I'm working with SNMP and was given a command to use. However, I'm trying to break it down into its components so I can understand if I need to change anything. I've found documentation on pretty much everything except for the last part.
The command has this structure:
snmpwalk -v 2c -c communityname address.com .1
From my understanding the meaning of this structure is:
snmpwalk - command
-v 2c - specifies that the version is 2c, options are 1, 2c, 3
-c communityname - specifies the community name, which is like a password to an extent
address.com - the address of the computer in question
.1 - What is this ? I can't seem to find much documentation on it.
man snmpwalk and snmpwalk -h should give you the info you need on the various parameters.
The .1 is the OID and it is an optional parameter to that command, and it pinpoints a point in the hierarchical SNMP MIB on the SNMP agent host. The walk will retrieve all OIDs "below" that point.
Have a read at http://www.net-snmp.org and get a SNMP book to learn about SNMP and MIBs and OIDs; but quoting from SNMP wikipedia article:
SNMP itself does not define which information (which variables) a
managed system should offer. Rather, SNMP uses an extensible design,
where the available information is defined by management information
bases (MIBs). MIBs describe the structure of the management data of a
device subsystem; they use a hierarchical namespace containing object
identifiers (OID). Each OID identifies a variable that can be read or
set via SNMP.
EDIT: Here is image to show the OID tree with ".1" i.e. ISO just below the root.
Related
I am using this Linux command to send snmp v2c traps.
snmptrap -m ./ibmConvergedPowerSystems.mib -v 2c -c public 127.0.0.1 0 IBM-CPS-MIB::problemTrap cpsSystemSendTrap s "This is a test"
I am receiving this.
The way I am reading it is that it's got 3 OIDs.
sysUpTime oid (".1.3.6.1.2.1.1.3.0") - which is 0.
snmpTrapOID (".1.3.6.1.6.3.1.1.4.1.0") - which contains OID for this -> http://www.oidview.com/mibs/2/IBM-CPS-MIB.html
Enterprise specific trap with data (data for IBM-CPS-MIB).
Did I get it right?
Only thing I care about is #3. Is there a way to modify the command to get rid of the other two OIDs. Or v2c trap will always have the first two?
This is pretty normal Enterprise specific SNMP notification. The type of this notification (PDU format) is TRAPv2. This trap contains 3 varbinds. The first two are required by RFC1448. So you cannot get rid of them.
The first varbind snmpTrapOID.0 is the actual Object Identifier (OID) that identifies the type of Trap.
The second varbind sysUptime.0 is from RFC1213 (MIB-2). Basically it is the time since device was last rebooted.
I would add .0 to cpsSystemSendTrap as it is a scalar object.
I'm unable to get the manufacturer serial number when I do an SNMP get on an OID .2.47.1.1.1.1.11.1.0. If I do an snmpget with the below command on the OID with the command:
snmpget -v1 -c public 192.168.4.99 .2.47.1.1.1.1.11.1.0
I get the message:
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: joint-iso-ccitt.47.1.1.1.1.11.1.0
I did search on google for the possible cause of error by going to this SO thread as it is caused by missing the instance subidentifier.
I performed an SNMPtranslate for the OID and I got the below string joint-iso-ccitt.47.1.1.1.1.11.1.0.
And when I performed an snmpwalk on the OID by the below command i get the message as END OF MIB.
snmpwalk -v1 -c public 192.168.4.1 .2.47.1.1.1.1.11.1.0
Please let me know where I'm going wrong and let me know the exact generic OID to get the manufacturers serial number.
Who tells you the OID is .2.47.1.1.1.1.11.1.0?
Seriously speaking, a normal OID starts with .1, except .0.0 which is very special.
If you start with walking the top of the MIB tree, you'll soon find out which variables your equipment supports:
snmpwalk -v1 -c public -Ont 192.168.4.1 .1
Remove the "-Ont" to get translated names, where possible, instead of the fully numeric OIDs.
If you're looking for vendor-independent data, you could look into a MIB that most equipment supports, SNMPV2-MIB:
http://www.ietf.org/rfc/rfc3418.txt
However, you'll find it does not contain any serial number variable. Most vendors provide a vendor-specific (or product-specific) MIB which will define, among other things, serial number. However, like most things in SNMP, it's entirely up to each vendor which MIBs they choose to implement.
I am new to snmp, and I am trying to figure out what OID's I should get/trap to see if my printers, switches (and servers) is running? I do not need to know the details - just a simple test. I have successfully med get, getbulk, (and walk) request from a device, both from bash and iReasoning MIB browser.
Edit:
Maybe the
.1.3.6.1.2.1.1.3.0
Name/OID: sysUpTime.0; Value (TimeTicks): 194 hours 43 seconds (69844352)
is used for just that!? What happens when something is wrong? -will this be reset immediately? -or will it just stop counting? or is it just the time since last power on?
Printers
You should use the Printer MIBv2 to monitior printer error status for jams...
hrPrinterDetectedErrorState reports printer errors such as low toner, jams, etc... the RFC contains details on what specific codes mean
hrDeviceStatus will reveal the big picture ability of the printer to handle tasks. For more info, see Printer MIBv2, Section 2.2.13.2
sysUpTime.0 is an OID that reports the time a system's SNMP stack has been up (reference RFC 1213: MIB-II). If this value is returned and incrementing, it's a 99% safe bet that a printer is up. Most people use sysUpTime to detect whether the device has rebooted for some reason; if that happens, you'll see a sudden decrease in sysUpTime.0, unless your last value was around 248 days (where a 32-bit counter would roll).
Ethernet Switches
Checking the basic health of ethernet switches is usually done with checks to sysDescr.0 or sysUpTime.0; the problem with this heuristic comes if you care about the up/down status of particular links... at that point, you need to check values from ifOperStatus, which is indexed by ifIndex and uses interface names from ifName. See the following examples...
[mpenning#Hotcoffee ~]$ ## Walk ifName correlated to ifIndex
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.31.1.1.1.1
iso.3.6.1.2.1.31.1.1.1.1.1 = STRING: "Fa0/0"
iso.3.6.1.2.1.31.1.1.1.1.2 = STRING: "Nu0"
[mpenning#Hotcoffee ~]$ ## Walk ifOperStatus (up==1)
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.2.2.1.8
iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 1
[mpenning#Hotcoffee ~]$
Thus we know from the example that both interface "Fa0/0" (index: 1) and "Nu0" (index: 2) have an ifOperStatus of "up"; the index value is the last integer returned in the OID of the results.
Scripting
I assume you will use bash for your monitoring scripts; if so, check out Net-SNMP for your SNMP manager
I need to setup a process monitor on a number of servers using a monitoring tool called Zenoss. The problem I'm facing is how can I get information on a specific process via SNMP? I'm not familiar with SNMP at all and I'm having trouble finding out what I need.
I've been trying to use a tool called SNMP-Probe but it only seems to give basic system information, nothing that I need or can use.
Any help here is appreciated.
What you need is to query the hrSWRunTable in order to gather the information you need. This MIB gives you a lot of information such as process name, path, type, status, parameters, CPU and RAM usage even though those two informations are stored on another MIB (hrSWRunPerfEntry). However how you do that "query" depends on the environment you're using, I am almost sure that vbs includes an SNMP library.
Here is a example retrieval via NetSnmp from a Linux host. (I would have added this as a comment on the accepted answer from #raz3r, but I wanted ability to format the text!)
snmptable -v2c -Ci -c public myserver HOST-RESOURCES-MIB::hrSWRunTable
SNMP table: HOST-RESOURCES-MIB::hrSWRunTable
index hrSWRunIndex hrSWRunName hrSWRunID hrSWRunPath hrSWRunParameters hrSWRunType hrSWRunStatus
1 1 "init" SNMPv2-SMI::zeroDotZero "/sbin/init" "" application runnable
2 2 "kthreadd" SNMPv2-SMI::zeroDotZero "kthreadd" "" application runnable
3 3 "ksoftirqd/0" SNMPv2-SMI::zeroDotZero "ksoftirqd/0" "" application runnable
// other rows snipped for brevity
I was just working on the same thing
snmpwalk -v2c -c public xxx.xxx.xxx.xxx .1.3.6.1.2.1.25.4.2.1.2
HOST-RESOURCES-MIB::hrSWRunName
Unfortunately, I wasn't able to find out exactly how to do this. I ended up going with a vbs script on each machine to find the misbehaving process and kill it automatically.
For my project I need to download mac table from switch and do it as fast as possible. Official solution is kind of slow. It requires to get list of all Vlan's, and for each one trigger separate call of snmpwalk with OID=.1.3.6.1.2.1.17.4.3.1.1 and community string indexed with vlan number. It can take significant amount of time, since number of vlan's on our switches ranges in tens.
Is there a way to get all mac addresses from mac table at once(some special community index representing all available vlan indexes)?
Thanks in advance..
I think BRIDGE-MIB::dot1dTpFdbTable (1.3.6.1.2.1.17.4.3) will do the job. One can simply retrieve dot1dTpFdbPort (1.3.6.1.2.1.17.4.3.1.2) to retrieve learned MAC -> PORT table. For my DLINK DGS-1216T I can get mac-to-port table from my Linux box by this command:
$ snmpwalk -O0sUX -v2c -Cc -c public 192.168.0.1 BRIDGE-MIB::dot1dTpFdbPort
Additionally I found extra (17th) port number for maintenance MAC.
Do you try to retreive the ipNetToMediaTable ({iso(1) identified-organization(3) dod(6) internet(1) mgmt(2) mib-2(1) ip(4) ipNetToMediaTable(22)} or 1.3.6.1.2.1.4.22) from your switch management address. It represents the IP Address Translation table used for mapping from IP addresses to physical addresses.
----EDIT----
If you want to Use SNMP to Find a Port Number from a MAC Address on a Catalyst Switch with a minimum of frames you can us a Get-Bulk PDU, it assume that you switch is SNMP V2c.