Mike Weber's presentation on Mike Weber.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
3. 2013 3
Building the SNMP Puzzle
Opening the Box
* dumping the pieces
* stand up box to see the goal
Random Puzzle Pieces
* examining the connections
* searching for straight pieces
* organizing the colors
Fitting the Puzzle Pieces Together
* clicking the pieces together
* making sense of the mess
5. 2013 5
SNMP: The Challenging Puzzle
Actual Quote From Amazon.com
I have to be truthful. I have not finished the 9000 piece Ravensburger
Puzzle entitled Underwater Paradise. Despite my valiant attempt at this
immense and challenging endeavor, I simply don't think that I'm smart
enough or patient enough to do so. I have been bested by a puzzle
and I will readily admit it to anyone that asks.
6. 2013 6
SNMP extend Scripts
extend dfcheck /bin/df h
extend http_event "/bin/sh /usr/local/nagios/libexec/http_event"
extend provides multiline output from the command and is indicated by a name not a
number
Creating New Options with SNMP
Edit /etc/snmp/snmpd.conf
7. 2013 7
SNMP extend Scripts: Windows
It is possible to edit the Windows registry to allow SNMP Extensions.
http://support.microsoft.com/kb/128729
Possible but not probable.
12. 2013 12
SNMP Customized Data Collection:
Static Data
snmpwalk -v2c -c public 192.168.5.190 hrSWRunName.9909
HOST-RESOURCES-MIB::hrSWRunName.9909 = STRING: "httpd"
Dynamic Data
snmpget -v2c -c public 192.168.5.190 sysUpTimeInstance
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (574870)
1:35:48.70
Customized Data: Executing Commands/Scripts
extend dfcheck /bin/df h
Creating commands and arguments
Leverage Nagios Plugins
Reactions to Events
extend http_event /bin/sh
/usr/local/nagios/libexec/http_event
13. 2013 13
Why Make the Effort?
Complete Flexibility for Monitoring
capture data
capture data created
leverage Nagios plugins and scripts
Ability to Create Responses to Server Situations
* event handlers
* security responses
Total SNMP Server Monitoring
* avoid other methods of monitoring
Using check_snmp a Compiled Plugin
* saves on resources
30. 2013 30
nsExtendOutputFull
nsExtendOutputFull 1.3.6.1.4.1.8072.1.3.2.3.1.2
Full output of command as a string.
snmpwalk v2c c public 192.168.5.190 .1.3.6.1.4.1.8072.1.3.2.3
NETSNMPEXTENDMIB::nsExtendOutput1Line."who" = STRING: root pts/0 20130831
23:19 (192.168.5.103)
NETSNMPEXTENDMIB::nsExtendOutput1Line."dfcheck" = STRING: Filesystem Size
Used Avail Use% Mounted on
NETSNMPEXTENDMIB::nsExtendOutput1Line."http_event" = STRING: Stopping httpd: [ OK ]
NETSNMPEXTENDMIB::nsExtendOutputFull."who" = STRING: root pts/0 20130831
23:19 (192.168.5.103)
NETSNMPEXTENDMIB::nsExtendOutputFull."dfcheck" = STRING: Filesystem Size Used
Avail Use% Mounted on
/dev/simfs 4.0G 3.4G 526M 87% /
none 303M 4.0K 303M 1% /dev
NETSNMPEXTENDMIB::nsExtendOutputFull."http_event" = STRING: Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain
name, using 192.168.5.190 for ServerName
[ OK ]
NETSNMPEXTENDMIB::nsExtendOutNumLines."who" = INTEGER: 1
NETSNMPEXTENDMIB::nsExtendOutNumLines."dfcheck" = INTEGER: 3
NETSNMPEXTENDMIB::nsExtendOutNumLines."http_event" = INTEGER: 3
NETSNMPEXTENDMIB::nsExtendResult."who" = INTEGER: 0
NETSNMPEXTENDMIB::nsExtendResult."dfcheck" = INTEGER: 0
NETSNMPEXTENDMIB::nsExtendResult."http_event" = INTEGER: 0
31. 2013 31
Recognizing Command OIDs: 107
Here is an extend script found in the /etc/snmp/snmpd.conf.
extend dfcheck /bin/df h
.1.3.6.1.4.1.8072.1.3.2.2.1.2.7.100.102.99.104.101.99.107 = STRING: /bin/df
.1.3.6.1.4.1.8072.1.3.2.2.1.3.7.100.102.99.104.101.99.107 = STRING: h
.1.3.6.1.4.1.8072.1.3.2.2.1.4.7.100.102.99.104.101.99.107 = STRING:
.1.3.6.1.4.1.8072.1.3.2.2.1.5.7.100.102.99.104.101.99.107 = INTEGER: 5
.1.3.6.1.4.1.8072.1.3.2.2.1.6.7.100.102.99.104.101.99.107 = INTEGER: exec(1)
.1.3.6.1.4.1.8072.1.3.2.2.1.7.7.100.102.99.104.101.99.107 = INTEGER: runonread(1)
.1.3.6.1.4.1.8072.1.3.2.2.1.20.7.100.102.99.104.101.99.107 = INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.3.2.2.1.21.7.100.102.99.104.101.99.107 = INTEGER: active(1)
.1.3.6.1.4.1.8072.1.3.2.3.1.1.7.100.102.99.104.101.99.107 = STRING: Filesystem Size Used Avail Use% Mounted on
.1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107 = STRING: Filesystem Size Used Avail Use% Mounted on
/dev/simfs 4.0G 3.1G 843M 79% /
none 303M 4.0K 303M 1% /dev
.1.3.6.1.4.1.8072.1.3.2.3.1.3.7.100.102.99.104.101.99.107 = INTEGER: 3
.1.3.6.1.4.1.8072.1.3.2.3.1.4.7.100.102.99.104.101.99.107 = INTEGER: 0
.1.3.6.1.4.1.8072.1.3.2.4.1.2.7.100.102.99.104.101.99.107.1 = STRING: Filesystem Size Used Avail Use% Mounted on
.1.3.6.1.4.1.8072.1.3.2.4.1.2.7.100.102.99.104.101.99.107.2 = STRING: /dev/simfs 4.0G 3.1G 843M 79% /
.1.3.6.1.4.1.8072.1.3.2.4.1.2.7.100.102.99.104.101.99.107.3 = STRING: none 303M 4.0K 303M 1% /dev
32. 2013 32
Recognizing Command OIDs: 116
Here is an extend script found in the /etc/snmp/snmpd.conf.
extend http_event "/bin/sh /usr/local/nagios/libexec/http_event"
.1.3.6.1.4.1.8072.1.3.2.2.1.2.10.104.116.116.112.95.101.118.101.110.116 = STRING: /bin/sh
/usr/local/nagios/libexec/http_event
.1.3.6.1.4.1.8072.1.3.2.2.1.3.10.104.116.116.112.95.101.118.101.110.116 = STRING:
.1.3.6.1.4.1.8072.1.3.2.2.1.4.10.104.116.116.112.95.101.118.101.110.116 = STRING:
.1.3.6.1.4.1.8072.1.3.2.2.1.5.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: 5
.1.3.6.1.4.1.8072.1.3.2.2.1.6.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: exec(1)
.1.3.6.1.4.1.8072.1.3.2.2.1.7.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: runonread(1)
.1.3.6.1.4.1.8072.1.3.2.2.1.20.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.3.2.2.1.21.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: active(1)
.1.3.6.1.4.1.8072.1.3.2.3.1.1.10.104.116.116.112.95.101.118.101.110.116 = STRING: Stopping httpd: [ OK ]
.1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107 = STRING: Filesystem Size Used Avail Use% Mounted on
/dev/simfs 4.0G 3.1G 843M 79% /
none 303M 4.0K 303M 1% /dev
.1.3.6.1.4.1.8072.1.3.2.3.1.2.10.104.116.116.112.95.101.118.101.110.116 = STRING: Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.5.190 for
ServerName
[ OK ]
.1.3.6.1.4.1.8072.1.3.2.3.1.3.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: 3
.1.3.6.1.4.1.8072.1.3.2.3.1.4.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: 0
.1.3.6.1.4.1.8072.1.3.2.4.1.2.10.104.116.116.112.95.101.118.101.110.116.1 = STRING: Stopping httpd: [ OK ]
.1.3.6.1.4.1.8072.1.3.2.4.1.2.10.104.116.116.112.95.101.118.101.110.116.2 = STRING: Starting httpd: httpd: Could not
reliably determine the server's fully qualified domain name, using 192.168.5.190 for ServerName
.1.3.6.1.4.1.8072.1.3.2.4.1.2.10.104.116.116.112.95.101.118.101.110.116.3 = STRING: [ OK ]
33. 2013 33
Multiple Systems: OIDs the Same
It is important that the OIDs are the same, if the command is exactly the same, on
multiple machines.
CentOS 6
.1.3.6.1.4.1.8072.1.3.2.2.1.2.7.100.102.99.104.101.99.107 = STRING: /bin/df
.1.3.6.1.4.1.8072.1.3.2.2.1.2.10.104.116.116.112.95.101.118.101.110.116 = STRING:
/bin/sh /usr/local/nagios/libexec/http_event
Ubuntu 12.04
.1.3.6.1.4.1.8072.1.3.2.2.1.2.7.100.102.99.104.101.99.107 = STRING: /bin/df
.1.3.6.1.4.1.8072.1.3.2.2.1.2.10.104.116.116.112.95.101.118.101.110.116 = STRING:
/bin/sh /usr/local/nagios/libexec/http_event
34. 2013 34
OIDs May Produce Different Outcome
In this example the OID is the same, however the output is different because the
filesystem is different.
CentOS 6.3
.1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107 = STRING: Filesystem
Size Used Avail Use% Mounted on
/dev/simfs 4.0G 3.1G 843M 79% /
none 303M 4.0K 303M 1% /dev
Ubuntu 12.04
.1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107 = STRING: Filesystem
Size Used Avail Use% Mounted on
/dev/vda 20G 1.3G 18G 7% /
none 243M 148K 243M 1% /dev
none 247M 0 247M 0% /dev/shm
none 247M 84K 247M 1% /var/run
none 247M 0 247M 0% /var/lock
none 247M 0 247M 0% /lib/init/rw
none 20G 1.3G 18G 7% /var/lib/ureadahead/debugfs
37. 2013 37
Example: extend dfcheck /bin/df -h
Problem Develops:
Limiting to OID That Lists Partitions
snmpwalk v1 c public 192.168.5.190 .1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107
NETSNMPEXTENDMIB::nsExtendOutputFull."dfcheck" = STRING: Filesystem Size Used Avail
Use% Mounted on
/dev/simfs 4.0G 3.1G 843M 79% /
none 303M 4.0K 303M 1% /dev
Limit with grep for / Partition
snmpwalk v1 c public 192.168.5.190 .1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107 |
grep "/$"
/dev/simfs 4.0G 3.1G 843M 79% /
Problem: Test a Plugin
check_snmp H 192.168.5.190 C public o .1.3.6.1.4.1.8072.1.3.2.3.1.2.7.100.102.99.104.101.99.107
SNMP OK "Filesystem Size Used Avail Use% Mounted on/dev/simfs 4.0G 3.1G
843M 79% /
none 303M 4.0K 303M 1% /dev"
38. 2013 38
Creating the Service Check
Scan the tree for an OID for the Command
snmpwalk v1 c public 192.168.5.190 .1.3.6.1.4.1.8072.1.3.2
.1.3.6.1.4.1.8072.1.3.2.4.1.2.7.100.102.99.104.101.99.107.2 = STRING: /dev/simfs 4.0G
3.1G 843M 79% /
Text String for Service Check
C public o .1.3.6.1.4.1.8072.1.3.2.4.1.2.7.100.102.99.104.101.99.107.2
45. 2013 45
Example: Event Handler
List the OID to Execute
snmpwalk v2c 192.168.5.190 c public 1.3.6.1.4.1.8072.1.3.2.3.1.4
NETSNMPEXTENDMIB::nsExtendResult."http_event" = INTEGER: 0
Retrieve the Numerical Values
snmpwalk v2c 192.168.5.190 c public 1.3.6.1.4.1.8072.1.3.2.3.1.4 On
.1.3.6.1.4.1.8072.1.3.2.3.1.4.10.104.116.116.112.95.101.118.101.110.116 = INTEGER: 0
SNMP Executes the script when the extend name (http_event) is called
46. 2013 46
Example: Event Handler
Create a Script on Nagios to Monitor and Execute
#!/bin/sh
host=$1
string="NAGIOS TEST PAGE"
output=$(/usr/local/nagios/libexec/check_http $host s $string|grep "HTTP OK HTTP/1.1
200 OK "|wc l)
if [ $output eq 1 ]
then
echo "Web Page is OK"
exit 0
else
echo "Web Page is Being Restarted"
snmpwalk v2c $host c public .
1.3.6.1.4.1.8072.1.3.2.3.1.4.10.104.116.116.112.95.101.118.101.110.116
exit 2
fi