Forum Clubic

Snmp (nagios)

Bonjour, je suis actuellement en stage et on m’a chargé de configurer des switch avec Nagios sous openSuse.
On m’a demandé de mettre des check_http, check_ping ainsi que des check_snmp. Le HTTP & le PING marche très bien, mais tous les check_snmp ne marche pas, le probleme c’est que tous mes switchs (sauf 1) utilise la version 3 de SNMP et moi je voudrais utiliser la version 2. Sur utilisant la version 2 les check_snmp marche !

Comment modifier la version du SNMP ?
Ou sans toucher à la version quelle ligne de command est à taper ?

Dans mon fichier de config :


define service{
        use                                     generic-service
        host_name                       procurve
        service_description        Switch Services
        check_command            check_snmp! -C snmpadmin -o --protocol 2c -l authNoPriv -U admin -A admin sysServices.0 -v -m RFC1213-MIB
        }

Je vous redonne l’erreur que me renvoie Nagios dans l’interface WEB


Current Status:	
  UNKNOWN  
 (for 0d 20h 3m 57s)
Status Information:	/usr/bin/snmpget -t 1 -r 5 -m RFC1213-MIB -v 1 [authpriv] 128.1.6.200:161 --protocol
External command error: : line 0: Warning: Unknown token: protocol.
Missing object name
USAGE: snmpget [OPTIONS] AGENT OID [OID]...

Version: 5.4.2.1
Web: [www.net-snmp.org...](http://www.net-snmp.org/)
Email: net-snmp-coders@lists.sourceforge.net

OPTIONS:
-h, --help display this help message
-H display configuration file directives understood
-v 1
Performance Data:	2c|3 specifies SNMP version to use -V, --version display package version number SNMP Version 1 or 2c specific -c COMMUNITY set the community string SNMP Version 3 specific -a PROTOCOL set authentication protocol (MD5|SHA) -A PASSPHRASE set authentication protocol pass phrase -e ENGINE-ID set security engine ID (e.g. 800000020109840301) -E ENGINE-ID set context engine ID (e.g. 800000020109840301) -l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv) -n CONTEXT set context name (e.g. bridge1) -u USER-NAME set security name (e.g. bert) -x PROTOCOL set privacy protocol (DES|AES) -X PASSPHRASE set privacy protocol pass phrase -Z BOOTS,TIME set destination engine boots/time General communication options -r RETRIES set the number of retries -t TIMEOUT set the request timeout (in seconds) Debugging -d dump input/output packets in hexadecimal -D TOKEN[,...] turn on debugging output for the specified TOKENs (ALL gives extremely verbose debugging output) General options -m MIB[:...] load given list of MIBs (ALL loads everything) -M DIR[:...] look in given list of directories for MIBs -P MIBOPTS Toggle various defaults controlling MIB parsing: u: allow the use of underlines in MIB symbols c: disallow the use of "--" to terminate comments d: save the DESCRIPTIONs of the MIB objects e: disable errors when MIB symbols conflict w: enable warnings when MIB symbols conflict W: enable detailed warnings when MIB symbols conflict R: replace MIB symbols from latest module -O OUTOPTS Toggle various defaults controlling output display: 0: print leading 0 for single-digit hex characters a: print all strings in ascii format b: do not break OID indexes down e: print enums numerically E: escape quotes in string indices f: print full OIDs on output n: print OIDs numerically q: quick print for easier parsing Q: quick print with equal-signs s: print only last symbolic element of OID S: print MIB module-id plus last element t: print timeticks unparsed as numeric integers T: print human-readable text along with hex strings u: print OIDs using UCD-style prefix suppression U: don't print units v: print values only (not OID = value) x: print all strings in hex format X: extended index format -I INOPTS Toggle various defaults controlling input parsing: b: do best/regex matching to find a MIB node h: don't apply DISPLAY-HINTs r: do not check values for range/type legality R: do random access to OID labels u: top-level OIDs must have '.' prefix (UCD-style) s SUFFIX: Append all textual OIDs with SUFFIX before parsing S PREFIX: Prepend all textual OIDs with PREFIX before parsing -L LOGOPTS Toggle various defaults controlling logging: e: log to standard error o: log to standard output n: don't log at all f file: log to the specified file s facility: log to syslog (via the specified facility) (variants) [EON] pri: log to standard error, output or /dev/null for level 'pri' and above [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2' [FS] pri token: log to file/syslog for level 'pri' and above [FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2' -C APPOPTS Set various application specific behaviours: f: do not fix errors and retry the request

Merci de m’aider s’il vous plait. :slight_smile:

A mon avis, il vaut mieux que tu dises a ton check-snmp d’utiliser la version 3 plutot que modifier la conf de tous les switchs. M’enfin, demande a ton admin reseau…

Même quand je lui dit d’utiliser la version 3 << --protocol 3 >> Ou << -P 3 >> Il me renvoe la même erreur. --’
Sa fait 2 jours que je suis dessus j’en peux plus, ^^
Merci de ton aide. :slight_smile:


define service{
 use generic-service
 host_name procurve
 service_description Switch Services
 check_command check_snmp! -C snmpadmin -o --protocol 3 sysServices.0 -v -m RFC1213-MIB
 }


J’ai essayé avec une autre check_command


define service{
        use                     generic-service
        host_name               6850
        service_description     Uptime
        check_command           check_snmp! -C snmpadm -o sysUpTime.0 -v -m RFC1213-MIB
        }

Erreur renvoyé :


/usr/bin/snmpget -t 1 -r 5 -m RFC1213-MIB -v 1 [authpriv] 128.1.1.201:161 sysUpTime.0
External command error: Timeout: No Response from 128.1.1.201:161.

Y’aurait pas des access-lists sur les switchs qui bloquent les connexions depuis ton serveur ou carrement le protocole snmp ?
D’apres tes messages d’erreur, tu sembles avoir plusieurs problemes cumulés.

Deja, les options que tu passes a check-snmp semblent avoir une erreur

Relis la doc pour corriger ca

ensuite, tes switchs semblent de pas accepter les connexions snmp depuis ton serveur, il faut regler ca aussi
Edité le 13/11/2009 à 13:11