TCP/IP Protocol: Simple Network Management Protocol (SNMP)

J

Jarret W. Buse

Guest
TCP/IP Protocol: Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) is a TCP/IP protocol used to gather or set data for remote devices on the network. Examples can include routers, computers, printers, and other devices. The data gathered can include how the device is operating as well as how it has been operating in the past. Current settings can also be obtained, such as IP Addresses of the Network Interface Card (NIC) in a computer.

Each object on the network, such as a router, is a managed object. Each managed object contains software which responds to the SNMP requests. The responding software on the managed device is an Agent. Each Agent contains a list of valid requests which is called the Management Information Base (MIB). The MIB consists of a list of Object Identifiers (OIDs) that have a special meaning for each device. Each device has a specific MIB which has OIDs what do not exist in other MIBs. For example, a printer may contain the OID for ink cartridge levels (prtMarkerSuppliesLevel). Some OIDs can be requested (read), such as printer ink level, while others can be set (write) such as prtAuxiliarySheetBannerPage which is used to enable banner sheets to print before each print job.

NOTE: Be aware that the specific device you may want to use SNMP to monitor must support SNMP. Each device and even services have their own MIB to support all functions of the specific device and service.

The Manager is the software which is used to request information from the Agents. The Manager is installed on a computer and tracks the ‘traps’ set for monitoring. For example, a trap can be set to alert you when the printer ink becomes very low so you know when to replace the cartridge.

SNMP is currently using version 3 (SNMPv3), and it uses User Datagram Protocol (UDP) ports 161 and 162. The Agent receives requests on Port 161 from the Managers and responds to the Managers on Port 162. Secure SNMP uses ports 10161 and 10162 using Transport Layer Security (TLS). When secured, the Agent receives requests on Port 10161 from the Managers and sends a secured response to the Managers on Port 10162.

NOTE: Security measures other than TLS exist for securing SNMP. Datagram Transport Security Layer (DTLS) is another security option. Understand that SNMPv3 works on both TCP/IP version 4 and version 6.

SNMPv3 has seven Protocol Data Units (PDUs) as follows:

  1. GetRequest – Manager-to-Agent request for information
  2. GetNextRequest – Manager-to-Agent request for information of next value in OID
  3. GetBulkRequest - Manager-to-Agent request for information of all values in OID
  4. SetRequest – Manager-to-Agent request to change the value of an OID
  5. Response – Agent-to-Manager response for GET requests
  6. Trap – Agent-to-Manager response when a specific value reaches a threshold
  7. InformRequest – Manager-to-Manager or Agent-to-Manager response to acknowledge a Trap
NOTE: The InformRequest was used to verify a Trap since the delivery is not guaranteed because is uses UDP.

Manager

The SNMP daemon (snmpd) is used to install SNMP on a Linux system to make an SNMP Manager. First, the SNMP daemon needs to be installed by using the following command: ‘sudo apt-get install snmpd’. Answer ‘y’ (yes) to install SNMP.

The file /etc/snmp/snmpd.conf can be deleted and remade using the following:

rocommunity public
syslocation "Server, Linux.ORG"
syscontact [email protected]

NOTE: The community is a name given to a group of devices. SNMP version 1 and 2 use the community string to verify that the Manager and Agent are in the same group (a simple form of security). SNMP version 3 uses username and passwords for authentication.

Now, the SNMP daemon needs to use the new file and listen on all interfaces (it defaults to loopback). Edit /etc/default/snmpd and comment the following lines:

# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

Adding the following lines:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'

NOTE: The initial line allows the manager to poll SNMP only from the loopback (127.0.0.1), but the replacement line allows you poll the whole network.

Restart the snmpd service with the command: sudo service snmpd restart.

Agent

In some cases, it can be useful to monitor a computer as you would any other SNMP device on the network. Traps can be set just as they would be on any network device being monitored. Install the SNMP daemon and follow the rest of the instructions.

Once installed, the SNMP daemon has no MIBs as required by an Agent. You need to install the MIBs by running:

sudo apt-get install snmp-mibs-downloader

Open the file /etc/snmp/snmp.conf and comment out all the lines.

Edit the file etc/snmp/snmpd.conf and change the line:

rocommunity public default -V systemonly

to:

rocommunity public 10.0.0.0/8

NOTE: Change the community name from public if needed and the IP network address should be appropriate to your network.

SNMP Security

Very simple measures can be taken to secure your SNMP devices from those outside your network. If the network is firewalled to the Internet, be sure to block the SNMP ports from the Internet so no one from the Internet can access your SNMP devices. Do not use the ‘public’ community name. If using SNMP version 3, use a complicated username and password.

With any of these instructions, be sure to follow all directions and not skip a step. Also, be aware that the SNMP daemon is not the only SNMP Manager available, others may suit your needs better.
 

Attachments

  • slide.jpg
    slide.jpg
    56.3 KB · Views: 139,032


Is there any way to schedule the pulling or trap ?
Monitoring to be done 24x7.
Can it be done by using monitoring tools like icinga or nagios ??
 
Is there any way to schedule the pulling or trap ?
Monitoring to be done 24x7.
Can it be done by using monitoring tools like icinga or nagios ??

I haven't used those programs. For Nagio, look under this section:
Configure “TRAP” Service Check on the page at http://paulgporter.net/2013/09/16/nagios-snmp-traps/.

Also, look at http://support.nagios.com/forum/viewtopic.php?f=20&t=27303. You may get a hint from these. It can be done, but from experience, not all monitoring programs do this, or at least easily.
 
Thank you Jarret for the sources, I will be going through them now.
 

Members online


Top