1
2
3
4
5

[x] IPV6             IPv6 protocol support
[x] MFD_REWRITES     Use new MFD rewrites of mib modules
[x] PERL             Perl scripting language support
[x] PERL_EMBEDDED    Build embedded perl
[x] SMUX             Build with SNMP multiplexing (SMUX) support

Configuration

The SNMP daemon is configured for a read-only access from the community community-string, only the MIBs which are used will be exported.

It’s possible to split the configuration in two separate files, the first one holding a generic configuration (snmpd.conf), the second one holding a configuration specific to the computer (snmpd.local.conf).

snmpd.conf

The information is shared read-only and is only protected by a password: community-string. The 2c version of the protocol is used. The version 3 would have allowed a stronger security with the integration of confidentiality, integrity and authentication.

1
2
3
4
5
6
7
8
9
10
11

# Access control
######################################################################
#       sec.name   source       community
com2sec readonly   default      community-string
 
#       name       sec.model    sec.name
group   ROSystem   v2c          readonly
group   ROSystem   usm          readonly

#                  context  sec.model  sec.level  match  read    write  notif
access  ROSystem   ""       any        noauth     exact  system  none   none

Set the different level of visibility for the MIBs, the information which will be published are about the network interfaces, resources (memory, process, disk), system status (temperature) and imap.

1
2
3
4
5
6
7
8
9
10
11
12
13
14

# Views
######################################################################
#       name       incl/excl    subtree                          mask
view    system     included     SNMPv2-MIB::system
view    system     included     IF-MIB::interfaces
view    system     included     IP-MIB::ipAddrTable
view    system     included     IPV6-MIB::ipv6MIB
view    system     included     HOST-RESOURCES-MIB::hrSystem
view    system     included     HOST-RESOURCES-MIB::hrStorage
view    system     included     HOST-RESOURCES-MIB::hrProcessorTable
view    system     included     UCD-SNMP-MIB::memory
view    system     included     UCD-SNMP-MIB::laTable
view    system     included     UCD-SNMP-MIB::systemStats
view	system	   included     enterprises.3.6

AgentX (RFC 2741) is a protocol allowing external programs to extend the SNMP agent with their own management information, communication is done through the use of a UNIX socket. This will be used, for example, by Cyrus IMAP with the OID enterprises.3.6.

1

pw groupadd agentx -g 1025

1
2
3
4
5

# AgentX
######################################################################
master       agentx
agentXPerms  0770 0755 root agentx
agentXSocket /var/agentx/master

It is also possible to extend net-snmp with a perl script thank to the embedded interpreter. Adding CPU temperature and frequency is done through this script, in the UCD-SNMP-MIB::systemStats branch.

1
2
3

# Extending
######################################################################
perl do "/usr/local/etc/snmp/health.pl"

snmpd.local.conf

syslocation and syscontact entries need to be tailored:

1
2
3
4
5
6

# Server administrative information
syslocation Location
syscontact admin@example.com

# Ignore all disks (avoiding potential timeout)
ignoredisk /dev/*

During disk device analyses, the snmpd daemon can get stuck until a timeout is reached. To avoid this situation the ignoredisk directive is used.

Extending

• Extendind snmpd using perl

Temperature

Extending is done at the netSnmp MIB, which is part of UCD-SNMP-MIB::systemStats.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

#!/usr/bin/perl

use BSD::Sysctl 'sysctl';
use NetSNMP::OID; 
use NetSNMP::ASN;
use NetSNMP::agent; 

my $rootOID  =  '.1.3.6.1.4.1.8072.999'; # netSnmp.999
my $cpu_freq = new NetSNMP::OID($rootOID . ".1.0");
my $cpu_temp = new NetSNMP::OID($rootOID . ".2.0");

sub myhandler {
    my  ($handler, $registration_info, $request_info, $requests) = @_;

    for ($request = $requests; $request; $request = $request->next()) { 
	my $oid  = $request->getOID();
	my $mode = $request_info->getMode();
	if      ($mode == MODE_GET) {
	    if      ($oid == $cpu_freq) {
		$request->setValue(ASN_GAUGE, sysctl('dev.cpu.0.freq'));
	    } elsif ($oid == $cpu_temp) {
		my $temp = sysctl('dev.cpu.0.temperature') / 100;
                $request->setValue(ASN_OCTET_STR, "$temp");
	    }
	} elsif ($mode == MODE_GETNEXT) {
	    if      ($oid < $cpu_freq) {
		$request->setOID($cpu_freq);
		$request->setValue(ASN_GAUGE, sysctl('dev.cpu.0.freq'));
	    } elsif ($oid < $cpu_temp) {
		my $temp = sysctl('dev.cpu.0.temperature') / 100;
		$request->setOID($cpu_temp);
                $request->setValue(ASN_OCTET_STR, "$temp");
	    }
	}
    }
}

my $regoid = new NetSNMP::OID($rootOID); 
$agent->register("health", $regoid, \&myhandler);

Startup

To allow automatic startup, the following line is added to the /etc/rc.conf file:

1

snmpd_enable="YES"

MIBs

Information can be accessed by using a name instead of it’s numerical representation (OID). For that purpose a MIB definition must be installed.

If the MIB is not already present, it must be added and made available:

1. Adding (globaly or locally):

   1 2	cp my-mib.txt /usr/local/share/snmp/mibs/ # Adding globaly cp my-mib.txt $HOME/.snmp/mibs/ # Adding localy

2. Making available (one time usage, globaly, or localy):

   1 2 3

   export MIBS=+MY-MIB # One time usage echo "mibs +MY-MIB" >> /usr/local/etc/snmp/snmpd.conf # Global usage echo "mibs +MY-MIB" >> $HOME/.snmp/snmp.conf # Local usage