Пример конфига snmpd proxy

# Define a simple view 'systemview', which includes everthing under .1.3.6.1
view    systemview     included      .1.3.6.1

# Map 'public' community to the 'notConfigUser'
com2sec notConfigUser  default       public

# Map 'notConfigUser' to 'notConfigGroup'
group   notConfigGroup v1            notConfigUser
group   notConfigGroup v2c           notConfigUser

# Give 'notConfigGroup' read access to objects in the view 'systemview'
access  notConfigGroup ""            any       noauth    exact  systemview none none

# v1/v2c community string for each proxied host
com2sec -Cn ctx_hades notConfigUser  default       cmty_hades

# Allow the 'notConfigUser' (a member of 'notConfigGroup') access for these contexts
access  notConfigGroup ctx_hades        any     noauth  prefix  systemview none none

# Setting up the proxy configuration
proxy -Cn ctx_hades -v 2c -c public 192.168.55.80 .1.3

Для проверки используем:

snmpwalk -v 1 -c cmty_hades localhost sysname

Настройки из zabbix (обратите внимание на community у proxy-client)

Screenshot_20240913_170652.png

Screenshot_20240913_170618.png

Настроим возможность использования snmp v3 для прокси

Нужно привести конфиг к такому виду

cat /etc/snmp/snmpd.conf
# Define a simple view 'systemview', which includes everthing under .1.3.6.1
view    systemview     included      .1.3.6.1

# Map 'public' community to the 'notConfigUser'
com2sec notConfigUser  default       public

# Map 'notConfigUser' to 'notConfigGroup'
group   notConfigGroup v1            notConfigUser
group   notConfigGroup v2c           notConfigUser
group   snmpv3Group    v3             snmpv3user

# Give 'notConfigGroup' read access to objects in the view 'systemview'
access  notConfigGroup ""            any       noauth    exact  systemview none none
access  snmpv3Group ""            any       authPriv  exact  systemview none none

# Define SNMPv3 user 'snmpv3user' with authentication and privacy settings
createUser snmpv3user SHA "authpassword" AES "privpassword"

# v1/v2c community string for each proxied host
com2sec -Cn ctx_hades notConfigUser  default       cmty_hades

# Allow the 'notConfigUser' (a member of 'notConfigGroup') access for these contexts
access  notConfigGroup ctx_hades        any     noauth  prefix  systemview none none
access  snmpv3Group ctx_hades     any     authPriv exact  systemview none none

# Setting up the proxy configuration
proxy -Cn ctx_hades -v 2c -c public 192.168.55.80 .1.3

rouser snmpv3user

Создаем пользователя


net-snmp-create-v3-user -ro -A authpassword -a SHA -X privpassword -x AES snmpv3user

adding the following line to /var/lib/snmp/snmpd.conf:
   createUser snmpv3user SHA "authpassword" AES "privpassword"
adding the following line to /etc/snmp/snmpd.conf:
   rouser snmpv3user

Проверка

snmpwalk -v3 -a SHA -A authpassword -x AES -X privpassword -l authPriv -u snmpv3user localhost
snmpwalk -n ctx_hades -v3 -a SHA1 -A authpassword -x AES128 -X privpassword -l authPriv -u snmpv3user 192.168.55.60 iso.3.6.1.2.1.1.5.0

Пример что должно быть в заббикс

Screenshot_20240916_180559.png