一、在思科的路由器上配置SNMP（启用SNMP代理）、开启SNMP服务5、案例：配置网管工作站接收被管设备的陷阱消息（1）启用陷阱消息接收器----打开162端口（2）配置团体名（3）在snmp代理上配置陷阱消息snmp-server host 192.168.4.231 sdxh #配置陷阱消息的目标snmp-server enable traps config #配置启用trap 配置事件（注：只是其中的一种消息类型，可以配置多个）（4）效果二、在思科交换机上配置SNMP1、配置管理地址三、在思科ASA上启用SNMP1、防火墙只支持只读SNMP2、SNMPv3支持更强的认证：用户名、认证密钥、加密密钥四、在Windows Server上启用SNMP在Linux中启用SNMP五、五、在1、yum仓库的配置（以本地光盘为yum安装源）mount /dev/cdrom /media/cdrom/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release 导入签名密钥1）、vi /etc/yum.repos.d/rhel6.repo[rhel-source] #仓库的名称name=Red Hat Enterprise Linux $releasever - $basearch - Source #描述baseurl=file:///media/cdrom #位置enabled=1 #启用仓库gpgcheck=1 #启用签名检查gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release #签名密钥3）、相关软件包将snmp服务设为开机自动启动：修改允许查看的MIB库信息87 view all included .1 8091 view mib2 included .dod.internet.mgmt.mib-2 fc 设置团体名的权限（在文件的结尾）snmpwalk -v 2c 192.168.4.213 -c sdxh systemsnmpwalk -v 2c 192.168.4.254 -c sdxh ifDescr.1snmpnetstat -v 2c -c sdxh -Ca -Cp tcp 192.168.4.213 #查看tcp连接启用SNMP-V3：3、【补充】Setting Up SNMPThis HowTo will explain how to install and configure the Net-SNMP agent. At time of writing, the latest version available is 5.4 (published on 12/06/2006).Getting Net-SNMP binariesDepending on your operating system, you'll find packages or tarballs to install Net-SNMP :LinuxUsually every Linux distribution comes with Net-SNMP packages :RedHat / Fedora : install the net-snmp, net-snmp-libs and net-snmp-utils packagesDebian / Ubuntu: install the libsnmp-base, libsnmp5, snmp and snmpd packagesSuSE : install the net-snmp packageGentoo : simply emerge the net-snmp ebuildMandriva : install the libnet-snmp5, net-snmp and net-snmp-utils packages.agentaddress 10.20.30.40:10000You can also make it listens on TCP, which is supported by Cactiagentaddress tcp:161The “tcp” keyword can then be used in Cacti :For those who want some more security, you can use the SNMP version 3 protocol, with MD5 or SHA hashing:createUser frederic MD5 mypassphrase DESgroup groupv3 usm fredericview all included .iso 80access groupv3 "" any auth exact all all allThis creates a user “frederic” whose password is “mypassphrase”. To test it:# snmpget -v 3 -l AuthNoPriv -u frederic -A mypassphrase 10.50.80.45 sysName.0SNMPv2-MIB::sysName.0 = STRING: cyclopesIn Cacti, add your device, choose SNMP version 3, and fill the username and password fields:Now that you're done with access control, add these 2 lines in snmpd.conf to indicate the location and contact name of your device:syslocation Bat. C2syscontact someone@They will then appear in Cacti management interface :Some OIDs return a unit, eg ”-153.1 dBm”.It's a safe idea to turn this off, by adding this to snmpd.conf:dontPrintUnits trueNext step is to graph filesystems in Cacti; the easyest way is to add this line in snmpd.conf:includeAllDisksWhen you'll run the “ucd/net - Get Monitored Partitions” Data Query, all the mounted filesystems will show up:If you want a filesystem not to be listed here, add this line to snmpd.conf:ignoredisk /dev/rdsk/c0t2d0Unfortunatly, some older versions of Net-SNMP do not fully work with the includeAllDisks keywordYou'll then have to list explicitly all filesystems you want to graph:disk /disk /usrdisk /vardisk /oracleYou can also specify NFS mount points.Please note that the Net-SNMP agent can only report filesystems which where mounted before its start.If you manually mount filesystems later, you'll have to reload the Net-SNMP agent (send the HUP signal).You can also graph processes, by adding this to snmpd.conf:proc httpdThe result will be accessible under the ucdavis.prTable.prEntry tree:prCount, number of current processes running with the name in questionprNames, the process name you're counting.In our example, the number of Apache processes will be available under the .1.3.6.1.4.1.2021.2.1.5 OID Some useful mib modules are:mibII/mta_sendmail, to graph MTA (Sendmail, Postfix, etc.) statisticsdiskio, to enable to graph I/O statisticsucd-snmp/lmSensors, for hardware monitoring (Linux and Solaris only)Mib modules can be added like this:$ ./configure --with-mib-modules="module1 module2"To compile Net-SNMP and build a compressed archive, follow these steps:$ ./configure --with-your-options$ make# mkdir /usr/local/dist# make install prefix=/usr/local/dist/usr/local exec_prefix=/usr/local/dist/usr/local# cd /usr/local/dist# tar cvf /tmp/net-snmp-5.3.1-dist.tar usr# gzip /tmp/net-snmp-5.3.1-dist.tar# rm -rf /usr/local/distYou can then copy the /tmp/net-snmp-5.3.1-dist.tar.gz file to other servers, and uncompress it from the root directory (everything will get extracted to /usr/local).Test your configurationOnce Net-SNMP is configured and started, here's how to test it:$ snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.1.1.0SNMPv2-MIB::sysDescr.0 = STRING: Linux cronos 2.4.28 #2 SMP ven jan 14 14:12:01 CET 2005 i686This basic query shows that your Net-SNMP agent is reachable.You can even query which Net-SNMP version is running on a host:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.100.2.0UCD-SNMP-MIB::versionTag.0 = STRING: 5.2.1.2An answer like that one$ snmpwalk -v 1 -c foo localhost .1.3.6.1.2.1.1.1.0Timeout: No Response from localhostindicates that either the agent is not started, or that the community string is incorrect, or that this device is unreachable. Check your community string, add firewall rules if necessary, etc.If using SNMP version 3, specifying an unknown user will result in this error message :$ snmpget -v 3 -l AuthNoPriv -u john -A mypassphrase 10.50.80.45 sysName.0snmpget: Unknown user nameAn incorrect passphrase will result in this error message :$ snmpget -v 3 -l AuthNoPriv -u frederic -A badpassphrase 10.50.80.45 sysName.0snmpget: Authentication failure (incorrect password, community or key)This query will show you what filesystems are mounted:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9.1.2UCD-SNMP-MIB::dskPath.1 = STRING: /UCD-SNMP-MIB::dskPath.2 = STRING: /BBUCD-SNMP-MIB::dskPath.3 = STRING: /dev/shmIf the answer is empty, usually it means the includeAllDisks is not supported by your Net-SNMP agent (you'll have to list each filesystem you want to graph as explained in previous chapter).Finally, this query will you display your network interfaces:$ snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.2.2.1.2IF-MIB::ifDescr.1 = STRING: loIF-MIB::ifDescr.2 = STRING: eth0IF-MIB::ifDescr.3 = STRING: eth1Extending the SNMP AgentA great functionnality of Net-SNMP is that you can “extend” it.Let's run the /tmp/foo.sh script:$ /tmp/foo.sh -arg1123Now put this in snmpd.conf:exec foo /bin/sh /tmp/foo.sh -arg1The result of your script will be accessible under the ucdavis.extTable.extEntry tree: * output of the script :ucdavis.extTable.extEntry.extOutput * exit status: ucdavis.extTable.extEntry.extResult * command:ucdavis.extTable.extEntry.extCommandYou can check the result with this SNMP query:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8.1UCD-SNMP-MIB::extIndex.1 = INTEGER: 1UCD-SNMP-MIB::extNames.1 = STRING: fooUCD-SNMP-MIB::extCommand.1 = STRING: /bin/sh /tmp/foo.sh -arg1UCD-SNMP-MIB::extResult.1 = INTEGER: 0UCD-SNMP-MIB::extOutput.1 = STRING: 123UCD-SNMP-MIB::extErrFix.1 = INTEGER: 0UCD-SNMP-MIB::extErrFixCmd.1 = STRING:extOutput translates to .1.3.6.1.4.1.2021.8.1.101 As “foo” is our first exec directive, add .1 at the end of the OID.In Cacti, use the “SNMP - Generic OID Template” like this:Voila! Result of the /tmp/foo.sh script is now graphed in Cacti.Now let's run this second script, which returns more than one result:$ /tmp/bar.sh456789It returns two values, one per line (this is important).Another way to call scripts from snmpd.conf is by specifying an OID, like this:exec .1.3.6.1.4.1.2021.555 /bin/sh /tmp/bar.shRun this query:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.555UCD-SNMP-MIB::ucdavis.555.1.1 = INTEGER: 1UCD-SNMP-MIB::ucdavis.555.2.1 = STRING: "/bin/sh"UCD-SNMP-MIB::ucdavis.555.3.1 = STRING: "/tmp/bar.sh"UCD-SNMP-MIB::ucdavis.555.100.1 = INTEGER: 0UCD-SNMP-MIB::ucdavis.555.101.1 = STRING: "456"UCD-SNMP-MIB::ucdavis.555.101.2 = STRING: "789"UCD-SNMP-MIB::ucdavis.555.102.1 = INTEGER: 0UCD-SNMP-MIB::ucdavis.555.103.1 = ""First line returned by the script will be available at .1.3.6.1.4.1.2021.555.101.1, second one at .1.3.6.1.4.1.2021.555.101.2, and so on.You can then use the “SNMP - Generic OID Template” in Cacti (one Data Source per OID).Let's say you want to count the number of entries in a log file. Add this to snmpd.conf:logmatch cactistats /home/cactiuser/cacti/log/cacti.log 120 SYSTEM STATS* the global count of matches will be available under the .1.3.6.1.4.1.2021.16.2.1.5.1 OID * the “Regex match counter” (which is reset with each file rotation) will be available under the .1.3.6.1.4.1.2021.16.2.1.7.1 OIDTo list all the available variables, use this query:$ snmpwalk -v 1 -c public localhost logMatchUCD-SNMP-MIB::logMatchMaxEntries.0 = INTEGER: 50UCD-SNMP-MIB::logMatchIndex.1 = INTEGER: 1UCD-SNMP-MIB::logMatchName.1 = STRING: cactistatsUCD-SNMP-MIB::logMatchFilename.1 = STRING: /home/cactiuser/cacti/log/cacti.logUCD-SNMP-MIB::logMatchRegEx.1 = STRING: SYSTEM STATSUCD-SNMP-MIB::logMatchGlobalCounter.1 = Counter32: 301634UCD-SNMP-MIB::logMatchGlobalCount.1 = INTEGER: 301634UCD-SNMP-MIB::logMatchCurrentCounter.1 = Counter32: 6692UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 6692https:///autho/forms/CDClogin.html# 获取端口Index[root@redhat mibs]# snmpwalk -v 2c 192.168.4.254 -c sdxh 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifIndex.1 = INTEGER: 1IF-MIB::ifIndex.2 = INTEGER: 2IF-MIB::ifIndex.3 = INTEGER: 3# 获取端口列表及其描述[root@redhat mibs]# snmpwalk -v 2c 192.168.4.254 -c sdxh 1.3.6.1.2.1.2.2.1.2 IF-MIB::ifDescr.1 = STRING: FastEthernet0/0# 以下为获取交换机第2个端口（INT E GE R: 2）所连接主机的M AC地址操作例子################################### 步骤 1 ##############################snmpwalk -v 2c -c Pub_PCon9-CT 192.168.232.25 1.3.6.1.2.1.17.4.3.1 | grep -w "INTEGER: 2"返回结果：SNMPv2-SMI::mib-2.17.4.3.1.2.0.7.233.63.136.173 = INTEGER: 2################################### 步骤 2 ############################### 从以上步骤1的返回结果获取粗体字"0.7.233.63.136.173" ，并执行以下命令snmpwalk -v 2c -c Pub_PCon9-CT 192.168.232.25 1.3.6.1.2.1.17.4.3.1 | grep "0.7.233.63.136.173" | grep "mib-2.17.4.3.1.1"返回结果：SNMPv2-SMI::mib-2.17.4.3.1.1.0.7.233.63.136.173 = Hex-STRING: 00 07 E9 3F 88 AD00 07 E9 3F 88 AD为交换机的第2口所连接的主机网卡地址################################### 步骤 3 ##############################snmpwalk -v 2c -c Pub_PCon9-CT 192.168.232.25 1.3.6.1.2.1.17.1.4.1.2 | grep -w "SNMPv2-SMI::mib-2.17.1.4.1.2.2"这里的红色2是步骤1的 INTEGER: 2返回结果：SNMPv2-SMI::mib-2.17.1.4.1.2.2 = INTEGER: 2步骤3中获取到的INTEGER: 2才是对应的IfIndexsnmpwalk -v 2c -c Pub_PCon9-CT 192.168.232.41 1.3.6.1.2.1.17.4.3.1.1snmpwalk -v 2c -c Pub_PCon9-CT 192.168.232.41 1.3.6.1.2.1.17.4.3.1.2snmpwalk -v 2c -c Pub_PCon9-CT 192.168.232.41 1.3.6.1.2.1.17.1.4.1.2/en/US/tech/tk648/tk362/technologies_tech_note09186a00801576ff.shtml在华为-H3C设备上启用SNMP服务六、六、在华为在线文档：实验环境：1、开启SNMP-Agent<Huawei> system-view[Huawei]interface g0/0/1[Huawei]acl 2001[Huawei]snmp-agent community write xinhua acl 20013、配置SNMP trap消息[AR2220]snmp-agent target-host trap-hostname mbxb address 192.168.4.231 udp-port 162 trap-paramsname sdxh4、保存配置七、在华为交换机上启用SNMP华为交换机的基本操作：[Huawei]interface vlanif 1[Huawei-Vlanif1]ip address 192.168.1.4 24[Huawei]interface GigabitEthernet0/0/1port link-type access #设置接口的类型-accessport default vlan 1 #设置默认VLANundo shutdown[Huawei]snmp-agent community read xinhua[Huawei]snmp-agent sys-info contact 12345[Huawei]snmp-agent sys-info location jinanshi[Huawei]snmp-agent sys-info version all[Huawei]snmp-agent target-host trap address udp-domain 192.168.1.230 udp-port 162 params securityname xinhua [Huawei]snmp-agent trap enable。