如何配置 snmpd.conf 文件使 SET 命令在 net-snmp 中起作用?
How to configure snmpd.conf file to make work SET command in net-snmp?
我已经配置了snmpd.conf如下
com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none
mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB
rocommunity private localhost
rwcommunity private localhost
pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh
有路径
/etc/snmp/snmpd.conf
所以之后我尝试发送以下命令
- 获取下一个
- 获取
- 批量获取
- 步行
- 设置
在尝试了上述所有命令后,我观察到的一件事是,除“设置”命令外,所有命令都运行良好。
为了调试这个问题,我首先确认我试图设置的变量在 MIB 文件中具有读写访问权限。我使用的 MIB 文件如下
GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;
pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
"postal: admin @ admin"
DESCRIPTION
"This Mib module defines objects for signal statistics"
REVISION "202005100000Z"
DESCRIPTION
"Corrected notification example definitions"
REVISION "200202060000Z"
DESCRIPTION
"First draft"
::= { enterprises 53864 }
--
-- top level structure
--
pduVar OBJECT IDENTIFIER ::= { pduInfo 1 }
--
-- Example scalars
--
gpsVar1 OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"the latest value of signal"
DEFVAL { "hello" }
::= { pduVar 1 }
END
从 MIB 浏览器发送“SET”命令后,出现以下错误
“SET 命令问题”的原因是什么。谁能帮我理解这背后的问题?
经过大量搜索,终于找到了解决方案。现在我编辑了 snmpd.conf 如下,
########################################################################
#######
# Access Control
#######################################################################
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):
# sec.name source community
#com2sec paranoid default public
#com2sec readonly default public
com2sec readwrite default private
####
# Second, map the security names into group names:
# sec.model sec.name
#group MyROSystem v1 paranoid
#group MyROSystem v2c paranoid
#group MyROSystem usm paranoid
#group MyROGroup v1 readonly
#group MyROGroup v2c readonly
#group MyROGroup usm readonly
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite
####
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
view all included .1 80
view system included .iso.org.dod.internet.mgmt.mib-2.system
####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
#access MyROSystem "" any noauth exact system none none
#access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
# ------------------------------------------------------------------
我已经配置了snmpd.conf如下
com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none
mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB
rocommunity private localhost
rwcommunity private localhost
pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh
有路径
/etc/snmp/snmpd.conf
所以之后我尝试发送以下命令
- 获取下一个
- 获取
- 批量获取
- 步行
- 设置
在尝试了上述所有命令后,我观察到的一件事是,除“设置”命令外,所有命令都运行良好。
为了调试这个问题,我首先确认我试图设置的变量在 MIB 文件中具有读写访问权限。我使用的 MIB 文件如下
GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;
pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
"postal: admin @ admin"
DESCRIPTION
"This Mib module defines objects for signal statistics"
REVISION "202005100000Z"
DESCRIPTION
"Corrected notification example definitions"
REVISION "200202060000Z"
DESCRIPTION
"First draft"
::= { enterprises 53864 }
--
-- top level structure
--
pduVar OBJECT IDENTIFIER ::= { pduInfo 1 }
--
-- Example scalars
--
gpsVar1 OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"the latest value of signal"
DEFVAL { "hello" }
::= { pduVar 1 }
END
从 MIB 浏览器发送“SET”命令后,出现以下错误
“SET 命令问题”的原因是什么。谁能帮我理解这背后的问题?
经过大量搜索,终于找到了解决方案。现在我编辑了 snmpd.conf 如下,
########################################################################
#######
# Access Control
#######################################################################
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):
# sec.name source community
#com2sec paranoid default public
#com2sec readonly default public
com2sec readwrite default private
####
# Second, map the security names into group names:
# sec.model sec.name
#group MyROSystem v1 paranoid
#group MyROSystem v2c paranoid
#group MyROSystem usm paranoid
#group MyROGroup v1 readonly
#group MyROGroup v2c readonly
#group MyROGroup usm readonly
group MyRWGroup v1 readwrite
group MyRWGroup v2c readwrite
group MyRWGroup usm readwrite
####
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
view all included .1 80
view system included .iso.org.dod.internet.mgmt.mib-2.system
####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
#access MyROSystem "" any noauth exact system none none
#access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
# ------------------------------------------------------------------