Knowledge Base

Source: http://forums.cacti.net/about5870.html&highlight=
 

cd /usr/ports/net-mgmt/net-snmp
make
make install
make clean

edit /etc/rc.conf
add snmpd_enable="YES"

cd /usr/local/share/snmp
edit snmpd.conf (you may have to create it)
add the following
syslocation home (replace home with whatever you'd like)
syscontact me@here.com (put in your e-mail or whatever)
rocommunity private (replace with whatever read only name you'd like)
rwcommunity public (again, change this to whatever you'd like)
master yes
now save and exit

cd /usr/local/etc/rc.d
./snmpd.sh start

This will get you up and running with a very basic snmp configuration. There's a handy utility called 'snmpconf' that can be run to help you generate the snmp.conf (optional) and snmpd.conf files. This will give you more options and help tighten up security.

at this point you should be able to snmpwalk your host
snmpwalk -v1 -c public 127.0.0.1

See http://www.net-snmp.org/tutorial/tut...nds/index.html for more info on how to use snmp do nifty things...like adding MIBS!

or a more detailed description using snmpconf
 

# cd /usr/ports/net-mgmt/net-snmp && make install clean

Configuring snmpd

The net-snmp package comes with the snmpconf utility which should help you configure snmpd. We will walk through the steps for it, as it can be somewhat harrowing for those new to snmp:

# snmpconf -i

I can create the following types of configuration files for you.
Select the file type you wish to create:
(you can create more than one as you run this program)

1: snmp.conf
2: snmptrapd.conf
3: snmpd.conf

snmp.conf (snmp.conf(5)) dictates how Net-SNMP applications should operate, snmptrapd.conf (snmptrapd.conf(5)) configures the snmptrapd daemon which is used for on going monitoring via SNMP, and finally snmpd.conf (snmpd.conf(5)) defines how the snmp daemon which we will be using, is configured. Choose option '3'.
The main menu:

1: System Information Setup
2: Access Control Setup
3: Trap Destinations
4: Monitor Various Aspects of the Running Host
5: Extending the Agent
6: Agent Operating Mode


Choose option '1', and at the 'System Information Setup' menu, choose '1' again. You will be asked to enter the location of your system. This can be the country, locality, your street name, site name, or any other data you would use to describe the location of the system. After you enter this, you will be returned to the 'System Information Setup' menu.
Choose option '2' and enter the contact information for the administrator of the machine.
Finally, when you choose option '3', you will be asked a number of Yes/No questions to determine what the proper value for the sysServices object. This is used to determine what services your machine offers. Reply with a '1' for yes, or '0' for no.
When you are done with the 'System Information Setup' menu, type 'finished' to return to the main menu.
From the main menu, choose option '2' for 'Access Control Setup'

1: a SNMPv3 read-write user
2: a SNMPv3 read-only user
3: a SNMPv1/SNMPv2c read-only access community name
4: a SNMPv1/SNMPv2c read-write access community name

For the purpose of simplicity, we will set up a read-only SNMPv1 server which listens only on localhost. SNMPv2 and v3 provide some added security in the form of usernames and passwords, and for anyone wishing to have their snmpd listen on the network, I would very seriously recommend they look in to using these.
To continue, choose option '3'. You will be asked to enter a community name for read-only access. This can be any one-word string you wish, and is simply used as a weak method of authentication to restrict access to the service.
Then choose 'localhost' as the hostname from which to accept that community string, and press RETURN for no-restrictions on what the user of that community string can read.
Next we will confirm where the daemon should be listening. From the main menu, choose option '6' for 'Agent Operating Mode'

1: Should the agent operate as a master agent or not.
2: The system user that the agent runs as.
3: The system group that the agent runs as.
4: The IP address and port number that the agent will listen on.


Choose option '4', and enter 127.0.0.1 as the address at which snmpd will listen. Return to the main menu, and choose 'finished' again. You will be shown to the original menu asking which file you would like to edit. choose to 'quit'.
Finally, edit the /etc/rc.conf startup file, and at the end of the file put a new line as:
snmpd_enable="YES"
You can now start snmpd with /usr/local/etc/rc.d/snmpd.sh start. It will also start with your system when you reboot.

Here is the link I got that from:

http://silverwraith.com/papers/freebsd-snmp.php

FYI, I just query my FreeBSD server from itself, as it is the cacti server - so if you need to query external FreeBSD servers from your cacti server, and that is what you are setting up (external to cacti server, servers) your access controls will obviously be different.

Hope this helps.

To follow up, here's an example from an actual snmpd.conf file:

# sec.name source community
com2sec local 1.1.1.1 my_community
#com2sec mynetwork NETWORK/24 COMMUNITY
#replace 1.1.1.1 and my_community with your cacti's IP/hostname and actual community

####
# Second, map the security names into group names:

# sec.model sec.name
group MyRWGroup v1 local
#group MyRWGroup v2c local
#group MyRWGroup usm local
group MyROGroup v1 local
#group MyROGroup v2c local
#group MyROGroup usm mynetwork
#choose the correct version of SNMP, in this case, it's version1 (v1).

If none of the above works, follow the following how-to:
 

root@molly:~#snmpconf -g basic_setup

The following installed configuration files were found:

1: ./snmpd.conf

Would you like me to read them in? Their content will be merged with the
output files created by this session.

Valid answer examples: "all", "none","3","1,2,5"

Read in which (default = all): none
************************************************
*** Beginning basic system information setup ***
************************************************
Do you want to configure the information returned in the system MIB group (contact info, etc)? (default = y): y

Configuring: syslocation
Description:
The [typically physical] location of the system.
Note that setting this value here means that when trying to
perform an snmp SET operation to the sysLocation.0 variable will make
the agent return the "notWritable" error code. IE, including
this token in the snmpd.conf file will disable write access to
the variable.
arguments: location_string

The location of the system: At home

Finished Output: syslocation "At home"

Configuring: syscontact
Description:
The contact information for the administrator
Note that setting this value here means that when trying to
perform an snmp SET operation to the sysContact.0 variable will make
the agent return the "notWritable" error code. IE, including
this token in the snmpd.conf file will disable write access to
the variable.
arguments: contact_string

The contact information: SirDice

Finished Output: syscontact SirDice
Do you want to properly set the value of the sysServices.0 OID (if you don't know, just say no)? (default = y): y

Configuring: sysservices
Description:
The proper value for the sysServices object.
arguments: sysservices_number

does this host offer physical services (eg, like a repeater) [answer 0 or 1]: 0
does this host offer datalink/subnetwork services (eg, like a bridge): 0
does this host offer internet services (eg, supports IP): 1
does this host offer end-to-end services (eg, supports TCP): 1
does this host offer application services (eg, supports SMTP): 1

Finished Output: sysservices 76
**************************************
*** BEGINNING ACCESS CONTROL SETUP ***
**************************************
Do you want to configure the agent's access control? (default = y): y
Do you want to allow SNMPv3 read-write user based access (default = y): n
Do you want to allow SNMPv3 read-only user based access (default = y): n
Do you want to allow SNMPv1/v2c read-write community access (default = y): n
Do you want to allow SNMPv1/v2c read-only community access (default = y): y

Configuring: rocommunity
Description:
a SNMPv1/SNMPv2c read-only access community name
arguments: community [default|hostname|network/bits] [oid]

The community name to add read-only access for: public
The hostname or network address to accept this community name from [RETURN for all]:
The OID that this community should be restricted to [RETURN for no-restriction]:

Finished Output: rocommunity public
Do another rocommunity line? (default = y): n
****************************************
*** Beginning trap destination setup ***
****************************************
Do you want to configure where and if the agent will send traps? (default = y): n
****************************************
*** Beginning monitoring setup ***
****************************************
Do you want to configure the agent's ability to monitor various aspects of your system? (default = y): n

Error: An snmpd.conf file already exists in this directory.

'overwrite', 'skip', 'rename' or 'append'? : overwrite


The following files were created:

snmpd.conf

These files should be moved to /usr/local/share/snmp if you
want them used by everyone on the system. In the future, if you add
the -i option to the command line I'll copy them there automatically for you.

Or, if you want them for your personal use only, copy them to
/root/.snmp . In the future, if you add the -p option to the
command line I'll copy them there automatically for you.

root@molly:~#cp snmpd.conf /usr/local/share/snmp/
root@molly:~#service snmpd start
Starting snmpd.
root@molly:~#

From http://forums.freebsd.org/showthread.php?t=29240

NOTE: Replace the read-only community with your community and put in your hostname as well.