Tring to go through new mib i added to mibs file, i have run this command as a test
snmpwalk -v3 -u $USER-l authPriv -a SHA -A "$PASS" -x AES -X $PASS 10.x.x.x panCommonMib
and i think it made the walk on the entire PAN-COMMON-MIB which is good, but some objects there are understandable like
PAN-COMMON-MIB::panSysSwVersion.0 = STRING: x.1.x
And i can translate and know what this obj do.
And some are like that:
PAN-COMMON-MIB::panCommonObjs.7.4.4.1.6.6 = INTEGER: 0
PAN-COMMON-MIB::panCommonObjs.7.5.1.1.201 = STRING: "Log Collector"
PAN-COMMON-MIB::panCommonObjs.7.5.1.2.0 = ""
PAN-COMMON-MIB::panCommonObjs.7.5.1.2.101 = ""
If i try to translate them it gives the textual translate of : panCommonObjs
snmptranslate -IR -Td -OS PAN-COMMON-MIB::panCommonObjs.7.4.4.1.6.6
PAN-COMMON-MIB::panCommonObjs.7.4.4.1.6.6
panCommonObjs OBJECT-IDENTITY
-- FROM PAN-COMMON-MIB
DESCRIPTION "
Sub-tree for common MIB objects."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) panRoot(25461) panMibs(2) panCommonMib(1) panCommonObjs(2) 7 4 4 1 6 6 }
I want to understand what is
INTEGER: 0 is, how can i translate this?
Thanks.
Maybe your MIBs are outdated.
snmptranslate -IR -Td -OS PAN-COMMON-MIB::panCommonObjs.7.4.4.1.6.6
PAN-COMMON-MIB::panDeviceLoggingExtFwdStatsTable1minAvgSendRate.6
panDeviceLoggingExtFwdStatsTable1minAvgSendRate OBJECT-TYPE
-- FROM PAN-COMMON-MIB
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Counter for average send rate over 1 minute interval."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) panRoot(25461) panMibs(2) panCommonMib(1) panCommonObjs(2) panDeviceLogging(7) panDeviceLoggingExtFwd(4) panDeviceLoggingExtFwdStatsTable(4) panDeviceLoggingExtFwdStatsEntry(1) panDeviceLoggingExtFwdStatsTable1minAvgSendRate(6) 6 }
I got them from github
Related
Consider the following main.c:
#include <stdio.h>
const char greeting[] = "hello world";
int main() {
printf("%s!\n", greeting);
return 0;
}
I compiled this in Ubuntu with:
gcc -g main.c -o main.exe
I would like to retrieve the value of the variable named greeting; considering it is const, it won't change, so it should be possible to retrieve the value "hello world" from the executable.
Basically, I can see the variable name in the binary using:
$ readelf -p .rodata main.exe | grep hello
[ 8] hello world
... and I can see the value using:
$ readelf -s main.exe | grep greeting
59: 0000000000002008 12 OBJECT GLOBAL DEFAULT 18 greeting
I could try parsing the output of readelf -s and readelf -p to get what I want (retrieve the value of the variable named greeting), but I'm pretty sure I'll mess it up.
So is there some combination of switches of bintools utilities (or any command line program, really), which would perform the equivalent of the following pseudocode:
$ [tool] --get-value-of-variable-name greeting --program=main.exe
"hello world"
or even:
$ [tool] --verbose --get-value-of-variable-name greeting --program=main.exe
The constant value of the variable "greeting" in `main.exe` is:
is there some combination of switches of bintools utilities (or any command line program, really), which would perform the equivalent of the following pseudocode:
Sure:
you need to find the section in which the symbol resides, and the address within that section, and the length of data, and
you need to find where in the file the section itself starts, and
you need to dump length bytes from the right offset in the file.
Getting this all together (my file has slightly different data from yours):
readelf -Ws main.exe | grep greeting
29: 0000000000002008 12 OBJECT GLOBAL DEFAULT 17 greeting
readelf -WS main.exe | grep '\[17\]'
[17] .rodata PROGBITS 0000000000002000 002000 000019 00 A 0 0 8
This tells me that I need to dump 12 bytes (actually 11, since I don't want the terminating \0), starting of offset 0x2000 + (0x2008 (symbol address) - 0x2000 (section address)).
dd if=main.exe bs=1 skip=$((0x2008)) count=11 2>/dev/null
hello world
Now, parsing this data out from readelf output is more trouble than it's worth -- it's much easier to write a simple C++ program to produce the desired output. Using ELFIO should make this very easy.
When I run any commands such as:
# snmptranslate .1.3.6.1.4.1.28318.1.1.3
SNMPv2-SMI::enterprises.28318.1.1.3
# snmpwalk 58.196.58.149 1.3.6.1.4.1.28318.1.1.3
SNMPv2-SMI::enterprises.28318.1.1.3.1.0 = STRING: "89-14-a8-52-a4-46"
SNMPv2-SMI::enterprises.28318.1.1.3.2.0 = STRING: "058.196.58.149/255.255.255.252"
SNMPv2-SMI::enterprises.28318.1.1.3.3.0 = STRING: "058.196.58.149"
SNMPv2-SMI::enterprises.28318.1.1.3.6.0 = STRING: "137.010.060.016"
SNMPv2-SMI::enterprises.28318.1.1.3.7.0 = STRING: "137.010.060.017"
SNMPv2-SMI::enterprises.28318.1.1.3.8.0 = INTEGER: 0
SNMPv2-SMI::enterprises.28318.1.1.3.9.0 = INTEGER: 0
SNMPv2-SMI::enterprises.28318.1.1.3.10.0 = STRING: "reserved"
I would like net-snmp to translate .1.3.6.1.4.1.28318.1.1.3 to the textual MIB formats. I'm not sure how to debug this.
I have this in my /etc/snmp/snmp.conf:
# cat /etc/snmp/snmp.conf
mibdirs /usr/share/snmp/mibs
defVersion 2c
defCommunity public
Where all my MIBs are in /usr/share/snmp/mibs. I know that 1.3.6.1.4.1.28318.1.1.3.0 corresponds to a textual MIB name of mac representing the mac address.
Any idea how to debug what has gone wrong and fix the problem?
The issue is that net-snmp doesn't load MIBs even if they're specified in the MIB directory.
So by adding mibs to the /etc/snmp/snmp.conf file fixed it:
# cat /etc/snmp/snmp.conf
mibdirs /usr/share/snmp/mibs
mibs +MYMIB
defVersion 2c
defCommunity public
The OID is translated properly. This can also be debugged by doing a:
$ snmptranslate -m +MYMIB -IR -On hello
MYMIB::hello = STRING: "WORLD"
Which will either output correctly above or show an issue. Note the -m +MYMIB doesn't have to be there if in the /etc/snmp/snmp.conf file.
Which of the following is the correct format for snmptrap (net-snmp) command?
snmptrap -v 2c -c public host "" NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification \
netSnmpExampleHeartbeatRate i 123456
or
snmptrap -v 2c -c public host "" NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification \
netSnmpExampleHeartbeatRate.0 i 123456
i.e., with or without .0 in the variable bindings?
Actually both of these formats work, but which one is right or what is the difference?
It depends if "scalar" or a "table row"-related varbinds are being referred to in the trap.
http://www.net-snmp.org/wiki/index.php/TUT:snmptrap states :
Note that this command also includes an (OID,type,value) triple for
the varbinds listed in the VARIABLES clause (in the same way as with
the snmpset command).
Table row example.
snmptrap -v 2c -c public host:162 .1.3.6.1.6.3.1.1.5.3 .1.3.6.1.6.3.1.1.5.3 \
ifIndex i 2 ifAdminStatus i 1 ifOperStatus i 1
For reference :
snmptranslate -m +ALL -Pu .1.3.6.1.6.3.1.1.5.3
IF-MIB::linkDown
No .0 in the variable bindings since id is taken care of by the ifIndex which pinpoints the row.
Scalar row example.
http://www.net-snmp.org/wiki/index.php/TUT:snmptrap shows example
snmptrap -v 1 -c public host UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" \
SNMPv2-MIB::sysLocation.0 s "Just here"
'SNMPv2-MIB::sysLocation.0' is a scalar.
Unlike IF-MIB::linkDown example above, which was related to a table row id-ed by the ifIndex, here the .0s at the end pinpoints the scalar (like when you SET it)
Netsnmp example from original question
mibs/NET-SNMP-EXAMPLES-MIB.txt states
netSnmpExampleHeartbeatRate OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"A simple integer object, to act as a payload for the
netSnmpExampleHeartbeatNotification. The value has
no real meaning, but is nominally the interval (in
seconds) between successive heartbeat notifications."
::= { netSnmpExampleNotificationObjects 1 }
i.e. it is not a real, identifiable, accessible scalar so I recommend no .0.
I have the nagios with two host. one is localhost(10.10.62.5) and another one is
ubuntu(10.10.62.10). i set up nagios monitor on localhost.
host configuration files are below
localhost.cfg:
define host{
use linux-server
host_name localhost
alias localhost
address 10.10.62.5
}
define service{
host_name localhost
service_description WSN_COUNT
is_volatile 1
check_command check-host-alive
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
active_checks_enabled 0
passive_checks_enabled 1
check_period 24x7
notification_interval 31536000
notification_period 24x7
notification_options w,u,c
notifications_enabled 1
}
ubuntu.cfg:
define host{
use linux-server
host_name ubuntu
alias ubuntu
address 10.10.62.10
}
define service{
host_name localhost
service_description WSN_COUNT
is_volatile 1
check_command check-host-alive
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
active_checks_enabled 0
passive_checks_enabled 1
check_period 24x7
notification_interval 31536000
notification_period 24x7
notification_options w,u,c
notifications_enabled 1
}
MIBfile:
NAGIOS-TRAP-TEST-MIB DEFINITIONS ::= BEGIN
IMPORTS enterprises FROM SNMPv2-SMI;
nagiostests OBJECT IDENTIFIER ::= { enterprises 0 }
nagiostraps OBJECT IDENTIFIER ::= { nagiostests 1 }
nagiosnotifs OBJECT IDENTIFIER ::= { nagiostests 2 }
WSNcount NOTIFICATION-TYPE
OBJECTS { sysLocation }
STATUS current
DESCRIPTION "SNMPv2c notification"
::= { nagiosnotifs 9 }
END
I used snmptt(net-snmp) to integrate the traps with nagios. configuration files are
snmptt.conf.local:
EVENT WSNcount .1.3.6.1.4.1.0.2.1 "Status Events" Normal
FORMAT SNMPv2c notification $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result localhost WSN_COUNT 1 "SNMPv2c notification $*"
SDESC
SNMPv2c notification
Variables:
1: sysLocation
EDESC
snmptt.conf.local:
EVENT WSNcount .1.3.6.1.4.1.0.2.1 "Status Events" Normal
FORMAT SNMPv2c notification $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result ubuntu WSN_COUNT 1 "SNMPv2c notification $*"
SDESC
SNMPv2c notification
Variables:
1: sysLocation
EDESC
When i sending trap from ubuntu(10.10.62.10) machine using following command, trap sending to both hosts in nagios.
snmptrap -v 2c -c private 10.10.62.5 "" NAGIOS-TRAP-TEST-MIB::RFIDcount SNMPv2-MIB::sysLocation.0 s "snmptest trap"
PLEASE help me with send trap to particular host.. how it is possible...
I think you misinterpreted what a SNMP-trap is. A SNMP-trap is a SNMP message sent to your monitoring system/service from a network device such as a router, switch, blade, cluster, ..
I guess the thing you want to do is search the MIB-file for the particular network device you want to monitor and search the OID that matches the information you want the gather from that specific device.
The device you want to monitor through SNMP has to have SNMP enabled in it's configuration (webbased or something..).
You can do a SNMPwalk to this device to see all available OIDs :
snmpwalk -v 2c -c public <ip address network device>
-c stands for 'community' and by default this is 'public', you can edit this in the configuration of your network device.
-v stands for the version of SNMP you want to use.
When you find the OID which provides you the device's information you wore looking for you can do the following command (or put this in a perl or bash script) :
snmpwalk -v 2c -c public <ip address network device> <OID>
When you made this script you can define a command for this script in commands.cfg :
#'check_lefthand' command definition
define command{
command_name check_lefthand
command_line $USER1$/lefthands.pl $ARG1$ $ARG2$
}
You can now use this check_ in your service definitions of Nagios.
I try to create a custom SNMP oid (and script).
I add the following line to snmpd.conf (and restart service) :
pass .1.3.6.1.3.2 /bin/myscript.sh
.
cat myscript.sh
#!/bin/sh
echo .1.3.6.1.3.2
echo gauge
exec 100
.
snmpwalk -c mycommunity -v2c 10.2.1.4 .1.3.6.1.3.2
SNMPv2-SMI::experimental.2 = Gauge32: 100
Error: OID not increasing: SNMPv2-SMI::experimental.2
>= SNMPv2-SMI::experimental.2
Is snmpwalk expecting anything at the end of the query ? snmpget work with no problem!
By default snmpwalk expect the value to be increasing. To get around it try:
snmpwalk -Cc -c mycommunity -v2c 10.2.1.4 .1.3.6.1.3.2
The Cc option does this:
"do not check returned OIDs are increasing"
Often the walk can be completed with oid:s out of order using this.
snmpwalk expects increasing replies :
SNMPv2-SMI::experimental.2 = Gauge32: 100
SNMPv2-SMI::experimental.3 = Gauge32: 1125
SNMPv2-SMI::other.1 = Gauge32: 10
END
It appears that the snmp agent replies two identical values :
SNMPv2-SMI::experimental.2 = Gauge32: 100
SNMPv2-SMI::experimental.2 = Gauge32: 100
So it fails (unexpected behaviour).