通过snmp协议,实现对linux server的监控。
 
一般只需要修改/etc/snmp/snmpd.conf文件的“Access Control”部分, 修改内容用红色注释内容用蓝色
snmp的配置文件需要调整如下:
###############################################################################
# Access Control
###############################################################################
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.   Examples are shown below about how to increase the
# level of access.
# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place.   The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name "public" into a "security name"
#             sec.name   source                   community
com2sec notConfigUser   default             public
把community name“public”映射为一个security name 为“notConfigUser”
####
# Second, map the security name into a group name:
#             groupName           securityModel securityName
group     notConfigGroup v1                     notConfigUser
group     notConfigGroup v2c                     notConfigUser
把security name “notConfigUser”映射为一个group name 为“notConfigGroup”,使用的协议是v1、v2c,现在snmp共有三种协议版本
####
# Third, create a view for us to let the group have rights to:
# Make at least   snmpwalk -v 1 localhost -c public system fast again.
#             name                     incl/excl         subtree                 mask(optional)
view       systemview       included     .1.3.6.1.2.1.1
view       systemview       included     .1.3.6.1.2.1.25.1.1
view    all           included   .1
创建一个名称为all的view, 允许权限范围在“.1”这个subtree的范围内
####
# Finally, grant the group read-only access to the systemview view.
#             group                   context sec.model sec.level prefix read     write   notif
access   notConfigGroup   ""           any             noauth       exact    all       none   none
#access   notConfigGroup ""           any             noauth       exact   systemview none none
# -----------------------------------------------------------------------------
最后设定access权限(要做的是设定哪些组的人,哪些view的用户可以做什么具体的事情由于例子中用的是v2c版本的协议,所以CONTEXT必须为空,sec.MODEL也就是协议的版本号,在这里例子里面可以是any也可以是v2c,还是由于v2c的缘故,所以LEVEL是noauth;READ、WRITE和NOTIFY分别需要指定一个view或者什么都不指定),
允许 group name 为“notConfigGroup”的用户没有write、notif的权限,read的权限范围限定在view名称为all的范围内。