/var/lib/net-snmp/nf (createuser commands goes here).To add a new SNMP v3 user you need to edit two files: DES - has known security issues and provides weak encryption, so it should be avoided.SNMPv3 also provides two different encryption algorithms:
sha1 - is a much stronger cryptographic algorithm that is also faster to compute, there's no reason to use md5.md5 - is now mostly supported for backward compatibility.SNMPv3 provides two different authentication mechanisms: authNoPriv (authentication but no privacy).noAuthNoPriv (no authentication, no privacy).SNMP version 3 has three separate options for security and privacy (called security level, or secLevel for short) Remember to restart snmpd after reconfiguring it.The most common problematic ones are $~! ?*( )\"' It's often a good idea to avoid shell meta-characters in passwords and community names.Safe passwords that are still easy to work with can be constructed of a few words strung together, like "".The snmp daemon's configuration file is commonly found at /etc/snmp/nf but some operating systems put it in other places.The servers that should be monitored need to be reachable on port 161, TCP, and UDP.This HOW-TO assumes that net-snmp is installed on the server that should be monitored.SNMP version 3 and 2c both provide the same data and although version 3 has a slight performance overhead because it encrypts the traffic, the ease of management of using the same protocol across the network makes a very strong case for using only SNMP version 3. SNMP version 1 has limits in both performance and the datatypes it offers that makes it highly unsuitable for monitoring, so we strongly advise against using it. Please note that the SNMP protocol version 1 and 2c is unencrypted, so someone capable of reading traffic flows in your network will be able to read values (including community names) from queries and responses sent to and from the SNMP-monitored device. Most people will want to use SNMP version 3 in the "authenticated and privacy protected" mode, commonly abbreviated as authPriv, but other methods are also covered in this section.
If you want to use SNMP to monitor your Linux- and UNIX-servers, it's imperative that you configure the SNMP daemon on those servers to make them respond to queries from the op5 Monitor server.
0 kommentar(er)
