LoginSignup
0
3

More than 5 years have passed since last update.

@panther0715(ShinagawaRiverSide Engineering)

snmpサーバ関連のtips

Last updated at Posted at 2018-02-13

自分向けの備忘録
環境は、CentOS7.3

★snmpd.confの中身

rocommunity    hogehoge
trapCommunity  hogehoge
trap2sink      localhost hogehoge

#First, map the community name "public" into a "security name"
#sec.name  source          community
com2sec notConfigUser  default       public
com2sec omnet     192.168.1.0/24  hogehoge
com2sec omnet     192.168.13.0/24 hogehoge

####
# Second, map the security name into a group name:
# groupName      securityModel securityName
group   omnet_group   v1            omnet
group   omnet_group   v2c           omnet
group   omnet_group   usm           omnet

####
# Third, create a view for us to let the group have rights to:
# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
#view    systemview    included   .1.3.6.1.2.1.1
#view    systemview    included   .1.3.6.1.2.1.25.1.1
view    view_all      included   .1

####
# Finally, grant the group read-only access to the systemview view.
# group          context sec.model sec.level prefix read   write  notif
#access  notConfigGroup ""      any       noauth    exact  systemview none none
access  omnet_group    ""      any       noauth    exact  view_all   none none

★snmptrapd.confの中身

※除外させたいやつは、traphandleで指定

authCommunity   log,execute,net aphrodite2

### Add
#createUser user SHA password AES password

traphandle .1.3.6.1.4.1.6876.4.1.0.* /bin/true
traphandle .1.3.6.1.4.1.6876.4.90.0.401 /bin/true
traphandle .1.3.6.1.4.1.3183.1.1.0.* /bin/true
traphandle default /usr/bin/traptoemail -f <fromadd> -s <smtpserver> alert@hoge.local

※traptoemailは、別途、net-snmp-perlパッケージをインストールすること。
 また、LANGをen_USにしとかないと、mailのtimeヘッダが可笑しなことになり、1970/1/1となってしまうので注意。

起動オプション

※ログはfacility5で出力の場合

■snmpd
# cat /etc/sysconfig/snmpd
# snmpd command line options
# '-f' is implicitly added by snmpd systemd unit file
# OPTIONS="-LS0-6d"
OPTIONS="-Ls5 -Lf /dev/null -p /var/run/snmpd.pid -a"


■snmptrapd
# cat /etc/sysconfig/snmptrapd
# snmptrapd command line options
# '-f' is implicitly added by snmptrapd systemd unit file
# OPTIONS="-Lsd"
OPTIONS="-Ls5 -Lf /dev/null -p /var/run/snmptrapd.pid -a"

★vendor mibsの配置(/etc/snmp/snmp.conf)

mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/vendormibs

★snmp v3の対応

# service snmpd stop
# net-snmp-create-v3-user -ro -A password -a SHA -X password -x AES username
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser snmpv3user SHA "snmpv3authPass" AES snmpv3encPass
adding the following line to /etc/snmp/snmpd.conf:
rouser snmpv3user

ここで、snmpd startの実施
上記より、ユーザ追加時に下記変更が加わる

1./var/lib/net-snmp/snmpd.conf
usmUser XXXXXXXXXXXXXXXXXX anmpadmin XXXXXXXXXXXXXXXXXX
 上記行が追記される

2./etc/snmp/snmpd.conf
rouser snmpadmin
 上記行が追記される

★rsyslog.confの中身

#kern.*                                                 /dev/console

#SNMP Log section
local5.*                                               /var/log/snmp/snmplog
& ~

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

★trap確認howto

snmptrap -v 2c -c hogehoge <機器のip> '' .1.3.6.1.4.1.8072.100 .1.3.6.1.4.1.8072.100.1 s "hogehoge" 

snmpwalk -v 2c -c hogehoge <機器のip>
snmpwalk -v 2c -c hogehoge <機器のip> CISCO-PROCESS-MIB::cpmCPUTotal5minRev

snmpwalk -v3 -u user -l authPriv -a SHA -A password -x AES -X password <機器のip> system
0
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
3