Question about snmp

Hey Guys I have a favor to ask, I’ve been having a really hard time trying to understand how snmp traps work, what can they do for you, and why they are useful.

I’ve done some research and I’ve even set up snmp clients on linux systems, not necessarily the traps. I know they communicate on port 161 and 162 and I also know that you set them up to connect to a community string. Still I cant grasp the concept.

If you don’t mind can any one break it down for me, in very basic terms… Thanks…

Hi
As the name says it’s a simple way to send data to a monitoring system
over UDP.

Buried in the trap OID can be all sorts of information based on the
MIB for the system your wanting to monitor, for example;


echo "Generating ndsRenameEntry test trap..."
# ndsTrapTime Attributes: INTEGER (0..-1)
# ndsEventType Attributes: INTEGER (0..-1)
# ndsResult Attributes: INTEGER
# ndsPerpetratorName Attributes: OCTET STRING (0..768)
# ndsEntryName Attributes: OCTET STRING (0..768)
# ndsEntryName2 Attributes: OCTET STRING (0..768)
# ndsClassName Attributes: OCTET STRING (0..768)
# ndsFlags Attributes: INTEGER (0..-1)
# ndsServerName2 Attributes: OCTET STRING (0..768)

snmptrap -v 2c -m ALL -c public $DEST '' ndsRenameEntry \
ndsTrapTime i "1" \
ndsEventType i "1" \
ndsResult i "1" \
ndsPerpetratorName s "TrapTester" \
ndsEntryName s "TrapTester" \
ndsEntryName2 s "TrapTester" \
ndsClassName s "TrapTester" \
ndsFlags i "1" \
ndsServerName2 s "TrapTester" \

echo "End"

So for ndsTrapTime Attributes looking at the MIB info description,
this is;


"The total number of seconds since midnight
(12 am) of 1 January 1970 GMT (UT)
when the trap was generated"

All this information is then interpreted by the remote monitoring system
and turns it into readable info however it needs to be displayed.

How have I used it in a real world example, there was some equipment
that only produced log information instead of an snmp trap. I used a
program called SEC to monitor the logs and when it saw an event I had
some pre done perl scripts that ran to produce a real snmp trap to be
forwarded to the management system to be actioned as appropriate.


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 4 days 20:01, 4 users, load average: 0.04, 0.03, 0.04
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21

On 11/27/2010 11:06 AM, hgallo wrote:
>
> Hey Guys I have a favor to ask, I’ve been having a really hard time
> trying to understand how snmp traps work, what can they do for you, and
> why they are useful.
>
> I’ve done some research and I’ve even set up snmp clients on linux
> systems, not necessarily the traps. I know they communicate on port 161
> and 162 and I also know that you set them up to connect to a community
> string. Still I cant grasp the concept.
>
> If you don’t mind can any one break it down for me, in very basic
> terms… Thanks…

At work we use a program called openNMS. It’s a network monitoring
system. Using snmp, we can collect stats from our switches, servers,
routers etc. showing all sorts of useful information such as bandwidth
usage, network or device health, disk space and the like. It’s handy to
be able to see the history of devices over time.

You can do things like set a trap on CPU temp, or maybe disk space.
It’s nice to get a message in email saying a shared disked is 95% full
rather than getting a phone call from your boss on a Saturday saying the
folks that are working the weekend can’t save their files.

Of course, that’s just one example. Pretty much anything you want to
know about your system before it becomes an issue is a good candidate
for snmp traps…

…Kevin

Kevin Miller - http://www.alaska.net/~atftb
Juneau, Alaska
In a recent survey, 7 out of 10 hard drives preferred Linux
Registered Linux User No: 307357, http://counter.li.org

Thank you so much kevin, so basically you can write a trap and configure it to triger to an event… am I right. Thanks again that makes a lot of sense.

Good stuff, all comments.

But, would not be complete without a warning on the safety/security issues involved, for a long time now SNMP has been considered easy to compromise due to its simplistic security architecture, so the warning is to use it only within protected LANS, never exposed to public networks like the Internet or WiFi (except possibly when encapsulated).

If you need to monitor a remote network, monitoring systems like Nagios support a remote proxy which can collect data before sending securely or encrypting the data or configuring only outbound connections on behalf of SNMP type data.

Tony

On 11/30/2010 09:36 AM, hgallo wrote:
>
> atftb;2258537 Wrote:
>> On 11/27/2010 11:06 AM, hgallo wrote:
>>>
>>> Hey Guys I have a favor to ask, I’ve been having a really hard
>>> time trying to understand how snmp traps work, what can they do
>>> for you, and why they are useful.
>>>
>>> I’ve done some research and I’ve even set up snmp clients on
>>> linux systems, not necessarily the traps. I know they communicate
>>> on port 161 and 162 and I also know that you set them up to connect to a
>> community string. Still I cant grasp the concept.
>>>
>>> If you don’t mind can any one break it down for me, in very
>>> basic terms… Thanks…
>>
>> At work we use a program called openNMS. It’s a network
>> monitoring system. Using snmp, we can collect stats from our
>> switches, servers, routers etc. showing all sorts of useful
>> information such as bandwidth usage, network or device health, disk
>> space and the like. It’s handy to be able to see the history of
>> devices over time.
>>
>> You can do things like set a trap on CPU temp, or maybe disk
>> space. It’s nice to get a message in email saying a shared disked
>> is 95% full rather than getting a phone call from your boss on a
>> Saturday saying the folks that are working the weekend can’t save
>> their files.
>>
>> Of course, that’s just one example. Pretty much anything you want
>> to know about your system before it becomes an issue is a good
>> candidate for snmp traps…
>
> Thank you so much kevin, so basically you can write a trap and
> configure it to triger to an event… am I right. Thanks again that
> makes a lot of sense.

Yup. I haven’t written any traps - often the traps are predefined by
the folks that write the software you’re monitoring (such as a switch or
router). It’s usually just a matter of picking the one’s you want to
use. Obviously though someone had to write the trap. Malcomb gave an
example earlier in the thread.

As another person mentioned, security is important. Make sure you
change the community RO and RW strings. By default they’re usually set
to “public”. Unless you want any and all comers to be able to query and
possibly change your systems you need to pick a different community
string, (i.e. password).

…Kevin

Kevin Miller
Juneau, Alaska
http://www.alaska.net/~atftb
In a recent poll, seven out of ten hard drives preferred Linux.

Hi
Yes, snmp was my life for a few years… :wink: I have a script I wrote
that takes the notifications from any MIB and builds a trap (as in my
earlier example for an edir one) makes life so much eaiser.


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
up 8 days 22:35, 2 users, load average: 0.01, 0.03, 0.05
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21

Thank you Malcom, kevin and tony I really appreciate the info.

Best regards…