Networks :: SNMP protocol Tools ::
Installing SNMP ToolsIn order to make use of the management capabilities available from SNMP, you will need a set of tools that can make SNMP queries. At a minimum these tools will need to allow you to:
It would also be beneficial if the tools could perform more advanced tasks, such as retrieving data from the interfaces group and presenting it in a clear format. Until recently, these tools were called the ucd-snmp tools, and earlier versions still bear this name. Versions 4 and earlier are ucd-snmp; versions 5 and later are net-snmp. The Web site for these tools has source distributions available, as well as binary distributions for some platforms. In particular, there are binary distributions available of version 5 for Linux and binary distributions of version 4 available for Linux, Solaris, HPUX, FreeBSD, Irix, and Windows. The most recent version is always available as a source distribution. Building from SourceAfter the source distribution is downloaded, it must be uncompressed and extracted from the tar archive. This can be done as: Solaris% gunzip -c net-snmp-5.0.8.tar.gz | tar xvf - or on a system with gnu tar it can be done as: Linux% gtar zxvf net-snmp-5.0.8.tar.gz Of course, the actual filename will depend on the version you have chosen to download. In this case, a directory will be created called net-snmp-5.0.8. Change to that directory and type: Solaris% ./configure to configure net-snmp in preparation for building. After running for a while, it will ask you for input on several questions.
Build and InstallAfter configuration is complete, you can type: Solaris% make to build the entire package. If you want to install it on your system, login to a root account and type: Solaris# make install By default, this will install into the following directories in /usr/local/:
If you wish to place these files somewhere other than in /usr/local, you must run the configure script with the --prefix option, as in: Solaris% ./configure --prefix=/usr/local/mydirectory and then run the make install. Using SNMP ToolsThe following sections present examples of using the net-snmp tools. In each case, the program name is executed without a full pathname, assuming that /usr/local/bin/ and /usr/local/sbin/ are in your path. If they are not, you will need to type the full path to the program, as in: Solaris% /usr/local/bin/snmpget -h SnmpgetThe snmpget program built by net-snmp can be used to retrieve the value of an SNMP variable. A simple example is: Solaris% snmpget -v 1 -c public switch.example.com \ system.sysUpTime.0 SNMPv2-MIB::sysUpTime.0 = Timeticks: (405064255) 46 days, \ 21:10:42.55 The backslash is inserted only to break up the command line for clarity. The first two arguments specify that we want to use SNMP version one. The -c argument tells snmpget to use the following string as the SNMP community; in this case, the community is public. This is followed by the name of the device we wish to query and, finally, the name of the SNMP variable to look up. Remember that a final zero must be appended to the variable name when a simple variable is referenced. Though it is easier to remember the textual variable name, you may sometimes want to use the numeric object ID instead. snmpget will allow you to do this: Solaris% snmpget -v 1 -c public switch.example.com \ .1.3.6.1.2.1.1.3.0 SNMPv2-MIB::sysUpTime.0 = Timeticks: (405108049) 46 days, \ 21:18:00.49 Here snmpget automatically looks up the variable name in the appropriate MIB and displays it for you. If it can't find the variable name in a MIB, it translates as much as possible and leaves the rest in numeric form: Solaris% snmpget -v 1 -c public switch.example.com \ .1.3.6.1.2.1.17.1.2.0 SNMPv2-SMI::mib-2.17.1.2.0 = INTEGER: 33 When this happens, it means snmpget cannot find the MIB that contains this particular variable. You can, however, obtain the MIB and direct net-snmp to use it. The snmpget command has a number of other command line options available. These options are also available for the snmpset and snmpwalk commands described in the next sections. Additionally, the man pages for snmpget and snmpcmd, installed with net-snmp, describe the options in more detail. Solaris% snmpget -O n -v 1 -c public switch.example.com \ system.sysUpTime.0 .1.3.6.1.2.1.1.3.0 = Timeticks: (2367889214) 274 days, 1:28:12.14 Or, to instruct it to print a full variable name: Solaris% snmpget -O f -v 1 -c public switch.example.com \ system.sysUpTime.0 .iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 = Timeticks... And of course, running snmpget or any of the other tools with the -h or --help flags will print a list of every option available. SnmpsetThe snmpset command can be used to set the value of a writable SNMP variable. For example, if we wish to set the system contact on a device, we can use snmpset as: Solaris% snmpset -v 1 -c really-secret switch.example.com \ system.sysContact.0 s admin@example.com SNMPv2-MIB::sysContact.0 = STRING: admin@example.com Here the -v and -c options are used just as with the snmpget command. Note that the community used is different from that in the previous example and is decidedly not public. On this device, the really-secret community has access to set SNMP variables, while public has access only to read SNMP variables. As with snmpget, the next two arguments designate the device and variable we wish to query. For snmpset, though, we have two additional arguments at the end indicating what value we wish to set. The first argument specifies what kind of value the next argument will be. The s means the value will be a text string Snmpwalk The snmpwalk command provides a useful way to retrieve a contiguous segment of variables from a device. It uses the get-next-request PDU type to continue requesting the next variable until the entire segment is retrieved. For example, the entire system group can be obtained with: Solaris% snmpwalk -v 1 -c public switch.example.com system SNMPv2-MIB::sysDescr.0 = STRING: Cabletron Systems, Inc. ... SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises ... SNMPv2-MIB::sysUpTime.0 = Timeticks: (690848548) 79 days, ... SNMPv2-MIB::sysContact.0 = STRING: admin@example.com SNMPv2-MIB::sysName.0 = STRING: switch.example.com SNMPv2-MIB::sysLocation.0 = STRING: 5-125T SNMPv2-MIB::sysServices.0 = INTEGER: 71 If we wanted to retrieve the entire ARP cache from a router, we could do it with: Solaris% snmpwalk -v 1 -c public router.example.com \ ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress Additionally, we can retrieve every MIB-II variable on the system with the snmpwalk command if we leave off the final argument completely: Solaris% snmpwalk -v 1 -c public router.example.com Also useful is retrieving every private enterprise variable on a device: Solaris% snmpwalk -v 1 -c public router.example.com enterprises This is sometimes a useful way to find out what SNMP support a device might have if you do not have the MIB available. Recently, some vendors have been occasionally hiding variables from SNMP walks in an effort to obscure certain variables that are otherwise accessible with a direct snmpget. There is no trick to finding these "hidden" variables; you must obtain them from a MIB or some other published source of information. SnmptrapdThe snmptrapd program is a daemon that listens for SNMP traps and either logs the messages to syslog or stores them in a file. If run with no arguments, it will send the messages to syslog by default. Make sure to run the program as root so that it can listen on the privileged port it requires: Solaris# snmptrapd Your prompt will return immediately as the program turns itself into a daemon. If you wish to run the program so that it stores trap messages in a file instead of sending them to syslog, use the -o option: Solaris# snmptrapd -o /var/tmp/trapd.log In order for snmptrapd to receive any data, you must have a device configured to send traps to the listening machine. This is done differently on different devices. Typically, there will be a place in the configuration where you can specify the IP address of one or more trap recipients as well as the community name that should be used. Any community name is acceptable; the community name will simply show up in the logfile. You can choose a secret community name in order to provide a small additional amount of security. When logging to a file, snmptrapd will store a message like the following upon receiving a trap: 2003-05-14 23:36:39 W92-165T-SW-13.MIT.EDU [10.10.0.31] \ (via 10.10.0.31) TRAP, SNMP v1, community public SNMPv2-SMI::mib-2.17 Enterprise Specific Trap (1) \ Uptime: 274 days, 7:25:01.00 If snmptrapd is logging to syslog instead, it will store a message like this: 10.10.0.31: Enterprise Specific Trap (1) Uptime: 274 days ... This trap is an enterprise-specific trap that reports the system up time. The message format that snmptrapd uses can be changed with additional arguments to the program. See the man page for full details on how to do this. Other ToolsIn addition to snmpget, snmpset, and snmpwalk, the net-snmp package comes with a number of other useful tools. Included are:
For example, snmpnetstat can be used to print the routing table on a device: Solaris% snmpnetstat -r -v 1 -c public router.example.com Routing tables Destination Gateway Flags Interface default ROUTER-2.EXAMPLE.C UG GigabitEthernet1/2 10.7.10/24 ROUTER-3.EXAMPLE.C UG GigabitEthernet1/1 10.7.14/24 ROUTER-3.EXAMPLE.C UG GigabitEthernet1/1 10.7.15/24 ROUTER-3.EXAMPLE.C UG GigabitEthernet1/1 10.7.16/24 ROUTER-3.EXAMPLE.C UG GigabitEthernet1/1 10.7.17/24 ROUTER-3.EXAMPLE.C UG GigabitEthernet1/1 10.7.21/24 ROUTER-3.EXAMPLE.C UG GigabitEthernet1/1 10.9/23 ROUTER-4.EXAMPLE.C UG FastEthernet3/7 10.11/23 ROUTER-4.EXAMPLE.C UG FastEthernet3/7 Or snmpdelta can be used to monitor the number of packets coming into an interface: snmpdelta -c public -v 1 switch.example.com ifInUcastPkts.6 IF-MIB::ifInUcastPkts.6 /1 sec: 1 IF-MIB::ifInUcastPkts.6 /1 sec: 1 IF-MIB::ifInUcastPkts.6 /1 sec: 1 IF-MIB::ifInUcastPkts.6 /1 sec: 1 IF-MIB::ifInUcastPkts.6 /1 sec: 26 IF-MIB::ifInUcastPkts.6 /1 sec: 20 IF-MIB::ifInUcastPkts.6 /1 sec: 1 IF-MIB::ifInUcastPkts.6 /1 sec: 1 And snmptable can be used to print an entire table nicely: Solaris% snmptable -v 1 -c public switch.example.com ipNetTo... SNMP table: IP-MIB::ipNetToMediaTable ipNetToMediaIfIndex ipNetToMediaPhysAddress ipNetToMediaNet... 27 0:5:dc:95:d0:a 10.7.21.106 ... 27 0:5:dc:95:d0:a 10.7.21.108 ... Dealing with MIBsBy default, the net-snmp tools store MIBs in /usr/local/share/snmp/mibs. The package comes with about 50 MIBs, but inevitably, you will find there are variables you want to use from other MIBs. First note that you do not need a MIB to access a variable as along as you access it by its numeric object ID. However, if you wish to use the textual name, it is necessary to have the appropriate MIB. Once you've downloaded a MIB, you can place it in the same directory as your other MIBs. You still must tell the net-snmp tools to look for it, though. If, for example, you download and install the bridge MIB in /usr/local/share/snmp/mibs/ as BRIDGE-MIB.txt, you can tell snmpget to use it with: Solaris% snmpget -m BRIDGE-MIB -v 1 -c public \ switch.example.com dot1dBaseNumPorts.0 BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 33 If we had left out the -m BRIDGE-MIB option, this query would not have worked. Scripting with SNMP ToolsThe net-snmp tools are ideal for use in network management scripts. For example, you may wish to write a script that monitors a set of UPSs. You can use snmpget to query the appropriate variables and warn an operator if a UPS goes on battery power. When using SNMP tools in your scripts, bear in mind that on some smaller devices (and even on some larger ones), it is possible to overburden the processor with SNMP requests. As a result, you must take care not to run repeated snmpwalk's or snmpget's without a break, or at least ensure that it won't cause an operational problem for your device if you do. Also note that if your MIB files are not located on the same machine as your script (as would be the case if they were on a networked file system, for example), they may not be available just when you want your program to notice a problem. Either store the MIBs locally on the machine or make sure you use the tools with numeric object IDs only (for both input and output) so that the MIBs are not needed for variable lookups. |
