Results 1 to 8 of 8

Thread: Question about snmp

  1. #1
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Question about snmp

    Hey Guys I have a favor to ask, I've been having a really hard time trying to understand how snmp traps work, what can they do for you, and why they are useful.

    I've done some research and I've even set up snmp clients on linux systems, not necessarily the traps. I know they communicate on port 161 and 162 and I also know that you set them up to connect to a community string. Still I cant grasp the concept.

    If you don't mind can any one break it down for me, in very basic terms.. Thanks....
    Hmmmm I wonder how long before im good at this????????????

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,311
    Blog Entries
    15

    Default Re: Question about snmp

    Quote Originally Posted by hgallo
    Hey Guys I have a favor to ask, I've been having a really hard time
    trying to understand how snmp traps work, what can they do for you, and
    why they are useful.

    I've done some research and I've even set up snmp clients on linux
    systems, not necessarily the traps. I know they communicate on port 161
    and 162 and I also know that you set them up to connect to a community
    string. Still I cant grasp the concept.

    If you don't mind can any one break it down for me, in very basic
    terms.. Thanks....
    Hi
    As the name says it's a simple way to send data to a monitoring system
    over UDP.

    Buried in the trap OID can be all sorts of information based on the
    MIB for the system your wanting to monitor, for example;

    Code:
    echo "Generating ndsRenameEntry test trap..."
    # ndsTrapTime Attributes: INTEGER (0..-1)
    # ndsEventType Attributes: INTEGER (0..-1)
    # ndsResult Attributes: INTEGER
    # ndsPerpetratorName Attributes: OCTET STRING (0..768)
    # ndsEntryName Attributes: OCTET STRING (0..768)
    # ndsEntryName2 Attributes: OCTET STRING (0..768)
    # ndsClassName Attributes: OCTET STRING (0..768)
    # ndsFlags Attributes: INTEGER (0..-1)
    # ndsServerName2 Attributes: OCTET STRING (0..768)
    
    snmptrap -v 2c -m ALL -c public $DEST '' ndsRenameEntry \
    ndsTrapTime i "1" \
    ndsEventType i "1" \
    ndsResult i "1" \
    ndsPerpetratorName s "TrapTester" \
    ndsEntryName s "TrapTester" \
    ndsEntryName2 s "TrapTester" \
    ndsClassName s "TrapTester" \
    ndsFlags i "1" \
    ndsServerName2 s "TrapTester" \
    
    echo "End"
    So for ndsTrapTime Attributes looking at the MIB info description,
    this is;
    Code:
    "The total number of seconds since midnight
    (12 am) of 1 January 1970 GMT (UT)
    when the trap was generated"
    All this information is then interpreted by the remote monitoring system
    and turns it into readable info however it needs to be displayed.

    How have I used it in a real world example, there was some equipment
    that only produced log information instead of an snmp trap. I used a
    program called SEC to monitor the logs and when it saw an event I had
    some pre done perl scripts that ran to produce a real snmp trap to be
    forwarded to the management system to be actioned as appropriate.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
    up 4 days 20:01, 4 users, load average: 0.04, 0.03, 0.04
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21


  3. #3

    Default Re: Question about snmp

    On 11/27/2010 11:06 AM, hgallo wrote:
    >
    > Hey Guys I have a favor to ask, I've been having a really hard time
    > trying to understand how snmp traps work, what can they do for you, and
    > why they are useful.
    >
    > I've done some research and I've even set up snmp clients on linux
    > systems, not necessarily the traps. I know they communicate on port 161
    > and 162 and I also know that you set them up to connect to a community
    > string. Still I cant grasp the concept.
    >
    > If you don't mind can any one break it down for me, in very basic
    > terms.. Thanks....


    At work we use a program called openNMS. It's a network monitoring
    system. Using snmp, we can collect stats from our switches, servers,
    routers etc. showing all sorts of useful information such as bandwidth
    usage, network or device health, disk space and the like. It's handy to
    be able to see the history of devices over time.

    You can do things like set a trap on CPU temp, or maybe disk space.
    It's nice to get a message in email saying a shared disked is 95% full
    rather than getting a phone call from your boss on a Saturday saying the
    folks that are working the weekend can't save their files.

    Of course, that's just one example. Pretty much anything you want to
    know about your system before it becomes an issue is a good candidate
    for snmp traps...


    ....Kevin
    --
    Kevin Miller - http://www.alaska.net/~atftb
    Juneau, Alaska
    In a recent survey, 7 out of 10 hard drives preferred Linux
    Registered Linux User No: 307357, http://counter.li.org

  4. #4
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Re: Question about snmp

    Quote Originally Posted by atftb View Post
    On 11/27/2010 11:06 AM, hgallo wrote:
    >
    > Hey Guys I have a favor to ask, I've been having a really hard time
    > trying to understand how snmp traps work, what can they do for you, and
    > why they are useful.
    >
    > I've done some research and I've even set up snmp clients on linux
    > systems, not necessarily the traps. I know they communicate on port 161
    > and 162 and I also know that you set them up to connect to a community
    > string. Still I cant grasp the concept.
    >
    > If you don't mind can any one break it down for me, in very basic
    > terms.. Thanks....


    At work we use a program called openNMS. It's a network monitoring
    system. Using snmp, we can collect stats from our switches, servers,
    routers etc. showing all sorts of useful information such as bandwidth
    usage, network or device health, disk space and the like. It's handy to
    be able to see the history of devices over time.

    You can do things like set a trap on CPU temp, or maybe disk space.
    It's nice to get a message in email saying a shared disked is 95% full
    rather than getting a phone call from your boss on a Saturday saying the
    folks that are working the weekend can't save their files.

    Of course, that's just one example. Pretty much anything you want to
    know about your system before it becomes an issue is a good candidate
    for snmp traps...


    ....Kevin
    --
    Kevin Miller - A Turn for the Better
    Juneau, Alaska
    In a recent survey, 7 out of 10 hard drives preferred Linux
    Registered Linux User No: 307357, Linux Counter: Home Page
    Thank you so much kevin, so basically you can write a trap and configure it to triger to an event... am I right. Thanks again that makes a lot of sense.
    Hmmmm I wonder how long before im good at this????????????

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,823
    Blog Entries
    1

    Default Re: Question about snmp

    Good stuff, all comments.

    But, would not be complete without a warning on the safety/security issues involved, for a long time now SNMP has been considered easy to compromise due to its simplistic security architecture, so the warning is to use it only within protected LANS, never exposed to public networks like the Internet or WiFi (except possibly when encapsulated).

    If you need to monitor a remote network, monitoring systems like Nagios support a remote proxy which can collect data before sending securely or encrypting the data or configuring only outbound connections on behalf of SNMP type data.

    Tony

  6. #6

    Default Re: Question about snmp

    On 11/30/2010 09:36 AM, hgallo wrote:
    >
    > atftb;2258537 Wrote:
    >> On 11/27/2010 11:06 AM, hgallo wrote:
    >>>
    >>> Hey Guys I have a favor to ask, I've been having a really hard
    >>> time trying to understand how snmp traps work, what can they do
    >>> for you, and why they are useful.
    >>>
    >>> I've done some research and I've even set up snmp clients on
    >>> linux systems, not necessarily the traps. I know they communicate
    >>> on port 161 and 162 and I also know that you set them up to connect to a

    >> community string. Still I cant grasp the concept.
    >>>
    >>> If you don't mind can any one break it down for me, in very
    >>> basic terms.. Thanks....

    >>
    >> At work we use a program called openNMS. It's a network
    >> monitoring system. Using snmp, we can collect stats from our
    >> switches, servers, routers etc. showing all sorts of useful
    >> information such as bandwidth usage, network or device health, disk
    >> space and the like. It's handy to be able to see the history of
    >> devices over time.
    >>
    >> You can do things like set a trap on CPU temp, or maybe disk
    >> space. It's nice to get a message in email saying a shared disked
    >> is 95% full rather than getting a phone call from your boss on a
    >> Saturday saying the folks that are working the weekend can't save
    >> their files.
    >>
    >> Of course, that's just one example. Pretty much anything you want
    >> to know about your system before it becomes an issue is a good
    >> candidate for snmp traps...

    >
    > Thank you so much kevin, so basically you can write a trap and
    > configure it to triger to an event... am I right. Thanks again that
    > makes a lot of sense.


    Yup. I haven't written any traps - often the traps are predefined by
    the folks that write the software you're monitoring (such as a switch or
    router). It's usually just a matter of picking the one's you want to
    use. Obviously though someone had to write the trap. Malcomb gave an
    example earlier in the thread.

    As another person mentioned, security is important. Make sure you
    change the community RO and RW strings. By default they're usually set
    to "public". Unless you want any and all comers to be able to query and
    possibly change your systems you need to pick a different community
    string, (i.e. password).

    ....Kevin
    --
    Kevin Miller
    Juneau, Alaska
    http://www.alaska.net/~atftb
    In a recent poll, seven out of ten hard drives preferred Linux.

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,311
    Blog Entries
    15

    Default Re: Question about snmp

    Quote Originally Posted by Kevin Miller
    On 11/30/2010 09:36 AM, hgallo wrote:

    > Thank you so much kevin, so basically you can write a trap and
    > configure it to triger to an event... am I right. Thanks again that
    > makes a lot of sense.


    Yup. I haven't written any traps - often the traps are predefined by
    the folks that write the software you're monitoring (such as a switch
    or router). It's usually just a matter of picking the one's you want
    to use. Obviously though someone had to write the trap. Malcomb gave
    an example earlier in the thread.
    Hi
    Yes, snmp was my life for a few years.... I have a script I wrote
    that takes the notifications from any MIB and builds a trap (as in my
    earlier example for an edir one) makes life so much eaiser.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
    up 8 days 22:35, 2 users, load average: 0.01, 0.03, 0.05
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21


  8. #8
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Re: Question about snmp

    Thank you Malcom, kevin and tony I really appreciate the info.

    Best regards...
    Hmmmm I wonder how long before im good at this????????????

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •