ubuntu snmp 配置

背景：机房新增了几台ubuntu服务器，需要用已有的cacti来监测它们，所以要在新服务器上安装和配置SNMP协议。

动机：我参考网上很多资料安装和配置SNMP，没搞定，于是自己研究了一下如何配置，最终顺利完成，所以分享一下。

1. SNMP安装

运行如下两个命令

apt-get install snmp [enter]

apt-get install snmpd [enter]

顺利运行完毕，使用如下命令测试一下

lsof -i:161

如果输出了正在运行snmp协议，便说明安装OK。

2. SNMP配置（重点）

我的SNMP配置文件/etc/snmp/snmpd.conf与网上早年的一些资料不同，主要是 压根没有出现com2sec，下面附上我的snmpd.conf的前半部分：

-----------------------------------下面是snmpd.conf---------------------------------

###############################################################################

#

# EXAMPLE.conf:

#   An example configuration file for configuring the Net-SNMP agent ('snmpd')

#   See the 'snmpd.conf(5)' man page for details

#

#  Some entries are deliberately commented out, and will need to be explicitly activated

#

###############################################################################

#

#  AGENT BEHAVIOUR

#

#  Listen for connections from the local system only

#agentAddress  udp:127.0.0.1:161

#  Listen for connections on all interfaces (both IPv4 *and* IPv6)

agentAddress udp:161,udp6:[::1]:161

###############################################################################

#

#  SNMPv3 AUTHENTICATION

#

#  Note that these particular settings don't actually belong here.

#  They should be copied to the file /var/lib/snmp/snmpd.conf

#     and the passwords changed, before being uncommented in that file *only*.

#  Then restart the agent

#  createUser authOnlyUser  MD5 "remember to change this password"

#  createUser authPrivUser  SHA "remember to change this one too"  DES

#  createUser internalUser  MD5 "this is only ever used internally, but still change the password"

#  If you also change the usernames (which might be sensible),

#  then remember to update the other occurances in this example config file to match.

###############################################################################

#

#  ACCESS CONTROL

#

                                                 #  system + hrSystem groups only

view   systemonly  included   .1.3.6.1.2.1.1

view   systemonly  included   .1.3.6.1.2.1.25.1

view   systemonly  included   .1   80

                                                 #  Full access from the local host

#rocommunity public  localhost

                                                 #  Default access to basic system info

 rocommunity public  default    -V systemonly

                                                 #  Full access from an example network

                                                 #     Adjust this network address to match your local

                                                 #     settings, change the community string,

                                                 #     and check the 'agentAddress' setting above

#rocommunity secret  10.0.0.0/16

                                                 #  Full read-only access for SNMPv3

 rouser   authOnlyUser

                                                 #  Full write access for encrypted requests

                                                 #     Remember to activate the 'createUser' lines above

#rwuser   authPrivUser   priv

#  It's no longer typically necessary to use the full 'com2sec/group/access' configuration

#  r[ou]user and r[ow]community, together with suitable views, should cover most requirements

-----------------------------------上面是snmpd.conf---------------------------------

我的目的是进行远程SNMP连接，所以需要做如下的修改：

将下面这一行

agentAddress udp:127.0.0.1:161

注释掉，即 

#agentAddress udp:127.0.0.1:161

然后将原来的这一行

#agentAddress udp:161,udp6:[::1]:161

去掉注释，即

agentAddress udp:161,udp6:[::1]:161

这样便可以实现snmp的远程监听了。

但修改后cacti服务器还是无法监测到CPU、内存、流量的数据，所以需要再做如下修改：

在snmpd.conf中找到下面的内容

view   systemonly  included   .1.3.6.1.2.1.1

view   systemonly  included   .1.3.6.1.2.1.25.1

在下面加上一行

view   systemonly  included   .1   80

这样就允许监听所有设备了。

完成所有修改后，重启snmp

service snmpd restart

本地测试SNMP是否监测各类指标的方法：运行如下命令

snmpwalk -v 2c -c public localhost

如果输出结果有好多页好多页，应该是设置成功了