snmp安装与使用
snmp安装包
1.net-snmp(主程序)
2.net-snmp-libs(运行库文件)
3.net-snmp-utils(snmp命令工具)
4.net-snmp-devel(net-snmp-config命令工具)
snmp安装
yum install net-snmp net-smp-libs net-snmp-utils
systemctl start snmpd
systemctl enable snmpd
snmp配置文件
snmp v1/v2配置
vi /etc/snmp/snmpd.conf
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public
# 定义public团体名称映射到安全名notConfigUser
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
# 将安全名notConfigUser加入组notConfigGroup,并定义安全模式
####
# Third, create a view for us to let the group have rights to:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
#view systemview included .1.3.6.1.2.1.1
#view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1
# 创建一个可以查看snmp的视图名称systeview及范围.1
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview systemview none
# 给notConfigGroup组定义在systemview视图下的权限read/write
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
# 联系人信息
dontLogTCPWrappersConnects yes
proc mountd
proc ntalkd 4
proc sendmail 10 1
# 进程检查
disk / 10000
# 磁盘检查
load 12 14 14
# 负载均衡检查
验证
# 测试v1
snmpwalk -v 1 -c public 127.0.0.1 .1
# 测试v2
snmpwalk -v 2c -c public 127.0.0.1 .1
snmp v3配置
# 停止服务
systemctl stop snmpd
# 使用net-snmp-create-v3-user用法,创建用户
net-snmp-create-v3-user -h
Usage:
net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]
[-a MD5|SHA] [-x DES|AES] [username]
# -ro:只读,不加-ro默认为读写权限。
# -A authpwd: 用户密码
# -a MD5|SHA: 用户密码加密方式
# -X privpwd: 加密密码
# -x DES|AES: 密码加密方式
# username 用户名
# 创建用户
net-snmp-create-v3-user
Enter a SNMPv3 user name to create:
# 用户名
snmpuser
Enter authentication pass-phrase:
# 密码
12345678
Enter encryption pass-phrase:
[press return to reuse the authentication pass-phrase]
# 加密密码
12345678
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser snmpuser MD5 "12345678" DES 12345678
adding the following line to /etc/snmp/snmpd.conf:
rwuser snmpuser #rwuser表示读写权限用户
安全级别
# 1.noAuthNoPriv(不认证不加密基本不用,网上没有找到这个级别的资料,一般用下面两种)
# 2.authNoPriv(认证不加密)
# 创建snmp v3用户时,不指定加密密码
net-snmp-create-v3-user -ro -A 12345678 -a MD5 -x DES snmp
# 3.authPriv(认证且加密)
# 创建snmp v3用户时,指定加密密码
net-snmp-create-v3-user -ro -A 12345678 -X 12345678 -a MD5 -x DES snmp
验证
# 1.noAuthNoPriv(不认证不加密基本不用)
# 略
# 2.authNoPriv(认证不加密)
snmpwalk -v 3 -l authNoPriv -u snmp -A 12345678 -a MD5 -x DES 127.0.0.1 .1
# 3.authPriv(认证且加密)
snmpwalk -v 3 -l authPriv -u snmp -A 12345678 -a MD5 -X 12345678 -x DES 127.0.0.1 .1
snmp trap
研究中…