russjar
Enthusiast
Enthusiast

Enabling SNMP

Hi,

I am reading through the Basic System Administration Guide on enabling SNMP, and on page 80 it talks about how to enable / disable SNMP traps by editing the config.xml file located /etc/vmware/host/. That fine, if that path and file existed as stated. But unfortunately the file in the path indicated is not there. What what is there is the following /etc/vmware/hostd/config.xml however there is no mention of SNMP in the config.xml file in that location. Could someone please advise on what I should do in this situation, cheers....

VCP,MCSE NT4/W2k/W2k3, MCSA W2k3
Tags (1)
0 Kudos
3 Replies
mike_laspina
Champion
Champion

Hello,

If you enable snmp the traps will be on by default and will be sent externally if you have a trap target(s) defined and the firewall ports 161, 162 under security profile was allowed.

If you wish to stop this behavior add the following in the /etc/vmware/hostd/config.conf within the plugins tag.

<snmpsvc>

<generateTraps>false</generateTraps>

</snmpsvc>

Don't forget to run chkconfig snmpd on to load the service automatically.

http://blog.laspina.ca/ vExpert 2009
0 Kudos
russjar
Enthusiast
Enthusiast

Awsome thanks...

VCP,MCSE NT4/W2k/W2k3, MCSA W2k3
0 Kudos
tekka
Enthusiast
Enthusiast

Hello, having some problems enabling snmp on my esx 3.02 (build 90892), so I keep on with this post.

It seems I have done all what specified in 3.0admin manual

I successfully can send a test trap from esx to mgmt server, if I do a "service snmpd restart" on esx I receive 2 traps on mgmt server (zenoss)

1.3.6.1.4.1.8072.4.0.2 for net-snmp notify shutdown

and the snmp_coldStart one.

In /var/log/messages of esx I get:

Oct 6 10:59:02 esx12 snmpd4372: Received TERM or STOP signal... shutting down...

Oct 6 10:59:03 esx12 snmpd: snmpd shutdown succeeded

Oct 6 10:59:03 esx12 snmpd: snmpd startup succeeded

Oct 6 10:59:05 esx12 snmpd22541: SNMPVMInfo: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPVMNet: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPVMDisk: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPVMFloppyCD: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPResMem: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPResCPU: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPResDisk: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPResNet: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPESX: Initialized.

Oct 6 10:59:05 esx12 snmpd22541: SNMPSystem: Initialized.

Oct 6 10:59:06 esx12 snmpd22541: [2008-10-06 10:59:06.188 '

Oct 6 10:59:06 esx12 snmpd22541: SNMP

Oct 6 10:59:06 esx12 snmpd 22541 : ' 3076453792 info ]

Oct 6 10:59:06 esx12 snmpd22541: Vmacore::InitSSL: doVersionCheck = true, handshakeTimeoutUs = 12

0000000

Oct 6 10:59:06 esx12 snmpd22541:

Oct 6 10:59:06 esx12 /usr/lib/vmware/hostd/vmware-hostd1299: Accepted password for user root from

127.0.0.1

Oct 6 10:59:06 esx12 snmpd22541: SNMPVmodl: Initialized

Oct 6 10:59:06 esx12 snmpd22541: NET-SNMP version 5.0.9

Oct 6 10:59:20 esx12 wbem(pam_unix)1572: authentication failure; logname= uid=0 euid=0 tty= ruser

= rhost= user=root

Oct 6 11:04:21 esx12 wbem(pam_unix)1572: authentication failure; logname= uid=0 euid=0 tty= ruser

= rhost= user=root

BTW: Are the wbem messages related with snmp....?

the config.xml file contains nothing about snmp so that VMware traps should be enabled.

In snmpd.conf I have:

syscontact root@localhost (edit snmpd.conf)

syslocation room1 (edit snmpd.conf)

rocommunity mymgtcom

trapcommunity mymgtcom

trapsink ip_addr_of_mgmt_srv

  1. VMware MIB modules. To enable/disable VMware MIB items

  1. add/remove the following entries.

dlmod SNMPESX /usr/lib/vmware/snmp/libSNMPESX.so

In esx security profile I enabled snmp. If I issue an "iptables -L" on esx I get infact:

root@esx # iptables -L | grep -E "Chain|snm"

Chain INPUT (policy DROP)

ACCEPT udp -- anywhere anywhere udp dpt:snmp

Chain FORWARD (policy DROP)

Chain OUTPUT (policy DROP)

ACCEPT udp -- anywhere anywhere udp dpt:snmptrap

Chain icmp-in (1 references)

Chain icmp-out (1 references)

Chain log-and-drop (7 references)

Chain valid-source-address (2 references)

Chain valid-source-address-udp (1 references)

Chain valid-tcp-flags (2 references)

But tried to: power on, power off, suspend a linux vm that is running on this esx with vmware-tools installed OK and no trap is sent by esx server (or not received by mgmt server..)

I also have vcenter 2.5 managing the infrastructure (going to upgrade to esx 3.5, of which I already have several ones)

Where to check further?

Thanks in advance,

Gianluca

0 Kudos