RE: Frustration with Disk Monitoring

[Darren Gamble]

Good day,

This is selinux complaining about access, not snmpd.

You can either use selinux's audit2allow command to allow this access, or set 
the selinux policy to let snmpd access whatever it needs (I know there is a 
flag someplace just for the snmpd daemon).  If you have any further questions 
on this, they should be directed to a selinux forum.

FYI,

============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948
 
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Palmadesso Jack 
IT743
Sent: Thursday, December 15, 2005 12:51 PM
To: net-snmp-users@lists.sourceforge.net
Subject: Frustration with Disk Monitoring

Hello all, 
 I've been messing around with the RHEL 4 installation of Net-SNMP and after 
reading the docs ( man snmpd.conf ) I've tried to monitor the disks on my 
system.  Its been failing miserably with "token" errors.  I guessed that I need 
to compile my own version of net-snmp so I did and did so with these options.
./configure --with-perl-modules --with-mib-modules="disman/event-mib" 
I was hoping that by using this it would work but now I'm getting slightly 
different errors.  Seems like progress though.
Dec 15 14:45:20 w72l-tux kernel: audit(1134675920.917:0): avc:  denied  { 
getattr } for  pid=9101 exe=/usr/sbin/snmpd path=/home dev=hda4 ino=2 
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dir
I really have no idea what it is complaining about.  Can anybody tell me ? Here 
is my snmpd.conf 

########################################################################### 
# 
# snmpd.conf 
# 
#   - created by the snmpconf configuration program 
# 
########################################################################### 
# SECTION: Trap Destinations 
# 
#   Here we define who the agent will send traps to. 
# trap2sink: A SNMPv2c trap receiver 
#   arguments: host [community] [portnum] 
trap2sink  netcool 
trap2sink  209.243.240.105 
# informsink: A SNMPv2c inform (acknowledged trap) receiver 
#   arguments: host [community] [portnum] 
informsink  209.243.240.105 
# trapcommunity: Default trap sink community to use 
#   arguments: community-string 
trapcommunity  SPG-UnxVisi0n 
trapcommunity  public 
# authtrapenable: Should we send traps when authentication failures occur 
#   arguments: 1 | 2   (1 = yes, 2 = no) 
authtrapenable  1 

########################################################################### 
# SECTION: System Information Setup 
# 
#   This section defines some of the information reported in 
#   the "system" mib group in the mibII tree. 
# syslocation: The [typically physical] location of the system. 
#   Note that setting this value here means that when trying to 
#   perform an snmp SET operation to the sysLocation.0 variable will make 
#   the agent return the "notWritable" error code.  IE, including 
#   this token in the snmpd.conf file will disable write access to 
#   the variable. 
#   arguments:  location_string 
syslocation  "Siemens Power Generation" 
# syscontact: The contact information for the administrator 
#   Note that setting this value here means that when trying to 
#   perform an snmp SET operation to the sysContact.0 variable will make 
#   the agent return the "notWritable" error code.  IE, including 
#   this token in the snmpd.conf file will disable write access to 
#   the variable. 
#   arguments:  contact_string 
syscontact      "PG IT Root [EMAIL PROTECTED]" 

########################################################################### 
# SECTION: Monitor Various Aspects of the Running Host 
# 
#   The following check up on various aspects of a host. 
# disk: Check for disk space usage of a partition. 
#   The agent can check the amount of available disk space, and make 
#   sure it is above a set limit. 
# 
#    disk PATH [MIN=100000] 
# 
#    PATH:  mount path to the disk in question. 
#    MIN:   Disks with space below this value will have the Mib's errorFlag 
set. 
#           Can be a raw byte value or a percentage followed by the % 
#           symbol.  Default value = 100000. 
# 
#   The results are reported in the dskTable section of the UCD-SNMP-MIB tree 
disk  /home 90% 
agentSecName internal 
rouser internal 
monitor   -o dskPath -o dskErrorMsg "dskTable" dskErrorFlag != 0 
#monitor -u root -i -r 30 -o dskPath.1 -o dskErrorMsg.1 "home file system" 
dskErrorFlag.1 !=0 
# load: Check for unreasonable load average values. 
#   Watch the load average levels on the machine. 
# 
#    load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] 
# 
#    1MAX:   If the 1 minute load average is above this limit at query 
#            time, the errorFlag will be set. 
#    5MAX:   Similar, but for 5 min average. 
#    15MAX:  Similar, but for 15 min average. 
# 
#   The results are reported in the laTable section of the UCD-SNMP-MIB tree 
# load  5.5 5.5 5.5 

########################################################################### 
# SECTION: Access Control Setup 
# 
#   This section defines who is allowed to talk to your running 
#   snmp agent. 
# rocommunity: a SNMPv1/SNMPv2c read-only access community name 
#   arguments:  community [default|hostname|network/bits] [oid] 
rocommunity xxxx localhost 
rocommunity xxxx pg-mon-01 
rocommunity xxxx pg-mon-02 
rocommunity xxxx pg-mon-03 
rocommunity xxxx pg-mon-04 
rocommunity xxxx pg-mon-05 
rocommunity xxxx pg-mon-06 
rocommunity xxxx pg-mon-07 
rocommunity xxxx pg-mon-08 
rocommunity xxxx pg-mon-09 
rocommunity xxxx pg-mon-10 
rocommunity xxxx netcool 
rocommunity xxxx nnm 
rocommunity xxxx ehealth 
Jack 


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users