24.6.3. Configuring Net-SNMP
To change the Net-SNMP Agent Daemon configuration, edit the /etc/snmp/snmpd.conf configuration file. The default snmpd.conf file shipped with Red Hat Enterprise Linux 6 is heavily commented and serves as a good starting point for agent configuration.
This section focuses on two common tasks: setting system information and configuring authentication. For more information about available configuration directives, see the snmpd.conf (5) manual page. Additionally, there is a utility in the net-snmp package named snmpconf which can be used to interactively generate a valid agent configuration.
Note that the net-snmp-utils package must be installed in order to use the snmpwalk utility described in this section.
For any changes to the configuration file to take effect, force the snmpd service to re-read the configuration by running the following command as root :
24.6.3.1. Setting System Information
Net-SNMP provides some rudimentary system information via the system tree. For example, the following snmpwalk command shows the system tree with a default agent configuration.
~]# snmpwalk -v2c -c public localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-122.el6.x86_64 #1 SMP Wed Mar 9 23:54:34 EST 2011 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (99554) 0:16:35.54 SNMPv2-MIB::sysContact.0 = STRING: Root (configure /etc/snmp/snmp.local.conf) SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf) By default, the sysName object is set to the host name. The sysLocation and sysContact objects can be configured in the /etc/snmp/snmpd.conf file by changing the value of the syslocation and syscontact directives, for example:
syslocation Datacenter, Row 3, Rack 2 syscontact UNIX Admin
After making changes to the configuration file, reload the configuration and test it by running the snmpwalk command again:
~]#service snmpd reloadReloading snmpd: [ OK ] ~]#snmpwalk -v2c -c public localhost systemSNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-122.el6.x86_64 #1 SMP Wed Mar 9 23:54:34 EST 2011 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (158357) 0:26:23.57 SNMPv2-MIB::sysContact.0 = STRING: UNIX Admin SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 3, Rack 2
24.6.3.2. Configuring Authentication
The Net-SNMP Agent Daemon supports all three versions of the SNMP protocol. The first two versions (1 and 2c) provide for simple authentication using a community string. This string is a shared secret between the agent and any client utilities. The string is passed in clear text over the network however and is not considered secure. Version 3 of the SNMP protocol supports user authentication and message encryption using a variety of protocols. The Net-SNMP agent also supports tunneling over SSH, TLS authentication with X.509 certificates, and Kerberos authentication.
Configuring SNMP Version 2c Community
To configure an SNMP version 2c community , use either the rocommunity or rwcommunity directive in the /etc/snmp/snmpd.conf configuration file. The format of the directives is the following:
directive community [source [OID]] where community is the community string to use, source is an IP address or subnet, and OID is the SNMP tree to provide access to. For example, the following directive provides read-only access to the system tree to a client using the community string “ redhat ” on the local machine:
rocommunity redhat 127.0.0.1 .1.3.6.1.2.1.1
~]# snmpwalk -v2c -c redhat localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-122.el6.x86_64 #1 SMP Wed Mar 9 23:54:34 EST 2011 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (158357) 0:26:23.57 SNMPv2-MIB::sysContact.0 = STRING: UNIX Admin SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 3, Rack 2 Configuring SNMP Version 3 User
To configure an SNMP version 3 user , use the net-snmp-create-v3-user command. This command adds entries to the /var/lib/net-snmp/snmpd.conf and /etc/snmp/snmpd.conf files which create the user and grant access to the user. Note that the net-snmp-create-v3-user command may only be run when the agent is not running. The following example creates the “ admin ” user with the password “ redhatsnmp ” :
~]#service snmpd stopStopping snmpd: [ OK ] ~]#net-snmp-create-v3-userEnter a SNMPv3 user name to create: admin Enter authentication pass-phrase: redhatsnmp Enter encryption pass-phrase: [press return to reuse the authentication pass-phrase] adding the following line to /var/lib/net-snmp/snmpd.conf: createUser admin MD5 "redhatsnmp" DES adding the following line to /etc/snmp/snmpd.conf: rwuser admin ~]#service snmpd startStarting snmpd: [ OK ]
The rwuser directive (or rouser when the -ro command-line option is supplied) that net-snmp-create-v3-user adds to /etc/snmp/snmpd.conf has a similar format to the rwcommunity and rocommunity directives:
directive user [noauth|auth|priv] [OID]
where user is a user name and OID is the SNMP tree to provide access to. By default, the Net-SNMP Agent Daemon allows only authenticated requests (the auth option). The noauth option allows you to permit unauthenticated requests, and the priv option enforces the use of encryption. The authpriv option specifies that requests must be authenticated and replies should be encrypted.
To test the configuration, create a .snmp directory in your user’s home directory and a configuration file named snmp.conf in that directory ( ~/.snmp/snmp.conf ) with the following lines:
defVersion 3 defSecurityLevel authPriv defSecurityName admin defPassphrase redhatsnmp
~]$ snmpwalk -v3 localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-122.el6.x86_64 #1 SMP Wed Mar 9 23:54:34 EST 2011 x86_64 [output truncated] How to use SNMP and MRTG to monitor the network traffic load on Red Hat Enterprise Linux
Simple Network Management Protocol (SNMP) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl MIB browser. This package contains the snmpd and snmptrapd daemons, documentation, etc.
In addition to this, install the net-snmp-utils package, which contains NET-SNMP utilities.
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing PNG images which provide a live visual representation of this traffic.
Usually SNMP gets the network traffic from network devices. MRTG can get the traffic from SNMP then translate it to an image and output a HTML web page for users.
Below is the procedure to install and configure the snmp and mrtg . For this example, assume the IP address is 192.168.0.20 .
Be sure the packages listed below are installed. Use the rpm -qa packagename command to check and up2date to install any missing packages.
net-snmp-libs net-snmp net-snmp-devel net-snmp-perl net-snmp-utils mrtg Edit the /etc/snmpd/snmpd.conf file (in the position near line 62 and line 89), changing this line:
access notConfigGroup "" any noauth exact systemview none none to access notConfigGroup "" any noauth exact mib2 none none In the same file, uncomment this line by removing the pound sign ( # ):
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc Save the file and restart the snmpd service:
service snmpd restart chkconfig snmpd on Now that snmp is configured, the next step is to configure mrtg software. The mrtg package installs to the directory /var/www/mrtg , so change to the directory and run the following command to generate the mrtg configuration file:
# cd /var/www/mrtg # cfgmaker --global "WorkDir: /var/www/html/mrtg" --global "Options[_]: growright,bits" --output=/var/www/mrtg/mrtg.cfg public@192.168.0.20 Now in the /var/www/mrtg directory , there is a file mrtg.cfg generated which is the mrtg configuration file.
After snmp and mrtg are configured, configure the Apache web server to serve out the mrtg pages. Start by editing the /etc/httpd/conf/httpd.conf file. Edit the section DocumentRoot section as below:
DocumentRoot "/var/www/html/mrtg" Now, create that directory:
# service httpd start # chkconfig httpd on Next, generate the index of the web page as follows:
# indexmaker --output=/var/www/html/mrtg/index.html --Title=NetTraffic /var/www/mrtg/mrtg.cfg Start the monitor program as follows:
If there is a warning message, run this command:
# env LANG=C /usr/bin/mrtg /var/www/mrtg/mrtg.cfg To test the set up, go to the machine’s address—for example http://192.168.0.20 . There will be a web page with network statistics.
Adding a cron job will run the commands to get the network status regularly. Here is an example:
* /5* * * * /usr/bin/mrtg /var/www/mrtg/mrtg.cfg For more information about snmp and mrtg , see their man pages.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
24.6. Monitoring Performance with Net-SNMP
Red Hat Enterprise Linux 6 includes the Net-SNMP software suite, which includes a flexible and extensible Simple Network Management Protocol ( SNMP ) agent. This agent and its associated utilities can be used to provide performance data from a large number of systems to a variety of tools which support polling over the SNMP protocol.
This section provides information on configuring the Net-SNMP agent to securely provide performance data over the network, retrieving the data using the SNMP protocol, and extending the SNMP agent to provide custom performance metrics.
24.6.1. Installing Net-SNMP
The Net-SNMP software suite is available as a set of RPM packages in the Red Hat Enterprise Linux software distribution. Table 24.2, “Available Net-SNMP packages” summarizes each of the packages and their contents.
Table 24.2. Available Net-SNMP packages
| Package | Provides |
|---|---|
| net-snmp | The SNMP Agent Daemon and documentation. This package is required for exporting performance data. |
| net-snmp-libs | The netsnmp library and the bundled management information bases (MIBs). This package is required for exporting performance data. |
| net-snmp-utils | SNMP clients such as snmpget and snmpwalk . This package is required in order to query a system’s performance data over SNMP. |
| net-snmp-perl | The mib2c utility and the NetSNMP Perl module. |
| net-snmp-python | An SNMP client library for Python. |
For example, to install the SNMP Agent Daemon and SNMP clients used in the rest of this section, type the following at a shell prompt:
~]# yum install net-snmp net-snmp-libs net-snmp-utils Note that you must have superuser privileges (that is, you must be logged in as root ) to run this command. For more information on how to install new packages in Red Hat Enterprise Linux, see Section 8.2.4, “Installing Packages”.