Index.
- Introduction.
- Install net-snmp.
- Configure the Trap Daemon.
- Configure the SNMP Daemon.
- System init.
- Download.
16-Nov-2011: initial release.
Introduction.
According to the WIKI: Simple Network Management Protocol (SNMP) is an “Internet-standard protocol for managing devices on IP networks”. Using SNMP on our Home Server is useful if you want to be able to keep track of your server hardware usage (disks, network etc), and issue alerts when something is wrong. With the aid of a collection tool like cacti you can make nice graphs.
Configuring SNMP is just not that simple. All the documentation and man pages are full of references to other documents so you are constantly hopping around and before you know it you are lost. I should have used SNMPv3 to secure the setup, but I decided to use SNMPv1. This is really insecure, but since it runs on a Home Network isolated from the rest of the world I could live with that.
Install net-snmp.
Install net-snmp:
[root@homsrv ~]# pacman -S net-snmp resolving dependencies... looking for inter-conflicts... Targets (1): net-snmp-5.7.1-1 Total Download Size: 2.16 MB Total Installed Size: 13.67 MB Proceed with installation? [Y/n] :: Retrieving packages from extra... net-snmp-5.7.1-1-i686 2.2M 991.0K/s 00:00:02 [######################] 100% (1/1) checking package integrity [######################] 100% (1/1) checking for file conflicts [######################] 100% (1/1) installing net-snmp [######################] 100% Optional dependencies for net-snmp perl-term-readkey: for snmpcheck application perl-tk: for snmpcheck and tkmib applications python2: for the python modules [root@homsrv ~]#
Configure the Trap Daemon.
On the Home Server we will configure and run the SNMP trap daemon. This daemon collects all alert and information messages from all other servers including the Home Server itself. We configure the alert messages to send email messages so that we are notified if something is wrong. Here is an example trap message:
Host: <UNKNOWN> (UDP: [10.126.160.253]:38813->[10.126.160.253]:162) sysUpTimeInstance 0:0:00:00.59 snmpTrapOID.0 mteTriggerFired mteHotTrigger.0 process table mteHotTargetName.0 mteHotContextName.0 mteHotOID.0 prErrorFlag.17 mteHotValue.0 1 prNames.17 smartd prErrMessage.17 No smartd process running snmpTrapAddress.0 10.126.161.2 snmpTrapCommunity.0 "wpllan" snmpTrapEnterprise.0 dismanEventMIBNotificationPrefix
Create the directory /etc/snmp and create the file /etc/snmp/snmptrapd.conf:
########################################################################### # # snmptrapd.conf at homsrv.wpl.ym authCommunity log,execute,net wpllan snmpTrapdAddr 10.126.160.253,10.126.161.2 disableAuthorization yes format1 "%02.2h:%02.2j TRAP %W.%q from %A" format2 "%02.2h:%02.2j TRAP %W.%q from %A" outputOption s traphandle default /usr/bin/traptoemail -s localhost -f snmp@wpl.uk admin@wpl.uk
Here we have defined what to do with the messages that the trap daemon receives. To add a little bit of security, we only listen on the IPv4 addresses of the users LAN and internal gateway network.
Because there is no rc.d script for snmptrapd you have to write that yourself. Create /etc/rc.d/snmptrapd:
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
PID=`pidof -o %PPID /usr/sbin/snmptrapd`
case "$1" in
start)
stat_busy "Starting SNMP Trap Daemon"
[ -z "$PID" ] && /usr/sbin/snmptrapd -Lsd -C -c /etc/snmp/snmptrapd.conf -p
/var/run/snmptrapd.pid
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon snmptrapd
stat_done
fi
;;
stop)
stat_busy "Stopping SNMP Trap Daemon"
[ ! -z "$PID" ] && kill $PID &> /dev/null
if [ $? -gt 0 ]; then
stat_fail
else
rm /var/run/snmptrapd.pid
rm_daemon snmptrapd
stat_done
fi
;;
restart)
$0 stop
sleep 2
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0
Now start the trap daemon:
[root@homsrv ~]# rc.d start snmptrapd :: Starting SNMP Trap Daemon [DONE] [root@homsrv ~]#
Configure the SNMP Daemon.
Now we need to configure the SNMP daemon. We will use SNMPv1 with the community name public which everyone uses. Therefore, don’t allow SNMP from the Internet, and if you use the example firewall it is already closed by default. Create /etc/snmp/snmpd.conf. Only important lines are shown, the file in the download archive is a lot longer.
########################################################################### # # snmpd.conf at homsrv.wpl.ym # ########################################################################### # SECTION: Access Control Setup, IPv4 and IPv6 rocommunity public rocommunity6 public agentaddress 10.126.160.253,10.126.161.2 ########################################################################### # SECTION: Trap Destinations # # Here we define who the agent will send traps to. # trapcommunity wpllan trapsink 10.126.161.2:162 agentSecName internal rouser internal defaultMonitors yes ########################################################################### # SECTION: Interfaces # Interface br0 6 1000000000 Interface eth0 6 0 Interface tap0 6 0 Interface eth1 6 0 Interface vboxnet0 6 1000000000 Interface vboxnet1 6 1000000000 ########################################################################### # SECTION: Monitor Various Aspects of the Running Host # # The following check up on various aspects of a host. proc httpd 25 3 proc crond 1 1 proc syslog-ng 2 2 proc master 2 2 proc clamd 5 1 proc clamav-milter 5 1 proc smbd 10 2 disk / 10% disk /mnt/vserver 10% disk /home 10% disk /mnt/users 10% disk /mnt/media 10% disk /mnt/amanda 10% load 20 15 12 ########################################################################### # SECTION: System Information Setup # syslocation "Server room 2" syscontact Administrator <admin@wpl.uk> sysservices 79 sysName "homsrv.wpl.ym" sysDescr "Home Server for wpl.ym" ############################################################################# # # Section experimental # Squid proxy # proxy -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1
If you have squid configured like in our example setup, then the last line will work and make some data from the squid web proxy available.
Next, modify /etc/conf.d/snmpd:
# # Parameters to be passed to snmpd # SNMPD_ARGS="-LS3d"
Now start snmpd:
[root@homsrv ~]# rc.d start snmpd :: Starting Net-SNMP [DONE] [root@homsrv ~]#
You should install the snmp daemon on the virtual machines too.
System init.
On the Home Server itself we have to start snmptrapd and snmpd. We need the trap daemon as soon as possible, we can do this right after the network is configured. On the other side, we must start snmpd at the last moment because it watches other system daemons which must be started before snmpd. This also means that daemons that are watched in snmpd cannot be started in the background because you then can get false alerts. So, start snmptrapd after openvpn and start snmpd last.
Download.
The following file contains all these examples.
