It provides an agentless method of managing and monitoring of network devices and servers for health information, system metrics such as CPU load, Physical Memory usage, number of running processes, service state e. The SNMP packages are available on default repositories. The file is higly commented and thus, we will only make a few changes. As a result, make a copy of the original file before you can proceed.
|Published (Last):||22 March 2007|
|PDF File Size:||2.16 Mb|
|ePub File Size:||20.87 Mb|
|Price:||Free* [*Free Regsitration Required]|
View All Introduction A large part of being a system administrator is collecting accurate information about your servers and infrastructure. There are a number of tools and options for gathering and processing this type of information. Many of them are built upon a technology called SNMP. SNMP stands for simple network management protocol. It is a way that servers can share information about their current state, and also a channel through which an administer can modify pre-defined values.
While the protocol itself is very simple, the structure of programs that implement SNMP can be very complex. In our last guide, we learned about the basics of the SNMP protocol. In this guide, we will begin to demonstrate how to setup the tools to communicate using SNMP.
We will be using two Ubuntu We will use two servers, one will contain the manager portion, while the other server will have the agent. We could choose to install the agent on the manager machine as well, but keeping them separate makes it easier to demonstrate what functionality is provided by each component. On the first server, update the apt database and install the manager component. Along with this, we will also download another package called snmp-mibs-downloader which contains some proprietary information about standard MIBs that allow us to access most of the MIB tree by name: sudo apt-get update sudo apt-get install snmp snmp-mibs-downloader On our second server, the one that we will be interacting with that will run the daemon, we can install the necessary components by typing: sudo apt-get update sudo apt-get install snmpd Now that you have installed these components, we need to configure our setup.
Configuring the SNMP Manager As we mentioned above, most of the bulk of the work happens in the agent component, so our configuration is actually pretty easy on this machine.
We just need to modify one file to make sure that our client can use the extra MIB data we installed. To allow the manager to import the MIB files, we simply need to comment out the mibs : line: mibs : Save and close the file when you are finished. We are now finished configuring the manager portion, but we will still need to use this server to help us configure our agent computer. We can modify some configuration files to make some changes, but most of the changes we need to make will be done by connecting to our agent server from our management server.
These will mainly be used to bootstrap our configuration so that we can manage it from our other server. First, we need to change the agentAddress directive.
Currently, it is set to only allow connections originating from the local computer. We need to comment out the current line, and uncomment the line underneath, which allows all connections we will be locking this down soon : Listen for connections from the local system only agentAddress udp When defining a new user, you must specify the authentication type MD5 or SHA as well as supply a passphrase that must be at least 8 characters.
If you plan on using encryption for the transfer, like we are, you also must specify the privacy protocol DES or AES and optionally a privacy protocol passphrase. If no privacy protocol passphrase is supplied, the authentication passphrase will be used for the privacy protocol as well. We will set this up for our bootstrap user, and also for the new user we will be creating, called demo. We will allow them read and write access by using the rwuser directive the alternative is rouser for read-only access.
We will enforce the use of encryption by specifying priv after our user. If we wanted to restrict the user to a specific part of the MIB, we could specify the highest-level OID that the user should have access to at the end of the line.
For our purposes, both of our lines will be fairly simple: rwuser bootstrap priv rwuser demo priv When you are finished making these changes, save and close the file. To implement these changes, restart the snmpd service: sudo service snmpd restart Now, from the machine that you installed the management software on, we can connect to our agent server to create our regular user.
We will do this using the snmpusm tool, which is used for user management. You will need to know the IP address of your agent server for this to function correctly. Before we begin, we will talk a bit about the general structure of sending an SNMP command. The General Structure of SNMP Commands When using the suite of tools included in the snmp package the net-snmp software suite , you will notice a few patterns in the way you must call the commands.
The first thing you must do is authenticate with the SNMP daemon that you wish to communicate with. This usually involves supplying quite a few pieces of information. We will be using v3 in this guide. Since we are using v3-style user-based authentication, we will not be needing this. To read or modify anything using SNMP, you must authenticate with a known username. The possible values are noAuthNoPriv for no authentication and no encryption, authNoPriv for authentication but no encryption, and authPriv for authentication and encryption.
The username that you are using must be configured to operate at the security level you specify, or else the authentication will not succeed. This must match the information that was specified when the user was created. If none was specified but an encryption algorithm was given, the authentication passphrase will be used. Using this information, we can begin to construct our commands.
It will basically return the output of uname -a on the remote system. Now that we have verified that we can correctly authenticate to the server running the SNMP daemon, we can continue on to create our regular user account. Set Up the Regular User Account Although we have specified the privileges for the demo user account in our snmpd.
We are going to use the bootstrap user as a template for our new user. We now have a fully functioning user called demo on our remote server. However, it is still using the same authentication information as the bootstrap account. We should change the password to something else. This time, we will use the demo account to authenticate.
We can test our new credentials and password by asking our remote server how long the SNMP service has been running. We will use the snmpget command to get a single value from the other machine. This time, we will take advantage of the extra MIB definitions we downloaded. Rather than typing these in each time, we can create a client-side configuration file that will contain the credentials we are connecting with.
The client configuration file can be placed in two different locations depending on how wide-spread you wish to share it. If you want to share your login credentials with any valid user on your management machine, you can place your configuration details into the global snmp. The commands that we are using to authenticate are in the table below. In the right-hand column, you can see the directive names that should be used to set those configuration details within the snmp.
SNMP (Simple Network Management Protocol) ou la supervision d'équipements réseaux
Installation de SNMP sous Linux
Installation de Zabbix sur Ubuntu