cacti监控系统

cacti

1. cacti安装

IP： 172.25.44.1

环境： Red Hat 6.5

镜像： rhel-server-6.5-x86_64-dvd.iso

火墙： /etc/init.d/iptables stop && chkconfig iptables off

selinux： disabled

1.1. Required Packages for RPM-based Operating Systems

rrdtool php php-mysql mysql-server httpd net-snmp-utils 这些依赖软件是系统自带，可以直接使用yum源安装。但是php-snmp需要自己去网上下载与已经安装的php版本一致的版本。

[root@server1 software]# yum install rrdtool php php-mysql mysql-server httpd net-snmp-utils -y
[root@server1 software]# yum list php
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Installed Packages
php.x86_64                    5.3.3-26.el6                    @rhel-source
[root@server1 software]# ls
cacti-0.8.8h.tar.gz           php-snmp-5.3.3-26.el6.x86_64.rpm
[root@server1 software]# yum install php-snmp-5.3.3-26.el6.x86_64.rpm -y

1.2. Install and Configure Cacti

解压文件------>软链接------>启动数据库------>创建数据库------>导入数据库------>初始化数据库------>授权数据库用户密码（cacti）------>编辑配置文件config.php------>创建cacti用户------>设置相关目录权限------>编写crontab------>启动httpd服务

[root@server1 software]# tar zxf cacti-0.8.8h.tar.gz -C /var/www/html/
[root@server1 software]# cd /var/www/html/
[root@server1 html]# ls
cacti-0.8.8h
[root@server1 software]# cd /var/www/html/
[root@server1 html]# ln -s cacti-0.8.8h/ cacti
[root@server1 html]# cd cacti
[root@server1 cacti]# /etc/init.d/mysqld start
Initializing MySQL database:  Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h server1 password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

                                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
[root@server1 cacti]# mysqladmin --user=root create cacti
[root@server1 cacti]# mysql cacti < cacti.sql
[root@server1 cacti]# mysql_secure_installation 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

[root@server1 cacti]# mysql -pwestos
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.1.71 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant all on cacti.* to cacti@localhost identified by 'westos';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye
[root@server1 cacti]# vim include/config.php

 26 $database_type = "mysql";
 27 $database_default = "cacti";
 28 $database_hostname = "localhost";
 29 $database_username = "cacti";
 30 $database_password = "westos";
 31 $database_port = "3306";
 32 $database_ssl = false;

[root@server1 cacti]# useradd cacti
[root@server1 cacti]# id cacti
uid=500(cacti) gid=500(cacti) groups=500(cacti)
[root@server1 cacti]# mysql -ucacti -pwestos
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 18
Server version: 5.1.71 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit
Bye
[root@server1 cacti]# chown -R cacti rra/ log/
[root@server1 cacti]# cd rra
[root@server1 rra]# crontab -e -u cacti
no crontab for cacti - using an empty one
crontab: installing new crontab
[root@server1 rra]# crontab -l -u cacti
*/5 * * * * php /var/www/html/cacti/poller.php > /dev/null 2>&1
[root@server1 cacti]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.44.1 for ServerName
                                                           [  OK  ]

1.3. Point your web browser to: http://172.25.44.1/cacti/

初始用户admin；初始密码admin

初次登陆必须修改密码

登陆后的界面

2. 功能实现

2.1. 简单监控磁盘信息

再开一台虚拟机server2（ip：172.25.44.2）

[root@server2 ~]# yum install -y net-snmp net-snmp-utils
[root@server2 ~]# cd /etc/snmp/
[root@server2 snmp]# vim snmpd.conf
[root@server2 snmp]# cd /software/
[root@server2 software]# ls
snmpd.conf		#snmpd.conf文件在文档最后
[root@server2 software]# cd -
/etc/snmp
[root@server2 snmp]# mv /software/snmpd.conf .
mv: overwrite `./snmpd.conf'? y
[root@server2 snmp]# /etc/init.d/snmpd start
Starting snmpd:                                            [  OK  ]

Devices（左边）

Add（右上角）

Create（右下角）

最上边显示邮箱信息，没有error即为ok

[root@server2 snmp]# snmpwalk -v 1 172.25.44.2 -c public .1.3.6.1.4.1.2021.9
UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1
UCD-SNMP-MIB::dskPath.1 = STRING: /
UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/mapper/VolGroup-lv_root
UCD-SNMP-MIB::dskMinimum.1 = INTEGER: 10000
UCD-SNMP-MIB::dskMinPercent.1 = INTEGER: -1
UCD-SNMP-MIB::dskTotal.1 = INTEGER: 19134332
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 17224568
UCD-SNMP-MIB::dskUsed.1 = INTEGER: 937784
UCD-SNMP-MIB::dskPercent.1 = INTEGER: 5
UCD-SNMP-MIB::dskPercentNode.1 = INTEGER: 2
UCD-SNMP-MIB::dskTotalLow.1 = Gauge32: 19134332
UCD-SNMP-MIB::dskTotalHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskAvailLow.1 = Gauge32: 17224568
UCD-SNMP-MIB::dskAvailHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskUsedLow.1 = Gauge32: 937784
UCD-SNMP-MIB::dskUsedHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskErrorFlag.1 = INTEGER: noError(0)
UCD-SNMP-MIB::dskErrorMsg.1 = STRING:

[root@server1 cacti]# snmpwalk -v 1 172.25.44.2 -c public .1.3.6.1.4.1.2021.9
UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1
UCD-SNMP-MIB::dskPath.1 = STRING: /
UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/mapper/VolGroup-lv_root
UCD-SNMP-MIB::dskMinimum.1 = INTEGER: 10000
UCD-SNMP-MIB::dskMinPercent.1 = INTEGER: -1
UCD-SNMP-MIB::dskTotal.1 = INTEGER: 19134332
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 17224568
UCD-SNMP-MIB::dskUsed.1 = INTEGER: 937784
UCD-SNMP-MIB::dskPercent.1 = INTEGER: 5
UCD-SNMP-MIB::dskPercentNode.1 = INTEGER: 2
UCD-SNMP-MIB::dskTotalLow.1 = Gauge32: 19134332
UCD-SNMP-MIB::dskTotalHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskAvailLow.1 = Gauge32: 17224568
UCD-SNMP-MIB::dskAvailHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskUsedLow.1 = Gauge32: 937784
UCD-SNMP-MIB::dskUsedHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskErrorFlag.1 = INTEGER: noError(0)
UCD-SNMP-MIB::dskErrorMsg.1 = STRING:

Graph Trees------>Defautl Tree

Add

Create

Save

New Graphs

Create

Graphs------>Host:server2

2.2. 添加组件monitor

绿色：被监控设备状态正常

红色：被监控设备Down机

兰色：被监控设备恢复（Down后重新启动，界于红色与绿色之间的状态）

黄色：被监控设备门槛报警

[root@server1 software]# ls
cacti-0.8.8h.tar.gz        monitor-v1.3-1.tgz
cacti-spine-0.8.8h.tar.gz  php-snmp-5.3.3-26.el6.x86_64.rpm
[root@server1 software]# tar zxf monitor-v1.3-1.tgz -C /var/www/html/cacti/plugins
[root@server1 software]# cd /var/www/html/cacti/plugins
[root@server1 plugins]# ls
index.php  monitor

Plugin Management------>蓝色向下的箭头

绿色向右的箭头------>Save

Settings

Save

monitor

2.3. 添加插件spine

开启多个线程读取数据

[root@server1 software]# ls
cacti-0.8.8h.tar.gz        monitor-v1.3-1.tgz
cacti-spine-0.8.8h.tar.gz  php-snmp-5.3.3-26.el6.x86_64.rpm
[root@server1 software]# tar zxf cacti-spine-0.8.8h.tar.gz
[root@server1 software]# yum install net-snmp-devel gcc mysql-devel -y
[root@server1 software]# cd cacti-spine-0.8.8h
[root@server1 cacti-spine-0.8.8h]# ./configure
[root@server1 cacti-spine-0.8.8h]# make
[root@server1 cacti-spine-0.8.8h]# make install
[root@server1 cacti-spine-0.8.8h]# cd /usr/local/spine/
[root@server1 spine]# ls
bin  etc
[root@server1 spine]# cd etc/
[root@server1 etc]# ls
spine.conf.dist
[root@server1 etc]# cp spine.conf.dist /etc/spine.conf
[root@server1 etc]# vim /etc/spine.conf 

 33 DB_Host         localhost
 34 DB_Database     cacti
 35 DB_User         cacti
 36 DB_Pass         westos
 37 DB_Port         3306

[root@server1 etc]# su - cacti
[cacti@server1 ~]$ /usr/local/spine/bin/spine
SPINE: Using spine config file [/etc/spine.conf]
SPINE: Version 0.8.8h starting
SPINE: Time: 0.0942 s, Threads: 5, Hosts: 3
[cacti@server1 ~]$ logout

Settings------>Poller------>Save


3. cacti总结

3.1. rrdtool

rrdtool只是作为会图工具配合cacti使用，不具备数据采集功能。

rrdtool的工作流程：rra------>*.rrd

rrdtool对数据的处理是环形的，文件大小不变，默认是保留两天，所以一般两天以前的数据户会被覆盖。也可以将每隔五分钟绘图修改成每隔半小时，这里就需要使用聚合函数对每六个五分钟的数据取平均值（Average，max，min，last）。

虽然cacti是把数据交给rrdtool来处理的，但其实是可以不用rrdtool的，php也有绘图功能，如果直接把数据放进数据库交给php处理绘图，但这这样的处理方式对数据库剧的要求是极高的。

3.2. 监控设备三部分

数据采集：通过crontab定时处理------>调用crontab指定的php文件（这里用到php-snmp插件）------>使用snmp协议------>被监控host

数据存储：rrdtool------>rra------>*.rrd

数据展示：Web（php程序）------>运行php文件（这里用到ph-mysql插件）------>mysql（php从数据库中读取变量）------>rrdtool------>rrd------>gd

数据采集模式：snmp，ipomi，jmx,agent,ssh

3.3. 辨析

rrd中存储的是snmp抓到数据

mysql存储的是rrdtool绘图是需要的变量

4. snmpd.conf配置文件参考

###############################################################################
#
# snmpd.conf:
#   An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be as a starting point.  Many more
# configuration directives exist than are mentioned in this file.  For
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a '#' are comments and are intended for you
# to read.  All other lines are configuration commands for the agent.

###############################################################################
# Access Control
###############################################################################

# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.  Examples are shown below about how to increase the
# level of access.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name "public" into a "security name"

#       sec.name  source          community
#com2sec notConfigUser  default       public
com2sec local     localhost           public
com2sec mynetwork 172.25.44.0/24      public

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
#group   notConfigGroup v1           notConfigUser
#group   notConfigGroup v2c           notConfigUser
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
####
# Third, create a view for us to let the group have rights to:

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    systemview    included   .1.3.6.1.2.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view all    included  .1                               80
####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
#access  notConfigGroup ""      any       noauth    exact  systemview none none
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none
# -----------------------------------------------------------------------------

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

##       sec.name  source          community
#com2sec local     localhost       COMMUNITY
#com2sec mynetwork NETWORK/24      COMMUNITY

##     group.name sec.model  sec.name
#group MyRWGroup  any        local
#group MyROGroup  any        mynetwork
#
#group MyRWGroup  any        otherv3user
#...

##           incl/excl subtree                          mask
#view all    included  .1                               80

## -or just the mib2 tree-

#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc

##                context sec.model sec.level prefix read   write  notif
#access MyROGroup ""      any       noauth    0      all    none   none
#access MyRWGroup ""      any       noauth    0      all    all    all

###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don't allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#

# First, map the community name "public" into a "security name"
#       sec.name        source          community
#com2sec notConfigUser   default         public

# Second, map the security name into a group name:
#       groupName       securityModel   securityName
#group   notConfigGroup  v1              notConfigUser
#group   notConfigGroup  v2c             notConfigUser

# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
#       name            incl/excl       subtree mask(optional)
#view    roview          included        .1
#view    rwview          included        system.sysContact
#view    rwview          included        system.sysName
#view    rwview          included        system.sysLocation
#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
#view    rwview          included        at.atTable.atEntry.atPhysAddress
#view    rwview          included        at.atTable.atEntry.atNetAddress
#view    rwview          included        ip.ipForwarding
#view    rwview          included        ip.ipDefaultTTL
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
#view    rwview          included        snmp.snmpEnableAuthenTraps

# Finally, grant the group read-only access to the systemview view.
#       group          context sec.model sec.level prefix read   write  notif
#access  notConfigGroup ""      any       noauth    exact  roview rwview none

###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:

syslocation RHEL6.5
syscontact Root <root@server2.example.com>

# Example output of snmpwalk:
#   % snmpwalk -v 1 localhost -c public system
#   system.sysDescr.0 = "SunOS name sun4c"
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
#   system.sysContact.0 = "Me <me@somewhere.org>"
#   system.sysName.0 = "name"
#   system.sysLocation.0 = "Right here, right now."
#   system.sysServices.0 = 72

###############################################################################
# Logging
#

# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.

dontLogTCPWrappersConnects yes

# -----------------------------------------------------------------------------

###############################################################################
# Process checks.
#
#  The following are examples of how to use the agent to check for
#  processes running on the host.  The syntax looks something like:
#
#  proc NAME [MAX=0] [MIN=0]
#
#  NAME:  the name of the process to check for.  It must match
#         exactly (ie, http will not find httpd processes).
#  MAX:   the maximum number allowed to be running.  Defaults to 0.
#  MIN:   the minimum number to be running.  Defaults to 0.

#
#  Examples (commented out by default):
#

#  Make sure mountd is running
#proc mountd

#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4

#  Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1

#  A snmpwalk of the process mib tree would look something like this:
#
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
#  Note that the errorFlag for mountd is set to 1 because one is not
#  running (in this case an rpc.mountd is, but thats not good enough),
#  and the ErrMessage tells you what's wrong.  The configuration
#  imposed in the snmpd.conf file is also shown.
#
#  Special Case:  When the min and max numbers are both 0, it assumes
#  you want a max of infinity and a min of 1.
#

# -----------------------------------------------------------------------------

###############################################################################
# Executables/scripts
#

#
#  You can also have programs run by the agent that return a single
#  line of output and an exit code.  Here are two examples.
#
#  exec NAME PROGRAM [ARGS ...]
#
#  NAME:     A generic name. The name must be unique for each exec statement.
#  PROGRAM:  The program to run.  Include the path!
#  ARGS:     optional arguments to be passed to the program

# a simple hello world

#exec echotest /bin/echo hello world

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest

# Then,
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0

# Note that the second line of the /tmp/shtest shell script is cut
# off.  Also note that the exit status of 35 was returned.

# -----------------------------------------------------------------------------

###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.  

# disk PATH [MIN=100000]
#
# PATH:  mount path to the disk in question.
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
#        Default value = 100000.

# Check the / partition and make sure it contains at least 10 megs.

disk / 10000

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""

# -----------------------------------------------------------------------------

###############################################################################
# load average checks
#

# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
# 1MAX:   If the 1 minute load average is above this limit at query
#         time, the errorFlag will be set.
# 5MAX:   Similar, but for 5 min average.
# 15MAX:  Similar, but for 15 min average.

# Check for loads:
#load 12 14 14

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""

# -----------------------------------------------------------------------------

###############################################################################
# Extensible sections.
# 

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

# -----------------------------------------------------------------------------

###############################################################################
# Pass through control.
# 

# Usage:
#   pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note:  You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example:  (see the script for details)
#           (commented out here since it requires that you place the
#           script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#

# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.

###############################################################################
# Further Information
#
#  See the snmpd.conf manual page, and the output of "snmpd -H".