[CentOS] SNMP and OID/MIB/MRTG

Fri Sep 12 02:17:10 UTC 2008
nate <centos at linuxpowered.net>

Bob Hoffman wrote:

While it is somewhat outdated, MRTG itself is outdated as well,
I wrote a howto for MRTG about 5-6 years ago -

http://howto.aphroland.org//HOWTO/MRTG/

(I haven't maintained it in years, and have no real plans to
update the site again in the future)

> Question 1- does snmpd have to run as a daemon, or only run once so I can
> get OID and MIBs from it?

If your wanting to collect data using SNMP then anything your
collecting data from must be running a SNMP daemon. MRTG is
fully capable of executing scripts to gather data as well.

> Question 2- does anyone know the command in snmp to get the required OID and
> MIBs that MRTG needs to use? Or at least the name of it? There are a lot of
> poorly written man pages, but so far all of them require an MIB or OID to
> use the commands I have read.

Defines "needs to use", mrtg comes with a tool called 'cfgmaker'
which will scan any SNMP target and automatically generate a
configuration for all of the network interfaces it can find on
the target. You can then use mrtg against that config file to
gather stats.

> Question 3- since not going outside of the server, is there any security
> setting in some snmp config file that makes it only look on my local server
> and not allow others to use it or hack it?

You can add a iptables firewall rule to reject packets destined
to your SNMP server (161/udp) unless they come over the loopback
interface.

> Question 4- all over the internet there are examples in MRTG using all sorts
> of made up names like 'crazyguy33 at servername' and things like that for the
> cfg file. And alsoin the snmp forum posts, but no one really talks about
> where this name comes from other than it is assigned to your network device
> or something.

In the example above crazyguy33 is the SNMP community string
assigned to the system(configured in snmpd.conf). By default
the read-only string is public. You can set it to anything
you want.

> Any help appreciated. I will post the final solution to how to configure
> snmp and mrtg to work on centos5.2 when I finally figure it out so no one
> else has to take all week to do so!!!

You may want to look into using cacti or some other tool instead,
MRTG has some pretty severe limitations. Cacti uses RRDTool as
it's back end, RRDTool is more or less the successor to MRTG and
was initially released I think about 10 years ago, to give an
idea how old MRTG is.

I still use MRTG on my home network, though mostly because it's
legacy shit that I setup 7 years ago and haven't moved to cacti
yet, it slowly breaking down as time goes on since I'm not
maintaining it anymore.

nate