SNMP-I
SNMP stands for simple network management protocol. It is used for collecting information, managing network devices such as servers, workstations, printer, hub, switch, router etc., Three versions of the SNMP protocol available. For security reasons it is highly recommend to use SNMPv3. Because data is transmitted in clear text in the other versions of SNMP. In typical use of SNMP one or more administrative devices called manage node(NMS) which collecting information and store it. And managed nodes which are devices for monitoring via SNMP agent. SNMP agent should be installed each managed node. Below figure depicts superficially how snmp works.
Figure-1 Principle of SNMP Communication, by Rene Bretz, Wikipedia In this post we will use net-snmp for monitoring Linux nodes. lubuntu(192.168.59.30) centos6(192.168.59.60)
Install Net-SNMP
[[email protected] ~]# yum install -y net-snmp net-snmp-utils
Configure Net-SNMP
Edit file /etc/snmp/snmpd.conf and add this line to listen all available interfaces.
agentAddress udp:161
Restart the SNMP Agent
[[email protected] snmp]# service snmpd restart
Testing with SNMPv1
[[email protected] snmp]# snmpwalk -v 1 -c public localhost
Output
...(Some parts Omitted)
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (5) 0:00:00.05
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (5936815) 16:29:28.15
End of MIB
Testing with SNMPv2
snmpwalk -v2c -c public localhost
Output If you run snmpwalk command with version II you will most probably get below warning (No more variables left in this MIB View). It is because of the default permission of the user.
...(Omitted)
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (5) 0:00:00.05
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (5946929) 16:31:09.29
HOST-RESOURCES-MIB::hrSystemUptime.0 = No more variables left in this MIB View (It is past the end of the MIB tree)
Solution for “No more variables left in this MIB View”
- Give a proper configuration for the snmp user, on which I could not figure out how to do that.
OR
- Comment the line which starts with com2sec and add rocommunity <community name> and restart the snmp service.(For Ubuntu distribution, comment the string “-V systemonly” [rocommunity tonyukuk default #-V systemonly])
second option is insecure.
#com2sec notConfigUser default public
rocommunity public
You can see all snmp MIB information regarding host.
...(omitted)
DISMAN-EVENT-MIB::mteEventNotification."_snmpd".'_mteTriggerFired' = OID: DISMAN-EVENT-MIB::mteTriggerFired
DISMAN-EVENT-MIB::mteEventNotification."_snmpd".'_mteTriggerRising' = OID: DISMAN-EVENT-MIB::mteTriggerRising
DISMAN-EVENT-MIB::mteEventNotificationObjectsOwner."_snmpd".'_linkDown' = STRING: _snmpd
DISMAN-EVENT-MIB::mteEventNotificationObjectsOwner."_snmpd".'_linkUp' = STRING: _snmpd
DISMAN-EVENT-MIB::mteEventNotificationObjectsOwner."_snmpd".'_mteTriggerFailure' = STRING: _snmpd
DISMAN-EVENT-MIB::mteEventNotificationObjectsOwner."_snmpd".'_mteTriggerFalling' = STRING: _snmpd
DISMAN-EVENT-MIB::mteEventNotificationObjectsOwner."_snmpd".'_mteTriggerFired' = STRING: _snmpd
DISMAN-EVENT-MIB::mteEventNotificationObjectsOwner."_snmpd".'_mteTriggerRising' = STRING: _snmpd
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_linkDown' = STRING: _linkUpDown
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_linkUp' = STRING: _linkUpDown
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_mteTriggerFailure' = STRING: _triggerFail
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_mteTriggerFalling' = STRING: _triggerFire
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_mteTriggerFired' = STRING: _triggerFire
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_mteTriggerRising' = STRING: _triggerFire
NOTIFICATION-LOG-MIB::nlmConfigGlobalEntryLimit.0 = Gauge32: 1000
NOTIFICATION-LOG-MIB::nlmConfigGlobalAgeOut.0 = Gauge32: 1440 minutes
NOTIFICATION-LOG-MIB::nlmStatsGlobalNotificationsLogged.0 = Counter32: 0 notifications
NOTIFICATION-LOG-MIB::nlmStatsGlobalNotificationsBumped.0 = Counter32: 0 notifications
Snmptrapd You may get an access error on the snmptrapd. To allow it, add below two lines of directives. (public is the community name replace it with your community name) “No access configuration - dropping trap.”
#snmpdtrapd.conf
authCommunity log,execute,net public
disableAuthorization yes
####Showing disk information: You need to add disk directive for monitoring disk usage.
[[email protected] snmp]# snmpwalk -v2c -c public localhost UCD-SNMP-MIB::dskTable
UCD-SNMP-MIB::dskTable = No Such Object available on this agent at this OID
Solution: Add line disk regarding configuration at the end of the configuration file(/etc/snmp/snmpd.conf). For my case, I wanted to monitor root (/) directory.
#Add this line at the end of the file /etc/snmp/snmd.conf and restart snmp service
disk /
[[email protected] snmp]# snmpwalk -v2c -c public localhost UCD-SNMP-MIB::dskTable
UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1
UCD-SNMP-MIB::dskPath.1 = STRING: /
UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/mapper/vg_centos6-lv_root
UCD-SNMP-MIB::dskMinimum.1 = INTEGER: 100000
UCD-SNMP-MIB::dskMinPercent.1 = INTEGER: -1
UCD-SNMP-MIB::dskTotal.1 = INTEGER: 10508540
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 5701240
UCD-SNMP-MIB::dskUsed.1 = INTEGER: 4266836
UCD-SNMP-MIB::dskPercent.1 = INTEGER: 43
UCD-SNMP-MIB::dskPercentNode.1 = INTEGER: 5
UCD-SNMP-MIB::dskTotalLow.1 = Gauge32: 10508540
UCD-SNMP-MIB::dskTotalHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskAvailLow.1 = Gauge32: 5701240
UCD-SNMP-MIB::dskAvailHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskUsedLow.1 = Gauge32: 4266836
UCD-SNMP-MIB::dskUsedHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskErrorFlag.1 = INTEGER: noError(0)
UCD-SNMP-MIB::dskErrorMsg.1 = STRING:
You can also use OID notation instead of textual notation.
snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.9
You can also translate OID notation to textual notation with snmptranslate.
[[email protected] snmp]# snmptranslate .1.3.6.1.4.1.2021.9
UCD-SNMP-MIB::dskTable
Send Snmp Get-Request from the remote host: As we do not install manage node(NMS). We just polling information from the managed node via snmp agent. Manage node does the same thing periodically.
[email protected]:~# snmpwalk -v2c -c public 192.168.59.60 UCD-SNMP-MIB::dskTable
Timeout: No Response from 192.168.59.60
You need to allow connections to port 161/udp for snmp and to 162/udp for snmptrap.
[[email protected] ~]# iptables -I INPUT 1 -p udp --dport 161 -j ACCEPT
[email protected]:~# snmpwalk -v2c -c public 192.168.59.60 UCD-SNMP-MIB::dskTable
UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1
UCD-SNMP-MIB::dskPath.1 = STRING: /
UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/mapper/vg_centos6-lv_root
UCD-SNMP-MIB::dskMinimum.1 = INTEGER: 100000
UCD-SNMP-MIB::dskMinPercent.1 = INTEGER: -1
UCD-SNMP-MIB::dskTotal.1 = INTEGER: 10508540
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 5703224
UCD-SNMP-MIB::dskUsed.1 = INTEGER: 4264852
UCD-SNMP-MIB::dskPercent.1 = INTEGER: 43
UCD-SNMP-MIB::dskPercentNode.1 = INTEGER: 5
UCD-SNMP-MIB::dskTotalLow.1 = Gauge32: 10508540
UCD-SNMP-MIB::dskTotalHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskAvailLow.1 = Gauge32: 5703224
UCD-SNMP-MIB::dskAvailHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskUsedLow.1 = Gauge32: 4264852
UCD-SNMP-MIB::dskUsedHigh.1 = Gauge32: 0
UCD-SNMP-MIB::dskErrorFlag.1 = INTEGER: noError(0)
UCD-SNMP-MIB::dskErrorMsg.1 = STRING:
Execute a command from remote host via SNMP extent directive. You can execute a command from the remote host with snmp extend functionality. To do that; Create a shell script in the /root directory of the host to be executed via snmp agent.(on the managed node)
[[email protected] ~]# cat dusage.sh
#!/bin/bash
df -hP
[[email protected] ~]# cat hello.sh
#!/bin/bash
echo hello Linux!
Edit /etc/snmp/snmpd.conf and add below lines and restart the snmp service.
extend dusage /root/dusage.sh
extend hello /root/hello.sh
Experiment:
You can run below commands from remote host. It executes both scripts if you do not specify the alias for the script.
[email protected]:~# snmpwalk -v2c -c public 192.168.59.60 'NET-SNMP-EXTEND-MIB::nsExtendOutLine'
NET-SNMP-EXTEND-MIB::nsExtendOutLine."hello".1 = STRING: hello Linux!
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".1 = STRING: Filesystem Size Used Avail Use% Mounted on
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".2 = STRING: /dev/mapper/vg_centos6-lv_root 11G 4.1G 5.5G 43% /
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".3 = STRING: tmpfs 491M 0 491M 0% /dev/shm
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".4 = STRING: /dev/sda1 477M 52M 400M 12% /boot
To run only dusage.sh
snmpwalk -v2c -c public 192.168.59.60 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage"'
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".1 = STRING: Filesystem Size Used Avail Use% Mounted on
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".2 = STRING: /dev/mapper/vg_centos6-lv_root 11G 4.1G 5.5G 43% /
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".3 = STRING: tmpfs 491M 0 491M 0% /dev/shm
NET-SNMP-EXTEND-MIB::nsExtendOutLine."dusage".4 = STRING: /dev/sda1 477M 52M 400M 12% /boot
To run only hello.sh
[email protected]:~# snmpwalk -v2c -c public 192.168.59.60 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."hello"'
NET-SNMP-EXTEND-MIB::nsExtendOutLine."hello".1 = STRING: hello Linux!
SNMP Trap: We can also execute script on the remote host by snmp trap. Create a script in the /root directory. (on the managed node)
[[email protected] ~]# cat showip.sh
#!/bin/bash
ifconfig > /dev/pts/0
[[email protected] ~]# cat wall.sh
#!/bin/bash
wall hello Linux!
Edit /etc/snmp/snmptrapd.conf (on the managed node)
disableAuthorization yes
authCommunity log,execute,net public
traphandle iso.3.6.1.2.1.1.5.0 /root/showip.sh
traphandle IF-MIB::ifDescr.2 /root/wall.sh
Send snmp trap from remote host.
[email protected]:~# snmptrap -v2c -c public 192.168.59.60 "" "iso.3.6.1.2.1.1.5.0"
Script prints outputs on a virtual terminal.(pts/0).
[[email protected] ~]# eth0 Link encap:Ethernet HWaddr 00:0C:29:26:13:4F
inet addr:192.168.59.60 Bcast:192.168.59.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe26:134f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4808 errors:0 dropped:0 overruns:0 frame:0
TX packets:2318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:381430 (372.4 KiB) TX bytes:265842 (259.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1044 errors:0 dropped:0 overruns:0 frame:0
TX packets:1044 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:54144 (52.8 KiB) TX bytes:54144 (52.8 KiB)
[email protected]:~# snmptrap -v2c -c public 192.168.59.60 "" IF-MIB::ifDescr.2
[[email protected] ~]#
Broadcast message from [email protected] (Thu Aug 24 03:30:00 2017):
hello Linux!