Configuração SNMP

jssikabianca
(usa Ubuntu)

Enviado em 20/11/2011 - 16:43h

Boa tarde!!

Eu to nas configurações do snmpd.conf mas assim, nas duas vms que eu tenho, rodando ubuntu, uma eu quero como gerente e a outra agente. No gerente eu consegui configurar a community e consigo fazer a consulta localmente, eu fiz como teste e acabou dando certo. Aí eu parti pra outra vm,a que eu realmente vou usar como agente, configurei o snmp da mesma forma, mas não consigo fazer a consulta, da a mensagem de "No response from localhost".
Eu encontrei um tutorial pra configuração inicial e pelo que diz nele, com essas configurações inicialmente já dava pra fazer a consulta. Mas não tá rolando.

Segue configurações, se alguém puder me ajudar fico muito grata =D

Primeira Vm, a que eu consigo consultar localmente:




###############################################################################
#
# EXAMPLE.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be an example. If, however, you want
# to use it, it should be placed in /etc/snmp/snmpd.conf.
# When the snmpd agent starts up, this is where it will look for it.
#
# You might be interested in generating your own snmpd.conf file using
# the "snmpconf" program (perl script) instead. It's a nice menu
# based interface to writing well commented configuration files. Try it!
#
# Note: This file is automatically generated from EXAMPLE.conf.def.
# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
# configure & make, and then make sure you read the EXAMPLE.conf file
# instead, as it will tailor itself to your configuration.

# All lines beginning with a '#' are comments and are intended for you
# to read. All other lines are configuration commands for the agent.
#
# PLEASE: read the snmpd.conf(5) manual page as well!
#

agentAddress udp:127.0.0.1:161

###############################################################################
# Access Control
###############################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#com2sec paranoid default sysnet
com2sec local localhost sysnet1
com2sec localNet 192.168.0.0 /24 public
#com2sec readwrite default sysnet


####
# Second, map the security names into group names:
group MyROSystem v1 local
group MyROSystem v2c local
group MyROSystem usm local
group MyROGroup v1 localnet
group MyROGroup v2c localnet
group MyROGroup usm localnet
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite

####
# Third, create a view for us to let the groups have rights to:

# incl/excl subtree mask
view all included .1 80
view system included .1.3.6.1.2.1.1
view system included .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

# context sec.model sec.level match read write notif
access MyROSystem "" any noauth exact system none none
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none

# -----------------------------------------------------------------------------


###############################################################################
# System contact information
#
# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file. **PLEASE NOTE** that setting
# the value of these objects here makes these objects READ-ONLY
# (regardless of any access control settings). Any attempt to set the
# value of an object whose value is given here will fail with an error
# status of notWritable.

syslocation Osasco
syscontact Jessika
# Example output of snmpwalk:
# % snmpwalk -v 1 -c public localhost system
# system.sysDescr.0 = "SunOS name sun4c"
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
# system.sysContact.0 = "Me <me@somewhere.org>"
# system.sysName.0 = "name"
# system.sysLocation.0 = "Right here, right now."
# system.sysServices.0 = 72


# -----------------------------------------------------------------------------



As demais linhas são comentadas não influenciam.


-- Segue a segunda vm, a que eu não consigo fazer a consulta:

###########################################################################
#
# snmpd.conf
#
# - created by the snmpconf configuration program
#
###########################################################################
# SECTION: Trap Destinations
#
# Here we define who the agent will send traps to.

# trapcommunity: Default trap sink community to use
# arguments: community-string

trapcommunity public



###########################################################################
# SECTION: Agent Operating Mode
#
# This section defines how the agent will operate when it
# is running.
# agentaddress: The IP address and port number that the agent will listen on.
# By default the agent listens to any and all traffic from any
# interface on the default SNMP port (161). This allows you to
# specify which address, interface, transport type and port(s) that you
# want the agent to listen on. Multiple definitions of this token
# are concatenated together (using ':'s).
# arguments: [transport:]port[@interface/address],...

agentAddress udp:127.0.0.1:161



###########################################################################
# SECTION: Access Control Setup
#
# This section defines who is allowed to talk to your running
# snmp agent.

# rocommunity: a SNMPv1/SNMPv2c read-only access community name
# arguments: community [default|hostname|network/bits] [oid]


com2sec local localhost sysnet1
com2sec localNet 192.168.0.0 /24 public

# rwcommunity: a SNMPv1/SNMPv2c read-write access community name
# arguments: community [default|hostname|network/bits] [oid]

###########################################################################
# SECTION: System Information Setup
#
# This section defines some of the information reported in
# the "system" mib group in the mibII tree.

# syslocation: The [typically physical] location of the system.
# Note that setting this value here means that when trying to
# perform an snmp SET operation to the sysLocation.0 variable will make
# the agent return the "notWritable" error code. IE, including
# this token in the snmpd.conf file will disable write access to
# the variable.
# arguments: location_string

syslocation osasco

# syscontact: The contact information for the administrator
# Note that setting this value here means that when trying to
# perform an snmp SET operation to the sysContact.0 variable will make
# the agent return the "notWritable" error code. IE, including
# this token in the snmpd.conf file will disable write access to
# the variable.
# arguments: contact_string


syscontact "Jessika "
#
# Unknown directives read in from other files by snmpconf
#
group MyROSystem v1 local
group MyROSystem v2c local
group MyROSystem usm local
group MyROGroup v1 localnet
group MyROGroup v2c localnet
group MyROGroup usm localnet
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite

view all included .1 80
view system included .1.3.6.1.2.1.1
view system included .iso.org.dod.internet.mgmt.mib-2.system


access MyROSystem "" any noauth exact system none none
access MyROGroup "" any noauth exact all none none
access MYRWGroup "" any noauth exact all all none


Tá a mesma coisa, só um pouquinho mais bagunçada rsrs


Eu não sei quase nda sobre SNMP e preciso muito fazer isso, com certeza eu to fazendo algo muito errado. Mas eu não sei por onde começar a tentar corrigir =/
Se alguém puder me ajudar e me mostrar onde eu to errando, eu preciso fazer a consulta dessa segunda vm pela primeira, mas nem localmente eu to conseguindo. fico no aguardo. Obrigada!!


Att.
Jéssika

renato_pacheco
(usa Debian)

Enviado em 21/11/2011 - 09:14h

Jessika,

Modifique a primeira linha descomentada do seu arquivo snmpd.conf, deixando assim:

agentAddress udp:161

 

Veja se funciona...

jssikabianca
(usa Ubuntu)

Enviado em 22/11/2011 - 00:55h

Oi, então... me desculpa a demora.

Eu mudei, mas continua na mesma. A mesma resposta: "No response from" e o ip. O comando do snmpwalk que eu to usando pra varrer a MIB é esse: snmpwalk -v 2c -c public 192.168.232.224 system

(Que no caso é o ip da minha vm)

Eu não mudei a community, deixei como public, é pra teste do meu projeto por eqto. Tá certo não tá?

renato_pacheco
(usa Debian)

Enviado em 22/11/2011 - 10:09h

Vc reiniciou o serviço?

service snmpd restart