如何配置snmpd.conf文件以在net-snmp中制作工作集命令？

发布于 2025-01-31 21:06:15 字数 1656 浏览 6 评论 0原文

我已经配置了snmpd.conf，如下所示

com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none

mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB

rocommunity private localhost
rwcommunity private localhost

pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh

之后

/etc/snmp/snmpd.conf

我尝试发送以下命令

在
，
，
除了
尝试所有上述所有命令之后，

我观察到的所有命令是所有命令都可以正常工作了 “设置”命令。

要调试这个问题，我确认的第一件事是，我要设置的变量是在MIB文件中具有读写访问权限。从MIB浏览器发送“ SET”命令后，我使用的MIB文件会以下内容

GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN

IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;

pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
     "postal:   admin @ admin"
DESCRIPTION
    "This Mib module defines objects for signal statistics"
REVISION     "202005100000Z"
DESCRIPTION
    "Corrected notification example definitions"
REVISION     "200202060000Z"
DESCRIPTION
    "First draft"
::= { enterprises 53864 }

--
-- top level structure
--
pduVar       OBJECT IDENTIFIER ::= { pduInfo 1 }

--
-- Example scalars
--

gpsVar1 OBJECT-TYPE
   SYNTAX      OCTET STRING
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "the latest value of signal"
   DEFVAL { "hello" }
   ::= { pduVar 1 }
   
   END

我得到以下误差

src =“ https://i.sstatic.net/kkrdx.jpg” alt =“在此处输入图像描述”>

“设置命令问题”的原因是什么。谁能帮助我了解此问题的问题？

原文

I have configured the snmpd.conf as follows

com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none

mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB

rocommunity private localhost
rwcommunity private localhost

pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh

having the path

/etc/snmp/snmpd.conf

So after that i tried to send the following commands

Get Next
Get
Get Bulk
Walk
Set

After trying all the above commands one thing I observe is that all the commands are working perfectly fine except the "Set" command.

To debug this issue first thing I confirmed was that the variable which I was trying to set is having read-write access in the MIB file. MIB file which I was using as follows

GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN

IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;

pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
     "postal:   admin @ admin"
DESCRIPTION
    "This Mib module defines objects for signal statistics"
REVISION     "202005100000Z"
DESCRIPTION
    "Corrected notification example definitions"
REVISION     "200202060000Z"
DESCRIPTION
    "First draft"
::= { enterprises 53864 }

--
-- top level structure
--
pduVar       OBJECT IDENTIFIER ::= { pduInfo 1 }

--
-- Example scalars
--

gpsVar1 OBJECT-TYPE
   SYNTAX      OCTET STRING
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "the latest value of signal"
   DEFVAL { "hello" }
   ::= { pduVar 1 }
   
   END

After sending "SET" command from MIB browser I was getting following error

What will be the reason for the "SET command issue". Can anyone please help me to understand the issue behind this?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

隔岸观火 2025-02-07 21:06:15

在搜索很多之后，我终于找到了解决方案。现在，我已经编辑了snmpd.conf，如下所示

######################################################################## 
#######
# Access Control
#######################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
#group MyROSystem v1        paranoid
#group MyROSystem v2c       paranoid
#group MyROSystem usm       paranoid
#group MyROGroup v1         readonly
#group MyROGroup v2c        readonly
#group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
#access MyROSystem ""     any       noauth    exact  system none   none
#access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# ------------------------------------------------------------------

After searching a lot finally I found the solution. Now I have edited the snmpd.conf as follows,

######################################################################## 
#######
# Access Control
#######################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
#group MyROSystem v1        paranoid
#group MyROSystem v2c       paranoid
#group MyROSystem usm       paranoid
#group MyROGroup v1         readonly
#group MyROGroup v2c        readonly
#group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
#access MyROSystem ""     any       noauth    exact  system none   none
#access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# ------------------------------------------------------------------

回复收藏 0 原文

~没有更多了~