好的,我有两个虚拟机都在 ESXi 下运行。一个虚拟机托管 Observium,用于SNMP获取其信息。我将 Observium 直接指向我的 ESXi 主机,它工作正常,因此 Observium 没有问题。尝试使用正确的设置添加设备(尝试过 SNMP v1、v2c和v3),但服务器始终没有响应。
为了澄清起见,本例中服务器的主机名是cal,客户端的主机名是。default
我向其发送 SNMP 请求的客户端是全新安装的 Ubuntu Server 14.04 LTS。我所做的就是安装软件包snmpd并进行配置。
这是我的/etc/snmp/snmpd.conf:
com2sec readonly default taylor
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup “” any noauth exact all none none
syslocation “San Francisco, CA”
syscontact [email protected]
据我理解,将其放在default社区名称(即taylor)前面意味着它将接受来自任何 IP 的 SNMP 请求。
和我的/etc/default/snmpd:
export MIBS=
SNMPDRUN=yes
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
TRAPDRUN=no
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
因此我认为我已经配置好了一切,我发出一个snmpwalk测试:
taylor@cal:~$ snmpwalk -v 2c -c taylor default
Timeout: No Response from default
我可以 ping 通:
taylor@cal:~$ ping default
PING default.mywebsite.com (192.168.1.130) 56(84) bytes of data.
64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=1 ttl=64 time=0.350 ms
64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=2 ttl=64 time=0.235 ms
64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=3 ttl=64 time=0.192 ms
taylor@default:~$ ping cal
PING cal.taylorjthurlow.com (192.168.1.112) 56(84) bytes of data.
64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=1 ttl=64 time=0.306 ms
64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=2 ttl=64 time=0.188 ms
64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=3 ttl=64 time=0.264 ms
为了确保我们有流量,我tcpdump在发送端和接收端都发出了:
发送(SNMP 服务器):
02:22:51.569041 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:52.569547 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:53.570659 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:54.571775 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:55.572715 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:56.573874 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
接收(SNMPD 客户端):
02:22:51.858750 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:52.859290 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:53.860371 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:54.861495 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:55.862424 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
02:22:56.863590 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
所以,本质上是一样的,只是时间戳略有不同。令人担忧的是没有发送响应数据包。好吧,也许存在防火墙或端口问题。
Uncomplicated Firewall我禁用了Ubuntuufw disable并确认它没有运行ufw status。
然后我检查了我的iptables,新安装后它是空的。我在 SNMPD 客户端上为端口 161 添加了传入和传出规则。
taylor@default:~$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
仍然有同样的问题。SuperUser 或 ServerFault 上的另一篇帖子解决了同样的问题,因为它们/etc/hosts.allow阻止iptables了流量。以下是我的:
taylor@default:~$ cat /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
taylor@default:~$ cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
我现在没有主意了。有什么建议可以让我尝试让这个东西真正回复我的 SNMP 查询吗?
编辑:这是我的/var/log/syslog客户端:
Dec 9 01:48:24 default snmpd[2888]: NET-SNMP version 5.7.2
Dec 9 01:48:27 default snmpd[2888]: Connection from UDP: [192.168.1.112]:41109->[192.168.1.130]:161
Dec 9 01:50:54 default kernel: [ 8359.253571] nf_conntrack version 0.5.0 (7951 buckets, 31804 max)
Dec 9 01:48:32 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:41109->[192.168.1.130]:161]
Dec 9 01:52:53 default snmpd[2888]: Connection from UDP: [192.168.1.112]:40482->[192.168.1.130]:161
Dec 9 01:54:05 default kernel: [ 8550.718971] ip6_tables: (C) 2000-2006 Netfilter Core Team
Dec 9 01:52:58 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:40482->[192.168.1.130]:161]
Dec 9 01:54:11 default snmpd[2888]: Connection from UDP: [192.168.1.112]:59617->[192.168.1.130]:161
Dec 9 01:54:16 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:59617->[192.168.1.130]:161]
Dec 9 01:56:43 default snmpd[2888]: Received TERM or STOP signal... shutting down...
Dec 9 01:56:45 default snmpd[3165]: NET-SNMP version 5.7.2
Dec 9 02:00:06 default snmpd[3165]: Received TERM or STOP signal... shutting down...
Dec 9 02:00:08 default snmpd[3216]: NET-SNMP version 5.7.2
Dec 9 02:00:18 default snmpd[3216]: Connection from UDP: [192.168.1.112]:45692->[192.168.1.130]:161
Dec 9 02:00:23 default snmpd[3216]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:45692->[192.168.1.130]:161]
Dec 9 02:02:36 default snmpd[3216]: Received TERM or STOP signal... shutting down...
Dec 9 02:02:38 default snmpd[3242]: Error opening specified endpoint "udp:161"
Dec 9 02:02:38 default snmpd[3242]: Server Exiting with code 1
Dec 9 02:07:16 default snmpd[3281]: duplicate registration: MIB modules pass and pass (oid .1.3.6.1.4.1.4413.4.1).
Dec 9 02:07:16 default snmpd[3281]: Error opening specified endpoint "udp:161"
Dec 9 02:07:16 default snmpd[3281]: Server Exiting with code 1
Dec 9 02:17:01 default CRON[3283]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Dec 9 02:23:55 default kernel: [10340.925233] device eth0 left promiscuous mode
看起来部分原因是因为我在监视数据包,然后有几次提到,Error opening specified endpoint "udp:161"但它们是零星的。可能是某种原因。
编辑:这实际上是由于我尝试agentAddress udp:161,udp6:[::1]:161。日志只是偶尔显示,因为我启用和禁用了该行。所以,回到原点。
答案1
我不太清楚为什么这样做有效,但我似乎已经解决了我的问题。在我的 中/etc/snmp/snmpd.conf,我替换了以下行:
com2sec readonly default taylor
和
rocommunity taylor
并且一切运行良好。
答案2
从您的日志来看,SNMP 守护程序无法绑定到端口 161,然后退出:
Dec 9 02:07:16 default snmpd[3281]: Error opening specified endpoint "udp:161"
Dec 9 02:07:16 default snmpd[3281]: Server Exiting with code 1
所以您没有收到任何回复的原因是它snmpd当时实际上并没有运行。
agentAddress如果存在语法问题,您可以尝试注释掉该行,但也可能存在其他内容绑定到 UDP 端口 161 的情况。检查netstat -lnp | grep :161其输出将显示绑定到该端口的内容。