User Tools

Site Tools


simple_snmp

Simple SNMP on Windows and Linux

This page describes a simple SNMP setup for Linux and Windows with graphs for output. It doesn't describe SNMP traps, but maybe will in a future update.

Basics

Simple Network Management Protocol is a protocol used to querying hosts for information about their status, such as CPU usage, bandwidth usage, memory usage and so on. SNMP uses UDP port 161. There are 3 SNMP versions: 1, 2c and 3. Put simply, 2c offers more information than 1, but both pass the community name in clear text. A community name is like a password for SNMP. For greater security, including encryption, use SNMP v3. SNMP v3 is not covered here as at that point, your usage goes beyond simple. Do not run SNMP across a hostile network like the Internet.

You can graph the statistics retrieved using SNMP using tools like MRTG, ZenOSS, Cacti and so on to monitor patterns in system state and resource usage over time. This can help identify issues, anomolies and potentially, break-ins. Many other applications are able to take advantage of SNMP, such as Nagios, which is used for alerting you to host and service problems.

Most networking devices such as routers (even home consumer routers) and managed switches offer SNMP support. The most common usage of SNMP is in querying for system status information as described above, but it is also possible to write values to a system using SNMP and using certain types of system events as what are called SNMP traps, which are sent to a monitoring system which will generate alerts for the system administrators. Neither SNMP writes or SNMP traps are discussed here. Perhaps they will be in an update at some point.

Information is stored in a tree like structure as far as SNMP is concerned. MIBs (Management Information Bases) are essentially like branches on the tree, they are groups of related SNMP data, such as system data, interface data etc. OIDs (object identifiers) are leaves on the tree, that is, they are individual items of queryable data, as defined in the MIBs. Phew. Technical. OIDs are normally numeric values, but thankfully most have human memorable names. MIBs are stored as text files under /usr/share/snmp/mibs/ in Linux.

Many network hardware vendors provide MIBs which map their specific hardware information (temperatures, fans speeds etc, power usage) to a set of OIDs, normally under the 'enterprises' MIB group. The default set of MIBs on Linux is pretty good, so you only need these extra MIBs for system data unique to the hardware you are using. Cisco MIBs will certainly be useful when using their equipment. You should first try your hardware vendor or there are many places to get get MIBs if you need them. I haven't yet found a clean, easy way to include vendor specific MIBs when querying, but you should start by placing them under /usr/share/snmp/mibs/.

I once heard SNMP described as, “The S in SNMP is for simple, but that does not mean it is trivial.” There is a lot more to SNMP than given here. This is a good starter, but you should investigate further when you find your feet. Certainly investigate SNMP v3, SNMP traps and the graphing of other statistical information when you are comfortable or in a high maintenance or more hostile environment.

Install Software

On all machines install the SNMP daemon or service. Most SNMP implementations on Linux can serve SNMP version 1, 2c and 3. Windows SNMP, at least in Windows 2000 and XP serves SNMP v1 and 2c only. Windows Vista people will have to figure it out themselves.

For Fedora/Red Hat/CentOS

yum install net-snmp

Debian/Ubuntu/derivatives

apt-get install snmpd

Windows XP/2000

Go to the Add/Remove Programs applet in the Control Panel, go to Add/Remove Windows Components and install the Network Management Tools. You will need your Windows install CD if the files aren't already cached on your hard disk. Note that the Windows SNMP service is started immediately. Windows Vista people will have to figure it out themselves.

Configure the SNMP Service/Daemon

Linux

Go to /etc/snmp and run:

cp snmpd.conf snmpd.conf.orig; cat /dev/null > snmpd.conf

This gives us a clean snmpd.conf to play with rather than editing the considerable default config.

Add the following to snmpd.conf:

rocommunity <my_community_name>
syslocation <my_location>
syscontact <my_contact_email_address>

##       sec.name     source           community
##       ========     ======           =========
com2sec  local       localhost        <my_community_name>
com2sec  network_1   <my_snmp_server> <my_community_name>
com2sec  network_2   <my_snmp_server> <my_community_name>

##       Access.group.name   sec.model        sec.name
##       =================  =========         ========
group    MyROGroup_1        v1                local
group    MyROGroup_1        v1                network_1
group    MyROGroup_2        v2c               network_2

##   MIB.view.name     incl/excl  MIB.subtree  mask
##   ==============   =========  ===========  ====
view all-mibs         included   .1           80

##      MIB
##      group.name   context sec.model sec.level prefix read     write  notif
##      ==========   ======= ========= ========= ====== ====     =====  =====
access  MyROGroup_1  ""       v1       noauth    exact  all-mibs none   none
access  MyROGroup_2  ""       v2c      noauth    exact  all-mibs none   none

Note of course to change the values in angled brackets to be suitable for your environment. Be sure to give a community name which is unique on your network. Community names are like SNMP passwords. The common default is the word public, so don't use that for security reasons. Also specify the IP address of the server which will be used to collect SNMP data, it is best to narrow it down as far as possible to single IP addresses or IP ranges.

Syslocation is an arbitrary string which says where the machine is physically located and the syscontact is the email address of the system administrator.

Much of the above config is taken from Chapter 22 of Linux Home Networking. It principally allows reading of SNMP 1 information from localhost and 1 and 2c from your specified IP, IP range or resolvable hostname, using all MIBs.

So, restart your SNMP daemon to come up with the new config.

Windows XP/2000

Go to the Control Panel, Administrative Tools and then Services. Double-click SNMP Service and select the Agent tab. Provide a sysadmin email address and a location. Optionally add Physical and Datalink and subnetwork if you think you need them. The choose the Security tab. Edit the read-only community name and make it the same as the one you use on your other machines as detailed in the Linux configuration above, unless you specifically want a different community name.

It is best practice to narrow down the hosts you will accept SNMP requests from so click Accept SNMP packets from these hosts and add the host from which you will be querying, then click Ok. Windows SNMP Service automatically restarts with the new configuration when you make changes to it, which is nice of it.

As usual, Vista people are on their own here.

You need to make your firewall allow SNMP queries from your query machine, you have a firewall right? Windows Firewall doesn't allow SNMP queries through, so you have to configure it and add an exception for UDP port 161. Only allow it from the machine you designated as your SNMP query host.

Set Up Your SNMP Query Host

You need a machine to make requests from and this should be the machine which you have in your SNMP configuration on the other machines. For Windows, I don't know what you're going to do, I don't use Windows for anything network related, so you're on your own. You'll probably have to pay someone money for some software, but you could try starting with the snmp command or look at PRTG for graphing, they should point you in the right direction.

On Fedora:

yum install net-snmp-utils

On Debian/Ubuntu/derivatives:

apt-get install snmp

Running SNMP Queries

Now you want to do some queries, on Debian and Red Hat distros, run:

snmpwalk -c <my_community_name> -v 2c <machine>

…where <machine> is the IP or resolvable hostname of the machine you want to query. Here we are using snmpwalk, which basically walks the MIB tree, querying the host, using SNMP v2c as we specified, for everything it knows about. You will get a lot of output. If you don't get anything you have done something wrong and will have to go back through your config on the hosts to make sure it is accepting SNMP queries from your query machine.

You can do the same but specify a subset of OIDs to query:

snmpwalk -c <my_community_name> -v 2c <machine> interface

Here we are just asking for all of the interface related OIDs. Or:

snmpwalk -c <my_community_name> -v 2c <machine> system

for system related OIDs. Good huh?

Graphing Your Output

So, you want to do something useful with your SNMP output, because it's just a great big list of crap? On Linux, use MRTG, on Windows, use PRTG. Windows people will have to figure it out themselves, but Linux people can use the following.

The following example details how to get bandwidth usage graphs. You can take it further by reading Chapter 23 or Linux Home Networking and the MRTG documentation to graph other SNMP stats.

Install MRTG

You should know how to install a package by now:

apt-get install mrtg

or

yum install mrtg

Your distro will probably create you a directory under /var/www for mrtg so try http://localhost/mrtg/ to see if there is anything there, there should be, but not much yet. Check your apache/httpd configuration if there is a problem accessing it as I know Fedora only allows access from localhost by default. You might want to allow access from other hosts but protect it with a username and password, even SSL too if you are wary.

Next you need to create some MRTG config files for the hosts you will query:

cfgmaker --output=/etc/mrtg/<machine_name>.cfg --global "workdir: /var/www/mrtg" -ifref=ip <community_name>@<host_IP>

Be sure of course to change the name of the config file to the name of the machine, the community name and the IP of the host to query. Also be sure to put the path to your web server's mrtg directory if it is not /var/www/mrtg as given above.

Now create an page for your output:

indexmaker --output=/var/www/mrtg/myhost.html /etc/mrtg/myhost.cfg

or even an index page with all of your hosts on:

indexmaker --output=/var/www/mrtg/index.html /etc/mrtg/myhost.cfg /etc/mrtg/otherhost.cfg /etc/mrtg/anotherbox.cfg

Now run an mrtg command to create some output:

env LANG=C /usr/bin/mrtg /etc/mrtg/myhost.cfg

You will need to run the command at least 3 time until it produces no errors, while MRTG tries to rotate pre-existing stats which don't exist, this is nothing to worry about. The 'env LANG=C' part just stop MRTG complaining about the default system language.

Then browse to your MRTG page to see the output. There will probably be an empty looking graph, which is fine because we've barely collected any stats.

Add the following line to the crontab of a user which is able to write to your web server's MRTG directory and files:

*/5 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/myhost.cfg > /dev/null 2>&1

This will make MRTG collect stats via SNMP every 5 minutes. Do the same for any other hosts you wish to graph. Note that I have redirected all standard output and errors to /dev/null, so I don't have to hear about it if it doesn't work. Don't do this until you are satisfied that it works properly.

And that, my friend, is it.

Going Further

You should try graphing other data such as CPU, disk and memory usage, system load, component temperatures and so on. MRTG is able to graph anything which you pass it information for and SNMP can make most of that information available over a network. Cacti is an alternative to MRTG for graphing other variables and is probably far easier. Investigate SNMP v3 for a more secure implementation. For lower CPU load, try replacing the default graphing tool in MRTG with RRDTool which was written by the same guy as MRTG.

TODO:

Links

simple_snmp.txt · Last modified: 2016/11/25 22:38 (external edit)