[mrtg] Re: Super SNMP novice. Trying hard to understand.

nate mrtg at aphroland.org
Thu Oct 24 03:36:57 MEST 2002 

Chris said:
>
> Alright I'v gotten pretty far with google and the crappy sites I have
> found. Perhaps I am not reading the correct material or I'm just getting
> things in bits and piece and in the wrong order.  I think I need O
> Reilies SNMP book. Anyway can someone explain to me like I am a 4 year
> old retarded girl, or send me to a web site that explains things like I
> know nothing of computers because I have become utterly confused.  I am
> trying to do some simple SNMP monitor of W2K servers and Linux alike.
> http://www.wtcs.org/snmp4tpc/ has helped a bit but confused as much as
> it's helped.  I am trying to understand the difference between OID's and
> MIB's.  I want to monitor IIS specifically right now.  I got this cute

until about a week ago I was pretty new to SNMP too, I had only done
basic stuff with cfgmaker and some resources I found on the net. I
am learning a bit more though as time goes on. So the below info
is just real basic stuff, its what I've learned in the past few days
about SNMP..some of it may be inaccurate or wrong but most of it
makes sense to me so I think a lot of it is fairly accurate.


OIDs and MIBs are a pain in the ass I gotta admit, until very very
recently I had no idea how to convert the 2, and I could find no
documentation on the net(I've searched a few times over the past
couple years) that I could understand.

So..I will reference linux(well unix in general) only since I have
not ever done anything SNMP related on win32. The basic concepts should
be the same though.

tools I use:

ucd-snmp[1] - I use Debian GNU/linux which splits the snmp tools into
many different packages. the main ones contain:
     - snmpd - the snmp daemon itself
     - snmp-utils - snmpwalk & other snmp utils

libsmi2[2] -(aka libsmi) this contains tools that can convert MIBs to OIDs on
the command line

finding out what each of the variables actually means can be a bit more
difficult but many are self explanitory.

First thing to do is run a snmpwalk against a test system(I wouldn't reccomend
doing this on a critical system it may drive the load way up for a short time):

snmpwalk localhost public .1

that(as far as I know) will spit out everything that your SNMP server
can give out. For my desktop system it is a total of 1944 different
variables(quite a bit!). My gateway firewall/server responds with over
5,000 variables. Note this gives away TONS of information about your
machine including stuff like firewall rules, routes, arp table so
I reccomend firewalling the snmp daemon on untrusted networks.

take this string for example(taken from the output of the snmpwalk):
host.hrSystem.hrSystemProcesses.0 = Gauge32: 116

That(I believe) is the total number of currently running system
processes. How do you find the OID code for this if you want it?
First you need the MIB file. Part of the Debian ucd-snmp package
comes with a bunch of mib files in /usr/share/snmp/mibs

so what I do

cd /usr/share/snmp/mibs
grep -i hrsystem *

which spits back to me several hits for the file HOST-RESOURCES-MIB.txt

so, to get the OID of this I do(using the tools from libsmi2):
smidump --format=identifiers HOST-RESOURCES-MIB.txt  | grep -i hrsystem

which gives me a bunch of responses:
HOST-RESOURCES-MIB hrSystem                      1.3.6.1.2.1.25.1
HOST-RESOURCES-MIB hrSystemUptime                1.3.6.1.2.1.25.1.1
HOST-RESOURCES-MIB hrSystemDate                  1.3.6.1.2.1.25.1.2
HOST-RESOURCES-MIB hrSystemInitialLoadDevice     1.3.6.1.2.1.25.1.3
HOST-RESOURCES-MIB hrSystemInitialLoadParameters 1.3.6.1.2.1.25.1.4
HOST-RESOURCES-MIB hrSystemNumUsers              1.3.6.1.2.1.25.1.5
HOST-RESOURCES-MIB hrSystemProcesses             1.3.6.1.2.1.25.1.6
HOST-RESOURCES-MIB hrSystemMaxProcesses          1.3.6.1.2.1.25.1.7
HOST-RESOURCES-MIB hrSystemGroup                 1.3.6.1.2.1.25.7.3.1


and sure enough the MIB is there, the OID for the above MIB is
1.3.6.1.2.1.25.1.6 . However if you query a server at least in my
experience most often you have to append a . infront so it would be
.1.3.6.1.2.1.25.1.6

e.g.
snmpwalk localhost public .1.3.6.1.2.1.25.1.6
returns for me:
host.hrSystem.hrSystemProcesses.0 = Gauge32: 116


Where to get these programs:
Debian maintains a beautiful archive of software, unlike most other
distributions that I have seen Debian preserves the original archives
for distributions(e.g. no source rpm stuff), which make them usable on
other compadible systems(works great when an 'official' mirror site
for a particular app is down. If you don't have these programs you
can get them at the below URLs, near the bottom of the page there is
a Source code link. then on the right side of that is a diff link.
the source code link is the EXACT sourcecode from the app, the diff
contains all changes that the debian developers do to the app to
fix bugs/make it debian  "compliant". But the source is virgin source
clean to use elsewhere. You may want to apply the diff to get security
updates for the package or something(or review the changelog)

[1] http://packages.debian.org/stable/net/snmp.html
[2] http://packages.debian.org/stable/libs/libsmi2.html

you can check out my MRTG page(I am trying to work on a big
doc that tells how to graph a bunch of the different things I have
going on but it's not finished yet) at:
http://mrtg.aphroland.org

good luck!

nate



--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list