SNMP (Simple Network Management Protocol) is a protocol that can be used for monitoring and managing network connected devices. Personally I use it primarily for monitoring, it is a useful way to interrogate network connected devices for information about their status. For example querying to identify if a power supply has failed on a switch, or the CPU utilisation of a server. <\/p>\n\n\n\n
Although there are other methods you can use, SNMP is supported widely, and with the use of MIBs (Management Information Base) that are often published by the manufacturers, you can find what you are looking to monitor (i.e. the specific OID – Object ID, of the attribute of the device) based on friendly names to ensure you are monitoring the right thing.<\/p>\n\n\n\n
The article uses Ubuntu Linux to illustrate the use of SNMPwalk, but you could run this on Microsoft Windows or other operating systems.<\/p>\n\n\n\n
So what is SNMPwalk? It is a tool that “walks” the tree of the SNMP OIDs of a device, collecting all the information i.e. all the OIDs that the device provides along with their current value. Knowing which OID relates to what is where the MIB comes in.<\/p>\n\n\n\n
I’ve assumed you’ve got SNMPwalk installed, so let’s get started. Our example will use a Ubuntu Linux client, and will query a Extreme Networks SwitchEngine based switch for information.<\/p>\n\n\n\n
Manufacturers provide MIBs, you need to download the relevant one(s) for the device you wish to query. Also bear in mind that some MIBs have dependencies onto other MIBs.<\/p>\n\n\n\n
The default SNMPWalk MIB location is:<\/p>\n\n\n\n
\/usr\/share\/snmp\/mibs<\/code><\/pre>\n\n\n\nOnce the MIBs have been downloaded, they can be placed into the directory above. Or you can also have a directory in your own home directory for storing MIBs. In this example we’ll use a directory within our own home directory.<\/p>\n\n\n\n
Let’s SNMPWalk<\/h2>\n\n\n\n
I’ll step over all the security information here, but know that there is really SNMP v2(c) and v3. Its recommended now to use SNMP v3 due to the enhanced security it offers, it is also strongly recommended that you also apply an ACL to the monitored device (or have fire-walled network segments) so that it only responds from trusted sources, i.e. you don’t want anyone on your network querying a device, or trying to.<\/p>\n\n\n\n
SNMPwalk SNMPv2<\/h3>\n\n\n\n
In this example, we’ll just walk the Extreme Networks switch to see what we get, note it may take a while, and it will give a lot of output, so i’ll only show a small part here.<\/p>\n\n\n\n
snmpwalk -v 2c -c public switcha01-1.domain.com<\/code><\/pre>\n\n\n\nAnd we get output like this, which is shortened!<\/p>\n\n\n\n
# snmpwalk -v 2c -c public switcha01-1.domain.com\nSNMPv2-MIB::sysDescr.0 = STRING: 7720-32C-FabricEngine (8.10.1.0)\nSNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.1916.2.476\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (104099600) 12 days, 1:09:56.00\nSNMPv2-MIB::sysContact.0 = STRING: servicedesk@domain.com\nSNMPv2-MIB::sysName.0 = STRING: switcha01-1\nSNMPv2-MIB::sysLocation.0 = STRING: Data Centre 1, Cab A01, U12\nSNMPv2-MIB::sysServices.0 = INTEGER: 6\nSNMPv2-MIB::sysORID.1 = OID: SNMPv2-SMI::enterprises.2272\nSNMPv2-MIB::sysORDescr.1 = STRING: Extreme Networks Fabric Engine (8.10.1.0) (GA)\nSNMPv2-MIB::sysORUpTime.1 = Timeticks: (104099600) 12 days, 1:09:56.00\nIF-MIB::ifNumber.0 = INTEGER: 33\nIF-MIB::ifIndex.1 = INTEGER: 1\nIF-MIB::ifIndex.3 = INTEGER: 3\n...<\/code><\/pre>\n\n\n\nSNMPWalk SNMPv3<\/h3>\n\n\n\n
Now, walking with SNMPv3 is pretty similar, you just have some more information you need to add on the arguments for the additional security.<\/p>\n\n\n\n
snmpwalk -v3 -l authPriv -u <Username> -a SHA -A \"<SHA-Password>\" -x AES -X \"AES-Password\" <HOSTNAME><\/code><\/pre>\n\n\n\nSo using an example:<\/p>\n\n\n\n
snmpwalk -v3 -l authPriv -u monitor -a SHA -A \"ChangeMe!\" -x AES -X \"ChangeMe2!\" switcha01-1.domain.com<\/code><\/pre>\n\n\n\nAnd we then get an output just like before, except we’ve authenticated and use the v3 of the SNMP protocol.<\/p>\n\n\n\n
SNMPWalk SNMPv2 (or SNMPv3) with a MIB<\/h3>\n\n\n\n
Okay its great, we’ve got all the output, but what relates to what? Well, that’s where the MIB comes in and gives you context the OIDs.<\/p>\n\n\n\n
In the case of the Extreme Networks switch we’ll be querying, we need to use the “RAPID-CITY-MIB”, we’ll first run without, then run with so you can see the difference. In either protocol version the syntax is the same, just change the bits around your authentication.<\/p>\n\n\n\n
First without:<\/p>\n\n\n\n
snmpwalk -v 2c -c public switcha01-1.domain.com<\/code><\/pre>\n\n\n\nAs you can see lots of OIDs, you might be able to infer what they are for by the contents of some, but you won’t really know.<\/p>\n\n\n\n
# snmpwalk -v 2c -c public switcha1-1.domain.com\r\niso.3.6.1.2.1.1.1.0 = STRING: \"ExtremeXOS (X460G2-24t-10G4) version 16.2.4.5 16.2.4.5 by release-manager on Thu Sep 21 10:07:13 EDT 2017\"\r\niso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.1916.2.197\r\niso.3.6.1.2.1.1.3.0 = Timeticks: (4022876112) 465 days, 14:39:21.12\r\niso.3.6.1.2.1.1.4.0 = STRING: \"servicedesk@domain.com\r\niso.3.6.1.2.1.1.5.0 = STRING: \"switcha1-1\"\r\niso.3.6.1.2.1.1.6.0 = STRING: \"Data Centre 1, Row A, U12\"\r\niso.3.6.1.2.1.1.7.0 = INTEGER: 79\r\niso.3.6.1.2.1.2.1.0 = INTEGER: 62\r\niso.3.6.1.2.1.2.2.1.1.1001 = INTEGER: 1001\r\niso.3.6.1.2.1.2.2.1.1.1002 = INTEGER: 1002\r\niso.3.6.1.2.1.2.2.1.1.1003 = INTEGER: 1003\r\niso.3.6.1.2.1.2.2.1.1.1004 = INTEGER: 1004\r\niso.3.6.1.2.1.2.2.1.1.1005 = INTEGER: 1005\r\niso.3.6.1.2.1.2.2.1.1.1006 = INTEGER: 1006<\/code><\/pre>\n\n\n\nNow referencing the MIB, in our case this is called RAPID-CITY-MIB and is in our \/.smnp\/mibs directory, so we just need to refer to it with its filename as follows:<\/p>\n\n\n\n
# snmpwalk -v 2c -c public -m +RAPID-CITY-MIB switcha1-1.domain.com\r\nMIB search path: \/home\/user\/.snmp\/mibs:\/usr\/share\/snmp\/mibs:\/usr\/share\/snmp\/mibs\/iana:\/usr\/share\/snmp\/mibs\/ietf\r\nCannot find module (IANAifType-MIB): At line 13 in \/home\/user\/.snmp\/mibs\/IF-MIB\r\nDid not find 'IANAifType' in module #-1 (\/home\/user\/.snmp\/mibs\/IF-MIB)\r\nCannot find module (IANA-RTPROTO-MIB): At line 14 in \/home\/user\/.snmp\/mibs\/IP-FORWARD-MIB\r\nDid not find 'IANAipRouteProtocol' in module #-1 (\/home\/user\/.snmp\/mibs\/IP-FORWARD-MIB)\r\nCannot find module (RAPID-CITY-MIB): At line 1 in (none)\r\nSNMPv2-MIB::sysDescr.0 = STRING: ExtremeXOS (X460G2-24t-10G4) version 16.2.4.5 16.2.4.5 by release-manager on Thu Sep 21 10:07:13 EDT 2017\r\nSNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.1916.2.197\r\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (4022873912) 465 days, 14:38:59.12\r\nSNMPv2-MIB::sysContact.0 = STRING: servicedesk@domain.com\r\nSNMPv2-MIB::sysName.0 = STRING: switcha1-1\r\nSNMPv2-MIB::sysLocation.0 = STRING: Data Centre 1, Row A, U12\r\nSNMPv2-MIB::sysServices.0 = INTEGER: 79\r\nIF-MIB::ifNumber.0 = INTEGER: 62\r\nIF-MIB::ifIndex.1001 = INTEGER: 1001\r\nIF-MIB::ifIndex.1002 = INTEGER: 1002\r\nIF-MIB::ifIndex.1003 = INTEGER: 1003\r\nIF-MIB::ifIndex.1004 = INTEGER: 1004\r\nIF-MIB::ifIndex.1005 = INTEGER: 1005\r\nIF-MIB::ifIndex.1006 = INTEGER: 1006<\/code><\/pre>\n\n\n\nAs you can see we have some context, which is really useful, for example the OID: iso.3.6.1.2.1.1.5.0 <\/strong>turns out to be SNMPv2-MIB::sysName.0<\/strong>, could have guessed by its value, but in some cases it won’t be this clear!<\/p>\n\n\n\nDiving Deeper<\/h3>\n\n\n\n
In some cases you’ll not want to walk the whole SNMP tree, perhaps you just want to walk a particular group of components, e.g. power supplies or interfaces etc. You can do this too, just by adding the OID of the group you’re interested in to the end of the command, and SNMPwalk starts from there and just walks that part of the tree.<\/p>\n\n\n\n
For example, <\/p>\n\n\n\n
# snmpwalk -v 2c -c public switcha1-1.domain.com .1.3.6.1.4.1.1916.1.1.1.27.1.2\r\niso.3.6.1.4.1.1916.1.1.1.27.1.2.1 = INTEGER: 2\r\niso.3.6.1.4.1.1916.1.1.1.27.1.2.2 = INTEGER: 2<\/code><\/pre>\n\n\n\nThe above is the OID that contains the list of the power supplies on the switch and their status, in this case there are two PSUs, and each is showing state “2” which in this case means OK.<\/p>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
So hopefully this gives you a grounding in what you can do to walk the SNMP on your devices and use them for useful monitoring status of components.<\/p>\n\n\n\n
SNMPwalk being a command line tool is helpful, but you can also find graphical tools which can do the same thing, but can present you with results in a nicer more easy to read way with hierarchy and nesting shown graphically.<\/p>\n\n\n\n
Image Attribution<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"SNMP (Simple Network Management Protocol) is a protocol that can be used for monitoring and managing network connected devices. Personally I use it primarily for monitoring, it is a useful way to interrogate network connected devices for information about their status. For example querying to identify if a power supply has failed on a switch, … Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":3942,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,16,17],"tags":[],"class_list":["post-3938","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-nagios-and-nagiosxi","category-networking"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3938"}],"version-history":[{"count":3,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3938\/revisions"}],"predecessor-version":[{"id":3941,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3938\/revisions\/3941"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/media\/3942"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}