Technology Casserole

While using an excellent network monitoring utility from MikroTik called The Dude I discovered I’d been missing something very basic from my arsenal of geeky software tools, SNMP. Simple Network Management Protocol has been around for a long time and can provide some useful insight into what’s happening with the servers, workstations, printers, switches and routers on your network. Want to keep an eye on the CPU load of a VMWare host? See how much bandwidth is being used on the 10 Gigabit link to your fileserver? SNMP can do it.

Here I am going to look at read-only SNMP monitoring with the barebones setup needed to see what use the information may be to you. I’m not going to try and explain how SNMP works or even consider that exposing all the MIB’s could hog resources on the machines that are being monitored. Sorting all that can come later.

Linux

It’s easy to get started monitoring your linux boxen by installing an SNMP daemon and configuring it. Here are some examples with common distros I use.

Debian / Ubuntu (and eBox)

Install and configure just enough to see it work:

sudo apt-get install snmpd

A 3-line configuration file will give us plenty of access to play with. Backup the included config file (which has loads of useful info in it, BTW) and make a new one like so:

sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
sudo nano /etc/snmp/snmpd.conf

rocommunity public 192.168.22.0/24
syslocation  "A descriptive location"
syscontact  you@your.mail

Of course replace the location and contact info, and put your network subnet in place of 192.168.22.0/24 (you can also omit the subnet and it should be available from anywhere). Now we need to get snmpd to read our configuration, since by default it only allows localhost. Change the options to point to the file

sudo nano /etc/default/snmpd

#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'

…and restart the daemon:

sudo /etc/init.d/snmpd restart

You can get a dump of the SNMP info with snmpwalk, like so:

snmpwalk -v 2c -c public localhost |less

To connect from another host on the network you need to have port 161/UDP open in your firewall. You can test it with snmpwalk, substituting the IP of the target host for localhost, above.

I run a few instances of eBox for routing and other functions, and it’s really spiffy and happens to run on top of Ubuntu so I wanted to mention it since these instructions therefore also apply to eBox. There’s only two steps needed in the eBox services menu to open the needed port. First you add a new service (call it SNMP) and declare it as internal. Then edit the service configuration and add a UDP protocol with a source port of Any, and a destination port of 161. Once you’ve added the service head over to Firewall..packet filter. Look under the first option, “..Internal networks to eBox” hit configure rules and add a new rule to ACCEPT .. Any and pick SNMP from the dropdown menu and press Add. Save changes to restart all the effected services and you should be able to connect.

OpenSUSE (iFolder appliance)

Fire up yast as root and install net-snmp (and dependencies):

yast2 -i net-snmp

The default configuration will look like ours did above and will work with one change to allow access from your LAN subnet. You can change the sys-info too and use your address range:

pico /etc/snmp/snmpd.conf

#rocommunity public 127.0.0.1
rocommunity public 192.168.22.0/24

…and then restart the service…

/etc/init.d/snmpd restart

My OpenSUSE 11.1 system is actually a Novell iFolder virtual appliance. iFolder creates a self-hosted dropbox-like service and after some time with no activity, it seems to be back in development. It’s certainly worth a look.

Windows

The procedure for the various versions of Windows is basically the same. You need to install SNMP from Control Panel, configure the service, and poke a hole in the firewall (which you had better be running!). You will likely need your installation media so it can grab the necessary files to install, though I don’t remember needing it on Windows 7.

Bring up Control Panel and go to “Programs and Features” (or “Add/Remove Programs” in older versions) and select “Turn Windows Features on or off” (“Add/Remove Windows Components” it’s on the left side button bar). Simple Network Management Protocol will be listed there (hiding under Management and Monitoring tools in older versions of Windows) and you can simply check the box and continue on to install it. No reboot or anything is required.

The next step is to jump into services and allow access to the public community as read-only, emulating the settings we did for Linux before. Right-click on Computer (or My Computer) and select Manage. At the bottom you will find the services snap in. Scroll down and open up the SNMP service and edit the Security tab, adding the public entry and allowing access from all hosts (or you could enter in the one you are using to monitor it from if you like).

On versions of windows prior to Vista you will need to go to the Firewall and manually add an exception to allow traffic on port 161/UDP. Once you are done you should have access across the network.

Other networked stuff

Every networked laser printer I have here and at work seems to support at least some SNMP v1 features. You should be able to get memory and disk info and almost always network status and performance. Other networked printers, like large format ink jets, have similar data available.

Managed switches (which are a great deal if you buy them used on eBay) can give info about every port and even let you figure out what’s plugged in to each port to help you map your nest of wiring.

More about managed switches and making SNMP at least a tiny bit secure will have to wait for a follow-up post. Keep an eye out for it.