I have to change from snmp v2c to snmp v3.
With snmp v2c, if I run the follow command line:
$ snmpwalk -c MyCom -v 2c 10.10.6.2 sysUpTime
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (44765283) 5 days, 4:20:52.83
I can get the systemUptime
But after config snmpv v3 in the same devide (Switch HP A5120)
$ snmpwalk -v3 -u UserSnmp -l AuthNoPriv -a MD5 -A 'SnmpPAss' 10.10.6.2 sysUpTime
SNMPv2-MIB::sysUpTime = No Such Object available on this agent at this OID
If i run snmpwalk -v3 -u UserSnmp -l AuthNoPriv -a MD5 -A 'SnmpPAss' 10.10.6.2 I receive a list of OID, the problem occurs only for item under sys table
I tried to find specific MIB for snmpv3 but I can't find anyone.
How can I solve this?
The problem was not related with MIB or snmpwalk command.
The config on switch was wrong, the snmp user was not allowed to see some specific OID's.
Related
I am trying to monitor the state of a UPS (NetVision), using the provided mib file.
So, upsBatteryStatus should be .1.3.6.1.2.1.33.1.2.1.0
snmpwalk -c COMMUNITY -v1 192.168.1.10 .1.3.6.1.2.1.33.1.2.1.0
iso.3.6.1.2.1.33.1.2.1.0 = INTEGER: 2
And here comes the tricky part:
snmptranslate -Of SOCOMECUPS-MIB::upsBatteryStatus
.iso.org.dod.internet.private.enterprises.socomecSicon.software.network.netvision.upsObjects.upsBattery.upsBatteryStatus
snmptranslate -On SOCOMECUPS-MIB::upsBatteryStatus
.1.3.6.1.4.1.4555.1.1.1.1.2.1
Its different from .1.3.6.1.2.1.33.1.2.1.0 , and it doesnt respond with a value.
check_snmp -H 192.168.1.10 -C COMMUNITY -o upsBatteryStatus -w 1 -c #3:7 -m /var/lib/mibs/ietf/NetVision-nv6-unix.mib -l "Battery Status: "
External command error: Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: SOCOMECUPS-MIB::upsBatteryStatus
Any ideas why it isnt recongnizes as upsBatteryStatus ?
There seem to be 2 objects with the object name upsBatteryStatus in 2 different MIBs: http://www.oidview.com/mibs/4555/SOCOMECUPS-MIB.html and https://www.rfc-editor.org/rfc/rfc1628 . That explains the different OIDs. Nothing wrong with that. The OID is the true identifier of an object, the name is just for us humans.
As far as the error, I don't know what check_snmp does, so cannot say anything about that. But, have you tried this command?
snmpwalk -c COMMUNITY -v1 192.168.1.10 .1.3.6.1.4.1.4555.1.1.1.1.2.1
Helpful commands:
snmptranslate -Tp -m /usr/share/mibs/ietf/NetVision-nv6-unix.mib
and:
"upsBatteryStatus" "1.3.6.1.2.1.33.1.2.1"
| | |
| | +--upsBattery(2)
| | | |
| | | +-- -R-- EnumVal upsBatteryStatus(1)
| | | | Values: unknown(1), batteryNormal(2), batteryLow(3), batteryDepleted(4)
Nagios check_snmp command that reported the correct value is:
/usr/local/nagios/libexec/check_snmp -H 192.168.1.10 -C COMMUNITY -m /var/lib/mibs/ietf/NetVision-nv6-unix.mib -o upsBatteryStatus -w #0:1 -c #3:7 -l "Battery Status: "
SNMP OK - Battery Status: 2 | 'Battery Status: '=2;1;7;
Thank you for help.
I was trying to get ifOperStatus with snmpget, but I found here that he does it like this
snmpwalk -Os -c public -v 1 192.168.1.1 1.3.6.1.2.1.2.2.1.8
So I tried that but I get no result
But the SNMP agent is working.
Can anyone tell me how can I access ifOperStatus?
Assuming your snmpwalk is the NET-SNMP version, then
snmpwalk -Os -c public -v 1 192.168.1.1 .1.3.6.1.2.1.2.2.1.8
should work (notice the extra dot in front of the OID).
That makes it an absolute OID, rather than relative.
I'm having trouble getting the check_snmp plugin to connect and return values. I'm running CentOS7, Nagios 4.0.8, check_snmp 2.0.3. While can snmpget and snmpwalk from the command line, check_snmp fails. Here are some examples...
snmpget:
# snmpget -v 3 -u myuser -x aes -X mypasswd -a md5 -A mypasswd -c Public -l AuthPriv 111.222.333.111 sysUpTime.0
...returns...
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (10475998) 1 day, 5:05:59.98
snmpwalk:
# snmpwalk -v 3 -u myuser -x aes -X mypasswd -a md5 -A mypasswd -c Public -l AuthPriv 111.222.333.111 sysUptime
...returns...
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (10473493) 1 day, 5:06:10.93
check_snmp:
/usr/lib64/nagios/plugins/check_snmp -H 111.222.333.111 -o sysUpTime.0 -P 3 -l AuthPriv -U myuser -A mypasswd -a md5 -X mypasswd -x aes
...returns...
External command error: Error in packet
Reason: authorizationError (access denied to that object)
Failed object: DISMAN-EVENT-MIB::sysUpTimeInstance
When I run check_snmp with verbose on, I get...
/usr/bin/snmpget -Le -t 1 -r 5 -m ALL -v 3 [authpriv] 156.128.2.250:161 sysUpTime.0
check_snmp is clearly not constructing the snmpget command with the args that are being passed to it. I'm at a loss for why.
The syntax is a little different for check_snmp sec level. Try:
-L authPriv
instead of:
-l AuthPriv
You can confirm this by invoking the help of the plugin with -h:
./check_snmp -h
check_snmp v2.0.3 (nagios-plugins 2.0.3)
...
-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]
...
i work with net-snmp and i try a few commands like:
snmptrap -v 1 -c public host TRAP-TEST-MIB::demotraps localhost 6 17 '' \
SNMPv2-MIB::sysLocation.0 s "Just here"
snmptrap -v 2c -c public localhost '' NOTIFICATION-TEST-MIB::demo-notif \
SNMPv2-MIB::sysLocation.0 s "just here"
snmptrap -v 1 -c public host NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "" 6 17 "" \
netSnmpExampleHeartbeatRate i 123456
but is just give me a new line without error or something
someone can give me advice ?
Netsnmp provides Snmptrapd for this purpose.
It is an application which can listen on a port (default 162) on a host for traps and will log those that are received.
//EDIT ...
Here is an example ...
snmptrapd -f -m +ALL -Lo -c /tmp/snmptrapd.conf 9876
where /tmp/snmptrapd.conf only contains one line which for simplicity disables community/password checking
disableAuthorization yes
Use man snmptrapd to see what the flags/arguements mean.
I am using ssh from a program which sends commands to ssh and parses answers. However, each time I log in, I get the welcome banner like:
Linux mymachine 3.2.0-4-686-pae #1 SMP Debian 3.2.54-2 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
...
I do not want this banner, because my parser would need to deal with it. Is it possible to login with ssh and not to get this banner at the beginning?
You should be able to silence this banner, and other diagnostic messages, by passing -q to SSH:
ssh -q user#remote_host
If you want to make -q permanent for all your SSH sessions, do:
echo "LogLevel QUIET" >> ~/.ssh/config
What works here seems to depend on the operating system, SSH version, and the server-side configuration of sshd.
For connecting to a stock Ubuntu 18 server ssh -q didn't work for me, and neither did ssh -o LogLevel=error that is suggested elsewhere.
What did work is the comment posted under the question about creating a .hushlogin file in the remote user's home directory:
$ ssh myuser#myhost
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-55-generic x86_64)
<snip>
Last login: Thu Aug 1 14:04:26 2019 from 1.2.3.4
myuser#myhost$ touch .hushlogin
myuser#myhost$ exit
Then:
$ ssh myuser#myhost echo 'Test'
Test
This will run command1 command2 and command3 on the remote_host.
ssh user#remote_host 'command1; command2; command3'
No banners are displayed.
Try ssh -q to supress the banner message
If you expect more than 1000 lines in the server answer then replace 1000 with a corresponding number or the server answer will be truncated.
# Demo script file creation \
DIVIDER="___"; echo "echo $DIVIDER; echo 100; echo 200; echo 300;" > "./test.sh"; \
# \
# Getting the answer without the banner \
ssh -q login#server.name < "./test.sh" | grep -A1000 -e "^$DIVIDER" | tail -n +2
Success
100
200
300
The same command without
| grep -A1000 -e "^$DIVIDER" | tail -n +2
gives
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux...
[...]
Run 'do-release-upgrade' to upgrade to it.
___
100
200
300
You can replace "___" (three underscores) with any exotic sign(s) or even password (which can't be found in the beginnings of lines of the banner).
To avoid the replacing 1000 with a corresponding number (and possible truncation of big server answers) search something about "how to grep all lines after match" and modify my code.
For running commands remotely:
#!/bin/bash
SCRIPT='
#Your commands
'
sshpass -p<pass> ssh -o 'StrictHostKeyChecking no' -p <port> user#host "$SCRIPT"
I answer my own question with the solution based on Keith Reynolds answer. I am using:
ssh my_host bash
allowing bash interaction without banner and without prompt.