Ubuntu

Ubuntu 14.04 LTS 伺服器客戶端機器沒有 SNMP 查詢響應

  • December 10, 2014

好的,我有兩個虛擬機都在 ESXi 下執行。一台虛擬機正在託管 Observium,用於SNMP獲取其資訊。我直接將 Observium 指向我的 ESXi 主機,它執行良好,所以 Observium 沒有問題。嘗試使用正確的設置添加設備(嘗試過 SNMP v1v2cv3),伺服器始終沒有響應。

在這種情況下cal,伺服器的主機名是 ,客戶端的主機名是default,只是為了澄清。

我向其發送 SNMP 請求的客戶端是全新安裝的 Ubuntu Server 14.04 LTS。我所做的就是安裝snmpd軟體包並對其進行配置。

這是我的/etc/snmp/snmpd.conf

com2sec readonly default taylor
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup “” any noauth exact all none none
syslocation “San Francisco, CA”
syscontact email@somesite.com

據我了解,放在default社區名稱(即taylor)之前意味著它將接受來自任何 IP 的 SNMP 請求。

我的/etc/default/snmpd

export MIBS=
SNMPDRUN=yes
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
TRAPDRUN=no
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

所以我認為我已經配置好了一切,我發出一個snmpwalk測試:

taylor@cal:~$ snmpwalk -v 2c -c taylor default
Timeout: No Response from default

我可以ping得很好:

taylor@cal:~$ ping default
PING default.mywebsite.com (192.168.1.130) 56(84) bytes of data.
64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=1 ttl=64 time=0.350 ms
64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=2 ttl=64 time=0.235 ms
64 bytes from default.mywebsite.com (192.168.1.130): icmp_seq=3 ttl=64 time=0.192 ms

taylor@default:~$ ping cal
PING cal.taylorjthurlow.com (192.168.1.112) 56(84) bytes of data.
64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=1 ttl=64 time=0.306 ms
64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=2 ttl=64 time=0.188 ms
64 bytes from cal.taylorjthurlow.com (192.168.1.112): icmp_seq=3 ttl=64 time=0.264 ms

為了確保我們有流量,我tcpdump在發送端和接收端都發出一個:

發送(SNMP 伺服器):

02:22:51.569041 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:52.569547 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:53.570659 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:54.571775 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:55.572715 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:56.573874 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)

接收(SNMPD 客戶端):

02:22:51.858750 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:52.859290 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:53.860371 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:54.861495 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:55.862424 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)
02:22:56.863590 IP cal.mywebsite.com.42979 > default.mywebsite.com.snmp:  C=taylor GetNextRequest(25)

所以,本質上是一樣的,只是時間戳略有不同。令人擔憂的是沒有響應數據包被發送。好吧,可能是防火牆或埠問題。

我禁用了 UbuntuUncomplicated Firewallufw disable確認它沒有執行ufw status.

然後我檢查了我的iptables,它在新安裝中是空的。我在 SNMPD 客戶端上添加了埠 161 的傳入和傳出規則。

taylor@default:~$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:161

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:161

仍然有同樣的問題。SuperUser 或 ServerFault 上的另一篇文章因相同的問題而得到解決,因為它們/etc/hosts.allow阻止iptables了流量。這是我的:

taylor@default:~$ cat /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
#                   See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.

taylor@default:~$ cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

在這一點上我沒有想法。關於我可以嘗試讓這個東西真正回复我的 SNMP 查詢的任何建議?


編輯:這是我/var/log/syslog的客戶:

Dec  9 01:48:24 default snmpd[2888]: NET-SNMP version 5.7.2
Dec  9 01:48:27 default snmpd[2888]: Connection from UDP: [192.168.1.112]:41109->[192.168.1.130]:161
Dec  9 01:50:54 default kernel: [ 8359.253571] nf_conntrack version 0.5.0 (7951 buckets, 31804 max)
Dec  9 01:48:32 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:41109->[192.168.1.130]:161]
Dec  9 01:52:53 default snmpd[2888]: Connection from UDP: [192.168.1.112]:40482->[192.168.1.130]:161
Dec  9 01:54:05 default kernel: [ 8550.718971] ip6_tables: (C) 2000-2006 Netfilter Core Team
Dec  9 01:52:58 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:40482->[192.168.1.130]:161]
Dec  9 01:54:11 default snmpd[2888]: Connection from UDP: [192.168.1.112]:59617->[192.168.1.130]:161
Dec  9 01:54:16 default snmpd[2888]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:59617->[192.168.1.130]:161]
Dec  9 01:56:43 default snmpd[2888]: Received TERM or STOP signal...  shutting down...
Dec  9 01:56:45 default snmpd[3165]: NET-SNMP version 5.7.2
Dec  9 02:00:06 default snmpd[3165]: Received TERM or STOP signal...  shutting down...
Dec  9 02:00:08 default snmpd[3216]: NET-SNMP version 5.7.2
Dec  9 02:00:18 default snmpd[3216]: Connection from UDP: [192.168.1.112]:45692->[192.168.1.130]:161
Dec  9 02:00:23 default snmpd[3216]: message repeated 5 times: [ Connection from UDP: [192.168.1.112]:45692->[192.168.1.130]:161]
Dec  9 02:02:36 default snmpd[3216]: Received TERM or STOP signal...  shutting down...
Dec  9 02:02:38 default snmpd[3242]: Error opening specified endpoint "udp:161"
Dec  9 02:02:38 default snmpd[3242]: Server Exiting with code 1
Dec  9 02:07:16 default snmpd[3281]: duplicate registration: MIB modules pass and pass (oid .1.3.6.1.4.1.4413.4.1).
Dec  9 02:07:16 default snmpd[3281]: Error opening specified endpoint "udp:161"
Dec  9 02:07:16 default snmpd[3281]: Server Exiting with code 1
Dec  9 02:17:01 default CRON[3283]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Dec  9 02:23:55 default kernel: [10340.925233] device eth0 left promiscuous mode

看起來有些是因為我看數據包,然後有一些提到,Error opening specified endpoint "udp:161"但它們是零星的。可能是什麼。

編輯:這實際上是由於我嘗試agentAddress udp:161,udp6:[::1]:161. 日誌只是偶爾說,因為我啟用和禁用了那條線。所以,回到第一方。

我不太確定為什麼會這樣,但我似乎已經解決了我的問題。在我的/etc/snmp/snmpd.conf中,我替換了以下行:

com2sec readonly default taylor

rocommunity taylor

一切都很好。

從您的日誌中,SNMP 守護程序無法綁定到埠 161,然後退出:

Dec  9 02:07:16 default snmpd[3281]: Error opening specified endpoint "udp:161"
Dec  9 02:07:16 default snmpd[3281]: Server Exiting with code 1

所以你沒有得到任何回复的原因是當時snmpd實際上並沒有執行。

如果存在語法問題,您可以嘗試註釋掉該agentAddress行,但也可能是其他東西綁定到 UDP 埠 161。檢查其輸出netstat -lnp | grep :161將顯示綁定到該埠的內容。

引用自:https://serverfault.com/questions/650206