Installing and configuring SNMP on OS X Leopard and Snow Leopard Server (I)
Seems that most tutorials and how-tos you can find around there for running the SNMP daemon on your OS X Server are too weak or too cumbersome to be practical. Most of the times you just want to put your service to run, so you can get some stats or can experiment with it further. I’ll try to expose it clear and easy here and answer all questions that may arise on the way.
The default SNMP config file installed on OS X Server comes a little bit “small” on 10.6/ Snow Leopard and won’t give you much info, and meanwhile on 10.5/Leopard gives extensive info, we would like to customize the access and some fields, so lets first create a config file.
You won’t need any superuser permissions by now, as we are only creating the file that we’ll copy later into the right place. Go to your server and run this from your home:
snmpconf -g basic_setup
This will run a small script that will help you to configure the basics of your service. If the script finds any previous or default config file you may be asked to use one of them as a base. You are safe to say ‘none’ and begin from zero.
Then the ‘basics’. You’ll be asked to configure the identification info that SNMP returns about that system. Answer ‘y’ and enter the location of your system (e.g. ‘datacenter 1’, ‘campus building’, ‘my company’, whatever…), and later you’ll be asked for the contact info, that is, an email, a name, or whatever you would like. Third question on this section is about setting value for the ‘sysServices.0 OID’. We’ll be safe answering ‘n’ here and jumping to the next section.
Then access control. You have to know that there is two different versions of the standard to manage your security, that is, SNMPv2 and SNMPv3. SNMPv2 just uses user names called ‘communities’ as all security, no passwords, no encryption. SNMPv3 fixes this and uses usernames as well as passwords and encryption to manage access. Problem is not all software is compatible with SNMPv3 auth to ask for data, so maybe you can by now say no to SNMPv3 and stick to v2 (you’ll be asked two times, one for read/write access and another onw for read only access). Also no read-write for SNMPv2 (You’ll only need reading by now), and ‘yes’ to read-only. Then set a name for the community. For the usual read-only access is common to put ‘public’ as the community name. Choose if you want the SNMP daemon answering only to one IP address or just press return to answer on all addresses (that’s enough for testing). Press return again so we don’t get any restrictions. Then don’t add any more community lines. Also, no traps and no monitors.
Now we have our precious config file in the same folder we are now. Let’s copy it to the proper place:
sudo cp snmpd.conf /usr/share/snmp
Enter you password if requested. Then we have a basic config file put in place, so we only have to enable the service: go to your Server Admin tool, to the Settings section, to the General tab, check the Network Management Server (SNMP) option and press ‘Save’. That should start the daemon.
Test the daemon running this in a console on the same machine:
snmpwalk -c public localhost
This will ask for all the values available on the ‘public’ community on your own host. If working it will return lots of data that will begin with something like this:
leopard:~ andor$ snmpwalk -c public localhost SNMPv2-MIB::sysDescr.0 = STRING: Darwin leopard.maniacmansion 9.0.0 Darwin Kernel Version 9.0.0: Tue Oct 9 21:35:55 PDT 2007; root:xnu-1228~1/RELEASE_I386 i386 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2884) 0:00:28.84 SNMPv2-MIB::sysContact.0 = STRING: Andor SNMPv2-MIB::sysName.0 = STRING: leopard.maniacmansion SNMPv2-MIB::sysLocation.0 = STRING: “ManiacMansion Datacenter” SNMPv2-MIB::sysServices.0 = INTEGER: 76 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
You’ll be getting the kernel and OS version info, IP addresses, the bandwidth used, the space available on disk… so… Done! You can now add this host to any monitoring software that uses SNMP 😀
If this get’s enough attention I’ll write a second part on how to costumize all the available info depending on the community or client connected.