SNMPWalk 101

Linux Nagios and NagiosXI Networking

SNMP (Simple Network Management Protocol) is a protocol that can be used for monitoring and managing network connected devices. Personally I use it primarily for monitoring, it is a useful way to interrogate network connected devices for information about their status. For example querying to identify if a power supply has failed on a switch, or the CPU utilisation of a server.

Although there are other methods you can use, SNMP is supported widely, and with the use of MIBs (Management Information Base) that are often published by the manufacturers, you can find what you are looking to monitor (i.e. the specific OID – Object ID, of the attribute of the device) based on friendly names to ensure you are monitoring the right thing.

The article uses Ubuntu Linux to illustrate the use of SNMPwalk, but you could run this on Microsoft Windows or other operating systems.

So what is SNMPwalk? It is a tool that “walks” the tree of the SNMP OIDs of a device, collecting all the information i.e. all the OIDs that the device provides along with their current value. Knowing which OID relates to what is where the MIB comes in.

I’ve assumed you’ve got SNMPwalk installed, so let’s get started. Our example will use a Ubuntu Linux client, and will query a Extreme Networks SwitchEngine based switch for information.

Get Your MIBs

Manufacturers provide MIBs, you need to download the relevant one(s) for the device you wish to query. Also bear in mind that some MIBs have dependencies onto other MIBs.

The default SNMPWalk MIB location is:

/usr/share/snmp/mibs

Once the MIBs have been downloaded, they can be placed into the directory above. Or you can also have a directory in your own home directory for storing MIBs. In this example we’ll use a directory within our own home directory.

Let’s SNMPWalk

I’ll step over all the security information here, but know that there is really SNMP v2(c) and v3. Its recommended now to use SNMP v3 due to the enhanced security it offers, it is also strongly recommended that you also apply an ACL to the monitored device (or have fire-walled network segments) so that it only responds from trusted sources, i.e. you don’t want anyone on your network querying a device, or trying to.

SNMPwalk SNMPv2

In this example, we’ll just walk the Extreme Networks switch to see what we get, note it may take a while, and it will give a lot of output, so i’ll only show a small part here.

snmpwalk -v 2c -c public switcha01-1.domain.com

And we get output like this, which is shortened!

# snmpwalk -v 2c -c public switcha01-1.domain.com
SNMPv2-MIB::sysDescr.0 = STRING: 7720-32C-FabricEngine (8.10.1.0)
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.1916.2.476
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (104099600) 12 days, 1:09:56.00
SNMPv2-MIB::sysContact.0 = STRING: servicedesk@domain.com
SNMPv2-MIB::sysName.0 = STRING: switcha01-1
SNMPv2-MIB::sysLocation.0 = STRING: Data Centre 1, Cab A01, U12
SNMPv2-MIB::sysServices.0 = INTEGER: 6
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-SMI::enterprises.2272
SNMPv2-MIB::sysORDescr.1 = STRING: Extreme Networks Fabric Engine (8.10.1.0) (GA)
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (104099600) 12 days, 1:09:56.00
IF-MIB::ifNumber.0 = INTEGER: 33
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.3 = INTEGER: 3
...

SNMPWalk SNMPv3

Now, walking with SNMPv3 is pretty similar, you just have some more information you need to add on the arguments for the additional security.

snmpwalk -v3  -l authPriv -u <Username> -a SHA -A "<SHA-Password>" -x AES -X "AES-Password" <HOSTNAME>

So using an example:

snmpwalk -v3  -l authPriv -u monitor -a SHA -A "ChangeMe!" -x AES -X "ChangeMe2!" switcha01-1.domain.com

And we then get an output just like before, except we’ve authenticated and use the v3 of the SNMP protocol.

SNMPWalk SNMPv2 (or SNMPv3) with a MIB

Okay its great, we’ve got all the output, but what relates to what? Well, that’s where the MIB comes in and gives you context the OIDs.

In the case of the Extreme Networks switch we’ll be querying, we need to use the “RAPID-CITY-MIB”, we’ll first run without, then run with so you can see the difference. In either protocol version the syntax is the same, just change the bits around your authentication.

First without:

snmpwalk -v 2c -c public switcha01-1.domain.com

As you can see lots of OIDs, you might be able to infer what they are for by the contents of some, but you won’t really know.

# snmpwalk -v 2c -c public switcha1-1.domain.com
iso.3.6.1.2.1.1.1.0 = STRING: "ExtremeXOS (X460G2-24t-10G4) version 16.2.4.5 16.2.4.5 by release-manager on Thu Sep 21 10:07:13 EDT 2017"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.1916.2.197
iso.3.6.1.2.1.1.3.0 = Timeticks: (4022876112) 465 days, 14:39:21.12
iso.3.6.1.2.1.1.4.0 = STRING: "servicedesk@domain.com
iso.3.6.1.2.1.1.5.0 = STRING: "switcha1-1"
iso.3.6.1.2.1.1.6.0 = STRING: "Data Centre 1, Row A, U12"
iso.3.6.1.2.1.1.7.0 = INTEGER: 79
iso.3.6.1.2.1.2.1.0 = INTEGER: 62
iso.3.6.1.2.1.2.2.1.1.1001 = INTEGER: 1001
iso.3.6.1.2.1.2.2.1.1.1002 = INTEGER: 1002
iso.3.6.1.2.1.2.2.1.1.1003 = INTEGER: 1003
iso.3.6.1.2.1.2.2.1.1.1004 = INTEGER: 1004
iso.3.6.1.2.1.2.2.1.1.1005 = INTEGER: 1005
iso.3.6.1.2.1.2.2.1.1.1006 = INTEGER: 1006

Now referencing the MIB, in our case this is called RAPID-CITY-MIB and is in our /.smnp/mibs directory, so we just need to refer to it with its filename as follows:

# snmpwalk -v 2c -c public -m +RAPID-CITY-MIB switcha1-1.domain.com
MIB search path: /home/user/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf
Cannot find module (IANAifType-MIB): At line 13 in /home/user/.snmp/mibs/IF-MIB
Did not find 'IANAifType' in module #-1 (/home/user/.snmp/mibs/IF-MIB)
Cannot find module (IANA-RTPROTO-MIB): At line 14 in /home/user/.snmp/mibs/IP-FORWARD-MIB
Did not find 'IANAipRouteProtocol' in module #-1 (/home/user/.snmp/mibs/IP-FORWARD-MIB)
Cannot find module (RAPID-CITY-MIB): At line 1 in (none)
SNMPv2-MIB::sysDescr.0 = STRING: ExtremeXOS (X460G2-24t-10G4) version 16.2.4.5 16.2.4.5 by release-manager on Thu Sep 21 10:07:13 EDT 2017
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.1916.2.197
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (4022873912) 465 days, 14:38:59.12
SNMPv2-MIB::sysContact.0 = STRING: servicedesk@domain.com
SNMPv2-MIB::sysName.0 = STRING: switcha1-1
SNMPv2-MIB::sysLocation.0 = STRING: Data Centre 1, Row A, U12
SNMPv2-MIB::sysServices.0 = INTEGER: 79
IF-MIB::ifNumber.0 = INTEGER: 62
IF-MIB::ifIndex.1001 = INTEGER: 1001
IF-MIB::ifIndex.1002 = INTEGER: 1002
IF-MIB::ifIndex.1003 = INTEGER: 1003
IF-MIB::ifIndex.1004 = INTEGER: 1004
IF-MIB::ifIndex.1005 = INTEGER: 1005
IF-MIB::ifIndex.1006 = INTEGER: 1006

As you can see we have some context, which is really useful, for example the OID: iso.3.6.1.2.1.1.5.0 turns out to be SNMPv2-MIB::sysName.0, could have guessed by its value, but in some cases it won’t be this clear!

Diving Deeper

In some cases you’ll not want to walk the whole SNMP tree, perhaps you just want to walk a particular group of components, e.g. power supplies or interfaces etc. You can do this too, just by adding the OID of the group you’re interested in to the end of the command, and SNMPwalk starts from there and just walks that part of the tree.

For example,

# snmpwalk -v 2c -c public switcha1-1.domain.com .1.3.6.1.4.1.1916.1.1.1.27.1.2
iso.3.6.1.4.1.1916.1.1.1.27.1.2.1 = INTEGER: 2
iso.3.6.1.4.1.1916.1.1.1.27.1.2.2 = INTEGER: 2

The above is the OID that contains the list of the power supplies on the switch and their status, in this case there are two PSUs, and each is showing state “2” which in this case means OK.

Conclusion

So hopefully this gives you a grounding in what you can do to walk the SNMP on your devices and use them for useful monitoring status of components.

SNMPwalk being a command line tool is helpful, but you can also find graphical tools which can do the same thing, but can present you with results in a nicer more easy to read way with hierarchy and nesting shown graphically.

Image Attribution

Leave a Reply

Your email address will not be published. Required fields are marked *