.2不怎么一致,再加上我对CentOS5.2下面到底除了/etc/snmp/snmpd.conf,还有一个snmpd在哪里始终找不到,后来。locate忘记updatedb了,终于找到了,在/usr/share/snmp/snmpd.conf下面,基本上可以按照这个SUSE的方案来做了,不过后来看到有个net-snmp-config,我怎么找都找不到,网上一查,说这个tool只在net-snmp的dev才有,我一yum,发现这个更新和依赖加起来有2.8MB,算了,直接到网上down了这个net-snmp-config,一看是个shell脚本,更加有喜感了,大家可以点击这里下载,非常小

[download id="8" format="2"]

2.创建V3验证用户,并测试

[bash]
service snmpd stop
chmod 777 net-snmp-config
./net-snmp-config --create-snmpv3-user -ro -a mypass -A MD5 myname
#注意上面一句,-a是密码,而用户名跟在最后面,-A是密码加密方式,
#很多垃圾站的文章都把大a和小A搞反了
#因为,在snmpwalk测试的时候,-a表示加密方式,-A是密码,所以这一点很重要
#我也是看了他自己的帮助文档才发现这个错误的,折腾死我了
service snmpd start
snmpwalk -v3 -u myname -l auth -a MD5 -A mypass 127.0.0.1 if
[/bash]

如果能够返回信息

IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.1 = INTEGER: 16436
IF-MIB::ifMtu.2 = INTEGER: 1500
IF-MIB::ifSpeed.1 = Gauge32: 10000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifPhysAddress.1 = STRING:
IF-MIB::ifPhysAddress.2 = STRING: 0:15:58:de:27:a3
IF-MIB::ifAdminStatus.1 = INTEGER: up(1)
IF-MIB::ifAdminStatus.2 = INTEGER: up(1)
IF-MIB::ifOperStatus.1 = INTEGER: up(1)
IF-MIB::ifOperStatus.2 = INTEGER: up(1)
IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00
IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00
IF-MIB::ifInOctets.1 = Counter32: 1036102784
IF-MIB::ifInOctets.2 = Counter32: 1896546331
IF-MIB::ifInUcastPkts.1 = Counter32: 6733501
IF-MIB::ifInUcastPkts.2 = Counter32: 260564072
IF-MIB::ifInNUcastPkts.1 = Counter32: 0
IF-MIB::ifInNUcastPkts.2 = Counter32: 57224
IF-MIB::ifInDiscards.1 = Counter32: 0
IF-MIB::ifInDiscards.2 = Counter32: 0
IF-MIB::ifInErrors.1 = Counter32: 0
IF-MIB::ifInErrors.2 = Counter32: 0
IF-MIB::ifInUnknownProtos.1 = Counter32: 0
IF-MIB::ifInUnknownProtos.2 = Counter32: 0
IF-MIB::ifOutOctets.1 = Counter32: 1036102784
IF-MIB::ifOutOctets.2 = Counter32: 3196067597
IF-MIB::ifOutUcastPkts.1 = Counter32: 6733501
IF-MIB::ifOutUcastPkts.2 = Counter32: 405123923
IF-MIB::ifOutNUcastPkts.1 = Counter32: 0
IF-MIB::ifOutNUcastPkts.2 = Counter32: 0
IF-MIB::ifOutDiscards.1 = Counter32: 0
IF-MIB::ifOutDiscards.2 = Counter32: 0
IF-MIB::ifOutErrors.1 = Counter32: 0
IF-MIB::ifOutErrors.2 = Counter32: 0
IF-MIB::ifOutQLen.1 = Gauge32: 0
IF-MIB::ifOutQLen.2 = Gauge32: 0
IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero
IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero

就表示OK了!
其中,-ro表示只读用户组,可以采集信息,但是不能更改系统设置
我创建用户的时候没有没有设定privpass,是为了简化过程,如果要创建带privpass验证,而且这个privpass也可以选择不同于密码的加密方式,比如,我密码采用MD5加密,而privpass采用AES加密,增加破解难度,那么可以这样写

net-snmp-config:
--create-snmpv3-user [-ro] [-a authpass] [-x privpass] [-X DES]
[-A MD5|SHA] [username]

snmpwalk:
V3验证常用参数
-v 1|2c|3             specifies SNMP version to use
-u USER-NAME          set security name (e.g. bert)
-l LEVEL              set security level (noAuthNoPriv|authNoPriv|authPriv)
-a PROTOCOL           set authentication protocol (MD5|SHA)
-A PASSPHRASE         set authentication protocol pass phrase
-x PROTOCOL           set privacy protocol (DES|AES)
-X PASSPHRASE         set privacy protocol pass phrase
V2c/V1验证常用
-c COMMUNITY          set the community string

[bash]
./net-snmp-config --create-snmpv3-user -ro -a mypass -A MD5 -x myprivpass -X DES myname
#snmpwalk要这样写
snmpwalk -v3 -u myname -l authPriv -a MD5 -A mypass -x DES -X myprivpass 127.0.0.1 if[/bash]

命令执行之后将自动建立新的配置文件snmpd.conf,而内容也十分简单。只有用户名和权限,而关于认证方式的信息则会存储在/var/net-snmp/snmpd.conf文件中。

[bash]cat /var/net-snmp/snmpd.conf[/bash]

3.设置IPtables,确保安全

接下来的事情,就是就是开放指定IP访问161的UDP端口

[bash]iptables -A INPUT -i eth0 -p udp -s X.X.X.X --dport 161 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s X.X.X.X --dport 161 -j ACCEPT[/bash]

具体可以参见我的这篇文章iptables,纠结的顺序


附上我的V2c配置文件和注释(/etc/snmp/snmpd.conf),毕竟V2c还是用的比较多的

[text]

###############################################################################
#
# snmpd.conf:
#   An example configuration file for configuring the ucd-snmp snmpd agent.
# the v2c By ihipop.gicp.net [email protected]
###############################################################################
# 指定端口
##agentaddress  1161

###############################################################################
# Access Control
###############################################################################

####
# First, map the community name "public" into a "security name"

#       sec.name  source          community
com2sec notConfigUser  127.0.0.1  public
com2sec notConfigUser  xxxx.xxxx.xxx.xxxx public
com2sec notConfigUser  xxxx.xxxx.xxxxx.xxxx public

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

####
# Third, create a view for us to let the group have rights to:

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1

####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
access  notConfigGroup ""      any       noauth    exact  all none none
#本来上面的read字段对应的是systemview,改成all了
# -----------------------------------------------------------------------------

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

##       sec.name  source          community
#com2sec local     localhost       COMMUNITY
#com2sec mynetwork NETWORK/24      COMMUNITY

##     group.name sec.model  sec.name
#group MyRWGroup  any        local
#group MyROGroup  any        mynetwork
#
#group MyRWGroup  any        otherv3user
#...

##           incl/excl subtree                          mask
view all    included  .1                               80
#上面的#去掉了,也就是,从这行往下就没动,以后慢慢写注释
## -or just the mib2 tree-

#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc

##                context sec.model sec.level prefix read   write  notif
#access MyROGroup ""      any       noauth    0      all    none   none
#access MyRWGroup ""      any       noauth    0      all    all    all

###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don't allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#

# First, map the community name "public" into a "security name"
#       sec.name        source          community
#com2sec notConfigUser   default         public

# Second, map the security name into a group name:
#       groupName       securityModel   securityName
#group   notConfigGroup  v1              notConfigUser
#group   notConfigGroup  v2c             notConfigUser

# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
#       name            incl/excl       subtree mask(optional)
#view    roview          included        .1
#view    rwview          included        system.sysContact
#view    rwview          included        system.sysName
#view    rwview          included        system.sysLocation
#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
#view    rwview          included        at.atTable.atEntry.atPhysAddress
#view    rwview          included        at.atTable.atEntry.atNetAddress
#view    rwview          included        ip.ipForwarding
#view    rwview          included        ip.ipDefaultTTL
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
#view    rwview          included        snmp.snmpEnableAuthenTraps

# Finally, grant the group read-only access to the systemview view.
#       group          context sec.model sec.level prefix read   write  notif
#access  notConfigGroup ""      any       noauth    exact  roview rwview none

###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)

# Example output of snmpwalk:
#   % snmpwalk -v 1 localhost -c public system
#   system.sysDescr.0 = "SunOS name sun4c"
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
#   system.sysContact.0 = "Me <[email protected]>"
#   system.sysName.0 = "name"
#   system.sysLocation.0 = "Right here, right now."
#   system.sysServices.0 = 72

# -----------------------------------------------------------------------------

###############################################################################
# Process checks.
#
#  The following are examples of how to use the agent to check for
#  processes running on the host.  The syntax looks something like:
#
#  proc NAME [MAX=0] [MIN=0]
#
#  NAME:  the name of the process to check for.  It must match
#         exactly (ie, http will not find httpd processes).
#  MAX:   the maximum number allowed to be running.  Defaults to 0.
#  MIN:   the minimum number to be running.  Defaults to 0.

#
#  Examples (commented out by default):
#

#  Make sure mountd is running
#proc mountd

#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4

#  Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1

#  A snmpwalk of the process mib tree would look something like this:
#
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
#  Note that the errorFlag for mountd is set to 1 because one is not
#  running (in this case an rpc.mountd is, but thats not good enough),
#  and the ErrMessage tells you what's wrong.  The configuration
#  imposed in the snmpd.conf file is also shown.
#
#  Special Case:  When the min and max numbers are both 0, it assumes
#  you want a max of infinity and a min of 1.
#

# -----------------------------------------------------------------------------

###############################################################################
# Executables/scripts
#

#
#  You can also have programs run by the agent that return a single
#  line of output and an exit code.  Here are two examples.
#
#  exec NAME PROGRAM [ARGS ...]
#
#  NAME:     A generic name.
#  PROGRAM:  The program to run.  Include the path!
#  ARGS:     optional arguments to be passed to the program

# a simple hello world

#exec echotest /bin/echo hello world

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest

# Then,
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0

# Note that the second line of the /tmp/shtest shell script is cut
# off.  Also note that the exit status of 35 was returned.

# -----------------------------------------------------------------------------

###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.

# disk PATH [MIN=100000]
#
# PATH:  mount path to the disk in question.
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
#        Default value = 100000.

# Check the / partition and make sure it contains at least 10 megs.

#disk / 10000

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""

# -----------------------------------------------------------------------------

###############################################################################
# load average checks
#

# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
# 1MAX:   If the 1 minute load average is above this limit at query
#         time, the errorFlag will be set.
# 5MAX:   Similar, but for 5 min average.
# 15MAX:  Similar, but for 15 min average.

# Check for loads:
#load 12 14 14

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""

# -----------------------------------------------------------------------------

###############################################################################
# Extensible sections.
#

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

# -----------------------------------------------------------------------------

###############################################################################
# Pass through control.
#

# Usage:
#   pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note:  You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example:  (see the script for details)
#           (commented out here since it requires that you place the
#           script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#

# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.

# Added for support of bcm5820 cards.
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

###############################################################################
# Further Information
#
#  See the snmpd.conf manual page, and the output of "snmpd -H".
[/text]


update:net-snmp man pages net-snmp-config

Author Info :
  • From:Net-SNMP(V3协议)安装配置笔记(CentOS 5.2)
  • URL:https://blog.ihipop.com/2010/03/722.html
  • Please Reserve This Link,Thanks!
  • 《Net-SNMP(V3协议)安装配置笔记(CentOS 5.2)》上有6条评论

    1. 鸡鸡哥 :
      老兄,你这个对我帮助很大,但是,你说的“#注意上面一句,-a是密码,而用户名跟在最后面,-A是密码加密方式,
      5 #很多垃圾站的文章都把大a和小A搞反了

      我是不同意的,你的net-snmp-config是网上下载的,我的是yum得来的,yum得来的net-snmp-config和你的确实是相反的,
      “ SNMP Setup commands:
      –create-snmpv3-user [-ro] [-A authpass] [-X privpass]
      [-a MD5|SHA] [-x DES|AES] [username]”
      这是官方的帮助,没错吧

      首先感谢您的反馈
      可能不同的打包不一样,但是其本质都是一个shell脚本
      另外。我是在net-snmp.org的官方找到的man手册,和我文章里面叙述的一致
      我觉得,官方man手册更加靠谱吧
      SEE:
      http://www.net-snmp.org/docs/man/net-snmp-config.html
      的SNMP Setup command章节
      SNMP Setup commands:

      --create-snmpv3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
      [-A MD5|SHA] [username]

    2. 老兄,你这个对我帮助很大,但是,你说的“#注意上面一句,-a是密码,而用户名跟在最后面,-A是密码加密方式,

      5 #很多垃圾站的文章都把大a和小A搞反了

      我是不同意的,你的net-snmp-config是网上下载的,我的是yum得来的,yum得来的net-snmp-config和你的确实是相反的,
      “ SNMP Setup commands:

      --create-snmpv3-user [-ro] [-A authpass] [-X privpass]
      [-a MD5|SHA] [-x DES|AES] [username]”
      这是官方的帮助,没错吧

    发表回复

    您的电子邮箱地址不会被公开。 必填项已用 * 标注