GzNow.org

发布于 2022-09-14 20:30:13 字数 27866 浏览 23 评论 0

GzNow.org 的服务器使用 PHP 的 Cacti 向服务器集群里所允许的 SNMP 服务获取当前系统状态并生成图表。

  1. ###############################################################################
  2. #
  3. # snmpd.conf:
  4. #   An example configuration file for configuring the ucd-snmp snmpd agent.
  5. #
  6. ###############################################################################
  7. #
  8. # This file is intended to only be as a starting point.  Many more
  9. # configuration directives exist than are mentioned in this file.  For
  10. # full details, see the snmpd.conf(5) manual page.
  11. #
  12. # All lines beginning with a '#' are comments and are intended for you
  13. # to read.  All other lines are configuration commands for the agent.
  14. ###############################################################################
  15. # Access Control
  16. ###############################################################################
  17. # As shipped, the snmpd demon will only respond to queries on the
  18. # system mib group until this file is replaced or modified for
  19. # security purposes.  Examples are shown below about how to increase the
  20. # level of access.
  21. # By far, the most common question I get about the agent is "why won't
  22. # it work?", when really it should be "how do I configure the agent to
  23. # allow me to access it?"
  24. #
  25. # By default, the agent responds to the "public" community for read
  26. # only access, if run out of the box without any configuration file in
  27. # place.  The following examples show you other ways of configuring
  28. # the agent so that you can change the community names, and give
  29. # yourself write access to the mib tree as well.
  30. #
  31. # For more information, read the FAQ as well as the snmpd.conf(5)
  32. # manual page.
  33. ####
  34. # First, map the community name "public" into a "security name"
  35. #       sec.name  source          community
  36. com2sec notConfigUser  127.0.0.1       public
  37. ####
  38. # Second, map the security name into a group name:
  39. #       groupName      securityModel securityName
  40. group   notConfigGroup v1           notConfigUser
  41. group   notConfigGroup v2c           notConfigUser
  42. ####
  43. # Third, create a view for us to let the group have rights to:
  44. # Make at least  snmpwalk -v 1 localhost -c public system fast again.
  45. #       name           incl/excl     subtree         mask(optional)
  46. view    systemview    included   .1.3.6.1.2.1.1
  47. view    systemview    included   .1.3.6.1.2.1.25.1.1
  48. ####
  49. # Finally, grant the group read-only access to the systemview view.
  50. #       group          context sec.model sec.level prefix read   write  notif
  51. access  notConfigGroup ""      any       noauth    exact  all         none none
  52. # -----------------------------------------------------------------------------
  53. # Here is a commented out example configuration that allows less
  54. # restrictive access.
  55. # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
  56. # KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
  57. # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
  58. ##       sec.name  source          community
  59. #com2sec local     localhost       COMMUNITY
  60. #com2sec mynetwork NETWORK/24      COMMUNITY
  61. ##     group.name sec.model  sec.name
  62. #group MyRWGroup  any        local
  63. #group MyROGroup  any        mynetwork
  64. #
  65. #group MyRWGroup  any        otherv3user
  66. #...
  67. ##           incl/excl subtree                          mask
  68. view all    included  .1                               80
  69. ## -or just the mib2 tree-
  70. #view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
  71. ##                context sec.model sec.level prefix read   write  notif
  72. #access MyROGroup ""      any       noauth    0      all    none   none
  73. #access MyRWGroup ""      any       noauth    0      all    all    all
  74. ###############################################################################
  75. # Sample configuration to make net-snmpd RFC 1213.
  76. # Unfortunately v1 and v2c don't allow any user based authentification, so
  77. # opening up the default config is not an option from a security point.
  78. #
  79. # WARNING: If you uncomment the following lines you allow write access to your
  80. # snmpd daemon from any source! To avoid this use different names for your
  81. # community or split out the write access to a different community and
  82. # restrict it to your local network.
  83. # Also remember to comment the syslocation and syscontact parameters later as
  84. # otherwise they are still read only (see FAQ for net-snmp).
  85. #
  86. # First, map the community name "public" into a "security name"
  87. #       sec.name        source          community
  88. #com2sec notConfigUser   default         public
  89. # Second, map the security name into a group name:
  90. #       groupName       securityModel   securityName
  91. #group   notConfigGroup  v1              notConfigUser
  92. #group   notConfigGroup  v2c             notConfigUser
  93. # Third, create a view for us to let the group have rights to:
  94. # Open up the whole tree for ro, make the RFC 1213 required ones rw.
  95. #       name            incl/excl       subtree mask(optional)
  96. #view    roview          included        .1
  97. #view    rwview          included        system.sysContact
  98. #view    rwview          included        system.sysName
  99. #view    rwview          included        system.sysLocation
  100. #view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
  101. #view    rwview          included        at.atTable.atEntry.atPhysAddress
  102. #view    rwview          included        at.atTable.atEntry.atNetAddress
  103. #view    rwview          included        ip.ipForwarding
  104. #view    rwview          included        ip.ipDefaultTTL
  105. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
  106. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
  107. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
  108. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
  109. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
  110. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
  111. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
  112. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
  113. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
  114. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
  115. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
  116. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
  117. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
  118. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
  119. #view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
  120. #view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
  121. #view    rwview          included        snmp.snmpEnableAuthenTraps
  122. # Finally, grant the group read-only access to the systemview view.
  123. #       group          context sec.model sec.level prefix read   write  notif
  124. #access  notConfigGroup ""      any       noauth    exact  roview rwview none
  125. ###############################################################################
  126. # System contact information
  127. #
  128. # It is also possible to set the sysContact and sysLocation system
  129. # variables through the snmpd.conf file:
  130. syslocation Unknown (edit /etc/snmp/snmpd.conf)
  131. syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
  132. # Example output of snmpwalk:
  133. #   % snmpwalk -v 1 localhost -c public system
  134. #   system.sysDescr.0 = "SunOS name sun4c"
  135. #   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
  136. #   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
  137. #   system.sysContact.0 = "Me <me@somewhere.org>"
  138. #   system.sysName.0 = "name"
  139. #   system.sysLocation.0 = "Right here, right now."
  140. #   system.sysServices.0 = 72
  141. # -----------------------------------------------------------------------------
  142. ###############################################################################
  143. # Process checks.
  144. #
  145. #  The following are examples of how to use the agent to check for
  146. #  processes running on the host.  The syntax looks something like:
  147. #
  148. #  proc NAME [MAX=0] [MIN=0]
  149. #
  150. #  NAME:  the name of the process to check for.  It must match
  151. #         exactly (ie, http will not find httpd processes).
  152. #  MAX:   the maximum number allowed to be running.  Defaults to 0.
  153. #  MIN:   the minimum number to be running.  Defaults to 0.
  154. #
  155. #  Examples (commented out by default):
  156. #
  157. #  Make sure mountd is running
  158. #proc mountd
  159. #  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
  160. #proc ntalkd 4
  161. #  Make sure at least one sendmail, but less than or equal to 10 are running.
  162. #proc sendmail 10 1
  163. #  A snmpwalk of the process mib tree would look something like this:
  164. #
  165. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
  166. # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
  167. # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
  168. # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
  169. # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
  170. # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
  171. # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
  172. # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
  173. # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
  174. # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
  175. # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
  176. # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
  177. # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
  178. # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
  179. # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
  180. # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
  181. # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
  182. # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
  183. # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
  184. # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
  185. # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
  186. # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
  187. # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
  188. # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
  189. # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
  190. #
  191. #  Note that the errorFlag for mountd is set to 1 because one is not
  192. #  running (in this case an rpc.mountd is, but thats not good enough),
  193. #  and the ErrMessage tells you what's wrong.  The configuration
  194. #  imposed in the snmpd.conf file is also shown.  
  195. #
  196. #  Special Case:  When the min and max numbers are both 0, it assumes
  197. #  you want a max of infinity and a min of 1.
  198. #
  199. # -----------------------------------------------------------------------------
  200. ###############################################################################
  201. # Executables/scripts
  202. #
  203. #
  204. #  You can also have programs run by the agent that return a single
  205. #  line of output and an exit code.  Here are two examples.
  206. #
  207. #  exec NAME PROGRAM [ARGS ...]
  208. #
  209. #  NAME:     A generic name.
  210. #  PROGRAM:  The program to run.  Include the path!
  211. #  ARGS:     optional arguments to be passed to the program
  212. # a simple hello world
  213. #exec echotest /bin/echo hello world
  214. # Run a shell script containing:
  215. #
  216. # #!/bin/sh
  217. # echo hello world
  218. # echo hi there
  219. # exit 35
  220. #
  221. # Note:  this has been specifically commented out to prevent
  222. # accidental security holes due to someone else on your system writing
  223. # a /tmp/shtest before you do.  Uncomment to use it.
  224. #
  225. #exec shelltest /bin/sh /tmp/shtest
  226. # Then,
  227. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
  228. # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
  229. # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
  230. # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
  231. # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
  232. # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
  233. # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
  234. # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
  235. # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
  236. # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
  237. # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
  238. # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
  239. # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
  240. # Note that the second line of the /tmp/shtest shell script is cut
  241. # off.  Also note that the exit status of 35 was returned.
  242. # -----------------------------------------------------------------------------
  243. ###############################################################################
  244. # disk checks
  245. #
  246. # The agent can check the amount of available disk space, and make
  247. # sure it is above a set limit.  
  248. # disk PATH [MIN=100000]
  249. #
  250. # PATH:  mount path to the disk in question.
  251. # MIN:   Disks with space below this value will have the Mib's errorFlag set.
  252. #        Default value = 100000.
  253. # Check the / partition and make sure it contains at least 10 megs.
  254. #disk / 10000
  255. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
  256. # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
  257. # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
  258. # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
  259. # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
  260. # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
  261. # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
  262. # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
  263. # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
  264. # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
  265. # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
  266. # -----------------------------------------------------------------------------
  267. ###############################################################################
  268. # load average checks
  269. #
  270. # load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
  271. #
  272. # 1MAX:   If the 1 minute load average is above this limit at query
  273. #         time, the errorFlag will be set.
  274. # 5MAX:   Similar, but for 5 min average.
  275. # 15MAX:  Similar, but for 15 min average.
  276. # Check for loads:
  277. #load 12 14 14
  278. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
  279. # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
  280. # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
  281. # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
  282. # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
  283. # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
  284. # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
  285. # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
  286. # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
  287. # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
  288. # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
  289. # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
  290. # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
  291. # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
  292. # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
  293. # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
  294. # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
  295. # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
  296. # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
  297. # -----------------------------------------------------------------------------
  298. ###############################################################################
  299. # Extensible sections.
  300. #
  301. # This alleviates the multiple line output problem found in the
  302. # previous executable mib by placing each mib in its own mib table:
  303. # Run a shell script containing:
  304. #
  305. # #!/bin/sh
  306. # echo hello world
  307. # echo hi there
  308. # exit 35
  309. #
  310. # Note:  this has been specifically commented out to prevent
  311. # accidental security holes due to someone else on your system writing
  312. # a /tmp/shtest before you do.  Uncomment to use it.
  313. #
  314. # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
  315. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
  316. # enterprises.ucdavis.50.1.1 = 1
  317. # enterprises.ucdavis.50.2.1 = "shelltest"
  318. # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
  319. # enterprises.ucdavis.50.100.1 = 35
  320. # enterprises.ucdavis.50.101.1 = "hello world."
  321. # enterprises.ucdavis.50.101.2 = "hi there."
  322. # enterprises.ucdavis.50.102.1 = 0
  323. # Now the Output has grown to two lines, and we can see the 'hi
  324. # there.' output as the second line from our shell script.
  325. #
  326. # Note that you must alter the mib.txt file to be correct if you want
  327. # the .50.* outputs above to change to reasonable text descriptions.
  328. # Other ideas:
  329. #
  330. # exec .1.3.6.1.4.1.2021.51 ps /bin/ps
  331. # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
  332. # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
  333. # -----------------------------------------------------------------------------
  334. ###############################################################################
  335. # Pass through control.
  336. #
  337. # Usage:
  338. #   pass MIBOID EXEC-COMMAND
  339. #
  340. # This will pass total control of the mib underneath the MIBOID
  341. # portion of the mib to the EXEC-COMMAND.  
  342. #
  343. # Note:  You'll have to change the path of the passtest script to your
  344. # source directory or install it in the given location.
  345. #
  346. # Example:  (see the script for details)
  347. #           (commented out here since it requires that you place the
  348. #           script in the right location. (its not installed by default))
  349. # pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
  350. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
  351. # enterprises.ucdavis.255.1 = "life the universe and everything"
  352. # enterprises.ucdavis.255.2.1 = 42
  353. # enterprises.ucdavis.255.2.2 = OID: 42.42.42
  354. # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
  355. # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
  356. # enterprises.ucdavis.255.5 = 42
  357. # enterprises.ucdavis.255.6 = Gauge: 42
  358. #
  359. # % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
  360. # enterprises.ucdavis.255.5 = 42
  361. #
  362. # % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
  363. # enterprises.ucdavis.255.1 = "New string"
  364. #
  365. # For specific usage information, see the man/snmpd.conf.5 manual page
  366. # as well as the local/passtest script used in the above example.
  367. # Added for support of bcm5820 cards.
  368. pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
  369. ###############################################################################
  370. # Further Information
  371. #
  372. #  See the snmpd.conf manual page, and the output of "snmpd -H".

复制代码

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文