CentOS構造SNMP

<span style="font-size:14px;">本文介紹怎樣在CentOS環境下配置一個簡單的SNMP服務</span>

軟件安裝

切換到系統管理員賬戶

安裝snmp
確認snmp代理已安裝
rpm -q net-snmp
假設未安裝。安裝snmp
yum install net-snmp

設置開機本身主動執行snmp
/sbin/chkconfig snmpd on配置snmp

改動配置文件

將原來的配置文件備份。編輯/etc/snmp/snmpd.conf，簡單配置例如如下

# First, map the community name "public" into a "security name"

#       sec.name  source          community
com2sec notConfigUser  default       public

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

####
# Third, create a view for us to let the group have rights to:

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1

####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none none

啓動snmp

/etc/init.d/snmpd start
假設已啓動則從新啓動snmp服務
/etc/init.d/snmpd restart

測試snmp

查看port是否打開
netstat -ln | grep 161

安裝snmp測試工具
yum install net-snmp-utils

本機測試snmp數據（改動monit爲配置的團體名）
snmpwalk -v 2c -c public localhost system

snmpwalk -v3 -u username -l auth -a MD5 -A password localhost

建立SNMP（v3）用戶

net-snmp-config --create-snmpv3-user -ro -a MD5 lyceemsnmp lyceem.com

遠程測試snmp數據（改動ip爲serverip，snmpwalk命令需要安裝net-snmp）
snmpwalk -v 2c -c public ip system

故常處理

錯誤排除假設本地測試snmp有數據。遠程測試snmp無數據則由於server防火牆禁止了外部訪問serverudp 161port，則：
改動 /etc/sysconfig/iptables （或者：/etc/sysconfig/iptables-config ） ，添加例如如下規則： -A RH-Firewall-1-INPUT -p udp -m state Cstate NEW -m udp Cdport 161 -j ACCEPT 從新啓動iptables /etc/init.d/iptables restart