SNMP Monitoring The Sequel by Manuel Deschambault Support Tool Architect Symbiotic System Design
How many repeat offenders? 2
What group do you belong to?! 1- What the @#$^#$& is SNMP?! 2- I know what SNMP is but never used it.! 3- I ve used SNMP but it works on Macs?
Simple Network Management Protocol
SNMP Basics! What it does How it works What we can do with it Why use SNMP How the Mac uses it
What it does? Protocol used by devices to transmit: Performance data Health status Notification of events Supported by most IT equipment Not leveraged much outside the data center More versatile than most users know
How it works Data made available from the device What s a community? Data format What s a MIB? Querying the available data SNMPWalk SNMPGet What is different with a trap?
! What can we do with it? Performance gathering Trending Threshold alert Event Response
Why use SNMP? 9
Why use SNMP? 10
Why use SNMP? 11
Why use SNMP? 12
Why use SNMP? 13
Why use SNMP? 14
! How the Mac uses it Enter Net-SNMP Open standard
! How the Mac uses it Enter Net-SNMP Open standard
! How the Mac uses it Enter Net-SNMP Open standard
! How the Mac uses it Enter Net-SNMP Open standard
! How the Mac uses it Enter Net-SNMP Open standard
Turning it on!! (sudo) Edit /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist Set the Disabled key to false, save (sudo) launchctl load /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
Anatomy of snmpd.conf Monolithic text file in /etc/snmp/ Sections for: Read only community name Read/write community name System location System contact Extension scripts Process information Volume information
snmpd.conf The monolithic file does not lend well to management with usual Mac deployment tools Simple text file, we should be able to compose it from modular components Need to automate everything
/etc/snmp snmpd.conf Components rocommunity.txt syscontact.txt syslocation.txt Extensions examplescript.sh 23
Components folder was modified move /etc/snmp/snmpd.conf to /etc/snmp/snmp.conf.previous set default values for: -rocommunity (public) -syslocation (not specified) -syscontact (not specified) read: -/etc/snmp/components/rocommunity.txt -/etc/snmp/components/syslocation.txt -/etc/snmp/components/syscontact.txt are values valid? Yes No override defaults use defaults for each script do: list all scripts in /etc/snmp/components/extensions push rocommunity > /etc/snmp/snmpd.conf push syslocation >> /etc/snmp/snmpd.conf push sys contact >> /etc/snmp/snmpd.conf extract the OID extract the name take next script No is it last one Yes restart net-snmp daemon push "extend <OID> <name> <script path> >> /etc/snmp/snmpd.conf 24
OK, now we can develop Not so fast Need to make sure any data you return does not conflict with net-snmp extension scripts from other sources Best method is to control the OID you use Having your an IANA PEN number for your organisation guarantees that your data is return on your unique OID branch 25
Getting an IANA PEN number Make sure your company is not already registered by looking up their directory: http://www.iana.org/assignments/ enterprise-numbers/enterprise-numbers If you do not already have a PEN number registered, apply for one at: http://pen.iana.org/pen/penapplication.page 26
In best Kenny Rogers voice Once, Twice, Three time a shell script 27
Multi-purpose scripts Return value (echo) 28
Multi-purpose scripts Return value (echo) Exit status 29
Multi-purpose scripts Return value (echo) Exit status Arbitrary code execution (roaming) 30
Script runs every hour is emailalerts.txt valid? Yes is serverip.txt valid? No list all scripts in /etc/snmp/components/extensions ls /etc/snmp/components/extensions/so_* Yes No for each script do: No can we ping serve rip? run script passing emailalerts.txt take next script Yes is it last one No Exit script Yes 31
themactech@me.com http://j.mp/psumac62 32