This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.

Please visit our production wiki at https://wiki.gentoo.org

Net-SNMP

From Gentoo Wiki (test)
Jump to:navigation Jump to:search
Resources

From Wikipedia, the free encyclopedia:

Net-SNMP is a suite of software for using and deploying the SNMP protocol (v1, v2c and v3 and the AgentX subagent protocol). It supports IPv4, IPv6, IPX, AAL5, Unix domain sockets and other transports. It contains a generic client library, a suite of command line applications, a highly extensible SNMP agent, perl modules and python modules.

This document describes how to install and to configure SNMP Read Only access to your equipment. The SNMP version used in the configuration below is SNMP v2c.

Installation

Portage knows the global USE flag snmp for enabling support for SNMP in other packages. Enabling this USE flag will pull in net-analyzer/net-snmp automatically:

FILE /etc/portage/make.conf
USE="... snmp ..."

The USE flags of net-snmp are:

USE flags for net-analyzer/net-snmp Software for generating and retrieving SNMP data

X Add support for X11
bzip2 Enable bzip2 compression support
doc Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
elf Enable the use of elf utils to check uptime on some systems
ipv6 Add support for IP version 6
kmem Enable usage of /dev/kmem
lm-sensors Add linux lm-sensors (hardware sensors) support
mfd-rewrites Use MFD rewrites of mib modules where available
minimal Install a very minimal build (disables, for example, plugins, fonts, most drivers, non-critical features)
mysql Add mySQL Database support
netlink Use dev-libs/libnl to fetch TCP statistics instead of using /proc/net/tcp (Linux only).
pcap Install snmppcap which reads from PCAP files and writes to the SNMP transport
pci Use libpci (from sys-apps/pciutils) to look up network interface description. This feature is only available on Linux.
pcre Add support for Perl Compatible Regular Expressions in process table filtering.
perl Add optional support/bindings for the Perl language
python Add optional support/bindings for the Python language
rpm Enable monitoring of app-arch/rpm. This flag requires the bzip2 and zlib flags to be enabled as well.
selinux  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
smux Enable support for the legacy smux protocol (superseded by agentx)
ssl Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)
tcpd Add support for TCP wrappers
ucd-compat Build UCD compatibility library. Increases significantly the install size.
valgrind Enable annotations for accuracy. May slow down runtime slightly. Safe to use even if not currently using dev-debug/valgrind
zlib Add support for zlib compression
Data provided by the Gentoo Package Database · Last update: 2024-11-15 09:19 More information about USE flags

After setting this you want to update your system so the changes take effect:

root #emerge --ask --changed-use --deep @world

You want to install net-snmp yourself, if it isn't already pulled in:

root #emerge --ask net-snmp

Configuration

Edit /etc/snmpd/snmpd.conf and add the community and the IP access list.

Warning
NEVER use the default communities which are called public and private, these are considered a potential security risk, also if SNMP access is secured by an IP access list
  • Substitute the SNMP community my-own-SNMP-community with your own SNMP community.
  • Substitute the 10.255.255.0/24 network with your own IP network where SNMP access should be allowed from.
  • Substitute the syslocation and syscontact with your own valid data.
FILE /etc/snmp/snmpd.conf
com2sec local     127.0.0.1/32          my-own-SNMP-community
com2sec local     10.255.255.0/24       my-own-SNMP-community
#
group MyROGroup v1         local
group MyROGroup v2c        local
group MyROGroup usm        local
view all    included  .1                               80
access MyROGroup "" any     noauth    exact  all    none   none
#
syslocation London
syscontact Admin {Admin@example.com}

It is suggested to put valid data into the syslocation and syscontact fields, so in a support case when your hardware is monitored by a NMS (Network Management System) the responsible staff has the data right there where it is needed (in the NMS).

In a large networks or enterprises it is hard to describe for the network staff where particular network equipment has been placed. Sometimes there is a high fluctuation of the network staff, and after some time network equipment gets lost because nobody knows anymore where it has been placed, or whom to contact when a network equipment has failed.

Be aware to put valid data in there, your network staff will be thankful if you do so. It helps to resolve network outages quicker.

Starting the daemon

To start the SNMP daemon use following command:

root #/etc/init.d/snmpd start

Testing SNMP access

To test SNMP access or rather to poll SNMP data your SNMP client has to be within the allowed IP range of the previously configured access list (here 10.255.255.0/24).

  • Substitute the IP 192.168.10.254 with the target host where SNMP access has been enabled
  • Substitute the SNMP community my-own-SNMP-community with your own SNMP community
user $snmpwalk -v2c -c my-own-SNMP-community 192.168.10.254

Troubleshooting

Verify the SNMP daemon is running on a particular host:

root #netstat -tulpen | grep 161
udp        0      0 0.0.0.0:161             0.0.0.0:*                           0          4307       2393/snmpd
  • SNMP v1 and SNMP v2c uses UDP
  • SNMP v3 uses TCP
Retrieved from "https://wikitest.gentoo.org/index.php?title=Net-SNMP&oldid=428168"