{{tag>fr fr:linux fr:serveur fr:stats}}
====== Snmpd ======
Snmpd est un démon permettant l'interrogation des informations systèmes en SNMP.\\
Je l'utilise sur [[bender]] pour grapher les informations dans [[cacti]].
===== Installation =====
L'installation du service Snmpd se fait par ajout du paquet :
* snmpd
Il est également recommandé d'installé le client snmp :
* snmp
===== Configuration =====
La configuration de snmpd est réalisée par 3 fichiers :
* /etc/snmp/snmpd.conf : configuration principale
* /etc/snmp/snmpd.local.conf : personnalisation de la configuration
* /etc/snmp/snmptrapd.conf : configuration des traps
* /etc/default/snmpd : personnalisation Debian de snmpd
==== Vérifier que snmpd fonctionne ====
Grâce à la commande
snmpwalk -v1 -c public localhost
Cette commande doit retourner quelques valeurs.
==== Binder sur une interface réseau ====
Par défaut, Debian n'installe le service snmpd que sur la loopback 127.0.0.1.\\
Pour rendre le service accessible sur d'autres interfaces, éditer la ligne suivante du fichier ///etc/default/snmpd// :
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
Par exemple, pour [[bender]] qui est en 192.168.10.1 :
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 192.168.10.1'
Vérifier que cela fonctionne avec la commander :
snmpwalk -v1 -c public 192.168.10.1
==== Contrôle d'accès ====
Le contrôle d'accès utilise les objets suivants :
* com2sec
* group
* view
* access
=== view ===
Les "view" définissent une partie de l'arbre SNMP, exemples :
* tous les OIDs :
view all included .1 80
* uniquement la partie system :
view system included .iso.org.dod.internet.mgmt.mib-2.system
=== access ===
Les objets "access" définissent ensuite les droits d'accès aux différentes vues :
* accès en lecture seule à la vue "system"
access MyROSystem "" any noauth exact system none none
* accès en lecture seule à l'ensemble des OIDs
access MyROGroup "" any noauth exact all none none
* accès en lecture-écriture complet :
access MyRWGroup "" any noauth exact all all none
=== group ===
Les objets "group" définissent un groupe qui contient quels objets "access" utiliser en fonction du protocole :
* groupe paranoid pour l'acces MyROSystem
group MyROSystem v1 paranoid
group MyROSystem v2c paranoid
group MyROSystem usm paranoid
* groupe readonly pour l'acces MyROGroup
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
* groupe readwrite pour l'acces MyRWGroup
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite
=== com2sec ===
Enfin l'oject com2sec, définit le groupe à utiliser en fonction du réseau source et de la communauté :
* groupe "paranoid" pour la communauté public
com2sec paranoid default public
* groupe "readonly" pour la communauté public
com2sec readonly default public
* groupe "readwrite" pour la communauté public
com2sec readwrite default private
=== Exemple ===
Pour donner accès en lecture seule à l'ensemble de l'arbre, il suffit de remplacer :
com2sec paranoid default public
par :
com2sec readonly default public
Configuration complète :
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):
# sec.name source community
#com2sec paranoid default public
com2sec readonly default public
#com2sec readwrite default private
####
# Second, map the security names into group names:
# sec.model sec.name
group MyROSystem v1 paranoid
group MyROSystem v2c paranoid
group MyROSystem usm paranoid
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite
####
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
view all included .1 80
view system included .iso.org.dod.internet.mgmt.mib-2.system
####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
access MyROSystem "" any noauth exact system none none
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
==== Personnalisation ====
Pour personnaliser les informations liées au système, utiliser le fichier //snmpd.local.conf//
Par exemple, pour indiquer les champs location et contact :
syslocation St Cyr
syscontact Matthieu Bouthors
===== Capteurs systèmes =====
==== Installation ====
==== Configuration ====
bender:~# sensors-detect
# sensors-detect revision 4171 (2006-09-24 03:37:01 -0700)
This program will help you determine which kernel modules you need
to load to use lm_sensors most effectively. It is generally safe
and recommended to accept the default answers to all questions,
unless you know what you're doing.
We can start with probing for (PCI) I2C or SMBus adapters.
Do you want to probe now? (YES/no): yes
Probing for PCI bus adapters...
Use driver `i2c-nforce2' for device 0000:00:01.1: nVidia Corporation nForce4 SMBus (MCP)
We will now try to load each adapter module in turn.
Module `i2c-nforce2' already loaded.
If you have undetectable or unsupported adapters, you can have them
scanned by manually loading the modules before running this script.
To continue, we need module `i2c-dev' to be loaded.
Do you want to load `i2c-dev' now? (YES/no): yes
Module loaded successfully.
We are now going to do the I2C/SMBus adapter probings. Some chips may
be double detected; we choose the one with the highest confidence
value in that case.
If you found that the adapter hung after probing a certain address,
you can specify that address to remain unprobed.
Next adapter: SMBus nForce2 adapter at 4c40
Do you want to scan it? (YES/no/selectively): yes
Client found at address 0x08
Client found at address 0x2f
Probing for `National Semiconductor LM78'... No
Probing for `National Semiconductor LM78-J'... No
Probing for `National Semiconductor LM79'... No
Probing for `National Semiconductor LM80'... No
Probing for `Analog Devices ADT7470'... No
Probing for `Winbond W83781D'... No
Probing for `Winbond W83782D'... No
Probing for `Winbond W83792D'... No
Probing for `Winbond W83793R/G'... No
Probing for `Winbond W83791SD'... Success!
(confidence 3, driver `not-a-sensor')
Probing for `Winbond W83627HF'... No
Probing for `Winbond W83627EHF'... No
Probing for `Winbond W83627DHG'... No
Probing for `Asus AS99127F (rev.1)'... No
Probing for `Asus AS99127F (rev.2)'... No
Probing for `Asus ASB100 Bach'... No
Probing for `Analog Devices ADM9240'... No
Probing for `Dallas Semiconductor DS1780'... No
Probing for `National Semiconductor LM81'... No
Probing for `Analog Devices ADM1029'... No
Probing for `ITE IT8712F'... No
Probing for `Fintek custom power control IC'... No
Probing for `Winbond W83791D'... No
Client found at address 0x48
Probing for `National Semiconductor LM75'... No
Probing for `National Semiconductor LM77'... No
Probing for `Dallas Semiconductor DS1621'... No
Probing for `Maxim MAX6650/MAX6651'... No
Probing for `National Semiconductor LM92'... No
Probing for `National Semiconductor LM76'... No
Probing for `Maxim MAX6633/MAX6634/MAX6635'... No
Client found at address 0x49
Probing for `National Semiconductor LM75'... No
Probing for `National Semiconductor LM77'... No
Probing for `Dallas Semiconductor DS1621'... No
Probing for `National Semiconductor LM92'... No
Probing for `National Semiconductor LM76'... No
Probing for `Maxim MAX6633/MAX6634/MAX6635'... No
Client found at address 0x61
Probing for `SMBus 2.0 ARP-Capable Device'... Success!
(confidence 1, driver `not-a-sensor')
Next adapter: SMBus nForce2 adapter at 4c00
Do you want to scan it? (YES/no/selectively): yes
Client found at address 0x08
Client found at address 0x50
Probing for `Analog Devices ADM1033'... No
Probing for `Analog Devices ADM1034'... No
Probing for `SPD EEPROM'... Success!
(confidence 8, driver `eeprom')
Probing for `EDID EEPROM'... No
Probing for `Maxim MAX6900'... No
Client found at address 0x51
Probing for `Analog Devices ADM1033'... No
Probing for `Analog Devices ADM1034'... No
Probing for `SPD EEPROM'... Success!
(confidence 8, driver `eeprom')
Some chips are also accessible through the ISA I/O ports. We have to
write to arbitrary I/O ports to probe them. This is usually safe though.
Yes, you do have ISA I/O ports even if you do not have any ISA slots!
Do you want to scan the ISA I/O ports? (YES/no): yes
Probing for `National Semiconductor LM78' at 0x290... No
Probing for `National Semiconductor LM78-J' at 0x290... No
Probing for `National Semiconductor LM79' at 0x290... No
Probing for `Winbond W83781D' at 0x290... No
Probing for `Winbond W83782D' at 0x290... No
Probing for `Winbond W83627HF' at 0x290... No
Probing for `Silicon Integrated Systems SIS5595'... No
Probing for `VIA VT82C686 Integrated Sensors'... No
Probing for `VIA VT8231 Integrated Sensors'... No
Probing for `AMD K8 thermal sensors'... Success!
(confidence 9, driver `k8temp')
Probing for `IPMI BMC KCS' at 0xca0... No
Probing for `IPMI BMC SMIC' at 0xca8... No
Some Super I/O chips may also contain sensors. We have to write to
standard I/O ports to probe them. This is usually safe.
Do you want to scan for Super I/O sensors? (YES/no): yes
Probing for Super-I/O at 0x2e/0x2f
Trying family `ITE'... Yes
Found `ITE IT8712F Super IO Sensors' Success!
(address 0x290, driver `it87')
Trying family `National Semiconductor'... No
Trying family `SMSC'... No
Trying family `VIA/Winbond/Fintek'... No
Probing for Super-I/O at 0x4e/0x4f
Trying family `ITE'... No
Trying family `National Semiconductor'... No
Trying family `SMSC'... No
Trying family `VIA/Winbond/Fintek'... No
Now follows a summary of the probes I have just done.
Just press ENTER to continue:
Driver `eeprom' (should be inserted):
Detects correctly:
* Bus `SMBus nForce2 adapter at 4c00'
Busdriver `i2c-nforce2', I2C address 0x50
Chip `SPD EEPROM' (confidence: 8)
* Bus `SMBus nForce2 adapter at 4c00'
Busdriver `i2c-nforce2', I2C address 0x51
Chip `SPD EEPROM' (confidence: 8)
EEPROMs are *NOT* sensors! They are data storage chips commonly
found on memory modules (SPD), in monitors (EDID), or in some
laptops, for example.
Driver `k8temp' (should be inserted):
Detects correctly:
* ISA bus, undetermined address (Busdriver `i2c-isa')
Chip `AMD K8 thermal sensors' (confidence: 9)
Driver `it87' (should be inserted):
Detects correctly:
* ISA bus address 0x0290 (Busdriver `i2c-isa')
Chip `ITE IT8712F Super IO Sensors' (confidence: 9)
I will now generate the commands needed to load the required modules.
Just press ENTER to continue:
To make the sensors modules behave correctly, add these lines to
/etc/modules:
#----cut here----
# I2C adapter drivers
i2c-nforce2
# Chip drivers
eeprom
# Warning: the required module k8temp is not currently installed
# on your system. For status of 2.6 kernel ports check
# http://www.lm-sensors.org/wiki/Devices. If driver is built
# into the kernel, or unavailable, comment out the following line.
k8temp
it87
#----cut here----
Do you want to add these lines to /etc/modules automatically? (yes/NO)yes
bender:~#
bender:~# /etc/init.d/module-init-tools
Loading kernel modules...done.
bender:~#
bender:~# sensors
it8712-isa-0290
Adapter: ISA adapter
VCore 1: +1.39 V (min = +4.08 V, max = +4.08 V) ALARM
VCore 2: +0.00 V (min = +4.08 V, max = +4.08 V) ALARM
+3.3V: +3.28 V (min = +4.08 V, max = +4.08 V) ALARM
+5V: +4.89 V (min = +6.85 V, max = +6.85 V) ALARM
+12V: +11.78 V (min = +16.32 V, max = +16.32 V) ALARM
-12V: -4.90 V (min = +3.93 V, max = +3.93 V) ALARM
-5V: -13.64 V (min = +1.81 V, max = +4.03 V) ALARM
Stdby: +4.76 V (min = +6.85 V, max = +6.85 V) ALARM
VBat: +3.07 V
fan1: 869 RPM (min = 0 RPM, div = 8)
fan2: 969 RPM (min = 0 RPM, div = 8)
fan3: 0 RPM (min = 0 RPM, div = 8)
M/B Temp: +39°C (low = -1°C, high = -33°C) sensor = thermistor ALARM
CPU Temp: +40°C (low = -1°C, high = -1°C) sensor = thermistor ALARM
Temp3: +29°C (low = -1°C, high = -1°C) sensor = thermistor ALARM
bender:~#
snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021
chip "it87-*" "it8712-*"
# The values below have been tested on Asus CUSI, CUM motherboards.
# Voltage monitors as advised in the It8705 data sheet
label in0 "VCore 1"
label in1 "VCore 2"
label in2 "+3.3V"
label in3 "+5V"
label in4 "+12V"
label in5 "-12V"
label in6 "-5V"
label in7 "Stdby"
label in8 "VBat"
# vid is not monitored by IT8705F
# comment out if you have IT8712
#ignore vid
ignore in5
ignore in6
ignore in1
ignore in7
# Incubus Saturnus reports that the IT87 chip on Asus A7V8X-X seems
# to report the VCORE voltage approximately 0.05V higher than the board's
# BIOS does. Although it doesn't make much sense physically, uncommenting
# the next line should bring the readings in line with the BIOS' ones in
# this case.
# compute in0 -0.05+@ , @+0.05
# If 3.3V reads around 1.65V, uncomment the following line:
# compute in2 2*@ , @/2
compute in3 ((6.8/10)+1)*@ , @/((6.8/10)+1)
# A number of Gigabyte boards (GA-8IPE1000Pro, GA-8KNXP, GA-7N400-L) use
# a different resistor combination for +5V:
# compute in3 ((10/10)+1)*@ , @/((10/10)+1)
compute in4 ((30/10) +1)*@ , @/((30/10) +1)
# For this family of chips the negative voltage equation is different from
# the lm78. The chip uses two external resistor for scaling but one is
# tied to a positive reference voltage. See ITE8705/12 datasheet (SIS950
# data sheet is wrong)
# Vs = (1 + Rin/Rf) * Vin - (Rin/Rf) * Vref.
# Vref = 4.096 volts, Vin is voltage measured, Vs is actual voltage.
# The next two are negative voltages (-12 and -5).
# The following formulas must be used. Unfortunately the datasheet
# does not give recommendations for Rin, Rf, but we can back into
# them based on a nominal +2V input to the chip, together with a 4.096V Vref.
# Formula:
# actual V = (Vmeasured * (1 + Rin/Rf)) - (Vref * (Rin/Rf))
# For -12V input use Rin/Rf = 6.68
# For -5V input use Rin/Rf = 3.33
# Then you can convert the forumula to a standard form like:
compute in5 (7.67 * @) - 27.36 , (@ + 27.36) / 7.67
compute in6 (4.33 * @) - 13.64 , (@ + 13.64) / 4.33
#
# this much simpler version is reported to work for a
# Elite Group K7S5A board
#
# compute in5 -(36/10)*@, -@/(36/10)
# compute in6 -(56/10)*@, -@/(56/10)
#
compute in7 ((6.8/10)+1)*@ , @/((6.8/10)+1)
set in0_min 1.0 * 0.95
set in0_max 1.5 * 1.05
# set in1_min 2.4
# set in1_max 2.6
set in2_min 3.3 * 0.95
set in2_max 3.3 * 1.05
set in3_min 5.0 * 0.95
set in3_max 5.0 * 1.05
set in4_min 12 * 0.95
set in4_max 12 * 1.05
# set in5_max -12 * 0.95
# set in5_min -12 * 1.05
# set in6_max -5 * 0.95
# set in6_min -5 * 1.05
# set in7_min 5 * 0.95
# set in7_max 5 * 1.05
#the chip does not support in8 min/max
# Temperature
#
# Important - if your temperature readings are completely whacky
# you probably need to change the sensor type.
# Adujst and uncomment the appropriate lines below.
# The old method (modprobe it87 temp_type=0xXX) is no longer supported.
#
# 2 = thermistor; 3 = thermal diode; 0 = unused
# set sensor1 3
# set sensor2 3
# set sensor3 3
# If a given sensor isn't used, you will probably want to ignore it
# (see ignore statement right below).
label temp1 "M/B Temp"
# set temp1_over 40
# set temp1_low 15
label temp2 "CPU Temp"
# set temp2_over 45
# set temp2_low 15
# ignore temp3
label temp3 "Temp3"
# set temp3_over 45
# set temp3_low 15
# The A7V8X-X has temperatures inverted, and needs a conversion for
# CPU temp. Thanks to Preben Randhol for the formula.
# label temp1 "CPU Temp"
# label temp2 "M/B Temp"
# compute temp1 (-15.096+1.4893*@), (@+15.096)/1.4893
# The A7V600 also has temperatures inverted, and needs a different
# conversion for CPU temp. Thanks to Dariusz Jaszkowski for the formula.
# label temp1 "CPU Temp"
# label temp2 "M/B Temp"
# compute temp1 (@+128)/3, (3*@-128)
# Fans
# set fan1_min 0
# set fan2_min 3000
# ignore fan3
# set fan3_min 3000
label fan1 CPU
label fan2 Tunnel
ignore fan3
===== Backup =====
* /etc/snmp/
* /etc/default/snmpd
===== Links =====
* [[cacti]]