科创园

科创园地,分享技术知识,为科技助力发展,贡献一己之力。
  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

NetSNMP开源代码学习——小试牛刀

Posted on 2017-02-28 09:47  科创园  阅读(2061)  评论(0编辑  收藏  举报

原创作品,转载请注明出处,严禁非法转载。如有错误,请留言!

email:40879506@qq.com

题外话:技术越是古董级的东西,越是值得学习。

一. 配置

   参考: http://www.cnblogs.com/oloroso/p/4595123.html

./configure --prefix=/usr/local/net-snmp --with-default-snmp-version=2c --with-sys-contact="xxx@163.com" --with-sys-location="China" --with-logfile="/var/log/snmpd.log" --with-persistent-directory=/var/net-snmp/ --enable-applications --enable-ipv6 --with-out-transports="TCP TCPv6 Unix" --with-transports="Callback UDP UDPIPv6"  --disable-nls --enable-shared --enable-static --disable-embedded-perl

最后输出配置简要如下,说明配置成功。如果遇到缺少perl之类的库错误,说明需要安装依赖库,常用命令是suod apt-get install libxxx-dev或者xxx-dev或者libxxx

---------------------------------------------------------
            Net-SNMP configuration summary:
---------------------------------------------------------

  SNMP Versions Supported:    1 2c 3
  Net-SNMP Version:           5.4.4
  Building for:               linux
  Network transport support:  TCPIPv6 Callback UDP UDPIPv6
  SNMPv3 Security Modules:     usm
  Agent MIB code:             default_modules =>  snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host
  Embedded Perl support:      disabled
  SNMP Perl modules:          building -- not embeddable
  SNMP Python modules:        disabled
  Authentication support:     MD5 SHA1
  Encryption support:         DES AES

二. 安装

make && make install

三. 设置环境变量

添加如下一行
# vi /etc/profile
PATH=/usr/local/net-snmp/bin:/usr/local/net-snmp/sbin:$PATH
source  /etc/profile

四. 配置文件

参考 :http://www.cnblogs.com/oloroso/p/4844907.html
以SNMPv2为例
rocommunity             public
rwcommunity             private

五.运行和测试SNMP V2

运行:
snmpd -c /usr/local/net-snmp/share/snmp/snmpd.conf
测试:
root@andy:/home/andy/vm_share/netsnmp/net-snmp-5.4.4# snmpget -v 2c -c public 127.0.0.1 system.sysName.0    
SNMPv2-MIB::sysName.0 = STRING: andy
snmpwalk -v 2c -c public 127.0.0.1 system

六.配置文件内容

参考:以V2为例, 增加一些高级内容,VACM理论可以参考官方文档。这里等以后学习了,再专门分析一下,基于视图的访问控制模型还是值得学习一下,网上也有很多文章滴。

 1 syslocation suzhou_SIP
 2 syscontact localhost
 3 sysname gateway
 4 iquerySecName root
 5 
 6 com2sec public 0.0.0.0 public
 7 com2sec private 0.0.0.0 private
 8 group public v1 public
 9 group private v1 private
10 group public v2c public
11 group private v2c private
12 
13 
14 view all included .1 80
15 access public "" v2c noauth exact all none all
16 access private "" v2c noauth exact none all all

 七.遇到问题
错误:
SNMPv3 report received from remote agent.
Security user name: yy
Security engine ID: 80.00.1F.88.80.3C.89.93.24.CB.C3.B3.58 (hex)
Context name: (zero-length)
Context engine ID: 80.00.1F.88.80.3C.89.93.24.CB.C3.B3.58 (hex)
Authentication protocol: HMAC SHA
Privacy protocol: CFB AES 128
Security level: Authentication And Privacy
Security model: USM
1: usmStatsWrongDigests.0 (counter) 1
原因:认证和加密值不符合要求

 1 Name:    usmStatsWrongDigests
 2 Type:    OBJECT-TYPE
 3 OID:    1.3.6.1.6.3.15.1.1.5
 4 Full path:    iso(1).org(3).dod(6).internet(1).snmpV2(6).snmpModules(3).snmpUsmMIB(15).usmMIBObjects(1).usmStats(1).usmStatsWrongDigests(5)
 5 Module:    SNMP-USER-BASED-SM-MIB
 6 
 7 Parent:    usmStats
 8 Prev sibling:    usmStatsUnknownEngineIDs
 9 Next sibling:    usmStatsDecryptionErrors
10 
11 Numerical syntax:    Counter (32 bit)
12 Base syntax:    Counter32
13 Composed syntax:    Counter32
14 Status:    current
15 Max access:    read-only
16 
17 Description:    The total number of packets received by the SNMP
18      engine which were dropped because they didn't
19      contain the expected digest value.
View Code

解决办法:
检查认证值和加密值长度是否符合最低要求。或者修改usmStatsWrongDigests里面的函数检查。

八.参考

http://www.cnblogs.com/oloroso/p/4844907.html
http://www.net-snmp.org/wiki/index.php/Tutorials