|
my answers are in the text below. Thanks Regards Nicolas Dave Shield a écrit : ok, i've corrected it.On Thu, 2006-01-19 at 15:43 +0100, Nicolas Cogne wrote: I join it again (snmpd.conf) my subagent answers correctly: > snmpget -v 1 -c public localhost:7071 .1.3.6.1.4.1.2390.1.3.1.1.0 enterprises.2390.1.3.1.1.0 = "5.2" but when i am trying without specifying the port, i have got no answer: > snmpget -v 1 -c public localhost .1.3.6.1.4.1.2390.1.3.1.1.0 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: enterprises.2390.1.3.1.1.0 the snmpd.conf configuration file i've sent you is for the master agent. I send you back the two configuration files:These two agents will need separate config files. snmpd.conf for the master agent (5.1.2 master agent). subagent.conf for the subagent (4.2.3 subagent). but the proxy seems not working: > snmpget -v 1 -c public localhost .1.3.6.1.4.1.2390.1.3.1.1.0 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: enterprises.2390.1.3.1.1.0 I have no answer from my subagent when i query the master agent first. I join with this email the traces generated by the master agent (just an extract relative to my query). Are my configuration files ok ? both ? Thanks Dave |
############################################################################### # # EXAMPLE.conf: # An example configuration file for configuring the ucd-snmp snmpd agent. # ############################################################################### # # This file is intended to only be an example. If, however, you want # to use it, it should be placed in /opt/share/snmp/snmpd.conf. # When the snmpd agent starts up, this is where it will look for it. # # Note: This file is automatically generated from EXAMPLE.conf.def. # Do NOT read the EXAMPLE.conf.def file! Instead, after you have run # configure & make, and then make sure you read the EXAMPLE.conf file # instead, as it will tailor itself to your configuration. # All lines beginning with a '#' are comments and are intended for you # to read. All other lines are configuration commands for the agent. # # PLEASE: read the snmpd.conf(5) manual page as well! # ############################################################################### # Access Control ############################################################################### # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. # By far, the most common question I get about the agent is "why won't # it work?", when really it should be "how do I configure the agent to # allow me to access it?" # # By default, the agent responds to the "public" community for read # only access, if run out of the box without any configuration file in # place. The following examples show you other ways of configuring # the agent so that you can change the community names, and give # yourself write access as well. # # The following lines change the access permissions of the agent so # that the COMMUNITY string provides read-only access to your entire # NETWORK (EG: 10.10.10.0/24), and read/write access to only the # localhost (127.0.0.1, not its real ipaddress). # # For more information, read the FAQ as well as the snmpd.conf(5) # manual page. #### # First, map the community name (COMMUNITY) into a security name # (local and mynetwork, depending on where the request is coming # from): # sec.name source community com2sec localro localhost public com2sec localrw localhost netman com2sec localipro 172.17.1.177 public com2sec localiprw 172.17.1.177 netman #### # Second, map the security names into group names: # sec.model sec.name group localrogp v1 localro group localrogp v2c localro group localrogp usm localro group localrwgp v1 localrw group localrwgp v2c localrw group localrwgp usm localrw # group MyROGroup v1 mynetwork # group MyROGroup v2c mynetwork # group MyROGroup usm mynetwork # group MyRWGroup v1 mynetset # group MyRWGroup v2c mynetset # group MyRWGroup usm mynetset group localiprogp v1 localipro group localiprogp v2c localipro group localiprogp usm localipro group localiprwgp v1 localiprw group localiprwgp v2c localiprw group localiprwgp usm localiprw #### # Third, create a view for us to let the groups have rights to: # view all included .1 80 # view enterprises included .1.3.6.1.4.1 fc # view sni included .1.3.6.1.4.1.231 fe # view ferma included .1.3.6.1.4.1.2390 fe # view mib2 included .1.3.6.1.2.1 fc # view host included .1.3.6.1.2.1.25 fe # incl/excl subtree mask view ferma included .1.3.6.1.4.1 fa view ferma included .1.3.6.1.2.1.25 fe #### # Finally, grant the 2 groups access to the 1 view with different # write permissions: # context sec.model sec.level match read write notif access localrogp "" any noauth exact ferma none none access localrwgp "" any noauth exact ferma ferma none access localiprogp "" any noauth exact ferma none none access localiprwgp "" any noauth exact ferma ferma none # access MyROGroup "" any noauth exact ferma none none # access MyRWGroup "" any noauth exact ferma ferma none # ----------------------------------------------------------------------------- ############################################################################### # System contact information # # It is also possible to set the sysContact and sysLocation system # variables through the snmpd.conf file: # Example output of snmpwalk: # % snmpwalk -v 1 localhost public system # system.sysDescr.0 = "SunOS name sun4c" # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 # system.sysContact.0 = "Me <[EMAIL PROTECTED]>" # system.sysName.0 = "name" # system.sysLocation.0 = "Right here, right now." # system.sysServices.0 = 72 # ----------------------------------------------------------------------------- ############################################################################### # Process checks. # # The following are examples of how to use the agent to check for # processes running on the host. The syntax looks something like: # # proc NAME [MAX=0] [MIN=0] # # NAME: the name of the process to check for. It must match # exactly (ie, http will not find httpd processes). # MAX: the maximum number allowed to be running. Defaults to 0. # MIN: the minimum number to be running. Defaults to 0. # # Examples: # # Make sure mountd is running #proc mountd # Make sure there are no more than 4 ntalkds running, but 0 is ok too. #proc ntalkd 4 # Make sure at least one sendmail, but less than or equal to 10 are running. #proc sendmail 10 1 # A snmpwalk of the prTable would look something like this: # # % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.2 # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 # # Note that the errorFlag for mountd is set to 1 because one is not # running (in this case an rpc.mountd is, but thats not good enough), # and the ErrMessage tells you what's wrong. The configuration # imposed in the snmpd.conf file is also shown. # # Special Case: When the min and max numbers are both 0, it assumes # you want a max of infinity and a min of 1. # # ----------------------------------------------------------------------------- ############################################################################### # Executables/scripts # # # You can also have programs run by the agent that return a single # line of output and an exit code. Here are two examples. # # exec NAME PROGRAM [ARGS ...] # # NAME: A generic name. # PROGRAM: The program to run. Include the path! # ARGS: optional arguments to be passed to the program # a simple hello world #exec echotest /bin/echo hello world # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # #exec shelltest /bin/sh /tmp/shtest # Then, # % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.8 # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 # Note that the second line of the /tmp/shtest shell script is cut # off. Also note that the exit status of 35 was returned. # ----------------------------------------------------------------------------- ############################################################################### # disk checks # # The agent can check the amount of available disk space, and make # sure it is above a set limit. # disk PATH [MIN=DEFDISKMINIMUMSPACE] # # PATH: mount path to the disk in question. # MIN: Disks with space below this value will have the Mib's errorFlag set. # Default value = DEFDISKMINIMUMSPACE. # Check the / partition and make sure it contains at least 10 megs. #disk / 10000 # % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.9 # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" # ----------------------------------------------------------------------------- ############################################################################### # load average checks # # load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] # # 1MAX: If the 1 minute load average is above this limit at query # time, the errorFlag will be set. # 5MAX: Similar, but for 5 min average. # 15MAX: Similar, but for 15 min average. # Check for loads: #load 12 14 14 # % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.10 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" # ----------------------------------------------------------------------------- ############################################################################### # Extensible sections. # # This alleviates the multiple line output problem found in the # previous executable mib by placing each mib in its own mib table: # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest # % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.50 # enterprises.ucdavis.50.1.1 = 1 # enterprises.ucdavis.50.2.1 = "shelltest" # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.50.100.1 = 35 # enterprises.ucdavis.50.101.1 = "hello world." # enterprises.ucdavis.50.101.2 = "hi there." # enterprises.ucdavis.50.102.1 = 0 # Now the Output has grown to two lines, and we can see the 'hi # there.' output as the second line from our shell script. # # Note that you must alter the mib.txt file to be correct if you want # the .50.* outputs above to change to reasonable text descriptions. # Other ideas: # # exec .1.3.6.1.4.1.2021.51 ps /bin/ps # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq # ----------------------------------------------------------------------------- ############################################################################### # Pass through control. # # Usage: # pass MIBOID EXEC-COMMAND # # This will pass total control of the mib underneath the MIBOID # portion of the mib to the EXEC-COMMAND. # # Note: You'll have to change the path of the passtest script to your # source directory or install it in the given location. # # Example: (see the script for details) # (commented out here since it requires that you place the # script in the right location. (its not installed by default)) # pass .1.3.6.1.4.1.2021.255 /bin/sh /opt/local/passtest # % snmpwalk -v 1 localhost public .1.3.6.1.4.1.2021.255 # enterprises.ucdavis.255.1 = "life the universe and everything" # enterprises.ucdavis.255.2.1 = 42 # enterprises.ucdavis.255.2.2 = OID: 42.42.42 # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 # enterprises.ucdavis.255.5 = 42 # enterprises.ucdavis.255.6 = Gauge: 42 # # % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 # enterprises.ucdavis.255.5 = 42 # # % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" # enterprises.ucdavis.255.1 = "New string" # # For specific usage information, see the man/snmpd.conf.5 manual page # as well as the local/passtest script used in the above example. ############################################################################### # Further Information # # See the snmpd.conf manual page, and the output of "snmpd -H". # MUCH more can be done with the snmpd.conf than is shown as an # example here.
trace: receive(): snmpd.c, 1121:
snmpd/select: returned, count = 1
trace: netsnmp_udp_recv(): snmpUDPDomain.c, 133:
netsnmp_udp: recvfrom fd 12 got 47 bytes (from 127.0.0.1)
trace: _sess_process_packet(): snmp_api.c, 4892:
sess_process_packet: session 0x9f33430 fd 12 pkt 0x9f33688 length 47
Received 47 bytes from 127.0.0.1
0000: 30 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 20 02 0-.....public. .
0016: 04 7F D4 F8 88 02 01 00 02 01 00 30 12 30 10 06 ...........0.0..
0032: 0C 2B 06 01 04 01 92 56 01 03 01 01 00 05 00 .+.....V.......
Received SNMP packet(s) from 127.0.0.1
dumpx_recv:02 01 00
dumpv_recv: Integer: 0 (0x00)
trace: _snmp_parse(): snmp_api.c, 3919:
snmp_api: Parsing SNMPv1 message...
trace: _snmp_parse(): snmp_api.c, 3925:
dumph_recv: SNMPv1 message
trace: snmp_comstr_parse(): snmp_auth.c, 131:
dumph_recv: SNMP version
dumpx_recv: 02 01 00
dumpv_recv: Integer: 0 (0x00)
trace: snmp_comstr_parse(): snmp_auth.c, 143:
dumph_recv: community string
dumpx_recv: 04 06 70 75 62 6C 69 63
dumpv_recv: String: public
trace: _snmp_parse(): snmp_api.c, 3968:
dumph_recv: PDU
trace: snmp_pdu_parse(): snmp_api.c, 4179:
dumph_recv: request_id
dumpx_recv: 02 04 7F D4 F8 88
dumpv_recv: Integer: 2144663688 (0x7FD4F888)
trace: snmp_pdu_parse(): snmp_api.c, 4190:
dumph_recv: error status
dumpx_recv: 02 01 00
dumpv_recv: Integer: 0 (0x00)
trace: snmp_pdu_parse(): snmp_api.c, 4201:
dumph_recv: error index
dumpx_recv: 02 01 00
dumpv_recv: Integer: 0 (0x00)
trace: snmp_pdu_parse(): snmp_api.c, 4219:
dumph_recv: VarBindList
trace: snmp_pdu_parse(): snmp_api.c, 4249:
dumph_recv: VarBind
trace: snmp_parse_var_op(): snmp.c, 166:
dumph_recv: Name
dumpx_recv: 06 0C 2B 06 01 04 01 92 56 01 03 01 01 00
dumpv_recv: ObjID: SNMPv2-SMI::enterprises.2390.1.3.1.1.0
trace: snmp_pdu_parse(): snmp_api.c, 4258:
dumph_recv: Value
GET message
-- SNMPv2-SMI::enterprises.2390.1.3.1.1.0
trace: init_agent_snmp_session(): snmp_agent.c, 1135:
snmp_agent: agent_sesion 0x9f438e0 created
trace: snmp_call_callbacks(): callback.c, 176:
callback: START calling callbacks for maj=1 min=5
trace: snmp_call_callbacks(): callback.c, 184:
callback: calling a callback for maj=1 min=5
trace: vacm_in_view(): mibII/vacm_vars.c, 744:
mibII/vacm_vars: vacm_in_view: ver=0, community=public
trace: netsnmp_udp_getSecName(): snmpUDPDomain.c, 733:
netsnmp_udp_getSecName: resolve <"public", 0x0100007f>
trace: netsnmp_udp_getSecName(): snmpUDPDomain.c, 738:
netsnmp_udp_getSecName: compare <"public", 0x00000000/0x00000000>... SUCCESS
trace: netsnmp_subtree_find_first(): agent_registry.c, 156:
subtree: looking for subtree for context: ""
trace: netsnmp_subtree_find_first(): agent_registry.c, 160:
subtree: found one for: ""
trace: vacm_in_view(): mibII/vacm_vars.c, 851:
mibII/vacm_vars: vacm_in_view: sn=notConfigUser, gn=notConfigGroup, Done
checking setup
trace: snmp_call_callbacks(): callback.c, 196:
callback: END calling callbacks for maj=1 min=5 (1 called)
trace: snmp_call_callbacks(): callback.c, 176:
callback: START calling callbacks for maj=1 min=0
trace: snmp_call_callbacks(): callback.c, 184:
callback: calling a callback for maj=1 min=0
trace: vacm_in_view(): mibII/vacm_vars.c, 744:
mibII/vacm_vars: vacm_in_view: ver=0, community=public
trace: netsnmp_udp_getSecName(): snmpUDPDomain.c, 733:
netsnmp_udp_getSecName: resolve <"public", 0x0100007f>
trace: netsnmp_udp_getSecName(): snmpUDPDomain.c, 738:
netsnmp_udp_getSecName: compare <"public", 0x00000000/0x00000000>... SUCCESS
trace: netsnmp_subtree_find_first(): agent_registry.c, 156:
subtree: looking for subtree for context: ""
trace: netsnmp_subtree_find_first(): agent_registry.c, 160:
subtree: found one for: ""
trace: vacm_in_view(): mibII/vacm_vars.c, 851:
mibII/vacm_vars: vacm_in_view: sn=notConfigUser, gn=notConfigGroup,
vn=systemviewtrace: vacm_getViewEntry(): vacm.c, 370:
vacm:getView: , none
trace: snmp_call_callbacks(): callback.c, 196:
callback: END calling callbacks for maj=1 min=0 (1 called)
trace: netsnmp_handle_request(): snmp_agent.c, 2833:
results: request results (status = 0):
trace: netsnmp_handle_request(): snmp_agent.c, 2836:
results: SNMPv2-SMI::enterprises.2390.1.3.1.1.0 No Such Object available
on this agent at this OID
trace: _snmp_build(): snmp_api.c, 2769:
snmp_send: Building SNMPv1 message...
trace: _snmp_build(): snmp_api.c, 2772:
dumph_send: PDU-RESPONSE
trace: snmp_pdu_realloc_rbuild(): snmp_api.c, 3124:
snmp_pdu_realloc_rbuild: starting
trace: snmp_pdu_realloc_rbuild(): snmp_api.c, 3139:
dumph_send: VarBind
trace: snmp_realloc_rbuild_var_op(): snmp.c, 341:
dumph_send: Value
dumpx_send: 05 00
dumpv_send: NULL
trace: snmp_realloc_rbuild_var_op(): snmp.c, 442:
dumph_send: Name
dumpx_send: 06 0C 2B 06 01 04 01 92 56 01 03 01 01 00
dumpv_send: ObjID: SNMPv2-SMI::enterprises.2390.1.3.1.1.0
trace: snmp_pdu_realloc_rbuild(): snmp_api.c, 3207:
dumph_send: error index
dumpx_send: 02 01 01
dumpv_send: Integer: 1 (0x01)
trace: snmp_pdu_realloc_rbuild(): snmp_api.c, 3220:
dumph_send: error status
dumpx_send: 02 01 02
dumpv_send: Integer: 2 (0x02)
trace: snmp_pdu_realloc_rbuild(): snmp_api.c, 3233:
dumph_send: request_id
dumpx_send: 02 04 7F D4 F8 88
dumpv_send: Integer: 2144663688 (0x7FD4F888)
trace: _snmp_build(): snmp_api.c, 2778:
dumph_send: Community String
dumpx_send: 04 06 70 75 62 6C 69 63
dumpv_send: String: public
trace: _snmp_build(): snmp_api.c, 2794:
dumph_send: SNMP Version Number
dumpx_send: 02 01 00
dumpv_send: Integer: 0 (0x00)
trace: _snmp_build(): snmp_api.c, 2812:
dumph_send: SNMPv1 Message
Sending 47 bytes to 127.0.0.1
0000: 30 2D 02 01 00 04 06 70 75 62 6C 69 63 A2 20 02 0-.....public. .
0016: 04 7F D4 F8 88 02 01 02 02 01 01 30 12 30 10 06 ...........0.0..
0032: 0C 2B 06 01 04 01 92 56 01 03 01 01 00 05 00 .+.....V.......
trace: netsnmp_udp_send(): snmpUDPDomain.c, 166:
netsnmp_udp: send 47 bytes from 0x9f44811 to 127.0.0.1 on fd 12
trace: netsnmp_remove_and_free_agent_snmp_session(): snmp_agent.c, 1550:
snmp_agent: REMOVE session == 0x9f438e0
trace: free_agent_snmp_session(): snmp_agent.c, 1159:
snmp_agent: agent_sesion 0x9f438e0 released
trace: handle_snmp_packet(): snmp_agent.c, 1687:
snmp_agent: end of handle_snmp_packet, asp = 0x9f438e0
trace: _sess_read(): snmp_api.c, 5210:
sess_read: not reading 11 (fdset 0xbfee4170 set 0)
trace: _sess_read(): snmp_api.c, 5210:
sess_read: not reading 10 (fdset 0xbfee4170 set 0)
trace: _sess_read(): snmp_api.c, 5210:
sess_read: not reading 7 (fdset 0xbfee4170 set 0)
trace: _sess_read(): snmp_api.c, 5210:
sess_read: not reading 4 (fdset 0xbfee4170 set 0)
trace: snmp_sess_select_info(): snmp_api.c, 5622:
sess_select: for all sessions: 12 11 10 7 4
trace: receive(): snmpd.c, 1119:
snmpd/select: select( numfds=13, ..., tvp=(nil))
############################################################################### # # snmpd.conf: # An example configuration file for configuring the ucd-snmp snmpd agent. # ############################################################################### # # This file is intended to only be as a starting point. Many more # configuration directives exist than are mentioned in this file. For # full details, see the snmpd.conf(5) manual page. # # All lines beginning with a '#' are comments and are intended for you # to read. All other lines are configuration commands for the agent. ############################################################################### # Access Control ############################################################################### # As shipped, the snmpd demon will only respond to queries on the # system mib group until this file is replaced or modified for # security purposes. Examples are shown below about how to increase the # level of access. # By far, the most common question I get about the agent is "why won't # it work?", when really it should be "how do I configure the agent to # allow me to access it?" # # By default, the agent responds to the "public" community for read # only access, if run out of the box without any configuration file in # place. The following examples show you other ways of configuring # the agent so that you can change the community names, and give # yourself write access to the mib tree as well. # # For more information, read the FAQ as well as the snmpd.conf(5) # manual page. #### # First, map the community name "public" into a "security name" # sec.name source community com2sec notConfigUser default public com2sec localro default public com2sec localrw localhost netman com2sec localipro 172.17.1.177 public com2sec localiprw 172.17.1.177 netman #proxy -v 1 -c public localhost:7071 .1.3.6.1.4.1.2390 proxy -v 1 -c public localhost:7071 .1.3.6.1.4.1.2390 #### # Second, map the security name into a group name: # groupName securityModel securityName group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser group localrogp v1 localro group localrogp v2c localro group localrogp usm localro group localrwgp v1 localrw group localrwgp v2c localrw group localrwgp usm localrw group localiprogp v1 localipro group localiprogp v2c localipro group localiprogp usm localipro group localiprwgp v1 localiprw group localiprwgp v2c localiprw group localiprwgp usm localiprw #### # Third, create a view for us to let the group have rights to: # Make at least snmpwalk -v 1 localhost -c public system fast again. # name incl/excl subtree mask(optional) view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 #### # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access notConfigGroup "" any noauth exact systemview none none access localrogp "" any noauth exact ferma none none access localrwgp "" any noauth exact ferma ferma none access localiprogp "" any noauth exact ferma none none access localiprwgp "" any noauth exact ferma ferma none # ----------------------------------------------------------------------------- # Here is a commented out example configuration that allows less # restrictive access. # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. ## sec.name source community #com2sec local localhost COMMUNITY #com2sec mynetwork NETWORK/24 COMMUNITY ## group.name sec.model sec.name #group MyRWGroup any local #group MyROGroup any mynetwork # #group MyRWGroup any otherv3user #... ## incl/excl subtree mask #view all included .1 80 ## -or just the mib2 tree- #view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc ## context sec.model sec.level prefix read write notif #access MyROGroup "" any noauth 0 all none none #access MyRWGroup "" any noauth 0 all all all ############################################################################### # Sample configuration to make net-snmpd RFC 1213. # Unfortunately v1 and v2c don't allow any user based authentification, so # opening up the default config is not an option from a security point. # # WARNING: If you uncomment the following lines you allow write access to your # snmpd daemon from any source! To avoid this use different names for your # community or split out the write access to a different community and # restrict it to your local network. # Also remember to comment the syslocation and syscontact parameters later as # otherwise they are still read only (see FAQ for net-snmp). # # First, map the community name "public" into a "security name" # sec.name source community #com2sec notConfigUser default public # Second, map the security name into a group name: # groupName securityModel securityName #group notConfigGroup v1 notConfigUser #group notConfigGroup v2c notConfigUser # Third, create a view for us to let the group have rights to: # Open up the whole tree for ro, make the RFC 1213 required ones rw. # name incl/excl subtree mask(optional) #view roview included .1 #view rwview included system.sysContact #view rwview included system.sysName #view rwview included system.sysLocation #view rwview included interfaces.ifTable.ifEntry.ifAdminStatus #view rwview included at.atTable.atEntry.atPhysAddress #view rwview included at.atTable.atEntry.atNetAddress #view rwview included ip.ipForwarding #view rwview included ip.ipDefaultTTL #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1 #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2 #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3 #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4 #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5 #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType #view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState #view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger #view rwview included snmp.snmpEnableAuthenTraps # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif #access notConfigGroup "" any noauth exact roview rwview none ############################################################################### # System contact information # # It is also possible to set the sysContact and sysLocation system # variables through the snmpd.conf file: syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root <[EMAIL PROTECTED]> (configure /etc/snmp/snmp.local.conf) # Example output of snmpwalk: # % snmpwalk -v 1 localhost -c public system # system.sysDescr.0 = "SunOS name sun4c" # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 # system.sysContact.0 = "Me <[EMAIL PROTECTED]>" # system.sysName.0 = "name" # system.sysLocation.0 = "Right here, right now." # system.sysServices.0 = 72 # ----------------------------------------------------------------------------- ############################################################################### # Process checks. # # The following are examples of how to use the agent to check for # processes running on the host. The syntax looks something like: # # proc NAME [MAX=0] [MIN=0] # # NAME: the name of the process to check for. It must match # exactly (ie, http will not find httpd processes). # MAX: the maximum number allowed to be running. Defaults to 0. # MIN: the minimum number to be running. Defaults to 0. # # Examples (commented out by default): # # Make sure mountd is running #proc mountd # Make sure there are no more than 4 ntalkds running, but 0 is ok too. #proc ntalkd 4 # Make sure at least one sendmail, but less than or equal to 10 are running. #proc sendmail 10 1 # A snmpwalk of the process mib tree would look something like this: # # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2 # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 # # Note that the errorFlag for mountd is set to 1 because one is not # running (in this case an rpc.mountd is, but thats not good enough), # and the ErrMessage tells you what's wrong. The configuration # imposed in the snmpd.conf file is also shown. # # Special Case: When the min and max numbers are both 0, it assumes # you want a max of infinity and a min of 1. # # ----------------------------------------------------------------------------- ############################################################################### # Executables/scripts # # # You can also have programs run by the agent that return a single # line of output and an exit code. Here are two examples. # # exec NAME PROGRAM [ARGS ...] # # NAME: A generic name. # PROGRAM: The program to run. Include the path! # ARGS: optional arguments to be passed to the program # a simple hello world #exec echotest /bin/echo hello world # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # #exec shelltest /bin/sh /tmp/shtest # Then, # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8 # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 # Note that the second line of the /tmp/shtest shell script is cut # off. Also note that the exit status of 35 was returned. # ----------------------------------------------------------------------------- ############################################################################### # disk checks # # The agent can check the amount of available disk space, and make # sure it is above a set limit. # disk PATH [MIN=100000] # # PATH: mount path to the disk in question. # MIN: Disks with space below this value will have the Mib's errorFlag set. # Default value = 100000. # Check the / partition and make sure it contains at least 10 megs. #disk / 10000 # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9 # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" # ----------------------------------------------------------------------------- ############################################################################### # load average checks # # load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] # # 1MAX: If the 1 minute load average is above this limit at query # time, the errorFlag will be set. # 5MAX: Similar, but for 5 min average. # 15MAX: Similar, but for 15 min average. # Check for loads: #load 12 14 14 # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" # ----------------------------------------------------------------------------- ############################################################################### # Extensible sections. # # This alleviates the multiple line output problem found in the # previous executable mib by placing each mib in its own mib table: # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50 # enterprises.ucdavis.50.1.1 = 1 # enterprises.ucdavis.50.2.1 = "shelltest" # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.50.100.1 = 35 # enterprises.ucdavis.50.101.1 = "hello world." # enterprises.ucdavis.50.101.2 = "hi there." # enterprises.ucdavis.50.102.1 = 0 # Now the Output has grown to two lines, and we can see the 'hi # there.' output as the second line from our shell script. # # Note that you must alter the mib.txt file to be correct if you want # the .50.* outputs above to change to reasonable text descriptions. # Other ideas: # # exec .1.3.6.1.4.1.2021.51 ps /bin/ps # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq # ----------------------------------------------------------------------------- ############################################################################### # Pass through control. # # Usage: # pass MIBOID EXEC-COMMAND # # This will pass total control of the mib underneath the MIBOID # portion of the mib to the EXEC-COMMAND. # # Note: You'll have to change the path of the passtest script to your # source directory or install it in the given location. # # Example: (see the script for details) # (commented out here since it requires that you place the # script in the right location. (its not installed by default)) # pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255 # enterprises.ucdavis.255.1 = "life the universe and everything" # enterprises.ucdavis.255.2.1 = 42 # enterprises.ucdavis.255.2.2 = OID: 42.42.42 # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 # enterprises.ucdavis.255.5 = 42 # enterprises.ucdavis.255.6 = Gauge: 42 # # % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 # enterprises.ucdavis.255.5 = 42 # # % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" # enterprises.ucdavis.255.1 = "New string" # # For specific usage information, see the man/snmpd.conf.5 manual page # as well as the local/passtest script used in the above example. # Added for support of bcm5820 cards. pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat ############################################################################### # Further Information # # See the snmpd.conf manual page, and the output of "snmpd -H".
