2003-03-30 ###### Snmp tips and tricks ..... work in progress ..... leave it public ###### because I think it could be interesting for someone now... The goal of this paper is to explain briefly how to make one host (10.0.0.2) monitor with mrtg another host (10.0.0.1) using snmpd on Debian woody (could be adapted to other Os/Distributions). We will try to make it as secure as possible by giving access from 10.0.0.1 to 10.0.0.2 only and only on informations needed, using snmpv1 which is the most used actually on many snmp implementation. First, let's configure snmpd on the host we want to monitor: apt-get install snmpd In this document I will not use traps so we can disable it by editing /etc/default/snmpd : TRAPDRUN=no The main snmpd config file: /etc/snmp/snmpd.conf ############################################################################### # We could restrict access by listen on the necessary interface (10.0.0.1) # port@ip agentaddress 161@10.0.0.1 #### # We map the community name (public) into a security name (readonly: used # previously) and make it available from our monitoring host : 10.0.0.2 # sec.name host/net community com2sec readonly 10.0.0.2 public #### # We map the security name (readonly) into group name (MyROGroup): # sec.model sec.name group MyROGroup v1 readonly ### # Third, create a view for information we wan't to make availables # incl/excl subtree mask #Disks view restricted included .1.3.6.1.4.1.2021.9.1 #Cpu view restricted included .1.3.6.1.4.1.2021.10.1.3 #Mem view restricted included .1.3.6.1.4.1.2021.4 #Proc view restricted included .1.3.6.1.4.1.2021.2 #ifaces view restricted included .1.3.6.1.2.1.2 #### # Finally, grant access to restricted view to MyROGroup group. # context sec.model sec.level match read write notif access MyROGroup "" any noauth exact restricted none none # Here we want snmpd to check the number of sshd processes proc sshd # Here we want snmpd to check the partition usage for / and /home disk / disk /home ################################################################################ So now, just restart snmpd: /etc/init.d/snmpd restart And go to the host which will do the monitoring. On this host install snmp client for debbuging/test purpose: apt-get install snmp And let's play with it: Getting all available standard information from remote host: # host community snmpwalk 10.0.0.1 public interfaces.ifNumber.0 = 2 interfaces.ifTable.ifEntry.ifIndex.1 = 1 interfaces.ifTable.ifEntry.ifIndex.2 = 2 interfaces.ifTable.ifEntry.ifDescr.1 = lo interfaces.ifTable.ifEntry.ifDescr.2 = eth0 interfaces.ifTable.ifEntry.ifType.1 = softwareLoopback(24) interfaces.ifTable.ifEntry.ifType.2 = ethernetCsmacd(6) interfaces.ifTable.ifEntry.ifMtu.1 = 16436 interfaces.ifTable.ifEntry.ifMtu.2 = 1500 interfaces.ifTable.ifEntry.ifSpeed.1 = Gauge32: 10000000 interfaces.ifTable.ifEntry.ifSpeed.2 = Gauge32: 10000000 interfaces.ifTable.ifEntry.ifPhysAddress.1 = interfaces.ifTable.ifEntry.ifPhysAddress.2 = 0:48:54:1f:52:1c interfaces.ifTable.ifEntry.ifAdminStatus.1 = up(1) interfaces.ifTable.ifEntry.ifAdminStatus.2 = up(1) interfaces.ifTable.ifEntry.ifOperStatus.1 = up(1) interfaces.ifTable.ifEntry.ifOperStatus.2 = up(1) interfaces.ifTable.ifEntry.ifInOctets.1 = Counter32: 117004485 interfaces.ifTable.ifEntry.ifInOctets.2 = Counter32: 1021424670 interfaces.ifTable.ifEntry.ifInUcastPkts.1 = Counter32: 691128 interfaces.ifTable.ifEntry.ifInUcastPkts.2 = Counter32: 2148200 interfaces.ifTable.ifEntry.ifInErrors.1 = Counter32: 0 interfaces.ifTable.ifEntry.ifInErrors.2 = Counter32: 0 interfaces.ifTable.ifEntry.ifOutOctets.1 = Counter32: 117005377 interfaces.ifTable.ifEntry.ifOutOctets.2 = Counter32: 3116085489 interfaces.ifTable.ifEntry.ifOutUcastPkts.1 = Counter32: 691140 interfaces.ifTable.ifEntry.ifOutUcastPkts.2 = Counter32: 3136902 interfaces.ifTable.ifEntry.ifOutDiscards.1 = Counter32: 0 interfaces.ifTable.ifEntry.ifOutDiscards.2 = Counter32: 0 interfaces.ifTable.ifEntry.ifOutErrors.1 = Counter32: 0 interfaces.ifTable.ifEntry.ifOutErrors.2 = Counter32: 0 interfaces.ifTable.ifEntry.ifOutQLen.1 = Gauge32: 0 interfaces.ifTable.ifEntry.ifOutQLen.2 = Gauge32: 0 interfaces.ifTable.ifEntry.ifSpecific.1 = OID: .ccitt.zeroDotZero interfaces.ifTable.ifEntry.ifSpecific.2 = OID: .ccitt.zeroDotZero We have got human readable tree (interfaces.iftables....) how to get a numerical tree like the one enterred in snmpd.conf in views. snmptranslate -Td interfaces.ifTable.ifEntry.ifDescr.1 1.3.6.1.2.1.2.2.1.2.1 ifDescr OBJECT-TYPE -- FROM IF-MIB, RFC1213-MIB -- TEXTUAL CONVENTION DisplayString SYNTAX OCTET STRING (0..255) DISPLAY-HINT "255a" MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. This string should include the name of the manufacturer, the product name and the version of the interface hardware/software." ::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) interfaces(2) ifTable(2) ifEntry(1) ifDescr(2) 1 } You see now why we put the following line in snmpd.conf: #ifaces view restricted included .1.3.6.1.2.1.2 We wanted to leave access to interfaces informations. So what means this line in snmpd.conf: #Disks view restricted included .1.3.6.1.4.1.2021.9.1 Let's use snmptranslate again: snmptranslate -Td .1.3.6.1.4.1.2021.9.1 .1.3.6.1.4.1.2021.9.1 dskEntry OBJECT-TYPE -- FROM UCD-SNMP-MIB MAX-ACCESS not-accessible STATUS current INDEX { dskIndex } DESCRIPTION "An entry containing a disk and its statistics." ::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) ucdavis(2021) dskTable(9) 1 } Huhu, it's about dskTable...so let's ask 10.0.0.1 to say what he know about this: snmpwalk 10.0.0.1 public .1.3.6.1.4.1.2021.9.1 enterprises.ucdavis.dskTable.dskEntry.dskUsed.1 = 2146080 enterprises.ucdavis.dskTable.dskEntry.dskUsed.2 = 17844308 We get partition usage for / (.1) and /home (.2) in kbytes.