主管服务器
yum install net-snmp net-snmp-utils
将配置文件备份一份
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
编辑配置文件
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public
#语法为com2sec NAME SOURCE COMMUNITY,定义一个public并映射其名称为notConfigUser。
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
#语法为group NAME MODEL SECURITY,将第一步定义的notConfigUser以v2c协议放入一个组notConfigGroup中。
####
# Third, create a view for us to let the group have rights to:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
#语法view NAME TYPE SUBTREE [MASK],定义一个systemview并指定其可操作OID值.1.3.6.1.2.1.1(Object identifier:系统中为每个需要查找的对象都有一一对应的OID值)
view systemview included .1.3.6.1.2.1.1.3.0
手动添加了一个SNMP运行时长的OID。
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none
#access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY,将第二步定义的notConfigUser与第三步定义的systemview关联起来,并指定在可操作范围内的权限。如只有读权限就在read列写上systemview,没有就写上none,也可直接写all让所有view都有可读权限。
为测试可直接关闭防火墙,snmp使用161,162端口:
service iptables stop;
启动snmp:
service snmpd restart;
通过snmpwalk查看本机snmp运行长,语法:snmpwalk -v 1或2(代表SNMP版本,与notConfigGroup中版本要一致) -c COMMUNITY IP地址 OID(对象标示符):
[root@localhost snmp]# snmpwalk -v 1 -c public 192.168.1.6 .1.3.6.1.2.1.1.3.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (12955) 0:02:09.55
从服务器:
yum install net-snmp
service snmpd restart;
此时在主服务器上使用snmpwalk,参数使用从服务器IP即可
snmpwalk -v 1 -c public 192.168.1.7 .1.3.6.1.2.1.1.3.0