Mike Leone on 7 Apr 2011 11:41:37 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Advise on SNMP config on RHEL 5 needed

I seem to be doing something not quite right here. I have a RHEL 5
server out on our DMZ. We use the Solar Winds monitoring programs to
monitor our servers; it monitors by SNMP (among other things).

So I had our firewall guy make sure that the firewall was configured to
only allow SNMP traffic (UDP 161/162) from the DMZ only to my Solar
Winds server, on the trusted LAN. That's working well for the 6 Windows
servers also out on the DMZ; SW sees them, queries via SNMP, is
identifying disks, NICs, etc. All that good stuff.

What's not working right is the RHEL 5 machine I have out there as a FTP
server. SolarWinds doesn't seem to be reading the SNMP from this machine
correctly (it's not identifying it as Linux, for one thing, and it is do
that properly for Debian machines I have on the trusted LAN).

Here's what my snmpd.conf looks like:

rwcommunity DMZ-RW
rocommunity DMZ-RO
syscontact  Mike Leone (cell) my-cell-number-here
syslocation  Data Center (DMZ)

com2sec DMZ-Monitoring  default         DMZ-RO

group   DMZ-MonitoringGroup     v1      DMZ-Monitoring
group   DMZ-MonitoringGroup     v2c     DMZ-Monitoring

(I added these next 3, because I saw them in examples. Don't have a clue
what they do, or why I need them, or even if they're right ...)

view    systemview    included   .
view    systemview    included   .
view    all             included  .1                               80

access  DMZ-MonitoringGroup     ""      any       noauth    exact
systemview none none


snmpwalk seems to work:

[root@phaserv1:/etc/snmp] $ snmpwalk -v 1 -c DMZ-RO localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux phaserv1.xxx.xxxxx.xxx
2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (70705) 0:11:47.05
SNMPv2-MIB::sysContact.0 = STRING: Mike Leone (cell) xxx-xxx-xxxx
SNMPv2-MIB::sysName.0 = STRING: phaserv1.xxx.xxxxx.xxx
SNMPv2-MIB::sysLocation.0 = STRING: Data Center (DMZ)

So I am unsure why I'm not getting back the proper results from my SNMP
scans. Ideally, I want to limit it to responding only to SNMP requests
from a specific IP address, but I don't know how to tell it to do that.

The external firewall is configured correctly for the subnet, since the
Win machines on this same DMZ subnet are all being profiled correctly.
When I do a scan for SnMP only with Solar Winds, it doesn't see the RHEL
server at all. So it's something with this machine. Firewall on here,
maybe? Looks like it's running iptables, which I don't know at all ...

Anyone see anything untoward in my config?


Michael J. Leone, <mailto:turgon@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

Network apparatchik and all-around drudge.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug