- 论坛徽章:
- 0
|
snmp提供了发送自定义信息的功能。查看snmpd.conf会看到有一个小节是关于外部脚本的,Executables/scripts。这个小节里面也举了例子,告诉你怎么通过snmp发送信息。我的做法如下(下面假定你已经配置好了snmp,通过cacti已经能采集到信息了)。
修改/etc/snmp/snmpd.conf
在任意位置添加一行:
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
extend .1.3.6.1.4.1.2021.50 jkhttp /bin/sh /usr/local/apache/bin/jkhttp.sh(as4上用exec)
为什么不用exec?报错
SNMPdaemon version 5.0 and above from the NetSNMP project provides a way toaccess output of user supplied scripts via SNMP protocol. In otherwords: SNMP client on one machine can invoke a script on anothermachine just by sending a SNMP query. After the remote script finishesits standard/error output, return code and some other values are sentback to the client in a SNMP response.
(NOTE: See SNMP exec section below if you run older SNMP daemon than NetSNMP 5.0)
SNMPexec provides a similar functionality to extend, however exec is lessflexible and slightly slower to work with. On the other hand it issupported in many older implementations of SNMP daemons includingUCD-SNMP and NetSNMP 4.x which are still found on many servers.
其中jkhttp 是命令的名称,后面是命令以及参数。命令的名称可以随便起。脚本:
#!/bin/sh
num=$(ps -e |grep http|grep -v grep|grep -v jkhttp|wc -l)
echo $num
echo OK重启snmpd,然后远程通过snmpwalk接收一下数据看看:
[root@db ~]# snmpwalk -v 2c 172.18.3.131 -c public .1.3.6.1.4.1.2021.50
UCD-SNMP-MIB::ucdavis.50.1.0 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1.2.6.106.107.104.116.116.112 = STRING: "/bin/sh"
UCD-SNMP-MIB::ucdavis.50.2.1.3.6.106.107.104.116.116.112 = STRING: "/usr/local/apache/bin/jkhttp.sh"
UCD-SNMP-MIB::ucdavis.50.2.1.4.6.106.107.104.116.116.112 = ""
UCD-SNMP-MIB::ucdavis.50.2.1.5.6.106.107.104.116.116.112 = INTEGER: 5
UCD-SNMP-MIB::ucdavis.50.2.1.6.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1.7.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1.20.6.106.107.104.116.116.112 = INTEGER: 4
UCD-SNMP-MIB::ucdavis.50.2.1.21.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.3.1.1.6.106.107.104.116.116.112 = STRING: "142"
UCD-SNMP-MIB::ucdavis.50.3.1.2.6.106.107.104.116.116.112 = STRING: "OK"
UCD-SNMP-MIB::ucdavis.50.3.1.3.6.106.107.104.116.116.112 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.3.1.4.6.106.107.104.116.116.112 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.4.1.2.6.106.107.104.116.116.112.1 = STRING: "142"
UCD-SNMP-MIB::ucdavis.50.4.1.2.6.106.107.104.116.116.112.2 = STRING: "OK"复制代码其中我们需要的是UCD-SNMP-MIB::ucdavis.50.4.1.2.6.106.107.104.116.116.112.1 = STRING: "142"这一行
#
snmpwalk -v 2c 172.18.3.131 -c public .1.3.6.1.4.1.2021.50.3.1.2.6.106.107.104.116.116.112.1复制代码UCD-SNMP-MIB::ucdavis.50.3.1.2.6.106.107.104.116.116.112.1 = STRING: "86"
能采集到数据之后,就可以配置cacti来接收了。在cacti界面中console->Templates->DataTemplates,然后点击右上角的Add,Data Templates中的name是给这个数据模板的命名,DataSource中的name将来显示在Data Sources中,我这里添加“|host_description| - HTTPNUM”,选get snmp data,Internal Data Source Name也可以随便添,这个用来给rrd文件命名 Unix -HTTP NUM。设置完后就可以save了,save之后会发现下面多了一些选项,在最下面那个添上我们需要的数据的 OID
“.1.3.6.1.4.1.2021.50.3.1.2.6.106.107.104.116.116.112.1”,可以保存了。
此后需要创建一个GraphTemplates,好让cacti生成图片。在cacti界面中console->Templates->GraphTemplates,然后点击右上角的Add,Templates中的name是给这个数据模板的命名Unix - HTTP NUM,GraphTemplate中的name是将来显示在图片上面中间的内容,我这里添加“|host_description| - HTTPNUM”,其他保持默认,保存之后上面会出来一些选项。
在Graph Template Items中添加一个item,Data Source选之前添加的,color选择一个图片的颜色,Graph Item Type选AREA,也就是区域,也可以选其他的线条,Text Format设置说明。
然后再添加一个item,Data Source选之前添加的,color选择none,Graph ItemType选GPRINT,Consolidation Function选LAST,也就是当前的值,TextFormat输入Current。你还可以添加一些Graph Item Type为COMMENT的注释说明等。
现在只要为host添加这个画图模板就可以看到画出来的图了。
1.关于SELinux报错:
Jun30 10:45:03 web1 setroubleshoot: SELinux is preventing /bin/ps(snmpd_t) "sys_ptrace" access to (snmpd_t). Forcomplete SELinux messages. run sealert -l32ec5849-2d38-49b8-a13c-faaba9239c98
解决:You can disable SELinux for snmpd by issuing the following command:
启动 setroubleshoot,以便可以使用sealert命令查询错误数据库,查询完毕后可以关闭
service setroubleshoot start
使用 sealert -l 32ec5849-2d38-49b8-a13c-faaba9239c98 查看错误数据库
按提示操作setsebool -P snmpd_disable_trans=1
-P参数是永久有效的意思
停止 setroubleshoot
service setroubleshoot stop
重起snmpd
service snmpd restart
2.关于报错:last message repeated 3 times
vi /etc/init.d/snmpd
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
OPTIONS="-LS 0-4 d -Lf /dev/null -p /var/run/snmpd.pid -a"
3.使用cacti监控一台比较老的centos4.2的apache连接数,自定义的脚本,运行报错
[root@send4 data]# /usr/local/net-snmp/bin/snmpwalk -v 1 172.18.1.9 -c public .1.3.6.1.4.1.2021.50
UCD-SNMP-MIB::ucdavis.50.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1 = STRING: "jkhttp"
UCD-SNMP-MIB::ucdavis.50.3.1 = STRING: "/bin/sh /usr/local/apache/bin/jkhttp.sh"
UCD-SNMP-MIB::ucdavis.50.100.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.101.1 = STRING: "/bin/sh: Permission denied"
UCD-SNMP-MIB::ucdavis.50.102.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.103.1 =
查看/var/log/message
Jul17 11:06:37 server7 kernel: audit(1216263997.231:115): avc: denied {read } for pid=2697 comm="snmpd" name="sh" dev=sda2 ino=
1261577 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file
Jul17 11:06:37 server7 kernel: audit(1216263997.237:116): avc: denied {read } for pid=2698 comm="snmpd" name="sh" dev=sda2 ino=
1261577 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file
Jul17 11:06:37 server7 kernel: audit(1216263997.243:117): avc: denied {read } for pid=2699 comm="snmpd" name="sh" dev=sda2 ino=
1261577 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file
解决办法
查看selinux拒绝了那些snmp正常的操作
[root@server7 snmp]# audit2allow -d
allow snmpd_t bin_t:lnk_file read;
allow snmpd_t sysctl_net_t:dir search;
把上面的行输出加入到文件
/etc/selinux/targeted/src/policy/domains/program/snmpd.te中。发现没有这个文件
原因是没有安装selinux-policy-targeted-sources-1.17.30-2.110.noarch.rpm
安装后把上面几行输出加入到文件 /etc/selinux/targeted/src/policy/domains/program/snmpd.te中。
执行
[root@server7 snmp]# cd /etc/selinux/targeted/src/policy
[root@server7 policy]# make load
[root@server7 policy]# setfiles file_contexts/file_contexts /usr/share/snmp
OK了
[root@send4 data]# /usr/local/net-snmp/bin/snmpwalk -v 1 172.18.1.9 -c public .1.3.6.1.4.1.2021.50
UCD-SNMP-MIB::ucdavis.50.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.50.2.1 = STRING: "jkhttp"
UCD-SNMP-MIB::ucdavis.50.3.1 = STRING: "/bin/sh /usr/local/apache/bin/jkhttp.sh"
UCD-SNMP-MIB::ucdavis.50.100.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.101.1 = STRING: "12"
UCD-SNMP-MIB::ucdavis.50.101.2 = STRING: "ok"
UCD-SNMP-MIB::ucdavis.50.102.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.50.103.1 = ""
数据出来了,可是后台又有新的错误
Jul17 14:57:10 server7 kernel: audit(1216277829.987:1928): avc: denied {read } for pid=5663 comm="ps" name="2" dev=proc ino=234782722scontext=root:system_r:snmpd_t tcontext=user_u:system_r:unconfined_ttclass=lnk_file
Jul 17 14:57:10 server7 kernel:audit(1216277829.988:1929): avc: denied { search } for pid=5663comm="ps" name="/" dev=devpts ino=1 scontext=root:system_r:snmpd_ttcontext=user_u:object_r:devpts_t tclass=dir
Jul 17 14:57:10 server7kernel: audit(1216277829.988:1930): avc: denied { getattr } for pid=5663 comm="ps" name="/" dev=devpts ino=1scontext=root:system_r:snmpd_t tcontext=user_u:object_r:devpts_ttclass=dir
同样的步骤
[root@server7 ~]# audit2allow -d
allow snmpd_t devpts_t:dir { getattr search };
allow snmpd_t tty_device_t:chr_file getattr;
allow snmpd_t unconfined_t:lnk_file read;
allow snmpd_t usr_t:file ioctl;
把上面的行输出加入到文件
/etc/selinux/targeted/src/policy/domains/program/snmpd.te中
[root@server7 snmp]# cd /etc/selinux/targeted/src/policy
[root@server7 policy]# make load
[root@server7 policy]# setfiles file_contexts/file_contexts /usr/share/snmp
来源:
http://blog.chinaunix.net/u/32831/showart_1018027.html
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/62871/showart_2083099.html |
|
免费注册
发表于 2009-10-30 18:43