|
|
| Line 1: |
Line 1: |
| − | == General == | + | This page is in the process of being updated. |
| | + | |
| | + | == General Information == |
| | Data server. Currently connected to the networks via the switch and VLAN. | | Data server. Currently connected to the networks via the switch and VLAN. |
| | Has 3dm raid monitoring and web interface installed and set up, accessible at [http://gourd.unh.edu:888]. | | Has 3dm raid monitoring and web interface installed and set up, accessible at [http://gourd.unh.edu:888]. |
| | | | |
| | + | == Network Configuration == |
| | Hostnames: <code>gourd.unh.edu</code>, <code>gourd.farm.physics.unh.edu</code> | | Hostnames: <code>gourd.unh.edu</code>, <code>gourd.farm.physics.unh.edu</code> |
| − |
| |
| − | == Network Configuration ==
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-bohr_tun ===
| |
| − | <pre>DEVICE=bohr_tun
| |
| − | DEVICETYPE=tunnel
| |
| − | TYPE=GRE
| |
| − | BOOTPROTO=none
| |
| − | ONBOOT=yes
| |
| − | USERCTL=no
| |
| − |
| |
| − | MY_OUTER_IPADDR=132.177.88.183
| |
| − | MY_INNER_IPADDR=132.177.88.183
| |
| − | PEER_OUTER_IPADDR=132.177.88.174
| |
| − | PEER_INNER_IPADDR=132.177.88.174
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-dirac_tun ===
| |
| − | <pre>DEVICE=dirac_tun
| |
| − | DEVICETYPE=tunnel
| |
| − | TYPE=GRE
| |
| − | BOOTPROTO=none
| |
| − | ONBOOT=yes
| |
| − | USERCTL=no
| |
| − |
| |
| − | MY_INNER_IPADDR=10.0.0.1
| |
| − | MY_OUTER_IPADDR=132.177.88.183
| |
| − | PEER_INNER_IPADDR=132.177.88.51
| |
| − | PEER_OUTER_IPADDR=132.177.88.51
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-eth0 ===
| |
| − | <pre>DEVICE=eth0
| |
| − | BOOTPROTO=none
| |
| − | HWADDR=00:E0:81:52:7A:79
| |
| − | IPADDR=10.0.0.252
| |
| − | NETMASK=255.255.252.0
| |
| − | ONBOOT=yes
| |
| − | TYPE=Ethernet
| |
| − | USERCTL=no
| |
| − | IPV6INIT=no
| |
| − | PEERDNS=yes
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-eth0:1 ===
| |
| − | <pre>DEVICE=eth0:1
| |
| − | ONPARENT=yes
| |
| − | BOOTPROTO=none
| |
| − | IPADDR=10.0.0.1
| |
| − | NETMASK=255.255.255.255
| |
| − | TYPE=Ethernet
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-eth0.2 ===
| |
| − | <pre># To UNH network
| |
| − | VLAN=yes
| |
| − | DEVICE=eth0.2
| |
| − | BOOTPROTO=none
| |
| − | BROADCAST=132.177.91.255
| |
| − | IPADDR=132.177.88.75
| |
| − | NETMASK=255.255.252.0
| |
| − | NETWORK=132.177.88.0
| |
| − | ONBOOT=yes
| |
| − | REORDER_HDR=no
| |
| − | GATEWAY=132.177.88.1
| |
| − |
| |
| − | TYPE=Ethernet
| |
| − | USERCTL=no
| |
| − | IPV6INIT=no
| |
| − | PEERDNS=yes
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-eth0.2:1 ===
| |
| − | <pre>DEVICE=eth0.2:1
| |
| − | ONPARENT=yes
| |
| − | BOOTPROTO=none
| |
| − | IPADDR=132.177.88.183
| |
| − | NETMASK=255.255.255.255
| |
| − | TYPE=Ethernet
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-lo ===
| |
| − | <pre>DEVICE=lo
| |
| − | IPADDR=127.0.0.1
| |
| − | NETMASK=255.0.0.0
| |
| − | NETWORK=127.0.0.0
| |
| − | # If you're having problems with gated making 127.0.0.0/8 a martian,
| |
| − | # you can change this to something else (255.255.255.255, for example)
| |
| − | BROADCAST=127.255.255.255
| |
| − | ONBOOT=yes
| |
| − | NAME=loopback
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-pauli_tun ===
| |
| − | <pre>DEVICE=pauli_tun
| |
| − | DEVICETYPE=tunnel
| |
| − | TYPE=GRE
| |
| − | BOOTPROTO=none
| |
| − | ONBOOT=yes
| |
| − | USERCTL=no
| |
| − |
| |
| − | MY_INNER_IPADDR=132.177.88.183
| |
| − | MY_OUTER_IPADDR=132.177.88.183
| |
| − | PEER_INNER_IPADDR=132.177.88.54
| |
| − | PEER_OUTER_IPADDR=132.177.88.54
| |
| − | </pre>
| |
| | | | |
| | == Hard disks == | | == Hard disks == |
| − | === Results of testing (as of 6/28/07) ===
| |
| − | Disks on 3ware raid device.
| |
| − |
| |
| − | Disk0:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 27954 -
| |
| − | Disk1:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 27944 -
| |
| − | Disk2:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 22137 -
| |
| − | Disk3:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 27904 -
| |
| − | Disk4:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 27804 -
| |
| − | Disk5:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 5570 -
| |
| − | Disk6:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 27739 -
| |
| − | Disk7:
| |
| − | SMART Self-test log structure revision number 1
| |
| − | Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
| |
| − | # 1 Short offline Completed without error 00% 27830 -
| |
| − | == Access Configuration ==
| |
| − | === /etc/security/access.conf ===
| |
| − | <pre># NPG Config:
| |
| − | # Allow direct root logins only from console and einstein
| |
| − | + : root : LOCAL einstein.unh.edu einstein.farm.physics.unh.edu lentil.unh.edu lentil.farm.physics.unh.edu
| |
| − |
| |
| − | # Allow only NPG users and administrators
| |
| − | - : ALL EXCEPT npg domain_admins : ALL
| |
| − | </pre>
| |
| | == Backup Configuration == | | == Backup Configuration == |
| − | === /etc/rsync-backup.conf ===
| |
| − | <pre># Backups are 'pull' only. Too bad there isn't a better way to enforce this.
| |
| − | read only = yes
| |
| − |
| |
| − | # Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.
| |
| − | #uid = root
| |
| − | # XXX There seems to be an obscure bug with pam_ldap and rsync whereby
| |
| − | # getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric
| |
| − | # uid avoids this bug. Only verified on Fedora Core 2.
| |
| − | uid = 0
| |
| − |
| |
| − | # There's not much point in putting the superuser in a chroot jail
| |
| − | # use chroot = yes
| |
| − |
| |
| − | # This isn't really an effective "lock" per se, since the value is per-module,
| |
| − | # but there really ought never be more than one, and it would at least
| |
| − | # ensure serialized backups.
| |
| − | max connections = 1
| |
| − |
| |
| − | filter = : .rsync-filter
| |
| − |
| |
| − | [usr]
| |
| − | path = /usr
| |
| − | comment = unpackaged software
| |
| − | filter = \
| |
| − | : .rsync-filter \
| |
| − | + / \
| |
| − | + /local \
| |
| − | - /*
| |
| − |
| |
| − | [opt]
| |
| − | path = /opt
| |
| − | comment = unpackaged software
| |
| − |
| |
| − | [etc]
| |
| − | path = /etc
| |
| − | comment = conf files
| |
| − |
| |
| − | [var]
| |
| − | path = /var
| |
| − | comment = user and system storage
| |
| − | </pre>
| |
| | == SNMP Configuration == | | == SNMP Configuration == |
| − | === /etc/snmp/snmpd.conf === | + | == Smartd Configuration == |
| − | <pre>###############################################################################
| |
| − | #
| |
| − | # snmpd.conf:
| |
| − | # An example configuration file for configuring the ucd-snmp snmpd agent.
| |
| − | #
| |
| − | ###############################################################################
| |
| − | #
| |
| − | # This file is intended to only be as a starting point. Many more
| |
| − | # configuration directives exist than are mentioned in this file. For
| |
| − | # full details, see the snmpd.conf(5) manual page.
| |
| − | #
| |
| − | # All lines beginning with a '#' are comments and are intended for you
| |
| − | # to read. All other lines are configuration commands for the agent.
| |
| − | | |
| − | ###############################################################################
| |
| − | # Access Control
| |
| − | ###############################################################################
| |
| − | | |
| − | # As shipped, the snmpd demon will only respond to queries on the
| |
| − | # system mib group until this file is replaced or modified for
| |
| − | # security purposes. Examples are shown below about how to increase the
| |
| − | # level of access.
| |
| − | | |
| − | # By far, the most common question I get about the agent is "why won't
| |
| − | # it work?", when really it should be "how do I configure the agent to
| |
| − | # allow me to access it?"
| |
| − | #
| |
| − | # By default, the agent responds to the "public" community for read
| |
| − | # only access, if run out of the box without any configuration file in
| |
| − | # place. The following examples show you other ways of configuring
| |
| − | # the agent so that you can change the community names, and give
| |
| − | # yourself write access to the mib tree as well.
| |
| − | #
| |
| − | # For more information, read the FAQ as well as the snmpd.conf(5)
| |
| − | # manual page.
| |
| − | | |
| − | ####
| |
| − | # First, map the community name "public" into a "security name"
| |
| − | | |
| − | # sec.name source community
| |
| − | com2sec notConfigUser default public
| |
| − | | |
| − | ####
| |
| − | # Second, map the security name into a group name:
| |
| − | | |
| − | # groupName securityModel securityName
| |
| − | group notConfigGroup v1 notConfigUser
| |
| − | group notConfigGroup v2c notConfigUser
| |
| − | | |
| − | ####
| |
| − | # Third, create a view for us to let the group have rights to:
| |
| − | | |
| − | # Make at least snmpwalk -v 1 localhost -c public system fast again.
| |
| − | # name incl/excl subtree mask(optional)
| |
| − | view systemview included .1.3.6.1.2.1.1
| |
| − | view systemview included .1.3.6.1.2.1.25.1.1
| |
| − | | |
| − | ####
| |
| − | # Finally, grant the group read-only access to the systemview view.
| |
| − | | |
| − | # group context sec.model sec.level prefix read write notif
| |
| − | access notConfigGroup "" any noauth exact systemview none none
| |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | # Here is a commented out example configuration that allows less
| |
| − | # restrictive access.
| |
| − | | |
| − | # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
| |
| − | # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
| |
| − | # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
| |
| − | | |
| − | ## sec.name source community
| |
| − | #com2sec local localhost COMMUNITY
| |
| − | #com2sec mynetwork NETWORK/24 COMMUNITY
| |
| − | com2sec local localhost NPG
| |
| − | com2sec okra okra.unh.edu NPG
| |
| − | com2sec farm 10.0.0.0/24 NPG
| |
| − | | |
| − | ## group.name sec.model sec.name
| |
| − | #group MyRWGroup any local
| |
| − | #group MyROGroup any mynetwork
| |
| − | #
| |
| − | #group MyRWGroup any otherv3user
| |
| − | #...
| |
| − | group MyROGroup v1 local
| |
| − | group MyROGroup v2c local
| |
| − | group MyROGroup v1 okra
| |
| − | group MyROGroup v2c okra
| |
| − | group MyROGroup any farm
| |
| − | | |
| − | ## incl/excl subtree mask
| |
| − | view all included .1 80
| |
| − | | |
| − | ## -or just the mib2 tree-
| |
| − | | |
| − | #view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
| |
| − | | |
| − | | |
| − | ## context sec.model sec.level prefix read write notif
| |
| − | access MyROGroup "" any noauth exact all none none
| |
| − | #access MyRWGroup "" any noauth 0 all all all
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # Sample configuration to make net-snmpd RFC 1213.
| |
| − | # Unfortunately v1 and v2c don't allow any user based authentification, so
| |
| − | # opening up the default config is not an option from a security point.
| |
| − | #
| |
| − | # WARNING: If you uncomment the following lines you allow write access to your
| |
| − | # snmpd daemon from any source! To avoid this use different names for your
| |
| − | # community or split out the write access to a different community and
| |
| − | # restrict it to your local network.
| |
| − | # Also remember to comment the syslocation and syscontact parameters later as
| |
| − | # otherwise they are still read only (see FAQ for net-snmp).
| |
| − | #
| |
| − | | |
| − | # First, map the community name "public" into a "security name"
| |
| − | # sec.name source community
| |
| − | #com2sec notConfigUser default public
| |
| − | | |
| − | # Second, map the security name into a group name:
| |
| − | # groupName securityModel securityName
| |
| − | #group notConfigGroup v1 notConfigUser
| |
| − | #group notConfigGroup v2c notConfigUser
| |
| − | | |
| − | # Third, create a view for us to let the group have rights to:
| |
| − | # Open up the whole tree for ro, make the RFC 1213 required ones rw.
| |
| − | # name incl/excl subtree mask(optional)
| |
| − | #view roview included .1
| |
| − | #view rwview included system.sysContact
| |
| − | #view rwview included system.sysName
| |
| − | #view rwview included system.sysLocation
| |
| − | #view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
| |
| − | #view rwview included at.atTable.atEntry.atPhysAddress
| |
| − | #view rwview included at.atTable.atEntry.atNetAddress
| |
| − | #view rwview included ip.ipForwarding
| |
| − | #view rwview included ip.ipDefaultTTL
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
| |
| − | #view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
| |
| − | #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
| |
| − | #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
| |
| − | #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
| |
| − | #view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
| |
| − | #view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
| |
| − | #view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
| |
| − | #view rwview included snmp.snmpEnableAuthenTraps
| |
| − | | |
| − | # Finally, grant the group read-only access to the systemview view.
| |
| − | # group context sec.model sec.level prefix read write notif
| |
| − | #access notConfigGroup "" any noauth exact roview rwview none
| |
| − | | |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # System contact information
| |
| − | #
| |
| − | | |
| − | # It is also possible to set the sysContact and sysLocation system
| |
| − | # variables through the snmpd.conf file:
| |
| − | | |
| − | syslocation Durham, NH, USA, University of New Hampshire, DeMeritt Hall
| |
| − | syscontact NPG Admins <npg-admins@einstein.unh.edu>
| |
| − | | |
| − | # Example output of snmpwalk:
| |
| − | # % snmpwalk -v 1 localhost -c public system
| |
| − | # system.sysDescr.0 = "SunOS name sun4c"
| |
| − | # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
| |
| − | # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
| |
| − | # system.sysContact.0 = "Me <me@somewhere.org>"
| |
| − | # system.sysName.0 = "name"
| |
| − | # system.sysLocation.0 = "Right here, right now."
| |
| − | # system.sysServices.0 = 72
| |
| − | | |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # Process checks.
| |
| − | #
| |
| − | # The following are examples of how to use the agent to check for
| |
| − | # processes running on the host. The syntax looks something like:
| |
| − | #
| |
| − | # proc NAME [MAX=0] [MIN=0]
| |
| − | #
| |
| − | # NAME: the name of the process to check for. It must match
| |
| − | # exactly (ie, http will not find httpd processes).
| |
| − | # MAX: the maximum number allowed to be running. Defaults to 0.
| |
| − | # MIN: the minimum number to be running. Defaults to 0.
| |
| − | | |
| − | #
| |
| − | # Examples (commented out by default):
| |
| − | #
| |
| − | | |
| − | # Make sure mountd is running
| |
| − | #proc mountd
| |
| − | | |
| − | # Make sure there are no more than 4 ntalkds running, but 0 is ok too.
| |
| − | #proc ntalkd 4
| |
| − | | |
| − | # Make sure at least one sendmail, but less than or equal to 10 are running.
| |
| − | #proc sendmail 10 1
| |
| − | | |
| − | # A snmpwalk of the process mib tree would look something like this:
| |
| − | #
| |
| − | # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
| |
| − | # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
| |
| − | # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
| |
| − | # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
| |
| − | # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
| |
| − | # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
| |
| − | # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
| |
| − | # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
| |
| − | # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
| |
| − | # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
| |
| − | # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
| |
| − | # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
| |
| − | #
| |
| − | # Note that the errorFlag for mountd is set to 1 because one is not
| |
| − | # running (in this case an rpc.mountd is, but thats not good enough),
| |
| − | # and the ErrMessage tells you what's wrong. The configuration
| |
| − | # imposed in the snmpd.conf file is also shown.
| |
| − | #
| |
| − | # Special Case: When the min and max numbers are both 0, it assumes
| |
| − | # you want a max of infinity and a min of 1.
| |
| − | #
| |
| − | | |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # Executables/scripts
| |
| − | #
| |
| − | | |
| − | #
| |
| − | # You can also have programs run by the agent that return a single
| |
| − | # line of output and an exit code. Here are two examples.
| |
| − | #
| |
| − | # exec NAME PROGRAM [ARGS ...]
| |
| − | #
| |
| − | # NAME: A generic name.
| |
| − | # PROGRAM: The program to run. Include the path!
| |
| − | # ARGS: optional arguments to be passed to the program
| |
| − | | |
| − | # a simple hello world
| |
| − | | |
| − | #exec echotest /bin/echo hello world
| |
| − | | |
| − | # Run a shell script containing:
| |
| − | #
| |
| − | # #!/bin/sh
| |
| − | # echo hello world
| |
| − | # echo hi there
| |
| − | # exit 35
| |
| − | #
| |
| − | # Note: this has been specifically commented out to prevent
| |
| − | # accidental security holes due to someone else on your system writing
| |
| − | # a /tmp/shtest before you do. Uncomment to use it.
| |
| − | #
| |
| − | #exec shelltest /bin/sh /tmp/shtest
| |
| − | | |
| − | # Then,
| |
| − | # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
| |
| − | # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
| |
| − | # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
| |
| − | # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
| |
| − | # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
| |
| − | # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
| |
| − | # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
| |
| − | # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
| |
| − | # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
| |
| − | # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
| |
| − | # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
| |
| − | # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
| |
| − | # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
| |
| − | | |
| − | # Note that the second line of the /tmp/shtest shell script is cut
| |
| − | # off. Also note that the exit status of 35 was returned.
| |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # disk checks
| |
| − | #
| |
| − | | |
| − | # The agent can check the amount of available disk space, and make
| |
| − | # sure it is above a set limit.
| |
| − | | |
| − | # disk PATH [MIN=100000]
| |
| − | #
| |
| − | # PATH: mount path to the disk in question.
| |
| − | # MIN: Disks with space below this value will have the Mib's errorFlag set.
| |
| − | # Default value = 100000.
| |
| − | | |
| − | # Check the / partition and make sure it contains at least 10 megs.
| |
| − | | |
| − | disk /
| |
| − | disk /data
| |
| − | | |
| − | # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
| |
| − | # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
| |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # load average checks
| |
| − | #
| |
| − | | |
| − | # load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
| |
| − | #
| |
| − | # 1MAX: If the 1 minute load average is above this limit at query
| |
| − | # time, the errorFlag will be set.
| |
| − | # 5MAX: Similar, but for 5 min average.
| |
| − | # 15MAX: Similar, but for 15 min average.
| |
| − | | |
| − | # Check for loads:
| |
| − | #load 12 14 14
| |
| − | | |
| − | # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
| |
| − | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
| |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # Extensible sections.
| |
| − | #
| |
| − | | |
| − | # This alleviates the multiple line output problem found in the
| |
| − | # previous executable mib by placing each mib in its own mib table:
| |
| − | | |
| − | # Run a shell script containing:
| |
| − | #
| |
| − | # #!/bin/sh
| |
| − | # echo hello world
| |
| − | # echo hi there
| |
| − | # exit 35
| |
| − | #
| |
| − | # Note: this has been specifically commented out to prevent
| |
| − | # accidental security holes due to someone else on your system writing
| |
| − | # a /tmp/shtest before you do. Uncomment to use it.
| |
| − | #
| |
| − | # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
| |
| − | | |
| − | # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
| |
| − | # enterprises.ucdavis.50.1.1 = 1
| |
| − | # enterprises.ucdavis.50.2.1 = "shelltest"
| |
| − | # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
| |
| − | # enterprises.ucdavis.50.100.1 = 35
| |
| − | # enterprises.ucdavis.50.101.1 = "hello world."
| |
| − | # enterprises.ucdavis.50.101.2 = "hi there."
| |
| − | # enterprises.ucdavis.50.102.1 = 0
| |
| − | | |
| − | # Now the Output has grown to two lines, and we can see the 'hi
| |
| − | # there.' output as the second line from our shell script.
| |
| − | #
| |
| − | # Note that you must alter the mib.txt file to be correct if you want
| |
| − | # the .50.* outputs above to change to reasonable text descriptions.
| |
| − | | |
| − | # Other ideas:
| |
| − | #
| |
| − | # exec .1.3.6.1.4.1.2021.51 ps /bin/ps
| |
| − | # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
| |
| − | # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
| |
| − | | |
| − | # -----------------------------------------------------------------------------
| |
| − | | |
| − | | |
| − | ###############################################################################
| |
| − | # Pass through control.
| |
| − | #
| |
| − | | |
| − | # Usage:
| |
| − | # pass MIBOID EXEC-COMMAND
| |
| − | #
| |
| − | # This will pass total control of the mib underneath the MIBOID
| |
| − | # portion of the mib to the EXEC-COMMAND.
| |
| − | #
| |
| − | # Note: You'll have to change the path of the passtest script to your
| |
| − | # source directory or install it in the given location.
| |
| − | #
| |
| − | # Example: (see the script for details)
| |
| − | # (commented out here since it requires that you place the
| |
| − | # script in the right location. (its not installed by default))
| |
| − | | |
| − | # pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
| |
| − | | |
| − | # % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
| |
| − | # enterprises.ucdavis.255.1 = "life the universe and everything"
| |
| − | # enterprises.ucdavis.255.2.1 = 42
| |
| − | # enterprises.ucdavis.255.2.2 = OID: 42.42.42
| |
| − | # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
| |
| − | # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
| |
| − | # enterprises.ucdavis.255.5 = 42
| |
| − | # enterprises.ucdavis.255.6 = Gauge: 42
| |
| − | #
| |
| − | # % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
| |
| − | # enterprises.ucdavis.255.5 = 42
| |
| − | #
| |
| − | # % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
| |
| − | # enterprises.ucdavis.255.1 = "New string"
| |
| − | #
| |
| − | | |
| − | # For specific usage information, see the man/snmpd.conf.5 manual page
| |
| − | # as well as the local/passtest script used in the above example.
| |
| − | | |
| − | # Added for support of bcm5820 cards.
| |
| − | pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
| |
| − | | |
| − | ###############################################################################
| |
| − | # Further Information
| |
| − | #
| |
| − | # See the snmpd.conf manual page, and the output of "snmpd -H".
| |
| − | </pre>
| |
