Re: snmpd's

[David Bell]

On Sun, 2003-01-26 at 17:36, Jason Clarke wrote:
> Basically I want it for internal graphing (mrtg) of various interfaces (wifi
> / ethernet) so I don't want to spend much time configuring the snmpd.
> 
> So far with my fiddling, I've not been able to get ucd-snmpd working :-/

I've just recently installed mrtg and snmpd from the Debian packages and
had some trouble with configuration.  With the default install, I was
only able to view very basic information from snmpd -- No interface
stats were displayed.  After some careful examination of the snmpd.conf
file (and several hours of sleep ;)), I found my problem.  The default
Debian snmpd only allows read-only access to some very basic system
information.  I changed these portions:

Original:

#       sec.name  source          community
com2sec paranoid  default         public
#com2sec readonly  default         public
#com2sec readwrite default         private


Changed:

#       sec.name  source          community
#com2sec paranoid  default         public
com2sec readonly  127.0.0.1         public
#com2sec readwrite default         private

I'm only allowing connections from 127.0.0.1 (mrtg is running on the
same box).

Unchanged:

####
# Second, map the security names into group names:

#                sec.model  sec.name
group MyROSystem v1         paranoid
group MyROSystem v2c        paranoid
group MyROSystem usm        paranoid
group MyROGroup  v1         readonly
group MyROGroup  v2c        readonly
group MyROGroup  usm        readonly
group MyRWGroup  v1         readwrite
group MyRWGroup  v2c        readwrite
group MyRWGroup  usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                 context sec.model sec.level match  read   write  notif
access MyROSystem ""      any       noauth    exact  system none   none
access MyROGroup  ""      any       noauth    exact  all    none   none
access MyRWGroup  ""      any       noauth    exact  all    all    none

...As you can see, The MyROSystem (paranoid security name) would only
allow read access to the .iso.org.dod.internet.mgmt.mib-2.system area of
information...This is not enough for MRTG.  However, MyROGroup allows
access to all snmpd stats.

I think this is all correct -- I'm by no means an snmpd expert. ;)

signature.asc
Description: This is a digitally signed message part