snmpd.conf config...

[SCaRaBaeuS]

Hi,

i got a problem with my snmpd.conf file.. because i dont know what to put into it.. Because i cant get my traffic working with cacti.. it seems it needs snmpd.conf to be correctly..

But nowhere i can find a good setup for it..

can anybody help me?

thanks
PS

i got this now:

Code: Select all

rocommunity  public
rwcommunity  public

[egarnel]

Here is a snippet from a basic snmpd.conf file

Code: Select all

#       sec.name  source          community
com2sec notConfigUser  default       Your_snmp_community

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

####
# Third, create a view for us to let the group have rights to:

#       name           incl/excl     subtree         mask(optional)
view    systemview     included      .1

Whatever you do, get rid of rwcommunity of "public" Unless you have a need to make changes via snmp, it should be read only & locked down in the config , allowed thru iptables ONLY to trusted networks/hosts as well as bound to the "trusted" side interface

Do a man snmpd.conf & google on it for more details & features

[SCaRaBaeuS]

thanks i will look into it..

only it suxs no where can anything be found about interfaces.. only in man pages, but then i dont know what to fill in

[egarnel]

Yanked this off a google groups search

Code: Select all

The workround would be to get net-snmp to listen on specific interfaces
only.

e.g. this sort of thing in snmpd.conf:

# Enable this line to listen on specific interfaces by ip
# Ports to listen on - instead of just listening on 161@0.0.0.0
agentaddress 161@127.0.0.1,161@10.0.0.3

In this case the address of the arriving socket for any given packet is
explicit ( i.e. not 0.0.0.0 ),
and hence the reply packet's source is independent of the kernel routing
table.

[BWare]

only it suxs no where can anything be found about interfaces.. only in man pages, but then i dont know what to fill in

Try running the snmpconf tool... this generates a config after you answer a few questions. Interfaces are enabled by default, so if snmpd is running and you can query it, you can get the interface statistics out of it as well.

Code: Select all

###########################################################################
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#
###########################################################################
syslocation  "Outer Space"
syscontact  me@mydomain.tld

# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number
sysservices 78

rocommunity  public
rwcommunity private 

disk  /
disk  /usr

[SCaRaBaeuS]

well that i dont mean..

i mean the interface so i can monitor that
like this:

Code: Select all

## 
## type and speed of interfaces: 
## if the last char is an asterisk, any suffix will match. 
## 
interface:    lo0    24    20000000 
interface:    eth0     6    10000000 
interface:    sl*    28    38400 
interface:    ppp*    23    38400 

That comes from the example.conf.. but have no clue what to do with it :s

[BWare]

I never specify any interface in my configs... as I said... it comes out-of-the-box, no need to configure it.

Code: Select all

snmpd -v

NET-SNMP version:  5.0.9
Web:               http://www.net-snmp.org/
Email:             net-snmp-coders@lists.sourceforge.net

[egarnel]

same here

[SCaRaBaeuS]

well call me crazy, but this is what i got:
snmpd.conf:

###########################################################################
#
# snmpd.conf
#
# - created by the snmpconf configuration program
#
###########################################################################
# SECTION: Extending the Agent
#
# You can extend the snmp agent to have it return information
# that you yourself define.

# exec: run a simple command using exec()
# arguments: [oid] name /path/to/executable arguments






###########################################################################
# SECTION: Access Control Setup
#
# This section defines who is allowed to talk to your running
# snmp agent.

# rocommunity: a SNMPv1/SNMPv2c read-only access community name
# arguments: community [default|hostname|network/bits] [oid]

rocommunity public



###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
# The following check up on various aspects of a host.

# proc: Check for processes that should be running.
# proc NAME [MAX=0] [MIN=0]
#
# NAME: the name of the process to check for. It must match
# exactly (ie, http will not find httpd processes).
# MAX: the maximum number allowed to be running. Defaults to 0.
# MIN: the minimum number to be running. Defaults to 0.
#
# The results are reported in the prTable section of the UCD-SNMP-MIB tree
# Special Case: When the min and max numbers are both 0, it assumes
# you want a max of infinity and a min of 1.

#proc

# disk: Check for disk space usage of a partition.
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
#
# disk PATH [MIN=100000]
#
# PATH: mount path to the disk in question.
# MIN: Disks with space below this value will have the Mib's errorFlag set.
# Can be a raw byte value or a percentage followed by the %
# symbol. Default value = 100000.
#
# The results are reported in the dskTable section of the UCD-SNMP-MIB tree

disk /






###########################################################################
# SECTION: System Information Setup
#
# This section defines some of the information reported in
# the "system" mib group in the mibII tree.

# syslocation: The [typically physical] location of the system.
# Note that setting this value here means that when trying to
# perform an snmp SET operation to the sysLocation.0 variable will make
# the agent return the "notWritable" error code. IE, including
# this token in the snmpd.conf file will disable write access to
# the variable.
# arguments: location_string

syslocation Amsterdam

# syscontact: The contact information for the administrator
# Note that setting this value here means that when trying to
# perform an snmp SET operation to the sysContact.0 variable will make
# the agent return the "notWritable" error code. IE, including
# this token in the snmpd.conf file will disable write access to
# the variable.
# arguments: contact_string

syscontact scarab@only4clans.com

# sysservices: The proper value for the sysServices object.
# arguments: sysservices_number

sysservices 78

snmpd version:

[root@www qmailrocks]# snmpd -v

NET-SNMP version: 5.1.1
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net

still my interfaces wont be graphed.. i want to see my traffic and total traffic but this wont work.. so need help!

[wirelessit]

Hello,
have you figured out what needs to be done in the host so that cacti would graph the traffic thru eth0?
I'm going thru exactly the same issue right now...
I've explained the details in my other post:

http://forums.cacti.net/about11611.html

Thanks in advance for any help!

Regards,
Fred

[gandalf]

still my interfaces wont be graphed.. i want to see my traffic and total traffic but this wont work.. so need help!

To check, if snmpd.conf is set up correctly, please run

Code: Select all

snmpwalk -c <your community string -v 1 <target host> interface

If data is returned, cacti should see them. If not, please goto that Device and Create Graphs for this Host. Please post a screenshot of the interface table
Reinhard

[wirelessit]

I actually got cacti to work... see my recent post in:

http://forums.cacti.net/about11611.html

Thanks for your reply anyway...

P.S. I'm now looking for a way to graph my squid usage... do you know of a good source of info for doing this?

[gandalf]

Of course, I do. See [XML] SquidStats version 0.1 (cacti 0.8.5 only!!!). Don't worry about 0.8.5. It works for current cacti versions. You may have to read through the whole topic and pay attention to the fact, that squids snmp agent does not listen to port 161 (we decided to configure the local snmpd to proxy the requests to squid. If you are interested in this single snmpd.conf line, I may provide this)
Reinhard