Introduction
A large part of being a system administrator is collecting accurate information about your servers and infrastructure. There are a number of tools and options for gathering and processing this type of information. Many of them are built upon a technology called SNMP.
SNMP stands for simple network management protocol. It is a way that servers can share information about their current state, and also a channel through which an administer can modify pre-defined values. While the protocol itself is very simple, the structure of programs that implement SNMP can be very complex.
In previous guides, we discussed the basics of the SNMP protocol and how to install and configure SNMP components on Ubuntu 14.04 servers. In this guide, we will go over the basic usage of many of the tools that come with the net-snmp suite that we have been working with.
We will discuss how to leverage the configuration we set up in the last guide in order to actually gather information and manipulate remote hosts. This tutorial assumes that you have two hosts set up as they were at the end of the installation and configuration guide.
Using SNMP Client Commands
The net-snmp suite of tools that we have been using contains quite a few utilities that are useful for querying or setting OID values on remote hosts. Fortunately, most of the tools leverage a set of shared syntax and have similar usage patterns. We’ll go over the basic usage of some of the more popular ones below.
For the purposes of this guide, we are assuming that you are familiar with the authentication portion that you need to provide net-snmp commands. We are going to refer to all of the authentication information as authentication_info in the sections below.
If you have set up an snmp.conf configuration for your client as discussed here, you can remove this section of the command, as the authentication details will be read from your configuration file.
If you do not have an snmp.conf file, you will need to substitute the “authentication_info” in each command with the information needed to connect to your remote daemon. For the demo account that we set up in this series, the following values can be used:
-u demo -l authPriv -a MD5 -x DES -A my_new_password -X my_new_passwordSubstitute your own values when running these commands if you are in a different environment.
Now that you know the authentication details you will need, let’s get familiar with some of the commands available.
Retrieving Single OID Values with SnmpGet
This is probably the most basic command for querying information using SNMP. Using the basic authentication flags that were discussed earlier, the snmpget command can be used to read the value of any OID that the user has access to.
The basic usage is to specify a known numerical OID. For instance, we can retrieve the system description by typing:
snmpget authentication_info host 1.3.6.1.2.1.1.1.0Since we installed the snmp-mibs-downloader package on our manager computer in the last guide, we can also reference common OIDs by their name. For instance, we could get the same information by typing:
snmpget authentication_info host sysDescr.0Retrieving the Next Available OID Value with SnmpGetNext
This command is used to get the value of the OID after the one given. Since the MIB database is a walkable hierarchy, its values can be retrieved sequentially. By leveraging this property, we can find out the value (and the OID label) for the next object from any object in the tree.
For instance, we saw above how to get the system description. To find out the next OID and its value, we can call the same command, but this time with the snmpgetnext command:
snmpgetnext authentication_info host sysDescr.0SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10This returns the system ObjectID, which is the next sequential object in the tree. We can repeat this over and over using the returned OID to get each sequential object:
snmpgetnext authentication_info host sysObjectID.0DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (114216) 0:19:02.16These can use the string OIDs or the numeric OIDs, just like before.
Using SnmpWalk to Retrieve a Section of the MIB Hierarchy
To get all of the OIDs under a specified OID, you can use the snmpwalk command. This will return the entire tree that exists beneath the specified point.
For instance, we can get all of the values in the system portion of the tree by typing:
snmpwalk authentication_info host systemSNMPv2-MIB::sysDescr.0 = STRING: Linux target 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (126926) 0:21:09.26SNMPv2-MIB::sysContact.0 = STRING: admin@example.comSNMPv2-MIB::sysName.0 = STRING: targetSNMPv2-MIB::sysLocation.0 = STRING: Sitting on the Dock of the BaySNMPv2-MIB::sysServices.0 = INTEGER: 72. . .This command operates by automatically issuing SNMP getNext requests to the host until it can construct the entire tree beneath the value requested.
If you wish to retrieve basically the entire MIB tree, you can issue the command on the root:
snmpwalk authentication_info host .This will return the entire tree that is accessible to the user provided.
This can be used, along with grep to search for specific OID names. For instance, you may know that the sysUpTime.0 OID returns the length of the that the SNMP daemon has been operational on the remote hosts, but you may be curious as to how long the server itself has been online.
We can use the snmpwalk command to get the entire hierarchy of OIDs and then filter it with grep to look for anything that has “uptime” in the name. We will use the -i flag to turn off case sensitivity in our search:
snmpwalk authentication_info host . | grep -i uptimeYou will receive a response that looks like this:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (113856) 0:18:58.56SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.7 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.8 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.9 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.10 = Timeticks: (0) 0:00:00.00HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (9741455) 1 day, 3:03:34.55NOTIFICATION-LOG-MIB::nlmLogVariableID."default".1.1 = OID: DISMAN-EVENT-MIB::sysUpTimeInstanceNET-SNMP-AGENT-MIB::nsModuleName."".8.1.3.6.1.2.1.1.3.127 = STRING: mibII/sysUpTimeAfter trying a few of these values, we can find out that hrSystemUptime.0 OID contains the correct uptime value. Now, anytime we want to how long it’s been since that machine has booted, we can use that OID:
snmpget authentication_info host hrSystemUptime.0HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (9795352) 1 day, 3:12:33.52As you can see, snmpwalk can be very helpful for discovering the correct OIDs for values.
Translate Between Numeric and String OIDs with SnmpTranslate
One of the most helpful commands in the suite does not actually communicate with the remote host. Instead, it simply helps us discover information about the MIB hierarchy.
Using the snmptranslate utility, we can easily convert numeric results to their textual representation:
snmptranslate 1.3.6.1.2.1.1.1.0SNMPv2-MIB::sysDescr.0This gives the MIB module that defines the textual name, and the name for the OID itself.
We can also use the tool to translate in the other direction. When we found out the textual MIB for the system’s uptime (hrSystemUptime.0), we might have been curious as to where on the tree that was defined. We could pass the -On flag to get the numerical address.
Remember to include the MIB module that is given whenever you receive information about an OID:
snmptranslate -On HOST-RESOURCES-MIB::hrSystemUptime.0.1.3.6.1.2.1.25.1.1.0You can also use this tool to get a lot of other detailed information about any point. For instance, with the -Td flag, you can get a full description, complete with the path at the bottom:
snmptranslate -Tp 1.3.6.1.2.1.1.1.0SNMPv2-MIB::sysDescr.0sysDescr OBJECT-TYPE -- FROMSNMPv2-MIB -- TEXTUAL CONVENTION DisplayString SYNTAXOCTET STRING (0..255) DISPLAY-HINT"255a" MAX-ACCESSread-only STATUScurrent DESCRIPTION"A textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software."::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) system(1) sysDescr(1) 0 }You can modify how the output is displayed by passing an -O_ parameter, where the “_” is replaced by an output format. You can see the full list in the “OUTPUT OPTIONS” section of the snmpcmd man page, but some of the more common choices are:
| Output Flag | Description | Example |
|---|---|---|
| -Oa | Display in ASCII strings | SNMPv2-MIB::sysDescr.0 |
| -Of | Display full textual path to OID | .iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 |
| -On | Display full numerical path to OID | .1.3.6.1.2.1.1.1.0 |
| -Os | Display only the end textual OID representation | sysDescr.0 |
Note that the above formatting options can also be applied with most of the other tools in this suite to format the output how you would like.
Retrieve Tabular Data with Formatted Output with SnmpTable
Some information stored withing SNMP is actually tabular. Although snmpwalk has the ability to display all of the relevant data, the formatting is not ideal for some uses.
For instance, if we use snmpwalk on the udpTable OID:
snmpwalk authentication_info host udpTableWe would get this:
UDP-MIB::udpLocalAddress.0.0.0.0.161 = IpAddress: 0.0.0.0UDP-MIB::udpLocalAddress.0.0.0.0.35679 = IpAddress: 0.0.0.0UDP-MIB::udpLocalPort.0.0.0.0.161 = INTEGER: 161UDP-MIB::udpLocalPort.0.0.0.0.35679 = INTEGER: 35679However, if we make the same request with snmptable:
snmptable authentication_info host udpTableWe would get a nicely formatted table, like this:
udpLocalAddress udpLocalPort 0.0.0.0 161 0.0.0.0 35679This is much nicer formatting and easier to consume for a human reader.
Modifying Values with SnmpSet
This command is used to write the value to an OID. While the other commands so far were used to get information, this command is used to modify data on the host.
While the snmpset command inherits most of its syntax from the other commands, it requires some additional information to set the values. The basic syntax looks like this:
snmpset authentication_info host OID_to_modify data_type new_valueMost of the fields above are rather self-explanatory. However, the data types demand a bit more explanation. Each type is represented by a single character. The list of possible types is below:
- i: Integer
- u: Unsigned integer
- s: String
- x: Hexadecimal string
- d: Decimal string
- n: Null object
- o: Object ID
- t: Time ticks
- a: IP Address
- b: Bits
Since we have downloaded the snmp-mibs-downloader package, most of the time you can get away with typing = instead of one of the type identifiers.
To demonstrate this command, we can comment out one of the values set in our snmpd.conf file on the agent computer. Specifying values in the configuration file essentially hard-codes it, preventing you from changing the value using normal SNMP methods.
On the agent computer, open the /etc/snmp/snmpd.conf file:
sudo nano /etc/snmp/snmpd.confComment out the sysLocation directive:
#sysLocation Sitting on the Dock of the BaySave and close the file. Now restart the service:
sudo service snmpd restartNow, from our management machine, we can set the sysLocation OID to “Earth” by typing this. Note the “s” that specifies that the data type is a string:
snmpset authentication_info host sysLocation.0 s "Earth"SNMPv2-MIB::sysLocation.0 = STRING: EarthWe can test whether the = type specifier will correctly set the value type by refining our location:
snmpset authentication_info host sysLocation.0 = "New York City"SNMPv2-MIB::sysLocation.0 = STRING: New York CityIt has correctly interpreted our value as a regular string.
Issuing Requests Efficiently with SnmpBulkGet and SnmpBulkWalk
Issuing repeated snmpget and snmpwalk requests can create quite a lot of network traffic when used repeatedly.
To cut back on this problem, two companion commands called snmpbulkget and snmpbulkwalk were created. These will pack all of the return values within a single transaction rather than a transaction for each of returned OID value. You can also pass in more than one OID at a time.
To use snmpbulkget, you pass in one or more OIDs or branches and you will get back as many values for additional OIDs as fit in the packet:
snmpbulkget authentication_info host systemSNMPv2-MIB::sysDescr.0 = STRING: Linux target 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (429891) 1:11:38.91SNMPv2-MIB::sysContact.0 = STRING: call nowSNMPv2-MIB::sysName.0 = STRING: targetSNMPv2-MIB::sysLocation.0 = STRING: New York CitySNMPv2-MIB::sysServices.0 = INTEGER: 72SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDComplianceSNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBComplianceOne thing to note is that snmpbulkget operates like a snmpgetnext command, meaning it that it leaves out the object given as an argument. In the above example, instead of supplying a specific object, we supplied a branch. You can think of snmpbulkget as an snmpwalk call, but the results will be in one packet.
The snmpbulkwalk command operates in a similar way, but will continue to make BulkGet commands until the entire subtree is retrieved.
Conclusion
As you can see, using the net-snmp suite, you can retrieve and manipulate data in a variety of ways. By scripting these actions or leveraging these utilities in applications, you can build complex monitoring and management environments.
