Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:cacti_c6:snmp [31.07.2012 14:03. ] djangocentos:cacti_c6:snmp [31.10.2023 18:53. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 1: Zeile 1:
 +====== SNMP (unter CentOS 6.x)======
 +SNMP((**S**imple **N**etwork **M**anagement **P**rotocol, aka **S**ecurity is **N**ot **M**y **P**roblem)) ist ein, von der IETF entwickeltes, Netzwerkprotokoll um Netzwerkelemente (Server, Switche, Router, Drucker, Rechner etc.) von einer zentralen Station aus überwachen und steuern zu können. Weiter Informationen findet man im folgenden [[https://de.wikipedia.org/wiki/Simple_Network_Management_Protocol|Wikipedia-Artikel]].
 +
 +===== Installation =====
 +Falls noch nicht in unserem System vorhanden, installieren wir folgende Pakete:
 +   # yum install net-snmp net-snmp-utils -y
 +
 +==== Paketdetails ====
 +Die Softwarekomponenten, die uns bei der Installation der RPM-Pakete mit in das System gebracht wurden, fragen wir bei Bedarf einafch mit Hilfe ders Befehls **rpm** mit der option **//-qil//** ab.
 +=== net-snmp ===
 +   # rpm -qil net-snmp
 +<code>Name        : net-snmp                     Relocations: (not relocatable)
 +Version     : 5.5                               Vendor: CentOS
 +Release     : 41.el6                        Build Date: Fri 22 Jun 2012 04:39:58 PM CEST
 +Install Date: Tue 10 Jul 2012 10:37:57 PM CEST      Build Host: c6b9.bsys.dev.centos.org
 +Group       : System Environment/Daemons    Source RPM: net-snmp-5.5-41.el6.src.rpm
 +Size        : 835719                           License: BSD
 +Signature   : RSA/SHA1, Mon 25 Jun 2012 12:17:03 AM CEST, Key ID 0946fca2c105b9de
 +Packager    : CentOS BuildSystem <https://bugs.centos.org>
 +URL         : https://net-snmp.sourceforge.net/
 +Summary     : A collection of SNMP protocol tools and libraries
 +Description :
 +SNMP (Simple Network Management Protocol) is a protocol used for
 +network management. The NET-SNMP project includes various SNMP tools:
 +an extensible agent, an SNMP library, tools for requesting or setting
 +information from SNMP agents, tools for generating and handling SNMP
 +traps and a version of the netstat command which uses SNMP. This
 +package contains the snmpd and snmptrapd daemons, documentation, etc.
 +
 +You will probably also want to install the net-snmp-utils package,
 +which contains NET-SNMP utilities.
 +/etc/rc.d/init.d/snmpd
 +/etc/rc.d/init.d/snmptrapd
 +/etc/snmp
 +/etc/snmp/snmpd.conf
 +/etc/snmp/snmptrapd.conf
 +/etc/sysconfig/snmpd
 +/etc/sysconfig/snmptrapd
 +/usr/bin/net-snmp-create-v3-user
 +/usr/bin/snmpconf
 +/usr/sbin/snmpd
 +/usr/sbin/snmptrapd
 +/usr/share/doc/net-snmp-5.5
 +/usr/share/doc/net-snmp-5.5/AGENT.txt
 +/usr/share/doc/net-snmp-5.5/COPYING
 +/usr/share/doc/net-snmp-5.5/ChangeLog.trimmed
 +/usr/share/doc/net-snmp-5.5/EXAMPLE.conf
 +/usr/share/doc/net-snmp-5.5/FAQ
 +/usr/share/doc/net-snmp-5.5/NEWS
 +/usr/share/doc/net-snmp-5.5/PORTING
 +/usr/share/doc/net-snmp-5.5/README
 +/usr/share/doc/net-snmp-5.5/README.agent-mibs
 +/usr/share/doc/net-snmp-5.5/README.agentx
 +/usr/share/doc/net-snmp-5.5/README.krb5
 +/usr/share/doc/net-snmp-5.5/README.mib2c
 +/usr/share/doc/net-snmp-5.5/README.snmpv3
 +/usr/share/doc/net-snmp-5.5/README.thread
 +/usr/share/doc/net-snmp-5.5/TODO
 +/usr/share/doc/net-snmp-5.5/ipf-mod.pl
 +/usr/share/doc/net-snmp-5.5/passtest
 +/usr/share/man/man1/net-snmp-create-v3-user.1.gz
 +/usr/share/man/man1/snmpconf.1.gz
 +/usr/share/man/man5/snmp_config.5.gz
 +/usr/share/man/man5/snmpd.conf.5.gz
 +/usr/share/man/man5/snmpd.examples.5.gz
 +/usr/share/man/man5/snmpd.internal.5.gz
 +/usr/share/man/man5/snmptrapd.conf.5.gz
 +/usr/share/man/man5/variables.5.gz
 +/usr/share/man/man8/snmpd.8.gz
 +/usr/share/man/man8/snmptrapd.8.gz
 +/usr/share/snmp
 +/usr/share/snmp/snmpconf-data
 +/usr/share/snmp/snmpconf-data/snmp-data
 +/usr/share/snmp/snmpconf-data/snmp-data/authopts
 +/usr/share/snmp/snmpconf-data/snmp-data/debugging
 +/usr/share/snmp/snmpconf-data/snmp-data/mibs
 +/usr/share/snmp/snmpconf-data/snmp-data/output
 +/usr/share/snmp/snmpconf-data/snmp-data/snmpconf-config
 +/usr/share/snmp/snmpconf-data/snmpd-data
 +/usr/share/snmp/snmpconf-data/snmpd-data/acl
 +/usr/share/snmp/snmpconf-data/snmpd-data/basic_setup
 +/usr/share/snmp/snmpconf-data/snmpd-data/extending
 +/usr/share/snmp/snmpconf-data/snmpd-data/monitor
 +/usr/share/snmp/snmpconf-data/snmpd-data/operation
 +/usr/share/snmp/snmpconf-data/snmpd-data/snmpconf-config
 +/usr/share/snmp/snmpconf-data/snmpd-data/system
 +/usr/share/snmp/snmpconf-data/snmpd-data/trapsinks
 +/usr/share/snmp/snmpconf-data/snmptrapd-data
 +/usr/share/snmp/snmpconf-data/snmptrapd-data/authentication
 +/usr/share/snmp/snmpconf-data/snmptrapd-data/formatting
 +/usr/share/snmp/snmpconf-data/snmptrapd-data/logging
 +/usr/share/snmp/snmpconf-data/snmptrapd-data/runtime
 +/usr/share/snmp/snmpconf-data/snmptrapd-data/snmpconf-config
 +/usr/share/snmp/snmpconf-data/snmptrapd-data/traphandle
 +/var/run/net-snmp
 +</code>
 +
 +=== net-snmp-utils ===
 +   # rpm -qil net-snmp-utils
 +<code>Name        : net-snmp-utils               Relocations: (not relocatable)
 +Version     : 5.5                               Vendor: CentOS
 +Release     : 41.el6                        Build Date: Fri 22 Jun 2012 04:39:58 PM CEST
 +Install Date: Tue 17 Jul 2012 09:37:47 PM CEST      Build Host: c6b9.bsys.dev.centos.org
 +Group       : Applications/System           Source RPM: net-snmp-5.5-41.el6.src.rpm
 +Size        : 370527                           License: BSD
 +Signature   : RSA/SHA1, Mon 25 Jun 2012 12:16:15 AM CEST, Key ID 0946fca2c105b9de
 +Packager    : CentOS BuildSystem <https://bugs.centos.org>
 +URL         : https://net-snmp.sourceforge.net/
 +Summary     : Network management utilities using SNMP, from the NET-SNMP project
 +Description :
 +The net-snmp-utils package contains various utilities for use with the
 +NET-SNMP network management project.
 +
 +Install this package if you need utilities for managing your network
 +using the SNMP protocol. You will also need to install the net-snmp
 +package.
 +/usr/bin/encode_keychange
 +/usr/bin/snmpbulkget
 +/usr/bin/snmpbulkwalk
 +/usr/bin/snmpdelta
 +/usr/bin/snmpdf
 +/usr/bin/snmpget
 +/usr/bin/snmpgetnext
 +/usr/bin/snmpinform
 +/usr/bin/snmpnetstat
 +/usr/bin/snmpset
 +/usr/bin/snmpstatus
 +/usr/bin/snmptable
 +/usr/bin/snmptest
 +/usr/bin/snmptranslate
 +/usr/bin/snmptrap
 +/usr/bin/snmpusm
 +/usr/bin/snmpvacm
 +/usr/bin/snmpwalk
 +/usr/share/man/man1/encode_keychange.1.gz
 +/usr/share/man/man1/snmpbulkget.1.gz
 +/usr/share/man/man1/snmpbulkwalk.1.gz
 +/usr/share/man/man1/snmpcmd.1.gz
 +/usr/share/man/man1/snmpconf.1.gz
 +/usr/share/man/man1/snmpdelta.1.gz
 +/usr/share/man/man1/snmpdf.1.gz
 +/usr/share/man/man1/snmpget.1.gz
 +/usr/share/man/man1/snmpgetnext.1.gz
 +/usr/share/man/man1/snmpinform.1.gz
 +/usr/share/man/man1/snmpnetstat.1.gz
 +/usr/share/man/man1/snmpset.1.gz
 +/usr/share/man/man1/snmpstatus.1.gz
 +/usr/share/man/man1/snmptable.1.gz
 +/usr/share/man/man1/snmptest.1.gz
 +/usr/share/man/man1/snmptranslate.1.gz
 +/usr/share/man/man1/snmptrap.1.gz
 +/usr/share/man/man1/snmpusm.1.gz
 +/usr/share/man/man1/snmpvacm.1.gz
 +/usr/share/man/man1/snmpwalk.1.gz
 +/usr/share/man/man5/snmp.conf.5.gz
 +/usr/share/man/man5/variables.5.gz
 +</code>
 +   
 +===== Konfiguration =====   
 +==== erste einfache Konfiguration für SNMP Version V1/V2c ====
 +Die Konfiguration des SNMP-Daemons erfolgt über die Konfigurationsdatei //**/etc/snmp/snmpd.conf**//.
 +
 +<file bash /etc/snmp/snmpd.conf>###############################################################################
 +#
 +# snmpd.conf:
 +#   An example configuration file for configuring the ucd-snmp snmpd agent.
 +#
 +###############################################################################
 +#
 +# This file is intended to only be as a starting point.  Many more
 +# configuration directives exist than are mentioned in this file.  For 
 +# full details, see the snmpd.conf(5) manual page.
 +#
 +# All lines beginning with a '#' are comments and are intended for you
 +# to read.  All other lines are configuration commands for the agent.
 +
 +###############################################################################
 +# Access Control
 +###############################################################################
 +
 +# As shipped, the snmpd demon will only respond to queries on the
 +# system mib group until this file is replaced or modified for
 +# security purposes.  Examples are shown below about how to increase the
 +# level of access.
 +
 +# By far, the most common question I get about the agent is "why won't
 +# it work?", when really it should be "how do I configure the agent to
 +# allow me to access it?"
 +#
 +# By default, the agent responds to the "public" community for read
 +# only access, if run out of the box without any configuration file in 
 +# place.  The following examples show you other ways of configuring
 +# the agent so that you can change the community names, and give
 +# yourself write access to the mib tree as well.
 +#
 +# For more information, read the FAQ as well as the snmpd.conf(5)
 +# manual page.
 +
 +####
 +# First, map the community name "public" into a "security name"
 +
 +#       sec.name  source          community
 +com2sec notConfigUser  default       public
 +
 +####
 +# Second, map the security name into a group name:
 +
 +#       groupName      securityModel securityName
 +group   notConfigGroup v1           notConfigUser
 +group   notConfigGroup v2c           notConfigUser
 +
 +####
 +# Third, create a view for us to let the group have rights to:
 +
 +# Make at least  snmpwalk -v 1 localhost -c public system fast again.
 +#       name           incl/excl     subtree         mask(optional)
 +view    systemview    included   .1.3.6.1.2.1.1
 +view    systemview    included   .1.3.6.1.2.1.25.1.1
 +
 +####
 +# Finally, grant the group read-only access to the systemview view.
 +
 +#       group          context sec.model sec.level prefix read   write  notif
 +access  notConfigGroup ""      any       noauth    exact  systemview none none
 +
 +# -----------------------------------------------------------------------------
 +
 +# Here is a commented out example configuration that allows less
 +# restrictive access.
 +
 +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
 +# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 +
 +##       sec.name  source          community
 +#com2sec local     localhost       COMMUNITY
 +#com2sec mynetwork NETWORK/24      COMMUNITY
 +
 +##     group.name sec.model  sec.name
 +#group MyRWGroup  any        local
 +#group MyROGroup  any        mynetwork
 +#
 +#group MyRWGroup  any        otherv3user
 +#...
 +
 +##           incl/excl subtree                          mask
 +#view all    included  .1                               80
 +
 +## -or just the mib2 tree-
 +
 +#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
 +
 +
 +##                context sec.model sec.level prefix read   write  notif
 +#access MyROGroup ""      any       noauth    0      all    none   none
 +#access MyRWGroup ""      any       noauth    0      all    all    all
 +
 +
 +###############################################################################
 +# Sample configuration to make net-snmpd RFC 1213.
 +# Unfortunately v1 and v2c don't allow any user based authentification, so
 +# opening up the default config is not an option from a security point.
 +#
 +# WARNING: If you uncomment the following lines you allow write access to your
 +# snmpd daemon from any source! To avoid this use different names for your
 +# community or split out the write access to a different community and 
 +# restrict it to your local network.
 +# Also remember to comment the syslocation and syscontact parameters later as
 +# otherwise they are still read only (see FAQ for net-snmp).
 +#
 +
 +# First, map the community name "public" into a "security name"
 +#       sec.name        source          community
 +#com2sec notConfigUser   default         public
 +
 +# Second, map the security name into a group name:
 +#       groupName       securityModel   securityName
 +#group   notConfigGroup  v1              notConfigUser
 +#group   notConfigGroup  v2c             notConfigUser
 +
 +# Third, create a view for us to let the group have rights to:
 +# Open up the whole tree for ro, make the RFC 1213 required ones rw.
 +#       name            incl/excl       subtree mask(optional)
 +#view    roview          included        .1
 +#view    rwview          included        system.sysContact
 +#view    rwview          included        system.sysName
 +#view    rwview          included        system.sysLocation
 +#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
 +#view    rwview          included        at.atTable.atEntry.atPhysAddress
 +#view    rwview          included        at.atTable.atEntry.atNetAddress
 +#view    rwview          included        ip.ipForwarding
 +#view    rwview          included        ip.ipDefaultTTL
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
 +#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
 +#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
 +#view    rwview          included        snmp.snmpEnableAuthenTraps
 +
 +# Finally, grant the group read-only access to the systemview view.
 +#       group          context sec.model sec.level prefix read   write  notif
 +#access  notConfigGroup ""      any       noauth    exact  roview rwview none
 +
 +
 +
 +###############################################################################
 +# System contact information
 +#
 +
 +# It is also possible to set the sysContact and sysLocation system
 +# variables through the snmpd.conf file:
 +
 +syslocation Unknown (edit /etc/snmp/snmpd.conf)
 +syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 +
 +# Example output of snmpwalk:
 +#   % snmpwalk -v 1 localhost -c public system
 +#   system.sysDescr.0 = "SunOS name sun4c"
 +#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 +#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 +#   system.sysContact.0 = "Me <me@somewhere.org>"
 +#   system.sysName.0 = "name"
 +#   system.sysLocation.0 = "Right here, right now."
 +#   system.sysServices.0 = 72
 +
 +
 +###############################################################################
 +# Logging
 +#
 +
 +# We do not want annoying "Connection from UDP: " messages in syslog.
 +# If the following option is commented out, snmpd will print each incoming
 +# connection, which can be useful for debugging.
 +
 +dontLogTCPWrappersConnects yes
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Process checks.
 +#
 +#  The following are examples of how to use the agent to check for
 +#  processes running on the host.  The syntax looks something like:
 +#
 +#  proc NAME [MAX=0] [MIN=0]
 +#
 +#  NAME:  the name of the process to check for.  It must match
 +#         exactly (ie, http will not find httpd processes).
 +#  MAX:   the maximum number allowed to be running.  Defaults to 0.
 +#  MIN:   the minimum number to be running.  Defaults to 0.
 +
 +#
 +#  Examples (commented out by default):
 +#
 +
 +#  Make sure mountd is running
 +#proc mountd
 +
 +#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 +#proc ntalkd 4
 +
 +#  Make sure at least one sendmail, but less than or equal to 10 are running.
 +#proc sendmail 10 1
 +
 +#  A snmpwalk of the process mib tree would look something like this:
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
 +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
 +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
 +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 +#
 +#  Note that the errorFlag for mountd is set to 1 because one is not
 +#  running (in this case an rpc.mountd is, but thats not good enough),
 +#  and the ErrMessage tells you what's wrong.  The configuration
 +#  imposed in the snmpd.conf file is also shown.  
 +
 +#  Special Case:  When the min and max numbers are both 0, it assumes
 +#  you want a max of infinity and a min of 1.
 +#
 +
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Executables/scripts
 +#
 +
 +#
 +#  You can also have programs run by the agent that return a single
 +#  line of output and an exit code.  Here are two examples.
 +#
 +#  exec NAME PROGRAM [ARGS ...]
 +#
 +#  NAME:     A generic name. The name must be unique for each exec statement.
 +#  PROGRAM:  The program to run.  Include the path!
 +#  ARGS:     optional arguments to be passed to the program
 +
 +# a simple hello world
 +
 +#exec echotest /bin/echo hello world
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +#exec shelltest /bin/sh /tmp/shtest
 +
 +# Then, 
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
 +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
 +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
 +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 +
 +# Note that the second line of the /tmp/shtest shell script is cut
 +# off.  Also note that the exit status of 35 was returned.
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# disk checks
 +#
 +
 +# The agent can check the amount of available disk space, and make
 +# sure it is above a set limit.  
 +
 +# disk PATH [MIN=100000]
 +#
 +# PATH:  mount path to the disk in question.
 +# MIN:   Disks with space below this value will have the Mib's errorFlag set.
 +#        Default value = 100000.
 +
 +# Check the / partition and make sure it contains at least 10 megs.
 +
 +#disk / 10000
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
 +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
 +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# load average checks
 +#
 +
 +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
 +#
 +# 1MAX:   If the 1 minute load average is above this limit at query
 +#         time, the errorFlag will be set.
 +# 5MAX:   Similar, but for 5 min average.
 +# 15MAX:  Similar, but for 15 min average.
 +
 +# Check for loads:
 +#load 12 14 14
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Extensible sections.
 +
 +
 +# This alleviates the multiple line output problem found in the
 +# previous executable mib by placing each mib in its own mib table:
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
 +# enterprises.ucdavis.50.1.1 = 1
 +# enterprises.ucdavis.50.2.1 = "shelltest"
 +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
 +# enterprises.ucdavis.50.100.1 = 35
 +# enterprises.ucdavis.50.101.1 = "hello world."
 +# enterprises.ucdavis.50.101.2 = "hi there."
 +# enterprises.ucdavis.50.102.1 = 0
 +
 +# Now the Output has grown to two lines, and we can see the 'hi
 +# there.' output as the second line from our shell script.
 +#
 +# Note that you must alter the mib.txt file to be correct if you want
 +# the .50.* outputs above to change to reasonable text descriptions.
 +
 +# Other ideas:
 +
 +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
 +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
 +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Pass through control.
 +
 +
 +# Usage:
 +#   pass MIBOID EXEC-COMMAND
 +#
 +# This will pass total control of the mib underneath the MIBOID
 +# portion of the mib to the EXEC-COMMAND.  
 +#
 +# Note:  You'll have to change the path of the passtest script to your
 +# source directory or install it in the given location.
 +
 +# Example:  (see the script for details)
 +#           (commented out here since it requires that you place the
 +#           script in the right location. (its not installed by default))
 +
 +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
 +# enterprises.ucdavis.255.1 = "life the universe and everything"
 +# enterprises.ucdavis.255.2.1 = 42
 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 +# enterprises.ucdavis.255.5 = 42
 +# enterprises.ucdavis.255.6 = Gauge: 42
 +#
 +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
 +# enterprises.ucdavis.255.5 = 42
 +#
 +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
 +# enterprises.ucdavis.255.1 = "New string"
 +#
 +
 +# For specific usage information, see the man/snmpd.conf.5 manual page
 +# as well as the local/passtest script used in the above example.
 +
 +###############################################################################
 +# Further Information
 +#
 +#  See the snmpd.conf manual page, and the output of "snmpd -H".
 +
 +</file>
 +
 +Im ersten Step wollen wir mal erreichen, dass mit einem gesonderten Passwort der Zugriff von der lokalen Maschine via **localhost** und aus dem eignenen Netzsegment nur noch antwortet. 
 +Die Vorgabemusterdatei passen wir nun für unseren ersten Test wie nachfolgend an. 
 +   # vim /etc/snmp/snmpd.conf
 +
 +<file bash /etc/snmp/snmpd.conf>###############################################################################
 +#
 +# snmpd.conf:
 +#   An example configuration file for configuring the ucd-snmp snmpd agent.
 +#
 +###############################################################################
 +#
 +# This file is intended to only be as a starting point.  Many more
 +# configuration directives exist than are mentioned in this file.  For 
 +# full details, see the snmpd.conf(5) manual page.
 +#
 +# All lines beginning with a '#' are comments and are intended for you
 +# to read.  All other lines are configuration commands for the agent.
 +
 +###############################################################################
 +# Access Control
 +###############################################################################
 +
 +# As shipped, the snmpd demon will only respond to queries on the
 +# system mib group until this file is replaced or modified for
 +# security purposes.  Examples are shown below about how to increase the
 +# level of access.
 +
 +# By far, the most common question I get about the agent is "why won't
 +# it work?", when really it should be "how do I configure the agent to
 +# allow me to access it?"
 +#
 +# By default, the agent responds to the "public" community for read
 +# only access, if run out of the box without any configuration file in 
 +# place.  The following examples show you other ways of configuring
 +# the agent so that you can change the community names, and give
 +# yourself write access to the mib tree as well.
 +#
 +# For more information, read the FAQ as well as the snmpd.conf(5)
 +# manual page.
 +
 +####
 +# First, map the community name "public" into a "security name"
 +
 +#       sec.name  source          community
 +# Django : 2012-07-17
 +# default: com2sec notConfigUser  default       public
 +com2sec local           localhost       private
 +com2sec mynetwork       10.0.0.0/24     public
 +
 +####
 +# Second, map the security name into a group name:
 +
 +#       groupName      securityModel securityName
 +# Django : 2012-07-17
 +# default: group   notConfigGroup v1           notConfigUser
 +#          group   notConfigGroup v2c           notConfigUser
 +group   MyROGroup       v1      local
 +group   MyROGroup       v2c     local
 +group   MyROGroup       v1      mynetwork
 +group   MyROGroup       v2c     mynetwork
 +
 +####
 +# Third, create a view for us to let the group have rights to:
 +
 +# Make at least  snmpwalk -v 1 localhost -c public system fast again.
 +#       name           incl/excl     subtree         mask(optional)
 +# Django : 2012-07-17
 +# default: view    systemview    included   .1.3.6.1.2.1.1
 +#          view    systemview    included   .1.3.6.1.2.1.25.1.1
 +view    all     included        .iso      80
 +
 +####
 +# Finally, grant the group read-only access to the systemview view.
 +
 +#       group          context sec.model sec.level prefix read   write  notif
 +# Django : 2012-07-17
 +# default: access  notConfigGroup ""      any       noauth    exact  systemview none none
 +access  MyROGroup       ""      any     noauth  exact   all     none    none
 +access  MyRWGroup       ""      any     noauth  exact   all     all     none
 +
 +# -----------------------------------------------------------------------------
 +
 +# Here is a commented out example configuration that allows less
 +# restrictive access.
 +
 +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
 +# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 +
 +##       sec.name  source          community
 +#com2sec local     localhost       COMMUNITY
 +#com2sec mynetwork NETWORK/24      COMMUNITY
 +
 +##     group.name sec.model  sec.name
 +#group MyRWGroup  any        local
 +#group MyROGroup  any        mynetwork
 +#
 +#group MyRWGroup  any        otherv3user
 +#...
 +
 +##           incl/excl subtree                          mask
 +#view all    included  .1                               80
 +
 +## -or just the mib2 tree-
 +
 +#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
 +
 +
 +##                context sec.model sec.level prefix read   write  notif
 +#access MyROGroup ""      any       noauth    0      all    none   none
 +#access MyRWGroup ""      any       noauth    0      all    all    all
 +
 +
 +###############################################################################
 +# Sample configuration to make net-snmpd RFC 1213.
 +# Unfortunately v1 and v2c don't allow any user based authentification, so
 +# opening up the default config is not an option from a security point.
 +#
 +# WARNING: If you uncomment the following lines you allow write access to your
 +# snmpd daemon from any source! To avoid this use different names for your
 +# community or split out the write access to a different community and 
 +# restrict it to your local network.
 +# Also remember to comment the syslocation and syscontact parameters later as
 +# otherwise they are still read only (see FAQ for net-snmp).
 +#
 +
 +# First, map the community name "public" into a "security name"
 +#       sec.name        source          community
 +#com2sec notConfigUser   default         public
 +
 +# Second, map the security name into a group name:
 +#       groupName       securityModel   securityName
 +#group   notConfigGroup  v1              notConfigUser
 +#group   notConfigGroup  v2c             notConfigUser
 +
 +# Third, create a view for us to let the group have rights to:
 +# Open up the whole tree for ro, make the RFC 1213 required ones rw.
 +#       name            incl/excl       subtree mask(optional)
 +#view    roview          included        .1
 +#view    rwview          included        system.sysContact
 +#view    rwview          included        system.sysName
 +#view    rwview          included        system.sysLocation
 +#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
 +#view    rwview          included        at.atTable.atEntry.atPhysAddress
 +#view    rwview          included        at.atTable.atEntry.atNetAddress
 +#view    rwview          included        ip.ipForwarding
 +#view    rwview          included        ip.ipDefaultTTL
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
 +#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
 +#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
 +#view    rwview          included        snmp.snmpEnableAuthenTraps
 +
 +# Finally, grant the group read-only access to the systemview view.
 +#       group          context sec.model sec.level prefix read   write  notif
 +#access  notConfigGroup ""      any       noauth    exact  roview rwview none
 +
 +
 +
 +###############################################################################
 +# System contact information
 +#
 +
 +# It is also possible to set the sysContact and sysLocation system
 +# variables through the snmpd.conf file:
 +
 +# Django : 2012-07-17
 +# default: syslocation Unknown (edit /etc/snmp/snmpd.conf)
 +#          syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 +syslocation "vml000010, vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"
 +syscontact django@nausch.org
 +
 +# Example output of snmpwalk:
 +#   % snmpwalk -v 1 localhost -c public system
 +#   system.sysDescr.0 = "SunOS name sun4c"
 +#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 +#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 +#   system.sysContact.0 = "Me <me@somewhere.org>"
 +#   system.sysName.0 = "name"
 +#   system.sysLocation.0 = "Right here, right now."
 +#   system.sysServices.0 = 72
 +
 +
 +###############################################################################
 +# Logging
 +#
 +
 +# We do not want annoying "Connection from UDP: " messages in syslog.
 +# If the following option is commented out, snmpd will print each incoming
 +# connection, which can be useful for debugging.
 +
 +dontLogTCPWrappersConnects yes
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Process checks.
 +#
 +#  The following are examples of how to use the agent to check for
 +#  processes running on the host.  The syntax looks something like:
 +#
 +#  proc NAME [MAX=0] [MIN=0]
 +#
 +#  NAME:  the name of the process to check for.  It must match
 +#         exactly (ie, http will not find httpd processes).
 +#  MAX:   the maximum number allowed to be running.  Defaults to 0.
 +#  MIN:   the minimum number to be running.  Defaults to 0.
 +
 +#
 +#  Examples (commented out by default):
 +#
 +
 +#  Make sure mountd is running
 +#proc mountd
 +
 +#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 +#proc ntalkd 4
 +
 +#  Make sure at least one sendmail, but less than or equal to 10 are running.
 +#proc sendmail 10 1
 +
 +#  A snmpwalk of the process mib tree would look something like this:
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
 +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
 +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
 +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 +#
 +#  Note that the errorFlag for mountd is set to 1 because one is not
 +#  running (in this case an rpc.mountd is, but thats not good enough),
 +#  and the ErrMessage tells you what's wrong.  The configuration
 +#  imposed in the snmpd.conf file is also shown.  
 +
 +#  Special Case:  When the min and max numbers are both 0, it assumes
 +#  you want a max of infinity and a min of 1.
 +#
 +
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Executables/scripts
 +#
 +
 +#
 +#  You can also have programs run by the agent that return a single
 +#  line of output and an exit code.  Here are two examples.
 +#
 +#  exec NAME PROGRAM [ARGS ...]
 +#
 +#  NAME:     A generic name. The name must be unique for each exec statement.
 +#  PROGRAM:  The program to run.  Include the path!
 +#  ARGS:     optional arguments to be passed to the program
 +
 +# a simple hello world
 +
 +#exec echotest /bin/echo hello world
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +#exec shelltest /bin/sh /tmp/shtest
 +
 +# Then, 
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
 +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
 +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
 +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 +
 +# Note that the second line of the /tmp/shtest shell script is cut
 +# off.  Also note that the exit status of 35 was returned.
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# disk checks
 +#
 +
 +# The agent can check the amount of available disk space, and make
 +# sure it is above a set limit.  
 +
 +# disk PATH [MIN=100000]
 +#
 +# PATH:  mount path to the disk in question.
 +# MIN:   Disks with space below this value will have the Mib's errorFlag set.
 +#        Default value = 100000.
 +
 +# Check the / partition and make sure it contains at least 10 megs.
 +
 +#disk / 10000
 +
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
 +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
 +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
 +
 +# Django : 2012-07-31
 +# folgende Partitionen definiert
 +disk /
 +disk /boot
 +disk /var/log
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# load average checks
 +#
 +
 +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
 +#
 +# 1MAX:   If the 1 minute load average is above this limit at query
 +#         time, the errorFlag will be set.
 +# 5MAX:   Similar, but for 5 min average.
 +# 15MAX:  Similar, but for 15 min average.
 +
 +# Check for loads:
 +load 12 14 14
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Extensible sections.
 +
 +
 +# This alleviates the multiple line output problem found in the
 +# previous executable mib by placing each mib in its own mib table:
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
 +# enterprises.ucdavis.50.1.1 = 1
 +# enterprises.ucdavis.50.2.1 = "shelltest"
 +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
 +# enterprises.ucdavis.50.100.1 = 35
 +# enterprises.ucdavis.50.101.1 = "hello world."
 +# enterprises.ucdavis.50.101.2 = "hi there."
 +# enterprises.ucdavis.50.102.1 = 0
 +
 +# Now the Output has grown to two lines, and we can see the 'hi
 +# there.' output as the second line from our shell script.
 +#
 +# Note that you must alter the mib.txt file to be correct if you want
 +# the .50.* outputs above to change to reasonable text descriptions.
 +
 +# Other ideas:
 +
 +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
 +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
 +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Pass through control.
 +
 +
 +# Usage:
 +#   pass MIBOID EXEC-COMMAND
 +#
 +# This will pass total control of the mib underneath the MIBOID
 +# portion of the mib to the EXEC-COMMAND.  
 +#
 +# Note:  You'll have to change the path of the passtest script to your
 +# source directory or install it in the given location.
 +
 +# Example:  (see the script for details)
 +#           (commented out here since it requires that you place the
 +#           script in the right location. (its not installed by default))
 +
 +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
 +# enterprises.ucdavis.255.1 = "life the universe and everything"
 +# enterprises.ucdavis.255.2.1 = 42
 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 +# enterprises.ucdavis.255.5 = 42
 +# enterprises.ucdavis.255.6 = Gauge: 42
 +#
 +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
 +# enterprises.ucdavis.255.5 = 42
 +#
 +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
 +# enterprises.ucdavis.255.1 = "New string"
 +#
 +
 +# For specific usage information, see the man/snmpd.conf.5 manual page
 +# as well as the local/passtest script used in the above example.
 +
 +###############################################################################
 +# Further Information
 +#
 +#  See the snmpd.conf manual page, and the output of "snmpd -H".
 +</file>
 +Nachdem die Konfigurationsdatei mit jeder Menge Kommentare bestückt ist, sehen wir uns erst einmal an, was dort aktuell aktiviert wurde.
 +
 +   # egrep -v '(^.*#|^$)' /etc/snmp/snmpd.conf 
 +
 +<code>com2sec local           localhost       private
 +com2sec mynetwork       10.0.0.0/24     public
 +group   MyROGroup       v1      local
 +group   MyROGroup       v2c     local
 +group   MyROGroup       v1      mynetwork
 +group   MyROGroup       v2c     mynetwork
 +view    all     included        .iso      80
 +access  MyROGroup       ""      any     noauth  exact   all     none    none
 +access  MyRWGroup       ""      any     noauth  exact   all     all     none
 +syslocation "vml000010, vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"
 +syscontact django@nausch.org
 +dontLogTCPWrappersConnects yes
 +disk /
 +disk /boot
 +disk /var/log
 +load 12 14 14
 +</code>
 +
 +Mit dieser minimalen Konfiguration des SNMP-Daemon können folgende Parameter abgefragt werden:
 +  * CPU Auslastung und durchschnittliche Belastung (load)
 +  * Anzahl der Prozesse
 +  * Speicher und SWAP-Nutzung
 +  * Laufwerksauslastung
 +  * eingeloggte User
 +  * Netzwerk-Schnittstellen
 +
 +
 +==== Manpage snmpd.conf ====
 +Genauere Hinweise zur Konfiguration findet man übrigends in der Manpage von **snmp.conf**.
 +   # man snmp.conf
 +
 +<code>SNMP.CONF(5)                       Net-SNMP                       SNMP.CONF(5)
 +
 +NAME
 +       snmp.conf - configuration files for the Net-SNMP applications
 +
 +DESCRIPTION
 +       Applications  built  using  the  Net-SNMP  libraries typically use one or more configuration files to control various aspects of their
 +       operation.  These files (snmp.conf and snmp.local.conf) can be located in one of several locations, as described in the snmp_config(5)
 +       manual page.
 +
 +       In  particular, /etc/snmp/snmp.conf is a common file, containing the settings shared by all users of the system.  ~/.snmp/snmp.conf is
 +       a personal file, with the settings specific to a particular user.
 +
 +IMPORTANT NOTE
 +       Several of these directives may contain sensitive information (such as pass phrases).  Configuration files that include such  settings
 +       should only be readable by the user concerned.
 +
 +       As well as application-specific configuration tokens, there are several directives that relate to standard library behaviour, relevant
 +       to most Net-SNMP applications.  Many of these correspond to standard command-line options, which are described in the snmpcmd(1)  man-
 +       ual page.
 +
 +       These directives can be divided into several distinct groups.
 +
 +CLIENT BEHAVIOUR
 +       defDomain application domain
 +              The transport domain that should be used for a certain application type unless something else is specified.
 +
 +       defTarget application domain target
 +              The target that should be used for connections to a certain application if the connection should be in a specific domain.
 +
 +       defaultPort PORT
 +              defines  the  default  UDP port that client SNMP applications will attempt to connect to.  This can be overridden by explicitly
 +              including a port number in the AGENT specification.  See the snmpcmd(1) manual page for more details.
 +
 +              If not specified, the default value for this token is 161.
 +
 +       defVersion (1|2c|3)
 +              defines the default version of SNMP to use.  This can be overridden using the -v option.
 +
 +       defCommunity STRING
 +              defines the default community to use for SNMPv1 and SNMPv2c requests.  This can be overridden using the -c option.
 +
 +       alias NAME DEFINITION
 +              Creates an aliased tied to NAME for a given transport definition.  The alias can the be referred to  using  an  alias:  prefix.
 +              Eg,  a  line  of  "alias  here  udp:127.0.0.1:6161"  would  allow  you  to  use  a  destination host of "alias:here" instead of
 +              "udp:127.0.0.1:6161" This becomes more useful with complex transport addresses involving IPv6 addresses, etc.
 +
 +       dumpPacket yes
 +              defines whether to display a hexadecimal dump of the raw SNMP requests sent and received by the application.  This  is  equiva-
 +              lent to the -d option.
 +       doDebugging (1|0)
 +              turns on debugging for all applications run if set to 1.
 +
 +       debugTokens TOKEN[,TOKEN...]
 +              defines the debugging tokens that should be turned on when doDebugging is set.  This is equivalent to the -D option.
 +
 +       16bitIDs yes
 +              restricts requestIDs, etc to 16-bit values.
 +
 +              The  SNMP  specifications  define  these ID fields as 32-bit quantities, and the Net-SNMP library typically initialises them to
 +              random values for security.  However certain (broken) agents cannot handle ID values greater than 2^16  -  this  option  allows
 +              interoperability with such agents.
 +
 +       clientaddr [<transport-specifier>:]<transport-address>
 +              specifies the source address to be used by command-line applications when sending SNMP requests. See snmpcmd(1) for more infor-
 +              mation about the format of addresses.
 +
 +              This value is also used by snmpd when generating notifications.
 +
 +       clientRecvBuf INTEGER
 +              specifies the desired size of the buffer to be used when receiving responses to SNMP requests.  If the OS hard limit  is  lower
 +              than  the  clientRecvBuf  value,  then this will be used instead.  Some platforms may decide to increase the size of the buffer
 +              actually used for internal housekeeping.
 +
 +              This directive will be ignored if the platforms does not support setsockopt().
 +
 +       clientSendBuf INTEGER
 +              is similar to clientRecvBuf, but applies to the size of the buffer used when sending SNMP requests.
 +
 +       noRangeCheck yes
 +              disables the validation of varbind values against the MIB definition for the relevant OID.   This  is  equivalent  to  the  -Ir
 +              option.
 +
 +              This  directive  is primarily relevant to the snmpset command, but will also apply to any application that calls snmp_add_var()
 +              with a non-NULL value.
 +
 +       noTokenWarnings
 +              disables warnings about unknown config file tokens.
 +
 +       reverseEncodeBER (1|yes|true|0|no|false)
 +              controls how the encoding of SNMP requests is handled.
 +
 +              The default behaviour is to encode packets starting from the end of the PDU and working backwards.  This directive can be  used
 +              to disable this behaviour, and build the encoded request in the (more obvious) forward direction.
 +
 +              It  should not normally be necessary to change this setting, as the encoding is basically the same in either case - but working
 +              backwards typically produces a slightly more efficient encoding, and hence a smaller network datagram.
 +
 +SNMPv3 SETTINGS
 +       defSecurityName STRING
 +              defines the default security name to use for SNMPv3 requests.  This can be overridden using the -u option.
 +
 +       defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
 +              defines the default security level to use for SNMPv3 requests.  This can be overridden using the -l option.
 +
 +              If not specified, the default value for this token is noAuthNoPriv.
 +
 +              Note:  authPriv is only available if the software has been compiled to use the OpenSSL libraries.
 +
 +       defPassphrase STRING
 +
 +       defAuthPassphrase STRING
 +
 +       defPrivPassphrase STRING
 +              define the default authentication and privacy pass phrases to use for SNMPv3 requests.  These can be overridden  using  the  -A
 +              and -X options respectively.
 +
 +              The  defPassphrase  value will be used for the authentication and/or privacy pass phrases if either of the other directives are
 +              not specified.
 +
 +       defAuthType MD5|SHA
 +
 +       defPrivType DES|AES
 +              define the default authentication and privacy protocols to use for SNMPv3 requests.  These can be overridden using the  -a  and
 +              -x options respectively.
 +
 +              If not specified, SNMPv3 requests will default to MD5 authentication and DES encryption.
 +
 +              Note:  If  the software has not been compiled to use the OpenSSL libraries, then only MD5 authentication is supported.  Neither
 +                     SHA authentication nor any form of encryption will be available.
 +
 +       defContext STRING
 +              defines the default context to use for SNMPv3 requests.  This can be overridden using the -n option.
 +
 +              If not specified, the default value for this token is the default context (i.e. the empty string "").
 +
 +       defSecurityModel STRING
 +              defines the security model to use for SNMPv3 requests.  The default value is "usm" which is the only widely used security model
 +              for SNMPv3.
 +
 +       defAuthMasterKey 0xHEXSTRING
 +
 +       defPrivMasterKey 0xHEXSTRING
 +
 +       defAuthLocalizedKey 0xHEXSTRING
 +
 +       defPrivLocalizedKey 0xHEXSTRING
 +              define  the  (hexadecimal)  keys  to  be  used  for  SNMPv3  secure  communications.  SNMPv3 keys are frequently derived from a
 +              passphrase, as discussed in the defPassphrase section above. However for improved security a truely random key can be generated
 +              and  used  instead  (which  would normally has better entropy than a password unless it is amazingly long).  The directives are
 +              equivalent to the short-form command line options -3m, -3M, -3k, and -3K.
 +
 +              Localized keys are master keys which have been converted to a unique key which is only suitable for on particular  SNMP  engine
 +              (agent).  The length of the key needs to be appropriate for the authentication or encryption type being used (auth keys: MD5=16
 +              bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which is used as an IV and not a key), and AES=16 bytes).
 +
 +       sshtosnmpsocketperms PATH
 +              Sets the path of the sshtosnmp socket created by an application (e.g. snmpd) listening for incoming ssh connections through the
 +              sshtosnmp unix socket.
 +
 +       sshtosnmpsocketperms MODE [OWNER [GROUP]]
 +              Sets  the  mode, owner and group of the sshtosnmp socket created by an application (e.g. snmpd) listening for incoming ssh con-
 +              nections through the sshtosnmp unix socket.  The socket needs to be read/write privileged for SSH users  that  are  allowed  to
 +              connect to the SNMP service (VACM access still needs to be granted as well, most likely through the TSM security model).
 +
 +SERVER BEHAVIOUR
 +       persistentDir DIRECTORY
 +              defines the directory where snmpd and snmptrapd store persistent configuration settings.
 +
 +              If not specified, the persistent directory defaults to /var/lib/net-snmp
 +
 +       noPersistentLoad yes
 +
 +       noPersistentSave yes
 +              disable the loading and saving of persistent configuration information.
 +
 +              Note:  This  will  break  SNMPv3 operations (and other behaviour that relies on changes persisting across application restart).
 +                     Use With Care.
 +
 +       tempFilePattern PATTERN
 +              defines a filename template for creating temporary files, for handling input to and output from external shell commands.   Used
 +              by the mkstemp() and mktemp() functions.
 +
 +              If not specified, the default pattern is "/var/run/net-snmp/snmp-tmp-XXXXXX".
 +
 +       serverRecvBuf INTEGER
 +              specifies  the desired size of the buffer to be used when receiving incoming SNMP requests.  If the OS hard limit is lower than
 +              the serverRecvBuf value, then this will be used instead.  Some platforms may decide to increase the size of the buffer actually
 +              used for internal housekeeping.
 +
 +              This directive will be ignored if the platforms does not support setsockopt().
 +
 +       serverSendBuf INTEGER
 +              is similar to serverRecvBuf, but applies to the size of the buffer used when sending SNMP responses.
 +
 +MIB HANDLING
 +       mibdirs DIRLIST
 +              specifies  a  list of directories to search for MIB files.  This operates in the same way as the -M option - see snmpcmd(1) for
 +              details.  Note that this value can be overridden by the MIBDIRS environment variable, and the -M option.
 +
 +       mibs MIBLIST
 +              specifies a list of MIB modules (not files) that should be loaded.  This operates in the same way as the -m option -  see  snm-
 +              pcmd(1) for details.  Note that this list can be overridden by the MIBS environment variable, and the -m option.
 +
 +       mibfile FILE
 +              specifies  a  (single)  MIB file to load, in addition to the list read from the mibs token (or equivalent configuration).  Note
 +              that this value can be overridden by the MIBFILES environment variable.
 +
 +       showMibErrors (1|yes|true|0|no|false)
 +              whether to display MIB parsing errors.
 +
 +       commentToEOL (1|yes|true|0|no|false)
 +              whether MIB parsing should be strict about comment termination.  Many MIB writers assume that ASN.1 comments extend to the  end
 +              of  the text line, rather than being terminated by the next "--" token.  This token can be used to accept such (strictly incor-
 +              rect) MIBs.
 +              Note that this directive was previous (mis-)named strictCommentTerm, but with the reverse behaviour from that  implied  by  the
 +              name.  This earlier token is still accepted for backwards compatibility.
 +
 +       mibAllowUnderline (1|yes|true|0|no|false)
 +              whether  to  allow  underline  characters  in  MIB  object names and enumeration values.  This token can be used to accept such
 +              (strictly incorrect) MIBs.
 +
 +       mibWarningLevel INTEGER
 +              the minimum warning level of the warnings printed by the MIB parser.
 +
 +OUTPUT CONFIGURATION
 +       logTimestamp (1|yes|true|0|no|false)
 +              Whether the commands should log timestamps with their error/message logging or not.  Note that output will not look  as  pretty
 +              with  timestamps  if  the source code that is doing the logging does incremental logging of messages that are not line buffered
 +              before being passed to the logging routines.  This option is only used when file logging is active.
 +
 +       printNumericEnums (1|yes|true|0|no|false)
 +              Equivalent to -Oe.
 +
 +       printNumericOids (1|yes|true|0|no|false)
 +              Equivalent to -On.
 +
 +       dontBreakdownOids (1|yes|true|0|no|false)
 +              Equivalent to -Ob.
 +
 +       escapeQuotes (1|yes|true|0|no|false)
 +              Equivalent to -OE.
 +
 +       quickPrinting (1|yes|true|0|no|false)
 +              Equivalent to -Oq.
 +
 +       printValueOnly (1|yes|true|0|no|false)
 +              Equivalent to -Ov.
 +
 +       dontPrintUnits (1|yes|true|0|no|false)
 +              Equivalent to -OU.
 +
 +       numericTimeticks (1|yes|true|0|no|false)
 +              Equivalent to -Ot.
 +
 +       printHexText (1|yes|true|0|no|false)
 +              Equivalent to -OT.
 +
 +       hexOutputLength integer
 +              Specifies where to break up the output of hexadecimal strings.  Set to 0 to disable line breaks.  Defaults to 16.
 +
 +       suffixPrinting (0|1|2)
 +              The value 1 is equivalent to -Os and the value 2 is equivalent to -OS.
 +
 +       oidOutputFormat (1|2|3|4|5|6)
 +              Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.  The value 6 has no matching -O option. It suppresses output.
 +
 +       extendedIndex (1|yes|true|0|no|false)
 +              Equivalent to -OX.
 +
 +       noDisplayHint (1|yes|true|0|no|false)
 +              Disables the use of DISPLAY-HINT information when parsing indices and values to set. Equivalent to -Ih.
 +
 +FILES
 +       /etc/snmp/snmp.conf, /etc/snmp/snmp.local.conf - common configuration settings
 +       ~/.snmp/snmp.conf - user-specific configuration settings
 +
 +SEE ALSO
 +       snmp_config(5), read_config(3), snmpcmd(1).
 +
 +4th Berkeley Distribution         29 Jun 2005                     SNMP.CONF(5)
 +</code>
 +
 +==== iptables-Paketfilterregeln ====
 +Nach dem Starten unseres **snmp** Daemon können wir mit Hilfe von netstat überprüfen, ob der Daemon auf den gewünschten Ports lauscht. 
 +   # netstat -tulpen | grep 161
 +
 +   udp        0      0 0.0.0.0:161                 0.0.0.0:                                       835518     1142/snmpd
 +
 +Steht unser server hinter einer Firewall, so müssen wir unter Umständen eine geeignete Firewallregel in der zentralen Konfigurationsdatei von **iptables** nachtragen, damit der Zugriff auf den Port 161 (UDP) auch erfolgen kann.
 +Wir tragen in der Konfigurationsdatei /etc/sysconfig/iptables hierzu die folgenden Zeilen am Ende der INPUT-Regeln nach. 
 +   # vim /etc/sysconfig/iptables
 +
 +<code> ...
 +
 +# Django 2012-07-17 SNMP freigeschaltet für CACTI-Überwachung
 +-A INPUT -i eth0 -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
 +# Django : end
 +
 +...
 +</code>
 +
 +Anschließend aktivieren wir die Änderungen an unserem Paketfilter, indem wir den Daemon durchstarten. 
 +   # service iptables restart
 +<code>iptables: Flushing firewall rules:                          OK  ]
 +iptables: Setting chains to policy ACCEPT: filter nat      [  OK  ]
 +iptables: Unloading modules:                                OK  ]
 +iptables: Applying firewall rules:                          OK  ]
 +</code>
 +===== Serverstart =====
 +Der erste Start unseres Daemons erfolgt dem gewohnten Syntaxschema: 
 +   # service snmpd start
 +   snmpd starten:                                              OK  ]
 +Im syslog wird der erfolgreiche Start entsprechend quittiert: 
 +   Jan 10 14:12:38 nss snmpd[27826]: Creating directory: /var/net-snmp 
 +   Jan 10 14:12:38 nss snmpd[27826]: NET-SNMP version 5.3.1
 +Damit der snmp-Daemon **snmpd** automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
 +    # chkconfig snmpd on
 +Ein Überprüfung ob der Dienst (Daemon) sshd wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
 +   # chkconfig --list | grep snmpd
 +   snmpd           0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus
 +
 +
 +
 +===== erster Test der Minimalkonfiguration =====
 +Bei unserer ersten Konfiguration haben wir angegeben, dass sowohl für **localhost** als auch **mynetwork** unterschiedliche Passworte zur Anwendung kommen sollen. Dies wollen wir nun im ersten Test ausprobieren. Zum testen verwenden wir das Programm **snmpwalk** aus dem **RPM**-Paket **net-snmp-utils**.
 +
 +Eine geneu Beschreibung der Optionen entnehmen wir bei Bedarf der //Manpage// von **snmpwalk**.
 +   # man snmpwalk
 +
 +<code>SNMPWALK(1)                        Net-SNMP                        SNMPWALK(1)
 +
 +NAME
 +       snmpwalk - retrieve a subtree of management values using SNMP GETNEXT requests
 +
 +SYNOPSIS
 +       snmpwalk [APPLICATION OPTIONS] [COMMON OPTIONS] [OID]
 +
 +DESCRIPTION
 +       snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information.
 +
 +       An  object identifier (OID) may be given on the command line.  This OID specifies which portion of the object identifier space will be
 +       searched using GETNEXT requests.  All variables in the subtree below the given OID are queried and their values presented to the user.
 +       Each variable name is given in the format specified in variables(5).
 +
 +       If  no  OID  argument  is  present, snmpwalk will search the subtree rooted at SNMPv2-SMI::mib-2 (including any MIB object values from
 +       other MIB modules, that are defined as lying within this subtree).  If the network entity has an error processing the request  packet,
 +       an error packet will be returned and a message will be shown, helping to pinpoint why the request was malformed.
 +
 +       If the tree search causes attempts to search beyond the end of the MIB, the message "End of MIB" will be displayed.
 +
 +OPTIONS
 +       -Cc     Do  not  check whether the returned OIDs are increasing.  Some agents (LaserJets are an example) return OIDs out of order, but
 +               can complete the walk anyway.  Other agents return OIDs that are out of order and can cause snmpwalk to loop indefinitely.  By
 +               default,  snmpwalk  tries  to  detect this behavior and warns you when it hits an agent acting illegally.  Use -Cc to turn off
 +               this check.
 +
 +       -CE {OID}
 +               End the walk at the specified OID, rather than a simple subtree.  This can be used to walk a partial subtree, selected columns
 +               of a table, or even two or more tables within a single command.
 +
 +       -Ci     Include  the  given  OID in the search range.  Normally snmpwalk uses GETNEXT requests starting with the OID you specified and
 +               returns all results in the MIB subtree rooted at that OID.  Sometimes, you may wish to include the OID specified on  the  com-
 +               mand line in the printed results if it is a valid OID in the tree itself.  This option lets you do this explicitly.
 +
 +       -CI     In fact, the given OID will be retrieved automatically if the main subtree walk returns no useable values.  This allows a walk
 +               of a single instance to behave as generally expected, and return the specified instance value.  This  option  turns  off  this
 +               final GET request, so a walk of a single instance will return nothing.
 +
 +       -Cp     Upon completion of the walk, print the number of variables found.
 +
 +       -Ct     Upon completion of the walk, print the total wall-clock time it took to collect the data (in seconds).  Note that the timer is
 +               started just before the beginning of the data request series and stopped just after it finishes.  Most importantly, this means
 +               that it does not include snmp library initialization, shutdown, argument processing, and any other overhead.
 +
 +       In addition to these options, snmpwalk takes the common options described in the snmpcmd(1) manual page.
 +
 +EXAMPLES
 +       The command:
 +
 +       snmpwalk -Os -c public -v 1 zeus system
 +
 +       will retrieve all of the variables under system:
 +
 +       sysDescr.0 = STRING: "SunOS zeus.net.cmu.edu 4.1.3_U1 1 sun4m"
 +       sysObjectID.0 = OID: enterprises.hp.nm.hpsystem.10.1.1
 +       sysUpTime.0 = Timeticks: (155274552) 17 days, 23:19:05
 +       sysContact.0 = STRING: ""
 +       sysName.0 = STRING: "zeus.net.cmu.edu"
 +       sysLocation.0 = STRING: ""
 +       sysServices.0 = INTEGER: 72
 +       (plus the contents of the sysORTable).
 +
 +       The command:
 +
 +       snmpwalk -Os -c public -v 1 -CE sysORTable zeus system
 +
 +       will retrieve the scalar values, but omit the sysORTable.
 +
 +SEE ALSO
 +       snmpcmd(1), snmpbulkwalk(1), variables(5).
 +
 +4th Berkeley Distribution         08 Feb 2002                      SNMPWALK(1)
 +</code>
 +==== vollständige Abfrage des SNMP-Baums ====
 +Mit folgendem Aufruf kann der vollständige SNMP-Baum von localhost aus abgefragt werden.
 +   # snmpwalk -v 2c -c private -O e 127.0.0.1
 +<code>SNMPv2-MIB::sysDescr.0 = STRING: Linux vml000010.dmz.nausch.org 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64
 +SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
 +DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (204321) 0:34:03.21
 +SNMPv2-MIB::sysContact.0 = STRING: django@nausch.org
 +SNMPv2-MIB::sysName.0 = STRING: vml000010.dmz.nausch.org
 +SNMPv2-MIB::sysLocation.0 = STRING: "vml000010, vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"
 +SNMPv2-MIB::sysORLastChange.0 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1
 +SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
 +SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
 +SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
 +SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
 +SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
 +SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
 +SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
 +SNMPv2-MIB::sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching.
 +SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
 +SNMPv2-MIB::sysORDescr.3 = STRING: The SNMP Management Architecture MIB.
 +SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
 +SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
 +SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
 +SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
 +SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
 +SNMPv2-MIB::sysORUpTime.1 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.2 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.3 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.4 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.5 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.6 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.7 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::sysORUpTime.8 = Timeticks: (10) 0:00:00.10
 +IF-MIB::ifNumber.0 = INTEGER: 3
 +IF-MIB::ifIndex.1 = INTEGER: 1
 +IF-MIB::ifIndex.2 = INTEGER: 2
 +IF-MIB::ifIndex.3 = INTEGER: 3
 +IF-MIB::ifDescr.1 = STRING: lo
 +IF-MIB::ifDescr.2 = STRING: eth0
 +IF-MIB::ifDescr.3 = STRING: eth1
 +IF-MIB::ifType.1 = INTEGER: 24
 +IF-MIB::ifType.2 = INTEGER: 6
 +IF-MIB::ifType.3 = INTEGER: 6
 +IF-MIB::ifMtu.1 = INTEGER: 16436
 +IF-MIB::ifMtu.2 = INTEGER: 1500
 +IF-MIB::ifMtu.3 = INTEGER: 1500
 +IF-MIB::ifSpeed.1 = Gauge32: 10000000
 +IF-MIB::ifSpeed.2 = Gauge32: 0
 +IF-MIB::ifSpeed.3 = Gauge32: 0
 +IF-MIB::ifPhysAddress.1 = STRING: 
 +IF-MIB::ifPhysAddress.2 = STRING: 52:54:0:10:6f:ca
 +IF-MIB::ifPhysAddress.3 = STRING: 52:54:0:c0:15:c4
 +IF-MIB::ifAdminStatus.1 = INTEGER: 1
 +IF-MIB::ifAdminStatus.2 = INTEGER: 1
 +IF-MIB::ifAdminStatus.3 = INTEGER: 1
 +IF-MIB::ifOperStatus.1 = INTEGER: 1
 +IF-MIB::ifOperStatus.2 = INTEGER: 1
 +IF-MIB::ifOperStatus.3 = INTEGER: 1
 +IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00
 +IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00
 +IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00
 +IF-MIB::ifInOctets.1 = Counter32: 38448100
 +IF-MIB::ifInOctets.2 = Counter32: 3914594718
 +IF-MIB::ifInOctets.3 = Counter32: 2711483767
 +IF-MIB::ifInUcastPkts.1 = Counter32: 30606
 +IF-MIB::ifInUcastPkts.2 = Counter32: 23634761
 +IF-MIB::ifInUcastPkts.3 = Counter32: 27276692
 +IF-MIB::ifInNUcastPkts.1 = Counter32: 0
 +IF-MIB::ifInNUcastPkts.2 = Counter32: 0
 +IF-MIB::ifInNUcastPkts.3 = Counter32: 0
 +IF-MIB::ifInDiscards.1 = Counter32: 0
 +IF-MIB::ifInDiscards.2 = Counter32: 0
 +IF-MIB::ifInDiscards.3 = Counter32: 0
 +IF-MIB::ifInErrors.1 = Counter32: 0
 +IF-MIB::ifInErrors.2 = Counter32: 0
 +IF-MIB::ifInErrors.3 = Counter32: 0
 +IF-MIB::ifInUnknownProtos.1 = Counter32: 0
 +IF-MIB::ifInUnknownProtos.2 = Counter32: 0
 +IF-MIB::ifInUnknownProtos.3 = Counter32: 0
 +IF-MIB::ifOutOctets.1 = Counter32: 38448100
 +IF-MIB::ifOutOctets.2 = Counter32: 2697677135
 +IF-MIB::ifOutOctets.3 = Counter32: 3862746860
 +IF-MIB::ifOutUcastPkts.1 = Counter32: 30606
 +IF-MIB::ifOutUcastPkts.2 = Counter32: 27225076
 +IF-MIB::ifOutUcastPkts.3 = Counter32: 23539825
 +IF-MIB::ifOutNUcastPkts.1 = Counter32: 0
 +IF-MIB::ifOutNUcastPkts.2 = Counter32: 0
 +IF-MIB::ifOutNUcastPkts.3 = Counter32: 0
 +IF-MIB::ifOutDiscards.1 = Counter32: 0
 +IF-MIB::ifOutDiscards.2 = Counter32: 0
 +IF-MIB::ifOutDiscards.3 = Counter32: 0
 +IF-MIB::ifOutErrors.1 = Counter32: 0
 +IF-MIB::ifOutErrors.2 = Counter32: 0
 +IF-MIB::ifOutErrors.3 = Counter32: 0
 +IF-MIB::ifOutQLen.1 = Gauge32: 0
 +IF-MIB::ifOutQLen.2 = Gauge32: 0
 +IF-MIB::ifOutQLen.3 = Gauge32: 0
 +IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero
 +IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero
 +IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero
 +RFC1213-MIB::atIfIndex.2.1.10.0.0.20 = INTEGER: 2
 +RFC1213-MIB::atIfIndex.2.1.10.0.0.30 = INTEGER: 2
 +RFC1213-MIB::atIfIndex.3.1.192.168.10.1 = INTEGER: 3
 +RFC1213-MIB::atIfIndex.3.1.192.168.10.7 = INTEGER: 3
 +RFC1213-MIB::atIfIndex.3.1.192.168.10.10 = INTEGER: 3
 +RFC1213-MIB::atPhysAddress.2.1.10.0.0.20 = Hex-STRING: 52 54 00 10 69 11 
 +RFC1213-MIB::atPhysAddress.2.1.10.0.0.30 = Hex-STRING: 52 54 00 10 25 E9 
 +RFC1213-MIB::atPhysAddress.3.1.192.168.10.1 = Hex-STRING: 00 1F D0 8C 72 77 
 +RFC1213-MIB::atPhysAddress.3.1.192.168.10.7 = Hex-STRING: 00 17 A4 7D 26 1A 
 +RFC1213-MIB::atPhysAddress.3.1.192.168.10.10 = Hex-STRING: 00 25 90 0E E7 FA 
 +RFC1213-MIB::atNetAddress.2.1.10.0.0.20 = Network Address: 0A:00:00:14
 +RFC1213-MIB::atNetAddress.2.1.10.0.0.30 = Network Address: 0A:00:00:1E
 +RFC1213-MIB::atNetAddress.3.1.192.168.10.1 = Network Address: C0:A8:0A:01
 +RFC1213-MIB::atNetAddress.3.1.192.168.10.7 = Network Address: C0:A8:0A:07
 +RFC1213-MIB::atNetAddress.3.1.192.168.10.10 = Network Address: C0:A8:0A:0A
 +IP-MIB::ipForwarding.0 = INTEGER: 1
 +IP-MIB::ipDefaultTTL.0 = INTEGER: 64
 +IP-MIB::ipInReceives.0 = Counter32: 50841629
 +IP-MIB::ipInHdrErrors.0 = Counter32: 0
 +IP-MIB::ipInAddrErrors.0 = Counter32: 0
 +IP-MIB::ipForwDatagrams.0 = Counter32: 50545577
 +IP-MIB::ipInUnknownProtos.0 = Counter32: 0
 +IP-MIB::ipInDiscards.0 = Counter32: 0
 +IP-MIB::ipInDelivers.0 = Counter32: 201940
 +IP-MIB::ipOutRequests.0 = Counter32: 50734923
 +IP-MIB::ipOutDiscards.0 = Counter32: 1258
 +IP-MIB::ipOutNoRoutes.0 = Counter32: 0
 +IP-MIB::ipReasmTimeout.0 = INTEGER: 30 seconds
 +IP-MIB::ipReasmReqds.0 = Counter32: 1951
 +IP-MIB::ipReasmOKs.0 = Counter32: 617
 +IP-MIB::ipReasmFails.0 = Counter32: 0
 +IP-MIB::ipFragOKs.0 = Counter32: 617
 +IP-MIB::ipFragFails.0 = Counter32: 0
 +IP-MIB::ipFragCreates.0 = Counter32: 1951
 +IP-MIB::ipAdEntAddr.10.0.0.10 = IpAddress: 10.0.0.10
 +IP-MIB::ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
 +IP-MIB::ipAdEntAddr.192.168.10.4 = IpAddress: 192.168.10.4
 +IP-MIB::ipAdEntIfIndex.10.0.0.10 = INTEGER: 2
 +IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
 +IP-MIB::ipAdEntIfIndex.192.168.10.4 = INTEGER: 3
 +IP-MIB::ipAdEntNetMask.10.0.0.10 = IpAddress: 255.255.255.0
 +IP-MIB::ipAdEntNetMask.127.0.0.1 = IpAddress: 255.0.0.0
 +IP-MIB::ipAdEntNetMask.192.168.10.4 = IpAddress: 255.255.255.0
 +IP-MIB::ipAdEntBcastAddr.10.0.0.10 = INTEGER: 1
 +IP-MIB::ipAdEntBcastAddr.127.0.0.1 = INTEGER: 0
 +IP-MIB::ipAdEntBcastAddr.192.168.10.4 = INTEGER: 1
 +RFC1213-MIB::ipRouteDest.0.0.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::ipRouteDest.10.0.0.0 = IpAddress: 10.0.0.0
 +RFC1213-MIB::ipRouteDest.169.254.0.0 = IpAddress: 169.254.0.0
 +RFC1213-MIB::ipRouteDest.192.168.10.0 = IpAddress: 192.168.10.0
 +RFC1213-MIB::ipRouteIfIndex.0.0.0.0 = INTEGER: 3
 +RFC1213-MIB::ipRouteIfIndex.10.0.0.0 = INTEGER: 2
 +RFC1213-MIB::ipRouteIfIndex.169.254.0.0 = INTEGER: 2
 +RFC1213-MIB::ipRouteIfIndex.192.168.10.0 = INTEGER: 3
 +RFC1213-MIB::ipRouteMetric1.0.0.0.0 = INTEGER: 1
 +RFC1213-MIB::ipRouteMetric1.10.0.0.0 = INTEGER: 0
 +RFC1213-MIB::ipRouteMetric1.169.254.0.0 = INTEGER: 0
 +RFC1213-MIB::ipRouteMetric1.192.168.10.0 = INTEGER: 0
 +RFC1213-MIB::ipRouteNextHop.0.0.0.0 = IpAddress: 192.168.10.1
 +RFC1213-MIB::ipRouteNextHop.10.0.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::ipRouteNextHop.169.254.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::ipRouteNextHop.192.168.10.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::ipRouteType.0.0.0.0 = INTEGER: 4
 +RFC1213-MIB::ipRouteType.10.0.0.0 = INTEGER: 3
 +RFC1213-MIB::ipRouteType.169.254.0.0 = INTEGER: 3
 +RFC1213-MIB::ipRouteType.192.168.10.0 = INTEGER: 3
 +RFC1213-MIB::ipRouteProto.0.0.0.0 = INTEGER: 2
 +RFC1213-MIB::ipRouteProto.10.0.0.0 = INTEGER: 2
 +RFC1213-MIB::ipRouteProto.169.254.0.0 = INTEGER: 2
 +RFC1213-MIB::ipRouteProto.192.168.10.0 = INTEGER: 2
 +RFC1213-MIB::ipRouteMask.0.0.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::ipRouteMask.10.0.0.0 = IpAddress: 255.255.255.0
 +RFC1213-MIB::ipRouteMask.169.254.0.0 = IpAddress: 255.255.0.0
 +RFC1213-MIB::ipRouteMask.192.168.10.0 = IpAddress: 255.255.255.0
 +RFC1213-MIB::ipRouteInfo.0.0.0.0 = OID: SNMPv2-SMI::zeroDotZero
 +RFC1213-MIB::ipRouteInfo.10.0.0.0 = OID: SNMPv2-SMI::zeroDotZero
 +RFC1213-MIB::ipRouteInfo.169.254.0.0 = OID: SNMPv2-SMI::zeroDotZero
 +RFC1213-MIB::ipRouteInfo.192.168.10.0 = OID: SNMPv2-SMI::zeroDotZero
 +IP-MIB::ipNetToMediaIfIndex.2.10.0.0.20 = INTEGER: 2
 +IP-MIB::ipNetToMediaIfIndex.2.10.0.0.30 = INTEGER: 2
 +IP-MIB::ipNetToMediaIfIndex.3.192.168.10.1 = INTEGER: 3
 +IP-MIB::ipNetToMediaIfIndex.3.192.168.10.7 = INTEGER: 3
 +IP-MIB::ipNetToMediaIfIndex.3.192.168.10.10 = INTEGER: 3
 +IP-MIB::ipNetToMediaPhysAddress.2.10.0.0.20 = STRING: 52:54:0:10:69:11
 +IP-MIB::ipNetToMediaPhysAddress.2.10.0.0.30 = STRING: 52:54:0:10:25:e9
 +IP-MIB::ipNetToMediaPhysAddress.3.192.168.10.1 = STRING: 0:1f:d0:8c:72:77
 +IP-MIB::ipNetToMediaPhysAddress.3.192.168.10.7 = STRING: 0:17:a4:7d:26:1a
 +IP-MIB::ipNetToMediaPhysAddress.3.192.168.10.10 = STRING: 0:25:90:e:e7:fa
 +IP-MIB::ipNetToMediaNetAddress.2.10.0.0.20 = IpAddress: 10.0.0.20
 +IP-MIB::ipNetToMediaNetAddress.2.10.0.0.30 = IpAddress: 10.0.0.30
 +IP-MIB::ipNetToMediaNetAddress.3.192.168.10.1 = IpAddress: 192.168.10.1
 +IP-MIB::ipNetToMediaNetAddress.3.192.168.10.7 = IpAddress: 192.168.10.7
 +IP-MIB::ipNetToMediaNetAddress.3.192.168.10.10 = IpAddress: 192.168.10.10
 +IP-MIB::ipNetToMediaType.2.10.0.0.20 = INTEGER: 3
 +IP-MIB::ipNetToMediaType.2.10.0.0.30 = INTEGER: 3
 +IP-MIB::ipNetToMediaType.3.192.168.10.1 = INTEGER: 3
 +IP-MIB::ipNetToMediaType.3.192.168.10.7 = INTEGER: 3
 +IP-MIB::ipNetToMediaType.3.192.168.10.10 = INTEGER: 3
 +IP-MIB::ipRoutingDiscards.0 = Counter32: 0
 +IP-FORWARD-MIB::ipCidrRouteDest.0.0.0.0.0.0.0.0.0.192.168.10.1 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::ipCidrRouteDest.10.0.0.0.0.255.255.255.0.0.0.0.0 = IpAddress: 10.0.0.0
 +IP-FORWARD-MIB::ipCidrRouteDest.169.254.0.0.0.0.255.255.0.0.0.0.0 = IpAddress: 169.254.0.0
 +IP-FORWARD-MIB::ipCidrRouteDest.192.168.10.0.0.255.255.255.0.0.0.0.0 = IpAddress: 192.168.10.0
 +IP-FORWARD-MIB::ipCidrRouteMask.0.0.0.0.0.0.0.0.0.192.168.10.1 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::ipCidrRouteMask.10.0.0.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.255.255.255
 +IP-FORWARD-MIB::ipCidrRouteMask.169.254.0.0.0.0.255.255.0.0.0.0.0 = IpAddress: 0.0.255.255
 +IP-FORWARD-MIB::ipCidrRouteMask.192.168.10.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.255.255.255
 +IP-FORWARD-MIB::ipCidrRouteTos.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteTos.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteTos.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteTos.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteNextHop.0.0.0.0.0.0.0.0.0.192.168.10.1 = IpAddress: 192.168.10.1
 +IP-FORWARD-MIB::ipCidrRouteNextHop.10.0.0.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::ipCidrRouteNextHop.169.254.0.0.0.0.255.255.0.0.0.0.0 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::ipCidrRouteNextHop.192.168.10.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::ipCidrRouteIfIndex.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 3
 +IP-FORWARD-MIB::ipCidrRouteIfIndex.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::ipCidrRouteIfIndex.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::ipCidrRouteIfIndex.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::ipCidrRouteType.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 4
 +IP-FORWARD-MIB::ipCidrRouteType.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::ipCidrRouteType.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::ipCidrRouteType.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::ipCidrRouteProto.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 2
 +IP-FORWARD-MIB::ipCidrRouteProto.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::ipCidrRouteProto.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::ipCidrRouteProto.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::ipCidrRouteInfo.0.0.0.0.0.0.0.0.0.192.168.10.1 = OID: SNMPv2-SMI::zeroDotZero
 +IP-FORWARD-MIB::ipCidrRouteInfo.10.0.0.0.0.255.255.255.0.0.0.0.0 = OID: SNMPv2-SMI::zeroDotZero
 +IP-FORWARD-MIB::ipCidrRouteInfo.169.254.0.0.0.0.255.255.0.0.0.0.0 = OID: SNMPv2-SMI::zeroDotZero
 +IP-FORWARD-MIB::ipCidrRouteInfo.192.168.10.0.0.255.255.255.0.0.0.0.0 = OID: SNMPv2-SMI::zeroDotZero
 +IP-FORWARD-MIB::ipCidrRouteNextHopAS.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteNextHopAS.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteNextHopAS.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteNextHopAS.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteMetric1.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteMetric1.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteMetric1.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 1002
 +IP-FORWARD-MIB::ipCidrRouteMetric1.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::ipCidrRouteMetric2.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric2.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric2.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric2.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric3.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric3.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric3.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric3.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric4.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric4.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric4.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric4.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric5.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric5.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric5.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteMetric5.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::ipCidrRouteStatus.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 1
 +IP-FORWARD-MIB::ipCidrRouteStatus.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 1
 +IP-FORWARD-MIB::ipCidrRouteStatus.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 1
 +IP-FORWARD-MIB::ipCidrRouteStatus.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 1
 +IP-FORWARD-MIB::inetCidrRouteNumber.0 = Gauge32: 5
 +IP-FORWARD-MIB::inetCidrRouteIfIndex.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteIfIndex.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteIfIndex.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteIfIndex.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteIfIndex.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteType.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: 4
 +IP-FORWARD-MIB::inetCidrRouteType.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteType.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteType.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteType.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: 3
 +IP-FORWARD-MIB::inetCidrRouteProto.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteProto.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteProto.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteProto.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteProto.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: 2
 +IP-FORWARD-MIB::inetCidrRouteAge.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteAge.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteAge.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteAge.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteAge.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteNextHopAS.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteNextHopAS.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteNextHopAS.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteNextHopAS.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteNextHopAS.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = Gauge32: 0
 +IP-FORWARD-MIB::inetCidrRouteMetric1.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: 0
 +IP-FORWARD-MIB::inetCidrRouteMetric1.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: 0
 +IP-FORWARD-MIB::inetCidrRouteMetric1.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: 1002
 +IP-FORWARD-MIB::inetCidrRouteMetric1.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: 1003
 +IP-FORWARD-MIB::inetCidrRouteMetric1.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: 0
 +IP-FORWARD-MIB::inetCidrRouteMetric2.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric2.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric2.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric2.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric2.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric3.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric3.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric3.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric3.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric3.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric4.ipv4."0.0.0.0".0.2.0.0.ipv4."192.168.10.1" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric4.ipv4."10.0.0.0".24.1.2.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric4.ipv4."169.254.0.0".16.1.2.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric4.ipv4."169.254.0.0".16.1.3.ipv4."0.0.0.0" = INTEGER: -1
 +IP-FORWARD-MIB::inetCidrRouteMetric4.ipv4."192.168.10.0".24.1.3.ipv4."0.0.0.0" = INTEGER: -1
 +</code>
 +
 +==== Abfrage der Systemnamen ====
 +Möchten wir lediglich nur den Systemnamen (**sysName.0**) abfragen, so geben wir einfach die Option **sysName.0** bei der Abfrage mit an.
 +   # snmpwalk -v 2c -c private -O e 127.0.0.1 sysName.0
 +
 +   SNMPv2-MIB::sysName.0 = STRING: vml000010.dmz.nausch.org
 +
 +
 +==== Abfrage der definierten Laufwerke ====
 +Möchten wir lediglich nur die freigegebenen Laufwerke abfragen (**dskPath**) abfragen, so geben wir einfach die Option **.1.3.6.1.4.1.2021.9.1.2** bei der Abfrage mit an.
 +   # snmpwalk -v 2c -c private -O e localhost .1.3.6.1.4.1.2021.9.1.2
 +
 +   UCD-SNMP-MIB::dskPath.1 = STRING: /
 +   UCD-SNMP-MIB::dskPath.2 = STRING: /boot
 +   UCD-SNMP-MIB::dskPath.3 = STRING: /var/log
 +
 +
 +==== Abfragen aus dem eigenen Netzwerk ====
 +=== Abfrage mit richtigem Passwort ===
 +Bei der Konfiguration unseres SNMP-Daemon hatten wir angegeben, dass für Anfragen aus dem eigenen Netzwerk ein gesondertes Passwort zu verwenden ist.
 +   # snmpwalk -v 2c -c public -O e 10.0.0.10 sysName.0
 +
 +   SNMPv2-MIB::sysName.0 = STRING: vml000010.dmz.nausch.org
 +
 +=== Abfrage mit falschem Passwort ===
 +Versuchen wir hingegen mit dem Passwort, welches wir für **localhost** definiert haben, die Anfrage von einem Host aus dem eigenen Netzwerk, so klappt dies erwartungsgemäß nicht.
 +   # snmpwalk -v 2c -c private -O e 10.0.0.10 sysName.0
 +
 +   Timeout: No Response from 10.0.0.10
 +
 +
 +===== erweiterte Konfiguration (SNMP V3) =====   
 +==== Zugriffbeschränkung ====
 +Da die beiden SNMP-Versionen 1 und 2c fast keine Sicherheitsmechanismen bieten, wollen wir in unserem Netzwerk nunmehr ausschließlich in der aktuellen Version 3, in der die Sicherheitsmechanismen deutlich ausgebaut wurden einsetzen.
 +
 +Hierzu bearbeiten wir nun die Konfigurationsdatei unseres //**SNMP-Daemon**// wie folgt.
 +
 +   # vim /etc/snmp/snmpd.conf
 +
 +<code>###############################################################################
 +#
 +# snmpd.conf:
 +#   An example configuration file for configuring the ucd-snmp snmpd agent.
 +#
 +###############################################################################
 +#
 +# This file is intended to only be as a starting point.  Many more
 +# configuration directives exist than are mentioned in this file.  For 
 +# full details, see the snmpd.conf(5) manual page.
 +#
 +# All lines beginning with a '#' are comments and are intended for you
 +# to read.  All other lines are configuration commands for the agent.
 +
 +###############################################################################
 +# Access Control
 +###############################################################################
 +
 +# As shipped, the snmpd demon will only respond to queries on the
 +# system mib group until this file is replaced or modified for
 +# security purposes.  Examples are shown below about how to increase the
 +# level of access.
 +
 +# By far, the most common question I get about the agent is "why won't
 +# it work?", when really it should be "how do I configure the agent to
 +# allow me to access it?"
 +#
 +# By default, the agent responds to the "public" community for read
 +# only access, if run out of the box without any configuration file in 
 +# place.  The following examples show you other ways of configuring
 +# the agent so that you can change the community names, and give
 +# yourself write access to the mib tree as well.
 +#
 +# For more information, read the FAQ as well as the snmpd.conf(5)
 +# manual page.
 +
 +####
 +# First, map the community name "public" into a "security name"
 +
 +#       sec.name  source          community
 +# Django : 2012-07-17
 +# default: com2sec notConfigUser  default       public
 +#com2sec local           localhost       private
 +#com2sec mynetwork       10.0.0.0/24    public
 +
 +
 +# Django : 2012-07-31
 +# default: unset
 +createUser django MD5 Der_Admin_mit_den_dicksten_Eiern! DES
 +
 +####
 +# Second, map the security name into a group name:
 +
 +#       groupName      securityModel securityName
 +# Django : 2012-07-17
 +# default: group   notConfigGroup v1           notConfigUser
 +#          group   notConfigGroup v2c           notConfigUser
 +#group   MyROGroup       v1      local
 +#group   MyROGroup       v2c     local
 +#group   MyROGroup       v1      mynetwork
 +#group   MyROGroup       v2c     mynetwork
 +group   MyV3Group       usm     django
 +
 +
 +####
 +# Third, create a view for us to let the group have rights to:
 +
 +# Make at least  snmpwalk -v 1 localhost -c public system fast again.
 +#       name           incl/excl     subtree         mask(optional)
 +# Django : 2012-07-17
 +# default: view    systemview    included   .1.3.6.1.2.1.1
 +#          view    systemview    included   .1.3.6.1.2.1.25.1.1
 +view    all     included        .iso      80
 +
 +####
 +# Finally, grant the group read-only access to the systemview view.
 +
 +#       group          context sec.model sec.level prefix read   write  notif
 +# Django : 2012-07-17
 +# default: access  notConfigGroup ""      any       noauth    exact  systemview none none
 +#access  MyROGroup       ""      any     noauth  exact   all     none    none
 +#access  MyRWGroup       ""      any     noauth  exact   all     all     none
 +# Django : 2012-07-31
 +access  MyV3Group       ""      any     auth    exact   all     all     all
 +
 +# -----------------------------------------------------------------------------
 +
 +# Here is a commented out example configuration that allows less
 +# restrictive access.
 +
 +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
 +# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 +
 +##       sec.name  source          community
 +#com2sec local     localhost       COMMUNITY
 +#com2sec mynetwork NETWORK/24      COMMUNITY
 +
 +##     group.name sec.model  sec.name
 +#group MyRWGroup  any        local
 +#group MyROGroup  any        mynetwork
 +#
 +#group MyRWGroup  any        otherv3user
 +#...
 +
 +##           incl/excl subtree                          mask
 +#view all    included  .1                               80
 +
 +## -or just the mib2 tree-
 +
 +#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
 +
 +
 +##                context sec.model sec.level prefix read   write  notif
 +#access MyROGroup ""      any       noauth    0      all    none   none
 +#access MyRWGroup ""      any       noauth    0      all    all    all
 +
 +
 +###############################################################################
 +# Sample configuration to make net-snmpd RFC 1213.
 +# Unfortunately v1 and v2c don't allow any user based authentification, so
 +# opening up the default config is not an option from a security point.
 +#
 +# WARNING: If you uncomment the following lines you allow write access to your
 +# snmpd daemon from any source! To avoid this use different names for your
 +# community or split out the write access to a different community and 
 +# restrict it to your local network.
 +# Also remember to comment the syslocation and syscontact parameters later as
 +# otherwise they are still read only (see FAQ for net-snmp).
 +#
 +
 +# First, map the community name "public" into a "security name"
 +#       sec.name        source          community
 +#com2sec notConfigUser   default         public
 +
 +# Second, map the security name into a group name:
 +#       groupName       securityModel   securityName
 +#group   notConfigGroup  v1              notConfigUser
 +#group   notConfigGroup  v2c             notConfigUser
 +
 +# Third, create a view for us to let the group have rights to:
 +# Open up the whole tree for ro, make the RFC 1213 required ones rw.
 +#       name            incl/excl       subtree mask(optional)
 +#view    roview          included        .1
 +#view    rwview          included        system.sysContact
 +#view    rwview          included        system.sysName
 +#view    rwview          included        system.sysLocation
 +#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
 +#view    rwview          included        at.atTable.atEntry.atPhysAddress
 +#view    rwview          included        at.atTable.atEntry.atNetAddress
 +#view    rwview          included        ip.ipForwarding
 +#view    rwview          included        ip.ipDefaultTTL
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
 +#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
 +#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
 +#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
 +#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
 +#view    rwview          included        snmp.snmpEnableAuthenTraps
 +
 +# Finally, grant the group read-only access to the systemview view.
 +#       group          context sec.model sec.level prefix read   write  notif
 +#access  notConfigGroup ""      any       noauth    exact  roview rwview none
 +
 +
 +
 +###############################################################################
 +# System contact information
 +#
 +
 +# It is also possible to set the sysContact and sysLocation system
 +# variables through the snmpd.conf file:
 +
 +# Django : 2012-07-17
 +# default: syslocation Unknown (edit /etc/snmp/snmpd.conf)
 +#          syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 +syslocation "vml000010, vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"
 +syscontact django@nausch.org
 +
 +# Example output of snmpwalk:
 +#   % snmpwalk -v 1 localhost -c public system
 +#   system.sysDescr.0 = "SunOS name sun4c"
 +#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 +#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 +#   system.sysContact.0 = "Me <me@somewhere.org>"
 +#   system.sysName.0 = "name"
 +#   system.sysLocation.0 = "Right here, right now."
 +#   system.sysServices.0 = 72
 +
 +
 +###############################################################################
 +# Logging
 +#
 +
 +# We do not want annoying "Connection from UDP: " messages in syslog.
 +# If the following option is commented out, snmpd will print each incoming
 +# connection, which can be useful for debugging.
 +
 +dontLogTCPWrappersConnects yes
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Process checks.
 +#
 +#  The following are examples of how to use the agent to check for
 +#  processes running on the host.  The syntax looks something like:
 +#
 +#  proc NAME [MAX=0] [MIN=0]
 +#
 +#  NAME:  the name of the process to check for.  It must match
 +#         exactly (ie, http will not find httpd processes).
 +#  MAX:   the maximum number allowed to be running.  Defaults to 0.
 +#  MIN:   the minimum number to be running.  Defaults to 0.
 +
 +#
 +#  Examples (commented out by default):
 +#
 +
 +#  Make sure mountd is running
 +#proc mountd
 +
 +#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 +#proc ntalkd 4
 +
 +#  Make sure at least one sendmail, but less than or equal to 10 are running.
 +#proc sendmail 10 1
 +
 +#  A snmpwalk of the process mib tree would look something like this:
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
 +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
 +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
 +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 +#
 +#  Note that the errorFlag for mountd is set to 1 because one is not
 +#  running (in this case an rpc.mountd is, but thats not good enough),
 +#  and the ErrMessage tells you what's wrong.  The configuration
 +#  imposed in the snmpd.conf file is also shown.  
 +
 +#  Special Case:  When the min and max numbers are both 0, it assumes
 +#  you want a max of infinity and a min of 1.
 +#
 +
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Executables/scripts
 +#
 +
 +#
 +#  You can also have programs run by the agent that return a single
 +#  line of output and an exit code.  Here are two examples.
 +#
 +#  exec NAME PROGRAM [ARGS ...]
 +#
 +#  NAME:     A generic name. The name must be unique for each exec statement.
 +#  PROGRAM:  The program to run.  Include the path!
 +#  ARGS:     optional arguments to be passed to the program
 +
 +# a simple hello world
 +
 +#exec echotest /bin/echo hello world
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +#exec shelltest /bin/sh /tmp/shtest
 +
 +# Then, 
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
 +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
 +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
 +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 +
 +# Note that the second line of the /tmp/shtest shell script is cut
 +# off.  Also note that the exit status of 35 was returned.
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# disk checks
 +#
 +
 +# The agent can check the amount of available disk space, and make
 +# sure it is above a set limit.  
 +
 +# disk PATH [MIN=100000]
 +#
 +# PATH:  mount path to the disk in question.
 +# MIN:   Disks with space below this value will have the Mib's errorFlag set.
 +#        Default value = 100000.
 +
 +# Check the / partition and make sure it contains at least 10 megs.
 +
 +#disk / 10000
 +
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
 +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
 +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
 +
 +# Django : 2012-07-31
 +# folgende Partitionen definiert
 +disk /
 +disk /boot
 +disk /var/log
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# load average checks
 +#
 +
 +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
 +#
 +# 1MAX:   If the 1 minute load average is above this limit at query
 +#         time, the errorFlag will be set.
 +# 5MAX:   Similar, but for 5 min average.
 +# 15MAX:  Similar, but for 15 min average.
 +
 +# Check for loads:
 +load 12 14 14
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Extensible sections.
 +
 +
 +# This alleviates the multiple line output problem found in the
 +# previous executable mib by placing each mib in its own mib table:
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
 +# enterprises.ucdavis.50.1.1 = 1
 +# enterprises.ucdavis.50.2.1 = "shelltest"
 +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
 +# enterprises.ucdavis.50.100.1 = 35
 +# enterprises.ucdavis.50.101.1 = "hello world."
 +# enterprises.ucdavis.50.101.2 = "hi there."
 +# enterprises.ucdavis.50.102.1 = 0
 +
 +# Now the Output has grown to two lines, and we can see the 'hi
 +# there.' output as the second line from our shell script.
 +#
 +# Note that you must alter the mib.txt file to be correct if you want
 +# the .50.* outputs above to change to reasonable text descriptions.
 +
 +# Other ideas:
 +
 +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
 +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
 +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################
 +# Pass through control.
 +
 +
 +# Usage:
 +#   pass MIBOID EXEC-COMMAND
 +#
 +# This will pass total control of the mib underneath the MIBOID
 +# portion of the mib to the EXEC-COMMAND.  
 +#
 +# Note:  You'll have to change the path of the passtest script to your
 +# source directory or install it in the given location.
 +
 +# Example:  (see the script for details)
 +#           (commented out here since it requires that you place the
 +#           script in the right location. (its not installed by default))
 +
 +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
 +# enterprises.ucdavis.255.1 = "life the universe and everything"
 +# enterprises.ucdavis.255.2.1 = 42
 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 +# enterprises.ucdavis.255.5 = 42
 +# enterprises.ucdavis.255.6 = Gauge: 42
 +#
 +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
 +# enterprises.ucdavis.255.5 = 42
 +#
 +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
 +# enterprises.ucdavis.255.1 = "New string"
 +#
 +
 +# For specific usage information, see the man/snmpd.conf.5 manual page
 +# as well as the local/passtest script used in the above example.
 +
 +###############################################################################
 +# Further Information
 +#
 +#  See the snmpd.conf manual page, and the output of "snmpd -H".
 +</code>
 +
 +In der gewohnten Kurzform sehen wir nun folgende aktive Zeilen:
 +   # egrep -v '(^.*#|^$)' /etc/snmp/snmpd.conf
 +
 +<code>createUser django MD5 Der_Admin_mit_den_dicksten_Eiern! DES
 +group   MyV3Group       usm     django
 +view    all     included        .iso      80
 +access  MyV3Group       ""      any     auth    exact   all     all     all
 +syslocation "vml000010, vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"
 +syscontact django@nausch.org
 +dontLogTCPWrappersConnects yes
 +disk /
 +disk /boot
 +disk /var/log
 +load 12 14 14
 +</code>
 +
 +==== Änderungen aktivieren ====
 +Zum Aktivieren starten wir nun den Daemon einmal durch.
 +   # service snmpd restart
 +
 +   Stopping snmpd:                                            [  OK  ]
 +   Starting snmpd:                                            [  OK  ]
 +
 +==== Änderungen testen ====
 +Der Zugriff mit dem Passwort //**private**// von **localhost** aus, klappt nun nicht mehr.
 +   # snmpwalk -v 1 localhost -c private .1.3.6.1.4.1.2021.9
 +
 +   Timeout: No Response from localhost
 +
 +Genauso wenig scheitert der Verbindungsaufbau von einem entfernten Host aus dem eigenen Netz mit dem Passwort //**public**//.
 +   # snmpwalk -v 1 10.0.0.10 -c public .1.3.6.1.4.1.2021.9
 +
 +   Timeout: No Response from 10.0.0.10
 +
 +Geben wir aber nun bei der Abfrage den richtigen Usernamen //django// mit dem zugehörigen Passwort //Der_Admin_mit_den_dicksten_Eiern!// an, so klappt die Abfrage sowohl von **localhost** aus und auch von einem Host aus dem eignen Netzwerk.
 +  * Von **localhost** aus: <code> # snmpwalk -v 3 -l AuthNoPriv -u django -A Der_Admin_mit_den_dicksten_Eiern! 127.0.0.1 sysDescr.0</code> <code>SNMPv2-MIB::sysDescr.0 = STRING: Linux vml000010.dmz.nausch.org 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64</code>
 +  * Von **vml000030** aus: <code> # snmpwalk -v 3 -l AuthNoPriv -u django -A Der_Admin_mit_den_dicksten_Eiern! 10.0.0.10 sysDescr.0</code> <code>SNMPv2-MIB::sysDescr.0 = STRING: Linux vml000030.dmz.nausch.org 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64</code>
 +
 +Passen Usernamen und/oder Passwort nicht, wird natürlich eine Fehlermeldung ausgegeben.
 +   # snmpwalk -v 3 -l AuthNoPriv -u django -A Der_User_ohne_Rechte 10.0.0.10 sysDescr.0
 +
 +   No log handling enabled - turning on stderr logging
 +   snmpwalk: Authentication failure (incorrect password, community or key) (Sub-id not found: (top) -> sysDescr)
 +
 +
 +===== SNMP Logging anpassen =====
 +Im Normalfall wird uns im syslog der SNMP-Zugriff dokumentiert. Mit unter können diese zu Teil doch sehr vielen Logeinträgen unerwünscht erscheinen.
 +   Dec 20 09:51:08 pml010010 snmpd[22654]: Connection from UDP: [10.20.10.40]:33410->[10.20.10.10]
 +   Dec 20 09:51:08 pml010010 snmpd[22654]: Connection from UDP: [10.20.10.40]:33410->[10.20.10.10]
 +
 +Das Logging generell abzustellen, ist natürlich nur sehr bedingt empfehlenswert, vielmehr wollen wir doch lieber die unerwünschten SNMP-Logeinträge unterdrücken. 
 +
 +Folgende Loglevel sind unter CentOS 6.x wählbar:
 +^ Log-Level ^ Beschreibung                                          ^
 +|         | Notfall – System ist nicht benutzbar                  |
 +|         | Warnungen – sofortiges Handeln erforderlich           |
 +|         | Kritische – kritische Zustände                        |
 +|         | Störungen – Fehlerhinweise                            |
 +|         | Warnungen – Warnmeldungen                             |
 +|         | Benachrichtigungen – Informationsmeldungen            |
 +|         | Informationen – Hinweise                              |
 +|         | Debugging – Debugging-Meldungen                       |
 +
 +Als Standard ist unter CentOS 6.x der Lglevel **0 - 6** aktiviert. Die Zugriffe auf den Deamon werden im Loglevel **6** protokolliert. 
 +
 +Wir werden also nun nachfolgend den Loglevel **0 - 5** definieren. Hierzu passen wir die Konfigurationsdatei //**/etc/sysconfig/snmpd**// an.
 +    # vim /etc/sysconfig/snmpd
 +<file bash /etc/sysconfig/snmpd># snmpd command line options
 +# Django : 2012-12-20 Loglevel 0-5 zum Unterdrücken der Zugriffe im syslog 
 +# default: OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
 +OPTIONS="-LS0-5d -Lf /dev/null -p /var/run/snmpd.pid"
 +</file>
 +
 +Zum Aktivieren unserer Änderung starten wir den Daemon 1x durch.
 +   # service snmpd restart
 +
 +
 +
 +====== Links ======
 +  * **[[centos:cacti_c6:start|Zurück zum Kapitel >>Cacti-Serverinstallation unter CentOS 6<<]]**
 +  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
 +  * **[[https://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
 +
  
  • centos/cacti_c6/snmp.txt
  • Zuletzt geändert: 31.10.2023 18:53.
  • von 127.0.0.1