NetSNMP開源代碼學習——小試牛刀

原創做品，轉載請註明出處，嚴禁非法轉載。若有錯誤，請留言！

email：40879506@qq.com

題外話：技術越是古董級的東西，越是值得學習。

一. 配置

   參考: http://www.cnblogs.com/oloroso/p/4595123.html

./configure --prefix=/usr/local/net-snmp --with-default-snmp-version=2c --with-sys-contact="xxx@163.com" --with-sys-location="China" --with-logfile="/var/log/snmpd.log" --with-persistent-directory=/var/net-snmp/ --enable-applications --enable-ipv6 --with-out-transports="TCP TCPv6 Unix" --with-transports="Callback UDP UDPIPv6"  --disable-nls --enable-shared --enable-static --disable-embedded-perl

最後輸出配置簡要以下，說明配置成功。若是遇到缺乏perl之類的庫錯誤，說明須要安裝依賴庫，經常使用命令是suod apt-get install libxxx-dev或者xxx-dev或者libxxx

---------------------------------------------------------
            Net-SNMP configuration summary:
---------------------------------------------------------

  SNMP Versions Supported:    1 2c 3
  Net-SNMP Version:           5.4.4
  Building for:               linux
  Network transport support:  TCPIPv6 Callback UDP UDPIPv6
  SNMPv3 Security Modules:     usm
  Agent MIB code:             default_modules =>  snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host
  Embedded Perl support:      disabled
  SNMP Perl modules:          building -- not embeddable
  SNMP Python modules:        disabled
  Authentication support:     MD5 SHA1
  Encryption support:         DES AES

二. 安裝

make && make install

三. 設置環境變量

添加以下一行
# vi /etc/profile
PATH=/usr/local/net-snmp/bin:/usr/local/net-snmp/sbin:$PATH
source  /etc/profile

四. 配置文件

參考 ：http://www.cnblogs.com/oloroso/p/4844907.html
以SNMPv2爲例
rocommunity             public
rwcommunity             private

五.運行和測試SNMP V2

運行：
snmpd -c /usr/local/net-snmp/share/snmp/snmpd.conf
測試：
root@andy:/home/andy/vm_share/netsnmp/net-snmp-5.4.4# snmpget -v 2c -c public 127.0.0.1 system.sysName.0    
SNMPv2-MIB::sysName.0 = STRING: andy
snmpwalk -v 2c -c public 127.0.0.1 system

六.配置文件內容

參考：以V2爲例, 增長一些高級內容，VACM理論能夠參考官方文檔。這裏等之後學習了，再專門分析一下，基於視圖的訪問控制模型仍是值得學習一下，網上也有不少文章滴。

 1 syslocation suzhou_SIP
 2 syscontact localhost
 3 sysname gateway
 4 iquerySecName root
 5 
 6 com2sec public 0.0.0.0 public
 7 com2sec private 0.0.0.0 private
 8 group public v1 public
 9 group private v1 private
10 group public v2c public
11 group private v2c private
12 
13 
14 view all included .1 80
15 access public "" v2c noauth exact all none all
16 access private "" v2c noauth exact none all all

 七.遇到問題
錯誤：
SNMPv3 report received from remote agent.
Security user name: yy
Security engine ID: 80.00.1F.88.80.3C.89.93.24.CB.C3.B3.58 (hex)
Context name: (zero-length)
Context engine ID: 80.00.1F.88.80.3C.89.93.24.CB.C3.B3.58 (hex)
Authentication protocol: HMAC SHA
Privacy protocol: CFB AES 128
Security level: Authentication And Privacy
Security model: USM
1: usmStatsWrongDigests.0 (counter) 1
緣由：認證和加密值不符合要求

 1 Name:    usmStatsWrongDigests
 2 Type:    OBJECT-TYPE
 3 OID:    1.3.6.1.6.3.15.1.1.5
 4 Full path:    iso(1).org(3).dod(6).internet(1).snmpV2(6).snmpModules(3).snmpUsmMIB(15).usmMIBObjects(1).usmStats(1).usmStatsWrongDigests(5)
 5 Module:    SNMP-USER-BASED-SM-MIB
 6 
 7 Parent:    usmStats
 8 Prev sibling:    usmStatsUnknownEngineIDs
 9 Next sibling:    usmStatsDecryptionErrors
10 
11 Numerical syntax:    Counter (32 bit)
12 Base syntax:    Counter32
13 Composed syntax:    Counter32
14 Status:    current
15 Max access:    read-only
16 
17 Description:    The total number of packets received by the SNMP
18      engine which were dropped because they didn't
19      contain the expected digest value.

View Code

解決辦法：
檢查認證值和加密值長度是否符合最低要求。或者修改usmStatsWrongDigests裏面的函數檢查。

八.參考

http://www.cnblogs.com/oloroso/p/4844907.htmlhttp://www.net-snmp.org/wiki/index.php/Tutorials