Table des matières
Notes SNMP
Voir :
Voir les traps SNMP :
Exemple de conf :
Serveur
RedHat
yum install net-snmp
Debian
apt-get install snmpd snmptrapd snmp-mibs-downloader
ln -s /usr/share/mibs/ /usr/share/snmp/mibs
/etc/default/snmptrapd
#export MIBS= export MIBS=ALL export MIBDIRS=/usr/share/mibs #TRAPDRUN=no TRAPDRUN=yes #TRAPDOPTS='-Lsd -p /run/snmptrapd.pid' TRAPDOPTS='-On -Lsd -p /run/snmptrapd.pid'
/etc/snmp/snmp.conf
#mibs :
service snmpd restart service snmptrapd restart
Conf
/etc/snmp/snmpd.conf
#rocommunity public localhost rocommunity public 0.0.0.0/0 #agentAddress udp:127.0.0.1:161 #agentAddress udp:161,udp6:[::1]:161 agentAddress udp:161 #includeAllDisks 1 skipNFSInHostResources 1
Exemple conf
Exemple 1 - Conf Debian
/etc/snmp/snmpd.conf
agentAddress udp:161,udp6:[::1]:161 view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 rocommunity public rouser authOnlyUser sysLocation Sitting on the Dock of the Bay sysContact Me <me@example.org> sysServices 72 proc mountd proc ntalkd 4 proc sendmail 10 1 disk / 10000 disk /var 5% includeAllDisks 10% load 12 10 5 trapsink localhost public iquerySecName internalUser rouser internalUser defaultMonitors yes linkUpDownNotifications yes extend test1 /bin/echo Hello, world! extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 master agentx smuxpeer .1.3.6.1.4.1.674.10892.1
Exemple 2 - Conf RedHat
/etc/snmp/snmpd.conf
#com2sec notConfigUser default public com2sec mynetwork 192.168.0.0/24 public group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view centreon included .1.3.6.1 view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 access notConfigGroup "" any noauth exact centreon none none access notConfigGroup "" any noauth exact systemview none none syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf) dontLogTCPWrappersConnects yes
cat >> /etc/snmp/snmpd.conf <<EOF view systemview included .1.3.6.1 EOF
Exemple 3 - Debian 8
Pour éviter bug timeout, car SNMP essaye de remonter les infos sur toutes les partitions qu'il trouve
systemctl disable mnt-espace_build.automount partage_install.automount partage_librairies.automount mnt-espace_build.mount partage_install.mount partage_librairies.mount systemctl stop mnt-espace_build.automount partage_install.automount partage_librairies.automount mnt-espace_build.mount partage_install.mount partage_librairies.mount
Install du paquet snmp-mibs-downloader et de sa dépendance smistrip
dpkg -i smistrip_0.4.8+dfsg2-10_all.deb snmp-mibs-downloader_1.1_all.deb
/etc/default/snmpd
export MIBS=ALL SNMPDRUN=yes SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid' export MIBDIRS=/usr/share/mibs
/etc/snmp/snmpd.conf
agentAddress udp:161,udp6:[::1]:161 rocommunity public
Exemples droit d'accès
/etc/snmp/snmpd.conf
# rwuser: a SNMPv3 read-write user # arguments: user [noauth|auth|priv] [restriction_oid] rwuser nagios auth rwuser nagios
Accès en lecture et écriture à la totalité de l'arborescence : /etc/snmp/snmpd.conf
rwuser admin authpriv .1
Pb - refused smux peer: oid SNMPv2-SMI::enterprises.674.10892.1, descr Systems Management SNMP MIB Plug-in Manager
Voir :
systemctl status snmpd ● snmpd.service - Simple Network Management Protocol (SNMP) Daemon. Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset: disabled) Active: active (running) since mer. 2017-06-07 11:37:03 CEST; 9s ago Main PID: 61127 (snmpd) CGroup: /system.slice/snmpd.service └─61127 /usr/sbin/snmpd -LS0-6d -f juin 07 11:37:03 8cc-offline-1 systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon.... juin 07 11:37:03 8cc-offline-1 snmpd[61127]: Turning on AgentX master support. juin 07 11:37:03 8cc-offline-1 snmpd[61127]: NET-SNMP version 5.7.2 juin 07 11:37:03 8cc-offline-1 systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon.. juin 07 11:37:06 8cc-offline-1 snmpd[61127]: refused smux peer: oid SNMPv2-SMI::enterprises.674.10892.1, descr Systems Management SNMP MIB Plug-in Manager juin 07 11:37:09 8cc-offline-1 snmpd[61127]: refused smux peer: oid SNMPv2-SMI::enterprises.674.10892.1, descr Systems Management SNMP MIB Plug-in Manager juin 07 11:37:12 8cc-offline-1 snmpd[61127]: refused smux peer: oid SNMPv2-SMI::enterprises.674.10892.1, descr Systems Management SNMP MIB Plug-in Manager
Solution
Solution 1
#echo "smuxpeer .1.3.6.1.4.1.674.10892.1 P@ssw0rd" >> /etc/snmp/snmpd.conf echo "smuxpeer .1.3.6.1.4.1.674.10892.1" >> /etc/snmp/snmpd.conf systemctl restart snmpd
Solution 2
/etc/sysconfig/snmpd
# snmpd command line options # '-f' is implicitly added by snmpd systemd unit file # OPTIONS="-LS0-6d" OPTIONS="-I -smux"
systemctl restart snmpd
Pleins de message "Connection from UDP" dans les logs
/var/log/syslog
Jul 18 01:08:07 plop snmpd[3232]: Connection from UDP: [192.168.15.27]:52799->[192.168.15.32] Jul 18 01:08:34 plop snmpd[3232]: Connection from UDP: [192.168.15.22]:53386->[192.168.15.32]
Solution
Remplacer -Lsd par -LSwd
/etc/default/snmpd
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' SNMPDOPTS='-LSwd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
Ou
/etc/sysconfig/snmpd
#OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid" OPTIONS="-LSwd -Lf /dev/null -p /var/run/snmpd.pid"
ou
/etc/snmp/snmpd.conf
dontLogTCPWrappersConnects yes
puis restart du service
Autres
usmUser a été créer après le redémarrage de SNMPd suite à la commande createUser (SNMPv3)
Voir la commande snmpusm
snmptranslate
$ snmptranslate -M+. -m +ALL -On HOST-RESOURCES-MIB::hrProcessorTable
.1.3.6.1.2.1.25.3.3
$ snmptranslate -Td .1.3.6.1.4.1.2021.11.52
UCD-SNMP-MIB::ssCpuRawSystem
...
This object may sometimes be implemented as the
combination of the 'ssCpuRawWait(54)' and
'ssCpuRawKernel(55)' counters, so care must be
taken when summing the overall raw counters."
HP
Ajoutez la ligne suivante dans /etc/snmp/snmpd.conf :
/etc/snmp/snmpd.conf
dlmod cmaX /usr/lib64/libcmaX64.so
Redémarrez les services suivants :
systemctl restart hp-snmp-agents systemctl restart snmpd
Client
Voir :
Use the -On option, according to man snmpcmd
#snmpwalk -v2c -c public localhost snmpwalk -v2c -On -c public localhost
snmpwalk
Voir aussi :
- snmpgetnext
Exemples :
snmpwalk -v2c -c public localhost system #snmpwalk -v <laversion> -c <lacommunaute> <adresseip> <oid> snmpwalk -v 2c -c public 192.168.1.13 1.3.6.1.2.1.2.2.1.10 snmpwalk -v 3 -u usersnmp -a SHA -A 'MonMot2Passe!!' -x AES -X '!!MaPhrase2PasseAE' -l authPriv localhost
ATTENTION : ne faites JAMAIS une requête snmpwalk sur la racine de l’arbre SNMP ou sur un noeud de haut niveau. Si vous faites cela, vous allez saturer l’agent SNMP interrogé, le réseau et votre poste. Dans le passé, vous pouviez saturer certains agents SNMP et il était nécessaire de les redémarrer voire de redémarrer l’équipement. Ce pourrait être très gênant si vous deviez demander à l’équipe réseau de redémarrer un routeur.
# snmpwalk -v2c -c public 192.168.1.13
snmpget
#snmpget -v <laversion> -c <lacommunaute> <adresseip> <oid> snmpget -v 2c -c public 192.168.1.13 1.3.6.1.2.1.2.2.1.10.1 OID_STORAGE_DESC=.1.3.6.1.2.1.25.2.3.1.3 OID_STORAGE_SIZE=.1.3.6.1.2.1.25.2.3.1.5 OID_STORAGE_USED=.1.3.6.1.2.1.25.2.3.1.6 snmpget -r 2 -v 3 -a MD5 -A "$PASSWD" -l authNoPriv -u nagios -Oqv localhost $OID_STORAGE_DESC.${indice} snmpget -r 2 -v 3 -a MD5 -A "$PASSWD" -l authNoPriv -u nagios -Oqv localhost $OID_STORAGE_SIZE.${indice} snmpget -r 2 -v 3 -a MD5 -A "$PASSWD" -l authNoPriv -u nagios -Oqv localhost $OID_STORAGE_USED.${indice}
Nagios check_snmp
Exemple de supervision de ports sur un switch
/usr/local/nagios/etc/objects/commands.cfg
define command{ command_name check_port_com command_line $USER1$/check_snmp -H $HOSTADDRESS$ -P3 -L authNoPriv -a MD5 -U $USER3$ -A "$USER4$" -c 1,1 -o IF-MIB::ifOperStatus.$ARG1$ }
switch.cfg
define service{ use generic-service ; Inherit values from a template host_name linksys-srw224p service_description Port 1 Link Status check_command check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB }
/usr/local/nagios/etc/objects/switch.cfg
define service{ use EtatPortCom hostgroup_name RouteurSwitchs service_description EtatPortCom1 check_command check_port_com!1 #event_handler trigger_etatport!1 }
Lister les utilisateurs SNMPv3
snmpwalk .1.3.6.1.6.3.15.1.2.2.1.3
Ajout d'une MIB
Voir : https://github.com/simonjj/SnmpMibs
Logs Zabbix
MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp Cannot find module (DISMAN-EVENT-MIB): At line 1 in (none)
apt-get install snmp-mibs-downloader
La MIB sera installée ici : /var/lib/snmp/mibs/ietf/DISMAN-EVENT-MIB
Commenter mibs :
/etc/snmp/snmp.conf
#mibs :
snmptranslate -Tp
Pour DISMAN-EVENT-MIB le pb est résolu
Mais il reste CPQRACK-MIB et CPQIDA-MIB
Cannot find module (CPQRACK-MIB): At line 1 in (none) Cannot find module (CPQIDA-MIB): At line 1 in (none)
git clone https://github.com/simonjj/SnmpMibs cd SnmpMibs cp CPQ* /usr/share/snmp/mibs/ chmod a+r /usr/share/snmp/mibs/CPQ*
Notes
snmpget -t 1 -r 5 -M /usr/local/share/snmp/mibs -v 1 -c public 159.217.18.10:161 cpqRackCommonEnclosureTemp tcpdump -i any -s 0 host hp-array-1.0 and port 161 -n
snmpcheck
Il existe l'ancienne version écrit en Perl et une plus récente écrit en Ruby
Il ne faut pas confondre la commande snmpcheck de Debian (paquet snmp) avec la snmpcheck de http://www.nothink.org/codes/snmpcheck
Debian
apt-get install ruby-snmp
RedHat
yum install ruby gem install snmp
wget http://www.nothink.org/codes/snmpcheck/snmpcheck-1.9.rb chmod +x snmpcheck-1.9.rb ./snmpcheck.rb
nmap -sS 192.168.56.21 snmpcheck -h snmpcheck -t 192.168.56.21
qtmib
GUI SNMP MIB Browser for Linux platforms Liens : https://sourceforge.net/projects/qtmib/
The program comes with a large number of MIBs pre-installed, anything from Cisco’s and Juniper’s to HP’s and Dell’s. You can also install your own MIBs by copying them into ~/.config/qtmib/mibs directory.