GzNow.org

Question

GzNow.org 的服务器使用 PHP 的 Cacti 向服务器集群里所允许的 SNMP 服务获取当前系统状态并生成图表。

1. ###############################################################################
2. #
3. # snmpd.conf:
4. #   An example configuration file for configuring the ucd-snmp snmpd agent.
5. #
6. ###############################################################################
7. #
8. # This file is intended to only be as a starting point.  Many more
9. # configuration directives exist than are mentioned in this file.  For
10. # full details, see the snmpd.conf(5) manual page.
11. #
12. # All lines beginning with a '#' are comments and are intended for you
13. # to read.  All other lines are configuration commands for the agent.
15. ###############################################################################
16. # Access Control
17. ###############################################################################
19. # As shipped, the snmpd demon will only respond to queries on the
20. # system mib group until this file is replaced or modified for
21. # security purposes.  Examples are shown below about how to increase the
22. # level of access.
24. # By far, the most common question I get about the agent is "why won't
25. # it work?", when really it should be "how do I configure the agent to
26. # allow me to access it?"
27. #
28. # By default, the agent responds to the "public" community for read
29. # only access, if run out of the box without any configuration file in
30. # place.  The following examples show you other ways of configuring
31. # the agent so that you can change the community names, and give
32. # yourself write access to the mib tree as well.
33. #
34. # For more information, read the FAQ as well as the snmpd.conf(5)
35. # manual page.
37. ####
38. # First, map the community name "public" into a "security name"
40. #       sec.name  source          community
41. com2sec notConfigUser  127.0.0.1       public
43. ####
44. # Second, map the security name into a group name:
46. #       groupName      securityModel securityName
47. group   notConfigGroup v1           notConfigUser
48. group   notConfigGroup v2c           notConfigUser
50. ####
51. # Third, create a view for us to let the group have rights to:
53. # Make at least  snmpwalk -v 1 localhost -c public system fast again.
54. #       name           incl/excl     subtree         mask(optional)
55. view    systemview    included   .1.3.6.1.2.1.1
56. view    systemview    included   .1.3.6.1.2.1.25.1.1
58. ####
59. # Finally, grant the group read-only access to the systemview view.
61. #       group          context sec.model sec.level prefix read   write  notif
62. access  notConfigGroup ""      any       noauth    exact  all         none none
64. # -----------------------------------------------------------------------------
66. # Here is a commented out example configuration that allows less
67. # restrictive access.
69. # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
70. # KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
71. # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
73. ##       sec.name  source          community
74. #com2sec local     localhost       COMMUNITY
75. #com2sec mynetwork NETWORK/24      COMMUNITY
77. ##     group.name sec.model  sec.name
78. #group MyRWGroup  any        local
79. #group MyROGroup  any        mynetwork
80. #
81. #group MyRWGroup  any        otherv3user
82. #...
84. ##           incl/excl subtree                          mask
85. view all    included  .1                               80
87. ## -or just the mib2 tree-
89. #view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
92. ##                context sec.model sec.level prefix read   write  notif
93. #access MyROGroup ""      any       noauth    0      all    none   none
94. #access MyRWGroup ""      any       noauth    0      all    all    all
97. ###############################################################################
98. # Sample configuration to make net-snmpd RFC 1213.
99. # Unfortunately v1 and v2c don't allow any user based authentification, so
100. # opening up the default config is not an option from a security point.
101. #
102. # WARNING: If you uncomment the following lines you allow write access to your
103. # snmpd daemon from any source! To avoid this use different names for your
104. # community or split out the write access to a different community and
105. # restrict it to your local network.
106. # Also remember to comment the syslocation and syscontact parameters later as
107. # otherwise they are still read only (see FAQ for net-snmp).
108. #
110. # First, map the community name "public" into a "security name"
111. #       sec.name        source          community
112. #com2sec notConfigUser   default         public
114. # Second, map the security name into a group name:
115. #       groupName       securityModel   securityName
116. #group   notConfigGroup  v1              notConfigUser
117. #group   notConfigGroup  v2c             notConfigUser
119. # Third, create a view for us to let the group have rights to:
120. # Open up the whole tree for ro, make the RFC 1213 required ones rw.
121. #       name            incl/excl       subtree mask(optional)
122. #view    roview          included        .1
123. #view    rwview          included        system.sysContact
124. #view    rwview          included        system.sysName
125. #view    rwview          included        system.sysLocation
126. #view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
127. #view    rwview          included        at.atTable.atEntry.atPhysAddress
128. #view    rwview          included        at.atTable.atEntry.atNetAddress
129. #view    rwview          included        ip.ipForwarding
130. #view    rwview          included        ip.ipDefaultTTL
131. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
132. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
133. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
134. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
135. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
136. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
137. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
138. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
139. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
140. #view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
141. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
142. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
143. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
144. #view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
145. #view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
146. #view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
147. #view    rwview          included        snmp.snmpEnableAuthenTraps
149. # Finally, grant the group read-only access to the systemview view.
150. #       group          context sec.model sec.level prefix read   write  notif
151. #access  notConfigGroup ""      any       noauth    exact  roview rwview none
155. ###############################################################################
156. # System contact information
157. #
159. # It is also possible to set the sysContact and sysLocation system
160. # variables through the snmpd.conf file:
162. syslocation Unknown (edit /etc/snmp/snmpd.conf)
163. syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
165. # Example output of snmpwalk:
166. #   % snmpwalk -v 1 localhost -c public system
167. #   system.sysDescr.0 = "SunOS name sun4c"
168. #   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
169. #   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
170. #   system.sysContact.0 = "Me <me@somewhere.org>"
171. #   system.sysName.0 = "name"
172. #   system.sysLocation.0 = "Right here, right now."
173. #   system.sysServices.0 = 72
176. # -----------------------------------------------------------------------------
179. ###############################################################################
180. # Process checks.
181. #
182. #  The following are examples of how to use the agent to check for
183. #  processes running on the host.  The syntax looks something like:
184. #
185. #  proc NAME [MAX=0] [MIN=0]
186. #
187. #  NAME:  the name of the process to check for.  It must match
188. #         exactly (ie, http will not find httpd processes).
189. #  MAX:   the maximum number allowed to be running.  Defaults to 0.
190. #  MIN:   the minimum number to be running.  Defaults to 0.
192. #
193. #  Examples (commented out by default):
194. #
196. #  Make sure mountd is running
197. #proc mountd
199. #  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
200. #proc ntalkd 4
202. #  Make sure at least one sendmail, but less than or equal to 10 are running.
203. #proc sendmail 10 1
205. #  A snmpwalk of the process mib tree would look something like this:
206. #
207. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
208. # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
209. # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
210. # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
211. # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
212. # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
213. # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
214. # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
215. # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
216. # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
217. # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
218. # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
219. # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
220. # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
221. # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
222. # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
223. # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
224. # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
225. # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
226. # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
227. # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
228. # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
229. # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
230. # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
231. # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
232. #
233. #  Note that the errorFlag for mountd is set to 1 because one is not
234. #  running (in this case an rpc.mountd is, but thats not good enough),
235. #  and the ErrMessage tells you what's wrong.  The configuration
236. #  imposed in the snmpd.conf file is also shown.  
237. #
238. #  Special Case:  When the min and max numbers are both 0, it assumes
239. #  you want a max of infinity and a min of 1.
240. #
243. # -----------------------------------------------------------------------------
246. ###############################################################################
247. # Executables/scripts
248. #
250. #
251. #  You can also have programs run by the agent that return a single
252. #  line of output and an exit code.  Here are two examples.
253. #
254. #  exec NAME PROGRAM [ARGS ...]
255. #
256. #  NAME:     A generic name.
257. #  PROGRAM:  The program to run.  Include the path!
258. #  ARGS:     optional arguments to be passed to the program
260. # a simple hello world
262. #exec echotest /bin/echo hello world
264. # Run a shell script containing:
265. #
266. # #!/bin/sh
267. # echo hello world
268. # echo hi there
269. # exit 35
270. #
271. # Note:  this has been specifically commented out to prevent
272. # accidental security holes due to someone else on your system writing
273. # a /tmp/shtest before you do.  Uncomment to use it.
274. #
275. #exec shelltest /bin/sh /tmp/shtest
277. # Then,
278. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
279. # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
280. # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
281. # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
282. # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
283. # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
284. # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
285. # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
286. # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
287. # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
288. # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
289. # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
290. # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
292. # Note that the second line of the /tmp/shtest shell script is cut
293. # off.  Also note that the exit status of 35 was returned.
295. # -----------------------------------------------------------------------------
298. ###############################################################################
299. # disk checks
300. #
302. # The agent can check the amount of available disk space, and make
303. # sure it is above a set limit.  
305. # disk PATH [MIN=100000]
306. #
307. # PATH:  mount path to the disk in question.
308. # MIN:   Disks with space below this value will have the Mib's errorFlag set.
309. #        Default value = 100000.
311. # Check the / partition and make sure it contains at least 10 megs.
313. #disk / 10000
315. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
316. # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
317. # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
318. # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
319. # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
320. # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
321. # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
322. # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
323. # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
324. # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
325. # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
327. # -----------------------------------------------------------------------------
330. ###############################################################################
331. # load average checks
332. #
334. # load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
335. #
336. # 1MAX:   If the 1 minute load average is above this limit at query
337. #         time, the errorFlag will be set.
338. # 5MAX:   Similar, but for 5 min average.
339. # 15MAX:  Similar, but for 15 min average.
341. # Check for loads:
342. #load 12 14 14
344. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
345. # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
346. # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
347. # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
348. # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
349. # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
350. # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
351. # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
352. # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
353. # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
354. # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
355. # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
356. # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
357. # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
358. # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
359. # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
360. # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
361. # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
362. # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
364. # -----------------------------------------------------------------------------
367. ###############################################################################
368. # Extensible sections.
369. #
371. # This alleviates the multiple line output problem found in the
372. # previous executable mib by placing each mib in its own mib table:
374. # Run a shell script containing:
375. #
376. # #!/bin/sh
377. # echo hello world
378. # echo hi there
379. # exit 35
380. #
381. # Note:  this has been specifically commented out to prevent
382. # accidental security holes due to someone else on your system writing
383. # a /tmp/shtest before you do.  Uncomment to use it.
384. #
385. # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
387. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
388. # enterprises.ucdavis.50.1.1 = 1
389. # enterprises.ucdavis.50.2.1 = "shelltest"
390. # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
391. # enterprises.ucdavis.50.100.1 = 35
392. # enterprises.ucdavis.50.101.1 = "hello world."
393. # enterprises.ucdavis.50.101.2 = "hi there."
394. # enterprises.ucdavis.50.102.1 = 0
396. # Now the Output has grown to two lines, and we can see the 'hi
397. # there.' output as the second line from our shell script.
398. #
399. # Note that you must alter the mib.txt file to be correct if you want
400. # the .50.* outputs above to change to reasonable text descriptions.
402. # Other ideas:
403. #
404. # exec .1.3.6.1.4.1.2021.51 ps /bin/ps
405. # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
406. # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
408. # -----------------------------------------------------------------------------
411. ###############################################################################
412. # Pass through control.
413. #
415. # Usage:
416. #   pass MIBOID EXEC-COMMAND
417. #
418. # This will pass total control of the mib underneath the MIBOID
419. # portion of the mib to the EXEC-COMMAND.  
420. #
421. # Note:  You'll have to change the path of the passtest script to your
422. # source directory or install it in the given location.
423. #
424. # Example:  (see the script for details)
425. #           (commented out here since it requires that you place the
426. #           script in the right location. (its not installed by default))
428. # pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
430. # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
431. # enterprises.ucdavis.255.1 = "life the universe and everything"
432. # enterprises.ucdavis.255.2.1 = 42
433. # enterprises.ucdavis.255.2.2 = OID: 42.42.42
434. # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
435. # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
436. # enterprises.ucdavis.255.5 = 42
437. # enterprises.ucdavis.255.6 = Gauge: 42
438. #
439. # % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
440. # enterprises.ucdavis.255.5 = 42
441. #
442. # % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
443. # enterprises.ucdavis.255.1 = "New string"
444. #
446. # For specific usage information, see the man/snmpd.conf.5 manual page
447. # as well as the local/passtest script used in the above example.
449. # Added for support of bcm5820 cards.
450. pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
452. ###############################################################################
453. # Further Information
454. #
455. #  See the snmpd.conf manual page, and the output of "snmpd -H".

复制代码