Cacti SNMP v3 How-To (0.2)
Preface:
This document is intended to describe the process required to enable encrypted snmp polling within cacti. The document was written whilst performing the installation on a Linux Fedora Core 3 server, although implemntations on Fedora Core 1 & White Box Enterprise Linux have also been sucesful. The host used to gather data from for the purpose of this document is a Nokia IPSO appliance.
Limitations:
The version of cacti used will be 0.8.6b, "TheWitness" has told me that this version has a pooler crash, but I've yet to try upgrading to 8.8.6c.
System Requirements:
Apache, php, mysql, snmp, rrd-tool, and cacti ;-)
Installation:
-
Log out ;-)
Before we can create any snmp v3, we need to enable it; to enable snmp we need to make some changes to the php files.
-
Change: \~/cacti_install_dir/lib/snmp.php.txt
Line 46:
- Change: \$version = "1";
- to: \$version = "3";
Line 65:
- Change: \$snmp_auth = "-u \$username -X \$password"; /* v3 - username/password */
- to: \$snmp_auth = "-u \$username -A \$password"; /* v3 - username/password */
Line 119:
- Change: \$snmp_auth = "-u \$username -X \$password"; /* v3 - username/password */
- to: \$snmp_auth = "-u \$username -A \$password"; /* v3 - username/password */
-
Change: \~/cacti_install_dir/include/config_form.php.txt
Line 655:
- Change: "method" => "hidden"
- to: "method" => "textbox"
Line 663:
- Change: "method" => "hidden"
- to: "method" => "textbox"
-
Change: config_settings.php.txt
Uncomment Line 186 -> 199, i.e. remove the "//" from the begining of each line.
-
Change: config_array.php.txt
Line 135:
- Change:
\$snmp_versions = array(1 =>
"Version 1" ,
"Version 2" ); - To:
\$snmp_versions = array(1 =>
"Version 1",
"Version 2",
"Version 3");
- Change:
-
Create /etc/snmp/snmp.conf
The contents of the file should be:
defContext ""
defSecurityLevel authNoPriv -
Create Device
As documented. http://www.cacti.net/downloads/docs/html/graph_howto.html#NEW_DEVICE
(For Nokia IPSO Appliences use host Templaye Generic SNMP-enabled
HOST, and Associated Data Queries: SNMP - Get Processor Infomation & SNMP -
Interface Statistics ) -
Create Graph
As Documented. http://www.cacti.net/downloads/docs/html/graph_howto.html
Appendix:
-
Rpms on my FC3 Machine
$SHELL>rpm -qa | grep mysql mysql-3.23.58-14 php-mysql-4.3.10-3.2 mysql-server-3.23.58-14 mysql-devel-3.23.58-14 libdbi-dbd-mysql-0.6.5-9 $SHELL> rpm -qa | grep php php-ldap-4.3.10-3.2 php-mysql-4.3.10-3.2 php-odbc-4.3.10-3.2 php-4.3.10-3.2 php-pear-4.3.10-3.2 $SHELL> rpm -qa | grep http httpd-suexec-2.0.52-3.1 system-config-httpd-1.3.1-1 httpd-2.0.52-3.1 httpd-manual-2.0.52-3.1 $SHELL> rpm -qa | grep rrd rrdtool-1.0.49-3 $SHELL> rpm -qa | grep snmp net-snmp-libs-5.1.2-11 net-snmp-5.1.2-11 net-snmp-utils-5.1.2-11
-
How to setup snmp v3 on IPSO
(The is a quick guide of the steps needed)
1. Log into Voyager 2. Click Config 3. Below the heading "Security and Access Configuration" Click Users 4. Add a new user (Username , uid {eg. 110}, home {eg /var/uid}), Click Apply 5. Set new users password , click apply 6. CLick Home, config, snmp 7. at the bottom of page set user to read-writeto test from cacti server, try from shell, snmpwalk -u user -A password
,
you should get....\$SHELL>snmpwalk -u user -A password default_gw
SNMPv2-MIB::sysDescr.0 = STRING: IP650 rev AAA06449-411, IPSO xxx 3.7.1-BUILD004 releng 1227 11.06.2003-010000 i386
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.94.1.21.2.1.8
SNMPv2-MIB::sysUpTime.0 = Timeticks: (382157315) 44 days, 5:32:53.15
SNMPv2-MIB::sysContact.0 = STRING: Me
SNMPv2-MIB::sysName.0 = STRING: Nokia
SNMPv2-MIB::sysLocation.0 = STRING: Here
SNMPv2-MIB::sysServices.0 = INTEGER: 76
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (16) 0:00:00.16
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIBSNMPv2-MIB::sysORID.2 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
.......ChangeLog
- 16/3/2005 : [NICK] Doc Complete
- 17/3/2005 : [NICK] Doc Published on http://forums.cacti.net/
- 30/3/2005: [NICK] Doc moved into Wordpress to allow viewers to comment directly
END
And I think that's all folks, I hope it works for you & that you find this of some use !.