ONLamp.com    
 Published on ONLamp.com (http://www.onlamp.com/)
 See this if you're having trouble printing code examples


Big Scary Daemons

Walk the SNMP Walk

07/27/2000

Related Articles:

Talk the SNMP Talk

Long-Term Monitoring with SNMP

Customizing mrtg

Knowing Simple Network Management Protocol (SNMP) is like knowing Ugandan; useful in rare circumstances, but invaluable when you really need it. Once you've invested the time in learning it, however, SNMP becomes a very powerful data collection tool. I use SNMP for a variety of tasks, from monitoring server health to justifying budget requests. All BSDs can use SNMP agents and can make SNMP queries of other network devices.

In a nutshell, SNMP lets you "read" information from a device. You make a query of the server (generally known as the "agent"). The agent gathers the information from the host system and returns the answer to your SNMP client. It's like having a single interface for all your informative Unix commands.

Alternately, a SNMP agent can allow you to write information to the host system. If your system is properly (or improperly, depending on your point of view) configured, you can issue commands via SNMP. This "write" configuration is most commonly used in routers, switches, and other network devices. Unix has its own configuration system and doesn't usually let you issue instructions via SNMP. (Some daemons might allow you to configure them via SNMP, and you can write shell scripts to be called by setting a SNMP value, but those are special cases.)

SNMP gives its information via a Management Information Base, or MIB. MIBs are arranged in trees. If you're familiar with the BSD sysctl mechanism, you won't have any trouble with MIBs.

MIBs are like directories; you have a broad top directory, with more specific directories within. Similarly, the uppermost MIB contains a variety of MIBs beneath it. MIBs are referred to by name or by number. At times you'll see MIBs like:

interfaces.ifTable.ifEntry.ifOutErrors.1

That MIB is the same as

.1.3.6.1.2.1.2.2.1.20.1

The numerical MIB is longer than the word one. That's because the numerical MIB includes the default .1.3.6.1.2.1, which means .iso.org.dod.internet.mgmt.mib-2. Almost every MIB you encounter will have this leading string, which is why nobody bothers writing it down any more.

If you're in one of those kinky moods, you can even use:

.1.org.6.1.mgmt.1.interfaces.ifTable.1.ifOutErrors.1

Most SNMP tools prefer numerical MIBs. People prefer words. By the end of this article, you can use whichever you prefer. As usual, while my examples are written for FreeBSD, you can use them on NetBSD or OpenBSD with only minor modifications.

Exact SNMP MIBs can vary from device to device, and with the agent used. You'll want to check the documentation for your SNMP agent, or your device, to see what MIBs are available.

The best SNMP agent for BSD is ucd-snmp. It's small, extensible, and efficient. It's included as a FreeBSD port (/usr/ports/net/ucd-snmp). This is a popular package, and generally up-to-date. If it isn't current, the raw source of ucd-snmp compiles well. The ucd-snmp folks are actively interested in FreeBSD and quite responsive to useful problem reports, requests for help, or (better still) patches.

Installing from source is simple; the standard ./configure && make && make install will do it for you. They even respect the FreeBSD standard of installing under /usr/local. If you're installing on NetBSD, you'll want to edit the makefile to install under /usr/pkg.

ucd-snmp includes not only a SNMP daemon, but also a tool to examine the SNMP tree on other hosts. This "snmpwalk" package works well on any sort of agent: I use my FreeBSD system to snmpwalk routers, switches, other BSD machines, and even the occasional NT system.

Using snmpwalk is very simple:

snmpwalk hostname community

The community is somewhat like a password. A SNMP agent makes different information available to different communities. The agent can also control access by IP address, so don't be too surprised if you get different answers from different locations. Many network administrators configure their systems so that a single SNMP workstation gets full access to them, and others have restricted or nonexistent access.

Try snmpwalk on a local system with SNMP running. You'll get a huge pile of information. Try it again, this time redirecting the output to a file. Look through it at your leisure; you might be surprised at the amount of information the system offers via SNMP.

You can also make very specific queries via SNMP, simply by specifying the portion of the tree you're interested in.

For example, checking the Windows NT documentation, the MIB 1.3.6.1.4.1.311.1.1.3.1.1.1.1 represents "available memory." You can use snmpwalk to check this value without logging into the system:

snmpwalk fileserver public .1.3.6.1.4.1.311.1.1.3.1.1.1.1.0
enterprises.311.1.1.3.1.1.1.1.0 = 154447872

This makes even an NT system simple to monitor; you can easily write a shell script to check various systems and notify you via e-mail or pager if system memory falls below a certain amount. This is an excellent way to begin using BSD in your company, especially as commercial solutions for this run hundreds or thousands of dollars.

Specific queries such as this can be much simpler than logging into a system and typing top, and they work on any system with an SNMP agent. We'll use this later, to set up continuous monitoring of your systems.

Even if you don't set up SNMP monitoring on your own systems, being able to use SNMP is a valuable asset to anyone responsible for maintaining or troubleshooting network systems. With snmpwalk you can gather far more information than you possibly can use, with a minimum of effort.

Michael W. Lucas


Read more Big Scary Daemons columns.

Discuss this article in the Operating Systems Forum.

Return to the BSD DevCenter.

 

Copyright © 2009 O'Reilly Media, Inc.