This page describes a simple SNMP setup for Linux and Windows with graphs for output. It doesn't describe SNMP traps, but maybe will in a future update.
Simple Network Management Protocol is a protocol used to querying hosts for information about their status, such as CPU usage, bandwidth usage, memory usage and so on. SNMP uses UDP port 161. There are 3 SNMP versions: 1, 2c and 3. Put simply, 2c offers more information than 1, but both pass the community name in clear text. A community name is like a password for SNMP. For greater security, including encryption, use SNMP v3. SNMP v3 is not covered here as at that point, your usage goes beyond simple. Do not run SNMP across a hostile network like the Internet.
You can graph the statistics retrieved using SNMP using tools like MRTG, ZenOSS, Cacti and so on to monitor patterns in system state and resource usage over time. This can help identify issues, anomolies and potentially, break-ins. Many other applications are able to take advantage of SNMP, such as Nagios, which is used for alerting you to host and service problems.
Most networking devices such as routers (even home consumer routers) and managed switches offer SNMP support. The most common usage of SNMP is in querying for system status information as described above, but it is also possible to write values to a system using SNMP and using certain types of system events as what are called SNMP traps, which are sent to a monitoring system which will generate alerts for the system administrators. Neither SNMP writes or SNMP traps are discussed here. Perhaps they will be in an update at some point.
Information is stored in a tree like structure as far as SNMP is concerned. MIBs (Management Information Bases) are essentially like branches on the tree, they are groups of related SNMP data, such as system data, interface data etc. OIDs (object identifiers) are leaves on the tree, that is, they are individual items of queryable data, as defined in the MIBs. Phew. Technical. OIDs are normally numeric values, but thankfully most have human memorable names. MIBs are stored as text files under /usr/share/snmp/mibs/ in Linux.
Many network hardware vendors provide MIBs which map their specific hardware information (temperatures, fans speeds etc, power usage) to a set of OIDs, normally under the 'enterprises' MIB group. The default set of MIBs on Linux is pretty good, so you only need these extra MIBs for system data unique to the hardware you are using. Cisco MIBs will certainly be useful when using their equipment. You should first try your hardware vendor or there are many places to get get MIBs if you need them. I haven't yet found a clean, easy way to include vendor specific MIBs when querying, but you should start by placing them under /usr/share/snmp/mibs/.
I once heard SNMP described as, “The S in SNMP is for simple, but that does not mean it is trivial.” There is a lot more to SNMP than given here. This is a good starter, but you should investigate further when you find your feet. Certainly investigate SNMP v3, SNMP traps and the graphing of other statistical information when you are comfortable or in a high maintenance or more hostile environment.
On all machines install the SNMP daemon or service. Most SNMP implementations on Linux can serve SNMP version 1, 2c and 3. Windows SNMP, at least in Windows 2000 and XP serves SNMP v1 and 2c only. Windows Vista people will have to figure it out themselves.
yum install net-snmp
apt-get install snmpd
Go to the Add/Remove Programs applet in the Control Panel, go to Add/Remove Windows Components and install the Network Management Tools. You will need your Windows install CD if the files aren't already cached on your hard disk. Note that the Windows SNMP service is started immediately. Windows Vista people will have to figure it out themselves.
Go to /etc/snmp and run:
cp snmpd.conf snmpd.conf.orig; cat /dev/null > snmpd.conf
This gives us a clean snmpd.conf to play with rather than editing the considerable default config.
Add the following to snmpd.conf:
rocommunity <my_community_name> syslocation <my_location> syscontact <my_contact_email_address> ## sec.name source community ## ======== ====== ========= com2sec local localhost <my_community_name> com2sec network_1 <my_snmp_server> <my_community_name> com2sec network_2 <my_snmp_server> <my_community_name> ## Access.group.name sec.model sec.name ## ================= ========= ======== group MyROGroup_1 v1 local group MyROGroup_1 v1 network_1 group MyROGroup_2 v2c network_2 ## MIB.view.name incl/excl MIB.subtree mask ## ============== ========= =========== ==== view all-mibs included .1 80 ## MIB ## group.name context sec.model sec.level prefix read write notif ## ========== ======= ========= ========= ====== ==== ===== ===== access MyROGroup_1 "" v1 noauth exact all-mibs none none access MyROGroup_2 "" v2c noauth exact all-mibs none none
Note of course to change the values in angled brackets to be suitable for your environment. Be sure to give a community name which is unique on your network. Community names are like SNMP passwords. The common default is the word public, so don't use that for security reasons. Also specify the IP address of the server which will be used to collect SNMP data, it is best to narrow it down as far as possible to single IP addresses or IP ranges.
Syslocation is an arbitrary string which says where the machine is physically located and the syscontact is the email address of the system administrator.
Much of the above config is taken from Chapter 22 of Linux Home Networking. It principally allows reading of SNMP 1 information from localhost and 1 and 2c from your specified IP, IP range or resolvable hostname, using all MIBs.
So, restart your SNMP daemon to come up with the new config.
Go to the Control Panel, Administrative Tools and then Services. Double-click SNMP Service and select the Agent tab. Provide a sysadmin email address and a location. Optionally add Physical and Datalink and subnetwork if you think you need them. The choose the Security tab. Edit the read-only community name and make it the same as the one you use on your other machines as detailed in the Linux configuration above, unless you specifically want a different community name.
It is best practice to narrow down the hosts you will accept SNMP requests from so click Accept SNMP packets from these hosts and add the host from which you will be querying, then click Ok. Windows SNMP Service automatically restarts with the new configuration when you make changes to it, which is nice of it.
As usual, Vista people are on their own here.
You need to make your firewall allow SNMP queries from your query machine, you have a firewall right? Windows Firewall doesn't allow SNMP queries through, so you have to configure it and add an exception for UDP port 161. Only allow it from the machine you designated as your SNMP query host.
You need a machine to make requests from and this should be the machine which you have in your SNMP configuration on the other machines. For Windows, I don't know what you're going to do, I don't use Windows for anything network related, so you're on your own. You'll probably have to pay someone money for some software, but you could try starting with the snmp command or look at PRTG for graphing, they should point you in the right direction.
yum install net-snmp-utils
apt-get install snmp
Now you want to do some queries, on Debian and Red Hat distros, run:
snmpwalk -c <my_community_name> -v 2c <machine>
…where <machine> is the IP or resolvable hostname of the machine you want to query. Here we are using snmpwalk, which basically walks the MIB tree, querying the host, using SNMP v2c as we specified, for everything it knows about. You will get a lot of output. If you don't get anything you have done something wrong and will have to go back through your config on the hosts to make sure it is accepting SNMP queries from your query machine.
You can do the same but specify a subset of OIDs to query:
snmpwalk -c <my_community_name> -v 2c <machine> interface
Here we are just asking for all of the interface related OIDs. Or:
snmpwalk -c <my_community_name> -v 2c <machine> system
for system related OIDs. Good huh?
So, you want to do something useful with your SNMP output, because it's just a great big list of crap? On Linux, use MRTG, on Windows, use PRTG. Windows people will have to figure it out themselves, but Linux people can use the following.
You should know how to install a package by now:
apt-get install mrtg
yum install mrtg
Your distro will probably create you a directory under /var/www for mrtg so try http://localhost/mrtg/ to see if there is anything there, there should be, but not much yet. Check your apache/httpd configuration if there is a problem accessing it as I know Fedora only allows access from localhost by default. You might want to allow access from other hosts but protect it with a username and password, even SSL too if you are wary.
Next you need to create some MRTG config files for the hosts you will query:
cfgmaker --output=/etc/mrtg/<machine_name>.cfg --global "workdir: /var/www/mrtg" -ifref=ip <community_name>@<host_IP>
Be sure of course to change the name of the config file to the name of the machine, the community name and the IP of the host to query. Also be sure to put the path to your web server's mrtg directory if it is not /var/www/mrtg as given above.
Now create an page for your output:
indexmaker --output=/var/www/mrtg/myhost.html /etc/mrtg/myhost.cfg
or even an index page with all of your hosts on:
indexmaker --output=/var/www/mrtg/index.html /etc/mrtg/myhost.cfg /etc/mrtg/otherhost.cfg /etc/mrtg/anotherbox.cfg
Now run an mrtg command to create some output:
env LANG=C /usr/bin/mrtg /etc/mrtg/myhost.cfg
You will need to run the command at least 3 time until it produces no errors, while MRTG tries to rotate pre-existing stats which don't exist, this is nothing to worry about. The 'env LANG=C' part just stop MRTG complaining about the default system language.
Then browse to your MRTG page to see the output. There will probably be an empty looking graph, which is fine because we've barely collected any stats.
Add the following line to the crontab of a user which is able to write to your web server's MRTG directory and files:
*/5 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/myhost.cfg > /dev/null 2>&1
This will make MRTG collect stats via SNMP every 5 minutes. Do the same for any other hosts you wish to graph. Note that I have redirected all standard output and errors to /dev/null, so I don't have to hear about it if it doesn't work. Don't do this until you are satisfied that it works properly.
And that, my friend, is it.
You should try graphing other data such as CPU, disk and memory usage, system load, component temperatures and so on. MRTG is able to graph anything which you pass it information for and SNMP can make most of that information available over a network. Cacti is an alternative to MRTG for graphing other variables and is probably far easier. Investigate SNMP v3 for a more secure implementation. For lower CPU load, try replacing the default graphing tool in MRTG with RRDTool which was written by the same guy as MRTG.