Walk the SNMP Walk
07/27/2000|
Related Articles: |
Knowing Simple Network Management Protocol (SNMP) is like knowing Ugandan; useful in rare circumstances, but invaluable when you really need it. Once you've invested the time in learning it, however, SNMP becomes a very powerful data collection tool. I use SNMP for a variety of tasks, from monitoring server health to justifying budget requests. All BSDs can use SNMP agents and can make SNMP queries of other network devices.
In a nutshell, SNMP lets you "read" information from a device. You make a query of the server (generally known as the "agent"). The agent gathers the information from the host system and returns the answer to your SNMP client. It's like having a single interface for all your informative Unix commands.
Alternately, a SNMP agent can allow you to write information to the host system. If your system is properly (or improperly, depending on your point of view) configured, you can issue commands via SNMP. This "write" configuration is most commonly used in routers, switches, and other network devices. Unix has its own configuration system and doesn't usually let you issue instructions via SNMP. (Some daemons might allow you to configure them via SNMP, and you can write shell scripts to be called by setting a SNMP value, but those are special cases.)
SNMP gives its information via a Management Information Base, or MIB.
MIBs are arranged in trees. If you're familiar with the BSD sysctl
mechanism, you won't have any trouble with MIBs.
MIBs are like directories; you have a broad top directory, with more specific directories within. Similarly, the uppermost MIB contains a variety of MIBs beneath it. MIBs are referred to by name or by number. At times you'll see MIBs like:
interfaces.ifTable.ifEntry.ifOutErrors.1That MIB is the same as
.1.3.6.1.2.1.2.2.1.20.1The numerical MIB is longer than the word one. That's because the
numerical MIB includes the default .1.3.6.1.2.1, which means
.iso.org.dod.internet.mgmt.mib-2. Almost every MIB you encounter will
have this leading string, which is why nobody bothers writing it down
any more.
If you're in one of those kinky moods, you can even use:
.1.org.6.1.mgmt.1.interfaces.ifTable.1.ifOutErrors.1Most SNMP tools prefer numerical MIBs. People prefer words. By the end of this article, you can use whichever you prefer. As usual, while my examples are written for FreeBSD, you can use them on NetBSD or OpenBSD with only minor modifications.
Exact SNMP MIBs can vary from device to device, and with the agent used. You'll want to check the documentation for your SNMP agent, or your device, to see what MIBs are available.
The best SNMP agent for BSD is ucd-snmp.
It's small, extensible, and efficient. It's included as a FreeBSD
port (/usr/ports/net/ucd-snmp). This is a popular package, and
generally up-to-date. If it isn't current, the raw source of ucd-snmp
compiles well. The ucd-snmp folks are actively interested in FreeBSD
and quite responsive to useful problem reports, requests for help, or
(better still) patches.
Installing from source is simple; the standard ./configure && make &&
make install will do it for you. They even respect the FreeBSD
standard of installing under /usr/local. If you're installing on
NetBSD, you'll want to edit the makefile to install under /usr/pkg.
ucd-snmp includes not only a SNMP daemon, but also a tool to
examine the SNMP tree on other hosts. This "snmpwalk" package works
well on any sort of agent: I use my FreeBSD system to snmpwalk
routers, switches, other BSD machines, and even the occasional NT
system.
Using snmpwalk is very simple:
snmpwalk hostname communityThe community is somewhat like a password. A SNMP agent makes different information available to different communities. The agent can also control access by IP address, so don't be too surprised if you get different answers from different locations. Many network administrators configure their systems so that a single SNMP workstation gets full access to them, and others have restricted or nonexistent access.
Try snmpwalk on a local system with SNMP running. You'll get a huge
pile of information. Try it again, this time redirecting the output
to a file. Look through it at your leisure; you might be surprised at
the amount of information the system offers via SNMP.
You can also make very specific queries via SNMP, simply by specifying the portion of the tree you're interested in.
For example, checking the Windows NT documentation, the MIB
1.3.6.1.4.1.311.1.1.3.1.1.1.1 represents "available memory." You can
use snmpwalk to check this value without logging into the system:
snmpwalk fileserver public .1.3.6.1.4.1.311.1.1.3.1.1.1.1.0enterprises.311.1.1.3.1.1.1.1.0 = 154447872
This makes even an NT system simple to monitor; you can easily write a shell script to check various systems and notify you via e-mail or pager if system memory falls below a certain amount. This is an excellent way to begin using BSD in your company, especially as commercial solutions for this run hundreds or thousands of dollars.
Specific queries such as this can be much simpler than logging into a
system and typing top, and they work on any system with an SNMP agent.
We'll use this later, to set up continuous monitoring of your systems.
Even if you don't set up SNMP monitoring on your own systems, being able to use SNMP is a valuable asset to anyone responsible for maintaining or troubleshooting network systems. With snmpwalk you can gather far more information than you possibly can use, with a minimum of effort.
Read more Big Scary Daemons columns.
Discuss this article in the Operating Systems Forum.
Return to the BSD DevCenter.
