Pages

Tuesday, July 23, 2013

How To Set MaxClients in Apache/prefork

Tuesday, July 16, 2013

SNMP configuration in Linux EC2 for Cacti

1) Install snmpd and snmp

apt-get install snmpd
apt-get install snmp

2) Move  original conf file

mv /etc/snmp/snmpd.conf  /etc/snmp/snmpd.conf.org

3) Create new Conf file and add details

vi /etc/snmp/snmpd.conf

add following lines

rocommunity  me&me
syslocation  "AWS"
syscontact  junedm@tipsntraps.com


4) edit snmpd options, comment SNMODOPTS line and below sample line

vi /etc/default/snmpd
# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf 0.0.0.0'
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 0.0.0.0'



5) Restart the snmpd service

/etc/init.d/snmpd restart

6) Confirm snmp port is open

netstat -au | grep snmp
netstat -tanpu | grep 161


7) Confirm from local machine that you are getting SNMP details

snmpwalk -v1  -c me&me -O e localhost



********************************************


open port 161 in your security Group

and from Cacti machine Run

snmpwalk -v 1 -c me&me -O e 10.32.33.128



#       sec.name     source           community
##       ========     ======           =========
com2sec  local       localhost        me&me
com2sec  GW_MACHINE   10.40.93.211    me&me


##       Access.group.name   sec.model        sec.name
##       =================  =========         ========
group    MyROGroup_1        v2c               local
group    MyROGroup_2        v2c               GW_MACHINE

##   MIB.view.name     incl/excl  MIB.subtree  mask
##   ==============   =========  ===========  ====
view all-mibs         included   .1           80

##      MIB              
##      group.name   context sec.model sec.level prefix read     write  notif
##      ==========   ======= ========= ========= ====== ====     =====  =====
access  MyROGroup_1  ""       v2c      noauth    exact  all-mibs none   none
access  MyROGroup_2  ""       v2c      noauth    exact  all-mibs none   none


###############################

SNMP

OW to activate the SNMP clients

SNMP agents must be only run in Read-Only (RO) mode because the SNMP poller needs only to read data on the remote machines. Limiting how has the right to poll the agents on the remote devices increase a little the security.
Never forget that the SNMP community string is going across the network in the clear and can be intercepted easily with tools like WireShark, the former Ethereal.

1. LINUX 2. WINDOWS 3. CISCO 4. NETSCREEN

1. On a debian/Ubuntu Linux machine:

Install the SNMP daemon:

#apt-get install snmpd
Configure the SNMP daemon:
Edit /etc/snmp/snmpd.conf
Comment the "com2sec paranoid default public" line and uncomment the "com2sec readonly default public" line. Don't forget to configure your SNMP community and limit who has the right to poll the SNMP daemon:

#com2sec paranoid default public
com2sec readonly snmp_server_ip_address your_snmp_community
#com2sec readwrite default private
For example:
com2sec readonly 10.0.0.1 armageddon
Where 10.0.0.1 is the SNMP poller server and armageddon the SNMP read-only community.

Always in the /etc/snmp/snmpd.conf file, you can configure the SNMP syslocation and syscontact settings.
Look for the lines beginning with syslocation and syscontact and do your changes:

syslocation Geneva/Switzerland
syscontact Roger Rabbit
Then restart the SNMP daemon:

/etc/init.d/snmpd restart

References

http://www.it-slav.net/blogs/2009/02/05/install-and-configure-snmp-on-ubuntu/

http://docs.cacti.net/manual:087:2_basics.1_first_graph#my_first_graph

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch22_:_Monitoring_Server_Performance