* Install and learn to use the SNMP commands * Explore and identify standard vs enterprise parts of the MIB tree * Install vendor specific MIBs and use those with the SNMP commands
* Commands preceded with “$” imply that you should execute the command as a general user - not as root. * Commands preceded with “#” imply that you should be working as root. * Commands with more specific command lines (e.g. “rtrX>” or “mysql>”) imply that you are executing commands on remote equipment, or within another program.
Start by installing the net-snmp tools:
$ sudo apt-get install snmp $ sudo apt-get install snmp-mibs-downloader
The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.
Note: for this to work, you must enable the “multiverse” source in your APT configuration, If you are using Ubuntu 12.04 or 14.04. This has already been done for you in this workshop.
Now, edit the file /etc/snmp/snmp.conf:
$ sudo editor /etc/snmp/snmp.conf
Change this line:
… so that it looks like:
# mibs :
(You are “commenting out” the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)
Now, make your own copy of the file /etc/snmp/snmp.conf, make it readable only by you, and add your credentials to it:
$ mkdir ~/.snmp $ cp /etc/snmp/snmp.conf ~/.snmp/ $ chmod 700 ~/.snmp/ $ sudo vi ~/.snmp/snmp.conf
Adding this information means you won't have to enter your credentials everytime you use one of the SNMP utilities.
To check that your SNMP installation works, run the snmpstatus command on each of the following devices
$ snmpstatus -v2c 127.0.0.1 -c public
Check the snmp output. What is the signature?
For this exercise your group needs to verify that the snmpd service is running and responding to queries for all machines in your group. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your other group members.
4.1 Install the SNMP agent (daemon):
$ sudo apt-get install snmpd $ sudo apt-get install libsnmp-dev
We will make a backup of the distributed config, and then we will create our own:
$ cd /etc/snmp $ sudo mv snmpd.conf snmpd.conf.dist $ sudo vi snmpd.conf
Then, copy/paste the following:
# Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 # Configure Read-Only community and restrict who can connect rocommunity @pnicTra!ning 192.168.30.0/24 rocommunity @pnicTra!ning 127.0.0.1 # Information about this host sysLocation bdNOG Linux Training Workshop sysContact [email protected] # Which OSI layers are active in this host # (Application + End-to-End layers) sysServices 72 # Include proprietary dskTable MIB (in addition to hrStorageTable) includeAllDisks 10%
Now save and exit from the editor.
4.3 Check that snmpd is working:
snmpstatus -v2c 192.168.30.X -c '@pnicTra!ning'
What do you observe ?
Try and run snmpwalk on any hosts (routers, switches, machines) you have not tried yet, in the 192.168.30.X network. Note the kind of information you can obtain.
$ snmpwalk -v2c 192.168.30.X ifDescr -c '@pnicTra!ning' $ snmpwalk -v2c 192.168.30.X ifAlias -c '@pnicTra!ning' $ snmpwalk -v2c 192.168.30.X ifTable -c '@pnicTra!ning' | less $ snmpwalk -v2c 192.168.30.X ifXTable -c '@pnicTra!ning' | less $ snmpwalk -v2c 192.168.30.X ifOperStatus -c '@pnicTra!ning' $ snmpwalk -v2c 192.168.30.X ifAdminStatus -c '@pnicTra!ning' $ snmpwalk -v2c 192.168.30.X if -c '@pnicTra!ning'