SNMP feed to a network monitor

[rmleonard]

Our netadmins would like to query the test boxen I just set up

it doesn't seem to respond to snmpwalk

I query it as follows:

snmpwalk -Os -c zimbra -v 2c localhost:162 system

just to make sure I know the who/what/wheres

Thoughts on outside SNMP queries against the MIB?

server status (via the web gui ) says it is running. (at least it has a check next to it ....)

[KevinH]

Is snmp running? ie did you install it?

zmcontrol status should report it

[rmleonard]

class-osx-06:~ zimbra$ zmcontrol status
Host class-osx-06.ga-adm.class.csupomona.edu
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running

says its running

but I can find no process running for snmp

the zimbra included snmp suite don't seem to be "mac happy" so i am going to play with swatchrc in the morning and have it point to the built in OSX 10.4.4 server components....

Anyone else having issues with snmpd and the like?

[marcmac]

snmp isn't really a process - and it doens't include snmpd. All it does is send traps out to whatever trap host you define, based on server stops/starts as detected in the logfiles by swatch.

[rmleonard]

on OSX server - if we enable SNMP and add/move the zimbra snmp.conf file to /etc (where OSX expects such a file to exist) -

and then modify line 9 of swatchrc
perlcode 0 my $snmptrap="/opt/zimbra/snmp/bin/snmptrap $snmpargs";

to

perlcode 0 my $snmptrap="/usr/bin/snmptrap $snmpargs";

maybe even removing "/opt/zimbra/snmp/bin" from the $PATH in .bashrc

OSX 10.4.4 uses NET-SNMP 5.2.1 on both client and server

are there specific reasons to stay with build 5.1.2 rather than leveraging what comes with the system?

[marcmac]

you can use what's shipped with the system, as long as you're aware that your changes will be overwritten on upgrade.

[rmleonard]

I realize that changes made to swatchrc will be overwritten on any give update, but my question was =>

are there specific reasons to use the included internal build of 5.1.2?

a) there are Secunia alerts against it.
b) for the position of hardening the "system" the OS build of 5.2.1 is covered by OS updates and security policies.

I'm looking for a balance here I guess

that would be one less component you folks would have to include in your bundle if you relied on the OS to handle it. Just write a script to add your MIB handlers to the various conf files and either start/restart the daemons as needed.

[rmleonard]

in a flash of "duh...."

OSX server now uses clamAV (I had forgotten this)

class-osx-06:/usr/bin zimbra$ ./freshclam --version
ClamAV 0.87.1/685/Wed Jan 26 01:08:24 2005
class-osx-06:/usr/bin zimbra$ ./clamscan --version
ClamAV 0.87.1/685/Wed Jan 26 01:08:24 2005
class-osx-06:/usr/bin zimbra$ spamassassin --version
SpamAssassin version 3.0.1
running on Perl version 5.8.6

so again - to leverage a smaller install package (or not) - depending on the Security policies of your organization - clamAV and SpamAssassin are in OSX 10.4.4

I typically replace MySQL on my servers with version 5

10.4.4 comes with openldap 2.2.19 so that is a few revs behind

can anyone think of any other "System" level features that for security policy reasons should be left to OS level policy and not Application level policy?