Enable SNMP On Multiple Mac Workstations Using A Script

November 12th, 2012 by William Smith

SNMP can be a valuable tool for monitoring the health of unattended Mac workstations acting as a farm to process information for remote users. If the health of a farm member degrades because its hard drive gets full or a process gets stuck then SNMP can send traps to a Network Management Station to alert the administrator.

Before SNMP will return any useful information an administrator must configure the Mac using the snmpconf command. By default this command runs interactively and prompts him for basic information to create the /usr/share/snmp/snmpd.conf file. However, he can use this file to script the same configuration for other machines without interaction. The script can also run a simple launchd command afterward to start the snmp service.

Create the snmpd.conf file

Creating the snmpd.conf file is as simple as running a command in the Terminal and answering a few questions.

  1. Launch the Terminal application found in /Applications/Utilities.
  2. The Terminal defaults to the current user’s home folder. Verify this using the pwd command. This is where the snmpconf command will create the snmpd.conf file.
  3. Enter snmpconf in the Terminal and press return.
  4. This begins a series of simple questions. The first question is:

    The following installed configuration files were found:

    1: /etc/snmp/snmpd.conf

    Would you like me to read them in? Their content will be merged with the output files created by this session.

    Valid answer examples: “all”, “none”,”3″,”1,2,5″

    Read in which (default = all):

    Press return to accept the default answer “all”.

  5. The next question is:

    I can create the following types of configuration files for you.
    Select the file type you wish to create:
    (you can create more than one as you run this program)

    1: snmpd.conf
    2: snmptrapd.conf
    3: snmp.conf

    Other options: quit

    Select File:

    Enter 1 to choose to create the snmpd.conf file.

  6. Next, choose 1 for Access Control Setup. This will set the community name for both read/write as well as read access. For monitoring purposes an administrator should configure read-only communities such as talkingmoose-read. Set the community name for both SNMPv3 read-only user as well as SNMPv1/SNMPv2 read-only access community name. These may be the same name.
  7. When the read-only communities are set then type finished to exit the access control setup and proceed to the rest of the sections.

Some questions will be for more advanced snmp settings, which some administrators will want to partially or fully customize. For basic snmp functionality either accept the defaults or don’t answer the questions. At minimum, though, complete the Access Control Setup and System Information Setup sections.

After answering the questions and returning to the top level section type quit to complete creating the snmpd.conf file. The snmpconf command places this file in the current working directory in Terminal.

Load snmpd.conf onto another Mac

Loading these settings on another machine requires the same snmpconf command but with some instructions to use the newly created file. Do the following:

  1. Copy the snmpd.conf file to the new machine.
  2. Run the following command on the new machine:sudo snmpconf -R /path/to/snmpd.conf -a -f -i snmpd.conf

This snmpconf command takes the supplied snmpd.conf file (-R /path/to/snmpd.conf) to quietly configure a new one (-a) overwriting anything already configured (-f) and places it in the correct location (-i), which is /usr/share/snmp/.

Start SNMP

After the settings are loaded and a newly created snmpd.conf file exists in /usr/share/snmp/, start the SNMP service:

sudo launchctl load -w
/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist

Test using snmpwalk

To verify the settings are applied correctly use the snmpwalk command to read SNMP data from the Mac using the read-only user or community name created when completing the Access Control Setup section earlier:

snmpwalk -v1 -c talkingmoose-read localhost

This should return a lengthy amount of information that begins with something like:

SNMPv2-MIB::sysDescr.0 = STRING: Darwin TMServer.local 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386 i386
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (751563) 2:05:15.63
SNMPv2-MIB::sysContact.0 = STRING: "William Smith"
SNMPv2-MIB::sysName.0 = STRING: TMServer.local
SNMPv2-MIB::sysLocation.0 = STRING: "Saint Paul"
SNMPv2-MIB::sysServices.0 = INTEGER: 12

Deployment

The most efficient deployment method for current and future Mac farm machines is an Apple Installer package. Add the snmpd.conf file as a resource file to the package and add a postflight script to load the file and start the SNMP service.

Tags: ,

Comments are closed.