Artyom
10-07-2008, 07:27 PM
Source: http://forums.cacti.net/about5870.html&highlight=
cd /usr/ports/net-mgmt/net-snmp
make
make install
make clean
edit /etc/rc.conf
add snmpd_enable="YES"
cd /usr/local/share/snmp
edit snmpd.conf (you may have to create it)
add the following
syslocation home (replace home with whatever you'd like)
syscontact me@here.com (put in your e-mail or whatever)
rocommunity private (replace with whatever read only name you'd like)
rwcommunity public (again, change this to whatever you'd like)
master yes
now save and exit
cd /usr/local/etc/rc.d
./snmpd.sh start
This will get you up and running with a very basic snmp configuration. There's a handy utility called 'snmpconf' that can be run to help you generate the snmp.conf (optional) and snmpd.conf files. This will give you more options and help tighten up security.
at this point you should be able to snmpwalk your host
snmpwalk -v1 -c public 127.0.0.1
See http://www.net-snmp.org/tutorial/tutorial-5/commands/index.html for more info on how to use snmp do nifty things...like adding MIBS!
or a more detailed description using snmpconf
# cd /usr/ports/net-mgmt/net-snmp && make install clean
Configuring snmpd
The net-snmp package comes with the snmpconf utility which should help you configure snmpd. We will walk through the steps for it, as it can be somewhat harrowing for those new to snmp:
# snmpconf -i
I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)
1: snmp.conf
2: snmptrapd.conf
3: snmpd.conf
snmp.conf (snmp.conf(5)) dictates how Net-SNMP applications should operate, snmptrapd.conf (snmptrapd.conf(5)) configures the snmptrapd daemon which is used for on going monitoring via SNMP, and finally snmpd.conf (snmpd.conf(5)) defines how the snmp daemon which we will be using, is configured. Choose option '3'.
The main menu:
1: System Information Setup
2: Access Control Setup
3: Trap Destinations
4: Monitor Various Aspects of the Running Host
5: Extending the Agent
6: Agent Operating Mode
Choose option '1', and at the 'System Information Setup' menu, choose '1' again. You will be asked to enter the location of your system. This can be the country, locality, your street name, site name, or any other data you would use to describe the location of the system. After you enter this, you will be returned to the 'System Information Setup' menu.
Choose option '2' and enter the contact information for the administrator of the machine.
Finally, when you choose option '3', you will be asked a number of Yes/No questions to determine what the proper value for the sysServices object. This is used to determine what services your machine offers. Reply with a '1' for yes, or '0' for no.
When you are done with the 'System Information Setup' menu, type 'finished' to return to the main menu.
From the main menu, choose option '2' for 'Access Control Setup'
1: a SNMPv3 read-write user
2: a SNMPv3 read-only user
3: a SNMPv1/SNMPv2c read-only access community name
4: a SNMPv1/SNMPv2c read-write access community name
For the purpose of simplicity, we will set up a read-only SNMPv1 server which listens only on localhost. SNMPv2 and v3 provide some added security in the form of usernames and passwords, and for anyone wishing to have their snmpd listen on the network, I would very seriously recommend they look in to using these.
To continue, choose option '3'. You will be asked to enter a community name for read-only access. This can be any one-word string you wish, and is simply used as a weak method of authentication to restrict access to the service.
Then choose 'localhost' as the hostname from which to accept that community string, and press RETURN for no-restrictions on what the user of that community string can read.
Next we will confirm where the daemon should be listening. From the main menu, choose option '6' for 'Agent Operating Mode'
1: Should the agent operate as a master agent or not.
2: The system user that the agent runs as.
3: The system group that the agent runs as.
4: The IP address and port number that the agent will listen on.
Choose option '4', and enter 127.0.0.1 as the address at which snmpd will listen. Return to the main menu, and choose 'finished' again. You will be shown to the original menu asking which file you would like to edit. choose to 'quit'.
Finally, edit the /etc/rc.conf startup file, and at the end of the file put a new line as:
snmpd_enable="YES"
You can now start snmpd with /usr/local/etc/rc.d/snmpd.sh start. It will also start with your system when you reboot.
Here is the link I got that from:
http://silverwraith.com/papers/freebsd-snmp.php
FYI, I just query my FreeBSD server from itself, as it is the cacti server - so if you need to query external FreeBSD servers from your cacti server, and that is what you are setting up (external to cacti server, servers) your access controls will obviously be different.
Hope this helps.
cd /usr/ports/net-mgmt/net-snmp
make
make install
make clean
edit /etc/rc.conf
add snmpd_enable="YES"
cd /usr/local/share/snmp
edit snmpd.conf (you may have to create it)
add the following
syslocation home (replace home with whatever you'd like)
syscontact me@here.com (put in your e-mail or whatever)
rocommunity private (replace with whatever read only name you'd like)
rwcommunity public (again, change this to whatever you'd like)
master yes
now save and exit
cd /usr/local/etc/rc.d
./snmpd.sh start
This will get you up and running with a very basic snmp configuration. There's a handy utility called 'snmpconf' that can be run to help you generate the snmp.conf (optional) and snmpd.conf files. This will give you more options and help tighten up security.
at this point you should be able to snmpwalk your host
snmpwalk -v1 -c public 127.0.0.1
See http://www.net-snmp.org/tutorial/tutorial-5/commands/index.html for more info on how to use snmp do nifty things...like adding MIBS!
or a more detailed description using snmpconf
# cd /usr/ports/net-mgmt/net-snmp && make install clean
Configuring snmpd
The net-snmp package comes with the snmpconf utility which should help you configure snmpd. We will walk through the steps for it, as it can be somewhat harrowing for those new to snmp:
# snmpconf -i
I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)
1: snmp.conf
2: snmptrapd.conf
3: snmpd.conf
snmp.conf (snmp.conf(5)) dictates how Net-SNMP applications should operate, snmptrapd.conf (snmptrapd.conf(5)) configures the snmptrapd daemon which is used for on going monitoring via SNMP, and finally snmpd.conf (snmpd.conf(5)) defines how the snmp daemon which we will be using, is configured. Choose option '3'.
The main menu:
1: System Information Setup
2: Access Control Setup
3: Trap Destinations
4: Monitor Various Aspects of the Running Host
5: Extending the Agent
6: Agent Operating Mode
Choose option '1', and at the 'System Information Setup' menu, choose '1' again. You will be asked to enter the location of your system. This can be the country, locality, your street name, site name, or any other data you would use to describe the location of the system. After you enter this, you will be returned to the 'System Information Setup' menu.
Choose option '2' and enter the contact information for the administrator of the machine.
Finally, when you choose option '3', you will be asked a number of Yes/No questions to determine what the proper value for the sysServices object. This is used to determine what services your machine offers. Reply with a '1' for yes, or '0' for no.
When you are done with the 'System Information Setup' menu, type 'finished' to return to the main menu.
From the main menu, choose option '2' for 'Access Control Setup'
1: a SNMPv3 read-write user
2: a SNMPv3 read-only user
3: a SNMPv1/SNMPv2c read-only access community name
4: a SNMPv1/SNMPv2c read-write access community name
For the purpose of simplicity, we will set up a read-only SNMPv1 server which listens only on localhost. SNMPv2 and v3 provide some added security in the form of usernames and passwords, and for anyone wishing to have their snmpd listen on the network, I would very seriously recommend they look in to using these.
To continue, choose option '3'. You will be asked to enter a community name for read-only access. This can be any one-word string you wish, and is simply used as a weak method of authentication to restrict access to the service.
Then choose 'localhost' as the hostname from which to accept that community string, and press RETURN for no-restrictions on what the user of that community string can read.
Next we will confirm where the daemon should be listening. From the main menu, choose option '6' for 'Agent Operating Mode'
1: Should the agent operate as a master agent or not.
2: The system user that the agent runs as.
3: The system group that the agent runs as.
4: The IP address and port number that the agent will listen on.
Choose option '4', and enter 127.0.0.1 as the address at which snmpd will listen. Return to the main menu, and choose 'finished' again. You will be shown to the original menu asking which file you would like to edit. choose to 'quit'.
Finally, edit the /etc/rc.conf startup file, and at the end of the file put a new line as:
snmpd_enable="YES"
You can now start snmpd with /usr/local/etc/rc.d/snmpd.sh start. It will also start with your system when you reboot.
Here is the link I got that from:
http://silverwraith.com/papers/freebsd-snmp.php
FYI, I just query my FreeBSD server from itself, as it is the cacti server - so if you need to query external FreeBSD servers from your cacti server, and that is what you are setting up (external to cacti server, servers) your access controls will obviously be different.
Hope this helps.