Net-SNMP: Difference between revisions

From Q
Jump to navigation Jump to search
← Older edit
Tgurr (talk | contribs)
1,619 edits
No edit summary
Tgurr (talk | contribs)
1,619 edits
mNo edit summary
 
Line 5: Line 5:


== USE-Flags ==
== USE-Flags ==
{{Box File|/etc/portage/package.use|
{{File|/etc/portage/package.use|
<pre>
<pre>
net-analyzer/net-snmp -perl -python
net-analyzer/net-snmp -perl -python
Line 12: Line 12:


== Packages ==
== Packages ==
{{Box Code|emerge mrtg -pv|
{{Code|emerge mrtg -pv|
<pre>
<pre>
[ebuild  N    ] net-analyzer/net-snmp-5.4.1-r3  USE="ipv6 ssl tcpd -X -diskio -doc -elf -extensible -lm_sensors -mfd-rewrites -minimal -perl -python -rpm (-selinux) -sendmail -smux" 5,003 kB
[ebuild  N    ] net-analyzer/net-snmp-5.4.1-r3  USE="ipv6 ssl tcpd -X -diskio -doc -elf -extensible -lm_sensors -mfd-rewrites -minimal -perl -python -rpm (-selinux) -sendmail -smux" 5,003 kB
Line 19: Line 19:


== Installation ==
== Installation ==
{{Codeline|# emerge net-snmp}}
{{Root|emerge net-snmp}}


== Configuration ==
== Configuration ==
=== Allow localhost read-only queries ===
=== Allow localhost read-only queries ===
{{Box File|/etc/snmp/snmpd.conf|
{{File|/etc/snmp/snmpd.conf|
<pre>
<pre>
# First, map the community name (COMMUNITY) into a security name
# First, map the community name (COMMUNITY) into a security name
Line 56: Line 56:


=== Allow localhost read-write and localnet read-only queries ===
=== Allow localhost read-write and localnet read-only queries ===
{{Box File|/etc/portage/package.use|
{{File|/etc/portage/package.use|
<pre>
<pre>
# First, map the community name (COMMUNITY) into a security name
# First, map the community name (COMMUNITY) into a security name
Line 94: Line 94:


== Finalize ==
== Finalize ==
{{Codeline|# /etc/init.d/snmpd start}}
{{Root|/etc/init.d/snmpd start}}


{{Codeline|# rc-update add snmpd default}}
{{Root|rc-update add snmpd default}}


== Testing ==
== Testing ==
{{Codeline|# snmpwalk -v 1 -c public localhost system}}
{{Root|snmpwalk -v 1 -c public localhost system}}


== Further Reading ==
== Further Reading ==
* [[Squid]] - Configure Squid for SNMP queries
* [[Squid]] - Configure Squid for SNMP queries
* [[MRTG]] - Get nice graphs out of your SNMP data
* [[MRTG]] - Get nice graphs out of your SNMP data

Latest revision as of 17:49, 13 January 2011

Description

Configure Net-SNMP to allow localhost/localnet queries.

Dependencies

USE-Flags

File: /etc/portage/package.use
net-analyzer/net-snmp -perl -python

Packages

Code: emerge mrtg -pv 
[ebuild  N    ] net-analyzer/net-snmp-5.4.1-r3  USE="ipv6 ssl tcpd -X -diskio -doc -elf -extensible -lm_sensors -mfd-rewrites -minimal -perl -python -rpm (-selinux) -sendmail -smux" 5,003 kB

Installation

# emerge net-snmp

Configuration

Allow localhost read-only queries

File: /etc/snmp/snmpd.conf
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec local     localhost       public

# Second, map the security names into group names:

#               sec.model  sec.name
group MyROGroup v1         local
group MyROGroup v2c        local
group MyROGroup usm        local

# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80

# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none

syslocation Right here, right now.
syscontact Me <me@somewhere.org>

Allow localhost read-write and localnet read-only queries

File: /etc/portage/package.use
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec local     localhost       public
com2sec mynetwork 192.168.0.0/24  public

# Second, map the security names into group names:

#               sec.model  sec.name
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80

# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

syslocation Right here, right now.
syscontact Me <me@somewhere.org>

Finalize

# /etc/init.d/snmpd start
# rc-update add snmpd default

Testing

# snmpwalk -v 1 -c public localhost system

Further Reading

  • Squid - Configure Squid for SNMP queries
  • MRTG - Get nice graphs out of your SNMP data
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Net-SNMP&oldid=3284"