UJP - 技術情報2 : macOSでSNMPDが利用できるまで MacOSX/HigiSierra/snmpd

I hope this helps.

不正IP報告数

Okan Sensor
 
メイン
ログイン
ブログ カテゴリ一覧

Page Top

はじめに anchor.png Edit

 macOSをサーバとして運用するので,SNMPによって性能などの監視を行いたい.SNMPはSNMPDで情報を得ることができるが,macOSはデフォルトではSNMPDが起動してないので,その起動や,諸設定を行う.  今回は,macOS 10.13.6のHigh Sierraで動作確認した.

Page Top

現状確認. anchor.png Edit

 まずは,現在SNMPプロセスが起動してない事を確認.

$ ps -ef|grep snmp🆑
  501 66796 65920   0  4:51PM ttys003    0:00.00 grep snmp
$

 プロセスは起動してない.  macOSの場合はLaunchDaemonでサーバプロセスを管理しているが,その設定ファイルを確認する.

$ locate snmp|grep plist🆑
/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
$

 確認できた設定ファイルの中身を表示.

$ cat /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist🆑
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disabled</key>
	<true/>
	<key>Label</key>
	<string>org.net-snmp.snmpd</string>
	<key>KeepAlive</key>
	<true/>
	<key>Program</key>
	<string>/usr/sbin/snmpd</string>
	<key>ProgramArguments</key>
	<array>
		<string>snmpd</string>
		<string>-f</string>
	</array>
	<key>ProcessType</key>
	<string>Background</string>
</dict>
</plist>
$

 Disabledになっているので,起動してないのかな.  LaunchDaemonでSNMPDをroot権限で起動する.

$ sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist🆑
Password:🆑
$

 プロセスを確認.

$ ps -ef|grep snmp🆑
    0 66808     1   0  4:52PM ??         0:00.23 /usr/libexec/snmpd -f🈁
  501 66812 65920   0  4:52PM ttys003    0:00.00 grep snmp
$

 稼働確認できた.

Page Top

SNMPで接続してみる anchor.png Edit

 SNMPDプロセスが起動したので,次はsnmpwalkコマンドを使って,SNMPで接続して情報を取得する.  コマンドの場所を確認.

$ which snmpwalk🆑
/usr/bin/snmpwalk🈁
$

 snmpwalkコマンドで接続してみる.

$ snmpwalk -v 2c -c public localhost🆑
SNMPv2-MIB::sysContact.0 = STRING: Administrator <postmaster@example.com>
SNMPv2-MIB::sysContact.0 = No more variables left in this MIB View (It is past the end of the MIB tree)
$

 何の情報も出てないが,Timeoutとかのエラーになってないので,想定内と言える.

Page Top

snmpd.confをsnmpconfコマンドを使って対話的に設定する anchor.png Edit

Page Top

snmpd.confファイルを確認 anchor.png Edit

 snmpconfコマンドを使うと,/usr/share/snmp/snmpd.confが作成されるが,現在存在しているか確認する.

$ ls -lat  /usr/share/snmp🆑
total 60
drwxr-xr-x 47 root wheel  1504  4  3  2018 ..
drwxr-xr-x 65 root wheel  2080  7 16  2017 mibs
drwxr-xr-x 28 root wheel   896  7 16  2017 .
-rw-r--r--  1 root wheel 16218  7 16  2017 SensorDat.xml
drwxr-xr-x 69 root wheel  2208  7 16  2017 mib2c-data
-rw-r--r--  1 root wheel  6531  7 16  2017 mib2c.access_functions.conf
-rw-r--r--  1 root wheel  2391  7 16  2017 mib2c.check_values_local.conf
-rw-r--r--  1 root wheel 28202  7 16  2017 mib2c.container.conf
-rw-r--r--  1 root wheel  8498  7 16  2017 mib2c.genhtml.conf
-rw-r--r--  1 root wheel  3088  7 16  2017 mib2c.int_watch.conf
-rw-r--r--  1 root wheel  2027  7 16  2017 mib2c.notify.conf
-rw-r--r--  1 root wheel  8777  7 16  2017 mib2c.perl.conf
-rw-r--r--  1 root wheel 19509  7 16  2017 mib2c.raw-table.conf
-rw-r--r--  1 root wheel 22905  7 16  2017 mib2c.table_data.conf
drwxr-xr-x  5 root wheel   160  7 16  2017 snmpconf-data
-rw-r--r--  1 root wheel 37700  7 16  2017 mib2c.array-user.conf
-rw-r--r--  1 root wheel  4646  7 16  2017 mib2c.check_values.conf
-rw-r--r--  1 root wheel   330  7 16  2017 mib2c.column_defines.conf
-rw-r--r--  1 root wheel   602  7 16  2017 mib2c.column_enums.conf
-rw-r--r--  1 root wheel   728  7 16  2017 mib2c.column_storage.conf
-rw-r--r--  1 root wheel 11942  7 16  2017 mib2c.conf
-rw-r--r--  1 root wheel  3471  7 16  2017 mib2c.create-dataset.conf
-rw-r--r--  1 root wheel 22345  7 16  2017 mib2c.iterate.conf
-rw-r--r--  1 root wheel 15095  7 16  2017 mib2c.iterate_access.conf
-rw-r--r--  1 root wheel   948  7 16  2017 mib2c.mfd.conf
-rw-r--r--  1 root wheel  9182  7 16  2017 mib2c.old-api.conf
-rw-r--r--  1 root wheel  4455  7 16  2017 mib2c.scalar.conf
-rw-r--r--  1 root wheel   431  7 16  2017 snmp_perl_trapd.pl
$

 snmpd.confは存在しなかった.

Page Top

snmpconfのコマンドヘルプの確認 anchor.png Edit

 sndmpdは,snmpd.confで設定を制御するが,まずは/usr/bin/snmpconfコマンドを使ってカスタマイズする.  まずは,コマンドヘルプを.

$ /usr/bin/snmpconf -h🆑
/usr/bin/snmpconf [options] [FILETOCREATE...]
options:
  -f           overwrite existing files without prompting
  -i           install created files into /usr/share/snmp.
  -p           install created files into /Users/ujpadmin/.snmp.
  -I DIR       install created files into DIR.
  -a           Don't ask any questions, just read in current
                   current .conf files and comment them
  -r all|none  Read in all or none of the .conf files found.
  -R file,...  Read in a particular list of .conf files.
  -g GROUP     Ask a series of GROUPed questions.
  -G           List known GROUPs.
  -c conf_dir  use alternate configuration directory.
  -q           run more quietly with less advice.
  -d           turn on debugging output.
  -D           turn on debugging dumper output.
$

 新しいファイルを/usr/share/snmp以下に作成するのでiオプションをつけて実行する.

$ sudo /usr/bin/snmpconf -i🆑
Password:🆑

The following installed configuration files were found:

   1:  ./snmpd.conf
   2:  /etc/snmp/snmpd.conf🈁

Would you like me to read them in?  Their content will be merged with the
output files created by this session.

Valid answer examples: "all", "none","3","1,2,5"

Read in which (default = all):🈁

 他にsnmpd.confファイルが見つかったので,マージするか問い合わせされている.  今回はマージしないので,noneを選択.

Read in which (default = all): none🆑

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

   1:  snmp.conf
   2:  snmptrapd.conf
   3:  snmpd.conf

Other options: quit

Select File:

 ファイルタイプは,snmpd.confにしたいので,3を選択.

Select File: 3🆑

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

   1:  Agent Operating Mode
   2:  Monitor Various Aspects of the Running Host
   3:  Trap Destinations
   4:  System Information Setup🈁
   5:  Extending the Agent
   6:  Access Control Setup

Other options: finished🈁

Select section:

 今回は,ここまでで一旦終了するので,finishedと入力.

Select section: finished🆑

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

   1:  snmp.conf
   2:  snmptrapd.conf
   3:  snmpd.conf

Other options: quit🈁

Select File:

   終了するのでquitを入力.

Select File: quit🆑

Error: An snmpd.conf file already exists in this directory.

'overwrite', 'skip', 'rename' or 'append'? :

 さっきファイルはなかったのに?overwriteを選択.

'overwrite', 'skip', 'rename' or 'append'? : overwrite🆑


The following files were created:

  snmpd.conf installed in /usr/share/snmp

$

 ファイルができたようなので,中身を確認.

$ cat /usr/share/snmp/snmpd.conf🆑
###########################################################################
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#


















$

 何も設定してないので,何もないね.

Page Top

snmpd.confにシステム情報を設定する anchor.png Edit

 snmpconfを実行.

$ sudo /usr/bin/snmpconf -i🆑
Password:🆑

The following installed configuration files were found:

   1:  /etc/snmp/snmpd.conf
   2:  /usr/share/snmp/snmpd.conf

Would you like me to read them in?  Their content will be merged with the
output files created by this session.

Valid answer examples: "all", "none","3","1,2,5"

Read in which (default = all): 

 2番の設定をマージするので2を選択.

Read in which (default = all): 2🆑

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

   1:  snmptrapd.conf
   2:  snmp.conf
   3:  snmpd.conf

Other options: quit

Select File: 

 3番を選択.

Select File: 3🆑

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

   1:  Agent Operating Mode
   2:  Monitor Various Aspects of the Running Host
   3:  Trap Destinations
   4:  System Information Setup🈁
   5:  Extending the Agent
   6:  Access Control Setup

Other options: finished

Select section:

 今回のセットアップはシステム情報になるので,4を選択.

Select section: 4🆑

Section: System Information Setup
Description:
  This section defines some of the information reported in
  the "system" mib group in the mibII tree.

Select from:

   1:  The [typically physical] location of the system.🈁
   2:  The contact information for the administrator
   3:  The proper value for the sysServices object.

Other options: finished, list

Select section:
Page Top
syslocationの設定 anchor.png Edit

 最初は,物理的な場所を設定するので,1を選択.

Select section: 1🆑

Configuring: syslocation
Description:
  The [typically physical] location of the system.
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysLocation.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  location_string

The location of the system:

 任意のロケーション情報を入力する.ここでは,BCPセンタ用なのでBCPと入力.

The location of the system: BCP🆑

Finished Output: syslocation  BCP🈁

Section: System Information Setup
Description:
  This section defines some of the information reported in
  the "system" mib group in the mibII tree.

Select from:

   1:  The [typically physical] location of the system.
   2:  The contact information for the administrator🈁
   3:  The proper value for the sysServices object.

Other options: finished, list

Select section:
Page Top
syscontactの設定 anchor.png Edit

 次に,管理者の連絡先を入力するために2を選択.

Select section: 2🆑

Configuring: syscontact
Description:
  The contact information for the administrator
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysContact.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  contact_string

The contact information:

 メールアドレスを設定.

The contact information: 管理者メールアドレス

Finished Output: syscontact  管理者メールアドレス

Section: System Information Setup
Description:
  This section defines some of the information reported in
  the "system" mib group in the mibII tree.

Select from:

   1:  The [typically physical] location of the system.
   2:  The contact information for the administrator
   3:  The proper value for the sysServices object.🈁

Other options: finished, list

Select section:
Page Top
sysservicesの設定 anchor.png Edit

 sysServices Objectの設定を行うので,3を入力.

Select section: 3🆑

Configuring: sysservices
Description:
  The proper value for the sysServices object.
    arguments:  sysservices_number

does this host offer physical services (eg, like a repeater) [answer 0 or 1]:🈁

 Yesの場合1を,Noの場合0を入力.

does this host offer physical services (eg, like a repeater) [answer 0 or 1]: 0🈁
does this host offer datalink/subnetwork services (eg, like a bridge): 0🈁
does this host offer internet services (eg, supports IP): 1🈁
does this host offer end-to-end services (eg, supports TCP): 1🈁
does this host offer application services (eg, supports SMTP): 1🈁
  • 物理層でのサービスをしてないので,0を選択.
  • データリンク層でのサービスをしてないので,0を入力.
  • IP層でサービスをしているので1を入力.
  • TCP層でサービスをしているので1を入力.
  • アプリケーション層でサービスをしているので1を入力.

 このように答えると,sysservicesは76となる.

Finished Output: sysservices 76🈁

Section: System Information Setup
Description:
  This section defines some of the information reported in
  the "system" mib group in the mibII tree.

Select from:

   1:  The [typically physical] location of the system.
   2:  The contact information for the administrator
   3:  The proper value for the sysServices object.

Other options: finished, list

Select section:
Page Top
設定を確認し保存する anchor.png Edit

 これまで設定した内容を確認するのでlistと入力.

Select section: list🆑
Lines defined for section "System Information Setup" so far:
  syslocation  BCP🈁
  syscontact  管理者メールアドレス🈁
  sysservices 76🈁

Section: System Information Setup
Description:
  This section defines some of the information reported in
  the "system" mib group in the mibII tree.

Select from:

   1:  The [typically physical] location of the system.
   2:  The contact information for the administrator
   3:  The proper value for the sysServices object.

Other options: finished, list

Select section:

 ここまでの内容で保存するのでfinishedやquitを入力して終了する.

Select section: finished🆑

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

   1:  Agent Operating Mode
   2:  Monitor Various Aspects of the Running Host
   3:  Trap Destinations
   4:  System Information Setup
   5:  Extending the Agent
   6:  Access Control Setup

Other options: finished

Select section: finished🆑

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

   1:  snmptrapd.conf
   2:  snmpd.conf
   3:  snmp.conf

Other options: quit🆑

Select File: quit


The following files were created:

  snmpd.conf installed in /usr/share/snmp
$

 保存されたsnmpd.confファイルを確認する.

$ cat /usr/share/snmp/snmpd.conf🆑
###########################################################################
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#









###########################################################################
# SECTION: System Information Setup
#
#   This section defines some of the information reported in
#   the "system" mib group in the mibII tree.

# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string

syslocation  BCP

# syscontact: The contact information for the administrator
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysContact.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  contact_string

syscontact  管理者メールアドレス

# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number

sysservices 76









$

 設定が保存されていることを確認.

Page Top

監視設定を定義する anchor.png Edit

 プロセス,ディスク容量,ロードアベレージ,ファイルサイズなどの監視を行う設定を行う.  まずは,サイド編集モードまで.

$ sudo /usr/bin/snmpconf -i🆑
Password:🆑

The following installed configuration files were found:

   1:  /etc/snmp/snmpd.conf
   2:  /usr/share/snmp/snmpd.conf🈁

Would you like me to read them in?  Their content will be merged with the
output files created by this session.

Valid answer examples: "all", "none","3","1,2,5"

Read in which (default = all): 2🆑

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

   1:  snmp.conf
   2:  snmptrapd.conf
   3:  snmpd.conf🈁

Other options: quit

Select File: 3🆑

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

   1:  Agent Operating Mode
   2:  Monitor Various Aspects of the Running Host🈁
   3:  Trap Destinations
   4:  System Information Setup
   5:  Extending the Agent
   6:  Access Control Setup

Other options: finished

Select section: 2🆑

Section: Monitor Various Aspects of the Running Host
Description:
  The following check up on various aspects of a host.

Select from:

   1:  Check for processes that should be running.🈁
   2:  Check for disk space usage of a partition.
   3:  Check for unreasonable load average values.
   4:  Check on the size of a file.

Other options: finished, list

Select section:

 ここから先は,メニューを順番に選んでいく.

Page Top

プロセスの監視を行う anchor.png Edit

 Check for processes that should be running.を選択する.

Select section: 1🆑

Configuring: proc🈁
Description:
  Check for processes that should be running.
      proc NAME [MAX=0] [MIN=0]

      NAME:  the name of the process to check for.  It must match
             exactly (ie, http will not find httpd processes).
      MAX:   the maximum number allowed to be running.  Defaults to 0.
      MIN:   the minimum number to be running.  Defaults to 0.

    The results are reported in the prTable section of the UCD-SNMP-MIB tree
    Special Case:  When the min and max numbers are both 0, it assumes
    you want a max of infinity and a min of 1.

Name of the process you want to check on:

 ここでは,Sambaのプロセスを監視する.プロセス名はsmbd.  単純にプロセス名だけを指定する.

Name of the process you want to check on: smbd🆑
Maximum number of processes named 'smbd' that should be running [default = 0]:🆑
Minimum number of processes named 'smbd' that should be running [default = 0]:🆑

Finished Output: proc  smbd

Section: Monitor Various Aspects of the Running Host
Description:
  The following check up on various aspects of a host.

Select from:

   1:  Check for processes that should be running.
   2:  Check for disk space usage of a partition.
   3:  Check for unreasonable load average values.
   4:  Check on the size of a file.

Other options: finished, list

Select section:

 今回は,プロセス数をmaxもminも,何も指定しないで0(ゼロ)とした.こういう指定をすると,プロセスが1つ以上起動してないとエラーという設定となる.

Page Top

ディスクの空き容量の監視を行う anchor.png Edit

 今回は,例として/Volumes/RAID0_12TBというボリュームが95%を超えるかどうかを監視する.

select section: 2🆑

 Configuring: disk🈁
 Description:
   Check for disk space usage of a partition.
     The agent can check the amount of available disk space, and make
     sure it is above a set limit.
 
      disk PATH [MIN=100000]
 
      PATH:  mount path to the disk in question.
      MIN:   Disks with space below this value will have the Mib's errorFlag set.
             Can be a raw integer value (units of kB) or a percentage followed by the %
             symbol.  Default value = 100000.
 
     The results are reported in the dskTable section of the UCD-SNMP-MIB tree
 
 Enter the mount point for the disk partion to be checked on: /Volumes/RAID0_12TB🆑
 Enter the minimum amount of space that should be available on /Volumes/RAID0_12TB: 95%🆑

Finished Output: disk  /Volumes/RAID0_12TB 95%🈁

Section: Monitor Various Aspects of the Running Host
Description:
  The following check up on various aspects of a host.

Select from:

   1:  Check for processes that should be running.
   2:  Check for disk space usage of a partition.
   3:  Check for unreasonable load average values.
   4:  Check on the size of a file.

Other options: finished, list

Select section:

 システムドライブを指定する場合は,70%くらいが良いのだと思う.大量にエラーがでたら急激に増えるものだしね.

Page Top

ロードアベレージを監視する anchor.png Edit

 ロードアベレージは,CPU1つがビジー状態だと1なので,今回は4coreマシンなので,4の倍数で値を設定した.

Select section: 3🆑

Configuring: load
Description:
  Check for unreasonable load average values.
    Watch the load average levels on the machine.

     load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]

     1MAX:   If the 1 minute load average is above this limit at query
             time, the errorFlag will be set.
     5MAX:   Similar, but for 5 min average.
     15MAX:  Similar, but for 15 min average.

    The results are reported in the laTable section of the UCD-SNMP-MIB tree

Enter the maximum allowable value for the 1 minute load average: 12🆑
Enter the maximum allowable value for the 5 minute load average: 8🆑
Enter the maximum allowable value for the 15 minute load average: 4🆑

Finished Output: load  12 8 4🈁

Section: Monitor Various Aspects of the Running Host
Description:
  The following check up on various aspects of a host.

Select from:

   1:  Check for processes that should be running.
   2:  Check for disk space usage of a partition.
   3:  Check for unreasonable load average values.
   4:  Check on the size of a file.

Other options: finished, list

Select section:

 一旦はこれで.

Page Top

ファイルサイズの監視 anchor.png Edit

 継続することで大きくなるファイルを監視する.ここではmacosなので,system.logとしている.Linuxだと/var/log/messagesになる.  ファイルサイズは30000KB(30Mbyte)とした.

Select section: 4🆑

Configuring: file
Description:
  Check on the size of a file.
    Display a files size statistics.
    If it grows to be too large, report an error about it.

     file /path/to/file [maxsize_in_kilobytes]

       if maxsize is not specified, assume only size reporting is needed.

    The results are reported in the fileTable section of the UCD-SNMP-MIB tree

Enter the path to the file you wish to monitor: /var/log/system.log🆑
Enter the maximum size (in kilobytes) allowable for /var/log/system.log: 30000🆑

Finished Output: file  /var/log/system.log 30000

Section: Monitor Various Aspects of the Running Host
Description:
  The following check up on various aspects of a host.

Select from:

   1:  Check for processes that should be running.
   2:  Check for disk space usage of a partition.
   3:  Check for unreasonable load average values.
   4:  Check on the size of a file.

Other options: finished, list

Select section:

 ここまでで一通り終了.

Page Top
設定を確認し,終了する. anchor.png Edit

 これまで設定した内容を確認するために,listコマンドを実行.

Select section: list🆑
Lines defined for section "Monitor Various Aspects of the Running Host" so far:
  proc  smbd
  disk  /Volumes/RAID0_12TB 95%
  load  12 8 4
  file  /var/log/system.log 30000

Section: Monitor Various Aspects of the Running Host
Description:
  The following check up on various aspects of a host.

Select from:

   1:  Check for processes that should be running.
   2:  Check for disk space usage of a partition.
   3:  Check for unreasonable load average values.
   4:  Check on the size of a file.

Other options: finished, list

 問題ないので,finishedやquitで終了.

Select section: finished🆑

The configuration information which can be put into snmpd.conf is divided
into sections.  Select a configuration section for snmpd.conf
that you wish to create:

   1:  Agent Operating Mode
   2:  Monitor Various Aspects of the Running Host
   3:  Trap Destinations
   4:  System Information Setup
   5:  Extending the Agent
   6:  Access Control Setup

Other options: finished🈁

Select section: finished🆑

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

   1:  snmp.conf
   2:  snmptrapd.conf
   3:  snmpd.conf

Other options: quit🈁

Select File: quit🆑


The following files were created:

  snmpd.conf installed in /usr/share/snmp🈁
$

 設定ファイルが書き出された模様.

Page Top
snmpd.confファイルを確認する anchor.png Edit

 ここまでで設定されたsnmpd.confファイルを確認する.

$ cat /usr/share/snmp/snmpd.conf🆑
###########################################################################
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#



###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
#   The following check up on various aspects of a host.

# proc: Check for processes that should be running.
#     proc NAME [MAX=0] [MIN=0]
#
#     NAME:  the name of the process to check for.  It must match
#            exactly (ie, http will not find httpd processes).
#     MAX:   the maximum number allowed to be running.  Defaults to 0.
#     MIN:   the minimum number to be running.  Defaults to 0.
#
#   The results are reported in the prTable section of the UCD-SNMP-MIB tree
#   Special Case:  When the min and max numbers are both 0, it assumes
#   you want a max of infinity and a min of 1.

proc  smbd🈁

# disk: Check for disk space usage of a partition.
#   The agent can check the amount of available disk space, and make
#   sure it is above a set limit.
#
#    disk PATH [MIN=100000]
#
#    PATH:  mount path to the disk in question.
#    MIN:   Disks with space below this value will have the Mib's errorFlag set.
#           Can be a raw integer value (units of kB) or a percentage followed by the %
#           symbol.  Default value = 100000.
#
#   The results are reported in the dskTable section of the UCD-SNMP-MIB tree

disk  /Volumes/RAID0_12TB 95%🈁

# load: Check for unreasonable load average values.
#   Watch the load average levels on the machine.
#
#    load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
#    1MAX:   If the 1 minute load average is above this limit at query
#            time, the errorFlag will be set.
#    5MAX:   Similar, but for 5 min average.
#    15MAX:  Similar, but for 15 min average.
#
#   The results are reported in the laTable section of the UCD-SNMP-MIB tree

load  12 8 4🈁

# file: Check on the size of a file.
#   Display a files size statistics.
#   If it grows to be too large, report an error about it.
#
#    file /path/to/file [maxsize_in_kilobytes]
#
#      if maxsize is not specified, assume only size reporting is needed.
#
#   The results are reported in the fileTable section of the UCD-SNMP-MIB tree

file  /var/log/system.log 30000🈁






###########################################################################
# SECTION: System Information Setup
#
#   This section defines some of the information reported in
#   the "system" mib group in the mibII tree.

# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string

syslocation  BCP🈁

# syscontact: The contact information for the administrator
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysContact.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  contact_string

syscontact  管理者メールアドレス

# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number

sysservices 76🈁









$

 コメントとかが多い...  シンプルに書き直す.

$ cat /usr/share/snmp/snmpd.conf🆑
syslocation  BCP
syscontact  管理者メールアドレス
sysservices 76

proc  smbd
disk  /Volumes/RAID0_12TB 95%
disk  /Volumes/zeusHD 80%
load  12 8 4
file  /var/log/system.log 30000

$

 たくさん書いてきたけれど,これだけ.

Page Top

監視設定を有効化する anchor.png Edit

 今回設定した内容を反映させる.  HUPシグナルをsnmpdプロセスに送ることで,反映させる.

$ ps -ef|grep snmpd🆑
    0 66808🈁     1   0 17 519  ??         3:22.25 /usr/libexec/snmpd -f
  501 43526 42924   0  6:38PM ttys003    0:00.01 grep snmpd
$ sudo kill -HUP 66808🆑
$ ps -ef|grep snmpd🆑
    0 66808     1   0 17 519  ??         3:22.27 /usr/libexec/snmpd -f
  501 43533 42924   0  6:39PM ttys003    0:00.00 grep snmpd
$

 設定した内容が反映されているか確認.

$ snmpwalk -v 2c -c public localhost🆑
SNMPv2-MIB::sysContact.0 = STRING: 管理者メールアドレス
SNMPv2-MIB::sysContact.0 = No more variables left in this MIB View (It is past the end of the MIB tree)
$

 メールアドレスが出てきたから,正しく設定された模様.ただし,最後にNo more variablesとでている.これはアクセス権限がないから.

Page Top

セキュリティ設定を行う anchor.png Edit

 com2secパラメータを設定して,アクセス制御を行う.

 まずは,デフォルトのsnmpd.confを確認.(コメントを外して)

$ cat /etc/snmp/snmpd.conf|grep -v -e '^#'|grep -v -e '^$'🆑
com2sec local     localhost       COMMUNITY🈁
com2sec mynetwork NETWORK/24      COMMUNITY🈁
group MyRWGroup	v1         local
group MyRWGroup	v2c        local
group MyRWGroup	usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
view all    included  .1                               80
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none
rwuser  admin
rocommunity  public default .1.3.6.1.2.1.1.4🈁
syslocation Right here, right now.
syscontact Administrator <postmaster@example.com>
sysservices 76
proc httpd
exec echotest /bin/echo hello world
exec web_status /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin status web
exec netboot /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin status netboot
disk / 10000
$

 macOSの場合,execの以降の部分がついている模様.Server.appをインストールしているか否かに依存しない.  今回は com2sec local にprivate,com2sec mynetworkにpublicを設定する.  また,mibのノードは,.1.3.6.1.2.1.1.4となっているが,最上位を解放する.  まずはオリジナルのファイルをバックアップ.

$ sudo cp -p /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.v00🆑
$

 変更後の差分を確認.

$ diff /etc/snmp/snmpd.conf.v00 /etc/snmp/snmpd.conf🆑
61,62c61,62
< com2sec local     localhost       COMMUNITY
< com2sec mynetwork NETWORK/24      COMMUNITY
---
> com2sec local     localhost       private
> com2sec mynetwork NETWORK/24      public
98c98,99
< rocommunity  public default .1.3.6.1.2.1.1.4
---
> #rocommunity  public default .1.3.6.1.2.1.1.4
> rocommunity  public default .1
103c104
< #rwcommunity  private
---
> rwcommunity  private
$

 rwcommunity,rwなので書き込みを,privateのコミュニティに許可をする.  これで設定完了.

Page Top

snmpwalkでMIB情報を取得 anchor.png Edit

 snmpd.confを変更したので,SNMPDを再起動して反映させる.

$ sudo launchctl unload -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist🆑
Password:🆑
$ ps -ef|grep snmpd🆑
  501 62844 61321   0  8:02PM ttys003    0:00.00 grep snmpd
$ sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist🆑
$ ps -ef|grep snmpd🆑
    0 62848     1   0  8:03PM ??         0:00.20 /usr/libexec/snmpd -f
  501 62851 61321   0  8:03PM ttys003    0:00.00 grep snmpd
$

 情報が取得できるようになったか,確認する.

$ snmpwalk -v 2c -c public localhost|head -n 10🆑
SNMPv2-MIB::sysDescr.0 = STRING: Darwin zeus.local 17.7.0 Darwin Kernel Version 17.7.0:
 Wed Feb 27 00:43:23 PST 2019; root:xnu-4570.71.35~1/RELEASE_X86_64 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9626) 0:01:36.26
SNMPv2-MIB::sysContact.0 = STRING: 管理者メールアドレス
SNMPv2-MIB::sysName.0 = STRING: zeus.local
SNMPv2-MIB::sysLocation.0 = STRING: BCP
SNMPv2-MIB::sysServices.0 = INTEGER: 76
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1
SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
$

 データ取得ができた.

Page Top

おさらい anchor.png Edit

 今回,設定した内容を整理.

$ cat /etc/snmp/snmpd.conf|grep -v -e '^#'|grep -v -e '^$'🆑
com2sec local     localhost       private
com2sec mynetwork NETWORK/24      public
group MyRWGroup	v1         local
group MyRWGroup	v2c        local
group MyRWGroup	usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
view all    included  .1                               80
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none
rwuser  admin
rocommunity  public default .1
rwcommunity  private
syslocation Right here, right now.
syscontact Administrator <postmaster@example.com>
sysservices 76
proc httpd
exec echotest /bin/echo hello world
exec web_status /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin status web
exec netboot /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin status netboot
disk / 10000
$
$ cat /usr/share/snmp/snmpd.conf|grep -v -e '^#'|grep -v -e '^$'🆑
syslocation  BCP
syscontact  管理者メールアドレス
syslocation  BCP
sysservices 76
proc  smbd
disk  /Volumes/RAID0_12TB 95%
disk  /Volumes/zeusHD 80%
load  12 8 4
file  /var/log/system.log 30000
$

Front page   Edit Diff Backup Upload Copy Rename Reload   New Page Page list Search Recent changes   Help   RSS of recent changes (RSS 1.0) RSS of recent changes (RSS 2.0) RSS of recent changes (RSS Atom)
Counter: 1624, today: 2, yesterday: 4
Last-modified: 2020-08-16 (Sun) 02:12:00 (JST) (642d) by nobuaki

広告スペース
Google