1, Configuring the SNMP Agent in the AIX
1×1 Check the current running SNMP version
ls -l /usr/sbin/snmpd*
You can see that the current snmpd is using snmpdv3ne, which means that it supports the non-encrypted version of SNMPv3, ne=no encryption, as long as /etc/snmpdv3.conf is configured, it can be used in the way of SNMPv1, so the default version can meet the requirements, if there are special needs, you can also change the version with snmpv3_ssw command.
Switch to SNMPv1
snmpv3_ssw -1Switching to SNMPv3 non-encrypted version
snmpv3_ssw -nSwitch to the encrypted version of SNMPv3 (this version is not installed by default)
snmpv3_ssw -e1×2 Create a community called hmsnmp
Modify the /etc/snmpdv3.conf file as shown below, taking special care to mark the sections with red lines.
Where 192.0.243.113 is the IP address of the monitoring tool, indicating that only this IP is allowed to access SNMP of AIX, for security reasons.
1×3 Stop and start the service to make changes to /etc/snmpdv3.conf effective
stopsrc -s aixmibd
stopsrc -s snmpmibd
stopsrc -s hostmibd
stopsrc -s snmpd
startsrc -s snmpd
startsrc -s hostmibd -a "-c hmsnmp"
startsrc -s snmpmibd -a "-c hmsnmp"
startsrc -s aixmibd -a "-c hmsnmp"It is important to note that when the operating system reboots, the default boot parameters are public community, so in order to make the hmsnmp community work properly after the reboot, it is recommended to modify the /etc/rc.tcpip file to modify the default boot parameters as follows.
Start up the hostmibd daemon
start /usr/sbin/hostmibd "$src_running" "-c hmsnmp "Start up the snmpmibd daemon
start /usr/sbin/snmpmibd "$src_running" "-c hmsnmp "Start up the aixmibd daemon
start /usr/sbin/aixmibd "$src_running" "-c hmsnmp "1×4 testing for normal SNMP service
Execute the following commands locally:
# snmpinfo -md -c hmsnmp sysDescr
1.3.6.1.2.1.1.1.0 = "IBM PowerPC CHRP Computer
Machine Type: 0x0800004c Processor id: 00F7TEST4C00
Base Operating System Runtime AIX version: 06.01.0007.0015
TCP/IP Client Support version: 06.01.0007.0016"On other machines where SNMPWALK is installed the following commands can be executed for verification.
# snmpwalk -v 1 -c hmsnmp 192.0.246.23 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: IBM PowerPC CHRP Computer
Machine Type: 0x0800004c Processor id: 00F7TEST4C00
Base Operating System Runtime AIX version: 06.01.0007.0015
TCP/IP Client Support version: 06.01.0007.00162, MIB OID commonly used in AIX
Above, we configured the value of SNMP Community: hmsnmp, which can be used to monitor SNMP-related services of the tool.
If you need to find the OID of an object, you can go to /etc/mib.defs to find the corresponding object, and then snmpinfo -md ObjectName to get the corresponding OID for remote call.
2×1 Display CPU usage
# snmpinfo -md -v -c hmsnmp aixSeCPUUtilization
aixSeCPUUtilization.0 = 5Remove the -v parameter and you see the OID value.
# snmpinfo -md -c hmsnmp aixSeCPUUtilization
1.3.6.1.4.1.2.6.191.1.2.1.0 = 52×2 Show Paging Space
# snmpinfo -md -v -c hmsnmp aixPagingSpace
aixPageThreshold.0 = 95
aixPageName.1 = "hd6"
aixPageNameVG.1 = "rootvg"
aixPageNamePV.1 = "hdisk0"
aixPageSize.1 = 14336
aixPagePercentUsed.1 = 1
aixPageStatus.1 = 1
aixPageType.1 = 1
aixPageIndex.1 = 12×3 View the serial number of the machine
# snmpinfo -md -v -c hmsnmp aixSeMachineType
aixSeMachineType.0 = "IBM,8205-E6C"
# snmpinfo -md -v -c hmsnmp aixSeSerialNumber
aixSeSerialNumber.0 = "IBM,0210TESTR"2×4 View CPU count
# snmpinfo -md -v -c hmsnmp aixSeNumCPUs
aixSeNumCPUs.0 = 42×5 View VG-related information: aixVolumeGroup
2×6 View LV-related information: aixLogicalVolume
2×7 View PV-related information: aixPhysicalVolume
2×8 View FS-related information: aixFileSystem
3, A simple case of system monitoring via SNMP
If you are just doing a simple monitoring, then you can write your own shell script.
Let’s write a shell script, AIX_FS_CHECK.sh, which is deployed on the monitor, using the usage of the monitor file system as an example.
In order to see the actual output, we set the threshold to a low value in the script, if you are interested, you can also bring the threshold as a parameter in the script.
# . /AIX_FS_CHECK.sh -h 192.0.246.23 -c hmsnmp
WARNING!!! /usr used 74%
WARNING!!! /usr Inodes used 18%
WARNING!!! /patch used 97%The monitor smoothly gets the information of the monitored device through SNMP and sends the relevant alarm information according to our request.
4, Summary
This article introduces the method of monitoring AIX system using SNMP protocol. Although there is still a long way to realize the monitoring of various indicators, flexibility and ease of use should be improved, but it provides a way of thinking to realize the monitoring of the operating system in an agentless way, I hope to bring some help to those who need it.
5, Additional
Alternatively, there is another way to use the conf file I provided directly, which of course requires you to modify the community and IP address.
5×1 Stop service.
stopsrc -s snmpd5×2 Modify the conf file, replace the original conf file, and remember to back it up before replacing it.
5×3 Start service.
startsrc -s snmpdsnmpd.conf content:
###############################################################################
#
# EXAMPLE.conf:
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See the 'snmpd.conf(5)' man page for details
#
# Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
# AGENT BEHAVIOUR
#
# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
###############################################################################
#
# SNMPv3 AUTHENTICATION
#
# Note that these particular settings don't actually belong here.
# They should be copied to the file /var/net-snmp/snmpd.conf
# and the passwords changed, before being uncommented in that file *only*.
# Then restart the agent
# createUser authOnlyUser MD5 "remember to change this password"
# createUser authPrivUser SHA "remember to change this one too" DES
# createUser internalUser MD5 "this is only ever used internally, but still change the password"
# If you also change the usernames (which might be sensible),
# then remember to update the other occurances in this example config file to match.
###############################################################################
# Remember to activate the 'createUser' lines above
# ACCESS CONTROL
#
# Default access to basic system info
view systemonly internet - included -
view systemonly 1.3.6.1.4.1.2 - included -
view systemonly 1.3.6.1.4.1.2.2 - included -
view systemonly 1.3.6.1.4.1.2.3 - included -
view systemonly 1.3.6.1.4.1.2.5 - included -
view systemonly 1.3.6.1.4.1.2.6 - included -
view systemonly directory - included -
view systemonly mgmt - included -
view systemonly mib-2 - included -
view systemonly system - included -
view systemonly aix - included -
view systemonly 1.3.6.1.4 - included -
view systemonly 1.3.6.1.6 - included -
view systemonly 1.3.6.1.6.3.1.1.5 - included -
view systemonly 1.3.6.1.4.1.2021 - included -
view systemonly 1.3.6.1.4.1.2.3.1.2.2.2.1.4 - included -
# Include aixmibd managed MIBS with this view
view systemonly 1.3.6.1.4.1.2.6.191 - included -
#view systemonly included .1.3.6
#view systemonly included .1.3.6.1.4.1.2021.10.1.3.1
#view systemonly included .1.3.6.1.4.1.2021.11.9.0
#view systemonly included .1.3.6.1.4.1.2021.11.11.0
#view systemonly included .1.3.6.1.4.1.2021.9
#view systemonly included .1.3.6.1.2.3.1.2.1.2
#view systemonly included .1.3.6.1.4.1.2.3.1.2.2.1.1.2
#view systemonly included .1.3.6.1.2.1.1
#view systemonly included .1.3.6.1.2.1.25.1
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
# rocommunity public default -V systemonly
rocommunity public
# Full access from an example network
# Adjust this network address to match your local
# settings, change the community string,
# and check the 'agentAddress' setting above
#rocommunity secret 10.0.0.0/16
# Full read-only access for SNMPv3
rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the 'createUser' lines above
#rwuser authPrivUser priv
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
# r[ou]user and r[ow]community, together with suitable views, should cover most requirements
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Sitting on the Dock of the Bay
sysContact Me <me@example.org>
# Application + End-to-End layers
sysServices 72
#
# Process Monitoring
#
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
#
# Disk Monitoring
#
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
disk /usr 10000
includeAllDisks 10%
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
#
# System Load
#
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
###############################################################################
#
# ACTIVE MONITORING
#
# send SNMPv1 traps
trapsink localhost public
# send SNMPv2c traps
#trap2sink localhost public
# send SNMPv2c INFORMs
#informsink localhost public
# Note that you typically only want *one* of these three lines
# Uncommenting two (or all three) will result in multiple copies of each notification.
#
# Event MIB - automatically generate alerts
#
# Remember to activate the 'createUser' lines above
iquerySecName internalUser
rouser internalUser
# generate traps on UCD error conditions
defaultMonitors yes
# generate traps on linkUp/Down
linkUpDownNotifications yes
###############################################################################
#
# EXTENDING THE AGENT
#
#
# Arbitrary extension commands
#
extend test1 /bin/echo Hello, world!
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
#extend-sh test3 /bin/sh /tmp/shtest
# Note that this last entry requires the script '/tmp/shtest' to be created first,
# containing the same three shell commands, before the line is uncommented
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
# and nsExtendOutput2Table) to see the resulting output
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
# as well as the fuller results in the above tables.
#
# "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
# Note that this requires one of the two 'passtest' scripts to be installed first,
# before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
# and are not installed automatically.
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
#
# AgentX Sub-agents
#
# Run as an AgentX master agent
master agentx
# Listen for network connections (from localhost)
# rather than the default named socket /var/agentx/master
#agentXSocket tcp:localhost:705
#proxy -v 1 -c public 127.0.0.1:1610 .1.3.6.1.4.1.2021.9
发表回复