轉自http://blog.chinaunix.net/u2/61187/showart_689604.html
現在就以用 snmp+mrtg 監控一台局域網內的 redhat 機器( IP : 192.168.13.103 )的網卡、內存、 CPU 、DISKIO 為例子,談一下如何實現。
基本的法辦就是用一台 redhat 監控機器( IP : 192.168.13.105 ),通過 snmpwalk 命令去抓 目標服務器的狀態數據,然后用 mrtg 畫出圖來。
1 、首先我們要把目標 snmpd.conf 文件的配好。這是用 snmpwalk 命令 一抓取數據的關健。下面是目標機器(IP : 192.168.13.103 )上的 /etc/snmp/snmpd.conf 文件部份內容,紅色的部份是我對 snmpd.conf 所做的改動。
[root@wy1 root]# cat /etc/snmp/snmpd.conf
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public # 定義 community 名稱為 public ,映射到安全名 notConfigUser 。
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser # 定義安全用戶名 notConfigUser 映射到 notConfigGroup 組。
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to: # 定義一個 view, 來決定 notConfigUser 可以操作的范圍。
# Make at least snmpwalk -v 1 localhost -c public system fast again. # 定義可查看的 snmp 的范圍。
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1
####
# Finally, grant the group read-only access to the systemview view. # 給 notConfigGroup 組所定義 view 名 all 以只讀權限。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
#access notConfigGroup "" any noauth exact mib2 none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...
## incl/excl subtree mask
#view all included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
其實配制一個 snmpd.conf 文件不算太難,
( 1 )首選是定義一個共同體名 (community) ,這里是 public ,及可以訪問這個 public 的用戶名( sec name ),這里是 notConfigUser 。 Public 相當於用戶 notConfigUser 的密碼:)
# sec.name source community
com2sec notConfigUser default public
( 2 )定義一個組名( groupName )這里是 notConfigGroup ,及組的安全級別,把 notConfigGroup 這個用戶加到這個組中。
groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
( 3 )定義一個可操作的范圍 (view) 名, 這里是 all ,范圍是 .1
# name incl/excl subtree mask(optional)
view all included .1
( 4 )定義 notConfigUser 這個組在 all 這個 view 范圍內可做的操作,這時定義了 notConfigUser 組的成員可對.1 這個范圍做只讀操作。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
ok, 這樣我們的 snmpd.conf 文件就基本配成了,用 service snmpd restart 重啟 snmpd 服務。
配置文件范例:
1 ############################################################################### 2 # 3 # snmpd.conf: 4 # An example configuration file for configuring the ucd-snmp snmpd agent. 5 # 6 ############################################################################### 7 8 # sec.name source community 9 #com2sec notConfigUser default public 10 ########################## 新定義一個用戶myuser,並設置用戶的密碼為fistforward ################################################# 11 #項目分類名|用戶名 | 可訪問的來源地址|社區(就是密碼) 12 com2sec myuser 10.117.186.40 passed 13 com2sec myuser 127.0.0.1 passed 14 15 ################################################## 定義組配置 ################################################################# 16 17 # groupName securityModel securityName 18 #group notConfigGroup v2c notConfigUser 19 #定義一個組,將我們的用戶加入進這個組,同時指定改組可以使用的snmp的協議版本 20 #項目分類名|組名|協議版本| 添加的用戶 21 group mygroup v1 myuser 22 group mygroup v2c myuser 23 24 25 26 ########################################## 定義一個view視圖,設置視圖的可看范圍 ################################################ 27 # name incl/excl subtree mask(optional) 28 view systemview included .1.3.6.1.2.1.1 29 view systemview included .1.3.6.1.2.1.25.1.1 30 #項目名分類|視圖名稱|包含/排除|范圍 31 view all included .1 32 33 34 ###################################################### 定義組可以看到的視圖權限 ################################################# 35 #項目分類名|組名|描述|sec.model|sec.level|prefix|可讀讀視圖|可寫的視圖|notif 36 access mygroup "" any noauth exact all none none 37 38 syslocation Unknown (edit /etc/snmp/snmpd.conf) 39 syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf) 40 41 42 dontLogTCPWrappersConnects yes
現在我們做一個測試,在監控機上打下面的命令:
1 # snmpwalk -v 1 127.0.0.1 -c fistforward system 2 SNMPv2-MIB::sysDescr.0 = STRING: Linux dq_dev02 2.6.32-573.7.1.el6.x86_64 #1 SMP Tue Sep 22 22:00:00 UTC 2015 x86_64 3 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 4 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (30663) 0:05:06.63 5 SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf) 6 SNMPv2-MIB::sysName.0 = STRING: dq_dev02 7 SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf) 8 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (6) 0:00:00.06 9 SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1 10 SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance 11 SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance 12 SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB 13 SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB 14 SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip 15 SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB 16 SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup 17 SNMPv2-MIB::sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching. 18 SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching. 19 SNMPv2-MIB::sysORDescr.3 = STRING: The SNMP Management Architecture MIB. 20 SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities 21 SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations 22 SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations 23 SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations 24 SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP. 25 SNMPv2-MIB::sysORUpTime.1 = Timeticks: (6) 0:00:00.06 26 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (6) 0:00:00.06 27 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (6) 0:00:00.06 28 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (6) 0:00:00.06 29 SNMPv2-MIB::sysORUpTime.5 = Timeticks: (6) 0:00:00.06 30 SNMPv2-MIB::sysORUpTime.6 = Timeticks: (6) 0:00:00.06 31 SNMPv2-MIB::sysORUpTime.7 = Timeticks: (6) 0:00:00.06 32 SNMPv2-MIB::sysORUpTime.8 = Timeticks: (6) 0:00:00.06
使用2c版本也可以
1 # snmpwalk -v 2c 127.0.0.1 -c fistforward system 2 SNMPv2-MIB::sysDescr.0 = STRING: Linux dq_dev02 2.6.32-573.7.1.el6.x86_64 #1 SMP Tue Sep 22 22:00:00 UTC 2015 x86_64 3 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 4 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (43926) 0:07:19.26