Hi all. I am having an issue and quite frankly would rather not spend the entire next two days learning the entire snmp program. I am hoping someone out there has used MRTG and SNMP to make it work. I have both installed. Single server, polling itself. Question 1- does snmpd have to run as a daemon, or only run once so I can get OID and MIBs from it? Question 2- does anyone know the command in snmp to get the required OID and MIBs that MRTG needs to use? Or at least the name of it? There are a lot of poorly written man pages, but so far all of them require an MIB or OID to use the commands I have read. Question 3- since not going outside of the server, is there any security setting in some snmp config file that makes it only look on my local server and not allow others to use it or hack it? Question 4- all over the internet there are examples in MRTG using all sorts of made up names like 'crazyguy33 at servername' and things like that for the cfg file. And alsoin the snmp forum posts, but no one really talks about where this name comes from other than it is assigned to your network device or something. Any help appreciated. I will post the final solution to how to configure snmp and mrtg to work on centos5.2 when I finally figure it out so no one else has to take all week to do so!!! Whoo hoo!!!
Bob Hoffman wrote: While it is somewhat outdated, MRTG itself is outdated as well, I wrote a howto for MRTG about 5-6 years ago - http://howto.aphroland.org//HOWTO/MRTG/ (I haven't maintained it in years, and have no real plans to update the site again in the future)> Question 1- does snmpd have to run as a daemon, or only run once so I can > get OID and MIBs from it?If your wanting to collect data using SNMP then anything your collecting data from must be running a SNMP daemon. MRTG is fully capable of executing scripts to gather data as well.> Question 2- does anyone know the command in snmp to get the required OID and > MIBs that MRTG needs to use? Or at least the name of it? There are a lot of > poorly written man pages, but so far all of them require an MIB or OID to > use the commands I have read.Defines "needs to use", mrtg comes with a tool called 'cfgmaker' which will scan any SNMP target and automatically generate a configuration for all of the network interfaces it can find on the target. You can then use mrtg against that config file to gather stats.> Question 3- since not going outside of the server, is there any security > setting in some snmp config file that makes it only look on my local server > and not allow others to use it or hack it?You can add a iptables firewall rule to reject packets destined to your SNMP server (161/udp) unless they come over the loopback interface.> Question 4- all over the internet there are examples in MRTG using all sorts > of made up names like 'crazyguy33 at servername' and things like that for the > cfg file. And alsoin the snmp forum posts, but no one really talks about > where this name comes from other than it is assigned to your network device > or something.In the example above crazyguy33 is the SNMP community string assigned to the system(configured in snmpd.conf). By default the read-only string is public. You can set it to anything you want.> Any help appreciated. I will post the final solution to how to configure > snmp and mrtg to work on centos5.2 when I finally figure it out so no one > else has to take all week to do so!!!You may want to look into using cacti or some other tool instead, MRTG has some pretty severe limitations. Cacti uses RRDTool as it's back end, RRDTool is more or less the successor to MRTG and was initially released I think about 10 years ago, to give an idea how old MRTG is. I still use MRTG on my home network, though mostly because it's legacy shit that I setup 7 years ago and haven't moved to cacti yet, it slowly breaking down as time goes on since I'm not maintaining it anymore. nate
Hi, On Thu, Sep 11, 2008 at 21:46, Bob Hoffman <bob at bobhoffman.com> wrote:> Question 1- does snmpd have to run as a daemon, or only run once so I can > get OID and MIBs from it?Yes, it has to be running as a daemon.> Question 2- does anyone know the command in snmp to get the required OID and > MIBs that MRTG needs to use? Or at least the name of it? There are a lot of > poorly written man pages, but so far all of them require an MIB or OID to > use the commands I have read.Well, the OIDs that you will use on MRTG's config will depend on what you want MRTG to trace. Is it the network traffic? Is it the disk usage? Is it the CPU usage? Free memory? You can get MRTG to trace any of that by using the specific OIDs. You can use the "snmpwalk" program to see all the information that the daemon will have to offer in order to choose what you want to plot.> Question 3- since not going outside of the server, is there any security > setting in some snmp config file that makes it only look on my local server > and not allow others to use it or hack it?Yes, you can restrict snmpd to answer only to the localhost. I suggest you start with a /etc/snmp/snmpd.conf that contains this line only: rocommunity MySecretString 127.0.0.1 Replace "MySecretString" with a secret string not known to others, this string is what is called "community" in snmp-speak. This way, snmpd will answer only to queries made from the localhost, and only to someone who knows the right "community" secret string (like a password).> Question 4- all over the internet there are examples in MRTG using all sorts > of made up names like 'crazyguy33 at servername' and things like that for the > cfg file. And alsoin the snmp forum posts, but no one really talks about > where this name comes from other than it is assigned to your network device > or something.This is probably the community and the host. As I suggested restricting to localhost only, you will probably want to use something like "MySecretString at localhost", obviously replacing "MySecretString" with the one you chose. The CentOS Wiki also has resources on MRTG, I suggest you look there as well: http://wiki.centos.org/TipsAndTricks/MRTG HTH! Filipe