1, Configuring the SNMP Agent in the AIX
1×1 Check the current running SNMP version
|
1 |
ls -l /usr/sbin/snmpd* |
You can see that the current snmpd is using snmpdv3ne, which means that it supports the non-encrypted version of SNMPv3, ne=no encryption, as long as /etc/snmpdv3.conf is configured, it can be used in the way of SNMPv1, so the default version can meet the requirements, if there are special needs, you can also change the version with snmpv3_ssw command.
Switch to SNMPv1
|
1 |
snmpv3_ssw -1 |
Switching to SNMPv3 non-encrypted version
|
1 |
snmpv3_ssw -n |
Switch to the encrypted version of SNMPv3 (this version is not installed by default)
|
1 |
snmpv3_ssw -e |
1×2 Create a community called hmsnmp
Modify the /etc/snmpdv3.conf file as shown below, taking special care to mark the sections with red lines.
Where 192.0.243.113 is the IP address of the monitoring tool, indicating that only this IP is allowed to access SNMP of AIX, for security reasons.
1×3 Stop and start the service to make changes to /etc/snmpdv3.conf effective
|
1 2 3 4 5 6 7 8 |
stopsrc -s aixmibd stopsrc -s snmpmibd stopsrc -s hostmibd stopsrc -s snmpd startsrc -s snmpd startsrc -s hostmibd -a "-c hmsnmp" startsrc -s snmpmibd -a "-c hmsnmp" startsrc -s aixmibd -a "-c hmsnmp" |
It is important to note that when the operating system reboots, the default boot parameters are public community, so in order to make the hmsnmp community work properly after the reboot, it is recommended to modify the /etc/rc.tcpip file to modify the default boot parameters as follows.
Start up the hostmibd daemon
|
1 |
start /usr/sbin/hostmibd "$src_running" "-c hmsnmp " |
Start up the snmpmibd daemon
|
1 |
start /usr/sbin/snmpmibd "$src_running" "-c hmsnmp " |
Start up the aixmibd daemon
|
1 |
start /usr/sbin/aixmibd "$src_running" "-c hmsnmp " |
1×4 testing for normal SNMP service
Execute the following commands locally:
|
1 2 3 4 5 6 |
# snmpinfo -md -c hmsnmp sysDescr 1.3.6.1.2.1.1.1.0 = "IBM PowerPC CHRP Computer Machine Type: 0x0800004c Processor id: 00F7TEST4C00 Base Operating System Runtime AIX version: 06.01.0007.0015 TCP/IP Client Support version: 06.01.0007.0016" |
On other machines where SNMPWALK is installed the following commands can be executed for verification.
|
1 2 3 4 5 6 |
# snmpwalk -v 1 -c hmsnmp 192.0.246.23 1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: IBM PowerPC CHRP Computer Machine Type: 0x0800004c Processor id: 00F7TEST4C00 Base Operating System Runtime AIX version: 06.01.0007.0015 TCP/IP Client Support version: 06.01.0007.0016 |
2, MIB OID commonly used in AIX
Above, we configured the value of SNMP Community: hmsnmp, which can be used to monitor SNMP-related services of the tool.
If you need to find the OID of an object, you can go to /etc/mib.defs to find the corresponding object, and then snmpinfo -md ObjectName to get the corresponding OID for remote call.
2×1 Display CPU usage
|
1 2 3 |
# snmpinfo -md -v -c hmsnmp aixSeCPUUtilization aixSeCPUUtilization.0 = 5 |
Remove the -v parameter and you see the OID value.
|
1 2 3 |
# snmpinfo -md -c hmsnmp aixSeCPUUtilization 1.3.6.1.4.1.2.6.191.1.2.1.0 = 5 |
2×2 Show Paging Space
|
1 2 3 4 5 6 7 8 9 10 11 |
# snmpinfo -md -v -c hmsnmp aixPagingSpace aixPageThreshold.0 = 95 aixPageName.1 = "hd6" aixPageNameVG.1 = "rootvg" aixPageNamePV.1 = "hdisk0" aixPageSize.1 = 14336 aixPagePercentUsed.1 = 1 aixPageStatus.1 = 1 aixPageType.1 = 1 aixPageIndex.1 = 1 |
2×3 View the serial number of the machine
|
1 2 3 4 |
# snmpinfo -md -v -c hmsnmp aixSeMachineType aixSeMachineType.0 = "IBM,8205-E6C" |
|
1 2 3 |
# snmpinfo -md -v -c hmsnmp aixSeSerialNumber aixSeSerialNumber.0 = "IBM,0210TESTR" |
2×4 View CPU count
|
1 2 3 |
# snmpinfo -md -v -c hmsnmp aixSeNumCPUs aixSeNumCPUs.0 = 4 |
2×5 View VG-related information: aixVolumeGroup
2×6 View LV-related information: aixLogicalVolume
2×7 View PV-related information: aixPhysicalVolume
2×8 View FS-related information: aixFileSystem
3, A simple case of system monitoring via SNMP
If you are just doing a simple monitoring, then you can write your own shell script.
Let’s write a shell script, AIX_FS_CHECK.sh, which is deployed on the monitor, using the usage of the monitor file system as an example.
In order to see the actual output, we set the threshold to a low value in the script, if you are interested, you can also bring the threshold as a parameter in the script.
|
1 2 3 4 5 |
# . /AIX_FS_CHECK.sh -h 192.0.246.23 -c hmsnmp WARNING!!! /usr used 74% WARNING!!! /usr Inodes used 18% WARNING!!! /patch used 97% |
The monitor smoothly gets the information of the monitored device through SNMP and sends the relevant alarm information according to our request.
4, Summary
This article introduces the method of monitoring AIX system using SNMP protocol. Although there is still a long way to realize the monitoring of various indicators, flexibility and ease of use should be improved, but it provides a way of thinking to realize the monitoring of the operating system in an agentless way, I hope to bring some help to those who need it.
5, Additional
Alternatively, there is another way to use the conf file I provided directly, which of course requires you to modify the community and IP address.
5×1 Stop service.
|
1 |
stopsrc -s snmpd |
5×2 Modify the conf file, replace the original conf file, and remember to back it up before replacing it.
5×3 Start service.
|
1 |
startsrc -s snmpd |
snmpd.conf content:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 |
############################################################################### # # EXAMPLE.conf: # An example configuration file for configuring the Net-SNMP agent ('snmpd') # See the 'snmpd.conf(5)' man page for details # # Some entries are deliberately commented out, and will need to be explicitly activated # ############################################################################### # # AGENT BEHAVIOUR # # Listen for connections from the local system only #agentAddress udp:127.0.0.1:161 # Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 ############################################################################### # # SNMPv3 AUTHENTICATION # # Note that these particular settings don't actually belong here. # They should be copied to the file /var/net-snmp/snmpd.conf # and the passwords changed, before being uncommented in that file *only*. # Then restart the agent # createUser authOnlyUser MD5 "remember to change this password" # createUser authPrivUser SHA "remember to change this one too" DES # createUser internalUser MD5 "this is only ever used internally, but still change the password" # If you also change the usernames (which might be sensible), # then remember to update the other occurances in this example config file to match. ############################################################################### # Remember to activate the 'createUser' lines above # ACCESS CONTROL # # Default access to basic system info view systemonly internet - included - view systemonly 1.3.6.1.4.1.2 - included - view systemonly 1.3.6.1.4.1.2.2 - included - view systemonly 1.3.6.1.4.1.2.3 - included - view systemonly 1.3.6.1.4.1.2.5 - included - view systemonly 1.3.6.1.4.1.2.6 - included - view systemonly directory - included - view systemonly mgmt - included - view systemonly mib-2 - included - view systemonly system - included - view systemonly aix - included - view systemonly 1.3.6.1.4 - included - view systemonly 1.3.6.1.6 - included - view systemonly 1.3.6.1.6.3.1.1.5 - included - view systemonly 1.3.6.1.4.1.2021 - included - view systemonly 1.3.6.1.4.1.2.3.1.2.2.2.1.4 - included - # Include aixmibd managed MIBS with this view view systemonly 1.3.6.1.4.1.2.6.191 - included - #view systemonly included .1.3.6 #view systemonly included .1.3.6.1.4.1.2021.10.1.3.1 #view systemonly included .1.3.6.1.4.1.2021.11.9.0 #view systemonly included .1.3.6.1.4.1.2021.11.11.0 #view systemonly included .1.3.6.1.4.1.2021.9 #view systemonly included .1.3.6.1.2.3.1.2.1.2 #view systemonly included .1.3.6.1.4.1.2.3.1.2.2.1.1.2 #view systemonly included .1.3.6.1.2.1.1 #view systemonly included .1.3.6.1.2.1.25.1 # Full access from the local host #rocommunity public localhost # Default access to basic system info # rocommunity public default -V systemonly rocommunity public # Full access from an example network # Adjust this network address to match your local # settings, change the community string, # and check the 'agentAddress' setting above #rocommunity secret 10.0.0.0/16 # Full read-only access for SNMPv3 rouser authOnlyUser # Full write access for encrypted requests # Remember to activate the 'createUser' lines above #rwuser authPrivUser priv # It's no longer typically necessary to use the full 'com2sec/group/access' configuration # r[ou]user and r[ow]community, together with suitable views, should cover most requirements ############################################################################### # # SYSTEM INFORMATION # # Note that setting these values here, results in the corresponding MIB objects being 'read-only' # See snmpd.conf(5) for more details sysLocation Sitting on the Dock of the Bay sysContact Me <me@example.org> # Application + End-to-End layers sysServices 72 # # Process Monitoring # # At least one 'mountd' process proc mountd # No more than 4 'ntalkd' processes - 0 is OK proc ntalkd 4 # At least one 'sendmail' process, but no more than 10 proc sendmail 10 1 # Walk the UCD-SNMP-MIB::prTable to see the resulting output # Note that this table will be empty if there are no "proc" entries in the snmpd.conf file # # Disk Monitoring # # 10MBs required on root disk, 5% free on /var, 10% free on all other disks disk / 10000 disk /var 5% disk /usr 10000 includeAllDisks 10% # Walk the UCD-SNMP-MIB::dskTable to see the resulting output # Note that this table will be empty if there are no "disk" entries in the snmpd.conf file # # System Load # # Unacceptable 1-, 5-, and 15-minute load averages load 12 10 5 # Walk the UCD-SNMP-MIB::laTable to see the resulting output # Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file ############################################################################### # # ACTIVE MONITORING # # send SNMPv1 traps trapsink localhost public # send SNMPv2c traps #trap2sink localhost public # send SNMPv2c INFORMs #informsink localhost public # Note that you typically only want *one* of these three lines # Uncommenting two (or all three) will result in multiple copies of each notification. # # Event MIB - automatically generate alerts # # Remember to activate the 'createUser' lines above iquerySecName internalUser rouser internalUser # generate traps on UCD error conditions defaultMonitors yes # generate traps on linkUp/Down linkUpDownNotifications yes ############################################################################### # # EXTENDING THE AGENT # # # Arbitrary extension commands # extend test1 /bin/echo Hello, world! extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 #extend-sh test3 /bin/sh /tmp/shtest # Note that this last entry requires the script '/tmp/shtest' to be created first, # containing the same three shell commands, before the line is uncommented # Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table # and nsExtendOutput2Table) to see the resulting output # Note that the "extend" directive supercedes the previous "exec" and "sh" directives # However, walking the UCD-SNMP-MIB::extTable should still returns the same output, # as well as the fuller results in the above tables. # # "Pass-through" MIB extension command # #pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest #pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl # Note that this requires one of the two 'passtest' scripts to be installed first, # before the appropriate line is uncommented. # These scripts can be found in the 'local' directory of the source distribution, # and are not installed automatically. # Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output # # AgentX Sub-agents # # Run as an AgentX master agent master agentx # Listen for network connections (from localhost) # rather than the default named socket /var/agentx/master #agentXSocket tcp:localhost:705 #proxy -v 1 -c public 127.0.0.1:1610 .1.3.6.1.4.1.2021.9 |
