Ubuntu 14.04 LTS 伺服器客戶端機器沒有 SNMP 查詢響應
好的,我有兩個虛擬機都在 ESXi 下執行。一台虛擬機正在託管 Observium,用於
SNMP
獲取其資訊。我直接將 Observium 指向我的 ESXi 主機,它執行良好,所以 Observium 沒有問題。嘗試使用正確的設置添加設備(嘗試過 SNMPv1
、v2c
和v3
),伺服器始終沒有響應。在這種情況下
cal
,伺服器的主機名是 ,客戶端的主機名是default
,只是為了澄清。我向其發送 SNMP 請求的客戶端是全新安裝的 Ubuntu Server 14.04 LTS。我所做的就是安裝
snmpd
軟體包並對其進行配置。這是我的
/etc/snmp/snmpd.conf
:com2sec readonly default taylor group MyROGroup v1 readonly group MyROGroup v2c readonly group MyROGroup usm readonly view all included .1 80 access MyROGroup “” any noauth exact all none none syslocation “San Francisco, CA” syscontact email@somesite.com
據我了解,放在
default
社區名稱(即taylor
)之前意味著它將接受來自任何 IP 的 SNMP 請求。我的
/etc/default/snmpd
:export MIBS= SNMPDRUN=yes SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf' TRAPDRUN=no TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
所以我認為我已經配置好了一切,我發出一個
snmpwalk
測試:taylor@cal:~$ snmpwalk -v 2c -c taylor default Timeout: No Response from default
我可以ping得很好:
taylor@cal:~$ ping default PING default.mywebsite.com (192.168.1.130) 56(84) bytes of data. 64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=1 ttl=64 time=0.350 ms 64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=2 ttl=64 time=0.235 ms 64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=3 ttl=64 time=0.192 ms taylor@default:~$ ping cal PING cal.taylorjthurlow.com (192.168.1.112) 56(84) bytes of data. 64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=1 ttl=64 time=0.306 ms 64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=2 ttl=64 time=0.188 ms 64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=3 ttl=64 time=0.264 ms
為了確保我們有流量,我
tcpdump
在發送端和接收端都發出一個:發送(SNMP 伺服器):
02:22:51.569041 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:52.569547 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:53.570659 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:54.571775 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:55.572715 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:56.573874 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
接收(SNMPD 客戶端):
02:22:51.858750 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:52.859290 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:53.860371 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:54.861495 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:55.862424 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25) 02:22:56.863590 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp: C=taylor GetNextRequest(25)
所以,本質上是一樣的,只是時間戳略有不同。令人擔憂的是沒有響應數據包被發送。好吧,可能是防火牆或埠問題。
我禁用了 Ubuntu
Uncomplicated Firewall
並ufw disable
確認它沒有執行ufw status
.然後我檢查了我的
iptables
,它在新安裝中是空的。我在 SNMPD 客戶端上添加了埠 161 的傳入和傳出規則。taylor@default:~$ sudo iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
仍然有同樣的問題。SuperUser 或 ServerFault 上的另一篇文章因相同的問題而得到解決,因為它們
/etc/hosts.allow
阻止iptables
了流量。這是我的:taylor@default:~$ cat /etc/hosts.allow # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "rpcbind" for the # daemon name. See rpcbind(8) and rpc.mountd(8) for further information. taylor@default:~$ cat /etc/hosts.deny # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "rpcbind" for the # daemon name. See rpcbind(8) and rpc.mountd(8) for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID
在這一點上我沒有想法。關於我可以嘗試讓這個東西真正回复我的 SNMP 查詢的任何建議?
編輯:這是我
/var/log/syslog
的客戶:Dec 9 01:48:24 default snmpd[2888]: NET-SNMP version 5.7.2 Dec 9 01:48:27 default snmpd[2888]: Connection from UDP: [192.168.1.112]:41109->[192.168.1.130]:161 Dec 9 01:50:54 default kernel: [ 8359.253571] nf_conntrack version 0.5.0 (7951 buckets, 31804 max) Dec 9 01:48:32 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:41109->[192.168.1.130]:161] Dec 9 01:52:53 default snmpd[2888]: Connection from UDP: [192.168.1.112]:40482->[192.168.1.130]:161 Dec 9 01:54:05 default kernel: [ 8550.718971] ip6_tables: (C) 2000-2006 Netfilter Core Team Dec 9 01:52:58 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:40482->[192.168.1.130]:161] Dec 9 01:54:11 default snmpd[2888]: Connection from UDP: [192.168.1.112]:59617->[192.168.1.130]:161 Dec 9 01:54:16 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:59617->[192.168.1.130]:161] Dec 9 01:56:43 default snmpd[2888]: Received TERM or STOP signal... shutting down... Dec 9 01:56:45 default snmpd[3165]: NET-SNMP version 5.7.2 Dec 9 02:00:06 default snmpd[3165]: Received TERM or STOP signal... shutting down... Dec 9 02:00:08 default snmpd[3216]: NET-SNMP version 5.7.2 Dec 9 02:00:18 default snmpd[3216]: Connection from UDP: [192.168.1.112]:45692->[192.168.1.130]:161 Dec 9 02:00:23 default snmpd[3216]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:45692->[192.168.1.130]:161] Dec 9 02:02:36 default snmpd[3216]: Received TERM or STOP signal... shutting down... Dec 9 02:02:38 default snmpd[3242]: Error opening specified endpoint "udp:161" Dec 9 02:02:38 default snmpd[3242]: Server Exiting with code 1 Dec 9 02:07:16 default snmpd[3281]: duplicate registration: MIB modules pass and pass (oid .1.3.6.1.4.1.4413.4.1). Dec 9 02:07:16 default snmpd[3281]: Error opening specified endpoint "udp:161" Dec 9 02:07:16 default snmpd[3281]: Server Exiting with code 1 Dec 9 02:17:01 default CRON[3283]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Dec 9 02:23:55 default kernel: [10340.925233] device eth0 left promiscuous mode
看起來有些是因為我看數據包,然後有一些提到,
Error opening specified endpoint "udp:161"
但它們是零星的。可能是什麼。編輯:這實際上是由於我嘗試
agentAddress udp:161,udp6:[::1]:161
. 日誌只是偶爾說,因為我啟用和禁用了那條線。所以,回到第一方。
我不太確定為什麼會這樣,但我似乎已經解決了我的問題。在我的
/etc/snmp/snmpd.conf
中,我替換了以下行:com2sec readonly default taylor
和
rocommunity taylor
一切都很好。
從您的日誌中,SNMP 守護程序無法綁定到埠 161,然後退出:
Dec 9 02:07:16 default snmpd[3281]: Error opening specified endpoint "udp:161" Dec 9 02:07:16 default snmpd[3281]: Server Exiting with code 1
所以你沒有得到任何回复的原因是當時
snmpd
實際上並沒有執行。如果存在語法問題,您可以嘗試註釋掉該
agentAddress
行,但也可能是其他東西綁定到 UDP 埠 161。檢查其輸出netstat -lnp | grep :161
將顯示綁定到該埠的內容。