Snmpd

Snmpd est un démon permettant l'interrogation des informations systèmes en SNMP.

Je l'utilise sur Projet Bender pour grapher les informations dans Cacti.

Installation

L'installation du service Snmpd se fait par ajout du paquet :

  • snmpd

Il est également recommandé d'installé le client snmp :

  • snmp

Configuration

La configuration de snmpd est réalisée par 3 fichiers :

  • /etc/snmp/snmpd.conf : configuration principale
  • /etc/snmp/snmpd.local.conf : personnalisation de la configuration
  • /etc/snmp/snmptrapd.conf : configuration des traps
  • /etc/default/snmpd : personnalisation Debian de snmpd

Vérifier que snmpd fonctionne

Grâce à la commande

snmpwalk -v1 -c public localhost

Cette commande doit retourner quelques valeurs.

Binder sur une interface réseau

Par défaut, Debian n'installe le service snmpd que sur la loopback 127.0.0.1.
Pour rendre le service accessible sur d'autres interfaces, éditer la ligne suivante du fichier /etc/default/snmpd :

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

Par exemple, pour Projet Bender qui est en 192.168.10.1 :

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 192.168.10.1'

Vérifier que cela fonctionne avec la commander :

snmpwalk -v1 -c public 192.168.10.1

Contrôle d'accès

Le contrôle d'accès utilise les objets suivants :

  • com2sec
  • group
  • view
  • access

view

Les “view” définissent une partie de l'arbre SNMP, exemples :

  • tous les OIDs :
view all    included  .1                               80
  • uniquement la partie system :
view system included  .iso.org.dod.internet.mgmt.mib-2.system

access

Les objets “access” définissent ensuite les droits d'accès aux différentes vues :

  • accès en lecture seule à la vue “system”
access MyROSystem ""     any       noauth    exact  system none   none
  • accès en lecture seule à l'ensemble des OIDs
access MyROGroup ""      any       noauth    exact  all    none   none
  • accès en lecture-écriture complet :
access MyRWGroup ""      any       noauth    exact  all    all    none

group

Les objets “group” définissent un groupe qui contient quels objets “access” utiliser en fonction du protocole :

  • groupe paranoid pour l'acces MyROSystem
group MyROSystem v1        paranoid
group MyROSystem v2c       paranoid
group MyROSystem usm       paranoid
  • groupe readonly pour l'acces MyROGroup
group MyROGroup v1         readonly
group MyROGroup v2c        readonly
group MyROGroup usm        readonly
  • groupe readwrite pour l'acces MyRWGroup
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

com2sec

Enfin l'oject com2sec, définit le groupe à utiliser en fonction du réseau source et de la communauté :

  • groupe “paranoid” pour la communauté public
com2sec paranoid  default         public
  • groupe “readonly” pour la communauté public
com2sec readonly  default         public
  • groupe “readwrite” pour la communauté public
com2sec readwrite default         private

Exemple

Pour donner accès en lecture seule à l'ensemble de l'arbre, il suffit de remplacer :

com2sec paranoid  default         public

par :

com2sec readonly  default         public

Configuration complète :

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
com2sec readonly  default         public
#com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
group MyROSystem v1        paranoid
group MyROSystem v2c       paranoid
group MyROSystem usm       paranoid
group MyROGroup v1         readonly
group MyROGroup v2c        readonly
group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
access MyROSystem ""     any       noauth    exact  system none   none
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

Personnalisation

Pour personnaliser les informations liées au système, utiliser le fichier snmpd.local.conf

Par exemple, pour indiquer les champs location et contact :

syslocation St Cyr
syscontact Matthieu Bouthors <matthieu@bouthors.fr>

Capteurs systèmes

Installation

Configuration

bender:~# sensors-detect
# sensors-detect revision 4171 (2006-09-24 03:37:01 -0700)

This program will help you determine which kernel modules you need
to load to use lm_sensors most effectively. It is generally safe
and recommended to accept the default answers to all questions,
unless you know what you're doing.

We can start with probing for (PCI) I2C or SMBus adapters.
Do you want to probe now? (YES/no): yes
Probing for PCI bus adapters...
Use driver `i2c-nforce2' for device 0000:00:01.1: nVidia Corporation nForce4 SMBus (MCP)

We will now try to load each adapter module in turn.
Module `i2c-nforce2' already loaded.
If you have undetectable or unsupported adapters, you can have them
scanned by manually loading the modules before running this script.

To continue, we need module `i2c-dev' to be loaded.
Do you want to load `i2c-dev' now? (YES/no): yes
Module loaded successfully.

We are now going to do the I2C/SMBus adapter probings. Some chips may
be double detected; we choose the one with the highest confidence
value in that case.
If you found that the adapter hung after probing a certain address,
you can specify that address to remain unprobed.

Next adapter: SMBus nForce2 adapter at 4c40
Do you want to scan it? (YES/no/selectively): yes
Client found at address 0x08
Client found at address 0x2f
Probing for `National Semiconductor LM78'...                No
Probing for `National Semiconductor LM78-J'...              No
Probing for `National Semiconductor LM79'...                No
Probing for `National Semiconductor LM80'...                No
Probing for `Analog Devices ADT7470'...                     No
Probing for `Winbond W83781D'...                            No
Probing for `Winbond W83782D'...                            No
Probing for `Winbond W83792D'...                            No
Probing for `Winbond W83793R/G'...                          No
Probing for `Winbond W83791SD'...                           Success!
    (confidence 3, driver `not-a-sensor')
Probing for `Winbond W83627HF'...                           No
Probing for `Winbond W83627EHF'...                          No
Probing for `Winbond W83627DHG'...                          No
Probing for `Asus AS99127F (rev.1)'...                      No
Probing for `Asus AS99127F (rev.2)'...                      No
Probing for `Asus ASB100 Bach'...                           No
Probing for `Analog Devices ADM9240'...                     No
Probing for `Dallas Semiconductor DS1780'...                No
Probing for `National Semiconductor LM81'...                No
Probing for `Analog Devices ADM1029'...                     No
Probing for `ITE IT8712F'...                                No
Probing for `Fintek custom power control IC'...             No
Probing for `Winbond W83791D'...                            No
Client found at address 0x48
Probing for `National Semiconductor LM75'...                No
Probing for `National Semiconductor LM77'...                No
Probing for `Dallas Semiconductor DS1621'...                No
Probing for `Maxim MAX6650/MAX6651'...                      No
Probing for `National Semiconductor LM92'...                No
Probing for `National Semiconductor LM76'...                No
Probing for `Maxim MAX6633/MAX6634/MAX6635'...              No
Client found at address 0x49
Probing for `National Semiconductor LM75'...                No
Probing for `National Semiconductor LM77'...                No
Probing for `Dallas Semiconductor DS1621'...                No
Probing for `National Semiconductor LM92'...                No
Probing for `National Semiconductor LM76'...                No
Probing for `Maxim MAX6633/MAX6634/MAX6635'...              No
Client found at address 0x61
Probing for `SMBus 2.0 ARP-Capable Device'...               Success!
    (confidence 1, driver `not-a-sensor')

Next adapter: SMBus nForce2 adapter at 4c00
Do you want to scan it? (YES/no/selectively): yes
Client found at address 0x08
Client found at address 0x50
Probing for `Analog Devices ADM1033'...                     No
Probing for `Analog Devices ADM1034'...                     No
Probing for `SPD EEPROM'...                                 Success!
    (confidence 8, driver `eeprom')
Probing for `EDID EEPROM'...                                No
Probing for `Maxim MAX6900'...                              No
Client found at address 0x51
Probing for `Analog Devices ADM1033'...                     No
Probing for `Analog Devices ADM1034'...                     No
Probing for `SPD EEPROM'...                                 Success!
    (confidence 8, driver `eeprom')

Some chips are also accessible through the ISA I/O ports. We have to
write to arbitrary I/O ports to probe them. This is usually safe though.
Yes, you do have ISA I/O ports even if you do not have any ISA slots!
Do you want to scan the ISA I/O ports? (YES/no): yes
Probing for `National Semiconductor LM78' at 0x290...       No
Probing for `National Semiconductor LM78-J' at 0x290...     No
Probing for `National Semiconductor LM79' at 0x290...       No
Probing for `Winbond W83781D' at 0x290...                   No
Probing for `Winbond W83782D' at 0x290...                   No
Probing for `Winbond W83627HF' at 0x290...                  No
Probing for `Silicon Integrated Systems SIS5595'...         No
Probing for `VIA VT82C686 Integrated Sensors'...            No
Probing for `VIA VT8231 Integrated Sensors'...              No
Probing for `AMD K8 thermal sensors'...                     Success!
    (confidence 9, driver `k8temp')
Probing for `IPMI BMC KCS' at 0xca0...                      No
Probing for `IPMI BMC SMIC' at 0xca8...                     No

Some Super I/O chips may also contain sensors. We have to write to
standard I/O ports to probe them. This is usually safe.
Do you want to scan for Super I/O sensors? (YES/no): yes
Probing for Super-I/O at 0x2e/0x2f
Trying family `ITE'...                                      Yes
Found `ITE IT8712F Super IO Sensors'                        Success!
    (address 0x290, driver `it87')
Trying family `National Semiconductor'...                   No
Trying family `SMSC'...                                     No
Trying family `VIA/Winbond/Fintek'...                       No
Probing for Super-I/O at 0x4e/0x4f
Trying family `ITE'...                                      No
Trying family `National Semiconductor'...                   No
Trying family `SMSC'...                                     No
Trying family `VIA/Winbond/Fintek'...                       No

Now follows a summary of the probes I have just done.
Just press ENTER to continue:

Driver `eeprom' (should be inserted):
  Detects correctly:
  * Bus `SMBus nForce2 adapter at 4c00'
    Busdriver `i2c-nforce2', I2C address 0x50
    Chip `SPD EEPROM' (confidence: 8)
  * Bus `SMBus nForce2 adapter at 4c00'
    Busdriver `i2c-nforce2', I2C address 0x51
    Chip `SPD EEPROM' (confidence: 8)

  EEPROMs are *NOT* sensors! They are data storage chips commonly
  found on memory modules (SPD), in monitors (EDID), or in some
  laptops, for example.

Driver `k8temp' (should be inserted):
  Detects correctly:
  * ISA bus, undetermined address (Busdriver `i2c-isa')
    Chip `AMD K8 thermal sensors' (confidence: 9)

Driver `it87' (should be inserted):
  Detects correctly:
  * ISA bus address 0x0290 (Busdriver `i2c-isa')
    Chip `ITE IT8712F Super IO Sensors' (confidence: 9)

I will now generate the commands needed to load the required modules.
Just press ENTER to continue:

To make the sensors modules behave correctly, add these lines to
/etc/modules:

#----cut here----
# I2C adapter drivers
i2c-nforce2
# Chip drivers
eeprom
# Warning: the required module k8temp is not currently installed
# on your system. For status of 2.6 kernel ports check
# http://www.lm-sensors.org/wiki/Devices. If driver is built
# into the kernel, or unavailable, comment out the following line.
k8temp
it87
#----cut here----


Do you want to add these lines to /etc/modules automatically? (yes/NO)yes
bender:~#
bender:~# /etc/init.d/module-init-tools
Loading kernel modules...done.
bender:~#
bender:~# sensors
it8712-isa-0290
Adapter: ISA adapter
VCore 1:   +1.39 V  (min =  +4.08 V, max =  +4.08 V)   ALARM
VCore 2:   +0.00 V  (min =  +4.08 V, max =  +4.08 V)   ALARM
+3.3V:     +3.28 V  (min =  +4.08 V, max =  +4.08 V)   ALARM
+5V:       +4.89 V  (min =  +6.85 V, max =  +6.85 V)   ALARM
+12V:     +11.78 V  (min = +16.32 V, max = +16.32 V)   ALARM
-12V:      -4.90 V  (min =  +3.93 V, max =  +3.93 V)   ALARM
-5V:      -13.64 V  (min =  +1.81 V, max =  +4.03 V)   ALARM
Stdby:     +4.76 V  (min =  +6.85 V, max =  +6.85 V)   ALARM
VBat:      +3.07 V
fan1:      869 RPM  (min =    0 RPM, div = 8)
fan2:      969 RPM  (min =    0 RPM, div = 8)
fan3:        0 RPM  (min =    0 RPM, div = 8)
M/B Temp:    +39°C  (low  =    -1°C, high =   -33°C)   sensor = thermistor   ALARM
CPU Temp:    +40°C  (low  =    -1°C, high =    -1°C)   sensor = thermistor   ALARM
Temp3:       +29°C  (low  =    -1°C, high =    -1°C)   sensor = thermistor   ALARM

bender:~#
 snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021
chip "it87-*" "it8712-*"

# The values below have been tested on Asus CUSI, CUM motherboards.

# Voltage monitors as advised in the It8705 data sheet

    label in0 "VCore 1"
    label in1 "VCore 2"
    label in2 "+3.3V"
    label in3 "+5V"
    label in4 "+12V"
    label in5 "-12V"
    label in6 "-5V"
    label in7 "Stdby"
    label in8 "VBat"

    # vid is not monitored by IT8705F
    # comment out if you have IT8712
    #ignore  vid

ignore in5
ignore in6
ignore in1
ignore in7

# Incubus Saturnus reports that the IT87 chip on Asus A7V8X-X seems
# to report the VCORE voltage approximately 0.05V higher than the board's
# BIOS does. Although it doesn't make much sense physically, uncommenting
# the next line should bring the readings in line with the BIOS' ones in
# this case.
# compute in0 -0.05+@ , @+0.05

# If 3.3V reads around 1.65V, uncomment the following line:
#    compute in2   2*@ , @/2

    compute in3 ((6.8/10)+1)*@ ,  @/((6.8/10)+1)
# A number of Gigabyte boards (GA-8IPE1000Pro, GA-8KNXP, GA-7N400-L) use
# a different resistor combination for +5V:
#    compute in3 ((10/10)+1)*@ ,  @/((10/10)+1)

    compute in4 ((30/10) +1)*@  , @/((30/10) +1)
# For this family of chips the negative voltage equation is different from
# the lm78.  The chip uses two external resistor for scaling but one is
# tied to a positive reference voltage.  See ITE8705/12 datasheet (SIS950
# data sheet is wrong)
# Vs = (1 + Rin/Rf) * Vin - (Rin/Rf) * Vref.
# Vref = 4.096 volts, Vin is voltage measured, Vs is actual voltage.

# The next two are negative voltages (-12 and -5).
# The following formulas must be used. Unfortunately the datasheet
# does not give recommendations for Rin, Rf, but we can back into
# them based on a nominal +2V input to the chip, together with a 4.096V Vref.
# Formula:
#    actual V = (Vmeasured * (1 + Rin/Rf)) - (Vref * (Rin/Rf))
#    For -12V input use Rin/Rf = 6.68
#    For -5V input use Rin/Rf = 3.33
# Then you can convert the forumula to a standard form like:
    compute in5 (7.67 * @) - 27.36  ,  (@ + 27.36) / 7.67
    compute in6 (4.33 * @) - 13.64  ,  (@ + 13.64) / 4.33
#
# this much simpler version is reported to work for a
# Elite Group K7S5A board
#
#   compute in5 -(36/10)*@, -@/(36/10)
#   compute in6 -(56/10)*@, -@/(56/10)
#
    compute in7 ((6.8/10)+1)*@ ,  @/((6.8/10)+1)

    set in0_min 1.0 * 0.95
    set in0_max 1.5 * 1.05
#    set in1_min 2.4
#    set in1_max 2.6
    set in2_min 3.3 * 0.95
    set in2_max 3.3 * 1.05
    set in3_min 5.0 * 0.95
    set in3_max 5.0 * 1.05
    set in4_min 12 * 0.95
    set in4_max 12 * 1.05
#    set in5_max -12 * 0.95
#    set in5_min -12 * 1.05
#    set in6_max -5 * 0.95
#    set in6_min -5 * 1.05
#    set in7_min 5 * 0.95
#    set in7_max 5 * 1.05
    #the chip does not support in8 min/max

# Temperature
#
# Important - if your temperature readings are completely whacky
# you probably need to change the sensor type.
# Adujst and uncomment the appropriate lines below.
# The old method (modprobe it87 temp_type=0xXX) is no longer supported.
#
# 2 = thermistor; 3 = thermal diode; 0 = unused
#   set sensor1 3
#   set sensor2 3
#   set sensor3 3
# If a given sensor isn't used, you will probably want to ignore it
# (see ignore statement right below).

    label temp1       "M/B Temp"
#    set   temp1_over  40
#    set   temp1_low   15
    label temp2       "CPU Temp"
#    set   temp2_over  45
#    set   temp2_low   15
#   ignore temp3
    label temp3       "Temp3"
#    set   temp3_over  45
#    set   temp3_low   15

# The A7V8X-X has temperatures inverted, and needs a conversion for
# CPU temp. Thanks to Preben Randhol for the formula.
#   label temp1       "CPU Temp"
#   label temp2       "M/B Temp"
#   compute temp1     (-15.096+1.4893*@), (@+15.096)/1.4893

# The A7V600 also has temperatures inverted, and needs a different
# conversion for CPU temp. Thanks to Dariusz Jaszkowski for the formula.
#   label temp1       "CPU Temp"
#   label temp2       "M/B Temp"
#   compute temp1     (@+128)/3, (3*@-128)

# Fans
#   set fan1_min 0
#   set fan2_min 3000
#   ignore fan3
#   set fan3_min 3000

label fan1 CPU
label fan2 Tunnel
ignore fan3

Backup

  • /etc/snmp/
  • /etc/default/snmpd

Links

linux/snmpd.txt · Dernière modification: 2011/01/08 13:26 par matthieu
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki