[SoCoSA/discuss] snmpd

Eric Eisenhart freiheit at gmail.com
Sun Dec 30 18:33:44 PST 2007 

Sean,

It sounds like maybe you don't have all the packages you need  
installed or there's something wrong with the installation of them,  
since you should really have snmpwalk...

If that's not the problem, my next guess is that you configured snmpd  
with a community string but didn't give that community string access  
to read much (or anything).

More details follow:

I'm scanning my puppet recipes for setting up snmpd now, and here's  
what I do for hosts to be monitored:
* open UDP port 161 to the monitoring host in iptables
* ensure the "net-snmp" package is installed (this is for RHEL  
systems, though)
* ensure the "snmpd" service is running
* Add the following lines to /etc/snmp/snmpd.conf:
      com2sec mynetwork 130.157.5.0/24 PASSWORD
      group MyROGroup v2c mynetwork
      view all included .1
      access MyROGroup "" v2c noauth prefix all none none
      includeAllDisks 0%
(except "PASSWORD" is the community string; and no leading spaces.   
And you'd want to replace 130.157.5.0/24 with a network mask  
appropriate for your network, not mine)

The com2sec line links the community string to an internal security  
setting.  The group links that security setting to a "group", the  
"access" line gives that group access, and the "view" line includes  
everything in the access for that view.  The "includeAllDisks" line  
turns on some additional information about disks that we use for  
checking how full disks are.  (without that, the only information  
available about disks is stuff that doesn't take into account the  
reserved blocks)

It's entirely possible that you've set up the community string but not  
given it access to the data that you're interested in.

You mentioned "apt-get" in your other message, so I'm assuming you're  
using Debian or Ubuntu.  It looks like on those the package you need  
to install to get "snmpwalk" is "snmp".  Except both "snmpd" and  
"cacti" packages depend on the "snmp" package, so you should really  
have those already...  leading me to wonder how you got the other  
stuff installed, and if there wasn't some kind of problem with the  
install...  What exactly is the OS on these systems?

Try this for a test:
snmpwalk -v 2c -c public ns2

Except replace "public" with whatever community string you've set up.   
I find debugging snmp issues much easier with snmpwalk, since it'll  
return something even if I don't know the proper label for something  
that it's configured to return.

On Dec 30, 2007, at 4:51 PM, Sean wrote:

> This is the first time I've worked with snmpd (using Cacti to
> monitor/query network server and vm bandwidth stats), and I'm having
> some difficulty.
>
> I should mention that I've tried this on a vm with a public IP and on
> a vm with no firewall and a local IP from the same DHCP server. Both
> give me timeout responses. At the moment I don't have another
> standalone linux box, but the virtual servers should be sufficient.
>
> I've installed snmpd on both systems, and configured them to have the
> same community and opened up the firewall on port UDP 161 for
> communication.
>
> Here are two errors that I'm getting:
>
> # snmpget ns2 sysUpTime.0
> snmpget: Timeout (Sub-id not found: (top) -> sysUpTime)
>
> # snmpget -v 1 -c public ns2 SNMPv2-MIB::sysUpTime.0
> Timeout: No Response from ns2.
>
> ns2 is the remote servername (w/ public IP) in my hosts file. Even if
> I use the FQDN I get the same errors.
>
> Do any of you have any ideas? I'm fairly sure I've overlooked
> something but cannot figure out what.
>
> Thank you.
>
> Sean
>
> _______________________________________________
> SoCoSA discuss mailing list
> discuss at socosa.org
> Your address: freiheit at socosa.org
> http://socosa.org/mailman/listinfo/discuss
> http://socosa.org/mailman/options/discuss/freiheit%40socosa.org
>

More information about the discuss mailing list