This section describes how to configure SNMP integration.
To configure SNMP integration:
- Edit /etc/snmp/snmpd.conf. Add the following lines to the config with source IP of the systems that will be connecting to SNMP service.
The following example will configure access to all counters from localhost via community string vc-vcg and from 10.0.0.0/8 with community string
myentprisecommunityusing SNMPv2c version. For more information, see the Net-SNMP documentation.agentAddress udp:161 # com2sec sec.name source community com2sec local localhost vc-vcg com2sec myenterprise 10.0.0.0/8 myentprisecommunity# group access.name sec.model sec.name group rogroup v2c local group rogroup v2c myenterpriseview all included .1 80 # access access.name context sec.model sec.level match read write notif access rogroup "" any noauth exact all none none#sysLocation Sitting on the Dock of the Bay #sysContact Me <[email protected]>sysServices 72master agentx# # Process Monitoring ## At least one 'gwd' process proc gwd # At least one 'mgd' process proc mgd# # Disk Monitoring # # 100MBs required on root disk, 5% free on /var, 10% free on all other disks disk / 100000 disk /var 5% includeAllDisks 10%# # System Load # # Unacceptable 1-, 5-, and 15-minute load averages load 12 10 5
- Edit /etc/snmp/snmpd.conf. Add the following lines to the config with the source IP of the systems that will be connecting to SNMP service:
# WARNING: only add targeted rules for addresses and ports # do not add blanket drop or accept rules since Gateway will append its own rules # and that may prevent it from functioning properly *filter :INPUT ACCEPT [0:0] -A INPUT -p udp -m udp --source 127.0.0.1 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT -A INPUT -p udp -m udp --source 10.0.0.0/8 --dport 161 -m comment --comment "allow SNMP port" -j ACCEPT :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT
- Restart snmp and iptables services:
service snmpd restart service iptables-persistent restart service vc_process_monitor restart
