Tuesday, February 9, 2010

SNMP & Cacti Configuration (PART 2)

SNMP configuration updated. Previously, I have posted SNMP & Cacti Configuration. I want to add some additional necessary information to configure which I have done.
Firstly I checked my SNMP if it's working or not:
$snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

It suppose to return your ip as output like below:


In my case, SNMP is not working and return many different errors. What I have done to solve the problem is just edit snmpd configuration file (snmpd.conf). Below is my snmpd.conf (/etc/snmp/snmpd.conf), you could simply copy paste and try to your PC. (Copy the original file first so you have backup if something happen) -- I put the lines you have to check in red.


##########################################
# EXAMPLE.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
##########################################
# This file is intended to only be an example. If, however, you want
# to use it, it should be placed in /etc/snmp/snmpd.conf.
# When the snmpd agent starts up, this is where it will look for it.
#
# You might be interested in generating your own snmpd.conf file using
# the "snmpconf" program (perl script) instead. It's a nice menu
# based interface to writing well commented configuration files. Try it!
#
# Note: This file is automatically generated from EXAMPLE.conf.def.
# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
# configure & make, and then make sure you read the EXAMPLE.conf file
# instead, as it will tailor itself to your configuration.

# All lines beginning with a '#' are comments and are intended for you
# to read. All other lines are configuration commands for the agent.

# PLEASE: read the snmpd.conf(5) manual page as well!

##########################################
# Access Control
##########################################
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

##########################################
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):
# sec.name source community
com2sec local localhost public
com2sec mynetwork 10.101.95.0/24 public

##########################################
# Second, map the security names into group names:
# sec.model sec.name
group MyROSystem v1 paranoid
group MyROSystem v2c paranoid
group MyROSystem usm paranoid
group MyROGroup v1 local
group MyROGroup v2c local
group MyROGroup usm local
group MyRWGroup v1 mynetwork
group MyRWGroup v2c mynetwork
group MyRWGroup usm mynetwork

##########################################
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
view all included .1 80
view system included .iso.org.dod.internet.mgmt.mib-2.system

##########################################
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
access MyROSystem "" any noauth exact system none none
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none

#--------------------------------------------

#############################################
# System contact information
# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file. **PLEASE NOTE** that setting
# the value of these objects here makes these objects READ-ONLY
# (regardless of any access control settings). Any attempt to set the
# value of an object whose value is given here will fail with an error
# status of notWritable.
#Editing this value is optional, i dont do any changes
syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
syscontact Root (configure /etc/snmp/snmpd.local.conf)

End changes. Leave code below this line as it is
################################################

After edit this file, save it. Then restart SNMP. Make sure you restart.
$sudo service snmpd restart

Then, do check again.
$snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

That's all. :)

No comments:

Post a Comment