Working with SNMP and MIB – Nagios

Different operating systems can come with different SNMP applications. Many hardware vendors also offer additional software that manages multiple machines using SNMP—for example, HP OpenView or Sun Management Center. For this section and the following ones, the Net-SNMP package (see http://net-snmp.sourceforge.net/) will be used. This package is included in all Linux distributions and works with almost all Unix operating systems.

In order to install this package on Ubuntu Linux, we need to run the following command:

apt-get install snmp

For yum-based Linux distributions, the package is called net-snmp and the command to install it is as follows:

yum install net-snmp 

The Net-SNMP project homepage also offers binaries for several platforms, including HP-UX and Fedora Linux. Fedora packages should also work on Red Hat Enterprise Linux systems.

It is also possible to build everything from the source for various Unix operating systems such as AIX, HP-UX, and Solaris. Exact instructions are provided on the project page (http://net-snmp.sourceforge.net/).

It is also recommended to install additional library containing MIB files, that will help using text OIDs:

apt-get install snmp-mibs-downloader 

After a successful installation, we should be able to run any SNMP-related command, such as snmpget, and check the Net-SNMP version by doing the following:

root@ubuntu:~# snmpget -V 
NET-SNMP version: 5.7.2 

Assuming we do have a host with the SNMP agent set up, and it is accepting the SNMP protocol version 1, we can now try to communicate with it and query a few parameters:

root@ubuntu:~# snmpget -v 1 -c public 192.168.2.2 \ 
    iso.org.dod.internet.mgmt.mib-2.system.sysName.0 
SNMPv2-MIB::sysName.0 = STRING: WAG354G 

As you can see, the device returned that the system name is WAG354G. This is actually a Linksys/Cisco router and the only way to access its information is over the web interface or SNMP.

The Net-SNMP package comes with a couple of very useful commands that can be used to check current values, as well as perform a dump of a part or the whole MIB tree. These vary from simple tools for querying a single attribute to very complex ones that print out a df-like report of partitions on a remote system. There are also commands for displaying tables and for setting parameters remotely.

Throughout this section and the next ones, we’ll mainly use SNMP version 1, as this is supported by almost all SNMP-enabled devices. When using SNMP in production, it’s better to check which devices accept the SNMP versions, and use the most recent one a device handles correctly.

The first command that’s worth getting familiar with is snmpget. This allows the querying of single or multiple attributes over SNMP.

The syntax of the command is as follows:

snmpget [options] IP-address OID [OID] ...

All of the Net-SNMP commands accept a huge number of parameters. The following parameters are the ones we will be using throughout this chapter, and they are worth knowing:

Option

Description

-h

Provides help

-V

Prints the Net-SNMP version

-c

Specifies the community name to use

-v

Specifies the SNMP version to be used; should be one of 1, 2c or 3

-r

Specifies the number of retries

-t

Timeout in seconds

-O

Output options; should be one or more of the following:

n : Print OIDs as numerical values without expanding them from MIB

e : Print enum and OID fields as numbers instead of string values

v : Print values only instead of name = value format

f : Print full OID names; disallows shortcuts such as SNMPv2-MIB

The -O option allows the retrieval of values without having to apply MIB shortcuts; hence, being able to see the entire branch. It also allows output to be changed so that only values along with data types are printed out, instead of the object names themselves.

An example of this command is as follows:

# snmpget -O ef -v 1 -c public rtr SNMPv2-MIB::sysObjectID.0 
.iso.org.dod.internet.mgmt.mib-2.system.sysObjectID.0 = 
OID: .iso.org.dod.internet.private.enterprises.ucdavis. ucdSnmpAgent.linux

All of the options above can also be used with other Net-SNMP commands.

Net-SNMP also offers a command to iterate through the entire MIB tree, or only a part of it. The snmpwalk command accepts the same options as shown earlier. Most versions of Net-SNMP’s snmpwalk command do not require the passing of any OID to work. For older versions, in order to list the entire tree,.1 can be specified as the OID.

The following command will list the entire MIB tree of an SNMPv1 agent:

root@ubuntu:~# snmpwalk -v 1 -c public 192.168.2.2 

Depending on the underlying operating system and the SNMP agent itself, the actual data may be different. Please note that if the device is not on a local network, then this operation might take a very long time to complete.

In order to retrieve only a part of the MIB tree, simply pass the prefix of the tree you are interested in. For example:

root@ubuntu:~# snmpwalk -v 1 -c public 192.168.2.2 1.3.6.1.2.1.1 

The command above will limit the query to iso.org.dod.internet.mgmt.mib-2.system node and its children. It will also complete much faster than querying the entire tree.

Walking over a part of a tree is mainly useful when trying to check the objects that are available on a remote device that does not respond quickly to SNMP requests—either because of network lag or because of the computations required for some objects. It is also commonly used to find out which values are available in a specified part of the MIB tree.

Another useful utility is the snmptable command. It allows the listing of various SNMP tables, and shows them in a human readable form. The syntax is as follows:

snmptable [options] IP-address OIDprefix 

For example, to list all TCP/IP connections, the following command can be used:

root@:~# snmptable -v 1 -c public 192.168.2.2 tcpConnTable 
SNMP table: TCP-MIB::tcpConnTable 
 
connState connLocalAddress connLocalPort connRemAddress connRemPort 
   listen         0.0.0.0             23        0.0.0.0           0 
   listen         0.0.0.0             80        0.0.0.0           0 
   listen         0.0.0.0            199        0.0.0.0           0

Net-SNMP also allows the setting of new object values that can be used to reconfigure various devices. The snmpset command can be used to perform this. The syntax is as follows:

snmpset [options] IP-address OID type value [OID type value] ... 

This command accepts all of the same standard options as the snmpget command. A single command invocation can be used to set more than one parameter, by specifying more than one set of OIDs to be set. Each set operation needs to specify the new value along with the data type it should be set to.

The value type can be one of the following:

Type

Description

i

Integer

u

Unsigned integer

s

String

x

Hex string: Each letter is specified as 2 hex digits

d

Decimal string: Each letter is specified as a 1-2 digit

n

NULL object

o

OID: For objects that accept an object

t

Timeticks

a

IP address

B

Series of bits

The most common types are String, Integer, and OID. The first two require the passing of either a number or a text that the object’s value should be set to. Setting an OID type of object requires either providing a full OID identifier or any string that can be matched by the MIB definitions.

An example to set a system’s contact name and hostname is as follows:

root@ubuntu:~# snmpset -v 2c -c private 192.168.2.2 \ 
    SNMPv2-MIB::sysContact.0 s admin@net.home \    SNMPv2-MIB::sysName.0 s RTR 
SNMPv2-MIB::sysContact.0 = STRING: admin@net.home 
SNMPv2-MIB::sysName.0 = STRING: RTR 

Some attributes cannot be set via SNMP. For example, it is not possible to modify objects that are used for the monitoring system. These attributes usually include the IP address configuration, counters, or diagnostic information, for example, TCP/UDP connection tables, process lists, installed applications, and performance counters. Many devices tend to support command line administration over SNMP, and in this case, the parameters might be read-only.

MIB definitions specify which attributes are explicitly read-only. Using a graphical tool to find out which attributes can be modified will ease automatic device configuration over the SNMP protocol.

Using graphical tools

Using SNMP and the MIB tree is not a simple task. Many people, not very familiar with command-line tools and the large amounts of information returned, might feel a bit overwhelmed by it. This is where graphical tools come in handy. And there are lots of freely-available tools that can visualize SNMP. We will discuss only a few of them.

The first tool is called mbrowse (see https://sourceforge.net/projects/mbrowse/). It is a graphical tool for browsing the MIB tree, querying attributes, and running a complete or partial walkthrough the MIB tree. This tool uses the SNMPv1 and the SNMPv2c protocols. It uses the Net-SNMP libraries and shares the same MIB definitions.

The following is a screenshot of the tool with a result from a walkthrough and an expanded TCP tree:

 

 

Another interesting tool is Tcl/tK based Interactive Network Editor (TkIned) from the Scotty package (https://sourceforge.net/projects/tkined-scotty/). This is a graphical tool that uses Tk for the graphical interface and Scotty for the SNMP protocol. It allows browsing of the MIB tree, the monitoring of hosts over SNMP, and the visualization of your network by clicking on the layout.

This tool also has another very interesting feature. Based on one or more IP network addresses, it can automatically detect your networks and try to find hosts that respond to SNMP requests. It uses the default public/private community pair, and communicates over the SNMPv1 and SNMPv2c protocols. This allows the detection of various operating systems and devices that are configured to respond to these communities, which are still the default ones in many cases.

The tool can be configured to monitor various parameters such as disk usage or system load over SNMP. The results are graphed and updated in real time. This can serve as a backup system to verify up to date values for various attributes. Once the SNMP or ICMP checks are set up, they will be done periodically until they are removed from the map.

The following is a screenshot of the tool after an IP-discover option has been run, where the tool has been configured to monitor the disk and memory usage of a Windows machine:

 

 

The layout of the machines on the chart can be freely edited. There is also a wide set of icons that can be associated with particular hosts.

One more tool is SnmpB (http://sourceforge.net/projects/snmpb). The tool offers the ability to use various MIB files, query SNMP agents, supports agent discovery, trap events, and many more, all of it with decent GUI.

 

Related Articles

How to add swap space on Ubuntu 21.04 Operating System

How to add swap space on Ubuntu 21.04 Operating System

The swap space is a unique space on the disk that is used by the system when Physical RAM is full. When a Linux machine runout the RAM it use swap space to move inactive pages from RAM. Swap space can be created into Linux system in two ways, one we can create a...

read more

Lorem ipsum dolor sit amet consectetur

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

eighteen − 2 =