FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 09-12-2008, 01:46 AM
"Bob Hoffman"
 
Default SNMP and OID/MIB/MRTG

Hi all.

I am having an issue and quite frankly would rather not spend the entire
next two days learning the entire snmp program. I am hoping someone out
there has used MRTG and SNMP to make it work.


I have both installed. Single server, polling itself.

Question 1- does snmpd have to run as a daemon, or only run once so I can
get OID and MIBs from it?

Question 2- does anyone know the command in snmp to get the required OID and
MIBs that MRTG needs to use? Or at least the name of it? There are a lot of
poorly written man pages, but so far all of them require an MIB or OID to
use the commands I have read.

Question 3- since not going outside of the server, is there any security
setting in some snmp config file that makes it only look on my local server
and not allow others to use it or hack it?

Question 4- all over the internet there are examples in MRTG using all sorts
of made up names like 'crazyguy33@servername' and things like that for the
cfg file. And alsoin the snmp forum posts, but no one really talks about
where this name comes from other than it is assigned to your network device
or something.


Any help appreciated. I will post the final solution to how to configure
snmp and mrtg to work on centos5.2 when I finally figure it out so no one
else has to take all week to do so!!!

Whoo hoo!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 02:17 AM
"nate"
 
Default SNMP and OID/MIB/MRTG

Bob Hoffman wrote:

While it is somewhat outdated, MRTG itself is outdated as well,
I wrote a howto for MRTG about 5-6 years ago -

http://howto.aphroland.org//HOWTO/MRTG/

(I haven't maintained it in years, and have no real plans to
update the site again in the future)

> Question 1- does snmpd have to run as a daemon, or only run once so I can
> get OID and MIBs from it?

If your wanting to collect data using SNMP then anything your
collecting data from must be running a SNMP daemon. MRTG is
fully capable of executing scripts to gather data as well.

> Question 2- does anyone know the command in snmp to get the required OID and
> MIBs that MRTG needs to use? Or at least the name of it? There are a lot of
> poorly written man pages, but so far all of them require an MIB or OID to
> use the commands I have read.

Defines "needs to use", mrtg comes with a tool called 'cfgmaker'
which will scan any SNMP target and automatically generate a
configuration for all of the network interfaces it can find on
the target. You can then use mrtg against that config file to
gather stats.

> Question 3- since not going outside of the server, is there any security
> setting in some snmp config file that makes it only look on my local server
> and not allow others to use it or hack it?

You can add a iptables firewall rule to reject packets destined
to your SNMP server (161/udp) unless they come over the loopback
interface.

> Question 4- all over the internet there are examples in MRTG using all sorts
> of made up names like 'crazyguy33@servername' and things like that for the
> cfg file. And alsoin the snmp forum posts, but no one really talks about
> where this name comes from other than it is assigned to your network device
> or something.

In the example above crazyguy33 is the SNMP community string
assigned to the system(configured in snmpd.conf). By default
the read-only string is public. You can set it to anything
you want.

> Any help appreciated. I will post the final solution to how to configure
> snmp and mrtg to work on centos5.2 when I finally figure it out so no one
> else has to take all week to do so!!!

You may want to look into using cacti or some other tool instead,
MRTG has some pretty severe limitations. Cacti uses RRDTool as
it's back end, RRDTool is more or less the successor to MRTG and
was initially released I think about 10 years ago, to give an
idea how old MRTG is.

I still use MRTG on my home network, though mostly because it's
legacy shit that I setup 7 years ago and haven't moved to cacti
yet, it slowly breaking down as time goes on since I'm not
maintaining it anymore.

nate

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 02:23 AM
"Filipe Brandenburger"
 
Default SNMP and OID/MIB/MRTG

Hi,

On Thu, Sep 11, 2008 at 21:46, Bob Hoffman <bob@bobhoffman.com> wrote:
> Question 1- does snmpd have to run as a daemon, or only run once so I can
> get OID and MIBs from it?

Yes, it has to be running as a daemon.

> Question 2- does anyone know the command in snmp to get the required OID and
> MIBs that MRTG needs to use? Or at least the name of it? There are a lot of
> poorly written man pages, but so far all of them require an MIB or OID to
> use the commands I have read.

Well, the OIDs that you will use on MRTG's config will depend on what
you want MRTG to trace. Is it the network traffic? Is it the disk
usage? Is it the CPU usage? Free memory? You can get MRTG to trace any
of that by using the specific OIDs. You can use the "snmpwalk" program
to see all the information that the daemon will have to offer in order
to choose what you want to plot.

> Question 3- since not going outside of the server, is there any security
> setting in some snmp config file that makes it only look on my local server
> and not allow others to use it or hack it?

Yes, you can restrict snmpd to answer only to the localhost. I suggest
you start with a /etc/snmp/snmpd.conf that contains this line only:

rocommunity MySecretString 127.0.0.1

Replace "MySecretString" with a secret string not known to others,
this string is what is called "community" in snmp-speak. This way,
snmpd will answer only to queries made from the localhost, and only to
someone who knows the right "community" secret string (like a
password).

> Question 4- all over the internet there are examples in MRTG using all sorts
> of made up names like 'crazyguy33@servername' and things like that for the
> cfg file. And alsoin the snmp forum posts, but no one really talks about
> where this name comes from other than it is assigned to your network device
> or something.

This is probably the community and the host. As I suggested
restricting to localhost only, you will probably want to use something
like "MySecretString@localhost", obviously replacing "MySecretString"
with the one you chose.

The CentOS Wiki also has resources on MRTG, I suggest you look there as well:
http://wiki.centos.org/TipsAndTricks/MRTG

HTH!
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 02:27 AM
John R Pierce
 
Default SNMP and OID/MIB/MRTG

nate wrote:

Bob Hoffman wrote:

While it is somewhat outdated, MRTG itself is outdated as well,



indeed, RRDTOOL is the new MRTG. and Cacti, which is a web wrapper for it.

http://oss.oetiker.ch/rrdtool/

http://www.cacti.net/


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 02:55 AM
"Bob Hoffman"
 
Default SNMP and OID/MIB/MRTG

Thanks for the input..now that I have really been reading...I find that
MRTG, or any of those programs is easy...

It is snmp that requires the college degree. I just ordered 2 books on it.

There is no way to poll the hardware without extensive knowledge of snmp.
The man pages are horrendous and some are outdated. Obviously you need to
know how to build and manage MIBs so you can then call to them with MRTG or
the other programs.


So...

Needless to say, MRTG is now off as is snmp. I think this will be one of
those 'maybe next year when I can learn all about acessing hardware like an
engineer' and all.

I will just do some light reading with the books and maybe in the future I
will figure out how to make mibs so I can grab them.

That is the issue, not mrtg, it is snmp.

One of those fun linux user things...I want to use this program..okay,
easy...but you need a college degree in 'this program' to access the first
one..

Ugh...

I'll just stick with webalizer and top for keeping tabs on the network. Then
in the future, if I persue the degree in snmp and learn all about MIBs, I
will check out the program.

Wish I had the last two days back...what a complete waste.

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of nate
> Sent: Thursday, September 11, 2008 10:17 PM
> To: centos@centos.org
> Subject: Re: [CentOS] SNMP and OID/MIB/MRTG
>
> Bob Hoffman wrote:
>
> While it is somewhat outdated, MRTG itself is outdated as
> well, I wrote a howto for MRTG about 5-6 years ago -
>
> http://howto.aphroland.org//HOWTO/MRTG/
>
> (I haven't maintained it in years, and have no real plans to
> update the site again in the future)
>
> > Question 1- does snmpd have to run as a daemon, or only run
> once so I
> > can get OID and MIBs from it?
>
> If your wanting to collect data using SNMP then anything your
> collecting data from must be running a SNMP daemon. MRTG is
> fully capable of executing scripts to gather data as well.
>
> > Question 2- does anyone know the command in snmp to get the
> required
> > OID and MIBs that MRTG needs to use? Or at least the name
> of it? There
> > are a lot of poorly written man pages, but so far all of
> them require
> > an MIB or OID to use the commands I have read.
>
> Defines "needs to use", mrtg comes with a tool called 'cfgmaker'
> which will scan any SNMP target and automatically generate a
> configuration for all of the network interfaces it can find
> on the target. You can then use mrtg against that config file
> to gather stats.
>
> > Question 3- since not going outside of the server, is there any
> > security setting in some snmp config file that makes it
> only look on
> > my local server and not allow others to use it or hack it?
>
> You can add a iptables firewall rule to reject packets
> destined to your SNMP server (161/udp) unless they come over
> the loopback interface.
>
> > Question 4- all over the internet there are examples in
> MRTG using all
> > sorts of made up names like 'crazyguy33@servername' and things like
> > that for the cfg file. And alsoin the snmp forum posts, but no one
> > really talks about where this name comes from other than it is
> > assigned to your network device or something.
>
> In the example above crazyguy33 is the SNMP community string
> assigned to the system(configured in snmpd.conf). By default
> the read-only string is public. You can set it to anything you want.
>
> > Any help appreciated. I will post the final solution to how to
> > configure snmp and mrtg to work on centos5.2 when I finally
> figure it
> > out so no one else has to take all week to do so!!!
>
> You may want to look into using cacti or some other tool
> instead, MRTG has some pretty severe limitations. Cacti uses
> RRDTool as it's back end, RRDTool is more or less the
> successor to MRTG and was initially released I think about 10
> years ago, to give an idea how old MRTG is.
>
> I still use MRTG on my home network, though mostly because
> it's legacy shit that I setup 7 years ago and haven't moved
> to cacti yet, it slowly breaking down as time goes on since
> I'm not maintaining it anymore.
>
> nate
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 02:59 AM
"Bob Hoffman"
 
Default SNMP and OID/MIB/MRTG

>From what I read in the man pages about snmpwalk....and the snmp.conf file,
I had better take a very long course in configuration of snmp before I
fiddle with it.

At least now I know why there is not 'walk through' online showing you how
to do this...all of them nimbly 'skip' over the whole process of getting the
MIB and just insert this 'mysterious' info into the tutorial...

Gotta love it.

I do promise you all, that I will learn snmp as I think it could be an
important tool for a wsystem admin. Once I get it down, at least the basics,
I will post a very detailed how to on it and hopefully others can use it
without spending months on leanring hardware engineering.

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Filipe Brandenburger
> Sent: Thursday, September 11, 2008 10:23 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] SNMP and OID/MIB/MRTG
>
> Hi,
>
> On Thu, Sep 11, 2008 at 21:46, Bob Hoffman <bob@bobhoffman.com> wrote:
> > Question 1- does snmpd have to run as a daemon, or only run
> once so I
> > can get OID and MIBs from it?
>
> Yes, it has to be running as a daemon.
>
> > Question 2- does anyone know the command in snmp to get the
> required
> > OID and MIBs that MRTG needs to use? Or at least the name
> of it? There
> > are a lot of poorly written man pages, but so far all of
> them require
> > an MIB or OID to use the commands I have read.
>
> Well, the OIDs that you will use on MRTG's config will depend
> on what you want MRTG to trace. Is it the network traffic? Is
> it the disk usage? Is it the CPU usage? Free memory? You can
> get MRTG to trace any of that by using the specific OIDs. You
> can use the "snmpwalk" program to see all the information
> that the daemon will have to offer in order to choose what
> you want to plot.
>
> > Question 3- since not going outside of the server, is there any
> > security setting in some snmp config file that makes it
> only look on
> > my local server and not allow others to use it or hack it?
>
> Yes, you can restrict snmpd to answer only to the localhost.
> I suggest you start with a /etc/snmp/snmpd.conf that contains
> this line only:
>
> rocommunity MySecretString 127.0.0.1
>
> Replace "MySecretString" with a secret string not known to
> others, this string is what is called "community" in
> snmp-speak. This way, snmpd will answer only to queries made
> from the localhost, and only to someone who knows the right
> "community" secret string (like a password).
>
> > Question 4- all over the internet there are examples in
> MRTG using all
> > sorts of made up names like 'crazyguy33@servername' and things like
> > that for the cfg file. And alsoin the snmp forum posts, but no one
> > really talks about where this name comes from other than it is
> > assigned to your network device or something.
>
> This is probably the community and the host. As I suggested
> restricting to localhost only, you will probably want to use
> something like "MySecretString@localhost", obviously
> replacing "MySecretString"
> with the one you chose.
>
> The CentOS Wiki also has resources on MRTG, I suggest you
> look there as well:
> http://wiki.centos.org/TipsAndTricks/MRTG
>
> HTH!
> Filipe
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 03:05 AM
"Filipe Brandenburger"
 
Default SNMP and OID/MIB/MRTG

Hi,

On Thu, Sep 11, 2008 at 22:55, Bob Hoffman <bob@bobhoffman.com> wrote:
> Needless to say, MRTG is now off as is snmp. I think this will be one of
> those 'maybe next year when I can learn all about acessing hardware like an
> engineer' and all.

You can actually use MRTG without SNMP, specially if you are plotting
graphs for the local machine only, by using the backticks feature of
MRTG. You can actually write shell commands or scripts that gather the
numbers, using commands such as netstat, ifconfig, df, vmstat, iostat,
etc., and use them inside `...` inside your MRTG config file. I used
to do it to get information from data collected through BigBrother
monitoring system, the same can also be done with Nagios.

But if you are looking into implementing a graphing solution, you
should probably look into a more modern tool, since MRTG is quite
outdated and it has several shortcomings (only integer values, only
two datasets per graph, etc.) I would recommend you look into Cacti or
Munim, since those are simpler and more featurefull than MRTG. Oh, and
both have their own data collecting agents, so you don't have to mess
with SNMP to make it work. This is not always good, me, for instance,
I prefer to collect all my data using SNMP, as I can use the same
protocol to gather data from Unix machines, Windows machines, network
switches, VPN concentrators, Environment Monitoring Systems, UPSs, and
so on. But for what you want, I believe Cacti or Munim (and certainly
other similar systems) would be quite appropriate.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 03:07 AM
"Bob Hoffman"
 
Default SNMP and OID/MIB/MRTG

You know...it would be nice to write a program that would use snmp to just
scan through the local computer, grab OIDs...and then ask you which ones you
wanted to make MIBs with.

Then you could just grab those with the graphing programs.
I think that would be an awesome tool to build for linux.



> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Filipe Brandenburger
> Sent: Thursday, September 11, 2008 10:23 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] SNMP and OID/MIB/MRTG
>
> Hi,
>
> On Thu, Sep 11, 2008 at 21:46, Bob Hoffman <bob@bobhoffman.com> wrote:
> > Question 1- does snmpd have to run as a daemon, or only run
> once so I
> > can get OID and MIBs from it?
>
> Yes, it has to be running as a daemon.
>
> > Question 2- does anyone know the command in snmp to get the
> required
> > OID and MIBs that MRTG needs to use? Or at least the name
> of it? There
> > are a lot of poorly written man pages, but so far all of
> them require
> > an MIB or OID to use the commands I have read.
>
> Well, the OIDs that you will use on MRTG's config will depend
> on what you want MRTG to trace. Is it the network traffic? Is
> it the disk usage? Is it the CPU usage? Free memory? You can
> get MRTG to trace any of that by using the specific OIDs. You
> can use the "snmpwalk" program to see all the information
> that the daemon will have to offer in order to choose what
> you want to plot.
>
> > Question 3- since not going outside of the server, is there any
> > security setting in some snmp config file that makes it
> only look on
> > my local server and not allow others to use it or hack it?
>
> Yes, you can restrict snmpd to answer only to the localhost.
> I suggest you start with a /etc/snmp/snmpd.conf that contains
> this line only:
>
> rocommunity MySecretString 127.0.0.1
>
> Replace "MySecretString" with a secret string not known to
> others, this string is what is called "community" in
> snmp-speak. This way, snmpd will answer only to queries made
> from the localhost, and only to someone who knows the right
> "community" secret string (like a password).
>
> > Question 4- all over the internet there are examples in
> MRTG using all
> > sorts of made up names like 'crazyguy33@servername' and things like
> > that for the cfg file. And alsoin the snmp forum posts, but no one
> > really talks about where this name comes from other than it is
> > assigned to your network device or something.
>
> This is probably the community and the host. As I suggested
> restricting to localhost only, you will probably want to use
> something like "MySecretString@localhost", obviously
> replacing "MySecretString"
> with the one you chose.
>
> The CentOS Wiki also has resources on MRTG, I suggest you
> look there as well:
> http://wiki.centos.org/TipsAndTricks/MRTG
>
> HTH!
> Filipe
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 03:40 AM
"nate"
 
Default SNMP and OID/MIB/MRTG

Bob Hoffman wrote:
> You know...it would be nice to write a program that would use snmp to just
> scan through the local computer, grab OIDs...and then ask you which ones you
> wanted to make MIBs with.
>
> Then you could just grab those with the graphing programs.
> I think that would be an awesome tool to build for linux.
>

It's not exactly free and it's not web based, but this is a pretty
good tool, I plan to buy it pretty soon(been using the free
version off and on for a while now. though it's limited).

http://www.ireasoning.com/mibbrowser.shtml

I've been digging quite a bit deeper into SNMP the past couple
months at my new company monitoring hundreds of stats from our
network equipment, and having the mibbrowser is really really
helpful. No way I could of done most of it without it. My
cacti system collects more than 10 million data points a day,
on one dual proc quad core box. More than 95% of the stuff I
put into cacti comes from scripts I wrote(I write the
scripts to gather many data points simultaneously to reduce
the amount of RRD data files stored improving performance by
more than 10x.)

If someone knows of a better MIB browser I'd certainly be open
to checking it out, having looked around quite a bit the past
couple years I haven't found anything better myself that runs
on Linux.

I certainly do agree that SNMP is a black art, not sure why
it is so complicated, perhaps it just helps to sell those
$100k enterprise monitoring packages because there's little
hope for the average admin to figure out how to do it on
their own.

At my current job(started in March), before I came on they
were telling me how the previous admin setup CPU monitoring
in cacti, and yet the CPU graphs never seemed to go above
25%. They weren't aware that the CPU usage reported by the
snmp daemon used in linux returns useless, completely
inaccurate data(this is documented pretty clearly in the
daemon documentation but doesn't seem to be common
knowledge).

I've refined my data collection scripts over the past 5
years or so, they work great now. CPU usage for my cacti
systems is sourced from 'sar'. I really hate how sar has
gone down hill as far as ability to parse it. RHEL 3
was great, RHEL 4 was ok, and RHEL 5 is almost useless,
don't know what I'll do when RHEL 6 comes out.

nate


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-12-2008, 03:53 AM
"Bob Hoffman"
 
Default SNMP and OID/MIB/MRTG

I just wish that someone posted 'hey, don't waste time with mrtg until you
deal with snmp..and good luck with that'

School of hard knocks...I coulda went to the beach the last week...


I will check out that program

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org