昨天寫了用Cacti監控CentOS主機,今天寫下監控Ubuntu主機。其實都是配置SNMP,區別其實不大,但還是記一下吧。
1、先安裝SNMP及相關軟件包
sudo apt update
sudo apt upgrade -y
root@hs01:~# apt install snmp snmpd snmp-mibs-downloader
#裝完SNMPD自動啓動,設置開機運行
root@hs01:~# systemctl enable snmpd
snmpd.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable snmpd
2、修改配置文件:
vim /etc/snmp/snmpd.conf
#2.1 約15-17行左右,改成如下,以允許遠程SNMP訪問
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
#2.2 45行左右,改成如下,允許查詢更多信息
#view systemonly included .1.3.6.1.2.1.1
#view systemonly included .1.3.6.1.2.1.25.1
view systemonly included .1
#2.3 51行左右,修改通訊字串(密碼)
rocommunity <你的密碼> default -V systemonly
# rocommunity6 is for IPv6
rocommunity6 <你的密碼> default -V systemonly
#2.4 第79行左右,更改位置和聯繫人信息(可選)
sysLocation Location Information
sysContact Me <[email protected]>
修改snmp配置文件,提高SNMP可閱讀性
root@hs01:~# vim /etc/snmp/snmp.conf
#把下面這個註釋掉
#mibs :
改完重啓服務
systemctl restart snmpd
遠程測試SNMP配置是否ok
[root@AX ~]# snmpwalk -v2c -c xxxxxx xx.xxx.xx.x 1.3.6.1.2.1.1.1
SNMPv2-MIB::sysDescr.0 = STRING: Linux hs01.xx.xxx.co.uk 4.4.0-142-generic #168-Ubuntu SMP Wed Jan 16 21:00:45 UTC 2019 x86_64
3、如果本地 snmpwalk -v2c -c xxxxxx localhost 1.3.6.1.2.1.1.1可以取得信息,而遠程不行的話,可以通過以下步驟查看
#3.1 查看本機偵聽端口,以下表示允許遠程訪問:
axing@hs01:~$ netstat -antup | grep 161
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
udp 0 0 0.0.0.0:161 0.0.0.0:* -
udp6 0 0 ::1:161 :::*
#3.2 查看ufw防火牆,有沒有開放161端口,沒有的話使用ufw allow 161來添加
axing@hs01:~$ sudo ufw status
[sudo] password for axing:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
161 ALLOW Anywhere
4、Cacti添加主機監控。通用操作,不詳細寫了。