SNMP安装
一、安装文件
dockerfile
# 使用Debian的slim版本作为基础镜像
FROM debian:buster-slim
# 设置清华大学TUNA镜像源
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& sed -i 's/security.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& apt-get update && apt-get install -y snmp snmpd
# 使用非自由软件包源(non-free repositories)来安装完整的MIB包
RUN sed -i 's/main/main non-free/' /etc/apt/sources.list \
&& apt-get update && apt-get install -y snmp-mibs-downloader
# 开放161端口,SNMP标准端口
EXPOSE 161/udp
# 启动snmpd服务
CMD [ "snmpd", "-f", "-Lo" ]
制作镜像
docker build -t snmp-router .
snmpd.conf
###############################################################################
#
# EXAMPLE.conf:
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See the 'snmpd.conf(5)' man page for details
#
# Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
# AGENT BEHAVIOUR
#
# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
agentAddress udp:161
###############################################################################
#
# SNMPv3 AUTHENTICATION
#
# Note that these particular settings don't actually belong here.
# They should be copied to the file /var/lib/snmp/snmpd.conf
# and the passwords changed, before being uncommented in that file *only*.
# Then restart the agent
# createUser authOnlyUser MD5 "remember to change this password"
# createUser authPrivUser SHA "remember to change this one too" DES
# createUser internalUser MD5 "this is only ever used internally, but still change the password"
# If you also change the usernames (which might be sensible),
# then remember to update the other occurances in this example config file to match.
###############################################################################
#
# ACCESS CONTROL
#
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default -V systemonly
# rocommunity6 is for IPv6
rocommunity6 public default -V systemonly
# Full access from an example network
# Adjust this network address to match your local
# settings, change the community string,
# and check the 'agentAddress' setting above
#rocommunity secret 10.0.0.0/16
# Full read-only access for SNMPv3
rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the 'createUser' lines above
#rwuser authPrivUser priv
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
# r[ow]user and r[ow]community, together with suitable views, should cover most requirements
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Sitting on the Dock of the Bay
sysContact Me <me@example.org>
# Application + End-to-End layers
sysServices 72
#
# Process Monitoring
#
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
#
# Disk Monitoring
#
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
includeAllDisks 10%
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
#
# System Load
#
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
###############################################################################
#
# ACTIVE MONITORING
#
# send SNMPv1 traps
trapsink localhost public
# send SNMPv2c traps
#trap2sink localhost public
# send SNMPv2c INFORMs
#informsink localhost public
# Note that you typically only want *one* of these three lines
# Uncommenting two (or all three) will result in multiple copies of each notification.
#
# Event MIB - automatically generate alerts
#
# Remember to activate the 'createUser' lines above
iquerySecName internalUser
rouser internalUser
# generate traps on UCD error conditions
defaultMonitors no
# generate traps on linkUp/Down
linkUpDownNotifications yes
###############################################################################
#
# EXTENDING THE AGENT
#
#
# Arbitrary extension commands
#
extend test1 /bin/echo Hello, world!
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
extend .1.3.6.1.2.1.1.2021.5000 /bin/echo Hello, world!
#extend-sh test3 /bin/sh /tmp/shtest
# Note that this last entry requires the script '/tmp/shtest' to be created first,
# containing the same three shell commands, before the line is uncommented
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
# and nsExtendOutput2Table) to see the resulting output
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
# as well as the fuller results in the above tables.
#
# "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
# Note that this requires one of the two 'passtest' scripts to be installed first,
# before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
# and are not installed automatically.
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
#
# AgentX Sub-agents
#
# Run as an AgentX master agent
master agentx
# Listen for network connections (from localhost)
# rather than the default named socket /var/agentx/master
#agentXSocket tcp:localhost:705
docker
# 启动命令
docker run -d --name=snmp-router-1 -p 1610:161/udp -v /root/docker/snmp/snmpd.conf:/etc/snmp/snmpd.conf snmp-router
启动完成后的测试
# .1.3.6.1.2.1.1.2021.5000 就是 配置文件中 extend 后面的ID
snmpwalk -v 2c -c public localhost .1.3.6.1.2.1.1.2021.5000
Paessler SNMP Tester 工具测试
Java代码测试(snmp4j)
SimpleSNMPTest
package simplesnmp;
import org.junit.Test;
import org.junit.Before;
import org.junit.After;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.smi.VariableBinding;
import java.util.List;
import java.util.Vector;
public class SimpleSNMPTest {
@Before
public void before() throws Exception {
}
@After
public void after() throws Exception {
}
/**
* Method: get(String ip, String community, String oid)
*/
@Test
public void testGet() throws Exception {
SimpleSNMP simpleSNMP = new SimpleSNMP();
String ip = "192.168.88.128";
String oid = ".1.3.6.1.2.1.1.2021.5000.1.0";
String responseSring = simpleSNMP.get(ip, "public", oid);
printGetResult(oid, responseSring);
}
private void printGetResult(String oid, String responseSring) {
System.out.println(String.format("get获取 oid=%s,value=%s", oid, responseSring));
}
}
SimpleSNMP
package simplesnmp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.Snmp;
import org.snmp4j.TransportMapping;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.Null;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultUdpTransportMapping;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public class SimpleSNMP {
private static final Logger LOGGER = LoggerFactory.getLogger(SimpleSNMP.class);
/**
* 简单的使用 udp 的随机端口发送 snmp get 请求
*
* @param ip
* @param community
* @param oid
* @return
* @throws IOException
*/
public String get(String ip, String community, String oid) throws IOException {
String address = String.format("udp:%s/1610", ip);
CommunityTarget communityTarget = SimpleSNMPUtil.createSimpleTarget(
GenericAddress.parse(address),
community);
PDU simlePDU = SimpleSNMPUtil.createSimlePDU(oid);
Snmp snmp = initSnmp();
ResponseEvent responseEvent = snmp.get(simlePDU, communityTarget);
if( null == responseEvent ){
throw new RuntimeException("responseEvent is null");
}
// 读取批量PDU里面的OID
HashMap<String, String> res = new HashMap<>();
PDU response = responseEvent.getResponse();
for (int i = 0; i < response.size(); i++) {
VariableBinding variableBinding = response.get(i);
res.put(variableBinding.getOid().toString(),variableBinding.toValueString());
}
return responseEvent.getResponse().get(0).toValueString();
}
/**
* snmp getnext 获取数据
*
* @param ip
* @param community
* @param oid
* @return
* @throws IOException
*/
public String getNext(String ip, String community, String oid) throws IOException {
String address = String.format("udp:%s/161", ip);
CommunityTarget communityTarget = SimpleSNMPUtil.createSimpleTarget(
GenericAddress.parse(address),
community);
PDU simlePDU = SimpleSNMPUtil.createSimlePDU(oid);
Snmp snmp = initSnmp();
ResponseEvent responseEvent = snmp.getNext(simlePDU, communityTarget);
if( null == responseEvent ){
throw new RuntimeException("responseEvent is null");
}
return responseEvent.getResponse().get(0).toValueString();
}
/**
* 通过 walk 的方式来获取数据
*
* @param ip
* @param community
* @param oid
* @return
* @throws IOException
*/
public List<String> walk(String ip, String community, String oid) throws IOException {
String address = String.format("udp:%s/161", ip);
CommunityTarget communityTarget = SimpleSNMPUtil.createSimpleTarget(
GenericAddress.parse(address),
community);
boolean finished = false; //是否已经完成了walk
List<String> responseString = new ArrayList<>(); //结果集
Snmp snmp = initSnmp();
//要 getnext 的目录。
VariableBinding vb = new VariableBinding(new OID(oid));
PDU pdu = new PDU();
//========== 循环去 getNext ==============
do {
//添加要 getNext 的目录。
pdu.clear();
pdu.add(vb);
ResponseEvent responseEvent = snmp.getNext(pdu, communityTarget);
PDU responsePDU = responseEvent.getResponse();
//
if (null == responsePDU) {
break;
} else {
vb = responsePDU.get(0);
}
//-----------查看是否采集完毕----------
finished = checkWalkFinished(new OID(oid), pdu, vb);
//---------最后一个非此根下的节点要抛弃---
if( !finished ){
responseString.add(vb.toValueString());
}
} while (!finished);
return responseString;
}
private Snmp initSnmp() throws IOException {
//设定采取的协议为 udp
TransportMapping transport = new DefaultUdpTransportMapping();
if( null == transport ){
throw new RuntimeException("DefaultUdpTransportMapping 初始化失败");
}
Snmp snmp = new Snmp(transport);
//调用TransportMapping中的listen()方法,启动监听进程,接收消息
transport.listen();
return snmp;
}
/**
* 1)responsePDU == null<br>
* 2)responsePDU.getErrorStatus() != 0<br>
* 3)responsePDU.get(0).getOid() == null<br>
* 4)responsePDU.get(0).getOid().size() < targetOID.size()<br>
* 5)targetOID.leftMostCompare(targetOID.size(),responsePDU.get(0).getOid())
* !=0<br>
* 6)Null.isExceptionSyntax(responsePDU.get(0).getVariable().getSyntax())<br>
* 7)responsePDU.get(0).getOid().compareTo(targetOID) <= 0<br>
*
* @param targetOID
* @param responsePDU
* @param vb
* @return 是否完成
*/
private static boolean checkWalkFinished(OID targetOID, PDU responsePDU,
VariableBinding vb) {
String logPrefix = "walk fished!!!!, Because:";
boolean finished = false;
if (responsePDU.getErrorStatus() != 0) {
finished = true;
LOGGER.debug(logPrefix + "responsePDU.getErrorStatus() != 0");
} else if (vb.getOid() == null) {
finished = true;
LOGGER.debug(logPrefix + "vb.getOid() == null");
} else if (vb.getOid().size() < targetOID.size()) {
finished = true;
LOGGER.debug(logPrefix + "vb.getOid().size() < targetOID.size()");
} else if (targetOID.leftMostCompare(targetOID.size(), vb.getOid()) != 0) {
finished = true;
LOGGER.debug(logPrefix + "targetOID.leftMostCompare() != 0" );
} else if (Null.isExceptionSyntax(vb.getVariable().getSyntax())) {
finished = true;
LOGGER.debug(logPrefix + "Null.isExceptionSyntax(vb.getVariable().getSyntax())");
} else if (vb.getOid().compareTo(targetOID) <= 0) {
System.out.println("[true] Variable received is not "
+ "lexicographic successor of requested " + "one:");
System.out.println(vb.toString() + " <= " + targetOID);
finished = true;
LOGGER.debug("{} {}<={}",logPrefix,vb.getOid().toString(),targetOID.toString());
}
return finished;
}
}
SimpleSNMPUtil
package simplesnmp;
import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.VariableBinding;
public class SimpleSNMPUtil {
/**
* @param address 设置远程目标地址
* @param community 设置团体名
* @return 一个初始化好的 CommunityTarget
*/
public static CommunityTarget createSimpleTarget(
final Address address,
final String community
) {
return createSimpleTarget(SnmpConstants.version2c, address, community, 2,200 );
}
/**
* @param version 设置版本号 SnmpConstants.version1,SnmpConstants.version2c,SnmpConstants.version3
* @param address 设置远程目标地址
* @param community 设置团体名
* @param retries 设置重试次数
* @param timeout 设置超时时间
* @return 一个初始化好的 CommunityTarget
*/
public static CommunityTarget createSimpleTarget(
final int version,
final Address address,
final String community,
final int retries,
final int timeout
){
CommunityTarget communityTarget = new CommunityTarget();
//设置版本号
communityTarget.setVersion(version);
//设置远程目标地址
communityTarget.setAddress(address);
//设置团体名
communityTarget.setCommunity(new OctetString(community));
//设置重试次数
communityTarget.setRetries(retries);
//设置超时时间
communityTarget.setTimeout(timeout);
return communityTarget;
}
/**
*
* @param oid 访问的 oid
*/
public static PDU createSimlePDU(String oid ){
PDU pdu = new PDU();
//调用的add方法绑定要查询/设置的OID
pdu.add(new VariableBinding(new OID(oid)));
// .1.3.6.1.2.1.1.2021.5000.1.0 = INTEGER: 1
// .1.3.6.1.2.1.1.2021.5000.2.1.2.9.47.98.105.110.47.101.99.104.111 = STRING: "Hello,"
// .1.3.6.1.2.1.1.2021.5000.2.1.3.9.47.98.105.110.47.101.99.104.111 = STRING: "world!"
pdu.add(new VariableBinding(new OID(".1.3.6.1.2.1.1.2021.5000.2.1.2.9.47.98.105.110.47.101.99.104.111")));
pdu.add(new VariableBinding(new OID(".1.3.6.1.2.1.1.2021.5000.2.1.3.9.47.98.105.110.47.101.99.104.111")));
return pdu;
}
}
评论区