The Simple Network Monitoring Protocol is a standardized, hierarchical system of querying, storing retrieving and modifying device and software information. It is used to obtain information about a device (for instance its hardware configuration) and retrieve performance data over time (for instance, memory used, processor load, network interface traffic). The open, standardized format provides a framework management applications may easily use to collect, interpret and display trend analysis and alerting information. This article will describe the common elements of SNMP and several utilities available under Linux to view and query SNMP data. These skills are important for those who wish to implement SNMP applications in the enterprise.
SNMP Structure
SNMP consists of three logical components:
- Managed Devices -- the hardware - software to be monitored
- Agents -- software installed on Managed Devices
- Network Management Stations -- software that runs on one or more devices monitoring the Managed Devices and Agents
SNMP Managed Devices and Agents
Agents periodically measure and store specific local hardware and software information on the Managed Device. The information is stored in numerically-hierarchical tables known as the SNMP Management Information Base (MIB). SNMP MIBs are hierarchical and extensible with a structure confirming to RFC 2578. Agents store the data associated only with the numerical representation of the MIB -- an nomenclature known as the Object Identifier (OID). The Network Management Station queries the OIDs of interest and then -- using add-on textual MIBs -- associates the numerical MIB value with a human-readable one. The Network Management Station does not necessarily require installation of textual MIBs to operate; it may still query the numerical MIBs, but it will not be able to search the MIB hierarchy by human-readable text. Realistically, textual MIBs are necessary.
The Agent MIBs maintained by Managed Devices are generally not static. When you add and remove hardware (or SNMP-compliant software), the MIBs will change to reflect changes on the Managed Device. For instance, if you add memory, disks and NICs to a server, the MIBs will add entries (sometimes many) to monitor the new hardware.
Security, as a generalization, includes read and write privileges. The security settings include groups (Read-Only and Read-Write) and users (members of Read Only and Read-Write). The generally-accepted default read-only security group is named "public." Needless to say, this is a significant security problem because it allows read access to an enormous amount of information. This should be changed in a production environment, but this article will use the default value. Read-Write users may modify MIBs using commands such as "snmpset." Write access to the MIBs is beyond the scope of this article.
Agents may also automatically forward information to specified Network Management Stations using SNMP Traps. These are useful for time-sensitive alerts or forwarding information only when it changes. For instance, the IP address of a network interface will remain constant for a very long time. A trap may be configured to forward a change of address only when it occurs, relieving the Network Management Station of the burden of periodically querying (generally) static information.
The highest levels of the MIB standard nomenclature include:
iso = 1The numerical and nomenclature hierarchy continues under this OID.
iso.std = 1.0
iso.member-body = 1.2
iso.org = 1.3
iso.org.dod = 1.3.6
iso.org.ieee = 1.3.111
iso.org.dod.internet = 1.3.6.1
iso.org.dod.internet.directory = 1.3.6.1.1
iso.org.dod.internet.mgmt = 1.3.6.1.2
iso.org.dod.internet.experimental = 1.3.6.1.3
iso.org.dod.internet.private = 1.3.6.1.4
In practical usage, much information of interest is located under the structure iso.org.dod.internet.mgmt.mib-2, whose numerical OID is:
iso.org.dod.internet.mgmt.mib-2 = 1.3.6.1.2.1
system = 1.3.6.1.2.1.1
system.sysDescr = 1.3.6.1.2.1.1.1
system.sysObjectID = 1.3.6.1.2.1.1.2
system.sysUpTime = 1.3.6.1.2.1.1.3
system.sysUpTime.sysUpTimeInstance = 1.3.6.1.2.1.1.3.1
interfaces = 1.3.6.1.2.1.2
interfaces.ifNumber = 1.3.6.1.2.1.2.1
interfaces.iftable = 1.3.6.1.2.1.2.2
interfaces.ifTable.ifEntry = 1.3.6.1.2.1.2.2.1
interfaces.ifTable.ifEntry.ifIndex = 1.3.6.1.2.1.2.2.1.1
interfaces.ifTable.ifEntry.ifDescr = 1.3.6.1.2.1.2.2.1.2
...
ospf = 1.3.6.1.2.1.14
ospf.ospfGeneralGroup = 1.3.6.1.2.1.14.1
ospf.ospfGeneralGroup.ospfRouterID = 1.3.6.1.2.1.14.1.1
ospf.ospfGeneralGroup.ospfAdminStat = 1.3.6.1.2.1.14.1.2
The above MIB strucutres are an example of open, standardized MIBs that are applicable across all platforms. There are also vendor- and group- specific MIBs, generally located under iso.org.dod.internet.private.enterprises:
iso.org.dod.internet.private.enterprises = 1.3.6.1.4.1
iso.org.dod.internet.private.enterprises.ibm = 1.3.6.1.4.1.2
iso.org.dod.internet.private.enterprises.cisco = 1.3.6.1.4.1.9
iso.org.dod.internet.private.enterprises.atmForum = 1.3.6.1.4.1.353
Linux SNMP Management Station Utilities
There are two general categories of tools important for using Linux as a Network Management Station: MIBs and SNMP applications.
Linux MIBs
MIBs are proprietary, so check your local laws before installing them. Under Debian, the SNMP-MIBs-Downloader package provides a set of useful MIBs, generally standardized and cross-platform, located under the iso.org.dod.internet.mgmt.mib-2 = 1.3.6.1.2.1 hierarchy. Under Debian, install the package (apt-get install snmp-mibs-downloader) and issue the command download-mibs to retrieve the default-configured packages. Once the packages are retrieved, you must modify the /etc/snmp.conf file to read them. Comment out the default mibs : line and add mibs +ALL:
cat /etc/snmp/snmp.conf
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
#mibs :
mibs +ALL
The Downloader configuration files are stored in the /etc/snmp-mibs-downloader directory as a configuration file and a list file for each source. For instance, the RFC MIBs are configured through the files rfc.conf and rfclist:
$ cat /etc/snmp-mibs-downloader/rfc.conf
# Configuarions for IETF MIBs download from rfc-editor.org
#
#HOST=http://www.rfc-editor.org
#DIR=rfc
DIR=/usr/share/doc
ARCHIVE=mibrfcs
ARCHTYPE=dirgz
CONF=rfclist
DEST=ietf
DIFF=rfcmibs.diff
PREFIX=rfc
SUFFIX=.txt
$ cat /etc/snmp-mibs-downloader/rfclist
# updated 2010-06-05
1155 RFC1155-SMI
1213 RFC1213-MIB
1227 SMUX-MIB
1238 CLNS-MIB
...
SNMP-MIBs-Downlaoder is not limited to the distribution default sources. For example, you may download Cisco's vendor MIBs by adding a cisco.conf and ciscolist file.
$ cat /etc/snmp-mibs-downloader/cisco.conf
HOST=ftp://ftp.cisco.com
ARCHIVE=v2.tar.gz
ARCHTYPE=tgz
DIR=pub/mibs/v2/
ARCHDIR=auto/mibs/v2
CONF=ciscolist
DEST=cisco
$ cat /etc/snmp-mibs-downloader/ciscolist
ADMIN-AUTH-STATS-MIB.my ADMIN-AUTH-STATS-MIB
ADSL-DMT-LINE-MIB.my ADSL-DMT-LINE-MIB
...
Linux Applications
The most basic Debian Linux applications are SNMP (the application) and SNMPD (the Agent Daemon). SNMP provides command-line Network Management Station utilities and SNMPD provides the Agent to monitor the Linux machine as a Managed Device. More advanced Linux Network Management Station applications generally use the base utilities installed by SNMP.
The Net-SNMP package several provides command-line utilities under /usr/bin:
~$ ls /usr/bin/snm*
This article is only going to examine two: snmpget and snmpwalk.
SNMPGET
SNMPGET is the utility that retrieves a single MIB entry. The following three snmpget commands are examples of querying a MIB using SNMP Version 2c (-v 2c) and the Community public (-c public) by numeric OID, the full textual MIB reference and using the -n switch to set the MIB context (-n system):
$ snmpget -v 2c -c public localhost -n system 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux SEFLaptop 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64
$snmpget -v 2c -c public localhost iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux SEFLaptop 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64
$ snmpget -v 2c -c public localhost -n system sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux SEFLaptop 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64
SNMPWALK
SNMPWALK is similar to snmpget, but it retrieves all available values under the specified context. Using the context above (system), snmpwalk retrieves all values stored:
$ snmpwalk -v 2c -c public localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux SEFLaptop 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64This is useful for enumerating variables that may be passed by automation in more advanced SNMP Management Station applications such as Multi Router Traffic Grapher and Zabbix. Thise applications are beyond the scope of this article.
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-TC::linux
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (5397099) 14:59:30.99
SNMPv2-MIB::sysContact.0 = STRING: Me <me@example.org>
SNMPv2-MIB::sysName.0 = STRING: SEFLaptop
SNMPv2-MIB::sysLocation.0 = STRING: Sitting on the Dock of the Bay
SNMPv2-MIB::sysServices.0 = INTEGER: 72
...
Graphical SNMP MIBs Viewers
SNMPb
Once you have installed and configured SNMPB, it is much easier to search MIBs, particularly the standardized, cross-platform ones under iso.org.dod.internet.mgmt.mib-2 (OID 1.3.6.1.2.1). Vendor MIB structures may be organized differently than mib-2. Cisco under private.enterprise at OID 1.3.6.1.4.1.9) is an example. There are hundreds of OID groups under the ciscoMgmt (1.3.6.1.4.1.9.9) MIB and a graphical interface is almost required to search for usable information.
No comments :
Post a Comment