zabbix 5.0 SNMP协议监控
- SNMP协议
- MIB
- OID
- snmp流程
- 部署snmp监控
- 客户端(被监控)配置
- 重新弄一台没有zabbix agent客户端的虚拟机安装snmp源
- 更改配置文件
- zabbix server安装snmp客户端
- zabbix服务端配置
- oid节点
- web端配置
- 创建snmp监控项
- 最新数据
SNMP协议
- snmp主要针对无法使用zabbix agent客户端监控的设备对象
- 比如监控网络设备,固件
- 路由器,交换机,打印机,ups,前提是支持snmp协议
MIB
- MIB:被管理设备的数据通过变量构建成数据库,包含了各种对象集合;
- 对象集合就是OID
OID
- OID:官方解释为对象标识符。zabbix的最小单元其实就是监控项,而监控项的取值就是由一个个的OID组成的,他是一个树状结构;
snmp流程
部署snmp监控
客户端(被监控)配置
重新弄一台没有zabbix agent客户端的虚拟机安装snmp源
#被监控主角及下载snmp服务端
[root@localhost ~]# yum install net-snmp -y
#进入到脚本中
[root@localhost ~]# cd /etc/snmp/
[root@localhost snmp]# ls
snmpd.conf snmptrapd.conf
更改配置文件
#修改配置文件
[root@localhost snmp]# vim snmpd.conf
#修改完的文件,根据自己的服务修改
###############################################################################
#
# snmpd.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be as a starting point. Many more
# configuration directives exist than are mentioned in this file. For
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a '#' are comments and are intended for you
# to read. All other lines are configuration commands for the agent.
###############################################################################
# Access Control
###############################################################################
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes. Examples are shown below about how to increase the
# level of access.
# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser 192.168.1.130 xukaidi
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
view systemview included .1
view systemview included .1.3.6.1.2.1.25.1.1
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
"snmpd.conf" 462L, 18855C 已写入
[root@localhost snmp]#
#启动snmp服务
[root@localhost snmp]# systemctl start snmpd
[root@localhost snmp]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 3882/snmpd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 749/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1492/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1214/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1218/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1465/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 3519/sshd: root@pts
tcp6 0 0 :::111 :::* LISTEN 749/rpcbind
tcp6 0 0 :::22 :::* LISTEN 1214/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1218/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1465/master
tcp6 0 0 ::1:6010 :::* LISTEN 3519/sshd: root@pts
udp 0 0 0.0.0.0:56666 0.0.0.0:* 745/avahi-daemon: r
udp 0 0 0.0.0.0:908 0.0.0.0:* 749/rpcbind
udp 0 0 192.168.122.1:53 0.0.0.0:* 1492/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1492/dnsmasq
udp 0 0 0.0.0.0:111 0.0.0.0:* 749/rpcbind
udp 0 0 0.0.0.0:161 0.0.0.0:* 3882/snmpd #看到161,snmp端口,就代表启动成功
udp 0 0 0.0.0.0:5353 0.0.0.0:* 745/avahi-daemon: r
udp6 0 0 :::908 :::* 749/rpcbind
udp6 0 0 :::111 :::* 749/rpcbind
[root@localhost snmp]#
#看到161,snmp端口,就代表启动成功
zabbix server安装snmp客户端
zabbix服务端配置
#下载net-snmp工具包
[root@localhost ~]# yum install net-snmp-utils -y
#下载完之后,自动会有snmpwalk 用法-h 就可以查看
-v 是版本
-c 是community的密码 后面直接写主机(被监控) oid结点
[root@localhost ~]# snmpwalk -v 2c -c xukaidi 192.168.1.132 1.3.6.1.2.1.25.1.1
Timeout: No Response from 192.168.1.132
[root@localhost ~]# telnet 192.168.1.132
Trying 192.168.1.132...
telnet: connect to address 192.168.1.132: No route to host
#报错,连接不上
[root@localhost ~]# ping 192.168.1.132
PING 192.168.1.132 (192.168.1.132) 56(84) bytes of data.
64 bytes from 192.168.1.132: icmp_seq=1 ttl=64 time=3.05 ms
64 bytes from 192.168.1.132: icmp_seq=2 ttl=64 time=0.574 ms
64 bytes from 192.168.1.132: icmp_seq=3 ttl=64 time=1.47 ms
64 bytes from 192.168.1.132: icmp_seq=4 ttl=64 time=0.443 ms
^C
##可以ping通
是我被监控主机防火墙没有关
[root@localhost snmp]# systemctl stop firewalld
[root@localhost snmp]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost snmp]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
#selinux也关闭
[root@localhost snmp]# setenforce 0
[root@localhost snmp]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
#再去服务端试一下,取值正常
[root@localhost ~]# snmpwalk -v 2c -c xukaidi 192.168.1.132 1.3.6.1.2.1.25.1.1
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (1096629) 3:02:46.29
[root@localhost ~]#oid节点
oid官网:oid tree display
zabbix server端能够正常取值就可以去web端进行配置了;
web端配置
创建snmp监控项
测试一下
最新数据
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
