Re: [leaf-user] snmp problem

[Eric de Thouars]

Hi Dai,
The snmp daemon uses tcp-wrappers, so you need to allow access to you LEAF 
system in the /etc/hosts.allow file.

 - Eric de Thouars
At 04:14 18-12-2004, bin dai wrote:
Hello everyone!
I'm using net-snmp under Bering-uClibc, but when I
query it, I get no answer.
I installed the following packages:
libm(v0.9.20), libsnmp(v5.1.1-2), snmpmibs(v5.1.1-2),
netsnmpd(v5.1.1-2), netsnmpu(v5.1.1-2)
I used the snmpd.conf file provided by the package, so
the public community should work.
I started the daemon with:
# /etc/init.d/snmpd start
And I query:
# snmpwalk -v 2c -c public 127.0.0.1
Timeout: No Response from 127.0.0.1
in /var/log/daemon.log:
Dec 17 17:43:27 firewall snmpd[32208]: Connection from
127.0.0.1 REFUSED
Which should mean that snmpd received the request but
refused it.
I even tried to write a snmpd.conf file by hand
according to the bering-uclibc usrs' guide, but it
still didn't work
Can anyone help?
Thanks a lot!
DAI Bin
ps:
The snmpd.conf file is:
###########################################################################
#
# snmpd.conf
#
#
<http://net-snmp.sourceforge.net/man/snmpd.conf.html>
#
###########################################################################
# SECTION: System Information Setup
#
#   This section defines some of the information
reported in
#   the "system" mib group in the mibII tree.
# syscontact: The contact information for the
administrator
#   arguments:  contact_string
syscontact  "Root <[EMAIL PROTECTED]>"
# syslocation: The [typically physical] location of
the system.
#   arguments:  location_string
syslocation  "City, State Country"
# sysname: Do you need to hardcode the system name?
#   arguments:  system_name
sysname firewall
# sysservices: The proper value for the sysServices
object.
#   arguments:  sysservices_number
sysservices 15

###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to
your running
#   snmp agent.
#
-----------------------------------------------------------------------------
# These create read-only & read-write communities that
can be used to
# access the agent.  They are a quick method of using
the following
# com2sec, group, access, and view directive lines.
They are not as
# efficient, as groups aren't created so the tables
are possibly larger.
# In other words: don't use these if you have complex
situations to set up.
#
-----------------------------------------------------------------------------
# rouser: a SNMPv3 read-only user
#   arguments:  user [noauth|auth|priv]
[restriction_oid]
#
# rouser  _ro_auth_user_    auth    system
# rouser  _ro_noauth_user_  noauth  system
# rouser  _ro_priv_user_    priv    all
# rwuser: a SNMPv3 read-write user
#   arguments:  user [noauth|auth|priv]
[restriction_oid]
#
# rouser  _rw_auth_user_    auth    system
# rouser  _rw_noauth_user_  noauth  system
# rouser  _rw_priv_user_    priv    all
# rwcommunity: a SNMPv1/SNMPv2c read-write access
community name
#   arguments:  community
[default|hostname|network/bits] [oid]
#
# rwcommunity  _rw_Private_Community_Name_  default
system
# rocommunity: a SNMPv1/SNMPv2c read-only access
community name
#   arguments:  community
[default|hostname|network/bits] [oid]
#
rocommunity  public  default
#
-----------------------------------------------------------------------------
# snmpd supports the View-Based Access Control Model
(vacm) as defined
# in RFC 2275.  To this end, it recognizes the
following keywords in the
# configuration file: com2sec, group, access, and
view.  See:
#
<http://net-snmp.sourceforge.net/FAQ.html#How_do_I_configure_access_control_>
#
-----------------------------------------------------------------------------
####
# First, map the community name (COMMUNITY) into a
security name
# (local and mynetwork, depending on where the request
is coming
# from).  NOTE: First match wins!
#
#          sec.name   source   community
com2sec    paranoid   default
_ltd_Private_Community_Name_
com2sec    readonly   default  public
com2sec    readwrite  default
_rw_Private_Community_Name_
####
# Second, map the security names into group names:
#
#      groupName  sec.model  sec.name
group  RO_Group   usm        readonly
group  RO_Group   v1         readonly
group  RO_Group   v2c        readonly
group  RO_System  usm        paranoid
group  RO_System  v1         paranoid
group  RO_System  v2c        paranoid
group  RW_Group   usm        readwrite
group  RW_Group   v1         readwrite
group  RW_Group   v2c        readwrite
####
# Third, create a view for us to let the groups have
rights to:
#
#     name    incl/excl  subtree
           mask (optional)
view  all     included   .1
#view  system  included
.iso.org.dod.internet.mgmt.mib-2.system
####
# Finally, grant the 2 groups access to the 1 view
with different
# write permissions:
#
#       group      context  sec.model  sec.level
match  read    write  notif
access  RO_System  ""       any        noauth
exact  system  none   none
access  RO_Group   ""       any        noauth
exact  all     none   none
access  RW_Group   ""       any        noauth
exact  all     all    none
#
-----------------------------------------------------------------------------

###########################################################################
# SECTION: Trap Destinations
#
#   Here we define who the agent will send traps to.
# authtrapenable: Should we send traps when
authentication failures occur
#   arguments: 1 | 2   (1 = yes, 2 = no)
authtrapenable  2
# informsink: A SNMPv2c inform (acknowledged trap)
receiver
#   arguments: host [community] [portnum]
#informsink  _Special_SNMP_Manager_
_Private_Community_Name_
# trapcommunity: Default trap sink community to use
#   arguments: community-string
#trapcommunity  _Private_Community_Name_
# trapsink: A SNMPv1 trap receiver
#   arguments: host [community] [portnum]
#trapsink  _Special_SNMP_Manager_
_Private_Community_Name_
# trap2sink: A SNMPv2c trap receiver
#   arguments: host [community] [portnum]
#trap2sink  _Special_SNMP_Manager_
_Private_Community_Name_

###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
#   The following check up on various aspects of a
host.
# file: Check on the size of a file.
#   Display a files size statistics.
#   If it grows to be too large, report an error about
it.
#
#    file /path/to/file [maxsize_in_bytes]
#
#      if maxsize is not specified, assume only size
reporting is needed.
#
#   The results are reported in the fileTable section
of the UCD-SNMP-MIB tree
file  /var/log/messages 5000000
# load: Check for unreasonable load average values.
#   Watch the load average levels on the machine.
#
#    load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
#    1MAX:   If the 1 minute load average is above
this limit at query
#            time, the errorFlag will be set.
#    5MAX:   Similar, but for 5 min average.
#    15MAX:  Similar, but for 15 min average.
#
#   The results are reported in the laTable section of
the UCD-SNMP-MIB tree
load  12 10 8
# disk: Check for disk space usage of a partition.
#   The agent can check the amount of available disk
space, and make
#   sure it is above a set limit.
#
#    disk PATH [MIN=100000]
#
#    PATH:  mount path to the disk in question.
#    MIN:   Disks with space below this value will
have the Mib's errorFlag set.
#           Can be a raw byte value or a percentage
followed by the %
#           symbol.  Default value = 100000.
#
#   The results are reported in the dskTable section
of the UCD-SNMP-MIB tree
#disk  / 10%
# proc: Check for processes that should be running.
#     proc NAME [MAX=0] [MIN=0]
#
#     NAME:  the name of the process to check for.  It
must match
#            exactly (ie, http will not find httpd
processes).
#     MAX:   the maximum number allowed to be running.
 Defaults to 0.
#     MIN:   the minimum number to be running.
Defaults to 0.
#
#   The results are reported in the prTable section of
the UCD-SNMP-MIB tree
#   Special Case:  When the min and max numbers are
both 0, it assumes
#   you want a max of infinity and a min of 1.
proc  syslogd 1 1


__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html