用snmp+mrtg可以很好的实现对局域网内服务器状态的监控。
现在就以用snmp+mrtg监控一台局域网内的redhat机器(IP:192.168.13.103)的网卡、内存、CPU、 DISKIO为例子,谈一下如何实现。
基本的法办就是用一台redhat监控机器(IP:192.168.13.105),通过snmpwalk命令去抓 目标服务器的状态数据,然后用mrtg画出图来。
1、首先我们要把目标snmpd.conf文件的配好。这是用snmpwalk命令 一抓取数据的关健。下面是目标机器(IP: 192.168.13.103)上的/etc/snmp/snmpd.conf文件部份内容,红色的部份是我对snmpd.conf所做的改动。
[root@wy1 root]# cat /etc/snmp/snmpd.conf
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public #定义community名称为 public,映射到安全名 notConfigUser。
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser #定义安全用户名notConfigUser映射到notConfigGroup组。
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to: #定义一个view,来决定notConfigUser可以操作的范围。
# Make at least snmpwalk -v 1 localhost -c public system fast again. #定义可查看的snmp的范围。
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1
####
# Finally, grant the group read-only access to the systemview view. #给notConfigGroup组所定义view名 all 以只读权限。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
#access notConfigGroup "" any noauth exact mib2 none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...
## incl/excl subtree mask
#view all included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
其实配制一个snmpd.conf文件不算太难,
(1)首选是定义一个共同体名(community),这里是public,及可以访问这个public的用户名(sec name),这里是notConfigUser。Public相当于用户notConfigUser的密码:)
# sec.name source community
com2sec notConfigUser default public
(2)定义一个组名(groupName)这里是notConfigGroup,及组的安全级别,把notConfigGroup这个用户加到这个组中。
groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
(3)定义一个可操作的范围(view)名, 这里是all,范围是 .1
# name incl/excl subtree mask(optional)
view all included .1
(4)定义notConfigUser这个组在all这个view范围内可做的操作,这时定义了notConfigUser组的成员可对.1这个范围做只读操作。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
ok,这样我们的snmpd.conf文件就基本配成了,用service snmpd restart重启snmpd服务。现在我们做一个测试,在监控机上打下面的命令:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public system
SNMPv2-MIB::sysDescr.0 = STRING: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (7565377) 21:00:53.77
SNMPv2-MIB::sysContact.0 = STRING: Root <root@wuying.com> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: wy1
SNMPv2-MIB::sysLocation.0 = STRING: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (10) 0:00:00.10
``````````````````````
“Linux wy1 2.4.20-8smp”操作系统的信息已经出来了:)
联系客服