Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Confused by the documentation
« previous next »
Pages: [1]   Go Down

Confused by the documentation

  • 2 Replies
  • 1248 Views

Offline Drifting

  • *****
  • 431
  • +0/-0
Confused by the documentation
« on: May 17, 2007, 01:37:10 PM »
I have been fighting for a few weeks to get Cacti to monitor a couple of SME servers, one is local and the other remote.

Cacti is located on our main office server and appears to work well monitoring the local machine, and it can even monitor our router fine. However I cannot get it to connect to anything other than the above.
I am pretty sure I have setup snmp on the remote and other local servers fine. As an snmp walk returns data. The only thing I could think is that it is being blocked by the firewall?

So in the command below, what is the 1234? is that the remote lan address? and the other the local? Soryr this is all new to me and as with most things Linux they assume you know it all and can chant the spells.


For UDP services, use UDPPort instead of TCPPort. Note that you can also set restrictions with ~AllowHosts and ~DenyHosts:

 config setprop manta ~AllowHosts 1.2.3.4,10.11.12.0/24
 config setprop manta ~DenyHosts 16.17.18.18


Paul.
Logged
Infamy, Infamy, they all have it in for me!

Offline mmccarn

  • *
  • 2,657
  • +10/-0
Confused by the documentation
« Reply #1 on: May 18, 2007, 01:50:17 PM »
Quote
config setprop manta ~AllowHosts 1.2.3.4,10.11.12.0/24
I'm pretty sure this command will allow the remote hosts "1.2.3.4" and the remote network "10.11.12.0/24" to access the service named "manta".

To allow remote access to snmp from a remote host a.b.c.d you'd need to have a "service" defined for snmp that includes the TCPPort value, then you could set "~AllowHosts", something like this:
Code: [Select]
config set snmp service access public status enabled TCPPort 161
config setprop snmp ~AllowHosts a.b.c.dWhere:
  • "161" is the default port for the snmp listening daemon (I just found this w/ google...)
  • a.b.c.d is the ip address of the remote host that is to be allowed access to port 161 on this server.
I don't understand snmp enough to tell you if there are security implications to worry about.  I know that snmp v1 & v2 send the community strings in plain text - something to avoid doing directly over the internet!

You could setup a vpn connection to your remote SME box for monitoring, or (possibly) use ssh to tunnel your snmp traffic...
Logged

Offline Drifting

  • *****
  • 431
  • +0/-0
Confused by the documentation
« Reply #2 on: May 20, 2007, 02:09:35 PM »
Thank you for the reply, it was very much appreciated.

I will go give your suggestions a try out. The part that confused me is that I can get information from the router that is on the dirty side, but nothing else beyond it?

Thanks Paul.
Logged
Infamy, Infamy, they all have it in for me!
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Confused by the documentation