Network Management & Monitoring with Linux

Some handy tools for managing today's ubiquitous networks.
What's the MIB?

SNMP defines a separate standard for the data managed by the protocol. This standard defines the data maintained by a device in the network and what operations are allowed on it. The data is structured in a tree form, and there is a unique path to reach each variable. This structured tree is called the Management Information Base (MIB) and is documented in several RFCs.

The current version of the TCP/IP MIB is MIB-II and is defined in RFC-1213. It divides the information a TCP/IP device should maintain into eight categories (shown in Table 1), and each variable included in this information must fall in one of them.

Table 1

The MIB definition of a particular item also specifies the data type it can contain. Usually, items of an MIB can store single integers, but they can also contain strings or more complex structures, like tables. Items in an MIB are called objects. Objects are the leaf nodes of the MIB tree, but an object can have more than one instance—for example, a table object. To refer to the value contained in an object, you must add the number of the instance. When only one instance exists for an object, this is the 0 instance.

For example, the object ifNumber from category “interfaces” contains an integer with the number of interfaces present in this device, but the object ipRoutingTable from category “ip” contains the routing table of the device.

Remember to use the number of the instance to retrieve the value for an object. In this case, the number of interfaces present in a router can be viewed with the instance ifNumber.0.

In the case of a table object, you must use the index of the table as the last number to indicate a specific instance (row of the table).

There is another standard by which to define and identify MIB variables, called Structure of Management Information (SMI). SMI specifies MIB variables must be declared in an ISO formal language called ASN.1 that makes the form and contents of these variables unambiguous.

The ISO name space is within a global name space with other trees for other standards organizations. Within the ISO name space there is a specific tree for the MIB information. Within that MIB part of the tree are areas for objects from all protocols and applications so their information can be represented unambiguously.

Figure 1 shows the TCP/IP MIB name space is located just down the mgmt name space of the IAB. The hierarchy also specifies a number for each of the levels.

Figure 1. TCP/IP Organizational Tree

It's important to notice that most of the software needs the leading dot (root) to locate the object in the MIB. If you don't include the leading dot, it assumes a relative path from .iso.org.dod.internet.mgmt.mib-2.

This way the object ifNumber from category “interfaces” can be named:

 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifnumber

or its numerical equivalent:

 .1.3.6.1.2.1.2.1
and the instance as:
 .iso.org.dod.internet.mgmt.mibxi-2.interfaces.ifnumber.0
or its numerical equivalent:
 .1.3.6.1.2.1.2.1.0
Additional MIBs can be added to this tree as vendors create them and publish the suitable RFCs.

What's the Future of SNMP?

A new specification called SNMPv2 is being actively developed. It addresses the lack of security of the actual protocol with mechanisms that focus on privacy, authentication and access control. It also allows more complex specification of variables and has some additional commands. The problem with SNMPv2 is it still is not a commonly accepted standard, unlike SNMPv1. It is not easy to find SNMPv2 versions of the agents and software to take advantage of the new commands. Let's see what happens in the near future...

SNMP with Linux

One of the most popular SNMP packages is CMU-SNMP. Originally designed by Carnegie Mellon University, it has been ported to Linux by Juergen Schoenwaelder and Erik Schoenfelder. It's fully compliant with the SNMPv1 standard and includes some of the new proposed functionalities of SNMPv2.

The distribution contains some manager tools that permit, in a command line style, send requests to devices running SNMP agents. It also contains an SNMP agent program, designed to run under Linux, that provides managers running on the network (or the same system) information about the status of the interfaces, routing table, uptime, contact information, etc.

One very valuable add-on that comes with CMU-SNMP is a SNMP C-API, which lets programmers build more complex management tools based on the networking capabilities of the distribution.

The installation on a Linux system is easy, but a little different from the original CMU distribution. The distribution comes with precompiled binary versions of the manager tools, the daemon and the API library.

First of all, you must decide whether to get the binary or the source distribution. It's easy to locate the package on the Internet (check the resources sidebar). The binary distribution runs cleanly with the 2.0 kernel series and is ELF-based. We will explain how to install the binary distribution. It's a good practice to get binary distributions only from trusted sites to avoid viruses, Trojan-horse style attacks and other security problems.

Put the file cmu-snmp-linux-3.2-bin.tar.gz in the root directory (/) of your Linux system and decompress it with the command:

gunzip cmu-snmp-linux-3.2-bin.tar.gz

Then, untar the distribution to its final location with the command:

tar xvf cmu-snmp-linux-3.2-bin.tar
Now you will have all the utilities and libraries properly installed on your system, except the SNMP agent configuration file /etc/snmpd.conf. You can create it by running the script:
 /tmp/cmu-snmp-linux-3.2/etc/installconf
with these options:
/tmp/cmu-snmp-linux-3.2/etc/installconf -mini <password>
where password is the public community you want to use. Now you can edit the newly installed configuration file /etc/snmpd.conf. In it, you can change the values for the UDP port used by the agent, the systemContact, systemLocation and systemName variables and the interface speed parameters for your network cards and PPP ports.

The most important management tools you get are:

  • /usr/bin/snmpget A tool designed to ask for a concrete value in the MIB of an agent in the network (a router, a hub, etc.)

  • /usr/bin/snmpgetnext It allows you to get the next object in an MIB tree without knowing its name.

  • /usr/bin/snmpset A tool to set values in remote agents

  • /usr/bin/snmpwalk Tool that requests a complete object or series of objects without having to specify the exact instance. It's useful for requesting table objects.

  • /usr/bin/snmpnetstat

  • /usr/bin/snmptrapd Daemon that listens for traps sent by agents

  • /usr/bin/snmptest Interactive tool designed to demonstrate the capacities of the API.

The agent is located in the /usr/sbin/snmpd directory.

CMU-SNMP also installs an MIB file in /usr/lib/mib.txt. It's a good reference to search for information we can request from a device.

The agent must be run at startup time, and can be set up with this line in one of your system boot files (/etc/rc.d/rc.local, for example):

/usr/sbin/snmpd -f ; \
        echo 'starting snmpd'

Once you have the SNMP agent running for your Linux box, you can test it with one of the management tools, entering:

/usr/bin/snmpget -v 1 localhost \
        public interfaces.ifNumber.0
which will return the number of network interfaces configured in the system, and:
/usr/bin/snmpwalk -v 1 localhost \
         public system
will return all the values in the system subtree of the MIB. (See Figure 2 for the output of this command.)

The C-API is located in /lib/libsnmp.so.3.1.

You can check the related header files as follows:

  • /usr/include/snmp/snmp.h

  • /usr/include/snmp/snmp_impl.h

  • /usr/include/snmp/asn1.h

  • /usr/include/snmp/snmp_api.h

and more information in the man pages snmp_api(3) and variables(5).

There's also a Perl extension module to interface with the CMU C-API that easily integrates calls to this library in Perl scripts.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

NPRE

Fadi Sodah's picture

I am monitoring my AIX PPC machines through MRTG, but standard AIX SNMP does not provide any information CPU/Paging/Disk ..etc.
You need to install a different SNMP agent, or collect the data via a different method, I use the NRPE agent and plugins, with the mrtg-nrpe.pl

Dipl.-Ing. Fadi Sodah
Network and Systems Engineer
IBM AIX System Specialist, CCNP, CCSP

great article

Zaal's picture

Easy to understand and great article.
Thank u David

mib compilation.

hrisi's picture

hi,
i,Hrisikesh want to know how to compile the new MIB which is specific to my company product and in which path i will put the new MIB in linux 2.4.18-14.
and what is procedure to execute a new MIB in linux 2.4.18-14.

i am eagerly waiting to ur mail.
thanks
hrisi

Mrtg on Linux

Anonymous's picture

Helllo

This is very impressive document, sir plz i need to add one more ip in my mrtg becuase we added one more ip on our ethernet and we need to know its usage as well and i am trying to find out where we add the new ip but i am not able to find it out.
Please help me out in this matter.
Thanks & Regards

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix