Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:cacti_c6:snmp [31.07.2012 14:03. ]
django
centos:cacti_c6:snmp [20.04.2018 10:47. ] (aktuell)
Zeile 1: Zeile 1:
 +====== SNMP (unter CentOS 6.x)======
 +SNMP((**S**imple **N**etwork **M**anagement **P**rotocol,​ aka **S**ecurity is **N**ot **M**y **P**roblem)) ist ein, von der IETF entwickeltes,​ Netzwerkprotokoll um Netzwerkelemente (Server, Switche, Router, Drucker, Rechner etc.) von einer zentralen Station aus überwachen und steuern zu können. Weiter Informationen findet man im folgenden [[http://​de.wikipedia.org/​wiki/​Simple_Network_Management_Protocol|Wikipedia-Artikel]].
 +
 +===== Installation =====
 +Falls noch nicht in unserem System vorhanden, installieren wir folgende Pakete:
 +   # yum install net-snmp net-snmp-utils -y
 +
 +==== Paketdetails ====
 +Die Softwarekomponenten,​ die uns bei der Installation der RPM-Pakete mit in das System gebracht wurden, fragen wir bei Bedarf einafch mit Hilfe ders Befehls **rpm** mit der option **//​-qil//​** ab.
 +=== net-snmp ===
 +   # rpm -qil net-snmp
 +<​code>​Name ​       : net-snmp ​                    ​Relocations:​ (not relocatable)
 +Version ​    : 5.5                               ​Vendor:​ CentOS
 +Release ​    : 41.el6 ​                       Build Date: Fri 22 Jun 2012 04:39:58 PM CEST
 +Install Date: Tue 10 Jul 2012 10:37:57 PM CEST      Build Host: c6b9.bsys.dev.centos.org
 +Group       : System Environment/​Daemons ​   Source RPM: net-snmp-5.5-41.el6.src.rpm
 +Size        : 835719 ​                          ​License:​ BSD
 +Signature ​  : RSA/SHA1, Mon 25 Jun 2012 12:17:03 AM CEST, Key ID 0946fca2c105b9de
 +Packager ​   : CentOS BuildSystem <​http://​bugs.centos.org>​
 +URL         : http://​net-snmp.sourceforge.net/​
 +Summary ​    : A collection of SNMP protocol tools and libraries
 +Description :
 +SNMP (Simple Network Management Protocol) is a protocol used for
 +network management. The NET-SNMP project includes various SNMP tools:
 +an extensible agent, an SNMP library, tools for requesting or setting
 +information from SNMP agents, tools for generating and handling SNMP
 +traps and a version of the netstat command which uses SNMP. This
 +package contains the snmpd and snmptrapd daemons, documentation,​ etc.
 +
 +You will probably also want to install the net-snmp-utils package,
 +which contains NET-SNMP utilities.
 +/​etc/​rc.d/​init.d/​snmpd
 +/​etc/​rc.d/​init.d/​snmptrapd
 +/etc/snmp
 +/​etc/​snmp/​snmpd.conf
 +/​etc/​snmp/​snmptrapd.conf
 +/​etc/​sysconfig/​snmpd
 +/​etc/​sysconfig/​snmptrapd
 +/​usr/​bin/​net-snmp-create-v3-user
 +/​usr/​bin/​snmpconf
 +/​usr/​sbin/​snmpd
 +/​usr/​sbin/​snmptrapd
 +/​usr/​share/​doc/​net-snmp-5.5
 +/​usr/​share/​doc/​net-snmp-5.5/​AGENT.txt
 +/​usr/​share/​doc/​net-snmp-5.5/​COPYING
 +/​usr/​share/​doc/​net-snmp-5.5/​ChangeLog.trimmed
 +/​usr/​share/​doc/​net-snmp-5.5/​EXAMPLE.conf
 +/​usr/​share/​doc/​net-snmp-5.5/​FAQ
 +/​usr/​share/​doc/​net-snmp-5.5/​NEWS
 +/​usr/​share/​doc/​net-snmp-5.5/​PORTING
 +/​usr/​share/​doc/​net-snmp-5.5/​README
 +/​usr/​share/​doc/​net-snmp-5.5/​README.agent-mibs
 +/​usr/​share/​doc/​net-snmp-5.5/​README.agentx
 +/​usr/​share/​doc/​net-snmp-5.5/​README.krb5
 +/​usr/​share/​doc/​net-snmp-5.5/​README.mib2c
 +/​usr/​share/​doc/​net-snmp-5.5/​README.snmpv3
 +/​usr/​share/​doc/​net-snmp-5.5/​README.thread
 +/​usr/​share/​doc/​net-snmp-5.5/​TODO
 +/​usr/​share/​doc/​net-snmp-5.5/​ipf-mod.pl
 +/​usr/​share/​doc/​net-snmp-5.5/​passtest
 +/​usr/​share/​man/​man1/​net-snmp-create-v3-user.1.gz
 +/​usr/​share/​man/​man1/​snmpconf.1.gz
 +/​usr/​share/​man/​man5/​snmp_config.5.gz
 +/​usr/​share/​man/​man5/​snmpd.conf.5.gz
 +/​usr/​share/​man/​man5/​snmpd.examples.5.gz
 +/​usr/​share/​man/​man5/​snmpd.internal.5.gz
 +/​usr/​share/​man/​man5/​snmptrapd.conf.5.gz
 +/​usr/​share/​man/​man5/​variables.5.gz
 +/​usr/​share/​man/​man8/​snmpd.8.gz
 +/​usr/​share/​man/​man8/​snmptrapd.8.gz
 +/​usr/​share/​snmp
 +/​usr/​share/​snmp/​snmpconf-data
 +/​usr/​share/​snmp/​snmpconf-data/​snmp-data
 +/​usr/​share/​snmp/​snmpconf-data/​snmp-data/​authopts
 +/​usr/​share/​snmp/​snmpconf-data/​snmp-data/​debugging
 +/​usr/​share/​snmp/​snmpconf-data/​snmp-data/​mibs
 +/​usr/​share/​snmp/​snmpconf-data/​snmp-data/​output
 +/​usr/​share/​snmp/​snmpconf-data/​snmp-data/​snmpconf-config
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​acl
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​basic_setup
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​extending
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​monitor
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​operation
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​snmpconf-config
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​system
 +/​usr/​share/​snmp/​snmpconf-data/​snmpd-data/​trapsinks
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data/​authentication
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data/​formatting
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data/​logging
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data/​runtime
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data/​snmpconf-config
 +/​usr/​share/​snmp/​snmpconf-data/​snmptrapd-data/​traphandle
 +/​var/​run/​net-snmp
 +</​code>​
 +
 +=== net-snmp-utils ===
 +   # rpm -qil net-snmp-utils
 +<​code>​Name ​       : net-snmp-utils ​              ​Relocations:​ (not relocatable)
 +Version ​    : 5.5                               ​Vendor:​ CentOS
 +Release ​    : 41.el6 ​                       Build Date: Fri 22 Jun 2012 04:39:58 PM CEST
 +Install Date: Tue 17 Jul 2012 09:37:47 PM CEST      Build Host: c6b9.bsys.dev.centos.org
 +Group       : Applications/​System ​          ​Source RPM: net-snmp-5.5-41.el6.src.rpm
 +Size        : 370527 ​                          ​License:​ BSD
 +Signature ​  : RSA/SHA1, Mon 25 Jun 2012 12:16:15 AM CEST, Key ID 0946fca2c105b9de
 +Packager ​   : CentOS BuildSystem <​http://​bugs.centos.org>​
 +URL         : http://​net-snmp.sourceforge.net/​
 +Summary ​    : Network management utilities using SNMP, from the NET-SNMP project
 +Description :
 +The net-snmp-utils package contains various utilities for use with the
 +NET-SNMP network management project.
 +
 +Install this package if you need utilities for managing your network
 +using the SNMP protocol. You will also need to install the net-snmp
 +package.
 +/​usr/​bin/​encode_keychange
 +/​usr/​bin/​snmpbulkget
 +/​usr/​bin/​snmpbulkwalk
 +/​usr/​bin/​snmpdelta
 +/​usr/​bin/​snmpdf
 +/​usr/​bin/​snmpget
 +/​usr/​bin/​snmpgetnext
 +/​usr/​bin/​snmpinform
 +/​usr/​bin/​snmpnetstat
 +/​usr/​bin/​snmpset
 +/​usr/​bin/​snmpstatus
 +/​usr/​bin/​snmptable
 +/​usr/​bin/​snmptest
 +/​usr/​bin/​snmptranslate
 +/​usr/​bin/​snmptrap
 +/​usr/​bin/​snmpusm
 +/​usr/​bin/​snmpvacm
 +/​usr/​bin/​snmpwalk
 +/​usr/​share/​man/​man1/​encode_keychange.1.gz
 +/​usr/​share/​man/​man1/​snmpbulkget.1.gz
 +/​usr/​share/​man/​man1/​snmpbulkwalk.1.gz
 +/​usr/​share/​man/​man1/​snmpcmd.1.gz
 +/​usr/​share/​man/​man1/​snmpconf.1.gz
 +/​usr/​share/​man/​man1/​snmpdelta.1.gz
 +/​usr/​share/​man/​man1/​snmpdf.1.gz
 +/​usr/​share/​man/​man1/​snmpget.1.gz
 +/​usr/​share/​man/​man1/​snmpgetnext.1.gz
 +/​usr/​share/​man/​man1/​snmpinform.1.gz
 +/​usr/​share/​man/​man1/​snmpnetstat.1.gz
 +/​usr/​share/​man/​man1/​snmpset.1.gz
 +/​usr/​share/​man/​man1/​snmpstatus.1.gz
 +/​usr/​share/​man/​man1/​snmptable.1.gz
 +/​usr/​share/​man/​man1/​snmptest.1.gz
 +/​usr/​share/​man/​man1/​snmptranslate.1.gz
 +/​usr/​share/​man/​man1/​snmptrap.1.gz
 +/​usr/​share/​man/​man1/​snmpusm.1.gz
 +/​usr/​share/​man/​man1/​snmpvacm.1.gz
 +/​usr/​share/​man/​man1/​snmpwalk.1.gz
 +/​usr/​share/​man/​man5/​snmp.conf.5.gz
 +/​usr/​share/​man/​man5/​variables.5.gz
 +</​code>​
 +   
 +===== Konfiguration =====   
 +==== erste einfache Konfiguration für SNMP Version V1/V2c ====
 +Die Konfiguration des SNMP-Daemons erfolgt über die Konfigurationsdatei //​**/​etc/​snmp/​snmpd.conf**//​.
 +
 +<file bash /​etc/​snmp/​snmpd.conf>###############################################################################​
 +#
 +# snmpd.conf:
 +#   An example configuration file for configuring the ucd-snmp snmpd agent.
 +#
 +###############################################################################​
 +#
 +# This file is intended to only be as a starting point. ​ Many more
 +# configuration directives exist than are mentioned in this file.  For 
 +# full details, see the snmpd.conf(5) manual page.
 +#
 +# All lines beginning with a '#'​ are comments and are intended for you
 +# to read.  All other lines are configuration commands for the agent.
 +
 +###############################################################################​
 +# Access Control
 +###############################################################################​
 +
 +# As shipped, the snmpd demon will only respond to queries on the
 +# system mib group until this file is replaced or modified for
 +# security purposes. ​ Examples are shown below about how to increase the
 +# level of access.
 +
 +# By far, the most common question I get about the agent is "why won't
 +# it work?",​ when really it should be "how do I configure the agent to
 +# allow me to access it?"
 +#
 +# By default, the agent responds to the "​public"​ community for read
 +# only access, if run out of the box without any configuration file in 
 +# place. ​ The following examples show you other ways of configuring
 +# the agent so that you can change the community names, and give
 +# yourself write access to the mib tree as well.
 +#
 +# For more information,​ read the FAQ as well as the snmpd.conf(5)
 +# manual page.
 +
 +####
 +# First, map the community name "​public"​ into a "​security name"
 +
 +#       ​sec.name ​ source ​         community
 +com2sec notConfigUser ​ default ​      ​public
 +
 +####
 +# Second, map the security name into a group name:
 +
 +#       ​groupName ​     securityModel securityName
 +group   ​notConfigGroup v1           ​notConfigUser
 +group   ​notConfigGroup v2c           ​notConfigUser
 +
 +####
 +# Third, create a view for us to let the group have rights to:
 +
 +# Make at least  snmpwalk -v 1 localhost -c public system fast again.
 +#       ​name ​          ​incl/​excl ​    ​subtree ​        ​mask(optional)
 +view    systemview ​   included ​  ​.1.3.6.1.2.1.1
 +view    systemview ​   included ​  ​.1.3.6.1.2.1.25.1.1
 +
 +####
 +# Finally, grant the group read-only access to the systemview view.
 +
 +#       ​group ​         context sec.model sec.level prefix read   ​write ​ notif
 +access ​ notConfigGroup "" ​     any       ​noauth ​   exact  systemview none none
 +
 +# -----------------------------------------------------------------------------
 +
 +# Here is a commented out example configuration that allows less
 +# restrictive access.
 +
 +# YOU SHOULD CHANGE THE "​COMMUNITY"​ TOKEN BELOW TO A NEW KEYWORD ONLY
 +# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 +
 +##       ​sec.name ​ source ​         community
 +#com2sec local     ​localhost ​      ​COMMUNITY
 +#com2sec mynetwork NETWORK/​24 ​     COMMUNITY
 +
 +##     ​group.name sec.model ​ sec.name
 +#group MyRWGroup ​ any        local
 +#group MyROGroup ​ any        mynetwork
 +#
 +#group MyRWGroup ​ any        otherv3user
 +#...
 +
 +##           ​incl/​excl subtree ​                         mask
 +#view all    included ​ .1                               80
 +
 +## -or just the mib2 tree-
 +
 +#view mib2   ​included ​ .iso.org.dod.internet.mgmt.mib-2 fc
 +
 +
 +##                context sec.model sec.level prefix read   ​write ​ notif
 +#access MyROGroup "" ​     any       ​noauth ​   0      all    none   none
 +#access MyRWGroup "" ​     any       ​noauth ​   0      all    all    all
 +
 +
 +###############################################################################​
 +# Sample configuration to make net-snmpd RFC 1213.
 +# Unfortunately v1 and v2c don't allow any user based authentification,​ so
 +# opening up the default config is not an option from a security point.
 +#
 +# WARNING: If you uncomment the following lines you allow write access to your
 +# snmpd daemon from any source! To avoid this use different names for your
 +# community or split out the write access to a different community and 
 +# restrict it to your local network.
 +# Also remember to comment the syslocation and syscontact parameters later as
 +# otherwise they are still read only (see FAQ for net-snmp).
 +#
 +
 +# First, map the community name "​public"​ into a "​security name"
 +#       ​sec.name ​       source ​         community
 +#com2sec notConfigUser ​  ​default ​        ​public
 +
 +# Second, map the security name into a group name:
 +#       ​groupName ​      ​securityModel ​  ​securityName
 +#​group ​  ​notConfigGroup ​ v1              notConfigUser
 +#​group ​  ​notConfigGroup ​ v2c             ​notConfigUser
 +
 +# Third, create a view for us to let the group have rights to:
 +# Open up the whole tree for ro, make the RFC 1213 required ones rw.
 +#       ​name ​           incl/​excl ​      ​subtree mask(optional)
 +#view    roview ​         included ​       .1
 +#view    rwview ​         included ​       system.sysContact
 +#view    rwview ​         included ​       system.sysName
 +#view    rwview ​         included ​       system.sysLocation
 +#view    rwview ​         included ​       interfaces.ifTable.ifEntry.ifAdminStatus
 +#view    rwview ​         included ​       at.atTable.atEntry.atPhysAddress
 +#view    rwview ​         included ​       at.atTable.atEntry.atNetAddress
 +#view    rwview ​         included ​       ip.ipForwarding
 +#view    rwview ​         included ​       ip.ipDefaultTTL
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteDest
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteType
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteAge
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMask
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
 +#view    rwview ​         included ​       tcp.tcpConnTable.tcpConnEntry.tcpConnState
 +#view    rwview ​         included ​       egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
 +#view    rwview ​         included ​       snmp.snmpEnableAuthenTraps
 +
 +# Finally, grant the group read-only access to the systemview view.
 +#       ​group ​         context sec.model sec.level prefix read   ​write ​ notif
 +#​access ​ notConfigGroup "" ​     any       ​noauth ​   exact  roview rwview none
 +
 +
 +
 +###############################################################################​
 +# System contact information
 +#
 +
 +# It is also possible to set the sysContact and sysLocation system
 +# variables through the snmpd.conf file:
 +
 +syslocation Unknown (edit /​etc/​snmp/​snmpd.conf)
 +syscontact Root <​root@localhost>​ (configure /​etc/​snmp/​snmp.local.conf)
 +
 +# Example output of snmpwalk:
 +#   % snmpwalk -v 1 localhost -c public system
 +#   ​system.sysDescr.0 = "SunOS name sun4c"
 +#   ​system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 +#   ​system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 +#   ​system.sysContact.0 = "Me <​me@somewhere.org>"​
 +#   ​system.sysName.0 = "​name"​
 +#   ​system.sysLocation.0 = "Right here, right now."
 +#   ​system.sysServices.0 = 72
 +
 +
 +###############################################################################​
 +# Logging
 +#
 +
 +# We do not want annoying "​Connection from UDP: " messages in syslog.
 +# If the following option is commented out, snmpd will print each incoming
 +# connection, which can be useful for debugging.
 +
 +dontLogTCPWrappersConnects yes
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Process checks.
 +#
 +#  The following are examples of how to use the agent to check for
 +#  processes running on the host.  The syntax looks something like:
 +#
 +#  proc NAME [MAX=0] [MIN=0]
 +#
 +#  NAME:  the name of the process to check for.  It must match
 +#         ​exactly (ie, http will not find httpd processes).
 +#  MAX:   the maximum number allowed to be running. ​ Defaults to 0.
 +#  MIN:   the minimum number to be running. ​ Defaults to 0.
 +
 +#
 +#  Examples (commented out by default):
 +#
 +
 +#  Make sure mountd is running
 +#proc mountd
 +
 +#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 +#proc ntalkd 4
 +
 +#  Make sure at least one sendmail, but less than or equal to 10 are running.
 +#proc sendmail 10 1
 +
 +#  A snmpwalk of the process mib tree would look something like this:
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "​mountd"​
 +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "​ntalkd"​
 +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "​sendmail"​
 +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."​
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""​
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""​
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 +#
 +#  Note that the errorFlag for mountd is set to 1 because one is not
 +#  running (in this case an rpc.mountd is, but thats not good enough),
 +#  and the ErrMessage tells you what's wrong. ​ The configuration
 +#  imposed in the snmpd.conf file is also shown.  ​
 +
 +#  Special Case:  When the min and max numbers are both 0, it assumes
 +#  you want a max of infinity and a min of 1.
 +#
 +
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Executables/​scripts
 +#
 +
 +#
 +#  You can also have programs run by the agent that return a single
 +#  line of output and an exit code.  Here are two examples.
 +#
 +#  exec NAME PROGRAM [ARGS ...]
 +#
 +#  NAME:     A generic name. The name must be unique for each exec statement.
 +#  PROGRAM: ​ The program to run.  Include the path!
 +#  ARGS:     ​optional arguments to be passed to the program
 +
 +# a simple hello world
 +
 +#exec echotest /bin/echo hello world
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +#exec shelltest /bin/sh /tmp/shtest
 +
 +# Then, 
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "​echotest"​
 +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "​shelltest"​
 +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/​bin/​echo hello world"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/​bin/​sh /​tmp/​shtest"​
 +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."​
 +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."​
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 +
 +# Note that the second line of the /tmp/shtest shell script is cut
 +# off.  Also note that the exit status of 35 was returned.
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# disk checks
 +#
 +
 +# The agent can check the amount of available disk space, and make
 +# sure it is above a set limit.  ​
 +
 +# disk PATH [MIN=100000]
 +#
 +# PATH:  mount path to the disk in question.
 +# MIN:   Disks with space below this value will have the Mib's errorFlag set.
 +#        Default value = 100000.
 +
 +# Check the / partition and make sure it contains at least 10 megs.
 +
 +#disk / 10000
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/"​ Hex: 2F 
 +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/​dev/​dsk/​c201d6s0"​
 +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""​
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# load average checks
 +#
 +
 +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
 +#
 +# 1MAX:   If the 1 minute load average is above this limit at query
 +#         time, the errorFlag will be set.
 +# 5MAX:   ​Similar,​ but for 5 min average.
 +# 15MAX: ​ Similar, but for 15 min average.
 +
 +# Check for loads:
 +#load 12 14 14
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "​Load-1"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "​Load-5"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "​Load-15"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "​0.49"​ Hex: 30 2E 34 39 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "​0.31"​ Hex: 30 2E 33 31 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "​0.26"​ Hex: 30 2E 32 36 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "​12.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "​14.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "​14.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""​
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Extensible sections.
 +
 +
 +# This alleviates the multiple line output problem found in the
 +# previous executable mib by placing each mib in its own mib table:
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
 +# enterprises.ucdavis.50.1.1 = 1
 +# enterprises.ucdavis.50.2.1 = "​shelltest"​
 +# enterprises.ucdavis.50.3.1 = "/​bin/​sh /​tmp/​shtest"​
 +# enterprises.ucdavis.50.100.1 = 35
 +# enterprises.ucdavis.50.101.1 = "hello world."​
 +# enterprises.ucdavis.50.101.2 = "hi there."​
 +# enterprises.ucdavis.50.102.1 = 0
 +
 +# Now the Output has grown to two lines, and we can see the 'hi
 +# there.'​ output as the second line from our shell script.
 +#
 +# Note that you must alter the mib.txt file to be correct if you want
 +# the .50.* outputs above to change to reasonable text descriptions.
 +
 +# Other ideas:
 +
 +# exec .1.3.6.1.4.1.2021.51 ps /​bin/​ps ​
 +# exec .1.3.6.1.4.1.2021.52 top /​usr/​local/​bin/​top
 +# exec .1.3.6.1.4.1.2021.53 mailq /​usr/​bin/​mailq
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Pass through control.
 +
 +
 +# Usage:
 +#   pass MIBOID EXEC-COMMAND
 +#
 +# This will pass total control of the mib underneath the MIBOID
 +# portion of the mib to the EXEC-COMMAND.  ​
 +#
 +# Note:  You'll have to change the path of the passtest script to your
 +# source directory or install it in the given location.
 +
 +# Example: ​ (see the script for details)
 +#           ​(commented out here since it requires that you place the
 +#           ​script in the right location. (its not installed by default))
 +
 +# pass .1.3.6.1.4.1.2021.255 /bin/sh /​usr/​local/​local/​passtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
 +# enterprises.ucdavis.255.1 = "life the universe and everything"​
 +# enterprises.ucdavis.255.2.1 = 42
 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 +# enterprises.ucdavis.255.5 = 42
 +# enterprises.ucdavis.255.6 = Gauge: 42
 +#
 +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
 +# enterprises.ucdavis.255.5 = 42
 +#
 +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"​
 +# enterprises.ucdavis.255.1 = "New string"​
 +#
 +
 +# For specific usage information,​ see the man/​snmpd.conf.5 manual page
 +# as well as the local/​passtest script used in the above example.
 +
 +###############################################################################​
 +# Further Information
 +#
 +#  See the snmpd.conf manual page, and the output of "snmpd -H".
 +
 +</​file>​
 +
 +Im ersten Step wollen wir mal erreichen, dass mit einem gesonderten Passwort der Zugriff von der lokalen Maschine via **localhost** und aus dem eignenen Netzsegment nur noch antwortet. ​
 +Die Vorgabemusterdatei passen wir nun für unseren ersten Test wie nachfolgend an. 
 +   # vim /​etc/​snmp/​snmpd.conf
 +
 +<file bash /​etc/​snmp/​snmpd.conf>###############################################################################​
 +#
 +# snmpd.conf:
 +#   An example configuration file for configuring the ucd-snmp snmpd agent.
 +#
 +###############################################################################​
 +#
 +# This file is intended to only be as a starting point. ​ Many more
 +# configuration directives exist than are mentioned in this file.  For 
 +# full details, see the snmpd.conf(5) manual page.
 +#
 +# All lines beginning with a '#'​ are comments and are intended for you
 +# to read.  All other lines are configuration commands for the agent.
 +
 +###############################################################################​
 +# Access Control
 +###############################################################################​
 +
 +# As shipped, the snmpd demon will only respond to queries on the
 +# system mib group until this file is replaced or modified for
 +# security purposes. ​ Examples are shown below about how to increase the
 +# level of access.
 +
 +# By far, the most common question I get about the agent is "why won't
 +# it work?",​ when really it should be "how do I configure the agent to
 +# allow me to access it?"
 +#
 +# By default, the agent responds to the "​public"​ community for read
 +# only access, if run out of the box without any configuration file in 
 +# place. ​ The following examples show you other ways of configuring
 +# the agent so that you can change the community names, and give
 +# yourself write access to the mib tree as well.
 +#
 +# For more information,​ read the FAQ as well as the snmpd.conf(5)
 +# manual page.
 +
 +####
 +# First, map the community name "​public"​ into a "​security name"
 +
 +#       ​sec.name ​ source ​         community
 +# Django : 2012-07-17
 +# default: com2sec notConfigUser ​ default ​      ​public
 +com2sec local           ​localhost ​      ​private
 +com2sec mynetwork ​      ​10.0.0.0/​24 ​    ​public
 +
 +####
 +# Second, map the security name into a group name:
 +
 +#       ​groupName ​     securityModel securityName
 +# Django : 2012-07-17
 +# default: group   ​notConfigGroup v1           ​notConfigUser
 +#          group   ​notConfigGroup v2c           ​notConfigUser
 +group   ​MyROGroup ​      ​v1 ​     local
 +group   ​MyROGroup ​      ​v2c ​    local
 +group   ​MyROGroup ​      ​v1 ​     mynetwork
 +group   ​MyROGroup ​      ​v2c ​    ​mynetwork
 +
 +####
 +# Third, create a view for us to let the group have rights to:
 +
 +# Make at least  snmpwalk -v 1 localhost -c public system fast again.
 +#       ​name ​          ​incl/​excl ​    ​subtree ​        ​mask(optional)
 +# Django : 2012-07-17
 +# default: view    systemview ​   included ​  ​.1.3.6.1.2.1.1
 +#          view    systemview ​   included ​  ​.1.3.6.1.2.1.25.1.1
 +view    all     ​included ​       .iso      80
 +
 +####
 +# Finally, grant the group read-only access to the systemview view.
 +
 +#       ​group ​         context sec.model sec.level prefix read   ​write ​ notif
 +# Django : 2012-07-17
 +# default: access ​ notConfigGroup "" ​     any       ​noauth ​   exact  systemview none none
 +access ​ MyROGroup ​      "" ​     any     ​noauth ​ exact   ​all ​    ​none ​   none
 +access ​ MyRWGroup ​      "" ​     any     ​noauth ​ exact   ​all ​    ​all ​    none
 +
 +# -----------------------------------------------------------------------------
 +
 +# Here is a commented out example configuration that allows less
 +# restrictive access.
 +
 +# YOU SHOULD CHANGE THE "​COMMUNITY"​ TOKEN BELOW TO A NEW KEYWORD ONLY
 +# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 +
 +##       ​sec.name ​ source ​         community
 +#com2sec local     ​localhost ​      ​COMMUNITY
 +#com2sec mynetwork NETWORK/​24 ​     COMMUNITY
 +
 +##     ​group.name sec.model ​ sec.name
 +#group MyRWGroup ​ any        local
 +#group MyROGroup ​ any        mynetwork
 +#
 +#group MyRWGroup ​ any        otherv3user
 +#...
 +
 +##           ​incl/​excl subtree ​                         mask
 +#view all    included ​ .1                               80
 +
 +## -or just the mib2 tree-
 +
 +#view mib2   ​included ​ .iso.org.dod.internet.mgmt.mib-2 fc
 +
 +
 +##                context sec.model sec.level prefix read   ​write ​ notif
 +#access MyROGroup "" ​     any       ​noauth ​   0      all    none   none
 +#access MyRWGroup "" ​     any       ​noauth ​   0      all    all    all
 +
 +
 +###############################################################################​
 +# Sample configuration to make net-snmpd RFC 1213.
 +# Unfortunately v1 and v2c don't allow any user based authentification,​ so
 +# opening up the default config is not an option from a security point.
 +#
 +# WARNING: If you uncomment the following lines you allow write access to your
 +# snmpd daemon from any source! To avoid this use different names for your
 +# community or split out the write access to a different community and 
 +# restrict it to your local network.
 +# Also remember to comment the syslocation and syscontact parameters later as
 +# otherwise they are still read only (see FAQ for net-snmp).
 +#
 +
 +# First, map the community name "​public"​ into a "​security name"
 +#       ​sec.name ​       source ​         community
 +#com2sec notConfigUser ​  ​default ​        ​public
 +
 +# Second, map the security name into a group name:
 +#       ​groupName ​      ​securityModel ​  ​securityName
 +#​group ​  ​notConfigGroup ​ v1              notConfigUser
 +#​group ​  ​notConfigGroup ​ v2c             ​notConfigUser
 +
 +# Third, create a view for us to let the group have rights to:
 +# Open up the whole tree for ro, make the RFC 1213 required ones rw.
 +#       ​name ​           incl/​excl ​      ​subtree mask(optional)
 +#view    roview ​         included ​       .1
 +#view    rwview ​         included ​       system.sysContact
 +#view    rwview ​         included ​       system.sysName
 +#view    rwview ​         included ​       system.sysLocation
 +#view    rwview ​         included ​       interfaces.ifTable.ifEntry.ifAdminStatus
 +#view    rwview ​         included ​       at.atTable.atEntry.atPhysAddress
 +#view    rwview ​         included ​       at.atTable.atEntry.atNetAddress
 +#view    rwview ​         included ​       ip.ipForwarding
 +#view    rwview ​         included ​       ip.ipDefaultTTL
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteDest
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteType
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteAge
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMask
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
 +#view    rwview ​         included ​       tcp.tcpConnTable.tcpConnEntry.tcpConnState
 +#view    rwview ​         included ​       egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
 +#view    rwview ​         included ​       snmp.snmpEnableAuthenTraps
 +
 +# Finally, grant the group read-only access to the systemview view.
 +#       ​group ​         context sec.model sec.level prefix read   ​write ​ notif
 +#​access ​ notConfigGroup "" ​     any       ​noauth ​   exact  roview rwview none
 +
 +
 +
 +###############################################################################​
 +# System contact information
 +#
 +
 +# It is also possible to set the sysContact and sysLocation system
 +# variables through the snmpd.conf file:
 +
 +# Django : 2012-07-17
 +# default: syslocation Unknown (edit /​etc/​snmp/​snmpd.conf)
 +#          syscontact Root <​root@localhost>​ (configure /​etc/​snmp/​snmp.local.conf)
 +syslocation "​vml000010,​ vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"​
 +syscontact django@nausch.org
 +
 +# Example output of snmpwalk:
 +#   % snmpwalk -v 1 localhost -c public system
 +#   ​system.sysDescr.0 = "SunOS name sun4c"
 +#   ​system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 +#   ​system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 +#   ​system.sysContact.0 = "Me <​me@somewhere.org>"​
 +#   ​system.sysName.0 = "​name"​
 +#   ​system.sysLocation.0 = "Right here, right now."
 +#   ​system.sysServices.0 = 72
 +
 +
 +###############################################################################​
 +# Logging
 +#
 +
 +# We do not want annoying "​Connection from UDP: " messages in syslog.
 +# If the following option is commented out, snmpd will print each incoming
 +# connection, which can be useful for debugging.
 +
 +dontLogTCPWrappersConnects yes
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Process checks.
 +#
 +#  The following are examples of how to use the agent to check for
 +#  processes running on the host.  The syntax looks something like:
 +#
 +#  proc NAME [MAX=0] [MIN=0]
 +#
 +#  NAME:  the name of the process to check for.  It must match
 +#         ​exactly (ie, http will not find httpd processes).
 +#  MAX:   the maximum number allowed to be running. ​ Defaults to 0.
 +#  MIN:   the minimum number to be running. ​ Defaults to 0.
 +
 +#
 +#  Examples (commented out by default):
 +#
 +
 +#  Make sure mountd is running
 +#proc mountd
 +
 +#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 +#proc ntalkd 4
 +
 +#  Make sure at least one sendmail, but less than or equal to 10 are running.
 +#proc sendmail 10 1
 +
 +#  A snmpwalk of the process mib tree would look something like this:
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "​mountd"​
 +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "​ntalkd"​
 +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "​sendmail"​
 +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."​
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""​
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""​
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 +#
 +#  Note that the errorFlag for mountd is set to 1 because one is not
 +#  running (in this case an rpc.mountd is, but thats not good enough),
 +#  and the ErrMessage tells you what's wrong. ​ The configuration
 +#  imposed in the snmpd.conf file is also shown.  ​
 +
 +#  Special Case:  When the min and max numbers are both 0, it assumes
 +#  you want a max of infinity and a min of 1.
 +#
 +
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Executables/​scripts
 +#
 +
 +#
 +#  You can also have programs run by the agent that return a single
 +#  line of output and an exit code.  Here are two examples.
 +#
 +#  exec NAME PROGRAM [ARGS ...]
 +#
 +#  NAME:     A generic name. The name must be unique for each exec statement.
 +#  PROGRAM: ​ The program to run.  Include the path!
 +#  ARGS:     ​optional arguments to be passed to the program
 +
 +# a simple hello world
 +
 +#exec echotest /bin/echo hello world
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +#exec shelltest /bin/sh /tmp/shtest
 +
 +# Then, 
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "​echotest"​
 +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "​shelltest"​
 +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/​bin/​echo hello world"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/​bin/​sh /​tmp/​shtest"​
 +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."​
 +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."​
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 +
 +# Note that the second line of the /tmp/shtest shell script is cut
 +# off.  Also note that the exit status of 35 was returned.
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# disk checks
 +#
 +
 +# The agent can check the amount of available disk space, and make
 +# sure it is above a set limit.  ​
 +
 +# disk PATH [MIN=100000]
 +#
 +# PATH:  mount path to the disk in question.
 +# MIN:   Disks with space below this value will have the Mib's errorFlag set.
 +#        Default value = 100000.
 +
 +# Check the / partition and make sure it contains at least 10 megs.
 +
 +#disk / 10000
 +
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/"​ Hex: 2F 
 +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/​dev/​dsk/​c201d6s0"​
 +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""​
 +
 +# Django : 2012-07-31
 +# folgende Partitionen definiert
 +disk /
 +disk /boot
 +disk /var/log
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# load average checks
 +#
 +
 +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
 +#
 +# 1MAX:   If the 1 minute load average is above this limit at query
 +#         time, the errorFlag will be set.
 +# 5MAX:   ​Similar,​ but for 5 min average.
 +# 15MAX: ​ Similar, but for 15 min average.
 +
 +# Check for loads:
 +load 12 14 14
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "​Load-1"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "​Load-5"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "​Load-15"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "​0.49"​ Hex: 30 2E 34 39 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "​0.31"​ Hex: 30 2E 33 31 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "​0.26"​ Hex: 30 2E 32 36 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "​12.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "​14.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "​14.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""​
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Extensible sections.
 +
 +
 +# This alleviates the multiple line output problem found in the
 +# previous executable mib by placing each mib in its own mib table:
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
 +# enterprises.ucdavis.50.1.1 = 1
 +# enterprises.ucdavis.50.2.1 = "​shelltest"​
 +# enterprises.ucdavis.50.3.1 = "/​bin/​sh /​tmp/​shtest"​
 +# enterprises.ucdavis.50.100.1 = 35
 +# enterprises.ucdavis.50.101.1 = "hello world."​
 +# enterprises.ucdavis.50.101.2 = "hi there."​
 +# enterprises.ucdavis.50.102.1 = 0
 +
 +# Now the Output has grown to two lines, and we can see the 'hi
 +# there.'​ output as the second line from our shell script.
 +#
 +# Note that you must alter the mib.txt file to be correct if you want
 +# the .50.* outputs above to change to reasonable text descriptions.
 +
 +# Other ideas:
 +
 +# exec .1.3.6.1.4.1.2021.51 ps /​bin/​ps ​
 +# exec .1.3.6.1.4.1.2021.52 top /​usr/​local/​bin/​top
 +# exec .1.3.6.1.4.1.2021.53 mailq /​usr/​bin/​mailq
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Pass through control.
 +
 +
 +# Usage:
 +#   pass MIBOID EXEC-COMMAND
 +#
 +# This will pass total control of the mib underneath the MIBOID
 +# portion of the mib to the EXEC-COMMAND.  ​
 +#
 +# Note:  You'll have to change the path of the passtest script to your
 +# source directory or install it in the given location.
 +
 +# Example: ​ (see the script for details)
 +#           ​(commented out here since it requires that you place the
 +#           ​script in the right location. (its not installed by default))
 +
 +# pass .1.3.6.1.4.1.2021.255 /bin/sh /​usr/​local/​local/​passtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
 +# enterprises.ucdavis.255.1 = "life the universe and everything"​
 +# enterprises.ucdavis.255.2.1 = 42
 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 +# enterprises.ucdavis.255.5 = 42
 +# enterprises.ucdavis.255.6 = Gauge: 42
 +#
 +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
 +# enterprises.ucdavis.255.5 = 42
 +#
 +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"​
 +# enterprises.ucdavis.255.1 = "New string"​
 +#
 +
 +# For specific usage information,​ see the man/​snmpd.conf.5 manual page
 +# as well as the local/​passtest script used in the above example.
 +
 +###############################################################################​
 +# Further Information
 +#
 +#  See the snmpd.conf manual page, and the output of "snmpd -H".
 +</​file>​
 +Nachdem die Konfigurationsdatei mit jeder Menge Kommentare bestückt ist, sehen wir uns erst einmal an, was dort aktuell aktiviert wurde.
 +
 +   # egrep -v '​(^.*#​|^$)'​ /​etc/​snmp/​snmpd.conf ​
 +
 +<​code>​com2sec local           ​localhost ​      ​private
 +com2sec mynetwork ​      ​10.0.0.0/​24 ​    ​public
 +group   ​MyROGroup ​      ​v1 ​     local
 +group   ​MyROGroup ​      ​v2c ​    local
 +group   ​MyROGroup ​      ​v1 ​     mynetwork
 +group   ​MyROGroup ​      ​v2c ​    ​mynetwork
 +view    all     ​included ​       .iso      80
 +access ​ MyROGroup ​      "" ​     any     ​noauth ​ exact   ​all ​    ​none ​   none
 +access ​ MyRWGroup ​      "" ​     any     ​noauth ​ exact   ​all ​    ​all ​    none
 +syslocation "​vml000010,​ vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"​
 +syscontact django@nausch.org
 +dontLogTCPWrappersConnects yes
 +disk /
 +disk /boot
 +disk /var/log
 +load 12 14 14
 +</​code>​
 +
 +Mit dieser minimalen Konfiguration des SNMP-Daemon können folgende Parameter abgefragt werden:
 +  * CPU Auslastung und durchschnittliche Belastung (load)
 +  * Anzahl der Prozesse
 +  * Speicher und SWAP-Nutzung
 +  * Laufwerksauslastung
 +  * eingeloggte User
 +  * Netzwerk-Schnittstellen
 +
 +
 +==== Manpage snmpd.conf ====
 +Genauere Hinweise zur Konfiguration findet man übrigends in der Manpage von **snmp.conf**.
 +   # man snmp.conf
 +
 +<​code>​SNMP.CONF(5) ​                      ​Net-SNMP ​                      ​SNMP.CONF(5)
 +
 +NAME
 +       ​snmp.conf - configuration files for the Net-SNMP applications
 +
 +DESCRIPTION
 +       ​Applications ​ built  using  the  Net-SNMP ​ libraries typically use one or more configuration files to control various aspects of their
 +       ​operation. ​ These files (snmp.conf and snmp.local.conf) can be located in one of several locations, as described in the snmp_config(5)
 +       ​manual page.
 +
 +       ​In ​ particular, /​etc/​snmp/​snmp.conf is a common file, containing the settings shared by all users of the system. ​ ~/​.snmp/​snmp.conf is
 +       a personal file, with the settings specific to a particular user.
 +
 +IMPORTANT NOTE
 +       ​Several of these directives may contain sensitive information (such as pass phrases). ​ Configuration files that include such  settings
 +       ​should only be readable by the user concerned.
 +
 +       As well as application-specific configuration tokens, there are several directives that relate to standard library behaviour, relevant
 +       to most Net-SNMP applications. ​ Many of these correspond to standard command-line options, which are described in the snmpcmd(1) ​ man-
 +       ual page.
 +
 +       These directives can be divided into several distinct groups.
 +
 +CLIENT BEHAVIOUR
 +       ​defDomain application domain
 +              The transport domain that should be used for a certain application type unless something else is specified.
 +
 +       ​defTarget application domain target
 +              The target that should be used for connections to a certain application if the connection should be in a specific domain.
 +
 +       ​defaultPort PORT
 +              defines ​ the  default ​ UDP port that client SNMP applications will attempt to connect to.  This can be overridden by explicitly
 +              including a port number in the AGENT specification. ​ See the snmpcmd(1) manual page for more details.
 +
 +              If not specified, the default value for this token is 161.
 +
 +       ​defVersion (1|2c|3)
 +              defines the default version of SNMP to use.  This can be overridden using the -v option.
 +
 +       ​defCommunity STRING
 +              defines the default community to use for SNMPv1 and SNMPv2c requests. ​ This can be overridden using the -c option.
 +
 +       alias NAME DEFINITION
 +              Creates an aliased tied to NAME for a given transport definition. ​ The alias can the be referred to  using  an  alias: ​ prefix.
 +              Eg,  a  line  of  "​alias ​ here  udp:​127.0.0.1:​6161" ​ would  allow  you  to  use  a  destination host of "​alias:​here"​ instead of
 +              "​udp:​127.0.0.1:​6161"​. ​ This becomes more useful with complex transport addresses involving IPv6 addresses, etc.
 +
 +       ​dumpPacket yes
 +              defines whether to display a hexadecimal dump of the raw SNMP requests sent and received by the application. ​ This  is  equiva-
 +              lent to the -d option.
 +       ​doDebugging (1|0)
 +              turns on debugging for all applications run if set to 1.
 +
 +       ​debugTokens TOKEN[,​TOKEN...]
 +              defines the debugging tokens that should be turned on when doDebugging is set.  This is equivalent to the -D option.
 +
 +       ​16bitIDs yes
 +              restricts requestIDs, etc to 16-bit values.
 +
 +              The  SNMP  specifications ​ define ​ these ID fields as 32-bit quantities, and the Net-SNMP library typically initialises them to
 +              random values for security. ​ However certain (broken) agents cannot handle ID values greater than 2^16  -  this  option ​ allows
 +              interoperability with such agents.
 +
 +       ​clientaddr [<​transport-specifier>:​]<​transport-address>​
 +              specifies the source address to be used by command-line applications when sending SNMP requests. See snmpcmd(1) for more infor-
 +              mation about the format of addresses.
 +
 +              This value is also used by snmpd when generating notifications.
 +
 +       ​clientRecvBuf INTEGER
 +              specifies the desired size of the buffer to be used when receiving responses to SNMP requests. ​ If the OS hard limit  is  lower
 +              than  the  clientRecvBuf ​ value, ​ then this will be used instead. ​ Some platforms may decide to increase the size of the buffer
 +              actually used for internal housekeeping.
 +
 +              This directive will be ignored if the platforms does not support setsockopt().
 +
 +       ​clientSendBuf INTEGER
 +              is similar to clientRecvBuf,​ but applies to the size of the buffer used when sending SNMP requests.
 +
 +       ​noRangeCheck yes
 +              disables the validation of varbind values against the MIB definition for the relevant OID.   ​This ​ is  equivalent ​ to  the  -Ir
 +              option.
 +
 +              This  directive ​ is primarily relevant to the snmpset command, but will also apply to any application that calls snmp_add_var()
 +              with a non-NULL value.
 +
 +       ​noTokenWarnings
 +              disables warnings about unknown config file tokens.
 +
 +       ​reverseEncodeBER (1|yes|true|0|no|false)
 +              controls how the encoding of SNMP requests is handled.
 +
 +              The default behaviour is to encode packets starting from the end of the PDU and working backwards. ​ This directive can be  used
 +              to disable this behaviour, and build the encoded request in the (more obvious) forward direction.
 +
 +              It  should not normally be necessary to change this setting, as the encoding is basically the same in either case - but working
 +              backwards typically produces a slightly more efficient encoding, and hence a smaller network datagram.
 +
 +SNMPv3 SETTINGS
 +       ​defSecurityName STRING
 +              defines the default security name to use for SNMPv3 requests. ​ This can be overridden using the -u option.
 +
 +       ​defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
 +              defines the default security level to use for SNMPv3 requests. ​ This can be overridden using the -l option.
 +
 +              If not specified, the default value for this token is noAuthNoPriv.
 +
 +              Note:  authPriv is only available if the software has been compiled to use the OpenSSL libraries.
 +
 +       ​defPassphrase STRING
 +
 +       ​defAuthPassphrase STRING
 +
 +       ​defPrivPassphrase STRING
 +              define the default authentication and privacy pass phrases to use for SNMPv3 requests. ​ These can be overridden ​ using  the  -A
 +              and -X options respectively.
 +
 +              The  defPassphrase ​ value will be used for the authentication and/or privacy pass phrases if either of the other directives are
 +              not specified.
 +
 +       ​defAuthType MD5|SHA
 +
 +       ​defPrivType DES|AES
 +              define the default authentication and privacy protocols to use for SNMPv3 requests. ​ These can be overridden using the  -a  and
 +              -x options respectively.
 +
 +              If not specified, SNMPv3 requests will default to MD5 authentication and DES encryption.
 +
 +              Note:  If  the software has not been compiled to use the OpenSSL libraries, then only MD5 authentication is supported. ​ Neither
 +                     SHA authentication nor any form of encryption will be available.
 +
 +       ​defContext STRING
 +              defines the default context to use for SNMPv3 requests. ​ This can be overridden using the -n option.
 +
 +              If not specified, the default value for this token is the default context (i.e. the empty string ""​).
 +
 +       ​defSecurityModel STRING
 +              defines the security model to use for SNMPv3 requests. ​ The default value is "​usm"​ which is the only widely used security model
 +              for SNMPv3.
 +
 +       ​defAuthMasterKey 0xHEXSTRING
 +
 +       ​defPrivMasterKey 0xHEXSTRING
 +
 +       ​defAuthLocalizedKey 0xHEXSTRING
 +
 +       ​defPrivLocalizedKey 0xHEXSTRING
 +              define ​ the  (hexadecimal) ​ keys  to  be  used  for  SNMPv3 ​ secure ​ communications. ​ SNMPv3 keys are frequently derived from a
 +              passphrase, as discussed in the defPassphrase section above. However for improved security a truely random key can be generated
 +              and  used  instead ​ (which ​ would normally has better entropy than a password unless it is amazingly long). ​ The directives are
 +              equivalent to the short-form command line options -3m, -3M, -3k, and -3K.
 +
 +              Localized keys are master keys which have been converted to a unique key which is only suitable for on particular ​ SNMP  engine
 +              (agent). ​ The length of the key needs to be appropriate for the authentication or encryption type being used (auth keys: MD5=16
 +              bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which is used as an IV and not a key), and AES=16 bytes).
 +
 +       ​sshtosnmpsocketperms PATH
 +              Sets the path of the sshtosnmp socket created by an application (e.g. snmpd) listening for incoming ssh connections through the
 +              sshtosnmp unix socket.
 +
 +       ​sshtosnmpsocketperms MODE [OWNER [GROUP]]
 +              Sets  the  mode, owner and group of the sshtosnmp socket created by an application (e.g. snmpd) listening for incoming ssh con-
 +              nections through the sshtosnmp unix socket. ​ The socket needs to be read/write privileged for SSH users  that  are  allowed ​ to
 +              connect to the SNMP service (VACM access still needs to be granted as well, most likely through the TSM security model).
 +
 +SERVER BEHAVIOUR
 +       ​persistentDir DIRECTORY
 +              defines the directory where snmpd and snmptrapd store persistent configuration settings.
 +
 +              If not specified, the persistent directory defaults to /​var/​lib/​net-snmp
 +
 +       ​noPersistentLoad yes
 +
 +       ​noPersistentSave yes
 +              disable the loading and saving of persistent configuration information.
 +
 +              Note:  This  will  break  SNMPv3 operations (and other behaviour that relies on changes persisting across application restart).
 +                     Use With Care.
 +
 +       ​tempFilePattern PATTERN
 +              defines a filename template for creating temporary files, for handling input to and output from external shell commands. ​  Used
 +              by the mkstemp() and mktemp() functions.
 +
 +              If not specified, the default pattern is "/​var/​run/​net-snmp/​snmp-tmp-XXXXXX"​.
 +
 +       ​serverRecvBuf INTEGER
 +              specifies ​ the desired size of the buffer to be used when receiving incoming SNMP requests. ​ If the OS hard limit is lower than
 +              the serverRecvBuf value, then this will be used instead. ​ Some platforms may decide to increase the size of the buffer actually
 +              used for internal housekeeping.
 +
 +              This directive will be ignored if the platforms does not support setsockopt().
 +
 +       ​serverSendBuf INTEGER
 +              is similar to serverRecvBuf,​ but applies to the size of the buffer used when sending SNMP responses.
 +
 +MIB HANDLING
 +       ​mibdirs DIRLIST
 +              specifies ​ a  list of directories to search for MIB files. ​ This operates in the same way as the -M option - see snmpcmd(1) for
 +              details. ​ Note that this value can be overridden by the MIBDIRS environment variable, and the -M option.
 +
 +       mibs MIBLIST
 +              specifies a list of MIB modules (not files) that should be loaded. ​ This operates in the same way as the -m option -  see  snm-
 +              pcmd(1) for details. ​ Note that this list can be overridden by the MIBS environment variable, and the -m option.
 +
 +       ​mibfile FILE
 +              specifies ​ a  (single) ​ MIB file to load, in addition to the list read from the mibs token (or equivalent configuration). ​ Note
 +              that this value can be overridden by the MIBFILES environment variable.
 +
 +       ​showMibErrors (1|yes|true|0|no|false)
 +              whether to display MIB parsing errors.
 +
 +       ​commentToEOL (1|yes|true|0|no|false)
 +              whether MIB parsing should be strict about comment termination. ​ Many MIB writers assume that ASN.1 comments extend to the  end
 +              of  the text line, rather than being terminated by the next "​--"​ token. ​ This token can be used to accept such (strictly incor-
 +              rect) MIBs.
 +              Note that this directive was previous (mis-)named strictCommentTerm,​ but with the reverse behaviour from that  implied ​ by  the
 +              name.  This earlier token is still accepted for backwards compatibility.
 +
 +       ​mibAllowUnderline (1|yes|true|0|no|false)
 +              whether ​ to  allow  underline ​ characters ​ in  MIB  object names and enumeration values. ​ This token can be used to accept such
 +              (strictly incorrect) MIBs.
 +
 +       ​mibWarningLevel INTEGER
 +              the minimum warning level of the warnings printed by the MIB parser.
 +
 +OUTPUT CONFIGURATION
 +       ​logTimestamp (1|yes|true|0|no|false)
 +              Whether the commands should log timestamps with their error/​message logging or not.  Note that output will not look  as  pretty
 +              with  timestamps ​ if  the source code that is doing the logging does incremental logging of messages that are not line buffered
 +              before being passed to the logging routines. ​ This option is only used when file logging is active.
 +
 +       ​printNumericEnums (1|yes|true|0|no|false)
 +              Equivalent to -Oe.
 +
 +       ​printNumericOids (1|yes|true|0|no|false)
 +              Equivalent to -On.
 +
 +       ​dontBreakdownOids (1|yes|true|0|no|false)
 +              Equivalent to -Ob.
 +
 +       ​escapeQuotes (1|yes|true|0|no|false)
 +              Equivalent to -OE.
 +
 +       ​quickPrinting (1|yes|true|0|no|false)
 +              Equivalent to -Oq.
 +
 +       ​printValueOnly (1|yes|true|0|no|false)
 +              Equivalent to -Ov.
 +
 +       ​dontPrintUnits (1|yes|true|0|no|false)
 +              Equivalent to -OU.
 +
 +       ​numericTimeticks (1|yes|true|0|no|false)
 +              Equivalent to -Ot.
 +
 +       ​printHexText (1|yes|true|0|no|false)
 +              Equivalent to -OT.
 +
 +       ​hexOutputLength integer
 +              Specifies where to break up the output of hexadecimal strings. ​ Set to 0 to disable line breaks. ​ Defaults to 16.
 +
 +       ​suffixPrinting (0|1|2)
 +              The value 1 is equivalent to -Os and the value 2 is equivalent to -OS.
 +
 +       ​oidOutputFormat (1|2|3|4|5|6)
 +              Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5. ​ The value 6 has no matching -O option. It suppresses output.
 +
 +       ​extendedIndex (1|yes|true|0|no|false)
 +              Equivalent to -OX.
 +
 +       ​noDisplayHint (1|yes|true|0|no|false)
 +              Disables the use of DISPLAY-HINT information when parsing indices and values to set. Equivalent to -Ih.
 +
 +FILES
 +       /​etc/​snmp/​snmp.conf,​ /​etc/​snmp/​snmp.local.conf - common configuration settings
 +       ​~/​.snmp/​snmp.conf - user-specific configuration settings
 +
 +SEE ALSO
 +       ​snmp_config(5),​ read_config(3),​ snmpcmd(1).
 +
 +4th Berkeley Distribution ​        29 Jun 2005                     ​SNMP.CONF(5)
 +</​code>​
 +
 +==== iptables-Paketfilterregeln ====
 +Nach dem Starten unseres **snmp** Daemon können wir mit Hilfe von netstat überprüfen,​ ob der Daemon auf den gewünschten Ports lauscht. ​
 +   # netstat -tulpen | grep 161
 +
 +   ​udp ​       0      0 0.0.0.0:​161 ​                ​0.0.0.0:​* ​                              ​0 ​         835518 ​    ​1142/​snmpd
 +
 +Steht unser server hinter einer Firewall, so müssen wir unter Umständen eine geeignete Firewallregel in der zentralen Konfigurationsdatei von **iptables** nachtragen, damit der Zugriff auf den Port 161 (UDP) auch erfolgen kann.
 +Wir tragen in der Konfigurationsdatei /​etc/​sysconfig/​iptables hierzu die folgenden Zeilen am Ende der INPUT-Regeln nach. 
 +   # vim /​etc/​sysconfig/​iptables
 +
 +<​code>​ ...
 +
 +# Django 2012-07-17 SNMP freigeschaltet für CACTI-Überwachung
 +-A INPUT -i eth0 -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
 +# Django : end
 +
 +...
 +</​code>​
 +
 +Anschließend aktivieren wir die Änderungen an unserem Paketfilter,​ indem wir den Daemon durchstarten. ​
 +   # service iptables restart
 +<​code>​iptables:​ Flushing firewall rules: ​                        ​[ ​ OK  ]
 +iptables: Setting chains to policy ACCEPT: filter nat      [  OK  ]
 +iptables: Unloading modules: ​                              ​[ ​ OK  ]
 +iptables: Applying firewall rules: ​                        ​[ ​ OK  ]
 +</​code>​
 +===== Serverstart =====
 +Der erste Start unseres Daemons erfolgt dem gewohnten Syntaxschema: ​
 +   # service snmpd start
 +   snmpd starten: ​                                            ​[ ​ OK  ]
 +Im syslog wird der erfolgreiche Start entsprechend quittiert: ​
 +   Jan 10 14:12:38 nss snmpd[27826]:​ Creating directory: /​var/​net-snmp ​
 +   Jan 10 14:12:38 nss snmpd[27826]:​ NET-SNMP version 5.3.1
 +Damit der snmp-Daemon **snmpd** automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
 +    # chkconfig snmpd on
 +Ein Überprüfung ob der Dienst (Daemon) sshd wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
 +   # chkconfig --list | grep snmpd
 +   ​snmpd ​          ​0:​Aus ​  ​1:​Aus ​  ​2:​Ein ​  ​3:​Ein ​  ​4:​Ein ​  ​5:​Ein ​  6:Aus
 +
 +
 +
 +===== erster Test der Minimalkonfiguration =====
 +Bei unserer ersten Konfiguration haben wir angegeben, dass sowohl für **localhost** als auch **mynetwork** unterschiedliche Passworte zur Anwendung kommen sollen. Dies wollen wir nun im ersten Test ausprobieren. Zum testen verwenden wir das Programm **snmpwalk** aus dem **RPM**-Paket **net-snmp-utils**.
 +
 +Eine geneu Beschreibung der Optionen entnehmen wir bei Bedarf der //Manpage// von **snmpwalk**.
 +   # man snmpwalk
 +
 +<​code>​SNMPWALK(1) ​                       Net-SNMP ​                       SNMPWALK(1)
 +
 +NAME
 +       ​snmpwalk - retrieve a subtree of management values using SNMP GETNEXT requests
 +
 +SYNOPSIS
 +       ​snmpwalk [APPLICATION OPTIONS] [COMMON OPTIONS] [OID]
 +
 +DESCRIPTION
 +       ​snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information.
 +
 +       ​An ​ object identifier (OID) may be given on the command line.  This OID specifies which portion of the object identifier space will be
 +       ​searched using GETNEXT requests. ​ All variables in the subtree below the given OID are queried and their values presented to the user.
 +       Each variable name is given in the format specified in variables(5).
 +
 +       ​If ​ no  OID  argument ​ is  present, snmpwalk will search the subtree rooted at SNMPv2-SMI::​mib-2 (including any MIB object values from
 +       other MIB modules, that are defined as lying within this subtree). ​ If the network entity has an error processing the request ​ packet,
 +       an error packet will be returned and a message will be shown, helping to pinpoint why the request was malformed.
 +
 +       If the tree search causes attempts to search beyond the end of the MIB, the message "End of MIB" will be displayed.
 +
 +OPTIONS
 +       ​-Cc ​    ​Do ​ not  check whether the returned OIDs are increasing. ​ Some agents (LaserJets are an example) return OIDs out of order, but
 +               can complete the walk anyway. ​ Other agents return OIDs that are out of order and can cause snmpwalk to loop indefinitely. ​ By
 +               ​default, ​ snmpwalk ​ tries  to  detect this behavior and warns you when it hits an agent acting illegally. ​ Use -Cc to turn off
 +               this check.
 +
 +       -CE {OID}
 +               End the walk at the specified OID, rather than a simple subtree. ​ This can be used to walk a partial subtree, selected columns
 +               of a table, or even two or more tables within a single command.
 +
 +       ​-Ci ​    ​Include ​ the  given  OID in the search range. ​ Normally snmpwalk uses GETNEXT requests starting with the OID you specified and
 +               ​returns all results in the MIB subtree rooted at that OID.  Sometimes, you may wish to include the OID specified on  the  com-
 +               mand line in the printed results if it is a valid OID in the tree itself. ​ This option lets you do this explicitly.
 +
 +       ​-CI ​    In fact, the given OID will be retrieved automatically if the main subtree walk returns no useable values. ​ This allows a walk
 +               of a single instance to behave as generally expected, and return the specified instance value. ​ This  option ​ turns  off  this
 +               final GET request, so a walk of a single instance will return nothing.
 +
 +       ​-Cp ​    Upon completion of the walk, print the number of variables found.
 +
 +       ​-Ct ​    Upon completion of the walk, print the total wall-clock time it took to collect the data (in seconds). ​ Note that the timer is
 +               ​started just before the beginning of the data request series and stopped just after it finishes. ​ Most importantly,​ this means
 +               that it does not include snmp library initialization,​ shutdown, argument processing, and any other overhead.
 +
 +       In addition to these options, snmpwalk takes the common options described in the snmpcmd(1) manual page.
 +
 +EXAMPLES
 +       The command:
 +
 +       ​snmpwalk -Os -c public -v 1 zeus system
 +
 +       will retrieve all of the variables under system:
 +
 +       ​sysDescr.0 = STRING: "SunOS zeus.net.cmu.edu 4.1.3_U1 1 sun4m"
 +       ​sysObjectID.0 = OID: enterprises.hp.nm.hpsystem.10.1.1
 +       ​sysUpTime.0 = Timeticks: (155274552) 17 days, 23:19:05
 +       ​sysContact.0 = STRING: ""​
 +       ​sysName.0 = STRING: "​zeus.net.cmu.edu"​
 +       ​sysLocation.0 = STRING: ""​
 +       ​sysServices.0 = INTEGER: 72
 +       (plus the contents of the sysORTable).
 +
 +       The command:
 +
 +       ​snmpwalk -Os -c public -v 1 -CE sysORTable zeus system
 +
 +       will retrieve the scalar values, but omit the sysORTable.
 +
 +SEE ALSO
 +       ​snmpcmd(1),​ snmpbulkwalk(1),​ variables(5).
 +
 +4th Berkeley Distribution ​        08 Feb 2002                      SNMPWALK(1)
 +</​code>​
 +==== vollständige Abfrage des SNMP-Baums ====
 +Mit folgendem Aufruf kann der vollständige SNMP-Baum von localhost aus abgefragt werden.
 +   # snmpwalk -v 2c -c private -O e 127.0.0.1
 +<​code>​SNMPv2-MIB::​sysDescr.0 = STRING: Linux vml000010.dmz.nausch.org 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64
 +SNMPv2-MIB::​sysObjectID.0 = OID: NET-SNMP-MIB::​netSnmpAgentOIDs.10
 +DISMAN-EVENT-MIB::​sysUpTimeInstance = Timeticks: (204321) 0:34:03.21
 +SNMPv2-MIB::​sysContact.0 = STRING: django@nausch.org
 +SNMPv2-MIB::​sysName.0 = STRING: vml000010.dmz.nausch.org
 +SNMPv2-MIB::​sysLocation.0 = STRING: "​vml000010,​ vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"​
 +SNMPv2-MIB::​sysORLastChange.0 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORID.1 = OID: SNMP-MPD-MIB::​snmpMPDMIBObjects.3.1.1
 +SNMPv2-MIB::​sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::​usmMIBCompliance
 +SNMPv2-MIB::​sysORID.3 = OID: SNMP-FRAMEWORK-MIB::​snmpFrameworkMIBCompliance
 +SNMPv2-MIB::​sysORID.4 = OID: SNMPv2-MIB::​snmpMIB
 +SNMPv2-MIB::​sysORID.5 = OID: TCP-MIB::​tcpMIB
 +SNMPv2-MIB::​sysORID.6 = OID: IP-MIB::ip
 +SNMPv2-MIB::​sysORID.7 = OID: UDP-MIB::​udpMIB
 +SNMPv2-MIB::​sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::​vacmBasicGroup
 +SNMPv2-MIB::​sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching.
 +SNMPv2-MIB::​sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
 +SNMPv2-MIB::​sysORDescr.3 = STRING: The SNMP Management Architecture MIB.
 +SNMPv2-MIB::​sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
 +SNMPv2-MIB::​sysORDescr.5 = STRING: The MIB module for managing TCP implementations
 +SNMPv2-MIB::​sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
 +SNMPv2-MIB::​sysORDescr.7 = STRING: The MIB module for managing UDP implementations
 +SNMPv2-MIB::​sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
 +SNMPv2-MIB::​sysORUpTime.1 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.2 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.3 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.4 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.5 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.6 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.7 = Timeticks: (10) 0:00:00.10
 +SNMPv2-MIB::​sysORUpTime.8 = Timeticks: (10) 0:00:00.10
 +IF-MIB::​ifNumber.0 = INTEGER: 3
 +IF-MIB::​ifIndex.1 = INTEGER: 1
 +IF-MIB::​ifIndex.2 = INTEGER: 2
 +IF-MIB::​ifIndex.3 = INTEGER: 3
 +IF-MIB::​ifDescr.1 = STRING: lo
 +IF-MIB::​ifDescr.2 = STRING: eth0
 +IF-MIB::​ifDescr.3 = STRING: eth1
 +IF-MIB::​ifType.1 = INTEGER: 24
 +IF-MIB::​ifType.2 = INTEGER: 6
 +IF-MIB::​ifType.3 = INTEGER: 6
 +IF-MIB::​ifMtu.1 = INTEGER: 16436
 +IF-MIB::​ifMtu.2 = INTEGER: 1500
 +IF-MIB::​ifMtu.3 = INTEGER: 1500
 +IF-MIB::​ifSpeed.1 = Gauge32: 10000000
 +IF-MIB::​ifSpeed.2 = Gauge32: 0
 +IF-MIB::​ifSpeed.3 = Gauge32: 0
 +IF-MIB::​ifPhysAddress.1 = STRING: ​
 +IF-MIB::​ifPhysAddress.2 = STRING: 52:​54:​0:​10:​6f:​ca
 +IF-MIB::​ifPhysAddress.3 = STRING: 52:​54:​0:​c0:​15:​c4
 +IF-MIB::​ifAdminStatus.1 = INTEGER: 1
 +IF-MIB::​ifAdminStatus.2 = INTEGER: 1
 +IF-MIB::​ifAdminStatus.3 = INTEGER: 1
 +IF-MIB::​ifOperStatus.1 = INTEGER: 1
 +IF-MIB::​ifOperStatus.2 = INTEGER: 1
 +IF-MIB::​ifOperStatus.3 = INTEGER: 1
 +IF-MIB::​ifLastChange.1 = Timeticks: (0) 0:00:00.00
 +IF-MIB::​ifLastChange.2 = Timeticks: (0) 0:00:00.00
 +IF-MIB::​ifLastChange.3 = Timeticks: (0) 0:00:00.00
 +IF-MIB::​ifInOctets.1 = Counter32: 38448100
 +IF-MIB::​ifInOctets.2 = Counter32: 3914594718
 +IF-MIB::​ifInOctets.3 = Counter32: 2711483767
 +IF-MIB::​ifInUcastPkts.1 = Counter32: 30606
 +IF-MIB::​ifInUcastPkts.2 = Counter32: 23634761
 +IF-MIB::​ifInUcastPkts.3 = Counter32: 27276692
 +IF-MIB::​ifInNUcastPkts.1 = Counter32: 0
 +IF-MIB::​ifInNUcastPkts.2 = Counter32: 0
 +IF-MIB::​ifInNUcastPkts.3 = Counter32: 0
 +IF-MIB::​ifInDiscards.1 = Counter32: 0
 +IF-MIB::​ifInDiscards.2 = Counter32: 0
 +IF-MIB::​ifInDiscards.3 = Counter32: 0
 +IF-MIB::​ifInErrors.1 = Counter32: 0
 +IF-MIB::​ifInErrors.2 = Counter32: 0
 +IF-MIB::​ifInErrors.3 = Counter32: 0
 +IF-MIB::​ifInUnknownProtos.1 = Counter32: 0
 +IF-MIB::​ifInUnknownProtos.2 = Counter32: 0
 +IF-MIB::​ifInUnknownProtos.3 = Counter32: 0
 +IF-MIB::​ifOutOctets.1 = Counter32: 38448100
 +IF-MIB::​ifOutOctets.2 = Counter32: 2697677135
 +IF-MIB::​ifOutOctets.3 = Counter32: 3862746860
 +IF-MIB::​ifOutUcastPkts.1 = Counter32: 30606
 +IF-MIB::​ifOutUcastPkts.2 = Counter32: 27225076
 +IF-MIB::​ifOutUcastPkts.3 = Counter32: 23539825
 +IF-MIB::​ifOutNUcastPkts.1 = Counter32: 0
 +IF-MIB::​ifOutNUcastPkts.2 = Counter32: 0
 +IF-MIB::​ifOutNUcastPkts.3 = Counter32: 0
 +IF-MIB::​ifOutDiscards.1 = Counter32: 0
 +IF-MIB::​ifOutDiscards.2 = Counter32: 0
 +IF-MIB::​ifOutDiscards.3 = Counter32: 0
 +IF-MIB::​ifOutErrors.1 = Counter32: 0
 +IF-MIB::​ifOutErrors.2 = Counter32: 0
 +IF-MIB::​ifOutErrors.3 = Counter32: 0
 +IF-MIB::​ifOutQLen.1 = Gauge32: 0
 +IF-MIB::​ifOutQLen.2 = Gauge32: 0
 +IF-MIB::​ifOutQLen.3 = Gauge32: 0
 +IF-MIB::​ifSpecific.1 = OID: SNMPv2-SMI::​zeroDotZero
 +IF-MIB::​ifSpecific.2 = OID: SNMPv2-SMI::​zeroDotZero
 +IF-MIB::​ifSpecific.3 = OID: SNMPv2-SMI::​zeroDotZero
 +RFC1213-MIB::​atIfIndex.2.1.10.0.0.20 = INTEGER: 2
 +RFC1213-MIB::​atIfIndex.2.1.10.0.0.30 = INTEGER: 2
 +RFC1213-MIB::​atIfIndex.3.1.192.168.10.1 = INTEGER: 3
 +RFC1213-MIB::​atIfIndex.3.1.192.168.10.7 = INTEGER: 3
 +RFC1213-MIB::​atIfIndex.3.1.192.168.10.10 = INTEGER: 3
 +RFC1213-MIB::​atPhysAddress.2.1.10.0.0.20 = Hex-STRING: 52 54 00 10 69 11 
 +RFC1213-MIB::​atPhysAddress.2.1.10.0.0.30 = Hex-STRING: 52 54 00 10 25 E9 
 +RFC1213-MIB::​atPhysAddress.3.1.192.168.10.1 = Hex-STRING: 00 1F D0 8C 72 77 
 +RFC1213-MIB::​atPhysAddress.3.1.192.168.10.7 = Hex-STRING: 00 17 A4 7D 26 1A 
 +RFC1213-MIB::​atPhysAddress.3.1.192.168.10.10 = Hex-STRING: 00 25 90 0E E7 FA 
 +RFC1213-MIB::​atNetAddress.2.1.10.0.0.20 = Network Address: 0A:00:00:14
 +RFC1213-MIB::​atNetAddress.2.1.10.0.0.30 = Network Address: 0A:00:00:1E
 +RFC1213-MIB::​atNetAddress.3.1.192.168.10.1 = Network Address: C0:A8:0A:01
 +RFC1213-MIB::​atNetAddress.3.1.192.168.10.7 = Network Address: C0:A8:0A:07
 +RFC1213-MIB::​atNetAddress.3.1.192.168.10.10 = Network Address: C0:A8:0A:0A
 +IP-MIB::​ipForwarding.0 = INTEGER: 1
 +IP-MIB::​ipDefaultTTL.0 = INTEGER: 64
 +IP-MIB::​ipInReceives.0 = Counter32: 50841629
 +IP-MIB::​ipInHdrErrors.0 = Counter32: 0
 +IP-MIB::​ipInAddrErrors.0 = Counter32: 0
 +IP-MIB::​ipForwDatagrams.0 = Counter32: 50545577
 +IP-MIB::​ipInUnknownProtos.0 = Counter32: 0
 +IP-MIB::​ipInDiscards.0 = Counter32: 0
 +IP-MIB::​ipInDelivers.0 = Counter32: 201940
 +IP-MIB::​ipOutRequests.0 = Counter32: 50734923
 +IP-MIB::​ipOutDiscards.0 = Counter32: 1258
 +IP-MIB::​ipOutNoRoutes.0 = Counter32: 0
 +IP-MIB::​ipReasmTimeout.0 = INTEGER: 30 seconds
 +IP-MIB::​ipReasmReqds.0 = Counter32: 1951
 +IP-MIB::​ipReasmOKs.0 = Counter32: 617
 +IP-MIB::​ipReasmFails.0 = Counter32: 0
 +IP-MIB::​ipFragOKs.0 = Counter32: 617
 +IP-MIB::​ipFragFails.0 = Counter32: 0
 +IP-MIB::​ipFragCreates.0 = Counter32: 1951
 +IP-MIB::​ipAdEntAddr.10.0.0.10 = IpAddress: 10.0.0.10
 +IP-MIB::​ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
 +IP-MIB::​ipAdEntAddr.192.168.10.4 = IpAddress: 192.168.10.4
 +IP-MIB::​ipAdEntIfIndex.10.0.0.10 = INTEGER: 2
 +IP-MIB::​ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
 +IP-MIB::​ipAdEntIfIndex.192.168.10.4 = INTEGER: 3
 +IP-MIB::​ipAdEntNetMask.10.0.0.10 = IpAddress: 255.255.255.0
 +IP-MIB::​ipAdEntNetMask.127.0.0.1 = IpAddress: 255.0.0.0
 +IP-MIB::​ipAdEntNetMask.192.168.10.4 = IpAddress: 255.255.255.0
 +IP-MIB::​ipAdEntBcastAddr.10.0.0.10 = INTEGER: 1
 +IP-MIB::​ipAdEntBcastAddr.127.0.0.1 = INTEGER: 0
 +IP-MIB::​ipAdEntBcastAddr.192.168.10.4 = INTEGER: 1
 +RFC1213-MIB::​ipRouteDest.0.0.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::​ipRouteDest.10.0.0.0 = IpAddress: 10.0.0.0
 +RFC1213-MIB::​ipRouteDest.169.254.0.0 = IpAddress: 169.254.0.0
 +RFC1213-MIB::​ipRouteDest.192.168.10.0 = IpAddress: 192.168.10.0
 +RFC1213-MIB::​ipRouteIfIndex.0.0.0.0 = INTEGER: 3
 +RFC1213-MIB::​ipRouteIfIndex.10.0.0.0 = INTEGER: 2
 +RFC1213-MIB::​ipRouteIfIndex.169.254.0.0 = INTEGER: 2
 +RFC1213-MIB::​ipRouteIfIndex.192.168.10.0 = INTEGER: 3
 +RFC1213-MIB::​ipRouteMetric1.0.0.0.0 = INTEGER: 1
 +RFC1213-MIB::​ipRouteMetric1.10.0.0.0 = INTEGER: 0
 +RFC1213-MIB::​ipRouteMetric1.169.254.0.0 = INTEGER: 0
 +RFC1213-MIB::​ipRouteMetric1.192.168.10.0 = INTEGER: 0
 +RFC1213-MIB::​ipRouteNextHop.0.0.0.0 = IpAddress: 192.168.10.1
 +RFC1213-MIB::​ipRouteNextHop.10.0.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::​ipRouteNextHop.169.254.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::​ipRouteNextHop.192.168.10.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::​ipRouteType.0.0.0.0 = INTEGER: 4
 +RFC1213-MIB::​ipRouteType.10.0.0.0 = INTEGER: 3
 +RFC1213-MIB::​ipRouteType.169.254.0.0 = INTEGER: 3
 +RFC1213-MIB::​ipRouteType.192.168.10.0 = INTEGER: 3
 +RFC1213-MIB::​ipRouteProto.0.0.0.0 = INTEGER: 2
 +RFC1213-MIB::​ipRouteProto.10.0.0.0 = INTEGER: 2
 +RFC1213-MIB::​ipRouteProto.169.254.0.0 = INTEGER: 2
 +RFC1213-MIB::​ipRouteProto.192.168.10.0 = INTEGER: 2
 +RFC1213-MIB::​ipRouteMask.0.0.0.0 = IpAddress: 0.0.0.0
 +RFC1213-MIB::​ipRouteMask.10.0.0.0 = IpAddress: 255.255.255.0
 +RFC1213-MIB::​ipRouteMask.169.254.0.0 = IpAddress: 255.255.0.0
 +RFC1213-MIB::​ipRouteMask.192.168.10.0 = IpAddress: 255.255.255.0
 +RFC1213-MIB::​ipRouteInfo.0.0.0.0 = OID: SNMPv2-SMI::​zeroDotZero
 +RFC1213-MIB::​ipRouteInfo.10.0.0.0 = OID: SNMPv2-SMI::​zeroDotZero
 +RFC1213-MIB::​ipRouteInfo.169.254.0.0 = OID: SNMPv2-SMI::​zeroDotZero
 +RFC1213-MIB::​ipRouteInfo.192.168.10.0 = OID: SNMPv2-SMI::​zeroDotZero
 +IP-MIB::​ipNetToMediaIfIndex.2.10.0.0.20 = INTEGER: 2
 +IP-MIB::​ipNetToMediaIfIndex.2.10.0.0.30 = INTEGER: 2
 +IP-MIB::​ipNetToMediaIfIndex.3.192.168.10.1 = INTEGER: 3
 +IP-MIB::​ipNetToMediaIfIndex.3.192.168.10.7 = INTEGER: 3
 +IP-MIB::​ipNetToMediaIfIndex.3.192.168.10.10 = INTEGER: 3
 +IP-MIB::​ipNetToMediaPhysAddress.2.10.0.0.20 = STRING: 52:​54:​0:​10:​69:​11
 +IP-MIB::​ipNetToMediaPhysAddress.2.10.0.0.30 = STRING: 52:​54:​0:​10:​25:​e9
 +IP-MIB::​ipNetToMediaPhysAddress.3.192.168.10.1 = STRING: 0:​1f:​d0:​8c:​72:​77
 +IP-MIB::​ipNetToMediaPhysAddress.3.192.168.10.7 = STRING: 0:​17:​a4:​7d:​26:​1a
 +IP-MIB::​ipNetToMediaPhysAddress.3.192.168.10.10 = STRING: 0:​25:​90:​e:​e7:​fa
 +IP-MIB::​ipNetToMediaNetAddress.2.10.0.0.20 = IpAddress: 10.0.0.20
 +IP-MIB::​ipNetToMediaNetAddress.2.10.0.0.30 = IpAddress: 10.0.0.30
 +IP-MIB::​ipNetToMediaNetAddress.3.192.168.10.1 = IpAddress: 192.168.10.1
 +IP-MIB::​ipNetToMediaNetAddress.3.192.168.10.7 = IpAddress: 192.168.10.7
 +IP-MIB::​ipNetToMediaNetAddress.3.192.168.10.10 = IpAddress: 192.168.10.10
 +IP-MIB::​ipNetToMediaType.2.10.0.0.20 = INTEGER: 3
 +IP-MIB::​ipNetToMediaType.2.10.0.0.30 = INTEGER: 3
 +IP-MIB::​ipNetToMediaType.3.192.168.10.1 = INTEGER: 3
 +IP-MIB::​ipNetToMediaType.3.192.168.10.7 = INTEGER: 3
 +IP-MIB::​ipNetToMediaType.3.192.168.10.10 = INTEGER: 3
 +IP-MIB::​ipRoutingDiscards.0 = Counter32: 0
 +IP-FORWARD-MIB::​ipCidrRouteDest.0.0.0.0.0.0.0.0.0.192.168.10.1 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::​ipCidrRouteDest.10.0.0.0.0.255.255.255.0.0.0.0.0 = IpAddress: 10.0.0.0
 +IP-FORWARD-MIB::​ipCidrRouteDest.169.254.0.0.0.0.255.255.0.0.0.0.0 = IpAddress: 169.254.0.0
 +IP-FORWARD-MIB::​ipCidrRouteDest.192.168.10.0.0.255.255.255.0.0.0.0.0 = IpAddress: 192.168.10.0
 +IP-FORWARD-MIB::​ipCidrRouteMask.0.0.0.0.0.0.0.0.0.192.168.10.1 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::​ipCidrRouteMask.10.0.0.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.255.255.255
 +IP-FORWARD-MIB::​ipCidrRouteMask.169.254.0.0.0.0.255.255.0.0.0.0.0 = IpAddress: 0.0.255.255
 +IP-FORWARD-MIB::​ipCidrRouteMask.192.168.10.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.255.255.255
 +IP-FORWARD-MIB::​ipCidrRouteTos.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteTos.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteTos.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteTos.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteNextHop.0.0.0.0.0.0.0.0.0.192.168.10.1 = IpAddress: 192.168.10.1
 +IP-FORWARD-MIB::​ipCidrRouteNextHop.10.0.0.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::​ipCidrRouteNextHop.169.254.0.0.0.0.255.255.0.0.0.0.0 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::​ipCidrRouteNextHop.192.168.10.0.0.255.255.255.0.0.0.0.0 = IpAddress: 0.0.0.0
 +IP-FORWARD-MIB::​ipCidrRouteIfIndex.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 3
 +IP-FORWARD-MIB::​ipCidrRouteIfIndex.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::​ipCidrRouteIfIndex.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::​ipCidrRouteIfIndex.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::​ipCidrRouteType.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 4
 +IP-FORWARD-MIB::​ipCidrRouteType.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::​ipCidrRouteType.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::​ipCidrRouteType.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 3
 +IP-FORWARD-MIB::​ipCidrRouteProto.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 2
 +IP-FORWARD-MIB::​ipCidrRouteProto.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::​ipCidrRouteProto.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::​ipCidrRouteProto.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 2
 +IP-FORWARD-MIB::​ipCidrRouteInfo.0.0.0.0.0.0.0.0.0.192.168.10.1 = OID: SNMPv2-SMI::​zeroDotZero
 +IP-FORWARD-MIB::​ipCidrRouteInfo.10.0.0.0.0.255.255.255.0.0.0.0.0 = OID: SNMPv2-SMI::​zeroDotZero
 +IP-FORWARD-MIB::​ipCidrRouteInfo.169.254.0.0.0.0.255.255.0.0.0.0.0 = OID: SNMPv2-SMI::​zeroDotZero
 +IP-FORWARD-MIB::​ipCidrRouteInfo.192.168.10.0.0.255.255.255.0.0.0.0.0 = OID: SNMPv2-SMI::​zeroDotZero
 +IP-FORWARD-MIB::​ipCidrRouteNextHopAS.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteNextHopAS.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteNextHopAS.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteNextHopAS.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteMetric1.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteMetric1.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteMetric1.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 1002
 +IP-FORWARD-MIB::​ipCidrRouteMetric1.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 0
 +IP-FORWARD-MIB::​ipCidrRouteMetric2.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric2.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric2.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric2.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric3.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric3.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric3.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric3.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric4.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric4.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric4.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric4.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric5.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric5.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric5.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteMetric5.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: -1
 +IP-FORWARD-MIB::​ipCidrRouteStatus.0.0.0.0.0.0.0.0.0.192.168.10.1 = INTEGER: 1
 +IP-FORWARD-MIB::​ipCidrRouteStatus.10.0.0.0.0.255.255.255.0.0.0.0.0 = INTEGER: 1
 +IP-FORWARD-MIB::​ipCidrRouteStatus.169.254.0.0.0.0.255.255.0.0.0.0.0 = INTEGER: 1
 +IP-FORWARD-MIB::​ipCidrRouteStatus.192.168.10.0.0.255.255.255.0.0.0.0.0 = INTEGER: 1
 +IP-FORWARD-MIB::​inetCidrRouteNumber.0 = Gauge32: 5
 +IP-FORWARD-MIB::​inetCidrRouteIfIndex.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteIfIndex.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteIfIndex.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteIfIndex.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteIfIndex.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteType.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: 4
 +IP-FORWARD-MIB::​inetCidrRouteType.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteType.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteType.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteType.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: 3
 +IP-FORWARD-MIB::​inetCidrRouteProto.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteProto.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteProto.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteProto.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteProto.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: 2
 +IP-FORWARD-MIB::​inetCidrRouteAge.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteAge.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteAge.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteAge.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteAge.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteNextHopAS.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteNextHopAS.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteNextHopAS.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteNextHopAS.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteNextHopAS.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = Gauge32: 0
 +IP-FORWARD-MIB::​inetCidrRouteMetric1.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: 0
 +IP-FORWARD-MIB::​inetCidrRouteMetric1.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: 0
 +IP-FORWARD-MIB::​inetCidrRouteMetric1.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: 1002
 +IP-FORWARD-MIB::​inetCidrRouteMetric1.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: 1003
 +IP-FORWARD-MIB::​inetCidrRouteMetric1.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: 0
 +IP-FORWARD-MIB::​inetCidrRouteMetric2.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric2.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric2.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric2.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric2.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric3.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric3.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric3.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric3.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric3.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric4.ipv4."​0.0.0.0"​.0.2.0.0.ipv4."​192.168.10.1"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric4.ipv4."​10.0.0.0"​.24.1.2.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric4.ipv4."​169.254.0.0"​.16.1.2.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric4.ipv4."​169.254.0.0"​.16.1.3.ipv4."​0.0.0.0"​ = INTEGER: -1
 +IP-FORWARD-MIB::​inetCidrRouteMetric4.ipv4."​192.168.10.0"​.24.1.3.ipv4."​0.0.0.0"​ = INTEGER: -1
 +</​code>​
 +
 +==== Abfrage der Systemnamen ====
 +Möchten wir lediglich nur den Systemnamen (**sysName.0**) abfragen, so geben wir einfach die Option **sysName.0** bei der Abfrage mit an.
 +   # snmpwalk -v 2c -c private -O e 127.0.0.1 sysName.0
 +
 +   ​SNMPv2-MIB::​sysName.0 = STRING: vml000010.dmz.nausch.org
 +
 +
 +==== Abfrage der definierten Laufwerke ====
 +Möchten wir lediglich nur die freigegebenen Laufwerke abfragen (**dskPath**) abfragen, so geben wir einfach die Option **.1.3.6.1.4.1.2021.9.1.2** bei der Abfrage mit an.
 +   # snmpwalk -v 2c -c private -O e localhost .1.3.6.1.4.1.2021.9.1.2
 +
 +   ​UCD-SNMP-MIB::​dskPath.1 = STRING: /
 +   ​UCD-SNMP-MIB::​dskPath.2 = STRING: /boot
 +   ​UCD-SNMP-MIB::​dskPath.3 = STRING: /var/log
 +
 +
 +==== Abfragen aus dem eigenen Netzwerk ====
 +=== Abfrage mit richtigem Passwort ===
 +Bei der Konfiguration unseres SNMP-Daemon hatten wir angegeben, dass für Anfragen aus dem eigenen Netzwerk ein gesondertes Passwort zu verwenden ist.
 +   # snmpwalk -v 2c -c public -O e 10.0.0.10 sysName.0
 +
 +   ​SNMPv2-MIB::​sysName.0 = STRING: vml000010.dmz.nausch.org
 +
 +=== Abfrage mit falschem Passwort ===
 +Versuchen wir hingegen mit dem Passwort, welches wir für **localhost** definiert haben, die Anfrage von einem Host aus dem eigenen Netzwerk, so klappt dies erwartungsgemäß nicht.
 +   # snmpwalk -v 2c -c private -O e 10.0.0.10 sysName.0
 +
 +   ​Timeout:​ No Response from 10.0.0.10
 +
 +
 +===== erweiterte Konfiguration (SNMP V3) =====   
 +==== Zugriffbeschränkung ====
 +Da die beiden SNMP-Versionen 1 und 2c fast keine Sicherheitsmechanismen bieten, wollen wir in unserem Netzwerk nunmehr ausschließlich in der aktuellen Version 3, in der die Sicherheitsmechanismen deutlich ausgebaut wurden einsetzen.
 +
 +Hierzu bearbeiten wir nun die Konfigurationsdatei unseres //​**SNMP-Daemon**//​ wie folgt.
 +
 +   # vim /​etc/​snmp/​snmpd.conf
 +
 +<​code>###############################################################################​
 +#
 +# snmpd.conf:
 +#   An example configuration file for configuring the ucd-snmp snmpd agent.
 +#
 +###############################################################################​
 +#
 +# This file is intended to only be as a starting point. ​ Many more
 +# configuration directives exist than are mentioned in this file.  For 
 +# full details, see the snmpd.conf(5) manual page.
 +#
 +# All lines beginning with a '#'​ are comments and are intended for you
 +# to read.  All other lines are configuration commands for the agent.
 +
 +###############################################################################​
 +# Access Control
 +###############################################################################​
 +
 +# As shipped, the snmpd demon will only respond to queries on the
 +# system mib group until this file is replaced or modified for
 +# security purposes. ​ Examples are shown below about how to increase the
 +# level of access.
 +
 +# By far, the most common question I get about the agent is "why won't
 +# it work?",​ when really it should be "how do I configure the agent to
 +# allow me to access it?"
 +#
 +# By default, the agent responds to the "​public"​ community for read
 +# only access, if run out of the box without any configuration file in 
 +# place. ​ The following examples show you other ways of configuring
 +# the agent so that you can change the community names, and give
 +# yourself write access to the mib tree as well.
 +#
 +# For more information,​ read the FAQ as well as the snmpd.conf(5)
 +# manual page.
 +
 +####
 +# First, map the community name "​public"​ into a "​security name"
 +
 +#       ​sec.name ​ source ​         community
 +# Django : 2012-07-17
 +# default: com2sec notConfigUser ​ default ​      ​public
 +#com2sec local           ​localhost ​      ​private
 +#com2sec mynetwork ​      ​10.0.0.0/​24 ​   public
 +
 +
 +# Django : 2012-07-31
 +# default: unset
 +createUser django MD5 Der_Admin_mit_den_dicksten_Eiern! DES
 +
 +####
 +# Second, map the security name into a group name:
 +
 +#       ​groupName ​     securityModel securityName
 +# Django : 2012-07-17
 +# default: group   ​notConfigGroup v1           ​notConfigUser
 +#          group   ​notConfigGroup v2c           ​notConfigUser
 +#​group ​  ​MyROGroup ​      ​v1 ​     local
 +#​group ​  ​MyROGroup ​      ​v2c ​    local
 +#​group ​  ​MyROGroup ​      ​v1 ​     mynetwork
 +#​group ​  ​MyROGroup ​      ​v2c ​    ​mynetwork
 +group   ​MyV3Group ​      ​usm ​    ​django
 +
 +
 +####
 +# Third, create a view for us to let the group have rights to:
 +
 +# Make at least  snmpwalk -v 1 localhost -c public system fast again.
 +#       ​name ​          ​incl/​excl ​    ​subtree ​        ​mask(optional)
 +# Django : 2012-07-17
 +# default: view    systemview ​   included ​  ​.1.3.6.1.2.1.1
 +#          view    systemview ​   included ​  ​.1.3.6.1.2.1.25.1.1
 +view    all     ​included ​       .iso      80
 +
 +####
 +# Finally, grant the group read-only access to the systemview view.
 +
 +#       ​group ​         context sec.model sec.level prefix read   ​write ​ notif
 +# Django : 2012-07-17
 +# default: access ​ notConfigGroup "" ​     any       ​noauth ​   exact  systemview none none
 +#​access ​ MyROGroup ​      "" ​     any     ​noauth ​ exact   ​all ​    ​none ​   none
 +#​access ​ MyRWGroup ​      "" ​     any     ​noauth ​ exact   ​all ​    ​all ​    none
 +# Django : 2012-07-31
 +access ​ MyV3Group ​      "" ​     any     ​auth ​   exact   ​all ​    ​all ​    all
 +
 +# -----------------------------------------------------------------------------
 +
 +# Here is a commented out example configuration that allows less
 +# restrictive access.
 +
 +# YOU SHOULD CHANGE THE "​COMMUNITY"​ TOKEN BELOW TO A NEW KEYWORD ONLY
 +# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 +
 +##       ​sec.name ​ source ​         community
 +#com2sec local     ​localhost ​      ​COMMUNITY
 +#com2sec mynetwork NETWORK/​24 ​     COMMUNITY
 +
 +##     ​group.name sec.model ​ sec.name
 +#group MyRWGroup ​ any        local
 +#group MyROGroup ​ any        mynetwork
 +#
 +#group MyRWGroup ​ any        otherv3user
 +#...
 +
 +##           ​incl/​excl subtree ​                         mask
 +#view all    included ​ .1                               80
 +
 +## -or just the mib2 tree-
 +
 +#view mib2   ​included ​ .iso.org.dod.internet.mgmt.mib-2 fc
 +
 +
 +##                context sec.model sec.level prefix read   ​write ​ notif
 +#access MyROGroup "" ​     any       ​noauth ​   0      all    none   none
 +#access MyRWGroup "" ​     any       ​noauth ​   0      all    all    all
 +
 +
 +###############################################################################​
 +# Sample configuration to make net-snmpd RFC 1213.
 +# Unfortunately v1 and v2c don't allow any user based authentification,​ so
 +# opening up the default config is not an option from a security point.
 +#
 +# WARNING: If you uncomment the following lines you allow write access to your
 +# snmpd daemon from any source! To avoid this use different names for your
 +# community or split out the write access to a different community and 
 +# restrict it to your local network.
 +# Also remember to comment the syslocation and syscontact parameters later as
 +# otherwise they are still read only (see FAQ for net-snmp).
 +#
 +
 +# First, map the community name "​public"​ into a "​security name"
 +#       ​sec.name ​       source ​         community
 +#com2sec notConfigUser ​  ​default ​        ​public
 +
 +# Second, map the security name into a group name:
 +#       ​groupName ​      ​securityModel ​  ​securityName
 +#​group ​  ​notConfigGroup ​ v1              notConfigUser
 +#​group ​  ​notConfigGroup ​ v2c             ​notConfigUser
 +
 +# Third, create a view for us to let the group have rights to:
 +# Open up the whole tree for ro, make the RFC 1213 required ones rw.
 +#       ​name ​           incl/​excl ​      ​subtree mask(optional)
 +#view    roview ​         included ​       .1
 +#view    rwview ​         included ​       system.sysContact
 +#view    rwview ​         included ​       system.sysName
 +#view    rwview ​         included ​       system.sysLocation
 +#view    rwview ​         included ​       interfaces.ifTable.ifEntry.ifAdminStatus
 +#view    rwview ​         included ​       at.atTable.atEntry.atPhysAddress
 +#view    rwview ​         included ​       at.atTable.atEntry.atNetAddress
 +#view    rwview ​         included ​       ip.ipForwarding
 +#view    rwview ​         included ​       ip.ipDefaultTTL
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteDest
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteType
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteAge
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMask
 +#view    rwview ​         included ​       ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
 +#view    rwview ​         included ​       ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
 +#view    rwview ​         included ​       tcp.tcpConnTable.tcpConnEntry.tcpConnState
 +#view    rwview ​         included ​       egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
 +#view    rwview ​         included ​       snmp.snmpEnableAuthenTraps
 +
 +# Finally, grant the group read-only access to the systemview view.
 +#       ​group ​         context sec.model sec.level prefix read   ​write ​ notif
 +#​access ​ notConfigGroup "" ​     any       ​noauth ​   exact  roview rwview none
 +
 +
 +
 +###############################################################################​
 +# System contact information
 +#
 +
 +# It is also possible to set the sysContact and sysLocation system
 +# variables through the snmpd.conf file:
 +
 +# Django : 2012-07-17
 +# default: syslocation Unknown (edit /​etc/​snmp/​snmpd.conf)
 +#          syscontact Root <​root@localhost>​ (configure /​etc/​snmp/​snmp.local.conf)
 +syslocation "​vml000010,​ vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"​
 +syscontact django@nausch.org
 +
 +# Example output of snmpwalk:
 +#   % snmpwalk -v 1 localhost -c public system
 +#   ​system.sysDescr.0 = "SunOS name sun4c"
 +#   ​system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 +#   ​system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 +#   ​system.sysContact.0 = "Me <​me@somewhere.org>"​
 +#   ​system.sysName.0 = "​name"​
 +#   ​system.sysLocation.0 = "Right here, right now."
 +#   ​system.sysServices.0 = 72
 +
 +
 +###############################################################################​
 +# Logging
 +#
 +
 +# We do not want annoying "​Connection from UDP: " messages in syslog.
 +# If the following option is commented out, snmpd will print each incoming
 +# connection, which can be useful for debugging.
 +
 +dontLogTCPWrappersConnects yes
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Process checks.
 +#
 +#  The following are examples of how to use the agent to check for
 +#  processes running on the host.  The syntax looks something like:
 +#
 +#  proc NAME [MAX=0] [MIN=0]
 +#
 +#  NAME:  the name of the process to check for.  It must match
 +#         ​exactly (ie, http will not find httpd processes).
 +#  MAX:   the maximum number allowed to be running. ​ Defaults to 0.
 +#  MIN:   the minimum number to be running. ​ Defaults to 0.
 +
 +#
 +#  Examples (commented out by default):
 +#
 +
 +#  Make sure mountd is running
 +#proc mountd
 +
 +#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 +#proc ntalkd 4
 +
 +#  Make sure at least one sendmail, but less than or equal to 10 are running.
 +#proc sendmail 10 1
 +
 +#  A snmpwalk of the process mib tree would look something like this:
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "​mountd"​
 +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "​ntalkd"​
 +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "​sendmail"​
 +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."​
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""​
 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""​
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 +#
 +#  Note that the errorFlag for mountd is set to 1 because one is not
 +#  running (in this case an rpc.mountd is, but thats not good enough),
 +#  and the ErrMessage tells you what's wrong. ​ The configuration
 +#  imposed in the snmpd.conf file is also shown.  ​
 +
 +#  Special Case:  When the min and max numbers are both 0, it assumes
 +#  you want a max of infinity and a min of 1.
 +#
 +
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Executables/​scripts
 +#
 +
 +#
 +#  You can also have programs run by the agent that return a single
 +#  line of output and an exit code.  Here are two examples.
 +#
 +#  exec NAME PROGRAM [ARGS ...]
 +#
 +#  NAME:     A generic name. The name must be unique for each exec statement.
 +#  PROGRAM: ​ The program to run.  Include the path!
 +#  ARGS:     ​optional arguments to be passed to the program
 +
 +# a simple hello world
 +
 +#exec echotest /bin/echo hello world
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +#exec shelltest /bin/sh /tmp/shtest
 +
 +# Then, 
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "​echotest"​
 +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "​shelltest"​
 +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/​bin/​echo hello world"
 +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/​bin/​sh /​tmp/​shtest"​
 +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."​
 +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."​
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 +
 +# Note that the second line of the /tmp/shtest shell script is cut
 +# off.  Also note that the exit status of 35 was returned.
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# disk checks
 +#
 +
 +# The agent can check the amount of available disk space, and make
 +# sure it is above a set limit.  ​
 +
 +# disk PATH [MIN=100000]
 +#
 +# PATH:  mount path to the disk in question.
 +# MIN:   Disks with space below this value will have the Mib's errorFlag set.
 +#        Default value = 100000.
 +
 +# Check the / partition and make sure it contains at least 10 megs.
 +
 +#disk / 10000
 +
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/"​ Hex: 2F 
 +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/​dev/​dsk/​c201d6s0"​
 +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""​
 +
 +# Django : 2012-07-31
 +# folgende Partitionen definiert
 +disk /
 +disk /boot
 +disk /var/log
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# load average checks
 +#
 +
 +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
 +#
 +# 1MAX:   If the 1 minute load average is above this limit at query
 +#         time, the errorFlag will be set.
 +# 5MAX:   ​Similar,​ but for 5 min average.
 +# 15MAX: ​ Similar, but for 15 min average.
 +
 +# Check for loads:
 +load 12 14 14
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "​Load-1"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "​Load-5"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "​Load-15"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "​0.49"​ Hex: 30 2E 34 39 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "​0.31"​ Hex: 30 2E 33 31 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "​0.26"​ Hex: 30 2E 32 36 
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "​12.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "​14.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "​14.00"​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""​
 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""​
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Extensible sections.
 +
 +
 +# This alleviates the multiple line output problem found in the
 +# previous executable mib by placing each mib in its own mib table:
 +
 +# Run a shell script containing:
 +#
 +# #!/bin/sh
 +# echo hello world
 +# echo hi there
 +# exit 35
 +#
 +# Note:  this has been specifically commented out to prevent
 +# accidental security holes due to someone else on your system writing
 +# a /tmp/shtest before you do.  Uncomment to use it.
 +#
 +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
 +# enterprises.ucdavis.50.1.1 = 1
 +# enterprises.ucdavis.50.2.1 = "​shelltest"​
 +# enterprises.ucdavis.50.3.1 = "/​bin/​sh /​tmp/​shtest"​
 +# enterprises.ucdavis.50.100.1 = 35
 +# enterprises.ucdavis.50.101.1 = "hello world."​
 +# enterprises.ucdavis.50.101.2 = "hi there."​
 +# enterprises.ucdavis.50.102.1 = 0
 +
 +# Now the Output has grown to two lines, and we can see the 'hi
 +# there.'​ output as the second line from our shell script.
 +#
 +# Note that you must alter the mib.txt file to be correct if you want
 +# the .50.* outputs above to change to reasonable text descriptions.
 +
 +# Other ideas:
 +
 +# exec .1.3.6.1.4.1.2021.51 ps /​bin/​ps ​
 +# exec .1.3.6.1.4.1.2021.52 top /​usr/​local/​bin/​top
 +# exec .1.3.6.1.4.1.2021.53 mailq /​usr/​bin/​mailq
 +
 +# -----------------------------------------------------------------------------
 +
 +
 +###############################################################################​
 +# Pass through control.
 +
 +
 +# Usage:
 +#   pass MIBOID EXEC-COMMAND
 +#
 +# This will pass total control of the mib underneath the MIBOID
 +# portion of the mib to the EXEC-COMMAND.  ​
 +#
 +# Note:  You'll have to change the path of the passtest script to your
 +# source directory or install it in the given location.
 +
 +# Example: ​ (see the script for details)
 +#           ​(commented out here since it requires that you place the
 +#           ​script in the right location. (its not installed by default))
 +
 +# pass .1.3.6.1.4.1.2021.255 /bin/sh /​usr/​local/​local/​passtest
 +
 +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
 +# enterprises.ucdavis.255.1 = "life the universe and everything"​
 +# enterprises.ucdavis.255.2.1 = 42
 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 +# enterprises.ucdavis.255.5 = 42
 +# enterprises.ucdavis.255.6 = Gauge: 42
 +#
 +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
 +# enterprises.ucdavis.255.5 = 42
 +#
 +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"​
 +# enterprises.ucdavis.255.1 = "New string"​
 +#
 +
 +# For specific usage information,​ see the man/​snmpd.conf.5 manual page
 +# as well as the local/​passtest script used in the above example.
 +
 +###############################################################################​
 +# Further Information
 +#
 +#  See the snmpd.conf manual page, and the output of "snmpd -H".
 +</​code>​
 +
 +In der gewohnten Kurzform sehen wir nun folgende aktive Zeilen:
 +   # egrep -v '​(^.*#​|^$)'​ /​etc/​snmp/​snmpd.conf
 +
 +<​code>​createUser django MD5 Der_Admin_mit_den_dicksten_Eiern! DES
 +group   ​MyV3Group ​      ​usm ​    ​django
 +view    all     ​included ​       .iso      80
 +access ​ MyV3Group ​      "" ​     any     ​auth ​   exact   ​all ​    ​all ​    all
 +syslocation "​vml000010,​ vHost auf pml010002, EDV-Schrank im UG - HE16, nausch.org"​
 +syscontact django@nausch.org
 +dontLogTCPWrappersConnects yes
 +disk /
 +disk /boot
 +disk /var/log
 +load 12 14 14
 +</​code>​
 +
 +==== Änderungen aktivieren ====
 +Zum Aktivieren starten wir nun den Daemon einmal durch.
 +   # service snmpd restart
 +
 +   ​Stopping snmpd: ​                                           [  OK  ]
 +   ​Starting snmpd: ​                                           [  OK  ]
 +
 +==== Änderungen testen ====
 +Der Zugriff mit dem Passwort //​**private**//​ von **localhost** aus, klappt nun nicht mehr.
 +   # snmpwalk -v 1 localhost -c private .1.3.6.1.4.1.2021.9
 +
 +   ​Timeout:​ No Response from localhost
 +
 +Genauso wenig scheitert der Verbindungsaufbau von einem entfernten Host aus dem eigenen Netz mit dem Passwort //​**public**//​.
 +   # snmpwalk -v 1 10.0.0.10 -c public .1.3.6.1.4.1.2021.9
 +
 +   ​Timeout:​ No Response from 10.0.0.10
 +
 +Geben wir aber nun bei der Abfrage den richtigen Usernamen //django// mit dem zugehörigen Passwort //​Der_Admin_mit_den_dicksten_Eiern!//​ an, so klappt die Abfrage sowohl von **localhost** aus und auch von einem Host aus dem eignen Netzwerk.
 +  * Von **localhost** aus: <​code>​ # snmpwalk -v 3 -l AuthNoPriv -u django -A Der_Admin_mit_den_dicksten_Eiern! 127.0.0.1 sysDescr.0</​code>​ <​code>​SNMPv2-MIB::​sysDescr.0 = STRING: Linux vml000010.dmz.nausch.org 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64</​code>​
 +  * Von **vml000030** aus: <​code>​ # snmpwalk -v 3 -l AuthNoPriv -u django -A Der_Admin_mit_den_dicksten_Eiern! 10.0.0.10 sysDescr.0</​code>​ <​code>​SNMPv2-MIB::​sysDescr.0 = STRING: Linux vml000030.dmz.nausch.org 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64</​code>​
 +
 +Passen Usernamen und/oder Passwort nicht, wird natürlich eine Fehlermeldung ausgegeben.
 +   # snmpwalk -v 3 -l AuthNoPriv -u django -A Der_User_ohne_Rechte 10.0.0.10 sysDescr.0
 +
 +   No log handling enabled - turning on stderr logging
 +   ​snmpwalk:​ Authentication failure (incorrect password, community or key) (Sub-id not found: (top) -> sysDescr)
 +
 +
 +===== SNMP Logging anpassen =====
 +Im Normalfall wird uns im syslog der SNMP-Zugriff dokumentiert. Mit unter können diese zu Teil doch sehr vielen Logeinträgen unerwünscht erscheinen.
 +   Dec 20 09:51:08 pml010010 snmpd[22654]:​ Connection from UDP: [10.20.10.40]:​33410->​[10.20.10.10]
 +   Dec 20 09:51:08 pml010010 snmpd[22654]:​ Connection from UDP: [10.20.10.40]:​33410->​[10.20.10.10]
 +
 +Das Logging generell abzustellen,​ ist natürlich nur sehr bedingt empfehlenswert,​ vielmehr wollen wir doch lieber die unerwünschten SNMP-Logeinträge unterdrücken. ​
 +
 +Folgende Loglevel sind unter CentOS 6.x wählbar:
 +^ Log-Level ^ Beschreibung ​                                         ^
 +|   ​0 ​      | Notfall – System ist nicht benutzbar ​                 |
 +|   ​1 ​      | Warnungen – sofortiges Handeln erforderlich ​          |
 +|   ​2 ​      | Kritische – kritische Zustände ​                       |
 +|   ​3 ​      | Störungen – Fehlerhinweise ​                           |
 +|   ​4 ​      | Warnungen – Warnmeldungen ​                            |
 +|   ​5 ​      | Benachrichtigungen – Informationsmeldungen ​           |
 +|   ​6 ​      | Informationen – Hinweise ​                             |
 +|   ​7 ​      | Debugging – Debugging-Meldungen ​                      |
 +
 +Als Standard ist unter CentOS 6.x der Lglevel **0 - 6** aktiviert. Die Zugriffe auf den Deamon werden im Loglevel **6** protokolliert. ​
 +
 +Wir werden also nun nachfolgend den Loglevel **0 - 5** definieren. Hierzu passen wir die Konfigurationsdatei //​**/​etc/​sysconfig/​snmpd**//​ an.
 +    # vim /​etc/​sysconfig/​snmpd
 +<file bash /​etc/​sysconfig/​snmpd>#​ snmpd command line options
 +# Django : 2012-12-20 Loglevel 0-5 zum Unterdrücken der Zugriffe im syslog ​
 +# default: OPTIONS="​-LS0-6d -Lf /dev/null -p /​var/​run/​snmpd.pid"​
 +OPTIONS="​-LS0-5d -Lf /dev/null -p /​var/​run/​snmpd.pid"​
 +</​file>​
 +
 +Zum Aktivieren unserer Änderung starten wir den Daemon 1x durch.
 +   # service snmpd restart
 +
 +
 +
 +====== Links ======
 +  * **[[centos:​cacti_c6:​start|Zurück zum Kapitel >>​Cacti-Serverinstallation unter CentOS 6<<​]]**
 +  * **[[wiki:​start|Zurück zu >>​Projekte und Themenkapitel<<​]]**
 +  * **[[http://​dokuwiki.nausch.org/​doku.php/​|Zurück zur Startseite]]**
 +
  
  • centos/cacti_c6/snmp.txt
  • Zuletzt geändert: 20.04.2018 10:47.
  • (Externe Bearbeitung)