7531
Comment:
|
7534
|
Deletions are marked like this. | Additions are marked like this. |
Line 2: | Line 2: |
[Please do not edit in Aug-'05, still under construction. See my link at the bottom] | [Please do not edit in Aug-Sep'05, still under construction. See my link at the bottom] |
[Please do not edit in Aug-Sep'05, still under construction. See my link at the bottom]
SNMP on Debian
This is a first atempt at documenting various tasks I (and maybe you) want to accomplish with SNMP. It is based on my work with Debian GNU/Linux 3.1 Sarge and net-snmp 5.1.2, which comes with it by default. I find this page necessary after finding the limited way snmp is implemented by default on Debian. I suspect this is because of the multi platform nature of Debian and the tight relationship between platform and SNMP (but hey, what do I know, correct me if I'm wrong).
The page is meant for documentation and to make it possible for others to profit from my atempts and mistakes. Please feel free to correct mistakes and add your own knowledge.
Defaults
Agent
Starts allways by default. Listens on all interfaces, correct by adding the address you want it to listen on in /etc/default/snmpd.conf to the parameter SNMPDOPTS:
change from
SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid'
to
SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid 192.168.123.4'
It also listens to the smux port (199) on all interfaces, which can only be altered to listening only to localhost by recompiling. More on this later. It can be argued, with security in mind, to configure snmpd to listen only on localhost. To make it accessible over the net you would have to add tricks like a tunnel, but that goes beyond the scope of this document. Feel free to add it to this page if you know how to do it.
Trap server
Does not start by default. See /etc/default/snmpd.conf
Note: does not need to run on ervery server, you only need 1 trap server in your network, unless it's overloaded or for reasons of redundancy or security.
Rebuilding
Needed packages to make building possible:
(install all extra packages with apt-get install packagename)
autoconf automake1.4 autotools-dev
You need the following extra packages to rebuild snmpd:
libwrap0-dev libsensors-dev libssl-dev
Which you can install the easiest (according to http://www.debian.org/doc/manuals/apt-howto/ch-sourcehandling.en.html#6.2) with:
apt-get build-dep package
Download the sources in /usr/src:
user@buildserver:/usr/src >apt-get source libsnmp-base libsnmp5 snmpd Reading Package Lists... Done Building Dependency Tree... Done Need to get 9967kB of source archives. Get:1 http://d-i stable/main net-snmp 5.1.2-6.1 (dsc) ["1086B"] Get:2 http://d-i stable/main net-snmp 5.1.2-6.1 (tar) ["3254kB"] Get:3 http://d-i stable/main net-snmp 5.1.2-6.1 (diff) [67.5kB] Get:4 http://d-i stable/main net-snmp 5.1.2-6.1 (dsc) ["1086B"] Get:5 http://d-i stable/main net-snmp 5.1.2-6.1 (tar) ["3254kB"] Get:6 http://d-i stable/main net-snmp 5.1.2-6.1 (diff) [67.5kB] Get:7 http://d-i stable/main net-snmp 5.1.2-6.1 (dsc) ["1086B"] Get:8 http://d-i stable/main net-snmp 5.1.2-6.1 (tar) ["3254kB"] Get:9 http://d-i stable/main net-snmp 5.1.2-6.1 (diff) [67.5kB] Fetched 9967kB in 1s (7314kB/s) dpkg-source: extracting net-snmp in net-snmp-5.1.2 Skipping unpack of already unpacked source in net-snmp-5.1.2 Skipping unpack of already unpacked source in net-snmp-5.1.2 user@buildserver:/usr/src >
results in :
user@buildserver:/usr/src >ls -al||grep snmp drwxrwxr-x 15 user src 4096 2005-08-24 10:42 net-snmp-5.1.2 -rw-r--r-- 1 user src 67522 2005-03-31 17:32 net-snmp_5.1.2-6.1.diff.gz -rw-r--r-- 1 user src 1086 2005-03-31 17:32 net-snmp_5.1.2-6.1.dsc -rw-r--r-- 1 user src 3253579 2004-08-10 12:32 net-snmp_5.1.2.orig.tar.gz user@buildserver:/usr/src >
Rebuild to check your environment :
user@buildserver:/usr/src >cd net-snmp-5.1.2 user@buildserver:/usr/src/net-snmp-5.1.2 >debian/rules binary
Yada, yada, yada ...
Use of uninitialized value in scalar assignment at /usr/bin/dh_shlibdeps line 13 8. dh_gencontrol -a dh_md5sums -a dh_builddeb -a dpkg-deb: building package `snmpd' in `../snmpd_5.1.2-6.1_i386.deb'. dpkg-deb: building package `snmp' in `../snmp_5.1.2-6.1_i386.deb'. dpkg-deb: building package `libsnmp5' in `../libsnmp5_5.1.2-6.1_i386.deb'. dpkg-deb: building package `libsnmp5-dev' in `../libsnmp5-dev_5.1.2-6.1_i386.deb '. dpkg-deb: building package `libsnmp-perl' in `../libsnmp-perl_5.1.2-6.1_i386.deb '. user@buildserver:/usr/src/net-snmp-5.1.2 > user@buildserver:/usr/src/net-snmp-5.1.2 >date Wed Aug 24 10:59:16 CEST 2005 user@buildserver:/usr/src/net-snmp-5.1.2 >ls -al .. || grep '08-24 10:5' drwxrwsr-x 10 user src 4096 2005-08-24 10:53 . -rw-r--r-- 1 user src 1533904 2005-08-24 10:53 libsnmp5_5.1.2-6.1_i386.deb -rw-r--r-- 1 user src 1100654 2005-08-24 10:53 libsnmp5-dev_5.1.2-6.1_i386.deb -rw-r--r-- 1 user src 1004758 2005-08-24 10:53 libsnmp-base_5.1.2-6.1_all.deb -rw-r--r-- 1 user src 808572 2005-08-24 10:53 libsnmp-perl_5.1.2-6.1_i386.deb drwxrwxr-x 15 user src 4096 2005-08-24 10:53 net-snmp-5.1.2 -rw-r--r-- 1 user src 811612 2005-08-24 10:53 snmp_5.1.2-6.1_i386.deb -rw-r--r-- 1 user src 730488 2005-08-24 10:53 snmpd_5.1.2-6.1_i386.deb -rw-r--r-- 1 user src 754554 2005-08-24 10:53 tkmib_5.1.2-6.1_all.deb user@buildserver:/usr/src/net-snmp-5.1.2 >
[Todo : Find out why building from sources libsnmp-base, libsnmp5 and snmpd produces packages libsnmp5, libsnmp5-dev, libsnmp-base, libsnmp-perl, snmp, snmpd & tkmib]
Using your own packages
Since I prefer installing packages automatically using the same means as the original install method, I'm describing my own way through a debian-local directory on my local web server in combination with apt-proxy. Feel free to install your packages with
dpkg -i ./packagefile.deb
if you feel an urgent need to create work or for testing purposes.
So I run a local apt-proxy which keeps a copy of my downloaded packages on my local web server and have a real (so not proxied) local directory that's part of my /etc/apt/sources.list (the place apt uses to install new packages and updates over the net) in which I store my home-grown packages:
deb http://d-i.local/debian sarge main contrib non-free # proxied deb-src http://d-i.local/debian sarge main contrib non-free deb http://d-i.local/debian-security sarge/updates main contrib non-free deb-src http://d-i.local/debian-security sarge/updates main contrib non-free deb http://d-i.local/debian-local sarge main # local (my own packages)
For how to set up and maintain a local repository, see http://www.debian.org/doc/manuals/repository-howto/repository-howto.en.html
How to keep your localy build package from being overwritten by the official Debian packages is described here : http://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-pin Basically this is achieved locally on the system you install your packages on on a per package base [Todo: find a way to override from the repository].
Disk usage monitoring
Basically, you need to recompile with the parameters disman/event-mib and ucd-snmp/diskio added to the --with-mib-modules option.