SNMP (Simple Network Management Protocol) is an application layer protocol on TCP/IP network that facilitates the exchange of management information between network devices. SNMP is an industry standard way to gather information from hosts across a network.
SNMP works on a standard client/server model. The SNMP client/or agent, sends a request across the network to a host running SNMP server. The SNMP server, snmpd, then gathers the information from the local system and returns it to the client/agent. Each SNMP server has a list of information(or objects) it can extract from the local computer. This list of information is arranged in a hierarchical system called, Management Information Base(MIB) tree. So basically, the SNMP agent/client accesses the MIB on the server to fetch an object. An object corresponds to a particular information about the device(server) - say for example, swap usage, uptime and so on. An SNMP agent can also send a request to make changes to the SNMP server.
The objects in a server are fetched, managed by client/agent using the following four fundamental operations - Get, GetNext, Set, Trap
- The client or agent, sends a Get command to fetch an object from the host running snmpd server. This object shall be leaf node in the MIB
- The client or agent, can recursively retrieve objects from the host running snmpd server, using GetNext command. The GetNext operates on a branch in MIB
- The client or agent, can control the server by using the Set command to change the value of an object
- If the server needs to notify the client/agent of some event, server can issue an Trap command to pass the message to the client/agent.
A system can function as a client/agent or a server or both.
SNMP can be used in 3 versions - v1, v2, v3
SNMP v1 relies on a simple string , called the community name to provide security. Two community names are used - public and private. In a default configuration, the public community is used to provide read access to a managed device while the private community is used to allow read-write access. All information exchanged between the client/agent and server are sent in clear text. In case if we are using SNMP v1, as a simple security measure, use alternative names for public and private.
SNMP v2 has some inconsistent implementations. So skipping it.
SNMP v3 provides three very important security features:
Consider the following example of an MIB object. MIB object name, is it's path in the MIB tree, like follows
SNMP v1 relies on a simple string , called the community name to provide security. Two community names are used - public and private. In a default configuration, the public community is used to provide read access to a managed device while the private community is used to allow read-write access. All information exchanged between the client/agent and server are sent in clear text. In case if we are using SNMP v1, as a simple security measure, use alternative names for public and private.
SNMP v2 has some inconsistent implementations. So skipping it.
SNMP v3 provides three very important security features:
- Usernames to audit SNMP connections made to server
- Passwords to allow authenticated access to server
- Encryptions allows data to be exchanged between server and client/agent securely
Management Information Base(MIB)
Each object in a MIB tree is identified by a name or number. Since, it is a tree structure(like unix), each object in MIB tree can be reached by following a unique path for that object(same like unix path).Consider the following example of an MIB object. MIB object name, is it's path in the MIB tree, like follows
- interfaces.ifTable.ifEntry.ifOutErrors.1
- interfaces, means that we are looking at the network interfaces on the system(network cards, parallel ports, and so on).
- ifTables, is the interface table or the list of interfaces on the system
- ifEntry, shows one particular interface
- ifOutErrors, means that we are looking at the outbound errors on this particular interface
- 1, means that we are interested in interface number 1.
MIB objects can also be expressed as numbers and the preceding example can be translated to numbers as follows
- .1.3.6.1.2.1.2.2.1.20.1
This is also called as arc.
Expressed as words, the MIB object is specified as five terms separated by periods. Expressed as numbers, the MIB has 11. So why it is like this?
The numerical MIB is longer because it includes the default .1.3.6.1.2.1 (.iso.org.dod.internet.mgmt.mib-2). Almost all MIBs,will have this leading string.
Setting up snmp client
Check if net-snmp-utils package is installed
# yum list all | grep snmp
If not installed, then install
# yum search snmp
# yum install net-snmp-utils
Setting up snmp server
yum install net-snmp
yum install net-snmp-utils
Finding MIB object
- Tree Browse
snmptranslate -TB '.*memory.*'
- Output numerical
- Tree print with Output Full
snmptranslate -Tp -Of .1.3.6.1.2.1.25
Using SNMP v1 for queries
From my host 192.168.1.3, suppose I want to query the objects on 192.168.2.101, using the "public" string of snmp v1
Using snmpwalk command, I shall use the "public" string of snmp v1 to get a list of objects I can access on 192.168.2.101
# snmpwalk -v1 -c public 192.168.2.101
Instead of using community name as "public", you can use your own community string name, say "myu" for example. To set your own community string in 192.168.2.101, do the following
- Open /etc/snmp/snmpd.conf in 192.168.2.101
- Add the following line at end of the file - rocommunity myu
- service snmpd reload
Now obtain the contents of the MIB tree in 192.168.2.101 using the community string "myu", by running the following command from any host(here, 192.168.1.3)
# snmpwalk -v1 -c myu 192.168.2.101
To get uptime of the host, 192.168.2.101, run the following
# snmpget -v1 -c myu 192.168.2.101 HOST-RESOURCES-MIB::hrSystemUptime.0
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (272328) 0:45:23.28
To get the numerical format of HOST-RESOURCES-MIB::hrSystemUptime.0
# snmptranslate -On HOST-RESOURCES-MIB::hrSystemUptime.0
.1.3.6.1.2.1.25.1.1.0
# snmpget -v1 -c myu 192.168.2.101 .1.3.6.1.2.1.25.1.1.0
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (59650) 0:09:56.50
To avoid typing "-v1 -c myu" for each command, do the following in the client/agent node(here, 192.168.1.3) :
Create ~/.snmp/snmp.conf file with the following lines
defVersion 1
defCommunity myu
Now run snmpwalk or snmpget command without "-v 1 -c public" from the client node(192.168.1.3), as follows
$ snmpwalk 192.168.2.101
Using snmp v3 for queries
SNMP v3 uses user based security model(usm) to control access to the managed device MIB. A username(securityname) must be provided as part of the SNMP request along with a password associatd with that username. On CentOS, the username and password for a SNMP v3 user is kept in file /var/lib/net-snmp/snmpd.conf. Information stored in this account shall be encrypted so that it is readable only by the snmpd dameon. Passwords can be stored as either SHA or MD5 hashes. The password supplied must be greater than 8 characters.
SNMP v3 allows one to choose any combination of hashed authentication(auth) or encrypted data privacy(priv)
- If just authentication alone, then auth alone can be chosen
- if privacy alone needed, then choose priv
- If both auth and privacy are needed choose authpriv
In the machine where snmpd server is running(say, 192.168.2.101), create a SNMP user, say named "snmpusr" with password and shared secret as "snmppasswd", using command net-snmp-create-v3-user.
We use md5 hash for the password and DES for data encryption.
snmpd service must be stopped before creating the user.
- service snmpd stop
- net-snmp-create-v3-user -A snmppasswd -X snmppasswd -a MD5 -x DES snmpusr
- adding the following line to /var/lib/net-snmp/snmpd.conf:
- createUser snmpusr MD5 "snmppasswd" DES snmppasswd
rwuser snmpusr
4. service snmpd start
Now let us try doing a snmpwalk for SNMP v3 users from the client machine(client can run in the same machine as server too)
# snmpwalk -v 3 -u snmpusr -l authpriv -a MD5 -x DES -A snmppasswd -X snmppasswd 192.168.2.101
In order to make the above command simple, update ~/.snmp/snmp.conf in client as follows
defVersion 3
defSecurityName snmpusr
defSecurityLevel authpriv
defauthpassphrase snmppasswd
defauthpasswd snmppasswd
defauthtype MD5
defprivtype DES
MIB paths of interest for query
CPU Statistics
Load
1 minute Load: .1.3.6.1.4.1.2021.10.1.3.1
5 minute Load: .1.3.6.1.4.1.2021.10.1.3.2
15 minute Load: .1.3.6.1.4.1.2021.10.1.3.3
CPU
percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0
raw user cpu time: .1.3.6.1.4.1.2021.11.50.0
percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0
raw system cpu time: .1.3.6.1.4.1.2021.11.52.0
percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0
raw idle cpu time: .1.3.6.1.4.1.2021.11.53.0
raw nice cpu time: .1.3.6.1.4.1.2021.11.51.0
Memory Statistics
Total Swap Size: .1.3.6.1.4.1.2021.4.3.0
Available Swap Space: .1.3.6.1.4.1.2021.4.4.0
Total RAM in machine: .1.3.6.1.4.1.2021.4.5.0
Total RAM used: .1.3.6.1.4.1.2021.4.6.0
Total RAM Free: .1.3.6.1.4.1.2021.4.11.0
Total RAM Shared: .1.3.6.1.4.1.2021.4.13.0
Total RAM Buffered: .1.3.6.1.4.1.2021.4.14.0
Total Cached Memory: .1.3.6.1.4.1.2021.4.15.0
Disk Statistics
The snmpd.conf needs to be edited. Add the following (assuming a machine with a single '/' partition):
disk / 100000 (or)
includeAllDisks 10% for all partitions and disks
The OIDs are as follows
Path where the disk is mounted: .1.3.6.1.4.1.2021.9.1.2.1
Path of the device for the partition: .1.3.6.1.4.1.2021.9.1.3.1
Total size of the disk/partion (kBytes): .1.3.6.1.4.1.2021.9.1.6.1
Available space on the disk: .1.3.6.1.4.1.2021.9.1.7.1
Used space on the disk: .1.3.6.1.4.1.2021.9.1.8.1
Percentage of space used on disk: .1.3.6.1.4.1.2021.9.1.9.1
Percentage of inodes used on disk: .1.3.6.1.4.1.2021.9.1.10.1
Wow! Who knew?
ReplyDelete