O'Reilly - Essential SNMP

Table of Contents
Index
Reviews
Examples
Reader Reviews
Errata
Essential SNMP
By Douglas Mauro, Kevin Schmidt

Publisher : O'Reilly
Pub Date : July 2001
ISBN : 0-596-00020-0
Pages : 291

Thi s pr act i cal gui de f or net wor k and syst emadmi ni st r at or s
i nt r oduces SNMP al ong wi t h t he t echni cal backgr ound t o use i t
ef f ect i vel y. But t he mai n f ocus i s on pr act i cal net wor k
admi ni st r at i on: how t o conf i gur e SNMP agent s and net wor k
management st at i ons, how t o use SNMP t o r et r i eve and modi f y
var i abl es on net wor k devi ces, how t o conf i gur e management
sof t war e t o r eact t o t r aps sent by managed devi ces. Cover s al l
SNMP ver si ons t hr ough SNMPv3.
Copyr i ght 2001 O' Rei l l y & Associ at es, I nc. Al l r i ght s
r eser ved.
Pr i nt ed i n t he Uni t ed St at es of Amer i ca.
Publ i shed by O' Rei l l y & Associ at es, I nc. , 101 Mor r i s St r eet ,
Sebast opol , CA 95472.
Nut shel l Handbook, t he Nut shel l Handbook l ogo, and t he O' Rei l l y
l ogo ar e r egi st er ed t r ademar ks of O' Rei l l y & Associ at es, I nc.
Many of t he desi gnat i ons used by manuf act ur er s and sel l er s t o
di st i ngui sh t hei r pr oduct s ar e cl ai med as t r ademar ks. Wher e
t hose desi gnat i ons appear i n t hi s book, and O' Rei l l y &
Associ at es, I nc. was awar e of a t r ademar k cl ai m, t he
desi gnat i ons have been pr i nt ed i n caps or i ni t i al caps. The
associ at i on bet ween t he i mage of r ed deer and t he t opi c of SNMP
i s a t r ademar k of O' Rei l l y & Associ at es, I nc.

Whi l e ever y pr ecaut i on has been t aken i n t he pr epar at i on of
t hi s book, t he publ i sher assumes no r esponsi bi l i t y f or er r or s
or omi ssi ons, or f or damages r esul t i ng f r omt he use of t he
i nf or mat i on cont ai ned her ei n.

Pref ace
The Si mpl e Net wor k Management Pr ot ocol ( SNMP) i s an I nt er net -
st andar d pr ot ocol f or managi ng devi ces on I P net wor ks. Many
ki nds of devi ces suppor t SNMP, i ncl udi ng r out er s, swi t ches,
ser ver s, wor kst at i ons, pr i nt er s, modemr acks, and
uni nt er r upt i bl e power suppl i es ( UPSs) . The ways you can use
SNMP r ange f r omt he mundane t o t he exot i c: i t ' s f ai r l y si mpl e
t o use SNMP t o moni t or t he heal t h of your r out er s, ser ver s, and
ot her pi eces of net wor k har dwar e, but you can al so use i t t o
cont r ol your net wor k devi ces and even send pages or t ake ot her
aut omat i c act i on i f pr obl ems ar i se. The i nf or mat i on you can
moni t or r anges f r omr el at i vel y si mpl e and st andar di zed i t ems,
l i ke t he amount of t r af f i c f l owi ng i nt o or out of an i nt er f ace,
t o mor e esot er i c har dwar e- and vendor - speci f i c i t ems, l i ke t he
ai r t emper at ur e i nsi de a r out er .
Gi ven t hat t her e ar e al r eady a number of books about SNMP i n
pr i nt , why wr i t e anot her one? Al t hough t her e ar e many books on
SNMP, t her e' s a l ack of books ai med at t he pr act i ci ng net wor k
or syst emadmi ni st r at or . Many books cover how t o i mpl ement SNMP
or di scuss t he pr ot ocol at a f ai r l y abst r act l evel , but none
r eal l y answer s t he net wor k admi ni st r at or ' s most basi c
quest i ons: How can I best put SNMP t o wor k on my net wor k? How
can I make managi ng my net wor k easi er ?
We pr ovi de a br i ef over vi ew of t he SNMP pr ot ocol i n Chapt er 2
t hen spend a f ew chapt er s di scussi ng i ssues such as har dwar e
r equi r ement s and t he sor t s of t ool s t hat ar e avai l abl e f or use
wi t h SNMP. However , t he bul k of t hi s book i s devot ed t o
di scussi ng, wi t h r eal exampl es, how t o use SNMP f or syst emand
net wor k admi ni st r at i on t asks.
Most newcomer s t o SNMP ask some or al l of t he f ol l owi ng
quest i ons:
What exactly is SNMP?
How can I, as a system or network administrator, benefit
from SNMP?
What is a MIB?
What is an OID?
What is a community string?
What is a trap?

I've heard that SNMP is insecure. Is this true?
Do any of my devices support SNMP? If so, how can I tell
if they are configured properly?
How do I go about gathering SNMP information from a
device?
I have a limited budget for purchasing network-management
software. What sort of free/open source software is
available?
Is there an SNMP Perl module that I can use to write cool
scripts?
Thi s book answer s al l t hese quest i ons and mor e. Our goal i s t o
demyst i f y SNMP and make i t mor e accessi bl e t o a wi der r ange of
user s.

Audi ence f or Thi s Book
Thi s book i s i nt ended f or syst emand net wor k admi ni st r at or s who
coul d benef i t f r omusi ng SNMP t o manage t hei r equi pment but who
have l i t t l e or no exper i ence wi t h SNMP or SNMP appl i cat i ons. I n
our exper i ence al most any net wor k, no mat t er how smal l , can
benef i t f r omusi ng SNMP. I f you' r e a Per l pr ogr ammer , t hi s book
wi l l gi ve you some i deas about how t o wr i t e scr i pt s t hat use
SNMP t o hel p manage your net wor k. I f you' r e not a Per l user you
can use many of t he ot her t ool s we pr esent , r angi ng f r omNet -
SNMP ( an open sour ce col l ect i on of command- l i ne t ool s) t o
Hewl et t Packar d' s OpenVi ew ( a hi gh- end, hi gh- pr i ced net wor k-
management pl at f or m) .
Organi zat i on
Chapt er 1 pr ovi des a nont echni cal over vi ew of net wor k
management wi t h SNMP. We i nt r oduce t he di f f er ent ver si ons of
SNMP as wel l as t he concept s of manager s and agent s.
Chapt er 2 di scusses t he t echni cal det ai l s of SNMP. We l ook at
t he St r uct ur e of Management I nf or mat i on ( SMI ) and t he
Management I nf or mat i on Base ( MI B) and di scuss how SNMP act ual l y
wor ks; i . e. , how management i nf or mat i on i s sent and r ecei ved
over t he net wor k.
Chapt er 3 hel ps you t o t hi nk about st r at egi es f or depl oyi ng
SNMP.
Chapt er 4 di scusses what i t means when a vendor says t hat i t s
equi pment i s " SNMP- compat i bl e. "
Chapt er 5 i nt r oduces some of t he avai l abl e net wor k- management
sof t war e. We di scuss t he pr os and cons of each package and
pr ovi de poi nt er s t o vendor s' web si t es. We i ncl ude bot h
commer ci al and open sour ce packages i n t he di scussi on.

Chapt er 6 pr ovi des a basi c under st andi ng of what t o expect when
i nst al l i ng NMS sof t war e by l ooki ng at t wo NMS packages, HP' s
OpenVi ew and Cast l e Rock' s SNMPc.
Chapt er 7 descr i bes how t o conf i gur e t he Wi ndows SNMP agent and
sever al SNMP agent s f or Uni x, i ncl udi ng t he Net - SNMP agent . To
r ound t he chapt er out , we di scuss how t o conf i gur e t he embedded
agent s on t wo net wor k devi ces: t he Ci sco SNMP agent and t he APC
Symet r a SNMP agent .
Chapt er 8 shows how you can use command- l i ne t ool s and Per l t o
gat her ( pol l ) SNMP i nf or mat i on and change ( set ) t he st at e of a
managed devi ce.
Chapt er 9 di scusses how t o conf i gur e OpenVi ew and SNMPc t o
gat her SNMP i nf or mat i on vi a pol l i ng. Thi s chapt er al so
di scusses RMON conf i gur at i on on a Ci sco r out er .
Chapt er 10 exami nes how t o send and r ecei ve t r aps usi ng
command- l i ne t ool s, Per l , OpenVi ew, and ot her management
appl i cat i ons.
Chapt er 11 shows how sever al popul ar SNMP agent s can be
ext ended. Ext ensi bl e agent s pr ovi de end user s wi t h a means t o
ext end t he oper at i on of an agent wi t hout havi ng access t o t he
agent ' s sour ce code.
Chapt er 12 i s gear ed t owar d Per l - savvy syst emadmi ni st r at or s.
We pr ovi de Per l scr i pt s t hat demonst r at e how t o per f or msome
common syst emadmi ni st r at i on t asks wi t h SNMP.
Chapt er 13 i nt r oduces one of t he most wi del y used open sour ce
SNMP appl i cat i ons, t he Mul t i Rout er Tr af f i c Gr apher ( MRTG) .
MRTG pr ovi des net wor k admi ni st r at or s wi t h web- based usage
gr aphs of r out er i nt er f aces and can be conf i gur ed t o gr aph many
ot her ki nds of dat a.
Appendi x A di scusses how t o use OpenVi ew t o gr aph i nput and
out put oct et s.
Appendi x B di scusses how t o gr aph ext er nal dat a wi t h Net wor k
Node Manager ( NNM) , add menu i t ems t o NNM, conf i gur e user
pr of i l es, and use NNM as a cent r al i zed communi cat i on i nt er f ace.
Appendi x C summar i zes t he usage of t he Net - SNMP command- l i ne
t ool s.
Appendi x D pr ovi des an aut hor i t at i ve l i st of t he var i ous RFC
number s t hat per t ai n t o SNMP.
Appendi x E i s a good summar y of t he SNMP Per l modul e used
t hr oughout t he book.

Appendi x F pr ovi des a br i ef i nt r oduct i on t o SNMPv3. Two
conf i gur at i on exampl es ar e pr ovi ded: conf i gur i ng SNMPv3 on a
Ci sco r out er and conf i gur i ng SNMPv3 f or Net - SNMP.
Exampl e Programs
Al l t he exampl e pr ogr ams i n t hi s book ar e avai l abl e at
ht t p: / / www. or ei l l y. com/ cat al og/ esnmp/ .
Convent i ons Used i n Thi s Book
The f ol l owi ng t ypogr aphi cal convent i ons ar e used i n t hi s book:
Italic
Used for commands, object IDs, URLs, filenames, and
directory names. It is also used for emphasis and for the
first use of technical terms.
Constant width
Used for examples, object definitions, literal values, and
datatypes. It is also used to show source code, the
contents of files, and the output of commands.
Const ant wi dt h bol d
Used in interactive examples to show commands or text that
would be typed literally by the user. It is also used to
emphasize when something, usually in source code or file-
contents examples, has been added to or changed from a
previous example.
Constant wi dth i tal i c
Used for replaceable parameter names in command syntax.

I ndi cat es a t i p, suggest i on, or gener al not e.

I ndi cat es a war ni ng or caut i on.

Comment s and Quest i ons
Pl ease addr ess comment s and quest i ons concer ni ng t hi s book t o
t he publ i sher :
O'Reilly & Associates, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
(800) 998-9938 (in the United States or Canada)
(707) 829-0515 (international/local)
(707) 829-0104 (fax)
Ther e i s a web page f or t hi s book, whi ch l i st s er r at a, t he t ext
of sever al hel pf ul t echni cal paper s, and any addi t i onal
i nf or mat i on. You can access t hi s page at :
http://www.oreilly.com/catalog/esnmp/

To comment or ask t echni cal quest i ons about t hi s book, send
emai l t o:
bookquestions@oreilly.com
For mor e i nf or mat i on about books, conf er ences, sof t war e,
Resour ce Cent er s, and t he O' Rei l l y Net wor k, see t he O' Rei l l y
web si t e at :
http://www.oreilly.com

Acknowl edgment s
I t woul d be an under st at ement t o say t hat t hi s book was a l ong
t i me i n t he maki ng. I t woul d never have been publ i shed wi t hout
t he pat i ence and suppor t of Mi chael Louki des. Thanks Mi ke! We
woul d al so l i ke t o t hank t he i ndi vi dual s who pr ovi ded us wi t h
val uabl e t echni cal r evi ew f eedback and gener al hel p and
gui dance: Mi ke DeGr aw- Ber t sch at O' Rei l l y & Associ at es; Donal d
Cool ey at Gl obal Cr ossi ng; J acob Ki r sch at Sun Mi cr osyst ems,
I nc. ; Bobby Kr upczak, Ph. D. , at Concor d Communi cat i ons; J ohn
Rei nhar dt at Road Runner ; Pat r i ck Bai l ey and Rob Sweet at
Net r ai l ; and J r gen Schnwl der at t he Techni cal Uni ver si t y of
Br aunschwei g. Rob Romano, O' Rei l l y & Associ at es gr aphi c ar t i st ,
deser ves a t hank you f or maki ng t he f i gur es t hr oughout t he book
l ook gr eat . Fi nal l y, t hanks t o J i mSumser , who t ook t he pr oj ect
over i n i t s f i nal st ages, and t o Rachel Wheel er , t he pr oduct i on
edi t or , f or put t i ng t hi s book t oget her .
Dougl as
For year s I wor ked as a syst emand net wor k admi ni st r at or and
of t en f aced t he quest i on, " How ar e t hi ngs r unni ng?" Thi s i s
what l ed me t o SNMP and event ual l y t he i dea f or t hi s book. Of
cour se I woul d l i ke t o t hank Kevi n f or hi s har d wor k and
dedi cat i on. Speci al t hanks go t o t he t wo speci al gi r l s i n my
l i f e: my wi f e, Amy, and our daught er , Kar i , f or put t i ng up wi t h
my l ong absences whi l e I was wr i t i ng i n t he comput er r oom.
Thanks al so go t o my f ami l y and f r i ends, who pr ovi ded suppor t
and encour agement .
Kevi n
Whi l e at Mi ndSpr i ng Ent er pr i ses ( now Ear t hl i nk) I was f or t unat e
enough t o wor k f or Al l en Thomas, who gave me t he f r eedomt o
expl or e my t echni cal i nt er est s, i ncl udi ng SNMP. I woul d l i ke t o
t hank Bobby Kr upczak f or pr ovi di ng me wi t h val uabl e f eedback on
t he Syst emEDGE agent . Thanks al so t o my col l eagues Pat r i ck
Bai l ey and Rob Sweet at Net r ai l , who pr ovi ded some gener al Per l
code f eedback. I ' mver y f or t unat e t o have wor ked wi t h Dougl as
on t hi s book; t hanks f or al l owi ng me t o hel p out . My par ent s
deser ve a t hank you f or buyi ng me my f i r st comput er al l t hose
year s ago. And f i nal l y, I woul d l i ke t o t hank Cal l i e, my

si gni f i cant ot her , f or al l owi ng me t o use our ni ght s and
weekends t o wor k on t hi s book.
Chapter 1. What I s SNMP?
I n t oday' s compl ex net wor k of r out er s, swi t ches, and ser ver s,
i t can seeml i ke a daunt i ng t ask t o manage al l t he devi ces on
your net wor k and make sur e t hey' r e not onl y up and r unni ng but
per f or mi ng opt i mal l y. Thi s i s wher e t he Simple Network
Management Protocol ( SNMP) can hel p. SNMP was i nt r oduced i n
1988 t o meet t he gr owi ng need f or a st andar d f or managi ng
I nt er net Pr ot ocol ( I P) devi ces. SNMP pr ovi des i t s user s wi t h a
" si mpl e" set of oper at i ons t hat al l ows t hese devi ces t o be
managed r emot el y.
Thi s book i s ai med t owar d syst emadmi ni st r at or s who woul d l i ke
t o begi n usi ng SNMP t o manage t hei r ser ver s or r out er s, but who
l ack t he knowl edge or under st andi ng t o do so. We t r y t o gi ve
you a basi c under st andi ng of what SNMP i s and how i t wor ks;
beyond t hat , we show you how t o put SNMP i nt o pr act i ce, usi ng a
number of wi del y avai l abl e t ool s. Above al l , we want t hi s t o be
a pr act i cal book - - a book t hat hel ps you keep t r ack of what
your net wor k i s doi ng.

1. 1 Net work Management and Moni t ori ng
The cor e of SNMP i s a si mpl e set of oper at i ons ( and t he
i nf or mat i on t hese oper at i ons gat her ) t hat gi ves admi ni st r at or s
t he abi l i t y t o change t he st at e of some SNMP- based devi ce. For
exampl e, you can use SNMP t o shut down an i nt er f ace on your
r out er or check t he speed at whi ch your Et her net i nt er f ace i s
oper at i ng. SNMP can even moni t or t he t emper at ur e on your swi t ch
and war n you when i t i s t oo hi gh.
SNMP usual l y i s associ at ed wi t h managi ng r out er s, but i t ' s
i mpor t ant t o under st and t hat i t can be used t o manage many
t ypes of devi ces. Whi l e SNMP' s pr edecessor , t he Simple Gateway
Management Protocol ( SGMP) , was devel oped t o manage I nt er net
r out er s, SNMP can be used t o manage Uni x syst ems, Wi ndows
syst ems, pr i nt er s, modemr acks, power suppl i es, and mor e. Any
devi ce r unni ng sof t war e t hat al l ows t he r et r i eval of SNMP
i nf or mat i on can be managed. Thi s i ncl udes not onl y physi cal
devi ces but al so sof t war e, such as web ser ver s and dat abases.
Anot her aspect of net wor k management i s network moni t or i ng;
t hat i s, moni t or i ng an ent i r e net wor k as opposed t o i ndi vi dual
r out er s, host s, and ot her devi ces. Remote Network Monitoring
( RMON) was devel oped t o hel p us under st and how t he net wor k
i t sel f i s f unct i oni ng, as wel l as how i ndi vi dual devi ces on t he
net wor k ar e af f ect i ng t he net wor k as a whol e. I t can be used t o
moni t or not onl y LAN t r af f i c, but WAN i nt er f aces as wel l . We

di scuss RMON i n mor e det ai l l at er i n t hi s chapt er and i n
Chapt er 2.
Bef or e goi ng any f ur t her , l et ' s l ook at a bef or e- and- af t er
scenar i o t hat shows how SNMP can make a di f f er ence i n an
or gani zat i on.
1. 1. 1 Bef ore and Af t er SNMP
Let ' s say t hat you have a net wor k of 100 machi nes r unni ng
var i ous oper at i ng syst ems. Sever al machi nes ar e f i l e ser ver s, a
f ew ot her s ar e pr i nt ser ver s, anot her i s r unni ng sof t war e t hat
ver i f i es cr edi t car d t r ansact i ons ( pr esumabl y f r oma web- based
or der i ng syst em) , and t he r est ar e per sonal wor kst at i ons. I n
addi t i on, t her e ar e var i ous swi t ches and r out er s t hat hel p keep
t he act ual net wor k goi ng. A T1 ci r cui t connect s t he company t o
t he gl obal I nt er net , and t her e i s a pr i vat e connect i on t o t he
cr edi t car d ver i f i cat i on syst em.
What happens when one of t he f i l e ser ver s cr ashes? I f i t
happens i n t he mi ddl e of t he wor kweek, i t i s l i kel y t hat t he
peopl e usi ng i t wi l l not i ce and t he appr opr i at e admi ni st r at or
wi l l be cal l ed t o f i x i t . But what i f i t happens af t er ever yone
has gone home, i ncl udi ng t he admi ni st r at or s, or over t he
weekend?
What i f t he pr i vat e connect i on t o t he cr edi t car d ver i f i cat i on
syst emgoes down at 10 p. m. on Fr i day and i sn' t r est or ed unt i l
Monday mor ni ng? I f t he pr obl emwas f aul t y har dwar e and coul d
have been f i xed by swappi ng out a car d or r epl aci ng a r out er ,
t housands of dol l ar s i n web si t e sal es coul d have been l ost f or
no r eason. Li kewi se, i f t he T1 ci r cui t t o t he I nt er net goes
down, i t coul d adver sel y af f ect t he amount of sal es gener at ed
by i ndi vi dual s accessi ng your web si t e and pl aci ng or der s.
These ar e obvi ousl y ser i ous pr obl ems - - pr obl ems t hat can
concei vabl y af f ect t he sur vi val of your busi ness. Thi s i s wher e
SNMP comes i n. I nst ead of wai t i ng f or someone t o not i ce t hat
somet hi ng i s wr ong and l ocat e t he per son r esponsi bl e f or f i xi ng
t he pr obl em( whi ch may not happen unt i l Monday mor ni ng, i f t he
pr obl emoccur s over t he weekend) , SNMP al l ows you t o moni t or
your net wor k const ant l y, even when you' r e not t her e. For
exampl e, i t wi l l not i ce i f t he number of bad packet s comi ng
t hr ough one of your r out er ' s i nt er f aces i s gr adual l y
i ncr easi ng, suggest i ng t hat t he r out er i s about t o f ai l . You
can ar r ange t o be not i f i ed aut omat i cal l y when f ai l ur e seems
i mmi nent , so you can f i x t he r out er bef or e i t act ual l y br eaks.
You can al so ar r ange t o be not i f i ed i f t he cr edi t car d
pr ocessor appear s t o get hung - - you may even be abl e t o f i x i t
f r omhome. And i f not hi ng goes wr ong, you can r et ur n t o t he
of f i ce on Monday mor ni ng knowi ng t her e won' t be any sur pr i ses.
Ther e mi ght not be qui t e as much gl or y i n f i xi ng pr obl ems
bef or e t hey occur , but you and your management wi l l r est mor e

easi l y. We can' t t el l you how t o t r ansl at e t hat i nt o a hi gher
sal ar y - - somet i mes i t ' s bet t er t o be t he guy who r ushes i n and
f i xes t hi ngs i n t he mi ddl e of a cr i si s, r at her t han t he guy who
makes sur e t he cr i si s never occur s. But SNMP does enabl e you t o
keep l ogs t hat pr ove your net wor k i s r unni ng r el i abl y and show
when you t ook act i on t o aver t an i mpendi ng cr i si s.
1. 1. 2 Human Consi derat i ons
I mpl ement i ng a net wor k- management syst emcan mean addi ng mor e
st af f t o handl e t he i ncr eased l oad of mai nt ai ni ng and oper at i ng
such an envi r onment . At t he same t i me, addi ng t hi s t ype of
moni t or i ng shoul d, i n most cases, r educe t he wor kl oad of your
syst emadmi ni st r at i on st af f . You wi l l need:
Staff to maintain the management station. This includes
ensuring the management station is configured to properly
handle events from SNMP-capable devices.
Staff to maintain the SNMP-capable devices. This includes
making sure that workstations and servers can communicate
with the management station.
Staff to watch and fix the network. This group is usually
called a Network Operations Center (NOC) and is staffed
24/7. An alternative to 24/7 staffing is to implement
rotating pager duty, where one person is on call at all
times, but not necessarily present in the office. Pager
duty works only in smaller networked environments, in
which a network outage can wait for someone to drive into
the office and fix the problem.
Ther e i s no way t o pr edet er mi ne how many st af f member s you wi l l
need t o mai nt ai n a management syst em. The si ze of t he st af f
wi l l var y dependi ng on t he si ze and compl exi t y of t he net wor k
you' r e managi ng. Some of t he l ar ger I nt er net backbone pr ovi der s
have 70 or mor e peopl e i n t hei r NOCs, whi l e ot her s have onl y
one.
1. 2 RFCs and SNMP Versi ons
The Internet Engineering Task Force( I ETF) i s r esponsi bl e f or
def i ni ng t he st andar d pr ot ocol s t hat gover n I nt er net t r af f i c,
i ncl udi ng SNMP. The I ETF publ i shes Requests for Comments( RFCs) ,
whi ch ar e speci f i cat i ons f or many pr ot ocol s t hat exi st i n t he
I P r eal m. Document s ent er t he st andar ds t r ack f i r st as pr oposed
st andar ds, t hen move t o dr af t st at us. When a f i nal dr af t i s
event ual l y appr oved, t he RFC i s gi ven st andar d st at us - -
al t hough t her e ar e f ewer compl et el y appr oved st andar ds t han you
mi ght t hi nk. Two ot her st andar ds- t r ack desi gnat i ons, hi st or i cal
and exper i ment al , def i ne ( r espect i vel y) a document t hat has
been r epl aced by a newer RFC and a document t hat i s not yet
r eady t o become a st andar d. The f ol l owi ng l i st i ncl udes al l t he
cur r ent SNMP ver si ons and t he I ETF st at us of each ( see Appendi x
D f or a f ul l l i st of t he SNMP RFCs) :

SNMP Version 1 (SNMPv1) is the current standard version of
the SNMP protocol. It's defined in RFC 1157 and is a full
IETF standard. SNMPv1's security is based on communities,
which are nothing more than passwords: plain-text strings
that allow any SNMP-based application that knows the
strings to gain access to a device's management
information. There are typically three communities in
SNMPv1: read-only, read-write, and trap.
SNMP Version 2 (SNMPv2) is often referred to as community
string-based SNMPv2. This version of SNMP is technically
called SNMPv2c, but we will refer to it throughout this
book simply as SNMPv2. It's defined in RFC 1905, RFC 1906,
and RFC 1907, and is an experimental IETF. Even though
it's experimental, some vendors have started supporting it
in practice.
SNMP Version 3 (SNMPv3) will be the next version of the
protocol to reach full IETF status. It's currently a
proposed standard, defined in RFC 1905, RFC 1906, RFC
1907, RFC 2571, RFC 2572, RFC 2573, RFC 2574, and RFC
2575. It adds support for strong authentication and
private communication between managed entities. Appendix F
provides an introduction to SNMPv3 and goes through the
SNMPv3 agent configuration for Net-SNMP and Cisco. The
information in this appendix provides any system or
network administrator with the practical knowledge needed
to begin using SNMPv3 as it gains acceptance in the
network-management world.
The of f i ci al si t e f or RFCs i s ht t p: / / www. i et f . or g/ r f c. ht ml . One
of t he bi ggest pr obl ems wi t h RFCs, however , i s f i ndi ng t he one
you want . I t i s a l i t t l e easi er t o navi gat e t he RFC i ndex at
Ohi o St at e Uni ver si t y ( ht t p: / / www. ci s. ohi o-
st at e. edu/ ser vi ces/ r f c/ i ndex. ht ml ) .
1. 3 Managers and Agent s
I n t he pr evi ous sect i ons we' ve vaguel y r ef er r ed t o SNMP- capabl e
devi ces and net wor k- management st at i ons. Now i t ' s t i me t o
descr i be what t hese t wo t hi ngs r eal l y ar e. I n t he wor l d of SNMP
t her e ar e t wo ki nd of ent i t i es: managers and agents. A manager
i s a ser ver r unni ng some ki nd of sof t war e syst emt hat can
handl e management t asks f or a net wor k. Manager s ar e of t en
r ef er r ed t o as Network Management Stations ( NMSs) .
[ 1]
An NMS i s
r esponsi bl e f or pol l i ng and r ecei vi ng t r aps f r omagent s i n t he
net wor k. A poll, i n t he cont ext of net wor k management , i s t he
act of quer yi ng an agent ( r out er , swi t ch, Uni x ser ver , et c. )
f or some pi ece of i nf or mat i on. Thi s i nf or mat i on can l at er be
used t o det er mi ne i f some sor t of cat ast r ophi c event has
occur r ed. A trap i s a way f or t he agent t o t el l t he NMS t hat
somet hi ng has happened. Tr aps ar e sent asynchr onousl y, not i n
r esponse t o quer i es f r omt he NMS. The NMS i s f ur t her
r esponsi bl e f or per f or mi ng an act i on
[ 2]
based upon t he
i nf or mat i on i t r ecei ves f r omt he agent . For exampl e, when your
T1 ci r cui t t o t he I nt er net goes down, your r out er can send a

t r ap t o your NMS. I n t ur n, t he NMS can t ake some act i on,
per haps pagi ng you t o l et you know t hat somet hi ng has happened.
[1]
See Chapter 5 f or a pro- and- con di scussi on of some popul ar
NMS appl i cati ons.
[2]
Note that the NMS i s preconf i gured to perf ormthi s acti on.
The second ent i t y, t he agent, i s a pi ece of sof t war e t hat r uns
on t he net wor k devi ces you ar e managi ng. I t can be a separ at e
pr ogr am( a daemon, i n Uni x l anguage) , or i t can be i ncor por at ed
i nt o t he oper at i ng syst em( f or exampl e, Ci sco' s I OS on a
r out er , or t he l ow- l evel oper at i ng syst emt hat cont r ol s a UPS) .
Today, most I P devi ces come wi t h some ki nd of SNMP agent bui l t
i n. The f act t hat vendor s ar e wi l l i ng t o i mpl ement agent s i n
many of t hei r pr oduct s makes t he syst emadmi ni st r at or ' s or
net wor k manager ' s j ob easi er . The agent pr ovi des management
i nf or mat i on t o t he NMS by keepi ng t r ack of var i ous oper at i onal
aspect s of t he devi ce. For exampl e, t he agent on a r out er i s
abl e t o keep t r ack of t he st at e of each of i t s i nt er f aces:
whi ch ones ar e up, whi ch ones ar e down, et c. The NMS can quer y
t he st at us of each i nt er f ace on a r out er , and t ake appr opr i at e
act i on i f any of t hemar e down. When t he agent not i ces t hat
somet hi ng bad has happened, i t can send a t r ap t o t he NMS. Thi s
t r ap or i gi nat es f r omt he agent and i s sent t o t he NMS, wher e i t
i s handl ed appr opr i at el y. Some devi ces wi l l send a
cor r espondi ng " al l cl ear " t r ap when t her e i s a t r ansi t i on f r om
a bad st at e t o a good st at e. Thi s can be usef ul i n det er mi ni ng
when a pr obl emsi t uat i on has been r esol ved. Fi gur e 1- 1 shows
t he r el at i onshi p bet ween t he NMS and an agent .
Fi gure 1- 1. Rel at i onshi p bet ween an NMS and an agent

I t ' s i mpor t ant t o keep i n mi nd t hat pol l s and t r aps can happen
at t he same t i me. Ther e ar e no r est r i ct i ons on when t he NMS can
quer y t he agent or when t he agent can send a t r ap.

1. 4 The St ruct ure of Management I nf ormat i on and MI BS
The Structure of Management Information ( SMI ) pr ovi des a way t o
def i ne managed obj ect s and t hei r behavi or . An agent has i n i t s
possessi on a l i st of t he obj ect s t hat i t t r acks. One such
obj ect i s t he oper at i onal st at us of a r out er i nt er f ace ( f or
exampl e, up, down, or t est i ng) . Thi s l i st col l ect i vel y def i nes

t he i nf or mat i on t he NMS can use t o det er mi ne t he over al l heal t h
of t he devi ce on whi ch t he agent r esi des.
The Management Information Base ( MI B) can be t hought of as a
dat abase of managed obj ect s t hat t he agent t r acks. Any sor t of
st at us or st at i st i cal i nf or mat i on t hat can be accessed by t he
NMS i s def i ned i n a MI B. The SMI pr ovi des a way t o def i ne
managed obj ect s, whi l e t he MI B i s t he def i ni t i on ( usi ng t he SMI
synt ax) of t he obj ect s t hemsel ves. Li ke a di ct i onar y, whi ch
shows how t o spel l a wor d and t hen gi ves i t s meani ng or
def i ni t i on, a MI B def i nes a t ext ual name f or a managed obj ect
and expl ai ns i t s meani ng. Chapt er 2 goes i nt o mor e t echni cal
det ai l about MI Bs and t he SMI .
An agent may i mpl ement many MI Bs, but al l agent s i mpl ement a
par t i cul ar MI B cal l ed MI B- I I
[ 3]
( RFC 1213) . Thi s st andar d
def i nes var i abl es f or t hi ngs such as i nt er f ace st at i st i cs
( i nt er f ace speeds, MTU, oct et s
[4]
sent , oct et s r ecei ved, et c. )
as wel l as var i ous ot her t hi ngs per t ai ni ng t o t he syst emi t sel f
( syst eml ocat i on, syst emcont act , et c. ) . The mai n goal of MI B-
I I i s t o pr ovi de gener al TCP/ I P management i nf or mat i on. I t
doesn' t cover ever y possi bl e i t ema vendor may want t o manage
wi t hi n i t s par t i cul ar devi ce.
[3]
MI B- I i s the ori gi nal versi on of thi s MI B, but i t i s no
l onger ref erred to si nce MI B- I I enhances i t.
[4]
An octet i s an 8- bi t quanti ty, whi ch i s the f undamental uni t
of transf er i n TCP/ I P networks.
What ot her ki nds of i nf or mat i on mi ght be usef ul t o col l ect ?
Fi r st , t her e ar e many dr af t and pr oposed st andar ds devel oped t o
hel p manage t hi ngs such as f r ame r el ay, ATM, FDDI , and ser vi ces
( mai l , DNS, et c. ) . A sampl i ng of t hese MI Bs and t hei r RFC
number s i ncl udes:
ATM MIB (RFC 2515)
Frame Relay DTE Interface Type MIB (RFC 2115)
BGP Version 4 MIB (RFC 1657)
RDBMS MIB (RFC 1697)
RADIUS Authentication Server MIB (RFC 2619)
Mail Monitoring MIB (RFC 2249)
DNS Server MIB (RFC 1611)
But t hat ' s f ar f r omt he ent i r e st or y, whi ch i s why vendor s, and
i ndi vi dual s, ar e al l owed t o def i ne MI B var i abl es f or t hei r own
use.
[ 5]
For exampl e, consi der a vendor t hat i s br i ngi ng a new
r out er t o mar ket . The agent bui l t i nt o t he r out er wi l l r espond
t o NMS r equest s ( or send t r aps t o t he NMS) f or t he var i abl es
def i ned by t he MI B- I I st andar d; i t pr obabl y al so i mpl ement s

MI Bs f or t he i nt er f ace t ypes i t pr ovi des ( e. g. , RFC 2515 f or
ATM and RFC 2115 f or Fr ame Rel ay) . I n addi t i on, t he r out er may
have some si gni f i cant new f eat ur es t hat ar e wor t h moni t or i ng
but ar e not cover ed by any st andar d MI B. So, t he vendor def i nes
i t s own MI B ( somet i mes r ef er r ed t o as a pr opr i et ar y MI B) t hat
i mpl ement s managed obj ect s f or t he st at us and st at i st i cal
i nf or mat i on of t hei r new r out er .
[5]
Thi s topi c i s di scussed f urther i n the next chapter.

Si mpl y l oadi ng a new MI B i nt o your NMS does not
necessar i l y al l ow you t o r et r i eve t he
dat a/ val ues/ obj ect s, et c. def i ned wi t hi n t hat
MI B. You need t o l oad onl y t hose MI Bs suppor t ed
by t he agent s f r omwhi ch you' r e r equest i ng
quer i es ( e. g. , snmpget, snmpwalk) . Feel f r ee t o
l oad addi t i onal MI Bs f or f ut ur e devi ce suppor t ,
but don' t pani c when your devi ce doesn' t answer
( and possi bl y r et ur ns er r or s f or ) t hese
unsuppor t ed MI Bs.

1. 5 Host Management
Managi ng host r esour ces ( di sk space, memor y usage, et c. ) i s an
i mpor t ant par t of net wor k management . The di st i nct i on bet ween
t r adi t i onal syst emadmi ni st r at i on and net wor k management has
been di sappear i ng over t he l ast decade, and i s now al l but
gone. As Sun Mi cr osyst ems put s i t , " The net wor k i s t he
comput er . " I f your web ser ver or mai l ser ver i s down, i t
doesn' t mat t er whet her your r out er s ar e r unni ng cor r ect l y - -
you' r e st i l l goi ng t o get cal l s. The Host Resour ces MI B ( RFC
2790) def i nes a set of obj ect s t o hel p manage cr i t i cal aspect s
of Uni x and Wi ndows syst ems.
[ 6]

[6]
Any operati ng systemrunni ng an SNMP agent can i mpl ement Host
Resources; i t' s not conf i ned to agents runni ng on Uni x and
Wi ndows systems.
Some of t he obj ect s suppor t ed by t he Host Resour ces MI B i ncl ude
di sk capaci t y, number of syst emuser s, number of r unni ng
pr ocesses, and sof t war e cur r ent l y i nst al l ed. I n t oday' s e-
commer ce wor l d, mor e and mor e peopl e ar e r el yi ng on ser vi ce-
or i ent ed web si t es. Maki ng sur e your backend ser ver s ar e
f unct i oni ng pr oper l y i s as i mpor t ant as moni t or i ng your r out er s
and ot her communi cat i ons devi ces.
Unf or t unat el y, some agent i mpl ement at i ons f or t hese pl at f or ms
do not i mpl ement t hi s MI B, si nce i t ' s not r equi r ed.
1. 6 A Bri ef I nt roduct i on t o Remot e Moni t ori ng ( RMON)

Remote Monitoring Version 1 ( RMONv1, or RMON) i s def i ned i n RFC
2819; an enhanced ver si on of t he st andar d, cal l ed RMON Ver si on
2 ( RMONv2) , i s def i ned i n RFC 2021. RMONv1 pr ovi des t he NMS
wi t h packet - l evel st at i st i cs about an ent i r e LAN or WAN. RMONv2
bui l ds on RMONv1 by pr ovi di ng net wor k- and appl i cat i on- l evel
st at i st i cs. These st at i st i cs can be gat her ed i n sever al ways.
One way i s t o pl ace an RMON pr obe on ever y net wor k segment you
want t o moni t or . Some Ci sco r out er s have l i mi t ed RMON
capabi l i t i es bui l t i n, so you can use t hei r f unct i onal i t y t o
per f or mmi nor RMON dut i es. Li kewi se, some 3Comswi t ches
i mpl ement t he f ul l RMON speci f i cat i on and can be used as f ul l -
bl own RMON pr obes.
The RMON MI B was desi gned t o al l ow an act ual RMON pr obe t o r un
i n an of f l i ne mode t hat al l ows t he pr obe t o gat her st at i st i cs
about t he net wor k i t ' s wat chi ng wi t hout r equi r i ng an NMS t o
quer y i t const ant l y. At some l at er t i me, t he NMS can quer y t he
pr obe f or t he st at i st i cs i t has been gat her i ng. Anot her f eat ur e
t hat most pr obes i mpl ement i s t he abi l i t y t o set t hr eshol ds f or
var i ous er r or condi t i ons and, when a t hr eshol d i s cr ossed,
al er t t he NMS wi t h an SNMP t r ap. You can f i nd a l i t t l e mor e
t echni cal det ai l about RMON i n t he next chapt er .

1. 7 Get t i ng More I nf ormat i on
Get t i ng a handl e on SNMP may seeml i ke a daunt i ng t ask. The
RFCs pr ovi de t he of f i ci al def i ni t i on of t he pr ot ocol , but t hey
wer e wr i t t en f or sof t war e devel oper s, not net wor k
admi ni st r at or s, so i t can be di f f i cul t t o ext r act t he
i nf or mat i on you need f r omt hem. For t unat el y, many onl i ne
r esour ces ar e avai l abl e. The most not abl e web si t e i s t he
Net wor k Management Ser ver at t he Uni ver si t y at Buf f al o
( ht t p: / / net man. ci t . buf f al o. edu) . I t cont ai ns usef ul l i nks t o
ot her si t es t hat pr ovi de si mi l ar i nf or mat i on, as wel l as a
net wor k- management pr oduct l i st
( ht t p: / / net man. ci t . buf f al o. edu/ Pr oduct s. ht ml ) t hat i ncl udes
bot h sof t war e and har dwar e vendor s; i t even has pr oduct
r evi ews. Thi s si t e i s a gr eat st ar t i ng poi nt i n t he sear ch f or
net wor k- management i nf or mat i on and can be an ext r emel y usef ul
t ool f or det er mi ni ng what ki nds of har dwar e and sof t war e ar e
cur r ent l y out t her e. Two mor e gr eat web si t es ar e t he Si mpl eWeb
( ht t p: / / www. snmp. cs. ut went e. nl ) and SNMP Li nk
( ht t p: / / www. SNMPLi nk. or g) . The Si mpl e Ti mes, an onl i ne
publ i cat i on devot ed t o SNMP and net wor k management , i s al so
usef ul . You can f i nd t he cur r ent edi t i on, and al l t he pr evi ous
ones, at ht t p: / / www. si mpl e- t i mes. or g.
Anot her gr eat r esour ce i s Usenet news. The newsgr oup most
peopl e f r equent i s comp. dcom. net - management . Anot her good
newsgr oup i s comp. pr ot ocol s. snmp. Gr oups such as t hese pr omot e
a communi t y of i nf or mat i on shar i ng, al l owi ng seasoned

pr of essi onal s t o i nt er act wi t h i ndi vi dual s who ar e not as
knowl edgeabl e about SNMP or net wor k management .
I f you woul d l i ke t o know i f a par t i cul ar vendor has SNMP-
compat i bl e equi pment , t he Internet Assigned Numbers Authority
( I ANA) has compi l ed a l i st of t he pr opr i et ar y MI B f i l es var i ous
vendor s suppl y. The l i st can be f ound at
f t p: / / f t p. i ana. or g/ mi b/ . Ther e i s al so an SNMP FAQ, avai l abl e
i n t wo par t s at ht t p: / / www. f aqs. or g/ f aqs/ snmp- f aq/ par t 1/ and
ht t p: / / www. f aqs. or g/ f aqs/ snmp- f aq/ par t 2/ .

Chapter 2. A Cl oser Look at SNMP
I n t hi s chapt er , we st ar t t o l ook at SNMP i n det ai l . By t he
t i me you f i ni sh t hi s chapt er , you shoul d under st and how SNMP
sends and r ecei ves i nf or mat i on, what exact l y SNMP communi t i es
ar e, and how t o r ead MI B f i l es. We' l l al so l ook i n mor e det ai l
at t he t hr ee MI Bs t hat wer e i nt r oduced i n Chapt er 1, namel y
MI B- I I , Host Resour ces, and RMON.

2. 1 SNMP and UDP
SNMP uses t he User Datagram Protocol ( UDP) as t he t r anspor t
pr ot ocol f or passi ng dat a bet ween manager s and agent s. UDP,
def i ned i n RFC 768, was chosen over t he Transmission Control
Protocol ( TCP) because i t i s connect i onl ess; t hat i s, no end-
t o- end connect i on i s made bet ween t he agent and t he NMS when
datagrams ( packet s) ar e sent back and f or t h. Thi s aspect of UDP
makes i t unr el i abl e, si nce t her e i s no acknowl edgment of l ost
dat agr ams at t he pr ot ocol l evel . I t ' s up t o t he SNMP
appl i cat i on t o det er mi ne i f dat agr ams ar e l ost and r et r ansmi t
t hemi f i t so desi r es. Thi s i s t ypi cal l y accompl i shed wi t h a
si mpl e t i meout . The NMS sends a UDP r equest t o an agent and
wai t s f or a r esponse. The l engt h of t i me t he NMS wai t s depends
on how i t ' s conf i gur ed. I f t he t i meout i s r eached and t he NMS
has not hear d back f r omt he agent , i t assumes t he packet was
l ost and r et r ansmi t s t he r equest . The number of t i mes t he NMS
r et r ansmi t s packet s i s al so conf i gur abl e.
At l east as f ar as r egul ar i nf or mat i on r equest s ar e concer ned,
t he unr el i abl e nat ur e of UDP i sn' t a r eal pr obl em. At wor st ,
t he management st at i on i ssues a r equest and never r ecei ves a
r esponse. For t r aps, t he si t uat i on i s somewhat di f f er ent . I f an
agent sends a t r ap and t he t r ap never ar r i ves, t he NMS has no
way of knowi ng t hat i t was ever sent . The agent doesn' t even
know t hat i t needs t o r esend t he t r ap, because t he NMS i s not
r equi r ed t o send a r esponse back t o t he agent acknowl edgi ng
r ecei pt of t he t r ap.
The upsi de t o t he unr el i abl e nat ur e of UDP i s t hat i t r equi r es
l ow over head, so t he i mpact on your net wor k' s per f or mance i s

r educed. SNMP has been i mpl ement ed over TCP, but t hi s i s mor e
f or speci al - case si t uat i ons i n whi ch someone i s devel opi ng an
agent f or a pr opr i et ar y pi ece of equi pment . I n a heavi l y
congest ed and managed net wor k, SNMP over TCP i s a bad i dea.
I t ' s al so wor t h r eal i zi ng t hat TCP i sn' t magi c, and t hat SNMP
i s desi gned f or wor ki ng wi t h net wor ks t hat ar e i n t r oubl e - - i f
your net wor k never f ai l ed, you woul dn' t need t o moni t or i t .
When a net wor k i s f ai l i ng, a pr ot ocol t hat t r i es t o get t he
dat a t hr ough but gi ves up i f i t can' t i s al most cer t ai nl y a
bet t er desi gn choi ce t han a pr ot ocol t hat wi l l f l ood t he
net wor k wi t h r et r ansmi ssi ons i n i t s at t empt t o achi eve
r el i abi l i t y.
SNMP uses t he UDP por t 161 f or sendi ng and r ecei vi ng r equest s,
and por t 162 f or r ecei vi ng t r aps f r ommanaged devi ces. Ever y
devi ce t hat i mpl ement s SNMP must use t hese por t number s as t he
def aul t s, but some vendor s al l ow you t o change t he def aul t
por t s i n t he agent ' s conf i gur at i on. I f t hese def aul t s ar e
changed, t he NMS must be made awar e of t he changes so i t can
quer y t he devi ce on t he cor r ect por t s.
Fi gur e 2- 1 shows t he TCP/ I P pr ot ocol sui t e, whi ch i s t he basi s
f or al l TCP/ I P communi cat i on. Today, any devi ce t hat wi shes t o
communi cat e on t he I nt er net ( e. g. , Wi ndows NT syst ems, Uni x
ser ver s, Ci sco r out er s, et c. ) must use t hi s pr ot ocol sui t e.
Thi s model i s of t en r ef er r ed t o as a pr ot ocol st ack, si nce each
l ayer uses t he i nf or mat i on f r omt he l ayer di r ect l y bel ow i t and
pr ovi des a ser vi ce t o t he l ayer di r ect l y above i t .
Fi gure 2- 1. TCP/ I P communi cat i on model and SNMP

When ei t her an NMS or an agent wi shes t o per f or man SNMP
f unct i on ( e. g. , a r equest or t r ap) , t he f ol l owi ng event s occur
i n t he pr ot ocol st ack:

Application
First, the actual SNMP application (NMS or agent) decides
what it's going to do. For example, it can send an SNMP
request to an agent, send a response to an SNMP request
(this would be sent from the agent), or send a trap to an
NMS. The application layer provides services to an end
user, such as an operator requesting status information
for a port on an Ethernet switch.
UDP
The next layer, UDP, allows two hosts to communicate with
one another. The UDP header contains, among other things,
the destination port of the device to which it's sending
the request or trap. The destination port will either be
161 (query) or 162 (trap).
IP
The IP layer tries to deliver the SNMP packet to its
intended destination, as specified by its IP address.
Medium Access Control (MAC)
The final event that must occur for an SNMP packet to
reach its destination is for it to be handed off to the
physical network, where it can be routed to its final
destination. The MAC layer is comprised of the actual
hardware and device drivers that put your data onto a
physical piece of wire, such as an Ethernet card. The MAC
layer also is responsible for receiving packets from the
physical network and sending them back up the protocol
stack so they can be processed by the application layer
(SNMP, in this case).
Thi s i nt er act i on bet ween SNMP appl i cat i ons and t he net wor k i s
not unl i ke t hat bet ween t wo pen pal s. Bot h have messages t hat
need t o be sent back and f or t h t o one anot her . Let ' s say you
deci de t o wr i t e your pen pal a l et t er aski ng i f she woul d l i ke
t o vi si t you over t he summer . By deci di ng t o send t he
i nvi t at i on, you' ve act ed as t he SNMP appl i cat i on. Fi l l i ng out
t he envel ope wi t h your pen pal ' s addr ess i s equi val ent t o t he
f unct i on of t he UDP l ayer , whi ch r ecor ds t he packet ' s
dest i nat i on por t i n t he UDP header ; i n t hi s case i t ' s your pen
pal ' s addr ess. Pl aci ng a st amp on t he envel ope and put t i ng i t
i n t he mai l box f or t he mai l man t o pi ck up i s equi val ent t o t he
I P l ayer ' s f unct i on. The f i nal act occur s when t he mai l man
comes t o your house and pi cks up t he l et t er . Fr omher e t he
l et t er wi l l be r out ed t o i t s f i nal dest i nat i on, your pen pal ' s
mai l box. The MAC l ayer of a comput er net wor k i s equi val ent t o
t he mai l t r ucks and ai r pl anes t hat car r y your l et t er on i t s
way. When your pen pal r ecei ves t he l et t er , she wi l l go t hr ough
t he same pr ocess t o send you a r epl y.

2. 2 SNMP Communi t i es
SNMPv1 and SNMPv2 use t he not i on of communi t i es t o est abl i sh
t r ust bet ween manager s and agent s. An agent i s conf i gur ed wi t h

t hr ee communi t y names: r eadonl y, r ead- wr i t e, and t r ap. The
communi t y names ar e essent i al l y passwor ds; t her e' s no r eal
di f f er ence bet ween a communi t y st r i ng and t he passwor d you use
t o access your account on t he comput er . The t hr ee communi t y
st r i ngs cont r ol di f f er ent ki nds of act i vi t i es. As i t s name
i mpl i es, t he r eadonl y communi t y st r i ng l et s you r ead dat a
val ues, but doesn' t l et you modi f y t he dat a. For exampl e, i t
al l ows you t o r ead t he number of packet s t hat have been
t r ansf er r ed t hr ough t he por t s on your r out er , but doesn' t l et
you r eset t he count er s. The r ead- wr i t e communi t y i s al l owed t o
r ead and modi f y dat a val ues; wi t h t he r ead- wr i t e communi t y
st r i ng, you can r ead t he count er s, r eset t hei r val ues, and even
r eset t he i nt er f aces or do ot her t hi ngs t hat change t he
r out er ' s conf i gur at i on. Fi nal l y, t he t r ap communi t y st r i ng
al l ows you t o r ecei ve t r aps ( asynchr onous not i f i cat i ons) f r om
t he agent .
Most vendor s shi p t hei r equi pment wi t h def aul t communi t y
st r i ngs, t ypi cal l y publ i c f or t he r eadonl y communi t y and
pr i vat e f or t he r ead- wr i t e communi t y. I t ' s i mpor t ant t o change
t hese def aul t s bef or e your devi ce goes l i ve on t he net wor k.
( You may get t i r ed of hear i ng t hi s because we say i t many
t i mes, but i t ' s absol ut el y essent i al . ) When set t i ng up an SNMP
agent , you wi l l want t o conf i gur e i t s t r ap dest i nat i on, whi ch
i s t he addr ess t o whi ch i t wi l l send any t r aps i t gener at es. I n
addi t i on, si nce SNMP communi t y st r i ngs ar e sent i n cl ear t ext ,
you can conf i gur e an agent t o send an SNMP aut hent i cat i on-
f ai l ur e t r ap when someone at t empt s t o quer y your devi ce wi t h an
i ncor r ect communi t y st r i ng. Among ot her t hi ngs, aut hent i cat i on-
f ai l ur e t r aps can be ver y usef ul i n det er mi ni ng when an
i nt r uder mi ght be t r yi ng t o gai n access t o your net wor k.
Because communi t y st r i ngs ar e essent i al l y passwor ds, you shoul d
use t he same r ul es f or sel ect i ng t hemas you use f or Uni x or NT
user passwor ds: no di ct i onar y wor ds, spouse names, et c. An
al phanumer i c st r i ng wi t h mi xed upper - and l ower case l et t er s i s
gener al l y a good i dea. As ment i oned ear l i er , t he pr obl emwi t h
SNMP' s aut hent i cat i on i s t hat communi t y st r i ngs ar e sent i n
pl ai n t ext , whi ch makes i t easy f or peopl e t o i nt er cept t hem
and use t hemagai nst you. SNMPv3 addr esses t hi s by al l owi ng,
among ot her t hi ngs, secur e aut hent i cat i on and communi cat i on
bet ween SNMP devi ces.
Ther e ar e ways t o r educe your r i sk of at t ack. I P f i r ewal l s or
f i l t er s mi ni mi ze t he chance t hat someone can har many managed
devi ce on your net wor k by at t acki ng i t t hr ough SNMP. You can
conf i gur e your f i r ewal l t o al l ow UDP t r af f i c f r omonl y a l i st
of known host s. For exampl e, you can al l ow UDP t r af f i c on por t
161 ( SNMP r equest s) i nt o your net wor k onl y i f i t comes f r omone
of your net wor k- management st at i ons. The same goes f or t r aps;
you can conf i gur e your r out er so i t al l ows UDP t r af f i c on por t
162 t o your NMS onl y i f i t or i gi nat es f r omone of t he host s you

ar e moni t or i ng. Fi r ewal l s ar en' t 100%ef f ect i ve, but si mpl e
pr ecaut i ons such as t hese do a l ot t o r educe your r i sk.

I t i s i mpor t ant t o r eal i ze t hat i f someone has
r ead- wr i t e access t o any of your SNMP devi ces,
he can gai n cont r ol of t hose devi ces by usi ng
SNMP ( f or exampl e, he can set r out er i nt er f aces,
swi t ch por t s down, or even modi f y your r out i ng
t abl es) . One way t o pr ot ect your communi t y
st r i ngs i s t o use a Virtual Private Network
( VPN) t o make sur e your net wor k t r af f i c i s
encr ypt ed. Anot her way i s t o change your
communi t y st r i ngs of t en. Changi ng communi t y
st r i ngs i sn' t di f f i cul t f or a smal l net wor k, but
f or a net wor k t hat spans ci t y bl ocks or mor e and
has dozens ( or hundr eds or t housands) of managed
host s, changi ng communi t y st r i ngs can be a
pr obl em. An easy sol ut i on i s t o wr i t e a si mpl e
Per l scr i pt t hat uses SNMP t o change t he
communi t y st r i ngs on your devi ces.

2. 3 The St ruct ure of Management I nf ormat i on
So f ar , we have used t he t er m" management i nf or mat i on" t o r ef er
t o t he oper at i onal par amet er s of SNMP- capabl e devi ces. However ,
we' ve sai d ver y l i t t l e about what management i nf or mat i on
act ual l y cont ai ns or how i t i s r epr esent ed. The f i r st st ep
t owar d under st andi ng what ki nd of i nf or mat i on a devi ce can
pr ovi de i s t o under st and how t hi s dat a i t sel f i s r epr esent ed
wi t hi n t he cont ext of SNMP. The Structure of Management
Information Version 1( SMI v1, RFC 1155) does exact l y t hat : i t
def i nes pr eci sel y how managed obj ect s
[ 1]
ar e named and speci f i es
t hei r associ at ed dat at ypes. The Structure of Management
Information Version 2 ( SMI v2, RFC 2578) pr ovi des enhancement s
f or SNMPv2. We' l l st ar t by di scussi ng SMI v1 and wi l l di scuss
SMI v2 i n t he next sect i on.
[1]
For the remai nder of thi s book "management i nf ormati on" wi l l
be ref erred to as "managed obj ects. " Si mi l arl y, a si ngl e pi ece
of management i nf ormati on (such as the operati onal status of a
router i nterf ace) wi l l be known as a "managed obj ect. "
The def i ni t i on of managed obj ect s can be br oken down i nt o t hr ee
at t r i but es:
Name
The name, or object identifier(OID), uniquely defines a
managed object. Names commonly appear in two forms:
numeric and "human readable." In either case, the names
are long and inconvenient. In SNMP applications, a lot of
work goes into helping you navigate through the namespace
conveniently.

Type and syntax
A managed object's datatype is defined using a subset of
Abstract Syntax Notation One(ASN.1). ASN.1 is a way of
specifying how data is represented and transmitted between
managers and agents, within the context of SNMP. The nice
thing about ASN.1 is that the notation is machine-
independent. This means that a PC running Windows NT can
communicate with a Sun SPARC machine and not have to worry
about things such as byte ordering.
Encoding
A single instance of a managed object is encoded into a
string of octets using the Basic Encoding Rules(BER). BER
defines how the objects are encoded and decoded so they
can be transmitted over a transport medium such as
Ethernet.
2. 3. 1 Nami ng OI Ds
Managed obj ect s ar e or gani zed i nt o a t r ee- l i ke hi er ar chy. Thi s
st r uct ur e i s t he basi s f or SNMP' s nami ng scheme. An obj ect I D
i s made up of a ser i es of i nt eger s based on t he nodes i n t he
t r ee, separ at ed by dot s ( . ) . Al t hough t her e' s a human- r eadabl e
f or mt hat ' s mor e f r i endl y t han a st r i ng of number s, t hi s f or m
i s not hi ng mor e t han a ser i es of names separ at ed by dot s, each
of whi ch r epr esent s a node of t he t r ee. So you can use t he
number s t hemsel ves, or you can use a sequence of names t hat
r epr esent t he number s. Fi gur e 2- 2 shows t he t op f ew l evel s of
t hi s t r ee. ( We have i nt ent i onal l y l ef t out some br anches of t he
t r ee t hat don' t concer n us her e. )
Fi gure 2- 2. SMI obj ect t ree

I n t he obj ect t r ee, t he node at t he t op of t he t r ee i s cal l ed
t he root, anyt hi ng wi t h chi l dr en i s cal l ed a subtree, and
anyt hi ng wi t hout chi l dr en i s cal l ed a leaf node. For exampl e,

Fi gur e 2- 2' s r oot , t he st ar t i ng poi nt f or t he t r ee, i s cal l ed
" Root - Node. " I t s subt r ee i s made up of cci t t ( 0) , i so( 1) , and
j oi nt ( 2) . I n t hi s i l l ust r at i on, i so( 1) i s t he onl y node t hat
cont ai ns a subt r ee; t he ot her t wo nodes ar e bot h l eaf nodes.
cci t t ( 0) and j oi nt ( 2) do not per t ai n t o SNMP, so t hey wi l l not
be di scussed i n t hi s book.
[ 2]

[2]
The cci tt subtree i s admi ni stered by the I nternati onal
Tel egraph and Tel ephone Consul tati ve Commi ttee (CCI TT); the
j oi nt subtree i s admi ni stered j oi ntl y by the I nternati onal
Organi zati on f or Standardi zati on (I SO) and CCI TT. As we sai d,
nei ther branch has anythi ng to do wi th SNMP.
For t he r emai nder of t hi s book we wi l l f ocus on t he
i so( 1) . or g( 3) . dod( 6 ) . i nt er net ( 1) subt r ee,
[ 3]
whi ch i s
r epr esent ed i n OI D f or mas 1. 3. 6. 1 or as i so. or g. dod. i nt er net .
Each managed obj ect has a numer i cal OI D and an associ at ed
t ext ual name. The dot t ed- deci mal not at i on i s how a managed
obj ect i s r epr esent ed i nt er nal l y wi t hi n an agent ; t he t ext ual
name, l i ke an I P domai n name, saves humans f r omhavi ng t o
r emember l ong, t edi ous st r i ngs of i nt eger s.
[3]
Note that the term"branch" i s someti mes used i nterchangeabl y
wi th "subtree. "
The di r ect or y br anch cur r ent l y i s not used. The management
br anch, or mgmt , def i nes a st andar d set of I nt er net management
obj ect s. The exper i ment al br anch i s r eser ved f or t est i ng and
r esear ch pur poses. Obj ect s under t he pr i vat e br anch ar e def i ned
uni l at er al l y, whi ch means t hat i ndi vi dual s and or gani zat i ons
ar e r esponsi bl e f or def i ni ng t he obj ect s under t hi s br anch.
Her e i s t he def i ni t i on of t he i nt er net subt r ee, as wel l as al l
f our of i t s subt r ees:
i nternet OBJ ECT I DENTI FI ER : : ={ i so org(3) dod(6) 1 }
di rectory OBJ ECT I DENTI FI ER : : ={ i nternet 1 }
mgmt OBJ ECT I DENTI FI ER : : ={ i nternet 2 }
experi mental OBJ ECT I DENTI FI ER : : ={ i nternet 3 }
pri vate OBJ ECT I DENTI FI ER : : ={ i nternet 4 }
The f i r st l i ne decl ar es i nt er net as t he OI D 1. 3. 6. 1, whi ch i s
def i ned as a subt r ee of i so. or g. dod, or 1. 3. 6 ( t he : : = i s a
def i ni t i on oper at or ) . The l ast f our decl ar at i ons ar e si mi l ar ,
but t hey def i ne t he ot her br anches t hat bel ong t o i nt er net . For
t he di r ect or y br anch, t he not at i on { i nternet 1 } t el l s us t hat i t
i s par t of t he i nt er net subt r ee, and t hat i t s OI D i s 1. 3. 6. 1. 1.
The OI D f or mgmt i s 1. 3. 6. 1. 2, and so on.
Ther e i s cur r ent l y one br anch under t he pr i vat e subt r ee. I t ' s
used t o gi ve har dwar e and sof t war e vendor s t he abi l i t y t o
def i ne t hei r own pr i vat e obj ect s f or any t ype of har dwar e or
sof t war e t hey want managed by SNMP. I t s SMI def i ni t i on i s:
enterpri ses OBJ ECT I DENTI FI ER : : ={ pri vate 1 }

The I nt er net Assi gned Number s Aut hor i t y ( I ANA) cur r ent l y
manages al l t he pr i vat e ent er pr i se number assi gnment s f or
i ndi vi dual s, i nst i t ut i ons, or gani zat i ons, compani es, et c.
[ 4]
A
l i st of al l t he cur r ent pr i vat e ent er pr i se number s can be
obt ai ned f r omf t p: / / f t p. i si . edu/ i n-
not es/ i ana/ assi gnment s/ ent er pr i se- number s. As an exampl e, Ci sco
Syst ems' s pr i vat e ent er pr i se number i s 9, so t he base OI D f or
i t s pr i vat e obj ect space i s def i ned as
i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. ci sco, or
1. 3. 6. 1. 4. 1. 9. Ci sco i s f r ee t o do as i t wi shes wi t h t hi s
pr i vat e br anch. I t ' s t ypi cal f or compani es such as Ci sco t hat
manuf act ur e net wor ki ng equi pment t o def i ne t hei r own pr i vat e
ent er pr i se obj ect s. Thi s al l ows f or a r i cher set of management
i nf or mat i on t han can be gat her ed f r omt he st andar d set of
managed obj ect s def i ned under t he mgmt br anch.
[4]
The term"pri vate enterpri se" wi l l be used throughout thi s
book to ref er to the enterpri ses branch.
Compani es ar en' t t he onl y ones who can r egi st er t hei r own
pr i vat e ent er pr i se number s. Anyone can do so, and i t ' s f r ee.
The web- based f or mf or r egi st er i ng pr i vat e ent er pr i se number s
can be f ound at ht t p: / / www. i si . edu/ cgi - bi n/ i ana/ ent er pr i se. pl .
Af t er you f i l l i n t he f or m, whi ch asks f or i nf or mat i on such as
your or gani zat i on' s name and cont act i nf or mat i on, your r equest
shoul d be appr oved i n about a week. Why woul d you want t o
r egi st er your own number ? When you become mor e conver sant i n
SNMP, you' l l f i nd t hi ngs you want t o moni t or t hat ar en' t
cover ed by any MI B, publ i c or pr i vat e. Wi t h your own ent er pr i se
number , you can cr eat e your own pr i vat e MI B t hat al l ows you t o
moni t or exact l y what you want . You' l l need t o be somewhat
cl ever i n ext endi ng your agent s so t hat t hey can l ook up t he
i nf or mat i on you want , but i t ' s ver y doabl e.
2. 3. 2 Def i ni ng OI Ds
The SYNTAX at t r i but e pr ovi des f or def i ni t i ons of managed obj ect s
t hr ough a subset of ASN. 1. SMI v1 def i nes sever al dat at ypes t hat
ar e par amount t o t he management of net wor ks and net wor k
devi ces. I t ' s i mpor t ant t o keep i n mi nd t hat t hese dat at ypes
ar e si mpl y a way t o def i ne what ki nd of i nf or mat i on a managed
obj ect can hol d. The t ypes we' l l be di scussi ng ar e si mi l ar t o
t hose t hat you' d f i nd i n a comput er pr ogr ammi ng l anguage l i ke
C. Tabl e 2- 1 l i st s t he suppor t ed dat at ypes f or SMI v1.
Tabl e 2- 1. SMI v1 Dat at ypes
Datatype Description
I NTEGER
A 32- bi t number of t en used t o speci f y enumer at ed
t ypes wi t hi n t he cont ext of a si ngl e managed obj ect .
For exampl e, t he oper at i onal st at us of a r out er
i nt er f ace can be up, down, or t est i ng. Wi t h

enumer at ed t ypes, 1 woul d r epr esent up, 2 down, and
3 t est i ng. The val ue zer o ( 0) must not be used as an
enumer at ed t ype, accor di ng t o RFC 1155.
OCTET STRI NG
A st r i ng of zer o or mor e oct et s ( mor e commonl y known
as byt es) gener al l y used t o r epr esent t ext st r i ngs,
but al so somet i mes used t o r epr esent physi cal
addr esses.
Counter
A 32- bi t number wi t h mi ni mumval ue 0 and maxi mum
val ue 2
32
- 1 ( 4, 294, 967, 295) . When t he maxi mumval ue
i s r eached, i t wr aps back t o zer o and st ar t s over .
I t ' s pr i mar i l y used t o t r ack i nf or mat i on such as t he
number of oct et s sent and r ecei ved on an i nt er f ace
or t he number of er r or s and di scar ds seen on an
i nt er f ace. A Counter i s monot oni cal l y i ncr easi ng, i n
t hat i t s val ues shoul d never decr ease dur i ng nor mal
oper at i on. When an agent i s r eboot ed, al l Counter
val ues shoul d be set t o zer o. Del t as ar e used t o
det er mi ne i f anyt hi ng usef ul can be sai d f or
successi ve quer i es of Counter val ues. A del t a i s
comput ed by quer yi ng a Counter at l east t wi ce i n a
r ow, and t aki ng t he di f f er ence bet ween t he quer y
r esul t s over some t i me i nt er val .
OBJ ECT
I DENTI FI ER
A dot t ed- deci mal st r i ng t hat r epr esent s a managed
obj ect wi t hi n t he obj ect t r ee. For exampl e,
1. 3. 6. 1. 4. 1. 9 r epr esent s Ci sco Syst ems' s pr i vat e
ent er pr i se OI D.
NULL Not cur r ent l y used i n SNMP.
SEQUENCE
Def i nes l i st s t hat cont ai n zer o or mor e ot her ASN. 1
dat at ypes.
SEQUENCE OF
Def i nes a managed obj ect t hat i s made up of a SEQUENCE
of ASN. 1 t ypes.
I pAddress
Repr esent s a 32- bi t I Pv4 addr ess. Nei t her SMI v1 nor
SMI v2 di scusses 128- bi t I Pv6 addr esses; t hi s pr obl em
wi l l be addr essed by t he I ETF' s SMI Next Gener at i on
( SMI NG) wor ki ng gr oup ( see
ht t p: / / www. i et f . or g/ ht ml . char t er s/ smi ng- char t er . ht ml
) .
NetworkAddress
Same as t he I pAddress t ype, but can r epr esent di f f er ent
net wor k addr ess t ypes.
Gauge
val ue 2
32
- 1 ( 4, 294, 967, 295) . Unl i ke a Counter, a Gauge
can i ncr ease and decr ease at wi l l , but i t can never
exceed i t s maxi mumval ue. The i nt er f ace speed on a

r out er i s measur ed wi t h a Gauge.
Ti meTi cks
val ue 2
32
- 1 ( 4, 294, 967, 295) . Ti meTi cks measur es t i me
i n hundr edt hs of a second. Upt i me on a devi ce i s
measur ed usi ng t hi s dat at ype.
Opaque
Al l ows any ot her ASN. 1 encodi ng t o be st uf f ed i nt o
an OCTET STRI NG.
The goal of al l t hese obj ect t ypes i s t o def i ne managed
obj ect s. I n Chapt er 1, we sai d t hat a MI B i s a l ogi cal gr oupi ng
of managed obj ect s as t hey per t ai n t o a speci f i c management
t ask, vendor , et c. The MI B can be t hought of as a speci f i cat i on
t hat def i nes t he managed obj ect s a vendor or devi ce suppor t s.
Ci sco, f or i nst ance, has l i t er al l y hundr eds of MI Bs def i ned f or
i t s vast pr oduct l i ne. For exampl e, i t s Cat al yst devi ce has a
separ at e MI B f r omi t s 7000 ser i es r out er . Bot h devi ces have
di f f er ent char act er i st i cs t hat r equi r e di f f er ent management
capabi l i t i es. Vendor - speci f i c MI Bs t ypi cal l y ar e di st r i but ed as
human- r eadabl e t ext f i l es t hat can be i nspect ed ( or even
modi f i ed) wi t h a st andar d t ext edi t or such as vi .

Most moder n NMS pr oduct s mai nt ai n a compact f or m
of al l t he MI Bs t hat def i ne t he set of managed
obj ect s f or al l t he di f f er ent t ypes of devi ces
t hey' r e r esponsi bl e f or managi ng. NMS
admi ni st r at or s wi l l t ypi cal l y compi l e a vendor ' s
MI B i nt o a f or mat t he NMS can use. Once a MI B
has been l oaded or compi l ed, admi ni st r at or s can
r ef er t o managed obj ect s usi ng ei t her t he
numer i c or human- r eadabl e obj ect I D.

I t ' s i mpor t ant t o know how t o r ead and under st and MI B f i l es.
The f ol l owi ng exampl e i s a st r i pped- down ver si on of MI B- I I
( anyt hi ng pr eceded by - - i s a comment ) :
RFC1213- MI B DEFI NI TI ONS : : =BEGI N

I MPORTS
mgmt, NetworkAddress, I pAddress, Counter, Gauge,
Ti meTi cks
FROMRFC1155- SMI
OBJ ECT- TYPE
FROMRFC 1212;

mi b- 2 OBJ ECT I DENTI FI ER : : ={ mgmt 1 }

- - groups i n MI B- I I

system OBJ ECT I DENTI FI ER : : ={ mi b- 2 1 }
i nterf aces OBJ ECT I DENTI FI ER : : ={ mi b- 2 2 }
at OBJ ECT I DENTI FI ER : : ={ mi b- 2 3 }

i p OBJ ECT I DENTI FI ER : : ={ mi b- 2 4 }
i cmp OBJ ECT I DENTI FI ER : : ={ mi b- 2 5 }
tcp OBJ ECT I DENTI FI ER : : ={ mi b- 2 6 }
udp OBJ ECT I DENTI FI ER : : ={ mi b- 2 7 }
egp OBJ ECT I DENTI FI ER : : ={ mi b- 2 8 }
transmi ssi on OBJ ECT I DENTI FI ER : : ={ mi b- 2 10 }
snmp OBJ ECT I DENTI FI ER : : ={ mi b- 2 11 }

- - the I nterf aces tabl e

- - The I nterf aces tabl e contai ns i nf ormati on on the enti ty' s
- - i nterf aces. Each i nterf ace i s thought of as bei ng
- - attached to a ' subnetwork. ' Note that thi s termshoul d
- - not be conf used wi th ' subnet, ' whi ch ref ers to an
- - addressi ng- parti ti oni ng scheme used i n the I nternet
- - sui te of protocol s.

i f Tabl e OBJ ECT- TYPE
SYNTAX SEQUENCE OF I f Entry
ACCESS not- accessi bl e
STATUS mandatory
DESCRI PTI ON
"A l i st of i nterf ace entri es. The number of entri es i s
gi ven by the val ue of i f Number. "
: : ={ i nterf aces 2 }

i f Entry OBJ ECT- TYPE
SYNTAX I f Entry
STATUS mandatory
DESCRI PTI ON
"An i nterf ace entry contai ni ng obj ects at the subnetwork
l ayer and bel owf or a parti cul ar i nterf ace. "
I NDEX { i f I ndex }
: : ={ i f Tabl e 1 }

I f Entry : : =
SEQUENCE {
i f I ndex
I NTEGER,
i f Descr
Di spl ayStri ng,
i f Type
I NTEGER,
i f Mtu
I NTEGER,
i f Speed
Gauge,
i f PhysAddress
PhysAddress,
i f Admi nStatus
I NTEGER,
i f OperStatus
I NTEGER,

i f LastChange
Ti meTi cks,
i f I nOctets
Counter,
i f I nUcastPkts
Counter,
i f I nNUcastPkts
Counter,
i f I nDi scards
Counter,
i f I nErrors
Counter,
i f I nUnknownProtos
Counter,
i f OutOctets
Counter,
i f OutUcastPkts
Counter,
i f OutNUcastPkts
Counter,
i f OutDi scards
Counter,
i f OutErrors
Counter,
i f OutQLen
Gauge,
i f Speci f i c
OBJ ECT I DENTI FI ER
}

i f I ndex OBJ ECT- TYPE
SYNTAX I NTEGER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"A uni que val ue f or each i nterf ace. I ts val ue ranges
between 1 and the val ue of i f Number. The val ue f or each
each i nterf ace must remai n constant at l east f romone
rei ni ti al i zati on of the enti ty' s network- management
systemto the next rei ni ti al i zati on. "

: : ={ i f Entry 1 }

i f Descr OBJ ECT- TYPE
SYNTAX Di spl ayStri ng (SI ZE (0. . 255))
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"A textual stri ng contai ni ng i nf ormati on about the
i nterf ace. Thi s stri ng shoul d i ncl ude the name of
the manuf acturer, the product name, and the versi on
of the hardware i nterf ace. "
: : ={ i f Entry 2 }

END
The f i r st l i ne of t hi s f i l e def i nes t he name of t he MI B, i n
t hi s case RFC1213- MI B. ( RFC 1213 i s t he RFC t hat def i nes MI B- I I ;
many of t he MI Bs we r ef er t o ar e def i ned by RFCs) . The f or mat
of t hi s def i ni t i on i s al ways t he same. The I MPORTS sect i on of t he
MI B i s somet i mes r ef er r ed t o as t he l i nkage sect i on. I t al l ows
you t o i mpor t dat at ypes and OI Ds f r omot her MI B f i l es usi ng t he
I MPORTS cl ause. Thi s MI B i mpor t s t he f ol l owi ng i t ems f r omRFC1155-
SMI ( RFC 1155 def i nes SMI v1, whi ch we di scussed ear l i er i n t hi s
chapt er ) :
mgmt
NetworkAddress
I pAddress
Counter
Gauge
Ti meTi cks
I t al so i mpor t s OBJ ECT- TYPE f r omRFC 1212, t he Conci se MI B
Def i ni t i on, whi ch def i nes how MI B f i l es ar e wr i t t en. Each gr oup
of i t ems i mpor t ed usi ng t he I MPORTS cl ause uses a FROM cl ause t o
def i ne t he MI B f i l e f r omwhi ch t he obj ect s ar e t aken.
The OI Ds t hat wi l l be used t hr oughout t he r emai nder of t he MI B
f ol l ow t he l i nkage sect i on. Thi s gr oup of l i nes set s up t he t op
l evel of t he mi b- 2 subt r ee. mi b- 2 i s def i ned as mgmt f ol l owed
by . 1. We saw ear l i er t hat mgmt was equi val ent t o 1. 3. 6. 1. 2.
Ther ef or e, mi b- 2 i s equi val ent t o 1. 3. 6. 1. 2. 1. Li kewi se, t he
i nt er f aces gr oup under mi b- 2 i s def i ned as { mi b- 2 2 }, or
1. 3. 6. 1. 2. 1. 2.
Af t er t he OI Ds ar e def i ned, we get t o t he act ual obj ect
def i ni t i ons. Ever y obj ect def i ni t i on has t he f ol l owi ng f or mat :
<name>OBJ ECT- TYPE
SYNTAX <datatype>
ACCESS <ei ther readonl y, read- wri te, wri te- onl y, or not- accessi bl e>
STATUS <ei ther mandatory, opti onal , or obsol ete>
DESCRI PTI ON
"Textual descri pti on descri bi ng thi s parti cul ar managed obj ect. "
: : ={ <Uni que OI D that def i nes thi s obj ect>}
The f i r st managed obj ect i n our subset of t he MI B- I I def i ni t i on
i s i f Tabl e, whi ch r epr esent s a t abl e of net wor k i nt er f aces on a
managed devi ce ( not e t hat obj ect names ar e def i ned usi ng mi xed
case, wi t h t he f i r st l et t er i n l ower case) . Her e i s i t s
def i ni t i on usi ng ASN. 1 not at i on:
i f Tabl e OBJ ECT- TYPE
SYNTAX SEQUENCE OF I f Entry
STATUS mandatory

DESCRI PTI ON
"A l i st of i nterf ace entri es. The number of entri es i s gi ven by
the val ue of i f Number. "
: : ={ i nterf aces 2 }
The SYNTAX of i f Tabl e i s SEQUENCE OF I f Entry. Thi s means t hat i f Tabl e
i s a t abl e cont ai ni ng t he col umns def i ned i n I f Ent r y. The
obj ect i s not- accessi bl e, whi ch means t hat t her e i s no way t o quer y
an agent f or t hi s obj ect ' s val ue. I t s st at us i s mandatory, whi ch
means an agent must i mpl ement t hi s obj ect i n or der t o compl y
wi t h t he MI B- I I speci f i cat i on. The DESCRI PTI ON descr i bes what
exact l y t hi s obj ect i s. The uni que OI D i s 1. 3. 6. 1. 2. 1. 2. 2, or
i so. or g. dod. i nt er net . mgmt . i nt er f aces. 2.
Let ' s now l ook at t he SEQUENCE def i ni t i on f r omt he MI B f i l e
ear l i er i n t hi s sect i on, whi ch i s used wi t h t he SEQUENCE OF t ype
i n t he i f Tabl e def i ni t i on:
I f Entry : : =
SEQUENCE {
i f I ndex
I NTEGER,
i f Descr
Di spl ayStri ng,
i f Type
I NTEGER,
i f Mtu
I NTEGER,
.
.
.
i f Speci f i c
OBJ ECT I DENTI FI ER
}
Not e t hat t he name of t he sequence ( I f Ent r y) i s mi xed- case, but
t he f i r st l et t er i s capi t al i zed, unl i ke t he obj ect def i ni t i on
f or i f Tabl e. Thi s i s how a sequence name i s def i ned. A sequence
i s si mpl y a l i st of col umnar obj ect s and t hei r SMI dat at ypes,
whi ch def i nes a concept ual t abl e. I n t hi s case, we expect t o
f i nd var i abl es def i ned by i f I ndex, i f Descr , i f Type, et c. Thi s
t abl e can cont ai n any number of r ows; i t ' s up t o t he agent t o
manage t he r ows t hat r esi de i n t he t abl e. I t i s possi bl e f or an
NMS t o add r ows t o a t abl e. Thi s oper at i on i s cover ed l at er , i n
Sect i on 2. 6. 4.
Now t hat we have I f Ent r y t o speci f y what we' l l f i nd i n any r ow
of t he t abl e, we can l ook back t o t he def i ni t i on of i f Ent r y
( t he act ual r ows of t he t abl e) i t sel f :
i f Entry OBJ ECT- TYPE
SYNTAX I f Entry
STATUS mandatory
DESCRI PTI ON
"An i nterf ace entry contai ni ng obj ects at the subnetwork l ayer

and bel owf or a parti cul ar i nterf ace. "
I NDEX { i f I ndex }
: : ={ i f Tabl e 1 }
i f Ent r y def i nes a par t i cul ar r ow i n t he i f Tabl e. I t s def i ni t i on
i s al most i dent i cal t o t hat of i f Tabl e, except we have
i nt r oduced a new cl ause, I NDEX. The i ndex i s a uni que key used
t o def i ne a si ngl e r ow i n t he i f Tabl e. I t ' s up t o t he agent t o
make sur e t he i ndex i s uni que wi t hi n t he cont ext of t he t abl e.
I f a r out er has si x i nt er f aces, i f Tabl e wi l l have si x r ows i n
i t . i f Ent r y' s OI D i s 1. 3. 6. 1. 2. 1. 2. 2. 1, or
i so. or g. dod. i nt er net . mgmt . i nt er f aces. i f Tabl e. i f Ent r y. The i ndex
f or i f Ent r y i s i f I ndex, whi ch i s def i ned as:
i f I ndex OBJ ECT- TYPE
SYNTAX I NTEGER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"A uni que val ue f or each i nterf ace. I ts val ue ranges between
1 and the val ue of i f Number. The val ue f or each i nterf ace
must remai n constant at l east f romone rei ni ti al i zati on of the
enti ty' s network- management systemto the next rei ni ti al i zati on. "
: : ={ i f Entry 1 }
The i f I ndex obj ect i s readonl y, whi ch means we can see i t s
val ue, but we cannot change i t . The f i nal obj ect our MI B
def i nes i s i f Descr , whi ch i s a t ext ual descr i pt i on f or t he
i nt er f ace r epr esent ed by t hat par t i cul ar r ow i n t he i f Tabl e.
Our MI B exampl e ends wi t h t he END cl ause, whi ch mar ks t he end
of t he MI B. I n t he act ual MI B- I I f i l es, each obj ect l i st ed i n
t he I f Ent r y sequence has i t s own obj ect def i ni t i on. I n t hi s
ver si on of t he MI B we l i st onl y t wo of t hem, i n t he i nt er est of
conser vi ng space.

2. 4 Ext ensi ons t o t he SMI i n Versi on 2
SMI v2 ext ends t he SMI obj ect t r ee by addi ng t he snmpV2 br anch
t o t he i nt er net subt r ee, addi ng sever al new dat at ypes, and
maki ng a number of ot her changes. Fi gur e 2- 3 shows how t he
snmpV2 obj ect s f i t i nt o t he bi gger pi ct ur e; t he OI D f or t hi s
new br anch i s 1. 3. 6. 1. 6. 3. 1. 1, or
i so. or g. dod. i nt er net . snmpV2. snmpModul es. snmpMI B. snmpMI BObj ect s.
SMI v2 al so def i nes some new dat at ypes, whi ch ar e summar i zed i n
Tabl e 2- 2.
Fi gure 2- 3. SMI v2 regi st rat i on t ree f or SNMPv2

Tabl e 2- 2. NewDat at ypes f or SMI v2
Datatype Description
I nteger32 Same as an I NTEGER.
Counter32 Same as a Counter.
Gauge32 Same as a Gauge.
Unsi gned32
Repr esent s deci mal val ues i n t he r ange of 0 t o 2
32
- 1
i ncl usi ve.
Counter64
Si mi l ar t o Counter32, but i t s maxi mumval ue i s
18, 446, 744, 073, 709, 551, 615. Counter64 i s i deal f or
si t uat i ons i n whi ch a Counter32 may wr ap back t o 0 i n a
shor t amount of t i me.
BI TS An enumer at i on of nonnegat i ve named bi t s.
The def i ni t i on of an obj ect i n SMI v2 has changed sl i ght l y f r om
SMI v1. Ther e ar e some new opt i onal f i el ds, gi vi ng you mor e
cont r ol over how an obj ect i s accessed, al l owi ng you t o augment
a t abl e by addi ng mor e col umns, and l et t i ng you gi ve bet t er
descr i pt i ons. Her e' s t he synt ax of an obj ect def i ni t i on f or
SMI v2. The changed par t s ar e i n bol d:
<name>OBJ ECT- TYPE
SYNTAX <datatype>

Uni tsParts <Opti onal , see bel ow>
MAX- ACCESS <See bel ow>
STATUS <See bel ow>
DESCRI PTI ON
"Textual descri pti on descri bi ng thi s parti cul ar managed obj ect. "
AUGMENTS { <name of tabl e>}
: : ={ <Uni que OI D that def i nes thi s obj ect>}
Tabl e 2- 3 br i ef l y descr i bes t he obj ect def i ni t i on enhancement s
made i n SMI v2.
Tabl e 2- 3. SMI v2 Obj ect Def i ni t i on Enhancement s
Object
Definition
Enhancement
Description
Uni tsParts
A t ext ual descr i pt i on of t he uni t s ( i . e. ,
seconds, mi l l i seconds, et c. ) used t o r epr esent
t he obj ect .
MAX- ACCESS
An OBJ ECT- TYPE' s ACCESS can be MAX- ACCESS i n SNMPv2. The
val i d opt i ons f or MAX- ACCESS ar e readonl y, read- wri te,
read- create, not- accessi bl e, and accessi bl e- f or- noti f y.
STATUS
Thi s cl ause has been ext ended t o al l ow t he
current, obsol ete, and deprecated keywor ds. current i n
SNMPv2 i s t he same as mandatory i n an SNMPv1 MI B.
AUGMENTS
I n some cases i t i s usef ul t o add a col umn t o an
exi st i ng t abl e. The AUGMENTS cl ause al l ows you t o
ext end a t abl e by addi ng one or mor e col umns,
r epr esent ed by some ot her obj ect . Thi s cl ause
r equi r es t he name of t he t abl e t he obj ect wi l l
augment .
SMI v2 def i nes a new t r ap t ype cal l ed NOTI FI CATI ON- TYPE, whi ch we
wi l l di scuss l at er i n Sect i on 2. 6. 7. SMI v2 al so i nt r oduces new
t ext ual convent i ons t hat al l ow managed obj ect s t o be cr eat ed i n
mor e abst r act ways. RFC 2579 def i nes t he t ext ual convent i ons
used by SNMPv2, whi ch ar e l i st ed i n Tabl e 2- 4.
Tabl e 2- 4. Text ual Convent i ons f or SMI v2
Textual
Convention
Description
Di spl ayStri ng
A st r i ng of NVT ASCI I char act er s. A Di spl ayStri ng can
be no mor e t han 255 char act er s i n l engt h.
PhysAddress
A medi a- or physi cal - l evel addr ess, r epr esent ed as
an OCTET STRI NG.
MacAddress
Def i nes t he medi a- access addr ess f or I EEE 802 ( t he

st andar d f or l ocal ar ea net wor ks) i n canoni cal
[ 5]

or der . ( I n ever yday l anguage, t hi s means t he
Et her net addr ess. ) Thi s addr ess i s r epr esent ed as
si x oct et s.
TruthVal ue Def i nes bot h true and f al se Bool ean val ues.
TestAndI ncr
Used t o keep t wo management st at i ons f r om
modi f yi ng t he same managed obj ect at t he same
t i me.
AutonomousType
An OI D used t o def i ne a subt r ee wi t h addi t i onal
MI B- r el at ed def i ni t i ons.
Vari abl ePoi nter
A poi nt er t o a par t i cul ar obj ect i nst ance, such as
t he i f Descr f or i nt er f ace 3. I n t hi s case, t he
Vari abl ePoi nter woul d be t he OI D i f Descr . 3.
RowPoi nter
A poi nt er t o a r ow i n a t abl e. For exampl e,
i f I ndex. 3 poi nt s t o t he t hi r d r ow i n t he i f Tabl e.
RowStatus
Used t o manage t he cr eat i on and del et i on of r ows
i n a t abl e, si nce SNMP has no way of doi ng t hi s
vi a t he pr ot ocol i t sel f . RowStatus can keep t r ack of
t he st at e of a r ow i n a t abl e, as wel l as r ecei ve
commands f or cr eat i on and del et i on of r ows. Thi s
t ext ual convent i on i s desi gned t o pr omot e t abl e
i nt egr i t y when mor e t han one manager i s updat i ng
r ows. The f ol l owi ng enumer at ed t ypes def i ne t he
commands and st at e var i abl es: acti ve(1), notI nServi ce(2),
notReady(3), createAndGo(4), createAndWai t(5), anddestroy(6).
Ti meStamp
Measur es t he amount of t i me el apsed bet ween t he
devi ce' s syst emupt i me and some event or
occur r ence.
Ti meI nterval
Measur es a per i od of t i me i n hundr edt hs of a
second. Ti meI nterval can t ake any i nt eger val ue f r om
0- 2147483647.
DateAndTi me
An OCTET STRI NG used t o r epr esent dat e- and- t i me
i nf or mat i on.
StorageType
Def i nes t he t ype of memor y an agent uses. The
possi bl e val ues ar e other(1), vol ati l e(2), nonVol ati l e(3),
permanent(4), andreadOnl y(5).
TDomai n Denot es a ki nd of t r anspor t ser vi ce.
TAddress
Denot es t he t r anspor t ser vi ce addr ess. TAddress i s
def i ned t o be f r om1- 255 oct et s i n l engt h.

[5]
Canoni cal order means that the address shoul d be represented
wi th the l east- si gni f i cant bi t f i rst.
2. 5 A Cl oser Look at MI B- I I
MI B- I I i s a ver y i mpor t ant management gr oup, because ever y
devi ce t hat suppor t s SNMP must al so suppor t MI B- I I . Ther ef or e,
we wi l l use obj ect s f r omMI B- I I i n our exampl es t hr oughout t hi s
book. We won' t go i nt o det ai l about ever y obj ect i n t he MI B;
we' l l si mpl y def i ne t he subt r ees. The sect i on of RFC1213- MI B
t hat def i nes t he base OI Ds f or t he mi b- 2 subt r ee l ooks l i ke
t hi s:
mi b- 2 OBJ ECT I DENTI FI ER : : ={ mgmt 1 }
system OBJ ECT I DENTI FI ER : : ={ mi b- 2 1 }
i nterf aces OBJ ECT I DENTI FI ER : : ={ mi b- 2 2 }
at OBJ ECT I DENTI FI ER : : ={ mi b- 2 3 }
i cmp OBJ ECT I DENTI FI ER : : ={ mi b- 2 5 }
tcp OBJ ECT I DENTI FI ER : : ={ mi b- 2 6 }
udp OBJ ECT I DENTI FI ER : : ={ mi b- 2 7 }
egp OBJ ECT I DENTI FI ER : : ={ mi b- 2 8 }
transmi ssi on OBJ ECT I DENTI FI ER : : ={ mi b- 2 10 }
snmp OBJ ECT I DENTI FI ER : : ={ mi b- 2 11 }
mi b- 2 i s def i ned as i so. or g. dod. i nt er net . mgmt . 1, or
1. 3. 6. 1. 2. 1. Fr omher e, we can see t hat t he syst emgr oup i s mi b-
2 1, or 1. 3. 6. 1. 2. 1. 1, and so on. Fi gur e 2- 4 shows t he MI B- I I
subt r ee of t he mgmt br anch.
Fi gure 2- 4. MI B- I I subt ree

Tabl e 2- 5 br i ef l y descr i bes each of t he management gr oups
def i ned i n MI B- I I . We don' t go i nt o gr eat det ai l about each

gr oup, si nce you can pul l down RFC 1213 and r ead t he MI B
your sel f .
Tabl e 2- 5. Bri ef Descri pt i on of t he MI B- I I Groups
Subtree Name OID Description
syst em 1. 3. 6. 1. 2. 1. 1
Def i nes a l i st of obj ect s t hat
per t ai n t o syst emoper at i on, such as
t he syst emupt i me, syst emcont act ,
and syst emname.
i nt er f aces 1. 3. 6. 1. 2. 1. 2
Keeps t r ack of t he st at us of each
i nt er f ace on a managed ent i t y. The
i nt er f aces gr oup moni t or s whi ch
i nt er f aces ar e up or down and t r acks
such t hi ngs as oct et s sent and
r ecei ved, er r or s and di scar ds, et c.
at 1. 3. 6. 1. 2. 1. 3
The addr ess t r ansl at i on ( at ) gr oup
i s depr ecat ed and i s pr ovi ded onl y
f or backwar d compat i bi l i t y. I t wi l l
pr obabl y be dr opped f r omMI B- I I I .
i p 1. 3. 6. 1. 2. 1. 4
Keeps t r ack of many aspect s of I P,
i ncl udi ng I P r out i ng.
i cmp 1. 3. 6. 1. 2. 1. 5
Tr acks t hi ngs such as I CMP er r or s,
di scar ds, et c.
t cp 1. 3. 6. 1. 2. 1. 6
Tr acks, among ot her t hi ngs, t he
st at e of t he TCP connect i on ( e. g. ,
cl osed, l i st en, synSent , et c. ) .
udp 1. 3. 6. 1. 2. 1. 7
Tr acks UDP st at i st i cs, dat agr ams i n
and out , et c.
egp 1. 3. 6. 1. 2. 1. 8
Tr acks var i ous st at i st i cs about EGP
and keeps an EGP nei ghbor t abl e.
t r ansmi ssi on 1. 3. 6. 1. 2. 1. 10
Ther e ar e cur r ent l y no obj ect s
def i ned f or t hi s gr oup, but ot her
medi a- speci f i c MI Bs ar e def i ned
usi ng t hi s subt r ee.
snmp 1. 3. 6. 1. 2. 1. 11
Measur es t he per f or mance of t he
under l yi ng SNMP i mpl ement at i on on
t he managed ent i t y and t r acks t hi ngs
such as t he number of SNMP packet s
sent and r ecei ved.

2. 6 SNMP Operat i ons
We' ve di scussed how SNMP or gani zes i nf or mat i on, but we' ve l ef t
out how we act ual l y go about gat her i ng management i nf or mat i on.
Now, we' r e goi ng t o t ake a l ook under t he hood t o see how SNMP
does i t s t hi ng.
The Protocol Data Unit ( PDU) i s t he message f or mat t hat
manager s and agent s use t o send and r ecei ve i nf or mat i on. Ther e
i s a st andar d PDU f or mat f or each of t he f ol l owi ng SNMP
oper at i ons:
get
get-next
get-bulk (SNMPv2 and SNMPv3)
set
get-response
trap
notification (SNMPv2 and SNMPv3)
inform (SNMPv2 and SNMPv3)
report (SNMPv2 and SNMPv3)
Let ' s t ake a l ook at each of t hese oper at i ons.
2. 6. 1 The get Operat i on
The get r equest i s i ni t i at ed by t he NMS, whi ch sends t he
r equest t o t he agent . The agent r ecei ves t he r equest and
pr ocesses i t t o best of i t s abi l i t y. Some devi ces t hat ar e
under heavy l oad, such as r out er s, may not be abl e t o r espond
t o t he r equest and wi l l have t o dr op i t . I f t he agent i s
successf ul i n gat her i ng t he r equest ed i nf or mat i on, i t sends a
get-response back t o t he NMS, wher e i t i s pr ocessed. Thi s
pr ocess i s i l l ust r at ed i n Fi gur e 2- 5.
Fi gure 2- 5. get request sequence

How di d t he agent know what t he NMS was l ooki ng f or ? One of t he
i t ems i n t he get r equest i s a variable binding. A var i abl e
bi ndi ng, or var bi nd, i s a l i st of MI B obj ect s t hat al l ows a
r equest ' s r eci pi ent t o see what t he or i gi nat or want s t o know.
Var i abl e bi ndi ngs can be t hought of as OI D=val ue pai r s t hat

make i t easy f or t he or i gi nat or ( t he NMS, i n t hi s case) t o pi ck
out t he i nf or mat i on i t needs when t he r eci pi ent f i l l s t he
r equest and sends back a r esponse. Let ' s l ook at t hi s oper at i on
i n act i on:
$ snmpget ci sco. ora. compubl i c . 1. 3. 6. 1. 2. 1. 1. 6. 0
system. sysLocati on. 0 =""

Al l t he Uni x commands pr esent ed i n t hi s chapt er
come f r omt he Net - SNMP agent package ( f or mer l y
t he UCD- SNMP pr oj ect ) , a f r eel y avai l abl e Uni x
and Wi ndows NT agent . Chapt er 5 pr ovi des a URL
f r omwhi ch you can downl oad t he package. The
commands i n t hi s package ar e summar i zed i n
Appendi x C.

Sever al t hi ngs ar e goi ng on i n t hi s exampl e. Fi r st , we' r e
r unni ng a command on a Uni x host . The command i s cal l ed
snmpget. I t s mai n j ob i s t o f aci l i t at e t he gat her i ng of
management dat a usi ng a get r equest . We' ve gi ven i t t hr ee
ar gument s on t he command l i ne: t he name of t he devi ce we woul d
l i ke t o quer y ( ci sco. or a. com) , t he r eadonl y communi t y st r i ng
( publ i c) , and t he OI D we woul d l i ke gat her ed
( . 1. 3. 6. 1. 2. 1. 1. 6. 0) . I f we l ook back at Tabl e 2- 5 we see t hat
1. 3. 6. 1. 2. 1. 1 i s t he syst emgr oup, but t her e ar e t wo mor e
i nt eger s at t he end of t he OI D: . 6 and . 0. The . 6 i s act ual l y
t he MI B var i abl e t hat we wi sh t o quer y; i t s human- r eadabl e name
i s sysLocat i on. I n t hi s case, we woul d l i ke t o see what t he
syst eml ocat i on i s set t o on t he Ci sco r out er . As you can see
by t he r esponse ( system. sysLocati on. 0 = "") , t he syst eml ocat i on on
t hi s r out er cur r ent l y i s not set t o anyt hi ng. Al so not e t hat
t he r esponse f r omsnmpget i s i n var i abl e bi ndi ng f or mat ,
OI D=val ue.
Ther e i s one mor e t hi ng t o l ook at . Why does t he MI B var i abl e
have a . 0 t acked on t he end? I n SNMP, MI B obj ect s ar e def i ned
by t he convent i on x. y, wher e x i s t he act ual OI D of t he managed
obj ect ( i n our exampl e, 1. 3. 6. 1. 2. 1. 1. 6 ) and y i s t he i nst ance
i dent i f i er . For scal ar obj ect s ( t hat i s, obj ect s t hat ar en' t
def i ned as a r ow i n a t abl e) y i s al ways 0. I n t he case of a
t abl e, t he i nst ance i dent i f i er l et s you sel ect a speci f i c r ow
of t he t abl e; 1 i s t he f i r st r ow, 2 i s t he second r ow, et c. For
exampl e, consi der t he i f Tabl e obj ect we l ooked at ear l i er i n
t hi s chapt er . When l ooki ng up val ues i n t he i f Tabl e, we woul d
use a nonzer o i nst ance i dent i f i er t o sel ect a par t i cul ar r ow i n
t he t abl e ( i n t hi s case, a par t i cul ar net wor k i nt er f ace) .

Gr aphi cal NMS appl i cat i ons, whi ch i ncl ude most
commer ci al packages, do not use command- l i ne
pr ogr ams t o r et r i eve management i nf or mat i on. We
use t hese commands t o gi ve you a f eel f or how
t he r et r i eval commands wor k and what t hey
t i l l t Th i f t i hi l

t ypi cal l y r et ur n. The i nf or mat i on a gr aphi cal
NMS r et r i eves and i t s r et r i eval pr ocess ar e
i dent i cal t o t hese command- l i ne pr ogr ams; t he
NMS j ust l et s you f or mul at e quer i es and di spl ays
t he r esul t s usi ng a mor e conveni ent GUI .

The getcommand i s usef ul f or r et r i evi ng a si ngl e MI B obj ect at
a t i me. Tr yi ng t o manage anyt hi ng i n t hi s manner can be a wast e
of t i me, t hough. Thi s i s wher e t he get-next command comes i n.
I t al l ows you t o r et r i eve mor e t han one obj ect f r oma devi ce,
over a per i od of t i me.
2. 6. 2 The get - next Operat i on
The get-next oper at i on l et s you i ssue a sequence of commands t o
r et r i eve a gr oup of val ues f r oma MI B. I n ot her wor ds, f or each
MI B obj ect we want t o r et r i eve, a separ at e get-next r equest and
get-response ar e gener at ed. The get-next command t r aver ses a
subt r ee i n l exi cogr aphi c or der . Si nce an OI D i s a sequence of
i nt eger s, i t ' s easy f or an agent t o st ar t at t he r oot of i t s
SMI obj ect t r ee and wor k i t s way down unt i l i t f i nds t he OI D i t
i s l ooki ng f or . When t he NMS r ecei ves a r esponse f r omt he agent
f or t he get-next command i t j ust i ssued, i t i ssues anot her get-
next command. I t keeps doi ng t hi s unt i l t he agent r et ur ns an
er r or , si gni f yi ng t hat t he end of t he MI B has been r eached and
t her e ar e no mor e obj ect s l ef t t o get .
I f we l ook at anot her exampl e, we can see t hi s behavi or i n
act i on. Thi s t i me we' l l use a command cal l ed snmpwalk. Thi s
command si mpl y f aci l i t at es t he get-next pr ocedur e f or us. I t ' s
i nvoked j ust l i ke t he snmpget command, except t hi s t i me we
speci f y whi ch br anch t o st ar t at ( i n t hi s case, t he syst em
gr oup) :
$snmpwal k ci sco. ora. compubl i c syst em
system. sysDescr. 0 ="Ci sco I nternetwork Operati ng SystemSof tware
. . I OS (tm) 2500 Sof tware (C2500- I - L), Versi on 11. 2(5), RELEASE
SOFTWARE (f c1). . Copyri ght (c) 1986- 1997 by ci sco Systems, I nc. . .
Compi l ed Mon 31- Mar- 97 19: 53 by ckral i k"
system. sysObj ectI D. 0 =OI D: enterpri ses. 9. 1. 19
system. sysUpTi me. 0 =Ti meti cks: (27210723) 3 days, 3: 35: 07. 23
system. sysContact. 0 =""
system. sysName. 0 ="ci sco. ora. com"
system. sysServi ces. 0 =6
The get-next sequence r et ur ns seven MI B var i abl es. Each of
t hese obj ect s i s par t of t he syst emgr oup as i t ' s def i ned i n
RFC 1213. We see a syst emobj ect I D, t he amount of t i me t he
syst emhas been up, t he cont act per son, et c.
Gi ven t hat you' ve j ust l ooked up some obj ect , how does get-next
f i gur e out whi ch obj ect t o l ook up next ? get-next i s based on
t he concept of t he l exi cogr aphi c or der i ng of t he MI B' s obj ect

t r ee. Thi s or der i s made much si mpl er because ever y node i n t he
t r ee i s assi gned a number . To under st and what t hi s means, l et ' s
st ar t at t he r oot of t he t r ee and wal k down t o t he syst emnode.
To get t o t he syst emgr oup ( OI D 1. 3. 6. 1. 2. 1. 1) , we st ar t at t he
r oot of t he obj ect t r ee and wor k our way down. Fi gur e 2- 6 shows
t he l ogi cal pr ogr essi on f r omt he r oot of t he t r ee al l t he way
t o t he syst emgr oup. At each node i n t he t r ee, we vi si t t he
l owest - number ed br anch. Thus, when we' r e at t he r oot node, we
st ar t by vi si t i ng cci t t . Thi s node has no nodes under neat h i t ,
so we move t o t he i so node. Si nce i so does have a chi l d we move
t o t hat node, or g. The pr ocess cont i nues unt i l we r each t he
syst emnode. Si nce each br anch i s made up of ascendi ng i nt eger s
( cci t t ( 0) i so( 1) j oi n( 2) , f or exampl e) , t he agent has no
pr obl emt r aver si ng t hi s t r ee st r uct ur e al l t he way down t o t he
syst em( 1) gr oup. I f we wer e t o cont i nue t hi s wal k, we' d pr oceed
t o syst em. 1 ( syst em. sysLocat i on) , syst em. 2, and t he ot her
obj ect s i n t he syst emgr oup. Next , we' d go t o i nt er f aces( 2) ,
and so on.
Fi gure 2- 6. Wal ki ng t he MI B t ree

2. 6. 3 The get - bul k Operat i on
SNMPv2 def i nes t he get-bulk oper at i on, whi ch al l ows a
management appl i cat i on t o r et r i eve a l ar ge sect i on of a t abl e
at once. The st andar d get oper at i on can at t empt t o r et r i eve
mor e t han one MI B obj ect at once, but message si zes ar e l i mi t ed
by t he agent ' s capabi l i t i es. I f t he agent can' t r et ur n al l t he
r equest ed r esponses, i t r et ur ns an er r or message wi t h no dat a.

The get-bulk oper at i on, on t he ot her hand, t el l s t he agent t o
send as much of t he r esponse back as i t can. Thi s means t hat
i ncompl et e r esponses ar e possi bl e. Two f i el ds must be set when
i ssui ng a get-bulk command: nonr epeat er s and max- r epet i t i ons.
Nonr epeat er s t el l s t he get-bulk command t hat t he f i r st N
obj ect s can be r et r i eved wi t h a si mpl e get-next oper at i on. Max-
r epet i t i ons t el l s t he get-bulk command t o at t empt up t o M get-
next oper at i ons t o r et r i eve t he r emai ni ng obj ect s. Fi gur e 2- 7
shows t he get-bulk command sequence.
Fi gure 2- 7. get - bul k request sequence

I n Fi gur e 2- 7, we' r e r equest i ng t hr ee bi ndi ngs: sysDescr ,
i f I nOct et s, and i f Out Oct et s. The t ot al number of var i abl e
bi ndi ngs t hat we' ve r equest ed i s gi ven by t he f or mul a N + ( M *
R) , wher e N i s t he number of nonr epeat er s ( i . e. , scal ar obj ect s
i n t he r equest - - i n t hi s case 1, because sysDescr i s t he onl y
scal ar obj ect ) , M i s max- r epet i t i ons ( i n t hi s case, we' ve set
i t ar bi t r ar i l y t o 3) , and R i s t he number of nonscal ar obj ect s
i n t he r equest ( i n t hi s case 2, because i f I nOct et s and
i f Out Oct et s ar e bot h nonscal ar ) . Pl uggi ng i n t he number s f r om
t hi s exampl e, we get 1 + ( 3 * 2) = 7, whi ch i s t he t ot al number
of var i abl e bi ndi ngs t hat can be r et ur ned by t hi s get-bulk
r equest .
The Net - SNMP package comes wi t h a command f or i ssui ng get-bulk
quer i es. I f we execut e t hi s command usi ng al l t he par amet er s
pr evi ousl y di scussed, i t wi l l l ook l i ke t he f ol l owi ng:
$ snmpbul kget - v2c - B 1 3 l i nux. ora. compubl i c sysDescr i f I nOct et s i f Out Oct et s
system. sysDescr. 0 ="Li nux l i nux 2. 2. 5- 15 #3 Thu May 27 19: 33: 18 EDT 1999 i 686"
i nterf aces. i f Tabl e. i f Entry. i f I nOctets. 1 =70840
i nterf aces. i f Tabl e. i f Entry. i f OutOctets. 1 =70840
Si nce get-bulk i s an SNMPv2 command, you have t o t el l
snmpgetbulk t o use an SNMPv2 PDU wi t h t he -v2c opt i on. The
nonr epeat er s and max- r epet i t i ons ar e set wi t h t he -B 1 3
opt i on. Thi s set s nonr epeat er s t o 1 and max- r epet i t i ons t o 3.
Not i ce t hat t he command r et ur ned seven var i abl e bi ndi ngs: one
f or sysDescr and t hr ee each f or i f I nOct et s and i f Out Oct et s.
2. 6. 4 The set Operat i on

The set command i s used t o change t he val ue of a managed obj ect
or t o cr eat e a new r ow i n a t abl e. Obj ect s t hat ar e def i ned i n
t he MI B as r ead- wr i t e or wr i t e- onl y can be al t er ed or cr eat ed
usi ng t hi s command. I t i s possi bl e f or an NMS t o set mor e t han
one obj ect at a t i me.
Fi gure 2- 8. set request sequence

Fi gur e 2- 8 shows t he set r equest sequence. I t ' s si mi l ar t o t he
ot her commands we' ve seen so f ar , but i t i s act ual l y changi ng
somet hi ng i n t he devi ce' s conf i gur at i on, as opposed t o j ust
r et r i evi ng a r esponse t o a quer y. I f we l ook at an exampl e of
an act ual set, you wi l l see t he command t ake pl ace. The
f ol l owi ng exampl e quer i es t he sysLocat i on var i abl e, t hen set s
i t t o a val ue:
$ snmpget ci sco. ora. compubl i c syst em. sysLocat i on. 0
$ snmpset ci sco. ora. compri vat e syst em. sysLocat i on. 0 s "At l ant a, GA"
system. sysLocati on. 0 ="Atl anta, GA"
$ snmpget ci sco. ora. compubl i c syst em. sysLocat i on. 0
system. sysLocati on. 0 ="Atl anta, GA"
The f i r st command i s t he f ami l i ar get command, whi ch di spl ays
t he cur r ent val ue of sysLocat i on. I n one of t he pr evi ous
exampl es we saw t hat i t was undef i ned; t hi s i s st i l l t he case.
The second command i s snmpset. For t hi s command, we suppl y t he
host name, t he r ead- wr i t e communi t y st r i ng ( pr i vat e) , and t he
var i abl e we want t o set ( syst em. sysLocat i on. 0) , t oget her wi t h
i t s new val ue ( s "Atl anta, GA") . The s t el l s snmpset t hat we want
t o set t he val ue of sysLocat i on t o a st r i ng; and "Atl anta, GA" i s
t he new val ue i t sel f . How do we know t hat sysLocat i on r equi r es
a st r i ng val ue? The def i ni t i on of sysLocat i on i n RFC 1213 l ooks
l i ke t hi s:
sysLocati on OBJ ECT- TYPE
ACCESS read- wri te
STATUS mandatory
DESCRI PTI ON
"The physi cal l ocati on of thi s node (e. g. , ' tel ephone cl oset,
3rd f l oor' ). "
: : ={ system6 }
The SYNTAX f or sysLocat i on i s Di spl ayStri ng (SI ZE (0. . 255)), whi ch means
t hat i t ' s a st r i ng wi t h a maxi muml engt h of 255 char act er s. The

snmpset command succeeds and r epor t s t he new val ue of
sysLocat i on. But j ust t o conf i r m, we r un a f i nal snmpget, whi ch
t el l s us t hat t he set act ual l y t ook ef f ect . I t i s possi bl e t o
set mor e t han one obj ect at a t i me, but i f any of t he set s
f ai l , t hey al l f ai l ( i . e. , no val ues ar e changed) . Thi s
behavi or i s i nt ended.
2. 6. 5 get , get - next , get - bul k, and set Error Responses
Er r or r esponses hel p you det er mi ne wet her your get or set
r equest was pr ocessed cor r ect l y by t he agent . The get, get-
next, and set oper at i ons can r et ur n t he er r or r esponses shown
i n Tabl e 2- 6. The er r or st at us f or each er r or i s show i n
par ent heses.
Tabl e 2- 6. SNMPv1 Error Messages
SNMPv1 Error
Message
Description
noError(0) Ther e was no pr obl emper f or mi ng t he r equest .
tooBi g(1)
The r esponse t o your r equest was t oo bi g t o f i t
i nt o one r esponse.
noSuchName(2)
An agent was asked t o get or set an OI D t hat i t
can' t f i nd; i . e. , t he OI D doesn' t exi st .
badVal ue(3)
A r ead- wr i t e or wr i t e- onl y obj ect was set t o an
i nconsi st ent val ue.
readOnl y(4)
Thi s er r or i s gener al l y not used. The noSuchName
er r or i s equi val ent t o t hi s one.
genErr(5)
Thi s i s a cat ch- al l er r or . I f an er r or occur s f or
whi ch none of t he pr evi ous messages i s
appr opr i at e, a genError i s i ssued.
The SNMPv1 er r or messages ar e not ver y r obust . I n an at t empt t o
f i x t hi s pr obl em, SNMPv2 def i nes addi t i onal er r or r esponses
t hat ar e val i d f or get, set, get-next, and get-bulk oper at i ons,
pr ovi ded t hat bot h t he agent and NMS suppor t SNMPv2. These
r esponses ar e l i st ed i n Tabl e 2- 7.
Tabl e 2- 7. SNMPv2 Error Messages
SNMPv2 Error
Message
Description
noAccess(6)
A set t o an i naccessi bl e var i abl e was
at t empt ed. Thi s t ypi cal l y occur s when t he
var i abl e has an ACCESS t ype of not- accessi bl e.

wrongType(7)
An obj ect was set t o a t ype t hat i s di f f er ent
f r omi t s def i ni t i on. Thi s er r or wi l l occur i f
you t r y t o set an obj ect t hat i s of t ype I NTEGER
t o a st r i ng, f or exampl e.
wrongLength(8)
An obj ect ' s val ue was set t o somet hi ng ot her
t han what i t cal l s f or . For i nst ance, a
st r i ng can be def i ned t o have a maxi mum
char act er si ze. Thi s er r or occur s i f you t r y
t o set a st r i ng obj ect t o a val ue t hat
exceeds i t s maxi muml engt h.
wrongEncodi ng(9)
A set oper at i on was at t empt ed usi ng t he wr ong
encodi ng f or t he obj ect bei ng set .
wrongVal ue(10)
A var i abl e was set t o a val ue i t doesn' t
under st and. Thi s can occur when a r ead- wr i t e
i s def i ned as an enumer at i on, and you t r y t o
set i t t o a val ue t hat i s not one of t he
enumer at ed t ypes.
noCreati on(11)
You t r i ed t o set a nonexi st ent var i abl e or
cr eat e a var i abl e t hat doesn' t exi st i n t he
MI B.
i nconsi stentVal ue
A MI B var i abl e i s i n an i nconsi st ent st at e,
and i s not accept i ng any set r equest s.
resourceUnavai l abl e(13)
No syst emr esour ces ar e avai l abl e t o per f or m
a set.
commi tFai l ed(14) Thi s i s a cat ch- al l er r or f or set f ai l ur es.
undoFai l ed(15)
A set f ai l ed and t he agent was unabl e t o r ol l
back al l t he pr evi ous sets up unt i l t he poi nt
of f ai l ur e.
authori zati onError(16)
An SNMP command coul d not be aut hent i cat ed;
i n ot her wor ds, someone has suppl i ed an
i ncor r ect communi t y st r i ng.
notWri tabl e(17)
A var i abl e wi l l not accept a set, even t hough
i t i s supposed t o.
i nconsi stentName(18)
You at t empt ed t o set a var i abl e, but t hat
at t empt f ai l ed because t he var i abl e was i n
some ki nd of i nconsi st ent st at e.
2. 6. 6 SNMP Traps
A t r ap i s a way f or an agent t o t el l t he NMS t hat somet hi ng bad
has happened. I n t he Sect i on 1. 3 of Chapt er 1 we expl or ed t he

not i on of t r aps at a gener al l evel ; now we' l l l ook at t hemi n a
bi t mor e det ai l . Fi gur e 2- 9 shows t he t r ap- gener at i on sequence.
Fi gure 2- 9. Trap generat i on

The t r ap or i gi nat es f r omt he agent and i s sent t o t he t r ap
dest i nat i on, as conf i gur ed wi t hi n t he agent i t sel f . The t r ap
dest i nat i on i s t ypi cal l y t he I P addr ess of t he NMS. No
acknowl edgment i s sent f r omt he NMS t o t he agent , so t he agent
has no way of knowi ng i f t he t r ap makes i t t o t he NMS. Si nce
SNMP uses UDP, and si nce t r aps ar e desi gned t o r epor t pr obl ems
wi t h your net wor k, t r aps ar e especi al l y pr one t o get t i ng l ost
and not maki ng i t t o t hei r dest i nat i ons. However , t he f act t hat
t r aps can get l ost doesn' t make t hemany l ess usef ul ; i n a
wel l - pl anned envi r onment , t hey ar e an i nt egr al par t of net wor k
management . I t ' s bet t er f or your equi pment t o t r y t o t el l you
t hat somet hi ng i s wr ong, even i f t he message may never r each
you, t han si mpl y t o gi ve up and l et you guess what happened.
Her e ar e a f ew si t uat i ons t hat a t r ap mi ght r epor t :
A network interface on the device (where the agent is
running) has gone down.
A network interface on the device (where the agent is
running) has come back up.
An incoming call to a modem rack was unable to establish a
connection to a modem.
The fan on a switch or router has failed.
When an NMS r ecei ves a t r ap, i t needs t o know how t o i nt er pr et
i t ; t hat i s, i t needs t o know what t he t r ap means and how t o
i nt er pr et t he i nf or mat i on i t car r i es. A t r ap i s f i r st
i dent i f i ed by i t s gener i c t r ap number . Ther e ar e seven gener i c
t r ap number s ( 0- 6) , shown i n Tabl e 2- 8. Gener i c t r ap 6 i s a
speci al cat ch- al l cat egor y f or " ent er pr i sespeci f i c" t r aps,
whi ch ar e t r aps def i ned by vendor s or user s t hat f al l out si de
of t he si x gener i c t r ap cat egor i es. Ent er pr i sespeci f i c t r aps
ar e f ur t her i dent i f i ed by an ent er pr i se I D ( i . e. , an obj ect I D
somewher e i n t he ent er pr i ses br anch of t he MI B t r ee,
i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses) and a speci f i c t r ap
number chosen by t he ent er pr i se t hat def i ned t he t r ap. Thus,
t he obj ect I D of an ent er pr i sespeci f i c t r ap i s ent er pr i se-
i d. speci f i c- t r ap- number . For exampl e, when Ci sco def i nes
speci al t r aps f or i t s pr i vat e MI Bs, i t pl aces t hemal l i n i t s

ent er pr i sespeci f i c MI B t r ee
( i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. ci sco) . As we' l l see
i n Chapt er 10, you ar e f r ee t o def i ne your own ent er pr i se-
speci f i c t r aps; t he onl y r equi r ement i s t hat you r egi st er your
own ent er pr i se number wi t h I ANA.
A t r ap i s usual l y packed wi t h i nf or mat i on. As you' d expect ,
t hi s i nf or mat i on i s i n t he f or mof MI B obj ect s and t hei r
val ues; as ment i oned ear l i er , t hese obj ect - val ue pai r s ar e
known as var i abl e bi ndi ngs. For t he gener i c t r aps 0 t hr ough 5,
knowl edge of what t he t r ap cont ai ns i s gener al l y bui l t i nt o t he
NMS sof t war e or t r ap r ecei ver . The var i abl e bi ndi ngs cont ai ned
by an ent er pr i sespeci f i c t r ap ar e det er mi ned by whomever
def i ned t he t r ap. For exampl e, i f a modemi n a modemr ack
f ai l s, t he r ack' s agent may send a t r ap t o t he NMS i nf or mi ng i t
of t he f ai l ur e. The t r ap wi l l most l i kel y be an ent er pr i se-
speci f i c t r ap def i ned by t he r ack' s manuf act ur er ; t he t r ap' s
cont ent s ar e up t o t he manuf act ur er , but i t wi l l pr obabl y
cont ai n enough i nf or mat i on t o l et you det er mi ne exact l y what
f ai l ed ( f or exampl e, t he posi t i on of t he modemcar d i n t he r ack
and t he channel on t he modemcar d) .
Tabl e 2- 8. Generi c Traps
Generic Trap Name and
Number
Definition
col dSt ar t ( 0)
I ndi cat es t hat t he agent has r eboot ed.
Al l management var i abl es wi l l be r eset ;
speci f i cal l y, Counters and Gauges wi l l be
r eset t o zer o ( 0) . One ni ce t hi ng about
t he col dSt ar t t r ap i s t hat i t can be
used t o det er mi ne when new har dwar e i s
added t o t he net wor k. When a devi ce i s
power ed on, i t sends t hi s t r ap t o i t s
t r ap dest i nat i on. I f t he t r ap
dest i nat i on i s set cor r ect l y ( i . e. , t o
t he I P addr ess of your NMS) t he NMS can
r ecei ve t he t r ap and det er mi ne whet her
i t needs t o manage t he devi ce.
war mSt ar t ( 1)
I ndi cat es t hat t he agent has
r ei ni t i al i zed i t sel f . None of t he
management var i abl es wi l l be r eset .
l i nkDown ( 2)
Sent when an i nt er f ace on a devi ce goes
down. The f i r st var i abl e bi ndi ng
i dent i f i es whi ch i nt er f ace went down.
l i nkUp ( 3)
Sent when an i nt er f ace on a devi ce comes
back up. The f i r st var i abl e bi ndi ng
i dent i f i es whi ch i nt er f ace came back up.

aut hent i cat i onFai l ur e
( 4)
I ndi cat es t hat someone has t r i ed t o
quer y your agent wi t h an i ncor r ect
communi t y st r i ng; usef ul i n det er mi ni ng
i f someone i s t r yi ng t o gai n
unaut hor i zed access t o one of your
devi ces.
egpNei ghbor Loss ( 5)
I ndi cat es t hat an Exterior Gateway
Protocol ( EGP) nei ghbor has gone down.
ent er pr i seSpeci f i c
( 6)
I ndi cat es t hat t he t r ap i s ent er pr i se-
speci f i c. SNMP vendor s and user s def i ne
t hei r own t r aps under t he pr i vat e-
ent er pr i se br anch of t he SMI obj ect
t r ee. To pr ocess t hi s t r ap pr oper l y, t he
NMS has t o decode t he speci f i c t r ap
number t hat i s par t of t he SNMP message.
I n Chapt er 1 we ment i oned t hat RFC 1697 i s t he RDBMS MI B. One
of t r aps def i ned by t hi s MI B i s r dbmsOut Of Space :
rdbmsOutOf Space TRAP- TYPE
ENTERPRI SE rdbmsTraps
VARI ABLES { rdbmsSrvI nf oDi skOutOf Spaces }
DESCRI PTI ON
"An rdbmsOutOf Space trap si gni f i es that one of the database
servers managed by thi s agent has been unabl e to al l ocate
space f or one of the databases managed by thi s agent. Care
shoul d be taken to avoi d f l oodi ng the network wi th these traps. "
: : =2
The ent er pr i se i s r dbmsTr aps and t he speci f i c t r ap number i s 2.
Thi s t r ap has one var i abl e bi ndi ng,
r dbmsSr vI nf oDi skOut Of Spaces. I f we l ook el sewher e i n t he MI B,
we wi l l f i nd t hat t hi s var i abl e i s a scal ar obj ect . I t s
def i ni t i on i s:
rdbmsSrvI nf oDi skOutOf Spaces OBJ ECT- TYPE
SYNTAX Counter
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The total number of ti mes the server has been unabl e to obtai n
di sk space that i t wanted, si nce server startup. Thi s woul d be
i nspected by an agent on recei pt of an rdbmsOutOf Space trap. "
: : ={ rdbmsSrvI nf oEntry 9 }
The DESCRI PTI ON f or t hi s obj ect i ndi cat es why t he not e about
t aki ng car e t o avoi d f l oodi ng t he net wor k ( i n t he DESCRI PTI ON t ext
f or t he TRAP- TYPE) i s so i mpor t ant . Ever y t i me t he RDBMS i s
unabl e t o al l ocat e space f or t he dat abase, t he agent wi l l send
a t r ap. A busy ( and f ul l ) dat abase coul d end up sendi ng t hi s
t r ap t housands of t i mes a day.

Some commer ci al RDBMS vendor s, such as Or acl e, pr ovi de an SNMP
agent wi t h t hei r dat abase engi nes. Agent s such as t hese
t ypi cal l y have f unct i onal i t y above and beyond t hat f ound i n t he
RDBMS MI B.
2. 6. 7 SNMP Not i f i cat i on
I n an ef f or t t o st andar di ze t he PDU f or mat of SNMPv1 t r aps
( r ecal l t hat SNMPv1 t r aps have a di f f er ent PDU f or mat f r omget
and set) , SNMPv2 def i nes a NOTI FI CATI ON- TYPE. The PDU f or mat f or
NOTI FI CATI ON- TYPE i s i dent i cal t o t hat f or get and set . RFC 2863
r edef i nes t he l i nkDown gener i c not i f i cat i on t ype l i ke so:
l i nkDown NOTI FI CATI ON- TYPE
OBJ ECTS { i f I ndex, i f Admi nStatus, i f OperStatus }
STATUS current
DESCRI PTI ON
"A l i nkDown trap si gni f i es that the SNMPv2 enti ty, acti ng i n an
agent rol e, has detected that the i f OperStatus obj ect f or one
of i ts communi cati on l i nks l ef t the down state and transi ti oned
i nto some other state (but not i nto the notPresent state). Thi s
other state i s i ndi cated by the i ncl uded val ue of i f OperStatus. "
: : ={ snmpTraps 3 }
The l i st of bi ndi ngs i s cal l ed OBJ ECTS r at her t han VARI ABLES, but
l i t t l e el se has changed. The f i r st obj ect i s t he speci f i c
i nt er f ace ( i f I ndex) t hat t r ansi t i oned f r omt he l i nkDown
condi t i on t o some ot her condi t i on. The OI D f or t hi s t r ap i s
1. 3. 6. 1. 6. 3. 1. 1. 5. 3, or
i so. or g. dod. i nt er net . snmpV2. snmpModul es. snmpMI B. snmpMI BObj ect s.
snmpTr aps. l i nkDown.
2. 6. 8 SNMP i nf orm
Fi nal l y, SNMPv2 pr ovi des an inform mechani sm, whi ch al l ows f or
manager - t o- manager communi cat i on. Thi s oper at i on can be usef ul
when t he need ar i ses f or mor e t han one NMS i n t he net wor k. When
an inform i s sent f r omone NMS t o anot her , t he r ecei ver sends a
r esponse t o t he sender acknowl edgi ng r ecei pt of t he event . Thi s
behavi or i s si mi l ar t o t hat of t he get and setr equest s. Not e
t hat an SNMP inform can be used t o send SNMPv2 t r aps t o an NMS.
I f you use an inform f or t hi s pur pose, t he agent wi l l be
not i f i ed when t he NMS r ecei ves t he t r ap.
2. 6. 9 SNMP report
The report oper at i on was def i ned i n t he dr af t ver si on SNMPv2
but never i mpl ement ed. I t i s now par t of t he SNMPv3
speci f i cat i on and i s i nt ended t o al l ow SNMP engi nes t o
communi cat e wi t h each ot her ( mai nl y t o r epor t pr obl ems wi t h
pr ocessi ng SNMP messages) .
2. 7 Host Management Revi si t ed

Managi ng your host s i s an i mpor t ant par t of net wor k management .
You woul d t hi nk t hat t he Host Resour ces MI B woul d be par t of
ever y host - based SNMP agent , but t hi s i sn' t t he case. Some SNMP
agent s i mpl ement t hi s MI B, but many don' t . A f ew agent s go
f ur t her and i mpl ement pr opr i et ar y ext ensi ons based upon t hi s
MI B. Thi s i s mai nl y due t o t he f act t hat t hi s MI B was i nt ended
t o ser ve as a basi c, wat er ed- down f r amewor k f or host
management , desi gned mai nl y t o f ost er wi de depl oyment .
The Host Resour ces MI B def i nes t he f ol l owi ng seven gr oups:
host OBJ ECT I DENTI FI ER : : ={ mi b- 2 25 }

hrSystem OBJ ECT I DENTI FI ER : : ={ host 1 }
hrStorage OBJ ECT I DENTI FI ER : : ={ host 2 }
hrDevi ce OBJ ECT I DENTI FI ER : : ={ host 3 }
hrSWRun OBJ ECT I DENTI FI ER : : ={ host 4 }
hrSWRunPerf OBJ ECT I DENTI FI ER : : ={ host 5 }
hrSWI nstal l ed OBJ ECT I DENTI FI ER : : ={ host 6 }
The host OI D i s 1. 3. 6. 1. 2. 1. 25 ( i so. or g. dod. i nt er net . mgmt . mi b-
2. host ) . The r emai ni ng si x gr oups def i ne var i ous obj ect s t hat
pr ovi de i nf or mat i on about t he syst em.
The hr Syst em( 1. 3. 6. 1. 2. 1. 25. 1) gr oup def i nes obj ect s t hat
per t ai n t o t he syst emi t sel f . These obj ect s i ncl ude upt i me,
syst emdat e, syst emuser s, and syst empr ocesses.
The hr Devi ce ( 1. 3. 6. 1. 2. 1. 25. 3) and hr St or age
( 1. 3. 6. 1. 2. 1. 25. 2) gr oups def i ne obj ect s per t ai ni ng t o
f i l esyst ems and syst emst or age, such as t ot al syst emmemor y,
di sk ut i l i zat i on, and CPU noni dl e per cent age. They ar e
par t i cul ar l y hel pf ul , si nce t hey can be used t o manage t he di sk
par t i t i ons on your host . You can even use t hemt o check f or
er r or s on a gi ven di sk devi ce.
The hr SWRun ( 1. 3. 6. 1. 2. 1. 25. 4) , hr SWRunPer f ( 1. 3. 6. 1. 2. 1. 25. 5) ,
and hr SWI nst al l ed ( 1. 3. 6. 1. 2. 1. 25. 6 ) gr oups def i ne obj ect s
t hat r epr esent var i ous aspect s of sof t war e r unni ng or i nst al l ed
on t he syst em. Fr omt hese gr oups, you can det er mi ne what
oper at i ng syst emi s r unni ng on t he host , as wel l as what
pr ogr ams t he host i s cur r ent l y r unni ng. The hr SWI nst al l ed gr oup
can be used t o t r ack whi ch sof t war e packages ar e i nst al l ed.
As you can see, t he Host Resour ces MI B pr ovi des some necessar y
syst em- management obj ect s t hat can be ut i l i zed by al most anyone
who needs t o manage cr i t i cal syst ems.

2. 8 Remot e Moni t ori ng Revi si t ed
A t hor ough t r eat ment of RMON i s beyond t he scope of t hi s book,
but i t ' s wor t h di scussi ng t he gr oups t hat make up RMONv1. RMON
pr obes ar e t ypi cal l y st andal one devi ces t hat wat ch t r af f i c on
t he net wor k segment s t o whi ch t hey ar e at t ached. Some vendor s

i mpl ement at l east some ki nd of RMON pr obe i n t hei r r out er s,
hubs, or swi t ches. Chapt er 9 pr ovi des an exampl e of how t o
conf i gur e RMON on a Ci sco r out er .
The RMON MI B def i nes t he f ol l owi ng 10 gr oups:
rmon OBJ ECT I DENTI FI ER : : ={ mi b- 2 16 }
stati sti cs OBJ ECT I DENTI FI ER : : ={ rmon 1 }
hi story OBJ ECT I DENTI FI ER : : ={ rmon 2 }
al arm OBJ ECT I DENTI FI ER : : ={ rmon 3 }
hosts OBJ ECT I DENTI FI ER : : ={ rmon 4 }
hostTopN OBJ ECT I DENTI FI ER : : ={ rmon 5 }
matri x OBJ ECT I DENTI FI ER : : ={ rmon 6 }
f i l ter OBJ ECT I DENTI FI ER : : ={ rmon 7 }
capture OBJ ECT I DENTI FI ER : : ={ rmon 8 }
event OBJ ECT I DENTI FI ER : : ={ rmon 9 }
RMONv1 pr ovi des packet - l evel st at i st i cs about an ent i r e LAN or
WAN. The r mon OI D i s 1. 3. 6. 1. 2. 1. 16
( i so. or g. dod. i nt er net . mgmt . mi b- 2. r mon) . RMONv1 i s made up of
ni ne gr oups:
statistics (1.3.6.1.2.1.16.1)
Contains statistics about all the Ethernet interfaces
monitored by the probe
history (1.3.6.1.2.1.16.2)
Records periodic statistical samples from the statistics
group
alarm (1.3.6.1.2.1.16.3)
Allows a user to configure a polling interval and a
threshold for any object the RMON probe records
hosts (1.3.6.1.2.1.16.4)
Records traffic statistics for each host on the network
hostTopN (1.3.6.1.2.1.16.5)
Contains host statistics used to generate reports on hosts
that top a list ordered by a parameter in the host table
matrix (1.3.6.1.2.1.16.6 )
Stores error and utilization information for sets of two
addresses
filter (1.3.6.1.2.1.16.7)
Matches packets based on a filter equation; when a packet
matches the filter, it may be captured or an event may be
generated
capture (1.3.6.1.2.1.16.8)
Allows packets to be captured if they match a filter in
the filter group
event (1.3.6.1.2.1.16.9)
Controls the definition of RMON events
RMONv2 enhances RMONv1 by pr ovi di ng net wor k- and appl i cat i on-
l evel st at i st i cal gat her i ng. Si nce t he onl y exampl e of RMON i n

t hi s book uses RMONv1, we wi l l st op her e and not go i nt o
RMONv2. However , we encour age you t o r ead RFC 2021 t o get a
f eel f or what enhancement s t hi s ver si on of RMON br i ngs t o
net wor k moni t or i ng.

Chapter 3. NMS Archi tectures
Now t hat you under st and t he basi c concept s behi nd how
management st at i ons ( NMSs) and agent s communi cat e, i t ' s t i me t o
i nt r oduce t he concept of a net wor k- management ar chi t ect ur e.
Bef or e r ushi ng out t o depl oy SNMP management , you owe i t t o
your sel f t o put some ef f or t i nt o devel opi ng a coher ent pl an. I f
you si mpl y dr op NMS sof t war e on a f ew of your f avor i t e deskt op
machi nes, you' r e l i kel y t o end up wi t h somet hi ng t hat doesn' t
wor k ver y wel l . By NMS ar chi t ect ur e, we mean a pl an t hat hel ps
you use NMSs ef f ect i vel y t o manage your net wor k. A key
component of net wor k management i s sel ect i ng t he pr oper
har dwar e ( i . e. , an appr opr i at e pl at f or mon whi ch t o r un your
NMS) and maki ng sur e t hat your management st at i ons ar e l ocat ed
i n such a way t hat t hey can obser ve t he devi ces on your net wor k
ef f ect i vel y.

3. 1 Hardware Consi derat i ons
Managi ng a r easonabl y l ar ge net wor k r equi r es an NMS wi t h
subst ant i al comput i ng power . I n t oday' s compl ex net wor ked
envi r onment s, net wor ks can r ange i n si ze f r oma f ew nodes t o
t housands of nodes. The pr ocess of pol l i ng and r ecei vi ng t r aps
f r omhundr eds or t housands of managed ent i t i es can be t axi ng on
t he best of har dwar e. Your NMS vendor wi l l be abl e t o hel p you
det er mi ne what ki nd of har dwar e i s appr opr i at e f or managi ng
your net wor k. Most vendor s have f or mul as f or det er mi ni ng how
much RAM you wi l l need t o achi eve t he l evel of per f or mance you
want , gi ven t he r equi r ement s of your net wor k. I t usual l y boi l s
down t o t he number of devi ces you want t o pol l , t he amount of
i nf or mat i on you wi l l r equest f r omeach devi ce, and t he i nt er val
at whi ch you want t o pol l t hem. The sof t war e you want t o r un i s
al so a consi der at i on. NMS pr oduct s such as OpenVi ew ar e l ar ge,
heavywei ght appl i cat i ons; i f you want t o r un your own scr i pt s
wi t h Per l , you can get away wi t h a much smal l er management
pl at f or m.
I s i t possi bl e t o say somet hi ng mor e hel pf ul t han " ask your
vendor " ? Yes. Fi r st , al t hough we' ve become accust omed t o
t hi nki ng of NMS sof t war e as r equi r i ng a mi dr ange wor kst at i on or
hi gh- end PC, deskt op har dwar e has advanced so much i n t he past
year or t wo t hat r unni ng t hi s sof t war e i s wi t hi n t he r ange of
any moder n PC. Speci f i cal l y, sur veyi ng t he r ecommendat i ons of a
number of vendor s, we have f ound t hat t hey suggest a PC wi t h at
l east a 300 MHz CPU, 128 MB of memor y, and 500 MB of di sk

space. Requi r ement s f or Sun SPARC and HP wor kst at i ons ar e
si mi l ar .
Let ' s l ook at each of t hese r equi r ement s:
300 MHz CPU
This is well within the range of any modern desktop
system, but you probably can't bring your older equipment
out of retirement to use as a management station.
128 MB of memory
You'll probably have to add memory to any off-the-shelf
PC; Sun and HP workstations come with more generous memory
configurations. Frankly, vendors tend to underestimate
memory requirements anyway, so it won't hurt to upgrade to
256 MB. Fortunately, RAM is cheap these days. (Memory
prices fluctuate from day to day, but we recently found
256 MB DIMMs for under $100.)
500 MB of disk space
This recommendation is probably based on the amount of
space you'll need to store the software, and not on the
space you'll need for log files, long-term trend data,
etc. But again, disk space is cheap these days, and
skimping is counterproductive.
Let ' s t hi nk a bi t mor e about how l ong- t er mdat a col l ect i on
af f ect s your di sk r equi r ement s. Fi r st , you shoul d r ecogni ze
t hat some pr oduct s have onl y mi ni mal dat a- col l ect i on
f aci l i t i es, whi l e ot her s exi st pur el y f or t he pur pose of
col l ect i ng dat a ( f or exampl e, MRTG) . Whet her or not you can do
dat a col l ect i on ef f ect i vel y depends t o some ext ent on t he NMS
pr oduct you' ve sel ect ed. Ther ef or e, bef or e deci di ng on a
sof t war e pr oduct , you shoul d t hi nk about your dat a- col l ect i on
r equi r ement s. Do you want t o do l ong- t er mt r end anal ysi s? I f
so, t hat wi l l af f ect bot h t he sof t war e you choose and t he
har dwar e on whi ch you r un i t .
For a st ar t i ng poi nt , l et ' s say t hat you have 1, 000 nodes, you
want t o col l ect dat a ever y mi nut e, and you' r e col l ect i ng 1 KB
of dat a per node. That ' s 1 MB per mi nut e, 1. 4 GB per day - -
you' d f i l l a 40 GB di sk i n about a mont h. That ' s bor der i ng on
ext r avagant . But l et ' s l ook at t he assumpt i ons:
Collecting data every minute is certainly excessive; every
10 minutes should do. Now your 40 GB disk will store
almost a year's worth of data.
1,000 nodes isn't that big a network. But do you really
want to store trend data for all your users' PCs? Much of
this book is devoted to showing you how to control the
amount of data you collect. Instead of 1,000 nodes, let's
first count interfaces. And let's forget about desktop
systems -- we really care only about trend data for our
network backbone: key servers, routers, switches, etc.
Even on a midsize network, we're probably talking about
100 or 200 interfaces.

The amount of data you collect per interface depends on
many factors, not the least of which is the format of the
data. An interface's status may be up or down -- that's a
single bit. If it's being stored in a binary data
structure, it may be represented by a single bit. But if
you're using syslog to store your log data and writing
Perl scripts to do trend analysis, your syslog records are
going to be 80 bytes or so even if you are storing only
one bit of information. Data-storage mechanisms range from
syslog to fancy database schemes -- you obviously need to
understand what you're using, and how it will affect your
storage requirements. Furthermore, you need to understand
how much information you really want to keep per
interface. If you want to track only the number of octets
going in and out of each interface and you're storing this
data efficiently, your 40 GB disk could easily last the
better part of a century.
Ser i ousl y, i t ' s har d t o t al k about what your st or age
r equi r ement s wi l l be when t hey var y over t wo or t hr ee or der s of
magni t ude. But t he l esson i s t hat no vendor can t el l you what
your st or age r equi r ement s wi l l be. A gi gabyt e shoul d be pl ent y
f or l og dat a on a moder at el y l ar ge net wor k, i f you' r e st or i ng
dat a onl y f or a r easonabl e subset of t hat net wor k, not pol l i ng
t oo of t en, and not savi ng t oo much dat a. But t hat ' s a l ot of
var i abl es, and you' r e t he onl y one i n cont r ol of t hem. Keep i n
mi nd, t hough, t hat t he mor e dat a you col l ect , t he mor e t i me and
CPU power wi l l be r equi r ed t o gr i nd t hr ough al l t hat dat a and
pr oduce meani ngf ul r esul t s. I t doesn' t mat t er whet her you' r e
usi ng expensi ve t r end- anal ysi s sof t war e or some homegr own
scr i pt s - - pr ocessi ng l ot s of dat a i s expensi ve. At l east i n
t er ms of l ong- t er mdat a col l ect i on, i t ' s pr obabl y bet t er t o er r
by keepi ng t oo l i t t l e dat a ar ound t han by keepi ng t oo much.

3. 2 NMS Archi t ect ures
Bef or e goi ng out and buyi ng al l your equi pment , i t ' s wor t h
spendi ng some t i me comi ng up wi t h an ar chi t ect ur e f or your
net wor k t hat wi l l make i t mor e manageabl e. The si mpl est
ar chi t ect ur e has a si ngl e management st at i on t hat i s
r esponsi bl e f or t he ent i r e net wor k, as shown i n Fi gur e 3- 1.
Fi gure 3- 1. Si ngl e NMS archi t ect ure

The net wor k depi ct ed i n Fi gur e 3- 1 has t hr ee si t es: New Yor k,
At l ant a, and San J ose. The NMS i n New Yor k i s r esponsi bl e f or
managi ng not onl y t he por t i on of t he net wor k i n New Yor k, but
al so t hose i n At l ant a and San J ose. Tr aps sent f r omany devi ce
i n At l ant a or San J ose must t r avel over t he I nt er net t o get t o
t he NMS i n New Yor k. The same t hi ng goes f or pol l i ng devi ces i n
San J ose and At l ant a: t he NMS i n New Yor k must send i t s
r equest s over t he I nt er net t o r each t hese r emot e si t es. For
smal l net wor ks, an ar chi t ect ur e l i ke t hi s can wor k wel l .
However , when t he net wor k gr ows t o t he poi nt t hat a si ngl e NMS
can no l onger manage ever yt hi ng, t hi s ar chi t ect ur e becomes a
r eal pr obl em. The NMS i n New Yor k can get behi nd i n i t s pol l i ng
of t he r emot e si t es, mai nl y because i t has so much t o manage.
The r esul t i s t hat when pr obl ems ar i se at a r emot e si t e, t hey
may not get not i ced f or some t i me. I n t he wor st case, t hey
mi ght not get not i ced at al l .
I t ' s al so wor t h t hi nki ng about st af f i ng. Wi t h a si ngl e NMS,
your pr i mar y oper at i ons st af f woul d be i n New Yor k, wat chi ng
t he heal t h of t he net wor k. But pr obl ems f r equent l y r equi r e
somebody onsi t e t o i nt er vene. Thi s r equi r es someone i n At l ant a
and San J ose, pl us t he coor di nat i on t hat ent ai l s. You may not
need a f ul l - t i me net wor k admi ni st r at or , but you wi l l need
someone who knows what t o do when a r out er f ai l s.
When your net wor k gr ows t o a poi nt wher e one NMS can no l onger
manage ever yt hi ng, i t ' s t i me t o move t o a di st r i but ed NMS
ar chi t ect ur e. The i dea behi nd t hi s ar chi t ect ur e i s si mpl e: use
t wo or mor e management st at i ons and l ocat e t hemas cl ose as
possi bl e t o t he nodes t hey ar e managi ng. I n t he case of our
t hr ee- si t e net wor k, we woul d have an NMS at each si t e. Fi gur e
3- 2 shows t he addi t i on of t wo NMSs t o t he net wor k.
Fi gure 3- 2. Di st ri but ed NMS archi t ect ure

Thi s ar chi t ect ur e has sever al advant ages, not t he l east of
whi ch i s f l exi bi l i t y. Wi t h t he new ar chi t ect ur e, t he NMSs i n
At l ant a and San J ose can act as st andal one management st at i ons,
each wi t h a f ul l y sel f - suf f i ci ent st af f , or t hey can f or war d
event s t o t he NMS i n New Yor k. I f t he r emot e NMSs f or war d al l
event s t o t he NMS i n New Yor k, t her e i s no need t o put
addi t i onal oper at i ons st af f i n At l ant a and San J ose. At f i r st
gl ance t hi s l ooks l i ke we' ve r et ur ned t o t he si t uat i on of
Fi gur e 3- 1, but t hat i sn' t qui t e t r ue. Most NMS pr oduct s
pr ovi de some ki nd of cl i ent i nt er f ace t o vi ewi ng t he event s
cur r ent l y i n t he NMS ( t r aps r ecei ved, r esponses t o pol l s,
et c. ) . Si nce t he NMS t hat f or war ds event s t o New Yor k has
al r eady di scover ed t he pr obl em, we' r e si mpl y l et t i ng t he NMS i n
New Yor k know about i t so i t can be deal t wi t h appr opr i at el y.
The New Yor k NMS di dn' t have t o use val uabl e r esour ces t o pol l
t he r emot e net wor k t o di scover t hat t her e was a pr obl em.
The ot her advant age i s t hat i f t he need ar i ses you can put
oper at i ons st af f i n At l ant a and San J ose t o manage each of
t hese r emot e l ocat i ons. I f New Yor k l oses connect i vi t y t o t he
I nt er net , event s f or war ded f r omAt l ant a or San J ose wi l l not
make i t t o New Yor k. Wi t h oper at i ons st af f i n At l ant a and San
J ose, and t he NMSs at t hese l ocat i ons act i ng i n st andal one
mode, a net wor k out age i n New Yor k won' t mat t er . The r emot e-
l ocat i on st af f wi l l cont i nue on as i f not hi ng has happened.
Anot her possi bi l i t y wi t h t hi s ar chi t ect ur e i s a hybr i d mode:
you st af f t he oper at i ons cent er i n New Yor k 24 hour s a day, 7
days a week, but you st af f At l ant a and San J ose onl y dur i ng
busi ness hour s. Dur i ng of f - hour s, t hey r el y on t he NMS and
oper at i ons st af f i n New Yor k t o not i ce and handl e pr obl ems t hat
ar i se. But dur i ng t he cr i t i cal ( and busi est ) hour s of t he day,
At l ant a and San J ose don' t have t o bur den t he New Yor k
oper at or s.

Bot h of t he ar chi t ect ur es we have di scussed use t he I nt er net t o
send and r ecei ve management t r af f i c. Thi s poses sever al
pr obl ems, mai nl y deal i ng wi t h secur i t y and over al l r el i abi l i t y.
A bet t er sol ut i on i s t o use pr i vat e l i nks t o per f or mal l your
net wor k- management f unct i ons. Fi gur e 3- 3 shows how t he
di st r i but ed NMS ar chi t ect ur e can be ext ended t o make use of
such l i nks.
Fi gure 3- 3. Usi ng pri vat e l i nks f or net work management

Let ' s say t hat New Yor k' s r out er i s t he cor e r out er f or t he
net wor k. We est abl i sh pr i vat e ( but not necessar i l y hi gh- speed)
l i nks bet ween San J ose and New Yor k, and bet ween New Yor k and
At l ant a. Thi s means t hat San J ose wi l l not onl y be abl e t o
r each New Yor k, but i t wi l l al so be abl e t o r each At l ant a vi a
New Yor k. At l ant a wi l l use New Yor k t o r each San J ose, t oo. The
pr i vat e l i nks ( denot ed by t hi cker r out er - t o- r out er connect i ons)
ar e pr i mar i l y devot ed t o management t r af f i c, t hough we coul d
put t hemt o ot her uses. Usi ng pr i vat e l i nks has t he added
benef i t t hat our communi t y st r i ngs ar e never sent out over t he
I nt er net . The use of pr i vat e net wor k l i nks f or net wor k
management wor ks equal l y wel l wi t h t he si ngl e NMS ar chi t ect ur e,
t oo. Of cour se, i f your cor por at e net wor k consi st s ent i r el y of
pr i vat e l i nks and your I nt er net connect i ons ar e devot ed t o
ext er nal t r af f i c onl y, usi ng pr i vat e l i nks f or your management
t r af f i c i s t he pr over bi al " no- br ai ner . "
One f i nal i t emwor t h ment i oni ng i s t he not i on of t r ap- di r ect ed
pol l i ng. Thi s doesn' t r eal l y have anyt hi ng t o do wi t h NMS
ar chi t ect ur e, but i t can hel p t o al l evi at e an NMS' s management
st r ai n. The i dea behi nd t r ap- di r ect ed pol l i ng i s si mpl e: t he
NMS r ecei ves a t r ap and i ni t i at es a pol l t o t he devi ce t hat
gener at ed t he t r ap. The goal of t hi s scenar i o i s t o det er mi ne
i f t her e i s i ndeed a pr obl emwi t h t he devi ce, whi l e al l owi ng
t he NMS t o i gnor e ( or devot e f ew r esour ces t o) t he devi ce i n

nor mal oper at i on. I f an or gani zat i on r el i es on t hi s f or mof
management , i t shoul d i mpl ement i t i n such a way t hat non- t r ap-
di r ect ed pol l i ng i s al most done away wi t h. That i s, i t shoul d
avoi d pol l i ng devi ces at r egul ar i nt er val s f or st at us
i nf or mat i on. I nst ead, t he management st at i ons shoul d si mpl y
wai t t o r ecei ve a t r ap bef or e pol l i ng a devi ce. Thi s f or mof
management can si gni f i cant l y r educe t he r esour ces needed by an
NMS t o manage a net wor k. However , i t has an i mpor t ant
di sadvant age: t r aps can get l ost i n t he net wor k and never make
i t t o t he NMS. Thi s i s a r eal i t y of t he connect i onl ess nat ur e
of UDP and t he i mper f ect nat ur e of net wor ks.

3. 3 A Look Ahead
Web- based net wor k management ent ai l s t he use of t he HyperText
Transport Protocol ( HTTP) and t he Common Gateway Interface
( CGI ) t o manage net wor ked ent i t i es. I t wor ks by embeddi ng a web
ser ver i n an SNMP- compat i bl e devi ce, al ong wi t h a CGI engi ne t o
conver t SNMP- l i ke r equest s ( f r oma web- based NMS) t o act ual
SNMP oper at i ons, and vi ce ver sa. Web ser ver s can be embedded
i nt o such devi ces at ver y l ow monet ar y and oper at i ng cost .
Fi gur e 3- 4 i s a si mpl i f i ed di agr amof t he i nt er act i on bet ween a
web- based NMS and a managed devi ce. The CGI appl i cat i on br i dges
t he gap bet ween t he management appl i cat i on and t he SNMP engi ne.
I n some cases, t he management appl i cat i on can be a col l ect i on
of J ava appl et s t hat ar e downl oaded t o t he web br owser and
execut ed on t he web- based manager . Cur r ent ver si ons of OpenVi ew
shi p wi t h a web- based GUI .
Fi gure 3- 4. Web- based net work management

Web- based net wor k management coul d el i mi nat e, or at l east
r educe, t he need f or t r adi t i onal NMS sof t war e. NMS sof t war e can
be expensi ve t o pur chase, set up, and mai nt ai n. Most of t oday' s
maj or NMS vendor s suppor t onl y a f ew popul ar ver si ons of Uni x,
and have onl y r ecent l y begun t o suppor t Wi ndows 9x/ NT/ 2000,
t hus l i mi t i ng your oper at i ng- syst emchoi ces. Wi t h a web- based

NMS, however , t hese t wo concer ns ar e moot . For t he most par t
web- br owser t echnol ogy i s f r ee, and Net scape Communi cat i ons
( now AOL Ti me War ner ) suppor t s many f l avor s of Uni x, as wel l as
t he Wi nt el and Appl e pl at f or ms.
Web- based net wor k management shoul d not be vi ewed as a panacea,
t hough. I t i s a good i dea, but i t wi l l t ake some t i me f or
vendor s t o embr ace t hi s t echnol ogy and move t owar d web-
i nt egr at i on of t hei r exi st i ng pr oduct s. Ther e i s al so t he i ssue
of st andar di zat i on, or t he l ack of i t . The Web-Based Enterprise
Management ( WBEM) consor t i umaddr esses t hi s by def i ni ng a
st andar d f or web- based management . I ndust r y l eader s such as
Ci sco and BMC Sof t war e ar e among t he or i gi nal f ounder s of WBEM.
You can l ear n mor e about t hi s i ni t i at i ve at t he Di st r i but ed
Management Task For ce' s web page, ht t p: / / www. dmt f . or g/ wbem/ .

Chapter 4. SNMP- Compati bl e Hardware
Det er mi ni ng i f you have devi ces t hat ar e manageabl e by SNMP i s
a good pl ace t o st ar t down t he pat h t o net wor k- management Zen.
Bef or e we get i nt o how t o det er mi ne i f what you al r eady have i s
manageabl e, we wi l l br i ef l y di scuss what makes a devi ce SNMP-
compat i bl e.
Vendor s do not have t o i mpl ement al l t he MI Bs SNMP pr ovi des,
[ 1]

but SNMP- manageabl e devi ces must suppor t at l east MI B- I I . I t
al so behooves t he vendor s t o i mpl ement some of t he mor e usef ul
MI Bs, as wel l as t hei r own pr i vat e MI Bs, si nce t he abi l i t y t o
manage a pr oduct ef f ect i vel y usi ng SNMP i s an i ncr easi ngl y
i mpor t ant sel l i ng poi nt .
[1]
You can f i nd a f ewexampl es of these standard MI Bs i n Chapter
1.

4. 1 What Does SNMP- Compat i bl e Real l y Mean?
Many vendor s cl ai mt hat t hei r pr oduct s ar e SNMP- compat i bl e or
compl i ant . For t he most par t t hi s i s t r ue. What t hey act ual l y
mean i s t hat t hei r pr oduct suppor t s a set of SNMP oper at i ons,
as wel l as MI B- I I . For SNMPv1 compat i bi l i t y, t he suppor t ed
oper at i ons i ncl ude:
get
get-next
set
get-response
trap

Addi t i onal l y, i f t he pr oduct i s SNMPv2 and SNMPv3 compat i bl e,
i t must suppor t t he f ol l owi ng oper at i ons:
get-bulk
inform
notification
report
Vendor s can choose t o suppor t SNMPv1, SNMPv2, SNMPv2, or al l
t hr ee. An SNMP agent t hat suppor t s t wo ver si ons of SNMP i s
cal l ed " bi l i ngual . " I n r ecent year s, t hi s was r est r i ct ed t o
devi ces suppor t i ng SNMPv1 and SNMPv2. Now a devi ce can suppor t
al l t hr ee ver si ons, whi ch t echni cal l y makes i t t r i l i ngual . I t
i s possi bl e f or an agent t o speak al l ver si ons of SNMP because
SMI v2 i s a super set of SMI v1, and SMI v2 i s used, f or t he most
par t , wi t h SNMPv3.
Suppor t i ng t hese oper at i ons, however , i s onl y one pi ece t o t he
puzzl e of pr ovi di ng a manageabl e pr oduct . The ot her pi ece i s
pr ovi di ng a pr i vat e MI B t hat i s compr ehensi ve enough t o gi ve
net wor k manager s t he i nf or mat i on t hey need t o manage t hei r
net wor ks i nt el l i gent l y. I n t oday' s compl ex net wor k
envi r onment s, i t does not pay t o pur chase equi pment t hat has a
mi ni mal or poor l y i mpl ement ed pr i vat e MI B. For i nst ance, i t i s
i mpor t ant t o measur e ambi ent t emper at ur e i nsi de devi ces such as
r out er s, hubs, and swi t ches. Ci sco and ot her s pr ovi de t hi s
i nf or mat i on vi a t hei r pr i vat e MI Bs; ot her vendor s do not . I f
you' r e i n t he pr ocess of pur chasi ng a hi gh- end r out er , you
mi ght want t o l ook i nt o t he vendor s' pr i vat e MI Bs t o see whi ch
vendor s pr ovi de mor e r el evant i nf or mat i on.
Anot her f act or t hat af f ect s vendor MI B suppor t i s pr oduct
def i ni t i on. Concor d Communi cat i ons ( vendor s of an SNMP agent
f or Uni x and Wi ndows) wi l l pr obabl y not suppor t t he RS- 232 MI B
( RFC 1659) , si nce t hei r pr oduct i s gear ed t owar d pr ovi di ng
syst em- and appl i cat i on- management i nf or mat i on. 3Com, on t he
ot her hand, i mpl ement ed t hi s MI B f or t hei r l i ne of Dual Speed
Hubs, si nce t hese hubs have RS- 232 por t s.

4. 2 I s My Devi ce SNMP- Compat i bl e?
Your pr oduct document at i on shoul d be hel pf ul i n det er mi ni ng
har dwar e or sof t war e compat i bi l i t y wi t h SNMP. You can al so
consul t your sal es r epr esent at i ve, or cust omer suppor t , i f
appl i cabl e. Anot her way t o t el l i f a pr oduct i s SNMP- compat i bl e
i s t o per f or man snmpget quer y agai nst t he devi ce i n
quest i on.
[ 2]
I ssui ng a di agnost i c get agai nst any devi ce i s
easy. The most common way t o accompl i sh t hi s i s t o f i nd a Uni x
host t hat has t he snmpget bi nar y command i nst al l ed.
[ 3]
Ther e ar e
sever al var i et i es of t hi s command, so consul t your manpage or

syst emadmi ni st r at or f or hel p. The easi est var i abl e t o quer y
f or i s sysDescr , whi ch pr ovi des a descr i pt i on of t he syst em
bei ng quer i ed. Her e' s what happens when you use t he Net - SNMP
snmpget command t o l ook at sysDescr on a t ypi cal Li nux host :
[2]
Wi th thi s method, we can try to guess what the communi ty
stri ng i s. I n our case, we try publ i c or pri vate. I f we don' t
get a response, i t mi ght mean ei ther that we guessed wrong or
that the agent i sn' t set up/ conf i gured.
[3]
Chapter 7 di scusses i nstal l i ng the Net- SNMP agent and
tool ki t, whi ch comes wi th uti l i ti es such as snmpget.
$ snmpget l i nuxserver. ora. compubl i c syst em. sysDescr. 0
system. sysDescr. 0 ="Li nux versi on 2. 0. 34 (root@porky. redhat. com)
(gcc versi on 2. 7. 2. 3) #1 Fri May 8 16: 05: 57 EDT 1998"
The r esponse f r oml i nuxser ver . or a. comi s t ypi cal of most
managed devi ces. Not e, however , t hat t her e' s not hi ng sacr ed
about t he act ual descr i pt i on; t he t ext you r et r i eve wi l l var y
f r omvendor t o vendor . I ssui ng an snmpget agai nst a Ci sco 2503
r out er shoul d r et ur n somet hi ng l i ke t hi s:
$ snmpget orarout er. ora. compubl i c syst em. sysDescr. 0
system. sysDescr. 0 ="Ci sco I nternetwork Operati ng SystemSof tware
. . I OS (tm) 2500 Sof tware (C2500- I - L), Versi on 11. 2(5), RELEASE
SOFTWARE (f c1). . Copyri ght (c) 1986- 1997 by ci sco Systems, I nc. . .
Compi l ed Mon 31- Mar- 97 19: 53 by ckral i k"
Thi s r out er ' s syst emdescr i pt i on t el l s us t hat i t i s r unni ng
Ver si on 11. 2( 5) of t he Ci sco I OS. Thi s sor t of i nf or mat i on i s
gener al l y usel ess, but i t does t el l us t hat t he devi ce i s
r unni ng an SNMP agent . Her e' s what happens when somet hi ng goes
wr ong:
$ snmpget l i nuxserver. ora. compubl i c syst em. sysDescr. 0
Ti meout: No Response f roml i nuxserver. ora. com.
Thi s message means t hat t he Net - SNMP snmpget command di d not
r ecei ve a r esponse f r oml i nuxser ver . or a. com. A number of t hi ngs
coul d be wr ong, one of whi ch i s t hat t her e i s no SNMP agent
r unni ng on t he t ar get host . But i t ' s al so possi bl e t hat
l i nuxser ver has cr ashed, t hat t her e' s some sor t of net wor k
pr obl em, or t hat ever yt hi ng i s r unni ng cor r ect l y but you ar en' t
usi ng t he cor r ect communi t y st r i ng. I t ' s even possi bl e t hat t he
devi ce you' r e quer yi ng has SNMP capabi l i t i es, but t he SNMP
agent won' t be enabl ed unt i l you expl i ci t l y conf i gur e i t .
I f you suspect you have manageabl e equi pment but ar e not sur e,
i t i s good t o know t hat most vendor s shi p t hei r pr oduct s wi t h
t he r ead and wr i t e communi t y st r i ngs set t o publ i c and pr i vat e,
r espect i vel y. ( The Net - SNMP t ool s we' r e usi ng her e use pr i vat e
as t he def aul t f or bot h communi t y st r i ngs.
[ 4]
)

[4]
Si nce our agents use publ i c f or the communi ty stri ng and Net-
SNMP def aul ts to pri vate, we needed to speci f y the communi ty
stri ng publ i c on the command l i ne.
Once you ver i f y t hat t he devi ce you' r e t est i ng i s SNMP-
manageabl e, you shoul d i mmedi at el y change t he communi t y
st r i ngs. Leavi ng t he communi t y st r i ngs set t o wel l - known val ues
l i ke publ i c and pr i vat e i s a ser i ous secur i t y pr obl em.
Once you' ve est abl i shed t hat your devi ce suppor t s SNMP, you can
go f ur t her t o check i f i t suppor t s Ver si on 2. A good way t o do
t hat i s t o make a r equest t hat can be answer ed onl y by a
Ver si on 2 agent , such as t he bulk-get r equest . You can use t he
snmpbulkget command we demonst r at ed i n Chapt er 2 t o make such a
r equest :
$ snmpbul kget - v2c - B 1 3 l i nux. ora. compubl i c sysDescr i f I nOct et s i f Out Oct et s
system. sysDescr. 0 ="Li nux l i nux 2. 2. 5- 15 #3 Thu May 27 19: 33: 18 EDT 1999 i 686"
Now we know t hat l i nux. or a. comsuppor t s SNMPv2 - - i n
par t i cul ar , v2c. Can we go f ur t her , and check f or Ver si on 3
suppor t ? For Ver si on 3, you' r e bet t er of f checki ng your
vendor ' s document at i on. Most vendor s don' t suppor t Ver si on 3
yet , and we expect adopt i on t o be f ai r l y sl ow - - many vendor s
st i l l suppor t onl y Ver si on 1.

4. 3 Upgradi ng Your Hardware
Now t hat you know whet her or not you have SNMP devi ces on your
net wor k, i t mi ght be t i me t o upgr ade! You may f i nd t hat some of
t he devi ces you woul d l i ke t o manage don' t suppor t SNMP. Ther e
ar e t wo ways t o upgr ade: you can r et i r e your exi st i ng equi pment
and buy newer , mor e manageabl e har dwar e, or you can upgr ade
your equi pment ' s f i r mwar e ( i f pr ovi ded by t he vendor ) t o a
ver si on t hat suppor t s SNMP. Some vendor s, however , wi l l of f er
t o buy back ol der equi pment , or even gi ve a di scount f or
t ur ni ng i n a compet i t or ' s equi pment .
Of cour se, updat i ng your equi pment may not be necessar y. I f you
have sof t war e appl i cat i ons t hat ar e used t o manage non- SNMP
equi pment and t hey wor k, t her e i s no need t o upgr ade. I f you' r e
r easonabl y handy wi t h scr i pt s and want t o l ear n about SNMP i n
some dept h, you may f i nd t hat i t ' s possi bl e t o wr i t e scr i pt s
t hat al l ow you t o use SNMP t o moni t or appl i cat i ons t hat doesn' t
suppor t SNMP usi ng wr apper / scr i pt s. For an exampl e of t hi s, see
xr ef l i nkend=" enet t dg- CHP- 12- SECT- 4" / > i n Chapt er 12.

What ever appr oach you t ake, r eal i ze t hat SNMP exi st s t o pr ovi de
a consi st ent way t o manage net wor ked equi pment . I f you' r e
cur r ent l y managi ng your net wor k usi ng a number of l egacy
management t ool s, each suppor t i ng a f ew devi ces f r oma
par t i cul ar vendor , SNMP pr ovi des a way out . You may be
comf or t abl e wi t h your ol d t ool s - - but i t wi l l become
i ncr easi ngl y conveni ent t o use SNMP t o pr ovi de a uni f or m
net wor k- management appr oach.

4. 4 I n t he End
You may have been pur chasi ng SNMP- compat i bl e devi ces f or year s
wi t hout knowi ng i t . As SNMP has become mor e popul ar , i t has
been i ncor por at ed i nt o mor e and mor e devi ces. SNMP
compat i bi l i t y has become a t r ue sel l i ng poi nt f or most vendor s.
I t goes wi t hout sayi ng t hat most net wor k devi ces suppor t SNMP,
i ncl udi ng r out er s, br i dges, hubs, ser ver s, and deskt op PCs.
[ 5]

However , many ot her ki nds of equi pment ar e al so manageabl e vi a
SNMP, i ncl udi ng uni nt er r upt i bl e power suppl i es ( UPSs) , ai r -
condi t i oni ng uni t s, and ot her i mpor t ant pi eces of your
i nf r ast r uct ur e. Af t er you i dent i f y whi ch r out er s and hubs ar e
SNMP- compat i bl e, keep your eyes open f or ot her devi ces t hat may
need t o be managed. Whi l e SNMP i s ver y good at managi ng your
net wor k, host s, hubs, and r out er s, i t ' s not l i mi t ed t o onl y
your net wor ki ng envi r onment .
[5]
Low- end hubs, swi tches, and routers desi gned f or home use
probabl y won' t support SNMP. Hubs and swi tches that support
SNMP usual l y are adverti sed as "manageabl e" and usual l y cost
si gni f i cantl y more. For routers, you' l l have to read the
l i terature caref ul l y.
4. 5 A Look Ahead
The I nt er net Engi neer i ng Task For ce ( I ETF) i s i n t he pr ocess of
def i ni ng a st andar ds- t r ack t echnol ogy f or SNMP agent
extensibility ( Agent X) . As we def i ned i t ear l i er , an SNMP agent
i s sof t war e t hat r esi des on a managed devi ce, r epl yi ng t o SNMP
r equest s and gener at i ng asynchr onous t r aps. I nf or mat i on about
agent ext ensi bi l i t y can be f ound i n RFC 2741, as wel l as at t he
Agent X web si t e, ht t p: / / www. scgui l d. com/ agent x/ . The need f or
Agent X ar i ses f r omt he i nabi l i t y t o add and r emove MI B obj ect s
whi l e an agent i s r unni ng; i n ot her wor ds, t he l ack of a
st andar d way t o ext end an agent ' s f unct i onal i t y. The SNMP
Multiplexing Protocol ( SMUX, RFC 1227) was an ear l y at t empt t o
pr ovi de st andar di zat i on f or agent ext ensi bi l i t y, but t he
pr ot ocol was f ound t o be f l awed and has si nce been abandoned.
Fi gur e 4- 1 i s an over vi ew of t he Agent X ar chi t ect ur e. Wi t h
Agent X, t he agent consi st s of a si ngl e pr ocessi ng ent i t y cal l ed
a master agent and zer o or mor e pr ocessi ng ent i t i es cal l ed

subagents. The mast er agent and subagent s can r esi de on t he
same devi ce or communi cat e vi a a pr oxy devi ce. The mast er agent
communi cat es wi t h t he NMS, much l i ke a t r adi t i onal SNMP agent .
The subagent s have di r ect access t o t he MI B, wher eas t he mast er
agent does not . Consequent l y, t he subagent s per f or mmanagement
f unct i ons on managed var i abl es, t hen communi cat e t hi s
i nf or mat i on t o t he mast er agent vi a t he Agent X pr ot ocol , whi ch
i s not SNMP- based.
Fi gure 4- 1. Agent X archi t ect ure

Wi t hout a st andar di zed appr oach t o ext ensi bi l i t y, i t i s ver y
di f f i cul t f or vendor s t o keep t r ack of ext ensi ons t o agent s f or
t he var i ous pl at f or ms t hey suppor t . Agent X t r i es t o addr ess
t hi s by gi vi ng vendor s a consi st ent i nt er f ace f or ext endi ng
agent s. I t al so est abl i shes t he not i on of MI B r egi ons, or set s
of managed var i abl es. A subagent i s r esponsi bl e f or r egi st er i ng
t hese MI Bs wi t h a si ngl e mast er agent . I n pr act i ce t hi s means
t hat vendor s wi l l have a subagent f or each MI B t hey i mpl ement ;
f or exampl e, an RMON subagent , a MI B- I I subagent , a Host
Resour ces subagent , and ot her s. Thi s hel ps vendor s because i t
gi ves t hema way t o add and r emove MI B i nst ances f r oman agent
wi t hout di st ur bi ng t he act ual oper at i on bet ween an NMS and t he
agent .
Chapter 5. Network- Management Sof tware
Many SNMP sof t war e packages ar e avai l abl e, r angi ng f r om
pr ogr ammi ng l i br ar i es t hat l et you bui l d your own ut i l i t i es
( usi ng Per l , C/ C++ or J ava) t o expensi ve, compl et e net wor k-
management pl at f or ms. Thi s chapt er pr esent s some pr os and cons
f or many of t he most commonl y used packages. Thi s wi l l not onl y
gi ve you an i dea of what packages ar e out t her e, but al so hel p
you deci de what mi ght be r i ght f or you ( keep i n mi nd, t hough,
t hat t hese pr os and cons ar e mer el y our opi ni ons) . Whenever
possi bl e, we pr esent bot h open sour ce sol ut i ons and commer ci al
pr oduct s.
Management sof t war e f al l s i nt o f i ve cat egor i es:
SNMP agents

NMS suites
Element managers (vendor-specific management)
Trend-analysis software
Supporting software
Unf or t unat el y, deci di ng what you need i sn' t as si mpl e as
pi cki ng one pr ogr amf r omeach cat egor y. I f you have a smal l
net wor k and ar e i nt er est ed i n bui l di ng your own t ool s, you
pr obabl y don' t need a compl ex NMS sui t e. Whet her or not you
need t r end- anal ysi s sof t war e depends, obvi ousl y, on i f you' r e
i nt er est ed i n anal yzi ng t r ends i n your net wor k usage. The
pr oduct s avai l abl e depend i n par t on t he pl at f or ms i n whi ch
you' r e i nt er est ed. The mi ni mumyou can get by wi t h i s an SNMP
agent on a devi ce and some sof t war e t hat can r et r i eve a val ue
f r omt hat devi ce ( usi ng an SNMP get) . Al t hough t hi s i s mi ni mal ,
i t ' s enough t o st ar t wor ki ng, and you can get t he sof t war e f or
f r ee.
Thi s chapt er pr esent s a br oad sur vey of some of t he l eadi ng
pr oduct s i n each of t hese cat egor i es. Si nce t her e ar e mor e
packages t han we can cover i n t hi s book, be sur e t o check t he
Net wor k Management Ser ver
( ht t p: / / net man. ci t . buf f al o. edu/ Pr oduct s. ht ml ) f or net wor k-
management pr oduct l i st i ngs.

5. 1 SNMP Agent s
As we expl ai ned i n Chapt er 1, t he agent i s t he sof t war e t hat
cont r ol s al l t he SNMP communi cat i on t o and f r omany SNMP-
compat i bl e devi ce. I n some devi ces, such as Ci sco r out er s, t he
agent sof t war e i s bui l t i nt o t he devi ce i t sel f and r equi r es no
i nst al l at i on. On ot her pl at f or ms, such as Wi ndows NT, you may
have t o i nst al l t he agent as par t of an addi t i onal sof t war e
package.
Bef or e you can l ook at what t ypes of agent s you need, you must
r esear ch what t ypes of devi ces you have on your net wor k and
what t ypes of i nf or mat i on you woul d l i ke t o r ecei ve f r omeach.
Some agent s ar e ver y basi c and r et ur n onl y a l i mi t ed amount of
i nf or mat i on, whi l e ot her s can r et ur n a weal t h of i nf or mat i on.
To st ar t , det er mi ne whet her you need t o r ecei ve i nf or mat i on
f r omser ver s ( Uni x, Wi ndows NT, et c. ) or net wor k devi ces
( r out er s, swi t ches, et c. ) . Gener al l y, out - of - t he- box net wor k-
t ype devi ces pr ovi de mor e i nf or mat i on t han t hei r ser ver
count er par t s. On t he ot her hand, net wor k devi ces do not ext end
ver y easi l y, i f at al l , i n par t because net wor k har dwar e
usual l y doesn' t have a di sk- based oper at i ng envi r onment .
[ 1]
Thi s
keeps t he end user f r omaccessi ng t he agent t o make
modi f i cat i ons or ext end i t . The r est of t hi s sect i on pr ovi des

i nf or mat i on about some of t he sof t war e packages t hat ar e
cur r ent l y avai l abl e f or use as SNMP agent s.
[1]
See Chapter 11 f or a di scussi on of extensi bl e agents.

Make sur e t hat you under st and what ki nd of
sof t war e i s r unni ng on your ser ver s ( emai l
syst ems, account i ng packages, et c. ) . Many
appl i cat i ons wi l l not l i st en or r espond t o SNMP
r equest s, but wi l l send out t r aps. Tr aps can be
ver y usef ul f or moni t or i ng some of t hese
appl i cat i ons. Al so, t her e ar e appl i cat i ons f or
vi r us scanner s, r emot e l ogi ns ( pcAnywher e) , and
UPSs t hat wi l l send i nf or mat i ve t r aps when an
er r or has been f ound. Look f or t hi s f eat ur e t he
next t i me you pur chase any package or sof t war e
sui t e.

HP Extensible SNMP Agent http://www.openview.hp.com

Pl at f orms
Sol ar i s, HP- UX
Pros
I ncl udes an snmptrap pr ogr amand an HP agent t hat gi ves some
addi t i onal f unct i onal i t y ( most l y f or HP syst ems) . The agent i s
ext ensi bl e usi ng a subset of ASN. 1.
Cons
Cost i s per devi ce. You have t o keep t r ack of mul t i pl e daemons.
Sun Microsystems http://www.sun.com

Pl at f orms
Sol ar i s
Pros
Avai l abl e f r ee f or most r ecent ver si ons of Sol ar i s. Comes
bundl ed wi t h Sol ar i s ( Ver si ons 2. 6 and up) . The agent i s
ext ensi bl e.
Cons

Ver y mi ni mal ; suppor t s onl y MI B- I I .
Concord SystemEDGE http://www.empire.com

Pl at f orms
Many f l avor s of Uni x, Wi ndows NT
Pros
Pr ovi des ver y det ai l ed i nf or mat i on about t he syst em( CPU, di sk
space, f i l esyst ems, i nst al l ed apps, et c. ) . I nt egr at es wi t h t he
Wi ndows NT SNMP ser vi ce. Log wat cher f or Uni x and NT. The agent
i s f ul l y ext ensi bl e. Wor ks wi t h Concor d' s Net wor k Heal t h
package and Tr i nagy' s TREND sui t e.
Cons
Can be expensi ve unl ess you pur chase i n quant i t y.
Microsoft http://www.microsoft.com

Pl at f orms
Wi ndows 9x/ NT/ 2000
Pros
Bui l t i nt o t he oper at i ng- syst emker nel . Can be cont r ol l ed by NT
ser vi ces.
Cons
Meet s onl y t he mi ni mal r equi r ement s of an SNMP- compat i bl e
agent . You must i nst al l t he l at est ser vi ce pack af t er you
i nst al l t he sof t war e.
Net-SNMP (Formerly the UCD-SNMP
project.)
http://net-
snmp.sourceforge.net

Pl at f orms
Many f l avor s of Uni x, Wi ndows 9x/ NT
Pros

Fr ee and f ai r l y r obust . Easi l y ext ensi bl e usi ng shel l or Per l
scr i pt s. I ncl udes a t r ap daemon.
Cons
Document at i on i s mi ni mal , whi ch means i t can be di f f i cul t f or
f i r st - t i me user s t o get i t r unni ng t he way t hey want .
SNMP Research http://www.int.snmp.com

Pl at f orms
Uni x, Wi ndows NT
Pros
Good t ool ki t f or wr i t i ng an agent , i f t hi s i s t he f unct i onal i t y
you' r e l ooki ng f or .
Cons
Does not i nt egr at e wi t h Wi ndows SNMP Ser vi ce. Most l y a t ool ki t
pr oduct ; r equi r es ext ensi ve wor k t o make i t usef ul .
5. 2 NMS Sui t es
We use t he t er m" sui t e" t o mean a sof t war e package t hat bundl es
mul t i pl e appl i cat i ons i nt o one conveni ent pr oduct . I n t hi s
sect i on, we di scuss NMS sof t war e, whi ch i s one of t he mor e
i mpor t ant pi eces of t he net wor k- management pi ct ur e. Wi t hout i t ,
t he agent sof t war e i n t he pr evi ous sect i on i s vi r t ual l y
usel ess. NMS pr oduct s al l ow you t o have a t ot al net wor k vi ew of
your ser ver s, r out er s, swi t ches, et c. I n most cases, t hi s vi ew
i s a gr aphi cal r epr esent at i on of your net wor k, wi t h l ot s of
neat l abel s and i cons. These packages ar e ver y conf i gur abl e and
wor k i n al most any net wor k envi r onment . Wi t h t hi s f r eedom,
however , of t en comes a bi g pr i ce t ag and a conf usi ng set up
pr ocess. Some of t he pr oduct s f ocus mor e on t he net wor k si de of
management ( i . e. , devi ces such as r out er s, hubs, and swi t ches) .
Ot her s go a st ep beyond t hi s and al l ow you t o cust omi ze ser ver
and wor kst at i on agent s t o i nt egr at e ni cel y i nt o your NMSs. Keep
i n mi nd t hat t he bi gger packages ar e f or l ar ger , mor e
compl i cat ed net wor ks and r equi r e ext ensi ve t r ai ni ng. Be sur e t o
t ake some t i me t o r esear ch t he packages bef or e pur chasi ng; i f
at al l possi bl e, get t r i al ver si ons. The r est of t hi s sect i on
l i st s some of t he mor e common NMS packages.
HP OpenView NNM http://www.openview.hp.com

Pl at f orms
Sol ar i s, HP- UX, Wi ndows NT/ 2000
Pros
Gr eat mi d- t o l ar ge- busi ness SNMP sui t e. Whi l e i t can be
compl i cat ed, i t i s manageabl e wi t h a l i t t l e hel p f r omOpenVi ew
suppor t . Has a ni ce gr aphi cal map and event - moni t or i ng syst em.
Can do some hi st or i cal t r end anal ysi s. Pr i ce seems r i ght and
can be t r i mmed by obt ai ni ng a l i cense f or a l i mi t ed number of
managed nodes.
Cons
Not many t hi r d- par t y appl i cat i on pl ug- i ns avai l abl e.
HP OpenView ITO http://www.openview.hp.com

Pl at f orms
Sol ar i s, HP- UX, Wi ndows NT/ 2000
Pros
I f you' r e a For t une 500 company l ooki ng t o i mpl ement OpenVi ew
on st er oi ds, I TO i s your pr oduct . I t i s ver y user - cent er ed.
Maps, event s, and mor e can be di spl ayed or hi dden based on a
user ' s pr of i l e. The event syst emi s mor e l i ke a t i cket cent er .
A weal t h of t hi r d- par t y " smar t pl ug- i ns" ar e avai l abl e.
Cons
Pr i ce can be ver y hi gh. Made f or ser i ous ent er pr i se compani es.
Not many peopl e can pr oper l y i mpl ement t hi s wi t hout t r ai ni ng or
out si de consul t i ng hel p.
Tivoli Netview http://www.tivoli.com/products/index/netview/

Pl at f orms
OS/ 390, Sol ar i s, AI X, Di gi t al UNI X, Wi ndows NT ( I nt el and
Al pha)
Pros
A t r ul y di st r i but ed net wor k- management sol ut i on. I t has t he
abi l i t y t o det ect pr obl ems at t he sour ce bef or e t hey af f ect
user s.

Cons
Thi s i s a heavywei ght management syst emt hat r equi r es ext ensi ve
i nvest ment and r esour ces t o i mpl ement and oper at e.
Castle Rock SNMPc http://www.castlerock.com

Pl at f orms
Wi ndows 98/ NT/ 2000
Pros
Gr eat f or smal l t o mi dsi ze compani es. Cont ai ns ever yt hi ng you
need t o get an NMS up and r unni ng i n your envi r onment . Pr i ce i s
ver y r easonabl e, and i t ' s l oaded wi t h f eat ur es.
Cons
Net wor k map coul d use a l i t t l e wor k. Doesn' t gi ve a r eal i st i c
r epr esent at i on of your net wor k.
BMC http://www.bmc.com

Pl at f orms
Many pl at f or ms, i ncl udi ng Uni x and Wi ndows NT
Pros
BMC has devel oped knowl edge bases f or managi ng most aspect s of
t he ent er pr i se, i ncl udi ng net wor ks, dat abases, and ser ver s.
Cons
The knowl edge modul es ar e usef ul , but pr opr i et ar y. The cost
t ends t o be on t he hi gh si de. Does not use SNMP as i t s nat i ve
l anguage.
Computer Associates Unicenter TNG
Framework
http://www.cai.com

Pl at f orms
Uni x, Wi ndows NT/ 2000

Pros
Can hel p you manage your ent i r e I T busi ness - - ever yt hi ng f r om
t r adi t i onal net wor k management t o your Or acl e dat abase syst em.
Cons
Thi s i s anot her heavywei ght management syst emt hat can t ake
subst ant i al t i me, r esour ces, and money t o i mpl ement .
Veritas NerveCenter http://www.veritas.com

Pl at f orms
Sol ar i s, HP- UX, Wi ndows NT
Pros
Uses behavi or model s ( f i ni t e st at e machi nes) t o model r eal -
wor l d net wor k si t uat i ons. Ner veCent er i s desi gned t o be a
st andal one pol l i ng engi ne, or t o be used i n conj unct i on wi t h
OpenVi ew' s gr aphi cal map. Per l subr out i nes can be compi l ed i nt o
t he pol l i ng engi ne f or l at er use.
Cons
Takes mor e ef f or t t o mai nt ai n t han OpenVi ew, and t ends t o be
mor e compl i cat ed t o oper at e.
OpenRiver http://www.riversoft.com

Pl at f orms
Sol ar i s
Pros
Ri ver Sof t , t he company behi nd OpenRi ver , boast s t hat t hei r NMS
pr ovi des " i nt er vent i onl ess net wor k management . " They al so
pr ovi de t r ue l ayer 2 and 3 net wor k di scover y. Despi t e t he
pr oduct ' s i mpr essi ve abi l i t i es, i t i s pr i ced ver y r easonabl y.
Cons
Cur r ent l y avai l abl e onl y f or Sol ar i s ( al t hough Ri ver Sof t i s
pl anni ng a Wi ndows NT r el ease) .
GxSNMP http://www.gxsnmp.org

Pl at f orms
Any Uni x pl at f or mwi t h an ANSI C compi l er and t he GTK/ GDK
t ool ki t i nst al l ed
Pros
Thi s f r ee NMS comes wi t h sever al ni ce f eat ur es, such as a
mappi ng t ool ( not aut o di scover y) and i nt egr at i on wi t h SQL.
Cons
Thi s pr oj ect i s st i l l i n i t s i nf ancy ( but t her e ar e many
pl anned f eat ur es t hat wi l l make i t a r obust NMS sol ut i on) .
Tkined http://wwwhome.cs.utwente.nl/~schoenw/scotty/

Pl at f orms
Most Uni x pl at f or ms, Wi ndows NT
Pros
Tki ned i s a f r ee ext ensi bl e net wor k management pl at f or m. I t
pr ovi des a net wor k map and t ool s t o per f or mdi scover y of I P
net wor ks. I t can al so per f or mmanagement of devi ces wi t h SNMP
and non- SNMP st andar ds ( ping, traceroute, et c. ) . Tcl i s used t o
ext end and add f unct i onal i t y t o Tki ned.
Cons
You must be f ami l i ar wi t h Tcl t o ext end t hi s package.
OpenNMS http://www.opennms.org

Pl at f orms
Any pl at f or mt hat suppor t s J ava
Pros
OpenNMS i s an at t empt t o pr ovi de user s wi t h a t r ul y open
ser vi ce and net wor k- management pr oduct . I t i s wr i t t en i n J ava
and i s r el eased under t he GNU Publ i c Li cense ( GPL) . I t suppor t s
net wor k di scover y and di st r i but ed pol l i ng, among ot her t hi ngs.
Cons

Thi s pr oj ect i s st i l l i n i t s i nf ancy.
5. 3 El ement Managers ( Vendor- Speci f i c Management )
These sof t war e packages ar e gear ed t owar d a cer t ai n t ype of
vendor or f unct i on; f or exampl e, an el ement manager mi ght be a
pr oduct t hat f ocuses on managi ng a modemr ack. Bef or e
pur chasi ng such a package, t ake a good l ook at your pr esent
envi r onment , how i t ' s l i kel y t o gr ow, and what vendor s you ar e
cur r ent l y usi ng or ar e l i kel y t o use i n t he f ut ur e. Because
many of t hese pr oduct s ar e vendor - speci f i c, i t ' s easy t o buy
somet hi ng t hat t ur ns out t o be l ess usef ul t han you expect . For
exampl e, Ci scoVi ew ( par t of t he Ci scoWor ks sui t e) i s a gr eat
pi ece of sof t war e; i t does l ot s of f ancy t hi ngs, such as
showi ng you t he backs of your r out er s. However , i f you pur chase
a number of Nor t el devi ces a f ew mont hs af t er i nst al l i ng t hi s
pr oduct , i t won' t be abl e t o gi ve you a uni f i ed vi ew of your
net wor k. Some packages do al l ow you t o manage t hei r
compet i t or ' s equi pment ; f or exampl e, an el ement manager t hat
moni t or s swi t ches may be abl e t o handl e swi t ches f r omcompet i ng
vendor s. Bef or e buyi ng any of t hese pr oduct s, r esear ch wher e
your net wor k i s headed, and be sur e t o ask har d quest i ons about
t he pr oduct s' capabi l i t i es. The r emai nder of t hi s sect i on l i st s
some of t he avai l abl e el ement manager s.
Sun Management Center http://www.sun.com/symon/

Pl at f orms
Sol ar i s, Wi ndows ( Consol e l ayer )
Pros
Pr ovi des a si ngl e poi nt of management f or al l Sun ser ver s,
deskt ops, st or age syst ems, t he Sol ar i s oper at i ng envi r onment ,
appl i cat i ons, and dat acent er ser vi ces. Thi s pr oduct scal es t o
t housands of syst ems on a si ngl e, uni f i ed management pl at f or m
and i nt egr at es easi l y wi t h l eadi ng t hi r d- par t y pl at f or ms f or
added f l exi bi l i t y. I t al so has t he abi l i t y t o get r eal - t i me
syst emper f or mance and of f er s a f r ee har dwar e di agnost i c sui t e
( pl ug- i n) t hat det ect s har dwar e f aul t s.
Cons
Whi l e i t can manage and moni t or ot her vendor s, t hi s abi l i t y
doesn' t come easi l y.
CiscoWorks 2000 http://www.cisco.com

Pl at f orms
Sol ar i s, HP- UX, AI X, Wi ndows NT f or some
Pros
Thi s sui t e al l ows you t o do ever yt hi ng f r omver si on cont r ol on
your conf i gur at i on f i l es t o l at ency gr aphs and det ai l ed
pi ct ur es of t he backs of your devi ces. I f you have a Ci sco
shop, st op ever yt hi ng and get t hi s package!
Cons
The maps ar e a bi t hokey. Doesn' t pr oduce a ver y f r i endl y
snapshot of your net wor k, and has a har d t i me r et ur ni ng
conf i gur at i ons t o t he devi ces. Woul d be ni ce i f i t coul d
r est or e as easi l y as i t backs up.
3Com Total Control http://www.3com.com

Pl at f orms
Sol ar i s, Wi ndows 9x
Pros
Al l ows t he user t o vi ew t he st at us of a modemr ack by
di spl ayi ng an i mage of how t he modemr ack physi cal l y l ooks - -
ever yt hi ng down t o t he bol t s and l ogo. The user can pr oceed t o
r eset i ndi vi dual car ds or r eset t he ent i r e chassi s, among ot her
t hi ngs. Thi s i s a ver y sl i ck pr oduct and can be ver y usef ul
when t r yi ng t o t r ack down equi pment pr obl ems.
Cons
Si nce newer 3ComTot al Cont r ol chassi s can have up t o 336
modems, t hi s can be a bear t o st ar t ( i t has t o quer y t he st at us
of al l t he modems i n t he r ack) . The st ar t up t i me can be gr eat l y
af f ect ed by t he speed of t he net wor k bet ween you and t he
chassi s i n quest i on.
Aprisma (Formerly Spectrum for
Cabletron hardware.)
http://www.aprisma.com

Pl at f orms

Uni x, Wi ndows NT
Pros
Ver y good t ool f or managi ng Cabl et r on equi pment , and i s
st ar t i ng t o add t he abi l i t y t o manage equi pment f r omot her
vendor s.
Cons
Compl i cat ed t o set up and mai nt ai n. Meant f or shops t hat need a
hi gh- end pl at f or m.
5. 4 Trend Anal ysi s
When f aced wi t h most net wor k pr obl ems, i t ' s ni ce t o have some
ki nd of hi st or i cal r ecor d t o gi ve you an i dea of when t hi ngs
st ar t ed goi ng wr ong. Thi s al l ows you t o go back and r evi ew what
happened bef or e a pr obl emappear ed, and possi bl y pr event i t
f r omr ecur r i ng. I f you want t o be pr oact i ve about di agnosi ng
pr obl ems bef or e t hey appear , i t i s essent i al t o know what
" nor mal " means f or your net wor k - - you need a set of basel i ne
st at i st i cs t hat show you how your net wor k nor mal l y behaves.
Whi l e many of t he bi gger packages do some t r end r epor t i ng, t hey
can be cl unky and har d t o use. They mi ght not even pr ovi de you
wi t h t he ki nd of i nf or mat i on you need. Once you see what a
dedi cat ed t r end- anal ysi s syst emcan do, you wi l l see why i t
mi ght be wor t h t he t i me, ener gy, and money t o i nt egr at e one
i nt o your net wor k- moni t or i ng scheme.
I f your envi r onment cal l s f or some ser i ous moni t or i ng, you
shoul d l ook i nt o get t i ng RMON pr obes. RMON pr obes ar e a gr eat
addi t i on t o t r end- anal ysi s packages, si nce most t r end packages
can make use of t he ki nd of dat a t hese pr obes gat her . The r est
of t hi s sect i on l i st s some t r end- anal ysi s packages.
Concord eHealth http://www.concord.com

Pl at f orms
Sol ar i s, HP- UX, Wi ndows NT
Pros
Ver y pr of essi onal , web- based gr aphs. Gi ves t he user t he abi l i t y
t o downl oad and vi ew r epor t s i n PDF. You can dr i l l down i n t he
web f or mor e det ai l ed r epor t s. Gr eat user management , al l owi ng
you t o r est r i ct user s so t hat t hey see onl y what t hey need t o
see. Concor d gi ves a f r ee " Net wor k Heal t h Checkup. " Thi s i s a
gr eat t r y- bef or e- you- buy pr ogr am. Thi s pr ogr amcan al so

i nt er act wi t h pr obes and ser ver - based devi ces t o gi ve a f ul l
t r end anal ysi s of your net wor k and ser ver s.
Cons
Some peopl e may get st i cker - shock when t hey see t he pr i ce.
Li censi ng i s done on a per - el ement basi s.
Trinagy (Formerly DeskTalk Systems,
Inc.) TREND
http://www.desktalk.com

Pl at f orms
Uni x, Wi ndows 9x/ NT
Pros
An excel l ent pr oduct f or use i n capaci t y pl anni ng. Out of t he
box, Tr i nagy suppor t s 30, 60, and 90- day f or ecast s, among ot her
cal cul at i ons. I t s r epor t vi ewer i s wr i t t en i n J ava, so i t i s
usabl e on most pl at f or ms. The r epor t ar chi t ect ur e i s open, i n
t hat you can bui l d your own r epor t s.
Cons
Requi r es t wo weeks of t r ai ni ng t o r un and admi ni st er . The
pr i ci ng scheme i s somewhat si mi l ar t o eHeal t h' s, si nce t he si ze
of t he dat abase depends on how many devi ces you quer y, how l ong
you keep r at e dat a ar ound, et c. You can get mor e f or l ess by
t weaki ng pol l i ng i nt er val s and r et ent i on t i mes.
MRTG http://www.mrtg.org

Pl at f orms
Most Uni x pl at f or ms, Wi ndows NT
Pros
Fr ee, easy t o set up and use, ver y wel l document ed. I n addi t i on
t o pol l i ng devi ces on your net wor k, MRTG can r ecei ve i nput f r om
non- SNMP sour ces.
Cons
Have t o i nst al l mul t i pl e packages, whi ch may be di f f i cul t t o do
on some pl at f or ms. For exampl e, MRTG needs a speci f i c SNMP Per l
modul e t o per f or mal l of i t s pol l i ng dut i es. Not ver y scal abl e.

Cricket http://cricket.sourceforge.net

Pl at f orms
Most Uni x pl at f or ms
Pros
Gr eat t ool t hat pi cks up wher e MRTG l eaves of f . I t uses
RRDTool , t he next - gener at i on ver si on of MRTG.
Cons
Cr i cket i s si ngl e- t hr eaded, so col l ect i ng dat a f r oma good-
si zed net wor k can t ake a whi l e, especi al l y i f you gat her usage
dat a f r equent l y. Havi ng sai d t hat , i t i s f ai r l y ef f i ci ent , so
you shoul d not see any pr obl emf or qui t e some t i me.
InfoVista http://www.infovista.com

Pl at f orms
Uni x, Wi ndows NT
Pros
Ver y f l exi bl e and comes wi t h some gr eat r epor t i ng r i ght out of
t he box.
Cons
Requi r es i n- dept h knowl edge of net wor k management and
pr ogr ammi ng ( Per l ) i n or der t o cust omi ze i t t o do anyt hi ng
beyond i t s out - of - t he- box capabi l i t i es.
5. 5 Support i ng Sof t ware
Suppor t i ng sof t war e i s a gr ab- bag t hat i ncl udes al l sor t s of
t hi ngs t hat ar e used i n conj unct i on wi t h t he sof t war e packages
l i st ed ear l i er . Some of t hese packages can be used t o wr i t e
st andal one SNMP appl i cat i ons. The r est of t hi s sect i on out l i nes
sever al suppor t i ng sof t war e packages. Most of t hese ar e f r eel y
avai l abl e and can be used wi t h l i t t l e or no pr evi ous
exper i ence.
Perl http://www.perl.com http://www.perl.org

Pl at f orms
Uni x, Wi ndows NT, Mac OS
Pros
The Practical Extraction and Report Language ( Per l ) i s a
ver sat i l e, al l - pur pose scr i pt i ng l anguage t hat i s t he t ool of
choi ce f or syst emadmi ni st r at or s and net wor k engi neer s, among
ot her s. Bot h MRTG and Cr i cket make use of Per l t o per f or mt hei r
behi nd- t he- scenes wor k.
Cons
Some peopl e say t hat t her e ar e no cons t o Per l . The most common
compl ai nt about t he l anguage i s t hat i t ' s i nt er pr et ed and not
compi l ed, l i ke t he C pr ogr ammi ng l anguage.
SNMP
Support for
Perl
http://www.switch.ch/misc/leinen/snmp/perl/
http://www.cpan.org

Pl at f orms
Uni x, Wi ndows NT, Mac OS
Pros
Suppl i es easy- t o- use subr out i nes t hat gi ve access t o t he cor e
SNMP f unct i ons. Wi del y t est ed, as i t ' s t he f undament al SNMP
engi ne f or t he MRTG package.
Cons
Doesn' t seemt o have a l ot of mar ket exposur e.
WILMA
ftp://ftp.ldv.e-technik.tu-
muenchen.de/dist/WILMA/INDEX.html

Pl at f orms
Most Uni x pl at f or ms
Pros
Cont ai ns t he cor e SNMP f unct i ons as wel l as a MI B compi l er and
br owser .

Cons
Funct i ons coul d be a bi t mor e st r eaml i ned and user - f r i endl y.
Net-SNMP C Library http://net-snmp.sourceforge.net

Pl at f orms
Pros
Thi s l i br ar y can be used t o devel op your own SNMP appl i cat i ons.
The l i br ar y i s ver y easy t o use, once you f i gur e i t out . The
ni ce t hi ng about t he package i s t hat i t comes wi t h t he sour ce
code t o commands such as snmpget, snmpset, and snmpwalk, whi ch
can be used t o see how t hese sor t s of oper at i ons ar e
accompl i shed.
Cons
The document at i on on how t o use t he l i br ar y i s poor t o t he
poi nt of nonexi st ence.
Net-SNMP Perl Module http://www.cpan.org/authors/id/GSM/

Pl at f orms
Pros
Thi s l i br ar y pr ovi des i dent i cal f unct i onal i t y t o t he Net - SNMP C
l i br ar y, except i n Per l .
Cons
Dur i ng i nst al l at i on, t hi s modul e needs t o have access t o t he
Net - SNMP C l i br ar y i n or der t o wor k pr oper l y.
A3Com http://www.kernel.org/software/A3Com/

Pl at f orms
Uni x, Wi ndows NT

Pros
A si mpl e set of modul es t hat can be used t o manage 3Com
Super St ack I I 3900/ 9300 and Cor eBui l der 3500 LAN swi t ches. Thi s
can be a good st ar t f or management on a budget .
Cons
The f unct i onal i t y i s l i mi t ed.
SNMP++ http://rosegarden.external.hp.com/snmp++/

Pl at f orms
Uni x ( Li nux, HP- UX, and Sol ar i s) , Wi ndows
Pros
I f you need t o use C++ f or SNMP appl i cat i on devel opment , t hi s
i s t he package t o get . You can cr eat e power f ul appl i cat i ons
wi t h mi ni mal pr ogr ammi ng. Thi s l i br ar y has been r el eased i nt o
t he open sour ce communi t y and i s f r eel y avai l abl e.
Cons
Requi r es knowl edge of C++.
Netcool http://www.micromuse.com

Pl at f orms
Uni x, Wi ndows NT
Pros
An event - cor r el at i on and dedupl i cat i on engi ne, used t o cut down
on t he management event s t hat t r adi t i onal NMS pl at f or ms t end t o
gener at e by showi ng t he end user onl y what she needs t o know t o
f i x net wor k pr obl ems. I t i s desi gned t o r ecei ve event s f r om
NMSs such as OpenVi ew or Ner veCent er , but i t can r ecei ve event s
f r omal most any ki nd of management sour ce. Mi cr omuse sel l s
pr obes t hat can i nt er f ace wi t h ever yt hi ng f r ompopul ar NMS
pl at f or ms t o t el ephone swi t ch equi pment .
Cons
Requi r es a bi t of i ni t i al set up ( but af t er t hat i t ' s easy t o
use and mai nt ai n) .

Network Computing Technologies Trap
Receiver
http://www.ncomtech.com

Pl at f orms
Wi ndows 95/ NT
Pros
Easy t o use and can be conf i gur ed t o per f or mact i ons on
r ecei ved t r aps.
Cons
Doesn' t r un on any f l avor of Uni x.

Chapter 6. Conf i guri ng Your NMS
Now t hat you have pi cked out some sof t war e t o use i n your
envi r onment , i t ' s t i me t o t al k about i nst al l i ng and r unni ng i t .
I n t hi s chapt er we wi l l l ook at a f ew NMS packages i n det ai l .
Whi l e we l i st ed sever al packages i n Chapt er 5, we wi l l di g i nt o
onl y a f ew packages her e, and we' l l use t hese packages i n
exampl es t hr oughout t he r est of t he book. These exampl es shoul d
al l ow you t o get most ot her SNMP- based net wor k- management
packages up and r unni ng wi t h ver y l i t t l e ef f or t .

6. 1 HP' s OpenVi ewNet work Node Manager
Net wor k Node Manager ( NNM) i s a l i censed sof t war e pr oduct . The
package i ncl udes a f eat ur e cal l ed " I nst ant - On" t hat al l ows you
t o use t he pr oduct f or a l i mi t ed t i me ( 60 days) whi l e you ar e
wai t i ng f or your r eal l i cense t o ar r i ve. Dur i ng t hi s per i od,
you ar e r est r i ct ed t o a 250- managed- node l i cense, but t he
pr oduct ' s capabi l i t i es ar en' t l i mi t ed i n any ot her way. When
you i nst al l t he pr oduct , t he I nst ant - On l i cense i s enabl ed by
def aul t .

Check out t he OpenVi ew scr i pt s l ocat ed i n
OpenVi ew' s bin di r ect or y ( nor mal l y /opt/OV/bin) .
One par t i cul ar l y i mpor t ant gr oup of scr i pt s set s
envi r onment var i abl es t hat al l ow you t o t r aver se
OpenVi ew' s di r ect or y st r uct ur e much mor e easi l y.
These scr i pt s ar e named ov.envvars.csh,
ov.envvars.sh, et c. ( t hat i s, ov.envvars
f ol l owed by t he name of t he shel l you' r e usi ng) .
When you r un t he appr opr i at e scr i pt f or your
h l l i t d f i i t i bl h

shel l , i t def i nes envi r onment var i abl es such as
$OV_BI N, $OV_MAN, and $OV_TMP, whi ch poi nt t o
t he OpenVi ew bin, man, and tmp di r ect or i es.
Thus, you can easi l y go t o t he di r ect or y
cont ai ni ng OpenVi ew' s manual pages wi t h t he
command cd $OV_MAN. These envi r onment var i abl es
ar e used t hr oughout t hi s book and i n al l of
OpenVi ew' s document at i on.

6. 1. 1 Runni ng NNM
To st ar t t he OpenVi ew GUI on a Uni x machi ne, def i ne your
DI SPLAY envi r onment var i abl e and r un t he command $OV_BIN/ovw.
Thi s st ar t s OpenVi ew' s NNM. I f your NNM has per f or med any
di scover y, t he nodes i t has f ound shoul d appear under your
I nt er net ( t op- l evel ) i con. I f you have pr obl ems st ar t i ng NNM,
r un t he command $OV_BIN/ovstatus -c and t hen $OV_BIN/ovstart or
$OV_BIN/ovstop, r espect i vel y, t o st ar t or st op i t . By def aul t ,
NNM i nst al l s t he necessar y scr i pt s t o st ar t i t s daemons when
t he machi ne boot s. OpenVi ew wi l l per f or mal l of i t s f unct i ons
i n t he backgr ound, even when you ar en' t r unni ng any maps. Thi s
means t hat you do not have t o keep a copy of NNM r unni ng on
your consol e at al l t i mes and you don' t have t o st ar t i t
expl i ci t l y when your machi ne r eboot s.
When t he GUI st ar t s, i t pr esent s you wi t h a cl i ckabl e hi gh-
l evel map. Thi s map, cal l ed t he Root map, pr ovi des a t op- l evel
vi ew of your net wor k. The map gi ves you t he abi l i t y t o see your
net wor k wi t hout havi ng t o see ever y det ai l at once. I f you want
mor e i nf or mat i on about any i t emi n t he di spl ay, whet her i t ' s a
subnet or an i ndi vi dual node, cl i ck on i t . You can dr i l l down
t o see any l evel of det ai l you want - - f or exampl e, you can
l ook at an i nt er f ace car d on a par t i cul ar node. The mor e det ai l
you want , t he mor e you cl i ck. Fi gur e 6- 1 shows a t ypi cal NNM
map.
Fi gure 6- 1. A t ypi cal NNMmap

The menu bar ( see Fi gur e 6- 2) al l ows you t o t r aver se t he map
wi t h a bi t mor e ease. You have opt i ons such as cl osi ng NNM ( t he
l ef t most but t on) , goi ng st r ai ght t o t he Home map ( second f r om
t he l ef t ) ,
[ 1]
t he Root map ( t hi r d- l ef t ) , t he par ent or pr evi ous
map ( f our t h- l ef t ) , or t he qui ck navi gat or .
[ 2]
Ther e i s al so a
but t on t hat l et s you pan t hr ough t he map or zoomi n on a
por t i on of i t .
[1]
You can set any map as your Home map. When you' ve f ound the
map you' d l i ke to use, go to "Map Submap Set Thi s Submap
as Home. "
[2]
Thi s i s a speci al map i n whi ch you can pl ace obj ects that you
need to watch f requentl y. I t al l ows you to access themqui ckl y
wi thout havi ng to f i nd themby searchi ng through the network
map.
Fi gure 6- 2. OpenVi ewNNMmenu bar

Bef or e you get si ck l ooki ng at your newl y
di scover ed net wor k, keep i n mi nd t hat you can
add some qui ck and easy cust omi zat i ons t hat wi l l
t r ansf or myour hodgepodge of names, number s, and
i cons i nt o a coor di nat ed pi ct ur e of your
net wor k.

6. 1. 2 The net mon Process
NNM' s daemon pr ocess ( net mon) st ar t s aut omat i cal l y when t he
syst emboot s and i s r esponsi bl e f or di scover i ng nodes on your
net wor k, i n addi t i on t o a f ew ot her t asks. I n NNM' s menu, go t o

" Opt i ons Net wor k Pol l i ng Conf i gur at i ons: I P. " A wi ndow shoul d
appear t hat l ooks si mi l ar t o Fi gur e 6- 3.
Fi gure 6- 3. OpenVi ew' s General net work pol l i ng conf i gurat i on opt i ons

Fi gur e 6- 3 shows t he Gener al ar ea of t he conf i gur at i on wi zar d.
The ot her ar eas ar e I P Di scover y, St at us Pol l i ng, and Secondar y
Fai l ur es. The Gener al ar ea al l ows us t o speci f y a f i l t er ( i n
t hi s exampl e, NOUSERS) t hat cont r ol s t he di scover y pr ocess - - we
mi ght not want t o see ever y devi ce on t he net wor k. We di scuss
t he cr eat i on of f i l t er s l at er i n t hi s chapt er , i n Sect i on
6. 1. 5. We el ect ed t o di scover beyond t he l i cense l i mi t , whi ch
means t hat NNM wi l l di scover mor e obj ect s on our net wor k t han
our l i cense al l ows us t o manage. " Excess" obj ect s ( obj ect s past
t he l i cense' s l i mi t ) ar e pl aced i n an unmanaged st at e, so t hat
you can see t hemon your maps but can' t cont r ol t hemt hr ough
NNM. Thi s opt i on i s usef ul when your l i cense l i mi t s you t o a
speci f i c number of managed nodes.
The I P Di scover y ar ea ( Fi gur e 6- 4) l et s us enabl e or di sabl e
t he di scover y of I P nodes. Usi ng t he " aut o adj ust " di scover y
f eat ur e al l ows NNM t o f i gur e out how of t en t o pr obe t he net wor k
f or new devi ces. The mor e new devi ces i t f i nds, t he mor e of t en
i t pol l s; i f i t doesn' t f i nd any new devi ces i t sl ows down,
event ual l y wai t i ng one day ( 1d) bef or e checki ng f or any new
devi ces. I f you don' t l i ke t he i dea t hat t he di scover y i nt er val
var i es ( or per haps mor e r eal i st i cal l y, i f you t hi nk t hat
pr obi ng t he net wor k t o f i nd new devi ces wi l l consume mor e
r esour ces t han you l i ke, ei t her on your net wor k- management
st at i on or t he net wor k i t sel f ) , you can speci f y a f i xed
di scover y i nt er val . Fi nal l y, t he " Di scover Level - 2 Obj ect s"
but t on t el l s NNM t o di scover and r epor t devi ces t hat ar e at t he
second l ayer of t he OSI net wor k model . Thi s cat egor y i ncl udes

t hi ngs such as unmanaged hubs and swi t ches, many Appl eTal k
devi ces, and so on.
Fi gure 6- 4. OpenVi ew' s I P Di scovery net work pol l i ng conf i gurat i on opt i ons

Fi gur e 6- 5 shows t he St at us Pol l i ng conf i gur at i on ar ea. Her e
you can t ur n st at us pol l i ng on or of f , and del et e nodes t hat
have been down or unr eachabl e f or a speci f i ed l engt h of t i me.
Thi s exampl e i s conf i gur ed t o del et e nodes af t er t hey' ve been
down f or one week ( 1w) .
Fi gure 6- 5. OpenVi ew' s St at us Pol l i ng net work pol l i ng conf i gurat i on opt i ons

The DHCP pol l i ng opt i ons ar e, obvi ousl y, especi al l y usef ul i n
envi r onment s t hat use DHCP. They al l ow you t o est abl i sh a
r el at i onshi p bet ween pol l i ng behavi or and I P addr esses. You can
speci f y a f i l t er t hat sel ect s addr esses t hat ar e assi gned by
DHCP. Then you can speci f y a t i me af t er whi ch net mon wi l l
del et e non- r espondi ng DHCP addr esses f r omi t s map of your
net wor k. I f a devi ce i s down f or t he gi ven amount of t i me,
net mon di sassoci at es t he node and I P addr ess. The r at i onal e f or

t hi s behavi or i s si mpl e: i n a DHCP envi r onment , t he
di sappear ance of an I P addr ess of t en means t hat t he node has
r ecei ved a new I P addr ess f r oma DHCP ser ver . I n t hat case,
cont i nui ng t o pol l t he ol d addr ess i s a wast e of ef f or t and i s
possi bl y even mi sl eadi ng, si nce t he addr ess may be r eassi gned
t o a di f f er ent host .
Fi nal l y, t he Secondar y Fai l ur es conf i gur at i on ar ea shown i n
Fi gur e 6- 6 al l ows you t o t el l t he pol l er how t o r eact when i t
sees a secondar y f ai l ur e. Thi s occur s when a node beyond a
f ai l ed devi ce i s unr eachabl e; f or exampl e, when a r out er goes
down, maki ng t he f i l e ser ver t hat i s connect ed vi a one of t he
r out er ' s i nt er f aces unr eachabl e. I n t hi s conf i gur at i on ar ea,
you can st at e whet her t o show al ar ms f or t he secondar y f ai l ur es
or suppr ess t hem. I f you choose t o suppr ess t hem, you can set
up a f i l t er t hat i dent i f i es i mpor t ant nodes i n your net wor k
t hat won' t get suppr essed even i f t hey ar e deemed secondar y
f ai l ur es.
Fi gure 6- 6. OpenVi ew' s Secondary Fai l ures net work pol l i ng conf i gurat i on opt i ons

Once your map i s up, you may not i ce t hat not hi ng i s get t i ng
di scover ed. I ni t i al l y, net mon won' t di scover anyt hi ng beyond
t he net wor k segment t o whi ch your NMS i s at t ached. I f your NMS
has an I P addr ess of 24. 92. 32. 12, you wi l l not di scover your
devi ces on 123. 67. 34. 0. NNM f i nds adj acent r out er s and t hei r
segment s, as l ong as t hey ar e SNMP- compat i bl e, and pl aces t hem
i n an unmanaged ( t an col or ed) st at e on t he map.
[ 3]
Thi s means
t hat anyt hi ng i n and under t hat i con wi l l not be pol l ed or
di scover ed. Sel ect i ng t he i con and goi ng t o " Edi t Manage
Obj ect s" t el l s NNM t o begi n managi ng t hi s net wor k and al l ows
net mon t o st ar t di scover i ng nodes wi t hi n i t . You can qui t
managi ng nodes at any t i me by cl i cki ng on UnManage i nst ead of
Manage.

[3]
I n NNM, go to "Hel p Di spl ay Legend" f or a l i st of i cons
and thei r col ors.
I f your r out er s do not show any adj acent net wor ks, you shoul d
t r y t est i ng t hemwi t h " Faul t Test I P/ TCP/ SNMP. " Add t he name
of your r out er , cl i ck " Rest ar t , " and see what ki nd of r esul t s
you get back. I f you get " OK except f or SNMP, " r evi ew Chapt er 7
and r ead Sect i on 6. 1. 3, on set t i ng up t he def aul t communi t y
names wi t hi n OpenVi ew.
net mon al so al l ows you t o speci f y a seed f i l e t hat hel ps i t t o
di scover obj ect s f ast er . The seed f i l e cont ai ns i ndi vi dual I P
addr esses, I P addr ess r anges, or domai n names t hat nar r ow t he
scope of host s t hat ar e di scover ed. You can cr eat e t he seed
f i l e wi t h any t ext edi t or - - j ust put one addr ess or host name
on each l i ne. Pl aci ng t he addr esses of your gat eways i n t he
seed f i l e somet i mes makes t he most sense, si nce gat eways
mai nt ai n ARP t abl es f or your net wor k. net mon wi l l subsequent l y
di scover al l t he ot her nodes on your net wor k, t hus f r eei ng you
f r omhavi ng t o add al l your host s t o t he seed f i l e. For mor e
usef ul i nf or mat i on, see t he document at i on f or t he -s swi t ch t o
net mon and t he Local Regi st r at i on Fi l es ( LRF) .
NNM has anot her ut i l i t y, cal l ed l oadhost s, t hat l et s you add
nodes t o t he map one at a t i me. Her e i s an exampl e of how you
can add host s, i n a sor t of f r eef or mmode, t o t he OpenVi ew map.
Not e t he use of t he -m opt i on, whi ch set s t he subnet t o
255. 255. 255. 0:
$ l oadhosts - m255. 255. 255. 0
10. 1. 1. 12 gwrouter1
Once you have f i ni shed addi ng as many nodes as you' d l i ke,
pr ess Ct r l - d t o exi t t he command.
6. 1. 3 Conf i guri ng Pol l i ng I nt erval s
The SNMP Conf i gur at i on page i s l ocat ed of f of t he mai n scr een
i n " Opt i ons SNMP Conf i gur at i on. " A wi ndow si mi l ar t o t he one
i n Fi gur e 6- 7 shoul d appear . Thi s wi ndow has f our sect i ons:
Speci f i c Nodes, I P Addr ess Wi l dcar ds, Def aul t , and t he ent r y
ar ea ( chopped of f f or vi ewi ng pur poses) . Each sect i on cont ai ns
t he same gener al ar eas: Node or I P Addr ess, Get Communi t y, Set
Communi t y, Pr oxy ( i f any) , Ti meout , Ret r y, Por t , and Pol l i ng.
The Def aul t ar ea, whi ch unf or t unat el y i s at t he bot t omof t he
scr een, set s up t he def aul t behavi or f or SNMP on your net wor k -
- t hat i s, t he behavi or ( communi t y st r i ngs, et c. ) f or al l host s
t hat ar en' t l i st ed as " speci f i c nodes" or t hat mat ch one of t he
wi l dcar ds. The Speci f i c Nodes sect i on al l ows you t o speci f y
except i ons, on a per node basi s. I P Addr ess Wi l dcar ds al l ows
you t o conf i gur e pr oper t i es f or a r ange of addr esses. Thi s i s
especi al l y usef ul i f you have net wor ks t hat have di f f er ent get
and set communi t y names.
[ 4]
Al l ar eas al l ow you t o speci f y a
Ti meout i n seconds and a Ret r y val ue. The Por t f i el d gi ves you

t he opt i on of i nser t i ng a di f f er ent por t number ( t he def aul t
por t i s 161) . Pol l i ng i s t he f r equency at whi ch you woul d l i ke
t o pol l your nodes.
[4]
These communi ty names are used i n di f f erent parts throughout
NNM. For exampl e, when pol l i ng an obj ect wi th xnmbrowser, you
won' t need to enter (or remember) the communi ty stri ng i f i t
(or i ts network) i s def i ned i n the SNMP conf i gurati ons.
Fi gure 6- 7. OpenVi ew' s SNMP Conf i gurat i on page

I t ' s i mpor t ant t o under st and how t i meout s and r et r i es wor k. I f
we l ook at Speci f i c Nodes, we see a Ti meout of . 9 seconds and a
Ret r y of 2 f or 208. 166. 230. 1. I f OpenVi ew doesn' t get a
r esponse wi t hi n . 9 seconds, i t t r i es agai n ( t he f i r st r et r y)
and wai t s 1. 8 seconds. I f i t st i l l doesn' t get anyt hi ng back,
i t doubl es t he t i meout per i od agai n t o 3. 6 seconds ( t he second
r et r y) ; i f i t st i l l doesn' t get anyt hi ng back i t decl ar es t he
node unr eachabl e and pai nt s i t r ed on t he NNM' s map. Wi t h t hese
Ti meout and Ret r y val ues, i t t akes about 6 seconds t o i dent i f y
an unr eachabl e node.
I magi ne what woul d happen i f we had a Ti meout of 4 seconds and
a Ret r y of 5. By t he f i f t h t r y we woul d be wai t i ng 128 seconds,
and t he t ot al pr ocess woul d t ake 252 seconds. That ' s over f our
mi nut es! For a mi ssi on- cr i t i cal devi ce, f our mi nut es can be a
l ong t i me f or a f ai l ur e t o go unnot i ced.
Thi s exampl e shows t hat you must be ver y car ef ul about your
Ti meout and Ret r y set t i ngs - - par t i cul ar l y i n t he Def aul t ar ea,
because t hese set t i ngs appl y t o most of your net wor k. Set t i ng
your Ti meout and Ret r y t oo hi gh and your Pol l i ng per i ods t oo
l ow wi l l make net mon f al l behi nd; i t wi l l be t i me t o st ar t over
bef or e t he pol l er has wor ked t hr ough al l your devi ces.
[ 5]
Thi s
i s a f r equent pr obl emwhen you have many nodes, sl ow net wor ks,
smal l pol l i ng t i mes, and hi gh number s f or Ti meout and Ret r y.
[ 6]

Once a syst emf al l s behi nd, i t wi l l t ake a l ong t i me t o
di scover pr obl ems wi t h t he devi ces i t i s cur r ent l y moni t or i ng,
as wel l as t o di scover new devi ces. I n some cases, NNM may not
di scover pr obl ems wi t h downed devi ces at al l ! I f your Ti meout

and Ret r y val ues ar e set i nappr opr i at el y, you won' t be abl e t o
f i nd pr obl ems and wi l l be unabl e t o r espond t o out ages.
[5]
Keep i n mi nd that most of NNM' s map i s pol l ed usi ng regul ar
pi ngs and not SNMP.
[6]
Check the manpage f or netmon f or the - a swi tch, especi al l y
around - a12. You can try to execute netmon wi th an - a ?,
whi ch wi l l l i st al l the val i d - a opti ons. I f you see any
negati ve numbers i n netmon. trace af ter runni ng netmon - a12,
your systemi s runni ng behi nd.
Fal l i ng behi nd can be ver y f r ust r at i ng. We r ecommend st ar t i ng
your Pol l i ng per i od ver y hi gh and wor ki ng your way down unt i l
you f eel comf or t abl e. Ten t o t went y mi nut es i s a good st ar t i ng
poi nt f or t he Pol l i ng per i od. Dur i ng your i ni t i al t est i ng
phase, you can al ways set a wi l dcar d r ange f or your t est
ser ver s, et c.
6. 1. 4 A FewWords About NNMMap Col ors
By now di scover y shoul d be t aki ng pl ace, and you shoul d be
st ar t i ng t o see some new obj ect s appear on your map. You shoul d
see a cor r el at i on bet ween t he col or s of t hese obj ect s and t he
col or s i n NNM' s Event Cat egor i es ( see Chapt er 10 f or mor e about
Event Cat egor i es) . I f a devi ce i s r eachabl e vi a ping, i t s col or
wi l l be gr een. I f t he devi ce cannot be r eached, i t wi l l t ur n
r ed. I f somet hi ng " under neat h" t he devi ce f ai l s, t he devi ce
wi l l become of f - gr een, i ndi cat i ng t hat t he devi ce i t sel f i s
okay, but somet hi ng under neat h i t has r eached a nonnor mal
st at us. For exampl e, a r out er may be wor ki ng, but a web ser ver
on t he LAN behi nd i t may have f ai l ed. The st at us sour ce f or an
obj ect l i ke t hi s i s Compound or Pr opagat ed. ( The ot her t ypes of
st at us sour ce ar e Symbol and Obj ect . ) The Compound st at us
sour ce i s a gr eat way t o see i f t her e i s a pr obl emat a l ower
l evel whi l e st i l l keepi ng an eye on t he bi g pi ct ur e. I t al er t s
you t o t he pr obl emand al l ows you t o st ar t dr i l l i ng down unt i l
you r each t he obj ect t hat i s under dur ess.
I t ' s al ways f un t o shut of f or unpl ug a machi ne and wat ch i t s
i con t ur n r ed on t he map. Thi s can be a gr eat way t o
demonst r at e t he val ue of t he new management syst emt o your
boss. You can al so l ear n how t o cheat and make OpenVi ew mi ss a
devi ce, even t hough i t was unpl ugged. Wi t h a r el at i vel y l ong
pol l i ng i nt er val , i t ' s easy t o unpl ug a devi ce and pl ug i t back
i n bef or e OpenVi ew has a chance t o not i ce t hat t he devi ce i sn' t
t her e. By t he t i me OpenVi ew get s ar ound t o i t , t he node i s back
up and l ooks f i ne. Long pol l i ng i nt er val s make i t easy t o mi ss
such t empor ar y f ai l ur es. Lower pol l i ng i nt er val s make i t l ess
l i kel y t hat OpenVi ew wi l l mi ss somet hi ng, but mor e l i kel y t hat
net mon wi l l f al l behi nd, and i n t ur n mi ss ot her f ai l ur es. Take

smal l st eps so as not t o cr ash or over l oad net mon or your
net wor k.
6. 1. 5 Usi ng OpenVi ewFi l t ers
Your map may i ncl ude some devi ces you don' t need, want , or car e
about . For exampl e, you may not want t o pol l or manage user s'
PCs, par t i cul ar l y i f you have many user s and a l i mi t ed l i cense.
I t may be wor t hwhi l e f or you t o i gnor e t hese user devi ces t o
open mor e sl ot s f or managi ng ser ver s, r out er s, swi t ches, and
ot her mor e i mpor t ant devi ces. net mon has a f i l t er i ng mechani sm
t hat al l ows you t o cont r ol pr eci sel y whi ch devi ces you manage.
I t l et s you f i l t er out unwant ed devi ces, cl eans up your maps,
and can r educe t he amount of management t r af f i c on your
net wor k.
I n t hi s book, we war n you r epeat edl y t hat pol l i ng your net wor k
t he wr ong way can gener at e huge amount s of management t r af f i c.
Thi s happens when peopl e or pr ogr ams use def aul t pol l i ng
i nt er val s t hat ar e t oo f ast f or t he net wor k or t he devi ces on
t he net wor k t o handl e. For exampl e, a management syst emmi ght
pol l ever y node i n your 10. 1. 0. 0 net wor k - - concei vabl y
t housands of t hem- - ever y t wo mi nut es. The pol l may consi st of
SNMP get or set r equest s, si mpl e pings, or bot h. OpenVi ew' s NNM
uses a combi nat i on of t hese t o det er mi ne i f a node i s up and
r unni ng. Fi l t er i ng saves you ( and your management ) t he t r oubl e
of havi ng t o pi ck t hr ough a l ot of usel ess nodes and r educes
t he l oad on your net wor k. Usi ng a f i l t er al l ows you t o keep t he
cr i t i cal nodes on your net wor k i n vi ew. I t al l ows you t o pol l
t he devi ces you car e about and i gnor e t he devi ces you don' t
car e about . The l ast t hi ng you want i s t o r ecei ve not i f i cat i on
each t i me a user t ur ns of f hi s PC when he l eaves f or t he ni ght .
Fi l t er s al so hel p net wor k management by l et t i ng you excl ude
DHCP user s f r omnet wor k di scover y and pol l i ng. DHCP and BOOTP
ar e used i n many envi r onment s t o manage l ar ge I P addr ess pool s.
Whi l e t hese pr ot ocol s ar e usef ul , t hey can make net wor k
management a ni ght mar e, si nce i t ' s of t en har d t o f i gur e out
what ' s goi ng on when addr esses ar e bei ng assi gned, deal l ocat ed,
and r ecycl ed.
I n my envi r onment we use DHCP onl y f or our user s. Al l ser ver s
and pr i nt er s have har dcoded I P addr esses. Wi t h our set up, we
can speci f y al l t he DHCP cl i ent s and t hen st at e t hat we want
ever yt hi ng but t hese cl i ent s i n our di scover y, maps, et c. The
f ol l owi ng exampl e shoul d get most user s up and r unni ng wi t h
some pr et t y good f i l t er i ng. Take some t i me t o r evi ew OpenVi ew' s
" A Gui de t o Scal abi l i t y and Di st r i but i on f or Net wor k Node
Manager " manual f or mor e i n- dept h i nf or mat i on on f i l t er i ng.
The def aul t f i l t er f i l e, whi ch i s l ocat ed i n $OV_CONF/C, i s
br oken up i nt o t hr ee sect i ons:
Sets

Filters
FilterExpressions
I n addi t i on, l i nes t hat begi n wi t h / / ar e comment s. / / comment s
can appear anywher e; some of t he ot her st at ement s have t hei r
own comment f i el ds bui l t i n.
Set s al l ow you t o pl ace i ndi vi dual nodes i nt o a gr oup. Thi s can
be usef ul i f you want t o separ at e user s based on t hei r
geogr aphi c l ocat i ons, f or exampl e. You can t hen use t hese
gr oups or any combi nat i on of I P addr esses t o speci f y your
Fi l t er s, whi ch ar e al so gr ouped by name. You t hen can t ake al l
of t hese gr oupi ngs and combi ne t hemi nt o Fi l t er Expr essi ons. I f
t hi s seems a bi t conf usi ng, i t i s! Fi l t er s can be ver y
conf usi ng, especi al l y when you add compl ex synt ax and not so
l ogi cal l ogi c ( &&, | | , et c. ) . The basi c synt ax f or def i ni ng
Set s, Fi l t er s, and Fi l t er Expr essi ons l ooks l i ke t hi s:
name "comments or descri pti on" { contents }
Ever y def i ni t i on cont ai ns a name, f ol l owed by comment s t hat
appear i n doubl e quot es, and t hen t he command sur r ounded by
br acket s. Our def aul t f i l t er ,
[ 7]
named f i l ters, i s l ocat ed i n
$OV_CONF/C and l ooks l i ke t hi s:
[7]
Your f i l ter, i f ri ght out of the box, wi l l l ook much
di f f erent. The one shown here i s tri mmed to ease the pai ns of
wri ti ng a f i l ter.
/ / l i nes that begi n wi th / / are consi dered COMMENTS and are i gnored!
/ / Begi n of MyCompanyName Fi l ters

Sets {

di al upusers "Di al Up Users" { "di al up100", " di al up101",
" di al up102" }
}

Fi l ters {

ALLI PRouters "Al l I P Routers" { i sRouter }

Si natraUsers "Al l Users i n the Si natra Pl ant" {
("I P Address" ~199. 127. 4. 50- 254) | |
("I P Address" ~199. 127. 5. 50- 254) | |
("I P Address" ~199. 127. 6. 50- 254) }

Markel Users "Al l Users i n the Markel Pl ant" {
("I P Address" ~172. 247. 63. 17- 42) }

Di al Access "Al l Di al Access Users" { "I P Hostname" i n di al upusers }
}

Fi l terExpressi ons
{

ALLUSERS "Al l Users" { Si natraUsers | | Markel Users | | Di al Access }

NOUSERS "No Users " { !ALLUSERS }
}
Now l et ' s br eak t hi s f i l e down i nt o pi eces t o see what i t does.
6. 1. 5. 1 Set s
Fi r st , we def i ned a Set
[ 8]
cal l ed di al upusers cont ai ni ng t he
host names ( f r omDNS) t hat our di al - up user s wi l l r ecei ve when
t hey di al i nt o our f aci l i t y. These ar e per f ect exampl es of
t hi ngs we don' t want t o manage or moni t or i n our OpenVi ew
envi r onment .
[8]
These Sets have nothi ng to do wi th the snmpset operati on wi th
whi ch we have become f ami l i ar.
6. 1. 5. 2 Fi l t ers
The Fi l t er s sect i on i s t he onl y nonopt i onal sect i on. We def i ned
f our f i l t er s: ALLI PRouters, Si natraUsers, Markel Users, and Di al Access. The
f i r st f i l t er says t o di scover nodes t hat have f i el d val ue
i sRouter. OpenVi ew can set t he obj ect at t r i but e f or a managed
devi ce t o val ues such as i sRouter, i sHub, i sNode, et c.
[ 9]
These
at t r i but es can be used i n Fi l t er expr essi ons t o make i t easi er
t o f i l t er on gr oups of managed obj ect s, as opposed t o I P
addr ess r anges, f or exampl e.
[9]
Check out the $OV_FI ELDS area f or a l i st of f i el ds.
The next t wo f i l t er s speci f y I P addr ess r anges. The Si natraUsers
f i l t er i s t he mor e compl ex of t he t wo. I n i t , we speci f y t hr ee
I P addr ess r anges, each separ at ed by l ogi cal OR symbol s ( | | ) .
The f i r st r ange ( ("I P Address" ~ 199. 127. 6. 50- 254)) says t hat i f t he I P
addr ess i s i n t he r ange 199. 127. 6. 50- 199. 127. 6. 254, t hen f i l t er
i t and i gnor e i t . I f i t ' s not i n t hi s r ange, t he f i l t er l ooks
at t he next r ange t o see i f i t ' s i n t hat one. I f i t ' s not , t he
f i l t er l ooks at t he f i nal I P r ange. I f t he I P addr ess i sn' t i n
any of t he t hr ee r anges, t he f i l t er al l ows i t t o be di scover ed
and subsequent l y managed by NNM. Ot her l ogi cal oper at or s shoul d
be f ami l i ar t o most pr ogr ammer s: && r epr esent s a l ogi cal AND,
and ! r epr esent s a l ogi cal NOT.
The f i nal f i l t er , Di al Access, al l ows us t o excl ude al l syst ems
t hat have a host name l i st ed i n t he di al upusers set , whi ch was
def i ned at t he begi nni ng of t he f i l e.
6. 1. 5. 3 Fi l t erExpressi ons
The next sect i on, Fi l t er Expr essi ons, al l ows us t o combi ne t he
f i l t er s we have pr evi ousl y def i ned wi t h addi t i onal l ogi c. You
can use a Fi l t er Expr essi on anywher e you woul d use a Fi l t er .
Thi nk of i t l i ke t hi s: you cr eat e compl ex expr essi ons usi ng
Fi l t er s, whi ch i n t ur n can use Set s i n t he contents par t s of

t hei r expr essi ons. You can t hen use Fi l t er Expr essi ons t o cr eat e
si mpl er yet mor e r obust expr essi ons. I n our case, we t ake al l
t he f i l t er s f r omabove and pl ace t hemi nt o a Fi l t er Expr essi on
cal l ed ALLUSERS. Si nce we want our NNM map t o cont ai n nonuser
devi ces, we t hen def i ne a gr oup cal l ed NOUSERS and t el l i t t o
i gnor e al l user - t ype devi ces wi t h t he command !ALLUSERS. As you
can see, Fi l t er Expr essi ons can al so ai d i n maki ng t hi ngs mor e
r eadabl e. When you have f i ni shed set t i ng up your f i l t er f i l e,
use t he $OV_BI N/ ovf i l t er check pr ogr amt o check your new
f i l t er s' synt ax. I f t her e ar e any pr obl ems, i t wi l l l et you
know so you can f i x t hem.
Now t hat we have our f i l t er s def i ned, we can appl y t hemby
usi ng t he ovtopofix command or t he pol l i ng conf i gur at i on menu
shown i n Fi gur e 6- 3.
I f you want t o r emove nodes f r omyour map, use
$OV_BIN/ovtopofix -f FILTER_NAME. Let ' s say t hat someone
cr eat ed a new DHCP scope wi t hout t el l i ng you and suddenl y al l
t he new user s ar e now on t he map. You can edi t t he f i l t er s
f i l e, cr eat e a new gr oup wi t h t he I P addr ess r ange of t he new
DHCP scope, add i t t o t he ALLUSERS Fi l t er Expr essi on, r un
ovfiltercheck, and, i f t her e ar e no er r or s, r un
$OV_BIN/ovtopofix -f NOUSERS t o updat e t he map on t he f l y. Then
st op and r est ar t net mon - - ot her wi se i t wi l l keep di scover i ng
t hese unwant ed nodes usi ng t he ol d f i l t er . I f i nd mysel f
r unni ng ovtopofix ever y mont h or so t o t ake out some r andom
nodes.
6. 1. 6 Loadi ng MI Bs i nt o OpenVi ew
Bef or e you cont i nue expl or i ng OpenVi ew' s NNM, t ake t i me t o l oad
some vendor - speci f i c MI Bs.
[ 10]
Thi s wi l l hel p you l at er on when
you st ar t i nt er act i ng ( pol l i ng, gr aphi ng, et c. ) mor e wi t h SNMP-
compat i bl e devi ces. Go t o " Opt i ons Load/ Unl oad MI Bs: SNMP. "
Thi s pr esent s you wi t h a wi ndow i n whi ch you can add vendor -
speci f i c MI Bs t o your dat abase. Al t er nat i vel y, you can r un t he
command $OV_BIN/xnmloadmib and bypass havi ng t o go t hr ough NNM
di r ect l y.
[10]
Some pl atf orms and envi ronments ref er to l oadi ng a MI B as
compi l i ng i t.
That ' s t he end of our br i ef t our of OpenVi ew conf i gur at i on.
I t ' s i mpossi bl e t o pr ovi de a compl et e i nt r oduct i on t o
conf i gur i ng OpenVi ew i n t hi s chapt er , so we t r i ed t o pr ovi de a
sur vey of t he most i mpor t ant aspect s of get t i ng i t r unni ng.
Ther e can be no subst i t ut e f or t he document at i on and manual
pages t hat come wi t h t he pr oduct i t sel f .

6. 2 Cast l e Rock' s SNMPc Ent erpri se Edi t i on

We' l l end t he chapt er wi t h a br i ef di scussi on of Cast l e Rock' s
SNMPc, Ver si on 5. 0, whi ch r uns on Wi ndows NT/ 2000. SNMPc i s a
si mpl er pr oduct t han OpenVi ew i n many r espect s. However , even
t hough i t ' s si mpl er , i t ' s f ar f r omf eat ur el ess. I t ' s al so
cheaper t han OpenVi ew, whi ch makes i t i deal f or shops t hat
don' t have a l ot of money t o spend on an NMS pl at f or mbut need
t he suppor t and backi ng t hat a commer ci al pr oduct pr ovi des.
I nst al l at i on of SNMPc i s st r ai ght f or war d. The i nst al l er asks
f or t he l i cense number and a di scover y seed devi ce. The seed
devi ce i s si mi l ar t o a seed f i l e f or OpenVi ew' s net mon. I n t he
case of SNMPc, we r ecommend gi vi ng i t t he I P addr ess ( or
host name) of your gat eway, si nce t hi s devi ce can be used t o
di scover ot her segment s of your net wor k. Omi t t i ng t he di scover y
seed devi ce wi l l not keep SNMPc f r omper f or mi ng di scover y but
wi l l l i mi t i t t o t he devi ces on t he net wor k t o whi ch i t ' s
di r ect l y connect ed.
6. 2. 1 SNMPc' s Map
Once SNMPc i s up and r unni ng, you wi l l see any devi ces i t has
di scover ed i n t he Root map vi ew. Fi gur e 6- 8 shows t he mai n
but t on bar . The f ar r i ght but t on ( t he house) get s you t o t he
hi ghest l evel on t he map. The zoomi ng t ool s al l ow you t o pan i n
and out of t he map, i ncr easi ng or decr easi ng t he amount of
det ai l i t shows. You can al so r each t he Root submap by
sel ect i ng " Map Vi ew Root submap" f r omt he Vi ew menu.
Fi gure 6- 8. SNMPc mai n but t on bar

6. 2. 2 Di scovery and Fi l t ers
Once you ar e done pl ayi ng ar ound wi t h your maps, i t ' s t i me t o
st ar t t uni ng your pol l i ng par amet er s. Go t o " Conf i g Di scover y
Agent s. " Thi s shoul d br i ng up a menu t hat l ooks l i ke Fi gur e 6-
9. Looki ng at t he menu t abs, i t ' s easy t o t el l t hat you wi l l be
abl e t o conf i gur e your Seeds, Communi t i es, and Fi l t er s her e.
SNMPc f i l t er s ar e equi val ent t o OpenVi ew f i l t er s, but much
si mpl er .
Fi gure 6- 9. SNMPc Di scovery Agent s menu

The Gener al t ab l et s you cont r ol SNMPc' s pol l i ng and di scover y
behavi or . The checkbox f or enabl i ng and di sabl i ng di scover y i s
sel f - expl anat or y. The " Enabl e St at us Pol l i ng" checkbox
det er mi nes i f SNMPc wi l l ping t he nodes on your net wor k
per i odi cal l y t o det er mi ne whet her or not t hey ar e r espondi ng.
By def aul t , al l nodes ar e pol l ed ever y 10 t o 30 seconds. To
change t hese def aul t val ues, you can ei t her edi t t he pr oper t i es
of each devi ce ( one by one) , sel ect and hi ghl i ght mul t i pl e
devi ces ( usi ng your Ct r l key) , or use t he obj ect sel ect i on
t ool . You can br i ng up t hi s t ool by usi ng t he t hi r d but t on f r om
t he l ef t on t he mai n but t on bar or by goi ng t o " Vi ew
Sel ect i on Tool . " The " Di scover Pi ng Nodes" checkbox l et s you
speci f y i f you want t o di scover devi ces t hat have an I P or I PX
ent i t y but do not have an SNMP agent . " Di scover I PX Nodes"
gi ves you t he opt i on of di scover i ng I PX devi ces. SNMPc wi l l
al so check i f a devi ce suppor t s var i ous pr ot ocol s such as SMTP,
HTTP, et c. Thi s f eat ur e al l ows you t o set up cust ommenu i t ems
based on what ser vi ces t he devi ce i s r unni ng. The Pr ot ocol s
sect i on of t he Gener al t ab l et s you speci f y t he pr ot ocol s f or
whi ch SNMPc wi l l t est .
The Seeds t ab al l ows you t o speci f y SNMP devi ces t hat wi l l hel p
t he di scover y pr ocess al ong. Thi s t ab al l ows you t o speci f y
mor e t han one seed I P addr ess. ( Remember t hat you' r e asked f or
a seed addr ess devi ce when you i nst al l t he pr oduct . )
The Communi t i es t ab l et s you speci f y t he communi t y st r i ngs f or
your net wor k. You can speci f y mul t i pl e communi t y names; SNMPc
wi l l t r y t he di f f er ent communi t y names when di scover i ng your
nodes. Once SNMPc f i gur es out whi ch communi t y i s cor r ect f or a
gi ven devi ce, i t i nser t s t he communi t y st r i ng i n t he " Get
Communi t y" at t r i but e f or t hat par t i cul ar devi ce. Thi s si mpl y
means t he newl y di scover ed devi ce wi l l be saved wi t h i t s
communi t y st r i ng.
The f i nal t ab, Fi l t er s, al l ows you t o excl ude cer t ai n I P
addr esses f r ombei ng di scover ed. You can speci f y i ndi vi dual

addr esses, or use an ast er i sk ( *) as a wi l dcar d t o speci f y
ent i r e net wor ks.
6. 2. 3 Loadi ng MI Bs i nt o SNMPc
Li ke any r easonabl y compr ehensi ve net wor k- management pr oduct ,
SNMPc can l oad and compi l e new MI Bs. To do so, sel ect " Conf i g
MI B Dat abase" f r omt he mai n menu bar . Thi s wi ndow l et s you
speci f y t he pat h t o t he MI B f i l e and gi ves you f ul l f eedback
about t he st at us of t he compi l at i on, et c. Cl i ck on t he " Hel p"
but t on f or mor e i nf or mat i on about MI B compi l at i on.
SNMPc i s a compact NMS t hat pr ovi des some added f eat ur es, such
as t r end r epor t i ng. A t hor ough t r eat ment of i t s i nst al l at i on i s
beyond t he scope of t hi s book. The onl i ne hel p syst emt hat
comes wi t h SNMPc i s ver y good, and we r ecommend you t ake f ul l
advant age of i t .

Chapter 7. Conf i guri ng SNMP Agents
By t hi s t i me you shoul d under st and what an SNMP agent i s: i t ' s
not hi ng mor e t han sof t war e t hat l i ves on t he devi ce you want t o
moni t or . I t r esponds t o r equest s f r omt he NMS and gener at es
t r aps. Thi s chapt er di scusses how t o conf i gur e agent s. I t
st ar t s by def i ni ng some st andar d conf i gur at i on par amet er s t hat
ar e common t o al l SNMP agent s, t hen goes i nt o some advanced
par amet er s you mi ght r un i nt o when conf i gur i ng your equi pment .
The bul k of t hi s chapt er wal ks t hr ough t he conf i gur at i on f or a
number of common devi ces, payi ng at t ent i on t o secur i t y i ssues.
7. 1 Paramet er Set t i ngs
Al l SNMP devi ces shar e t he f ol l owi ng common conf i gur abl e
par amet er s:
sysLocation
sysContact
sysName
Read-write and read-only access community strings (and
frequently, a trap community string)
Trap destination
sysLocat i on i s t he physi cal l ocat i on f or t he devi ce bei ng
moni t or ed. I t s def i ni t i on i n RFC 1213 i s:
ACCESS read- wri te
STATUS mandatory
DESCRI PTI ON
"The physi cal l ocati on of thi s node (e. g. , ' tel ephone cl oset,

3rd f l oor' ). "
: : ={ system6 }
As you can see, i t s SYNTAX i s Di spl ayStri ng, whi ch means i t can be
an ASCI I st r i ng of char act er s; i t s si ze i s decl ar ed t o be at
most 255 char act er s. Thi s par t i cul ar obj ect i s usef ul f or
det er mi ni ng wher e a devi ce i s l ocat ed. Thi s ki nd of pr act i cal
i nf or mat i on i s essent i al i n a l ar ge net wor k, par t i cul ar l y i f
i t ' s spr ead over a wi de ar ea. I f you have a mi sbehavi ng swi t ch,
i t ' s ver y conveni ent t o be abl e t o l ook up t he swi t ch' s
physi cal l ocat i on. Unf or t unat el y, sysLocat i on f r equent l y i sn' t
set when t he devi ce i s i nst al l ed and even mor e of t en i sn' t
changed when t he devi ce i s moved. Unr el i abl e i nf or mat i on i s
wor se t han no i nf or mat i on, so use some di sci pl i ne and keep your
devi ces up t o dat e.
RFC 1213' s def i ni t i on of sysCont act i s si mi l ar t o t hat of
sysLocat i on:
sysContact OBJ ECT- TYPE
ACCESS read- wri te
STATUS mandatory
DESCRI PTI ON
"The textual i denti f i cati on of the contact person f or thi s managed
node, together wi th i nf ormati on on howto contact thi s person. "
: : ={ system4 }
sysCont act i s a Di spl ayStri ng. I t ' s f ai r l y obvi ous what i t ' s used
f or : i t i dent i f i es t he pr i mar y cont act f or t he devi ce i n
quest i on. I t i s i mpor t ant t o set t hi s obj ect wi t h an
appr opr i at e val ue, as i t can hel p your oper at i ons st af f
det er mi ne who needs t o be cont act ed i n t he event of some
cat ast r ophi c f ai l ur e. You can al so use i t t o make sur e you' r e
not i f i ed, i f you' r e r esponsi bl e f or a gi ven devi ce, when
someone needs t o t ake your devi ce down f or mai nt enance or
r epai r s. As wi t h sysLocat i on, make sur e t o keep t hi s
i nf or mat i on up t o dat e as your st af f changes. I t ' s not uncommon
t o f i nd devi ces f or whi ch t he sysCont act i s someone who l ef t
t he company sever al year s ago.
sysName shoul d be set t o t he fully-qualified domain name ( FQDN)
f or t he managed devi ce. I n ot her wor ds, i t ' s t he host name
associ at ed wi t h t he managed devi ce' s I P addr ess. The RFC 1213
def i ni t i on f ol l ows:
sysName OBJ ECT- TYPE
ACCESS read- wri te
STATUS mandatory
DESCRI PTI ON
"An admi ni strati vel y- assi gned name f or thi s managed node. By
conventi on, thi s i s the node' s f ul l y- qual i f i ed domai n name. "
: : ={ system5 }
The r eadonl y and r ead- wr i t e par amet er s ar e t he communi t y
st r i ngs f or r eadonl y and r ead- wr i t e access. Not i ce t hat

sysLocat i on, sysCont act , and sysName al l have ACCESS val ues of
read- wri te. Wi t h t he appr opr i at e r ead- wr i t e communi t y st r i ng,
anyone can change t he def i ni t i on of t hese obj ect s and many mor e
obj ect s of si gni f i cant l y gr eat er i mpor t ance. Ul t i mat el y, i t ' s
not a huge pr obl emi f somebody mal i ci ousl y makes your r out er
l i e about i t s l ocat i on - - you pr obabl y al r eady know t hat i t
i sn' t l ocat ed i n Ant ar ct i ca. But someone who can do t hi s can
al so f i ddl e wi t h your r out i ng t abl es and do ot her ki nds of much
mor e ser i ous damage. Someone who has onl y t he r eadonl y
communi t y st r i ng can cer t ai nl y f i nd out mor e i nf or mat i on about
your net wor k t han you woul d l i ke t o r eveal t o an out si der .
Set t i ng t he communi t y st r i ngs i s ext r emel y i mpor t ant t o
mai nt ai ni ng a secur e envi r onment . Most devi ces ar e shi pped wi t h
def aul t communi t y st r i ngs t hat ar e wel l known. Don' t assume
t hat you can put of f set t i ng your communi t y st r i ngs unt i l
l at er .
The t r ap dest i nat i on par amet er s speci f y t he addr esses t o whi ch
t r aps ar e sent . Ther e' s not hi ng r eal l y magi cal her e - - si nce
t r aps ar e asynchr onous not i f i cat i ons gener at ed by your devi ces,
t he agent needs t o know who shoul d r ecei ve not i f i cat i on. Many
devi ces suppor t aut hent i cat i on- f ai l ur e t r aps, whi ch ar e
gener at ed i f someone at t empt s t o access t hemusi ng i ncor r ect
communi t y st r i ngs. Thi s f eat ur e i s ext r emel y usef ul , as i t
al l ows you t o det ect at t empt s t o br eak i nt o your devi ces. Many
devi ces al so suppor t t he abi l i t y t o i ncl ude a communi t y st r i ng
wi t h t r aps; you can conf i gur e t he net wor k- management st at i on t o
r espond onl y t o t r aps t hat cont ai n t he pr oper communi t y st r i ng.
Many devi ces have addi t i onal t wi st s on t he access and t r ap
par amet er s. For exampl e, Ci sco devi ces al l ow you t o cr eat e
di f f er ent communi t y st r i ngs f or di f f er ent par t s of t he MI B - -
you can use t hi s t o al l ow peopl e t o set some var i abl es, but not
ot her s. Many vendor s al l ow you t o pl ace r est r i ct i ons on t he
host s t hat ar e al l owed t o make SNMP r equest s. That i s, t he
devi ce wi l l r espond onl y t o r equest s f r omcer t ai n I P addr esses,
r egar dl ess of t he communi t y st r i ng.
The r ange of conf i gur at i on opt i ons you' r e l i kel y t o r un i nt o i s
l i mi t ed onl y by t he i magi nat i on of t he vendor s, so i t ' s
obvi ousl y i mpossi bl e f or us t o descr i be ever yt hi ng you mi ght
encount er . Sect i on 7. 3 l at er i n t hi s chapt er wi l l gi ve you an
i dea of how some agent s i mpl ement t he st andar d conf i gur at i on
par amet er s and a l i t t l e i nsi ght i nt o what ot her f eat ur es mi ght
be avai l abl e.

7. 2 Securi t y Concerns
Chapt er 2 di scussed t he secur i t y i ssues wi t h SNMPv1 and SNMPv2.
The bi ggest pr obl em, of cour se, i s t hat t he r eadonl y and r ead-
wr i t e communi t y st r i ngs ar e sent as cl ear - t ext st r i ngs; t he
agent or t he NMS per f or ms no encr ypt i on. Ther ef or e, t he

communi t y st r i ngs ar e avai l abl e t o anyone wi t h access t o a
packet sni f f er . That cer t ai nl y means al most anyone on your
net wor k wi t h a PC and t he abi l i t y t o downl oad wi del y avai l abl e
sof t war e. Does t hat make you uncomf or t abl e? I t shoul d.
Obvi ousl y, you need t o t ake t he same pr ecaut i ons wi t h t he
communi t y st r i ngs t hat you woul d wi t h your super user or
admi ni st r at or passwor ds. Choose communi t y st r i ngs t hat ar e har d
t o guess. Mi xed- case al phanumer i c st r i ngs ar e good choi ces f or
communi t y st r i ngs; don' t use di ct i onar y wor ds. Al t hough someone
wi t h t he r eadonl y communi t y st r i ng can' t do as much damage as
someone wi t h t he r ead- wr i t e st r i ng, you mi ght as wel l t ake t he
same pr ecaut i ons f or bot h. Don' t f or get t o change your
communi t y st r i ngs - - most devi ces shi p wi t h pr econf i gur ed
communi t y st r i ngs t hat ar e ext r emel y easy t o guess.
That doesn' t sol ve t he pr obl ems wi t h packet sni f f er s. When
you' r e conf i gur i ng an agent , i t ' s a good i dea t o l i mi t t he
devi ces t hat can make SNMP r equest s ( assumi ng t hat your agent
al l ows you t o make t hi s r est r i ct i on) . That way, even i f someone
get s t he communi t y st r i ngs, he' l l have t o spoof t he I P addr ess
of one of your management st at i ons t o do any damage.
Of cour se, many peopl e know how t o spoof I P addr esses t hese
days, and i t ' s not a r eal l y good i dea t o assume t hat you can
t r ust your empl oyees. A bet t er sol ut i on t o t he pr obl emi s t o
pr event t he SNMP packet s f r ombei ng vi si bl e on your ext er nal
net wor k connect i ons and par t s of your net wor k wher e you don' t
want t hemt o appear . Thi s r equi r es conf i gur i ng your r out er s and
f i r ewal l s wi t h access l i st s t hat bl ock SNMP packet s f r omt he
out si de wor l d ( whi ch may i ncl ude par t s of your own net wor k) . I f
you don' t t r ust t he user s of your net wor k, you may want t o set
up a separ at e admi ni st r at i ve net wor k t o be used f or SNMP
quer i es and ot her management oper at i ons. Thi s i s expensi ve and
i nf l exi bl e - - i t ' s har d t o i magi ne ext endi ng such a net wor k
beyond your cor e r out er s and ser ver s - - but i t may be what your
si t uat i on r equi r es.
I f you want t o use SNMP t o moni t or your net wor k f r omhome, be
ext r emel y car ef ul . You do not want your communi t y st r i ngs
t r avel i ng over t he publ i c I nt er net i n an unencr ypt ed f or m. I f
you pl an t o use SNMP t ool s di r ect l y f r omhome, make sur e t o
i nst al l VPN sof t war e, or some f or mof t unnel i ng, t o keep your
SNMP t r af f i c pr i vat e. A bet t er appr oach t o home moni t or i ng i s
t o use a web i nt er f ace; by usi ng SSL, you can pr event ot her s
f r omseei ng your usage gr aphs. ( No net wor k- management pr oduct s
t hat we' r e awar e of suppor t SSL out of t he box; but t hey do
al l ow you t o i nt egr at e wi t h ext er nal ser ver s, such as Apache,
whi ch do suppor t SSL) .
SNMPv3 ( di scussed i n Appendi x F) f i xes most of t he secur i t y
pr obl ems; i n par t i cul ar , i t makes sur e t hat t he communi t y
st r i ngs ar e al ways encr ypt ed. Unf or t unat el y, t her e ar e ver y f ew

i mpl ement at i ons of SNMPv3 out t her e. I t ' s cl ear what di r ect i on
you want t o head i n, but you can' t get t her e yet .

7. 3 Agent Conf i gurat i on Wal kt hroughs
I n t he f ol l owi ng sect i ons we wi l l wal k t hr ough t he
conf i gur at i ons of some t ypi cal SNMP agent s. We have chosen
devi ces t hat ar e f ound on al most ever y moder n net wor k ( x86 PCs,
Uni x Ser ver s, r out er s, UPSs, et c. ) . The poi nt of t hi s
di scussi on i sn' t t o show you how your par t i cul ar agent i s
conf i gur ed - - t hat woul d not be pr act i cal , gi ven t he hundr eds
of devi ces and vendor s out t her e. Our i nt ent i s t o gi ve you a
f eel f or what t he common opt i ons ar e, and what st eps you' l l
t ypi cal l y go t hr ough t o conf i gur e an agent .
7. 3. 1 Wi ndows 95/ 98 Agent
I n t hi s sect i on, we' l l wal k t hr ough t he SNMP conf i gur at i on f or
t he Wi ndows 95/ 98 agent , usi ng t he Wi ndows Syst emPol i cy
Edi t or . The set t i ngs ar e al l st or ed i n t he r egi st r y, so you can
al so make changes t o t he conf i gur at i on usi ng regedit, but
t her e' s l ess chance of er r or i f you use t he Syst emPol i cy
Edi t or . I t ' s wor t h not i ng t hat Wi ndows 95, 98, and NT al l have
t he same SNMP ent r i es i n t he r egi st r y, so conf i gur at i on f or
t hese oper at i ng syst ems i s si mi l ar . I t ' s al so wor t h not i ng t hat
Mi cr osof t ' s SNMP agent i sn' t t er r i bl y r obust , al t hough i t ' s
adequat e i f you want onl y basi c SNMP f unct i onal i t y. Ot her
agent s ar e avai l abl e; Concor d' s Syst emEDGE and Cast l e Rock' s
SNMPc suppor t t he Mi cr osof t oper at i ng syst ems.

Unl ess you ar e compl et el y comf or t abl e t aki ng t he
r egi st r y edi t i ng l eap, we st r ongl y r ecommend
t hat you use t he Syst emPol i cy Edi t or t o make
agent conf i gur at i on changes. I ncor r ect set t i ngs
i n t he r egi st r y can r esul t i n ser i ous syst em
pr obl ems. Consi der your sel f war ned.

The Wi ndows Syst emPol i cy Edi t or comes wi t h t he Wi ndows 95/ 98
Resour ce Ki t , and must be i nst al l ed bef or e you can conf i gur e
t he SNMP agent . The f i r st t i me you r un t he Syst emPol i cy Edi t or
i t wi l l ask you f or an .adm f i l e. Sel ect C:\WINDOWS\INF
\ADMIN.ADM as t hi s f i l e. Sel ect " Fi l e Open Regi st r y, " t hen
doubl e- cl i ck t he Local Comput er i con. I n t he Pol i ci es t ab,
cl i ck down t he pl us si gns unt i l you r each Net wor k and t hen
SNMP. Thi s shoul d l eave you wi t h f our SNMP agent conf i gur at i on
i t ems. Fi gur e 7- 1 shows what your wi ndow shoul d l ook l i ke. To
enabl e an opt i on, pl ace a check next t o i t . When you ar e
f i ni shed, cl i ck " OK, " t hen " Fi l e Save" at t he mai n scr een. I f
you don' t f ol l ow t hese st eps, your conf i gur at i on won' t be saved
t o t he r egi st r y.

Fi gure 7- 1. Wi ndows 95/ 98 Syst emPol i cy Edi t or

The " Communi t i es" set t i ngs al l ow you t o def i ne your communi t y
st r i ngs. Check t he box and t hen cl i ck " Show" i n t he l ower
sect i on. Thi s br i ngs up anot her wi ndow showi ng your communi t y
st r i ngs. To cr eat e a new communi t y, cl i ck " Add" and t hen ent er
t he st r i ng. Repeat t he st eps, i f appr opr i at e, f or your si t e. I f
t hi s opt i on i s l ef t unchecked, or i f i t i s checked but no
communi t y names ar e l i st ed, t he agent wi l l answer al l SNMP
r equest s i t r ecei ves. The next checkbox i t em, " Per mi t t ed
manager s, " speci f i es what NMSs can access t hi s agent . You can
i dent i f y your management st at i ons by I PX addr esses, I P
addr esses, or DNS names. For exampl e, you can use t hi s i t emt o
r est r i ct SNMP access t o a par t i cul ar NMS. I f t he " Per mi t t ed
manager s" box i s unchecked or i s checked but has no ent r i es,
t he agent wi l l answer al l r equest s, no mat t er wher e t hey come
f r om. Checki ng " Tr aps f or `Publ i c' communi t y" al l ows you t o
desi gnat e up t o f i ve NMSs t o r ecei ve t r aps. The l ast set t i ng,
" I nt er net MI B ( RFC1156) , " al l ows you t o set t he Cont act Name
( sysCont act ) and Locat i on ( sysLocat i on) obj ect s.
Remember t o save your changes usi ng " Fi l e Save" at t he mai n
menu of t he Syst emPol i cy Edi t or . Fi gur e 7- 2 shows what t he
`ent r i es l ook l i ke i n t he Regi st r y Edi t or , af t er you' ve used
t he Pol i cy Edi t or t o set t hem.
Fi gure 7- 2. Wi ndows 95/ 98 Regi st ry Edi t or

7. 3. 2 Wi ndows NT 4. 0 and Wi ndows 2000 Agent
To conf i gur e t he SNMP ser vi ce i n Wi ndows NT 4. 0 and 2000, st ar t
i n t he Cont r ol Panel and doubl e- cl i ck on t he Net wor k i con.
Cl i ck on t he Ser vi ces t ab, sel ect " SNMP Ser vi ce, " and cl i ck on
t he " Pr oper t i es" but t on. I f " SNMP Ser vi ce" i sn' t l i st ed, you
need t o add i t . Pr ess t he " Add" but t on and sel ect " SNMP
Ser vi ce" f r omt he l i st of ser vi ces. I t wi l l pr ompt you f or your
Wi ndows NT syst emdi sk, so be sur e t o have i t r eady. For
Wi ndows 2000, go t o t he Cont r ol Panel and cl i ck on " Add/ Remove
Pr ogr ams. " When t he wi ndow pops up cl i ck on " Add/ Remove Wi ndows
Component s, " t hen sel ect " Management and Moni t or i ng Tool s. "
Thi s shoul d br i ng up a wi ndow wi t h one i t emi n i t , " Si mpl e
Net wor k Management Pr ot ocol . " Check t he box next t o i t and
pr ess " OK. " Thi s wi l l t ake you back t o t he Component s Wi zar d
wi ndow. Cl i ck " Next " t o begi n t he i nst al l at i on of t he SNMP
ser vi ce. You wi l l pr obabl y need your Wi ndows 2000 CD- ROM.
Once you have i nst al l ed t he SNMP ser vi ce or sel ect ed i t f r om
t he l i st of i nst al l ed ser vi ces, a new wi ndow shoul d appear .
Thi s wi ndow i s br oken up i nt o t hr ee t abs: Agent , Tr aps, and
Secur i t y. I n t he Agent t ab, you shoul d conf i gur e t he Cont act
( sysCont act ) , Locat i on ( sysLocat i on) , and Ser vi ce
( sysSer vi ces) . We haven' t ment i oned t he sysSer vi ces obj ect yet ;
RFC 1213 def i nes i t l i ke t hi s:
sysServi ces OBJ ECT- TYPE
SYNTAX I NTEGER (0. . 127)
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"A val ue whi ch i ndi cates the set of servi ces that thi s enti ty
pri mari l y of f ers.

The val ue i s a sum. Thi s sumi ni ti al l y takes the val ue zero.
Then, f or each l ayer, L, i n the range 1 through 7, that thi s node
perf orms transacti ons f or, 2 rai sed to (L - 1) i s added to the sum.
For exampl e, a node whi ch perf orms pri mari l y routi ng f uncti ons
woul d have a val ue of 4 (2^(3- 1)). I n contrast, a node whi ch i s a

host of f eri ng appl i cati on servi ces woul d have a val ue of 72
(2^(4- 1) +2^(7- 1)). Note that i n the context of the I nternet
sui te of protocol s, val ues shoul d be cal cul ated accordi ngl y:

l ayer f uncti onal i ty
1 physi cal (e. g. , repeaters)
2 datal i nk/ subnetwork (e. g. , bri dges)
3 i nternet (e. g. , I P gateways)
4 end- to- end (e. g. , I P hosts)
7 appl i cati ons (e. g. , mai l rel ays)

For systems i ncl udi ng OSI protocol s, l ayers 5 and 6 may al so
be counted. "
: : ={ system7 }
The Agent t ab pr ovi des a checkbox f or each of t he seven I SO
l ayer s sysSer vi ces r epr esent s. The DESCRI PTI ON t ext i n t he RFC
gi ves a br i ef def i ni t i on f or each l ayer . I f you so desi r e,
check each ser vi ce t hat i s of f er ed by your NT machi ne.
Once you' r e f i ni shed wi t h t he Agent t ab, sel ect t he Tr aps t ab;
t hi s al l ows you t o conf i gur e t he communi t y i n whi ch t he SNMP
agent sends t r aps. I n t he " Communi t y Name" box, ent er t he case-
sensi t i ve communi t y name of your choi ce. Cl i ck t he " Add" but t on
t o t he l ef t and t hen add up t o f i ve t r ap dest i nat i ons f or t hi s
communi t y name. The t r ap dest i nat i ons can be I PX addr esses, I P
addr esses, or DNS names.
Now cl i ck on t he Secur i t y t ab. The t op of t hi s t ab gi ves you
t he opt i on t o send aut hent i cat i on- er r or t r aps. I t ' s a good i dea
t o check t hi s box, si nce i t can hel p you det ect i nt r uder s. The
" Accept ed Communi t y Names" box l i st s al l t he communi t y names t o
whi ch t he agent wi l l r espond. Cl i ck " Add" and ent er your
communi t y name of choi ce. Conf i gur i ng t hese communi t i es i s
i mpor t ant , si nce someone wi t h t he cor r ect communi t y st r i ng can
wr eak havoc on your syst em. I f you l eave t hi s box bl ank, t he
agent wi l l r espond t o al l r equest s. The bot t omhal f of t he
Secur i t y menu al l ows you t o speci f y whet her t he agent wi l l
accept SNMP packet s f r omany host or onl y f r oma speci f i ed
l i st . To cr eat e a l i st , whi ch we st r ongl y r ecommend, cl i ck
" Onl y Accept SNMP Packet s f r omThese Host s" and t hen use t he
" Add" but t on t o add t he host names or addr esses of your
moni t or i ng st at i ons. The opt i ons f or t he host s ar e t he same as
f or t r ap dest i nat i ons; I PX addr esses, I P addr esses, and DNS
names ar e accept abl e.
Fi nal l y, cl i ck " OK" t o save your changes and updat e t he Wi ndows
r egi st r y. I f at any t i me you make a mi st ake, cl i ck " Cancel . "
Thi s abor t s t he conf i gur at i on pr ocess; no changes wi l l be made
t o your r egi st r y.
7. 3. 3 HP OpenVi ewAgent f or HP- UX and Sol ari s

One t ext - conf i gur at i on f i l e cont r ol s t he par amet er s f or t hi s
agent ; t he f i l e i s t ypi cal l y named /etc/SnmpAgent.d/snmpd.conf,
or /etc/snmpd.conf on ol der syst ems. You don' t need t o edi t
t hi s f i l e f or t he agent t o f unct i on nor mal l y. I f you do edi t
i t , you must st op and r est ar t t he mast er agent by execut i ng t he
SnmpMaster scr i pt , f i r st wi t h a stop and t hen a start :
$ / sbi n/ i ni t . d/ SnmpMast er st op
$ / sbi n/ i ni t . d/ SnmpMast er st art
7. 3. 3. 1 Si mpl e conf i gurat i on
The f ol l owi ng conf i gur at i on f i l e conf i gur es t he agent t o
r espond t o get r equest s usi ng t he communi t y name publ i c and set
r equest s usi ng t he communi t y name pr i vat e. Ther e ar e no
r est r i ct i ons on whi ch MI Bs can be quer i ed, or whi ch host s can
make t he quer i es. Thi s conf i gur at i on has no secur i t y, si nce t he
communi t y st r i ngs ar e set t o commonl y used def aul t s and ar e
wi del y known. The OpenVi ew agent sends aut hent i cat i on- f ai l ur e
t r aps by def aul t , so you don' t have t o enabl e t hese t r aps i n
t he conf i gur at i on f i l e.
get- communi tyname: publ i c
set- communi tyname: pri vate
trap- dest: 127. 0. 0. 1
contact: B. Gates
l ocati on: 12 Pyrami d - Egypt
The si mpl est conf i gur at i on i s t o edi t t he f i l e and pl ace mor e
r easonabl e communi t y names i n t he f i r st t wo l i nes. We can' t say
i t t oo much: communi t y names ar e essent i al l y passwor ds. Use t he
same r ul es f or pi cki ng communi t y names t hat you woul d f or
choosi ng t he r oot passwor d. You shoul d al ways set t he
dest i nat i on t r ap host ( trap- dest) t o t he I P addr ess of t he host
t hat wi l l r ecei ve t he t r ap.
The next exampl e conf i gur es sever al di f f er ent communi t y names:
get- communi tyname: publ i c
get- communi tyname: medi a
set- communi tyname: hushed
set- communi tyname: verypri vate
set- communi tyname: shhhh
We have cr eat ed t wo get ( r eadonl y) communi t i es and t hr ee set
( r ead- wr i t e) communi t i es. These communi t i es can be used as you
see f i t . ( I n r eal l i f e, we woul d have chosen mor e obscur e
names. ) For exampl e, you mi ght gi ve your oper at i ons gr oup i n
New Yor k publ i c communi t y access and your oper at i ons gr oup i n
At l ant a medi a communi t y access. The r emai ni ng set communi t i es
can f ur t her be subdi vi ded among var i ous admi ni st r at or s and
ot her st af f who need r ead- wr i t e access.
7. 3. 3. 2 Advanced conf i gurat i on
Set t i ng up mul t i pl e communi t y st r i ngs doesn' t sound ver y
usef ul , and by i t sel f , i t i sn' t . But you can t ake t he concept a

st ep f ur t her and cr eat e di f f er ent communi t i es, each of whi ch
consi st s of a f ew par t i cul ar host s and can access onl y some of
t he obj ect s SNMP manages. The next exampl e al l ows t he host
10. 123. 56. 25 t o i ssue gets usi ng t he communi t y name comname and
sets usi ng t he communi t y name pr i vat e. The host 10. 123. 46. 101
can i ssue gets usi ng onl y t he communi t y name comname. You
cannot use host names af t er t he I P: di r ect i ve; you must use I P
addr esses.
get- communi tyname comname I P: 10. 123. 56. 25 10. 123. 46. 101
set- communi tyname pri vate I P: 10. 123. 56. 25
You can al so conf i gur e t he agent t o r est r i ct access t o MI B
subt r ees based on I P addr esses. The next exampl e al l ows any
host t o get any obj ect under i so. or g. dod. i nt er net . mgmt . mi b- 2,
except f or obj ect s i n t he i nt er f aces subt r ee. The mi nus si gn ( -
) i n f r ont of i nt er f aces i nst r uct s t he agent t o di sal l ow access
t o t hi s subt r ee.
get- communi tyname publ i c VI EW: mi b- 2 - i nterf aces
The f i nal exampl e set s up mul t i pl e communi t y names f or bot h
sets and gets. An admi ni st r at or who i s l ocat ed at host
10. 123. 46. 25 and knows t he admi n communi t y st r i ng has r ead
access t o t he ent i r e MI B t r ee; wi t h t he admi nset communi t y
st r i ng, he has wr i t e access t o t he ent i r e t r ee. Someone wi t h
t he oper at or communi t y st r i ng can si t anywher e and access
ever yt hi ng i n mi b- 2 except f or t he i nt er f aces subt r ee, but must
be si t t i ng at hi s desk ( 10. 123. 56. 101) t o i ssue sets and i s not
al l owed t o set anyt hi ng i n t he mi b- 2 subt r ee.
get- communi tyname operator VI EW: mi b- 2 - i nterf aces
get- communi tyname admi n I P: 10. 123. 56. 25
set- communi tyname operset I P: 10. 123. 46. 101 VI EW: - mi b- 2
set- communi tyname admi nset I P: 10. 123. 56. 25
7. 3. 4 Net - SNMP ( Formerl y UCD- SNMP)
Net - SNMP i s an open sour ce agent t hat i s f r eel y avai l abl e f r om
ht t p: / / net - snmp. sour cef or ge. net . We wi l l f ocus on Net - SNMP
Ver si on 4. 2, whi ch i s t he most r ecent as of t hi s publ i cat i on.
Once you have downl oaded and unpacked t he di st r i but i on, cd i nt o
t he di r ect or y i n whi ch you unpacked Net - SNMP and r ead t he
README and INSTALL f i l es. These f i l es pr ovi de gener al
i nf or mat i on on i nst al l i ng t he agent and don' t r equi r e much
expl anat i on her e.
Net - SNMP uses a conf i gur e scr i pt t o make sur e your envi r onment
has some key ut i l i t i es and l i br ar i es i nst al l ed, so i t can be
compi l ed successf ul l y. Many conf i gur at i on opt i ons ar e set t abl e
when you r un t hi s scr i pt . To see a l i st of t hem, r un t he
f ol l owi ng command:
ucd- snmp- 4. 2/ >. / conf i gure - - hel p
One common opt i on i s - -prefix=PATH. Thi s speci f i es an
al t er nat e i nst al l at i on di r ect or y. By def aul t , Net - SNMP wi l l
i nst al l i n /usr/local/bin, /usr/local/man, et c.

We' l l be r unni ng conf i gur e wi t hout any opt i ons, whi ch means our
Net - SNMP bui l d wi l l have def aul t val ues assi gned f or var i ous
opt i ons. For exampl e, t he agent bi nar y wi l l be pl aced i n
/usr/local/sbin. Run t he f ol l owi ng command t o begi n t he
conf i gur at i on pr ocess:
ucd- snmp- 4. 2/ >. / conf i gure
You wi l l see var i ous messages about what f eat ur es conf i gur e i s
l ooki ng f or and whet her or not t hey' r e f ound.
Af t er r unni ng f or a whi l e, conf i gur e wi l l ask f or some basi c
SNMP i nf or mat i on:
************** Conf i gurati on Secti on **************

You are about to be prompted by a seri es of questi ons. Answer
themcaref ul l y, as they determi ne howthe snmp agent and rel ated
appl i cati ons are to f uncti on.

Af ter the conf i gure scri pt f i ni shes, you can browse the newl y
created conf i g. h f i l e f or f urther - l ess i mportant - parameters to
modi f y. Be caref ul i f you re- run conf i gure though si nce conf i g. h wi l l
be over wri tten.

- Press return to conti nue-
When you t ype Ret ur n, you' l l be pr ompt ed f or t he syst emcont act
i nf or mat i on:
di sabl i ng above prompt f or f uture runs. . . yes
checki ng SystemContact I nf ormati on. . .

*** SystemContact I nf ormati on:

Descri bes who shoul d be contacted about the host the agent i s
runni ng on. Thi s i nf ormati on i s avai l abl e i n the MI B- I I tree. Thi s
can al so be over- ri dden usi ng the "syscontact" syntax i n the agent' s
conf i gurati on f i l es.

SystemContact I nf ormati on (root@): snmpadmi n@ora. com
setti ng SystemContact I nf ormati on to. . . snmpadmi n@ora. com
checki ng SystemLocati on. . .
We' ve deci ded t o set our cont act i nf or mat i on t o somet hi ng
usef ul , but we coul d have l ef t i t bl ank. The next i t emyou' r e
asked t o conf i gur e i s syst eml ocat i on. We' ve chosen an
i nf or mat i ve val ue, but agai n coul d have l ef t i t bl ank:
*** SystemLocati on:

Descri bes the l ocati on of the system. Thi s i nf ormati on i s
avai l abl e i n the MI B- I I tree. Thi s can al so be over- ri dden usi ng the
"sysl ocati on" syntax i n the agent' s conf i gurati on f i l es.

SystemLocati on (Unknown): FTP Server #1, O' Rei l l y Dat a Cent er
setti ng SystemLocati on to. . . FTP Server #1, O' Rei l l y Data Center
checki ng Locati on to wri te l ogf i l e. . .

The f i nal opt i on you need t o conf i gur e i s t he snmpd l og f i l e
l ocat i on:
*** Logf i l e l ocati on:

Enter the def aul t l ocati on f or the snmpd agent to dump
i nf ormati on &errors to. I f not def i ned (enter the keyword "none"
at the prompt bel ow) the agent wi l l use stdout and stderr i nstead.
(Note: Thi s val ue can be over- ri dden usi ng command l i ne opti ons. )

Locati on to wri te l ogf i l e (/ var/ l og/ snmpd. l og):
setti ng Locati on to wri te l ogf i l e to. . . / var/ l og/ snmpd. l og

*** snmpd persi stent storage l ocati on:

Enter a di rectory f or the snmp l i brary to store persi stent
data i n the f ormof a conf i gurati on f i l e.

Locati on to wri te persi stent i nf ormati on (/ var/ ucd- snmp):
setti ng Locati on to wri te persi stent i nf ormati on to. . . / var/ ucd- snmp
updati ng cache . / conf i g. cache
creati ng . / conf i g. status
creati ng Makef i l e
creati ng Makef i l eMakef i l e
creati ng snmpl i b/ Makef i l e
creati ng agent/ Makef i l e
creati ng apps/ Makef i l e
creati ng apps/ snmpnetstat/ Makef i l e
creati ng agent/ mi bgroup/ Makef i l e
creati ng agent/ dl mods/ Makef i l e
creati ng l ocal / Makef i l e
creati ng testi ng/ Makef i l e
creati ng man/ Makef i l e
creati ng ov/ Makef i l e
creati ng mi bs/ Makef i l e
creati ng conf i g. h
The def aul t val ue i s /var/log/snmpd.log, whi ch shoul d wor k on
most Uni x syst ems.
When t he conf i gur e scr i pt f i ni shes, i t cr eat es a syst em-
speci f i c f i l e named config.h. Bef or e you cont i nue, t ake a l ook
t hr ough t hi s f i l e. I t houses many l ocal conf i gur at i on var i abl es
t hat you may want t o change bef or e you st ar t compi l i ng. Her e
ar e some sni ppet s f r ommy config.h f i l e:
/ * def aul t l i st of mi bs to l oad */

#def i ne DEFAULT_MI BS "I P- MI B: I F- MI B: TCP- MI B: UDP- MI B: SNMPv2- MI B:
RFC1213- MI B: UCD- SNMP- MI B: SNMPv2- PARTY- MI B: SNMPv2- M2M- MI B:
SNMP- VI EW- BASED- ACM- MI B"

/ * def aul t l ocati on to l ook f or mi bs to l oad usi ng the above tokens
and/ or those i n the MI BS envi ronment vari abl e */

#def i ne DEFAULT_MI BDI RS "/ usr/ l ocal / share/ snmp/ mi bs"

/ * LOGFI LE: I f def i ned i t cl oses stdout/ err/ i n and opens thi s i n out/ err' s
pl ace. (stdi n i s cl osed so that sh scri pts won' t wai t f or i t) */

#def i ne LOGFI LE "/ var/ l og/ snmpd. l og"

/ * def aul t systemcontact */
#def i ne SYS_CONTACT "snmpadmi n@ora. com"

/ * systeml ocati on */
#def i ne SYS_LOC "FTP Server #1, O' Rei l l y Data Center"
You can now compi l e your new package wi t h t he make command. The
compi l at i on pr ocess di spl ays many messages, most of whi ch you
can i gnor e. I n shor t , i f i t compl et es, you' ve succeeded and can
pr oceed t o i nst al l at i on. I f not , you wi l l see er r or s and shoul d
i nvest i gat e what went wr ong. I f you t weaked t he config.h f i l e
and your bui l d f ai l ed, t r y r ecr eat i ng config.h. Wi t hout
modi f yi ng t hi s new config.h, t r y anot her bui l d. Thi s wi l l weed
out any pr obl ems you cr eat ed wi t hi n t hat f i l e.
I nst al l your new package wi t h t he command make install. By
def aul t , t hi s command i nst al l s var i ous execut abl es i n
/usr/local/bin and ot her i mpor t ant i nf or mat i on i n
/usr/local/share/snmp.
At t hi s poi nt , you can conf i gur e t he agent f ur t her by usi ng one
of t wo appr oaches:
Running the program /usr/local/bin/snmpconf, which asks
you a lot of questions and creates a configuration file.
The configuration script is surprisingly confusing,
though, so it's hard to recommend this approach.
Crafting a configuration by hand. If you're not interested
in SNMPv3, this is fairly easy.
7. 3. 4. 1 Runni ng t he conf i gurat i on scri pt
The conf i gur at i on scr i pt i s r at her l ong and compl ex. Her e ar e a
f ew poi nt er s:
It starts by asking whether you want to create snmp.conf
or snmpd.conf. To configure the agent, select snmpd.conf.
snmp.conf sets up some defaults for command-line tools
such as snmpget. Strictly speaking, creating snmp.conf
isn't necessary.
Most of the configurable options have to do with SNMPv3.
Although Version 3 is an important step forward, you can
almost certainly ignore this; very few vendors support v3.
Version 3 is discussed in Appendix F.
When you're finished configuring, the script leaves the
configuration file in your current directory. You can
either place the files in ~/.snmp, if they're for your own
use, or in /usr/local/share/snmp, if you want this
configuration to be used by everyone on the system.

7. 3. 4. 2 Creat i ng a conf i gurat i on by hand
I f you don' t want t o do anyt hi ng compl ex, cr eat i ng your own
conf i gur at i on f i l e i s easy. Her e' s a ver y si mpl e conf i gur at i on
f i l e:
sysl ocati on "O' Rei l l y Data Center"
syscontact snmpadmi n@orei l l y. com
rwcommuni ty pri vate
rocommuni ty publ i c
authtrapenabl e 1
trapcommuni ty trapsRus
trapsi nk nmshost. orei l l y. com
trap2si nk nmshost. orei l l y. com
The conf i gur at i on i t ems shoul d be f ami l i ar : we' r e set t i ng up
t he syst eml ocat i on; t he syst emcont act ; t he r ead- wr i t e, r ead-
onl y, and t r ap communi t y st r i ngs; and t he dest i nat i on t o whi ch
t r aps shoul d be sent . We' r e al so enabl i ng aut hent i cat i on t r aps.
Not e t hat we conf i gur ed dest i nat i ons f or bot h SNMP Ver si on 1
and Ver si on 2 t r aps. The t r ap dest i nat i on l i nes ( trapsi nk and
trap2si nk) can al so have a t r ap communi t y st r i ng, i f t he NMS at
t he gi ven host r equi r es a di f f er ent communi t y name.
The rwcommuni ty and rocommuni ty l i nes al l ow us t o be a bi t mor e
sophi st i cat ed t han t he exampl e i ndi cat es. We' r e al l owed t o
speci f y t he net wor k or subnet t o whi ch t he communi t y st r i ngs
appl y, and an obj ect I D t hat r est r i ct s quer i es t o MI B obj ect s
t hat ar e under neat h t hat OI D. For exampl e, i f you want t o
r est r i ct r ead- wr i t e access t o management st at i ons on t he
subnet wor k 10. 0. 15. 0/ 24, you coul d use t he l i ne:
rwcommuni ty pri vate 10. 0. 15. 0
I f you t ake t hi s r out e, you shoul d cer t ai nl y l ook at t he
EXAMPLE.conf f i l e i n t he di r ect or y i n whi ch you bui l t Net - SNMP.
You can modi f y t hi s f i l e and i nst al l i t i n t he appr opr i at e
l ocat i on ( ei t her ~/.snmp/snmpd.conf or
/usr/local/share/snmp/snmpd.conf ) , or you can t ake i deas f r om
i t and use t hemi n your own conf i gur at i on. I t i ncl udes some
par t i cul ar l y cl ever t r i cks t hat we' l l di scuss i n Chapt er 11 but
t hat ar e wel l beyond t he si mpl e conf i gur at i on we' r e di scussi ng
her e.
7. 3. 5 Concord Syst emEDGE Agent f or Uni x and NT
Concor d Syst emEDGE i s a commer ci al pr oduct t hat can be used as
a subagent t o t he st andar d Wi ndows NT agent . On Uni x syst ems,
t hi s agent can be used ei t her as a st andal one agent or si de- by-
si de wi t h an exi st i ng agent . I t r uns on Li nux, Sol ar i s, and
ot her oper at i ng syst ems. The CD on whi ch t he pr oduct i s shi pped
i ncl udes agent s f or al l t he pl at f or ms Syst emEDGE suppor t s.
Whenever possi bl e, Syst emEDGE uses t he pl at f or m' s nat i ve
package manager t o make i nst al l at i on easi er . Each ar chi t ect ur e-
dependent ver si on of t he agent comes wi t h an easy- t o- f ol l ow

README f i l e f or i nst al l at i on. See Chapt er 11 f or a di scussi on
of t hi s agent ' s capabi l i t i es.
The Syst emEDGE conf i gur at i on f i l e i s l ocat ed i n
/etc/sysedge.cf. Use your edi t or of choi ce t o make changes t o
t hi s f i l e. You must st op and r est ar t Syst emEDGE f or your
changes t o t ake ef f ect . The conf i gur at i on f i l e f or mat i s t he
same f or al l t he ver si ons of Syst emEDGE.
For a t ypi cal SNMP conf i gur at i on, sysedge.cf l ooks l i ke t hi s:
communi ty publ i c readonl y
communi ty verypri vate read- wri te 127. 0. 0. 1 10. 123. 56. 25
communi ty traps 127. 0. 0. 1
Comment l i nes begi n wi t h a # char act er . The f i r st par amet er
set s t he r eadonl y communi t y t o publ i c. The r ead- wr i t e communi t y
i s def i ned t o be verypri vate. The t wo I P addr esses f ol l owi ng t he
r ead- wr i t e communi t y st r i ng ar e an access l i st t hat t el l s t he
agent t o al l ow set oper at i ons f r oml ocal host ( 127. 0. 0. 1) and
10. 123. 56. 25 onl y. Al ways use an access l i st i f possi bl e; wi t hout
t hi s secur i t y f eat ur e, any host can execut e set oper at i ons.
Not e t hat t her e i s a space bet ween t he t wo addr esses, not a Tab
char act er . The t hi r d opt i on t el l s t he agent wher e t o send
t r aps; i n t hi s case, t o l ocal host ( 127. 0. 0. 1) .
The agent sends aut hent i cat i on- f ai l ur e t r aps by def aul t , and we
st r ongl y r ecommend usi ng t hem. I f you don' t want
aut hent i cat i on- f ai l ur e t r aps, i ncl ude t he f ol l owi ng l i ne i n
your conf i gur at i on f i l e:
no_authen_traps
Syst emEDGE pr ovi des some power f ul sel f - moni t or i ng capabi l i t i es.
These ext ensi ons ( f ound onl y i n Concor d' s Empi r e pr i vat e
ent er pr i se MI B) ar e si mi l ar t o t he Remot e Net wor k Moni t or i ng
( RMON) MI B, whi ch i s di scussed i n Chapt er 9. Empi r e' s
ext ensi ons can r educe net wor k l oad by al l owi ng t he agent ,
i nst ead of an NMS, t o per f or mmoni t or i ng ( pol l i ng) of i mpor t ant
syst emobj ect s. For exampl e, t he agent can be i nst r uct ed t o
make sur e t he f r ee space avai l abl e i n t he r oot f i l esyst emst ays
above some pr edef i ned t hr eshol d. When t hi s t hr eshol d i s
cr ossed, t he agent sends a t r ap t o t he NMS so t he condi t i on can
be deal t wi t h appr opr i at el y.
The f ol l owi ng l i ne shows how you can moni t or and r est ar t
sendmail i f i t di es:
watch process procAl i ve ' sendmai l ' 1 0x100 60 ' Watch Sendmai l ' ' / etc/ i ni t. d/ sendmai l
start'
Thi s moni t or sends a t r ap t o t he NMS, def i ned ear l i er as
communi ty traps 127. 0. 0. 1, when t he sendmail pr ocess di es. The agent

t hen execut es /etc/init.d/sendmail start t o r est ar t t he
pr ocess. The gener al f or mof t hi s command i s:
watch process procAl i ve ' procname' i ndex f l ags i nterv ' descri pti on' ' acti on'
The pr ocname par amet er i s a r egul ar expr essi on t hat Syst emEDGE
uses t o sel ect t he pr ocesses t hat i t i s moni t or i ng; i n t hi s
case, we' r e wat chi ng pr ocesses wi t h t he name sendmail. Each
ent r y i n t he pr ocess- moni t or i ng t abl e must have a uni que i ndex;
i n t hi s exampl e, we used t he val ue 1. We coul d have pi cked any
i nt eger , as l ong as t hat i nt eger was not al r eady i n use i n t he
t abl e. The f l ag par amet er i s a hexadeci mal
[ 1]
f l ag t hat changes
t he behavi or of t he moni t or . We speci f i ed a f l ag of 0x100, whi ch
t el l s t he moni t or t hat t he pr ocess i t ' s wat chi ng spawns chi l d
pr ocesses; t hi s f l ag ensur es t hat Syst emEDGE wi l l t ake act i on
onl y when t he par ent sendmail pr ocess di es, not when any of t he
chi l dr en di e. The use of pr ocess- moni t or f l ags i s beyond t he
scope of t hi s chapt er ; see t he manual t hat comes wi t h
Syst emEDGE f or mor e i nf or mat i on. The i nt er v par amet er speci f i es
how of t en ( i n seconds) t he agent checks t he pr ocess' s st at us.
We have set t he i nt er val t o 60 seconds. The descr i pt i on
par amet er cont ai ns i nf or mat i on about t he pr ocess bei ng
moni t or ed; i t can be up t o 128 char act er s i n l engt h. I t i s a
good i dea t o use a descr i pt i on t hat i ndi cat es what i s bei ng
moni t or ed, si nce t he agent st or es t hi s val ue i n t he moni t or
t abl e f or r et r i eval by an NMS and i ncl udes i t i n t he var i abl e
bi ndi ngs when a t r ap i s sent . The f i nal par amet er i s t he act i on
t he moni t or wi l l t ake when t he pr ocess di es; we chose t o
r est ar t t he daemon.
[1]
General l y speaki ng, there are several ways to represent
hexadeci mal numbers. SystemEDGE uses the noti on of a number
pref i xed wi th 0x, whi ch shoul d be f ami l i ar to C and Perl
programmers.
Syst emEDGE can be ext ended by usi ng pl ug- i ns. These pl ug- i ns
manage and moni t or appl i cat i ons such as Apache ( web ser ver ) ,
Exchange ( Mi cr osof t mai l ) , and Or acl e ( dat abase) , t o name a
f ew. A " t op pr ocesses" pl ug- i n named t oppr ocs comes wi t h ever y
di st r i but i on. The f ol l owi ng st at ement t el l s Syst emEDGE t o l oad
t hi s pl ug- i n f or 64- bi t Sol ar i s ( t hi s st at ement i s si mi l ar f or
NT and ot her Uni x pl at f or ms) :
sysedge_pl ugi n / opt/ EMPsysedge/ pl ugi ns/ topprocs/ topprocs- sol 64bi t. so
The f ol ks at Concor d have t aken gr eat car e t o add usef ul
comment s t o t he sysedge.cf f i l e. The comment s ar e of t en al l you
need t o conf i gur e t he agent .
7. 3. 6 Ci sco Devi ces
Ci sco Syst ems pr oduces a wi de r ange of r out er s, swi t ches, and
ot her net wor ki ng equi pment . The conf i gur at i on pr ocess i s
vi r t ual l y t he same on al l Ci sco devi ces, because t hey shar e t he
I OS oper at i ng syst em.
[ 2]
Ther e ar e some mi nor di f f er ences i n t he

par amet er s t hat can be conf i gur ed on ever y devi ce; t hese
gener al l y have t o do wi t h t he capabi l i t i es of t he devi ce,
r at her t han t he SNMP i mpl ement at i on.
[2]
There are some excepti ons to thi s rul e, such as the PI X
f i rewal l s. These excepti ons usual l y mean that the product i s
made by a company that Ci sco acqui red.
To conf i gur e t he SNMP par amet er s, you must be i n enabl e mode.
You can use t he f ol l owi ng commands t o see what t r aps ar e
avai l abl e:
router>enabl e
Password: mypassword
router#conf i g t ermi nal
router(conf i g)#snmp- server enabl e t raps ?
bgp Enabl e BGP state change traps
envmon Enabl e SNMP envi ronmental moni tor traps
f rame- rel ay Enabl e SNMP f rame- rel ay traps
i sdn Enabl e SNMP i sdn traps
<cr>
The quest i on mar k t el l s t he r out er t o r espond wi t h t he possi bl e
compl et i ons f or t he command you' r e t ypi ng. You can use t hi s
f eat ur e t hr oughout t he ent i r e command- l i ne i nt er f ace. I f t he
par t of t he command you have al r eady t yped has a synt ax er r or ,
t he r out er wi l l gi ve you t he " Unr ecogni zed command" message
when you t ype t he quest i on mar k. <cr> t el l s you t hat you can
exi t wi t hout conf i gur i ng t he command ( snmp- server enabl e traps i n
t hi s case) by t ypi ng a car r i age r et ur n.
Her e' s a si mpl e conf i gur at i on t hat l et s you st ar t usi ng t he
SNMP agent :
router(conf i g)#snmp- server communi t y pri vat e RW
router(conf i g)#snmp- server communi t y publ i c RO
router(conf i g)#snmp- server t rap- aut hent i cat i on
router(conf i g)#snmp- server l ocat i on Del t a Bui l di ng - 1st Fl oor
router(conf i g)#snmp- server cont act J J ones
router(conf i g)#snmp- server host 10. 123. 135. 25 publ i c
Most of t hese commands set par amet er s wi t h whi ch you shoul d be
f ami l i ar by now. We def i ne t wo communi t i es, publ i c and pri vate,
wi t h r eadonl y ( RO) and r ead- wr i t e ( RW) per mi ssi ons,
r espect i vel y. snmp- server trap- authenti cati on t ur ns on aut hent i cat i on-
f ai l ur e t r aps. The command snmp- server host 10. 123. 135. 25 publ i c
conf i gur es t he dest i nat i on t o whi ch t r aps shoul d be sent . The
I P addr ess i s set t o t he addr ess of our NMS. The communi t y
st r i ng publ i c wi l l be i ncl uded i n t he t r aps.
The f ol l owi ng conf i gur at i on i t emt el l s t he devi ce what
i nt er f ace i t shoul d use when sendi ng out SNMP t r aps:

router(conf i g)#snmp- server t rap- source VLAN1
Conf i gur i ng t he t r ap sour ce i s usef ul because r out er s, by
def i ni t i on, have mul t i pl e i nt er f aces. Thi s command al l ows you
t o send al l your t r aps out t hr ough a par t i cul ar i nt er f ace.
Ther e may be t i mes when you want t o send onl y cer t ai n t r aps t o
your NMS. The next i t emsends onl y envi r onment al moni t or t r aps
t o t he speci f i ed host , 172. 16. 52. 25 ( t he envmon opt i on i s not
avai l abl e on al l Ci sco devi ces) :
router(conf i g)#snmp- server host 172. 16. 52. 25 publ i c envmon
One of t he most f r i ght eni ng SNMP sets i s t he Ci sco shut down,
whi ch l et s you shut down t he r out er f r omt he NMS. The good news
i s t hat you have t o i ncl ude a swi t ch i n t he conf i gur at i on
bef or e t he r out er wi l l r espond t o shut down commands. I ssui ng
t he f ol l owi ng command di sabl es shut downs:
router(conf i g)#no snmp- server syst em- shut down
To r ecei ve t r aps about aut hent i cat i on f ai l ur es ( somet hi ng
t r yi ng t o pol l your devi ce wi t h t he wr ong communi t y name) add
t he f ol l owi ng l i ne:
router(conf i g)#snmp- server t rap- aut hent i cat i on
The f i nal advanced conf i gur at i on par amet er i s an access l i st .
The f i r st l i ne set s up access l i st 15. I t st at es t hat t he I P
addr ess 10. 123. 56. 25 i s per mi t t ed t o access t he agent . The
second l i ne says t hat anyone t hat passes access l i st 15 ( i . e. ,
a host wi t h I P addr ess 10. 123. 56. 25) and gi ves t he communi t y
name not sopubl i c has r eadonl y ( RO) access t o t he agent . Access
l i st s ar e a ver y power f ul t ool f or cont r ol l i ng access t o your
net wor k. They' r e beyond t he scope of t hi s book, but i f you' r e
not f ami l i ar wi t h t hem, you shoul d be.
router(conf i g)#access- l i st 15 permi t 10. 123. 56. 25
router(conf i g)#snmp- server communi t y not sopubl i c RO 15
That ' s i t ! You now have a wor ki ng SNMP conf i gur at i on f or your
Ci sco r out er .
7. 3. 7 APC Symet ra
APC' s uni nt er r upt i bl e power suppl i es ( UPSs) ar e t ypi cal of a
l ar ge cl ass of pr oduct s t hat ar en' t usual l y consi der ed net wor k
devi ces, but t hat have i ncor por at ed a net wor k i nt er f ace f or t he
pur pose of management .
To conf i gur e an APC UPS, you can use i t s management por t ( a
f ami l i ar ser i al por t t o whi ch you can connect a consol e
t er mi nal ) or , assumi ng t hat you' ve per f or med basi c net wor k
conf i gur at i on, telnet t o t he UPS' s I P addr ess. SNMP
conf i gur at i on i s t he same r egar dl ess of t he met hod you use.
Ei t her way, you get a Text User I nt er f ace ( TUI ) t hat pr esent s
you wi t h r at her ol d- f ashi oned menus - - you t ype your menu
sel ect i on ( usual l y a number ) f ol l owed by Ent er t o navi gat e
t hr ough t he menus.

We' l l assume t hat you' ve al r eady per f or med basi c net wor k
conf i gur at i on, such as assi gni ng an I P addr ess f or t he UPS. To
conf i gur e SNMP, go t o t he Net wor k menu and sel ect " 5" t o go
i nt o t he SNMP submenu. You shoul d get a menu l i ke t hi s:
- - - - - - - SNMP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1- Access Control 1
2- Access Control 2
3- Access Control 3
4- Access Control 4
5- Trap Recei ver 1
6- Trap Recei ver 2
7- Trap Recei ver 3
8- Trap Recei ver 4
9- System
10- Summary

?- Hel p
<ENTER>Redi spl ay Menu
<ESC>Return To Previ ous Menu

>
You need t o conf i gur e t hr ee di st i nct sect i ons: Access Cont r ol ,
Tr ap Recei ver , and Syst em. To see a summar y of t he cur r ent SNMP
set t i ngs, use t he Summar y submenu.
Thi s par t i cul ar devi ce al l ows us t o speci f y f our I P addr esses
f or access cont r ol and f our I P addr esses t o r ecei ve t r aps. The
access cont r ol i t ems al l ow you t o conf i gur e t he I P addr esses of
your management st at i ons - - t hi s i s si mi l ar t o t he access l i st s
we' ve seen i n ot her devi ces, and i s obvi ousl y basi c t o
secur i t y. The UPS wi l l r epl y onl y t o quer i es f r omt he I P
addr esses you have l i st ed. Conf i gur at i on i s a bi t awkwar d - -
you need t o go t o a separ at e menu t o conf i gur e each I P addr ess.
Her e' s what you' l l see when conf i gur i ng t he Access Cont r ol 1
submenu:
- - - - - - - Access Control 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Access Control Summary
# Communi ty Access NMS I P
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 publ i c Read 10. 123. 56. 25
2 pri vate Wri te 10. 123. 56. 25
3 publ i c2 Di sabl ed 0. 0. 0. 0
4 pri vate2 Di sabl ed 0. 0. 0. 0

1- Communi ty : publ i c
2- Access Type : Read
3- NMS I P Address : 10. 123. 56. 25
4- Accept Changes :

?- Hel p


>
The f i r st par t of t he menu summar i zes t he st at e of access
cont r ol . On t hi s menu, we can change onl y t he f i r st i t emon t he
l i st . The speci al addr ess 0. 0. 0. 0 i s a wi l dcar d - - i t means
t hat t he UPS wi l l r espond t o quer i es f r omany I P addr ess.
Al t hough addr esses 3 and 4 ar e set t o 0. 0. 0. 0, t hese addr esses
ar e cur r ent l y di sabl ed, and t hat ' s how we want t o keep t hem. We
want t he UPS t o r espond onl y t o t he management st at i ons we
expl i ci t l y l i st .
On t hi s menu, we' ve conf i gur ed i t ems 1 ( t he communi t y st r i ng) ,
2 ( t he access t ype) , and 3 ( t he I P addr ess) . We' ve set t he
communi t y st r i ng t o publ i c ( not a choi ce you' d want i n a r eal
conf i gur at i on) , t he access t ype t o Read ( al l owi ng var i ous SNMP
get oper at i ons, but no set oper at i ons) , and t he NMS I P addr ess
t o 10. 123. 56. 25. The net ef f ect i s t hat t he UPS' s SNMP agent wi l l
accept get r equest s f r omI P addr ess 10. 123. 56. 25 wi t h t he
communi t y name publ i c. When you ar e sat i sf i ed wi t h t he
conf i gur at i on, ent er a 4 t o accept your changes.
To conf i gur e t he second access cont r ol i t em, pr ess Esc t o
r et ur n t o t he pr evi ous menu; t hen sel ect 2. As you can see, we
al l ow 10. 123. 56. 25 t o per f or mset oper at i ons. We don' t have any
ot her management st at i ons, so we' ve l ef t i t ems 3 and 4
di sabl ed.
Once t he Access Cont r ol sect i on i s compl et e, you can st ar t
conf i gur i ng t r aps. The Tr ap Recei ver s sect i on i s si mpl y a l i st
of NMSs t hat r ecei ve t r aps. As wi t h Access Cont r ol , f our t r ap
r ecei ver s can be conf i gur ed. To get t o t he f i r st t r ap r ecei ver ,
r et ur n t o t he SNMP menu and sel ect menu 5. A t ypi cal t r ap
r ecei ver set up l ooks l i ke t hi s:
- - - - - - - Trap Recei ver 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Trap Recei ver Summary
# Communi ty Generati on Authenti cati on Recei ver NMS I P
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 publ i c Enabl ed Enabl ed 10. 123. 56. 25

1- Trap Communi ty Name : publ i c
2- Trap Generati on : Enabl ed
3- Authenti cati on Traps: Enabl ed
4- Recei ver NMS I P : 10. 123. 56. 25
5- Accept Changes :

?- Hel p

>
Once agai n, t he f i r st par t of t he menu i s a summar y of t he t r ap
r ecei ver conf i gur at i on. We' ve al r eady set t he f i r st t r ap
r ecei ver t o t he addr ess of our NMS, enabl ed t r ap gener at i on,
and enabl ed t he gener at i on of aut hent i cat i on t r aps - - as
al ways, a good i dea. The t r aps we gener at e wi l l i ncl ude t he
communi t y st r i ng publ i c. Not e t hat t r ap r ecei ver s 2, 3, and 4
ar e set t o 0. 0. 0. 0. On t hi s menu, 0. 0. 0. 0 i s not a wi l dcar d; i t ' s
j ust an i nval i d addr ess t hat means you haven' t yet conf i gur ed
t he t r ap r ecei ver ' s I P addr ess. I t ' s basi cal l y t he same as
l eavi ng t he ent r y di sabl ed.
The f i nal conf i gur at i on i t ems t hat shoul d be set ar e on t he
Syst emsubmenu, f ound under t he SNMP mai n menu:
- - - - - - - System- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1- sysName : ups1. ora. com
2- sysContact : Dougl as Mauro
3- sysLocati on : Apache Hi l o Deck
4- Accept Changes :

?- Hel p

>
Af t er you have f i ni shed conf i gur i ng al l your SNMP par amet er s,
use t he Summar y submenu f or a qui ck l ook at what you have done.
A t ypi cal set up wi l l l ook somet hi ng l i ke t hi s:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SNMP Conf i gurati on Summary

sysName : ups1. ora. com
sysLocati on : Apache Hi l o Deck
sysContact : Dougl as Mauro

Access Control Summary
# Communi ty Access NMS I P
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 publ i c Read 10. 123. 56. 25
2 pri vate Wri te 10. 123. 56. 25
3 publ i c2 Di sabl ed 0. 0. 0. 0
4 pri vate2 Di sabl ed 0. 0. 0. 0

Trap Recei ver Summary
# Communi ty Generati on Authenti cati on Recei ver NMS I P
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Press <ENTER>to conti nue. . .
Upon compl et i on and ver i f i cat i on, use t he Esc key t o t ake you
al l t he way out t o t he Logout menu.
Chapter 8. Pol l i ng and Setti ng
We' ve put a l ot of wor k i nt o get t i ng t hi ngs set up so t hat we
can use SNMP ef f ect i vel y. But now t hat we' ve i nst al l ed a f ancy
node manager and conf i gur ed agent s on al l our devi ces, what can
we do? How can we i nt er act wi t h t he devi ces t hat ar e out t her e?
The t hr ee basi c SNMP oper at i ons ar e snmpget, snmpset, and
snmpwalk. They ar e f ai r l y sel f - expl anat or y: snmpget r eads a
val ue f r oma managed devi ce, snmpset set s a val ue on a devi ce,
and snmpwalk r eads a por t i on of t he MI B t r ee f r oma devi ce. For
exampl e, you can use snmpget t o quer y a r out er and f i nd out i t s
admi ni st r at i ve cont act ( i . e. , t he per son t o cal l i f t he r out er
appear s t o be br oken) , snmpset t o change t hi s cont act
i nf or mat i on, and snmpwalk t o t r aver se a MI B t o get an i dea of
whi ch obj ect s t he r out er has i mpl ement ed or t o r et r i eve st at us
i nf or mat i on on al l t he r out er ' s i nt er f aces.
Thi s chapt er shows you how t o use t hese oper at i ons i n day- t o-
day net wor k management . Fi r st , we wi l l use Per l t o demonst r at e
how you can set, get, and walkobj ect s i n a scr i pt ( t he ni ce
t hi ng about usi ng Per l i s t hat you can easi l y ext end t he si mpl e
scr i pt s i n t hi s chapt er t o f i t your needs and envi r onment ) . We
wi l l t hen use HP OpenVi ew and Net - SNMP t o per f or mt he same
oper at i ons, but f r omt he command l i ne. Fi nal l y, as an
al t er nat i ve t o t he command l i ne, we wi l l demonst r at e OpenVi ew' s
gr aphi cal MI B Br owser , whi ch has a ni ce i nt er f ace f or get t i ng,
set t i ng and wal ki ng MI B dat a.
8. 1 Ret ri evi ng a Si ngl e MI B Val ue
Let ' s st ar t by quer yi ng a r out er f or t he name of i t s
admi ni st r at i ve cont act . Thi s oper at i on, cal l ed pol l i ng, i s
accompl i shed wi t h t he SNMP get command. The f ol l owi ng Per l
scr i pt , snmpget.pl, uses an SNMP Per l modul e t o r et r i eve t he
i nf or mat i on we want ( Chapt er 5 cont ai ns t he URL f or t hi s
modul e) :
#!/ usr/ l ocal / bi n/ perl
#f i l ename: / opt/ l ocal / perl _scri pts/ snmpget. pl
use BER;
use SNMP_uti l ;
use SNMP_Sessi on;
$MI B1 =". 1. 3. 6. 1. 2. 1. 1. 4. 0";
$HOST ="orarouter1";
($val ue) =&snmpget("publ i c@$HOST", "$MI B1");
i f ($val ue) { pri nt "Resul ts : $MI B1: : $val ue: n"; }
el se { warn "No response f romhost : $HOST: n"; }

Thi s scr i pt i s obvi ousl y ver y pr i mi t i ve, but i t i s al so easy t o
under st and, even i f you' r e not an exper i enced Per l user . I t ' s
i mpor t ance i sn' t i n what i t does, whi ch i s ver y l i t t l e, but as
a t empl at e you can use t o i nser t SNMP oper at i ons i nt o ot her
pr ogr ams. ( I f you ar e not used t o wr i t i ng qui ck Per l pr ogr ams,
or ar e unf ami l i ar wi t h t he l anguage, a good st ar t i ng poi nt i s
t he of f i ci al Per l web si t e, ht t p: / / www. per l . com. ) The scr i pt
st ar t s wi t h t hr ee use st at ement s, whi ch ar e si mi l ar t o #i ncl ude
st at ement s i n C. The use st at ement s l oad Per l modul es
cont ai ni ng f unct i ons and def i ni t i ons f or wor ki ng wi t h SNMP. The
t hr ee modul es we use ar e:
BER
Describes how to encode management data into bit patterns
for transmission. Basic Encoding Rules (BER) is an ISO
standard.
SNMP_util
Defines a set of functions that use the SNMP_Sessi on module
to make it much more programmer-friendly. SNMP_uti l itself
uses BER and SNMP_Sessi on, but in this first script we chose
to reference these other modules explicitly. In future
programs, we'll just use SNMP_uti l .
SNMP_Session
Provides Perl with core SNMP functionality.
The next t wo l i nes speci f y t he dat a we want t o get . We have
har dcoded t he obj ect I D of a par t i cul ar pi ece of dat a def i ned
by t he MI B and t he host name f r omwhi ch we want t o r et r i eve t hi s
MI B dat a. I n a mor e f l exi bl e pr ogr am, you mi ght want t o get
t hese val ues f r omt he command l i ne, or bui l d a user i nt er f ace
t o hel p user s speci f y exact l y what t hey ar e i nt er est ed i n
r et r i evi ng. For t he t i me bei ng, however , t hi s wi l l get us
st ar t ed. I t i s easy enough t o r epl ace orarouter1 wi t h t he host name
or I P addr ess of t he devi ce you want t o pol l . The OI D we ar e
r equest i ng i s st or ed i n t he var i abl e $MI B1. The val ue
. 1. 3. 6. 1. 2. 1. 1. 4. 0 r equest s t he devi ce' s admi ni st r at i ve cont act .
Agai n, you can r epl ace t hi s wi t h any OI D of your choi ce. We
used t he numer i c f or mof t hi s obj ect , but you can al so use t he
t ext ual f or mf or t he OI D, whi ch i s . or g. dod. i nt er net . mgmt . mi b-
2. syst em. sysCont act . 0. You can abbr evi at e t hi s f ur t her t o
sysCont act because SNMP_uti l def i nes some par t s of t he OI D st r i ng
f or us ( f or exampl e, SNMP_uti l def i nes sysCont act as
1. 3. 6. 1. 2. 1. 1. 4. 0) , but i t ' s of t en saf er t o be expl i ci t and use
t he ent i r e OI D. Don' t f or get t o i ncl ude t he . 0, whi ch st at es
t hat we want t he f i r st ( 0) and onl y i nst ance of
i so. or g. dod. i nt er net mgmt . mi b- 2. syst em. sysCont act . 0, at t he end
of your OI D.
The next l i ne pol l s t he devi ce. The snmpget f unct i on r et r i eves
t he dat a f r omt he devi ce speci f i ed by t he var i abl e $HOST. Not i ce
t he t wo ar gument s t o t he f unct i on. The f i r st i s t he devi ce we
want t o pol l , pr eceded by t he communi t y name publ i c. ( I f you

need t o use anot her communi t y name - - you di d change t he
communi t y names when you conf i gur ed t he devi ce, di dn' t you? - -
you' l l have t o modi f y t hi s l i ne and i nser t your communi t y name
i n pl ace of i t . ) The second ar gument t o snmpget i s t he OI D i n
whi ch we ar e i nt er est ed. I f you t ype t he code i n your sel f , do
not f or get t he par ent heses ar ound $val ue. I f you omi t t he
par ent heses, $val ue wi l l be set t o t he number of i t ems i n t he
ar r ay snmpget r et ur ns.
Once we have pol l ed t he devi ce, we pr i nt ei t her t he out put or
an er r or message. I put a col on bef or e and af t er any out put
t hat I pr i nt ; t hi s makes i t easy t o see i f t her e ar e any hi dden
char act er s i n t he out put . The deci mal i nt eger " 16" i s ver y
di f f er ent f r om" 16\ n" , whi ch i s t he deci mal i nt eger 16 f ol l owed
by a newl i ne char act er .
Now l et ' s r un t he pr ogr am:
$ / opt / l ocal / perl _scri pt s/ snmpget . pl
Resul ts : . 1. 3. 6. 1. 2. 1. 1. 4. 0: : ORA I T Group:
snmpget.pl pr i nt s t he OI D we r equest ed, f ol l owed by t he act ual
val ue of t hat obj ect , whi ch i s ORA I T Group. Don' t wor r y i f t he
r et ur n val ue f or sysCont act i s wr ong or bl ank. ( The t r i ck of
put t i ng col ons bef or e and af t er t he out put wi l l make i t cl ear
i f sysCont act i s bl ank or empt y. ) Thi s pr obabl y means t hat no
one has conf i gur ed an admi ni st r at i ve cont act , or t hat i t was
conf i gur ed i ncor r ect l y. We' l l show you how t o f i x t hat when we
di scuss t he set oper at i on. I f you get an er r or , ski p t o t he end
of t hi s chapt er t o see a l i st of some er r or s and t hei r
appr opr i at e f i xes.
We wi l l now modi f y snmpget.pl t o pol l any host and any OI D we
want . Thi s i s accompl i shed by passi ng t he host and OI D as
command- l i ne ar gument s t o t he Per l scr i pt :
#f i l ename: / opt/ l ocal / perl _scri pts/ snmpget. pl
use SNMP_uti l ;
$MI B1 =shi f t;
$HOST =shi f t;
($MI B1) &&($HOST) | | di e "Usage: $0 MI B_OI D HOSTNAME";
($val ue) =&snmpget("$HOST", "$MI B1");
Now t hat t hi s pr ogr ami s a l i t t l e mor e f l exi bl e, i t i s possi bl e
t o l ook up di f f er ent ki nds of i nf or mat i on on di f f er ent host s.
We even l ef t out t he communi t y st r i ng, whi ch al l ows us t o pol l
host s wi t h di f f er ent communi t y names. Her e' s how t o r un t he new
ver si on of snmpget.pl:
$ / opt / l ocal / perl _scri pt s/ snmpget . pl . 1. 3. 6. 1. 2. 1. 1. 1. 0 publ i c@orarout er1
Resul ts : . 1. 3. 6. 1. 2. 1. 1. 1. 0: : Ci sco I nternetwork Operati ng SystemSof tware
I OS (tm) 3000 Sof tware (I GS- I - L), Versi on 11. 0(16), RELEASE SOFTWARE (f c1)
Copyri ght (c) 1986- 1997 by ci sco Systems, I nc.
Compi l ed Tue 24- J un- 97 12: 20 by j aturner:

I n t hi s exampl e, we asked t he r out er t o descr i be i t sel f by
l ooki ng up t he OI D . 1. 3. 6. 1. 2. 1. 1. 1. 0 ( syst em. sysDesc. 0) . The r esul t
t el l s us t hat orarouter1 i s a Ci sco r out er r unni ng Ver si on
11. 0( 16) of t he I OS oper at i ng syst em, al ong wi t h some ot her
usef ul i nf or mat i on.
8. 1. 1 Usi ng HP OpenVi ewt o Ret ri eve Val ues
Let ' s st ar t by l ooki ng up our r out er ' s admi ni st r at i ve cont act
( syst em. sysCont act . 0) and see i f we get t he same r esul t as we
di d wi t h our pr evi ous Per l scr i pt . The ar gument s t o OpenVi ew' s
snmpget
[ 1]
ar e t he communi t y name, t he host name of t he devi ce
we want t o pol l , and t he OI D of t he dat a we ar e r equest i ng; we
gave t he OI D i n numer i c f or m, but agai n, we coul d have gi ven i t
as a t ext st r i ng:
[1]
Most OpenVi ewexecutabl e f i l es are l ocated i n / opt/ OV/ bi n.
$ / opt / OV/ bi n/ snmpget - c publ i c orarout er1 . 1. 3. 6. 1. 2. 1. 1. 4. 0
system. sysContact. 0 : DI SPLAY STRI NG- (asci i ): ORA I T Group
Al t hough t hi s l ooks a l i t t l e di f f er ent f r omt he out put of t he
Per l scr i pt , i t t el l s us t he same t hi ng. snmpget pr i nt s t he OI D
we r equest ed on t he command l i ne, maki ng i t easy t o ver i f y t hat
we pol l ed t he r i ght obj ect . Agai n, not e t hat t he t r ai l i ng . 0 i s
i mpor t ant . The out put al so t el l s us t he obj ect ' s dat at ype:
DI SPLAY STRI NG- (asci i ). Back i n Chapt er 2, we di scussed t he
dat at ypes t hat SNMP uses; some of t he common t ypes ar e I NTEGER,
OCTET STRI NG, Counter, and I pAddress. Fi nal l y, t he out put gi ves us t he
i nf or mat i on we asked f or : t he r out er i s admi ni st er ed by t he ORA
I T Gr oup, whi ch i s t he val ue r et ur ned f r omt he SNMP get
r equest .
Now l et ' s do t he same t hi ng usi ng OpenVi ew' s GUI i nt er f ace.
Fr omt he Net wor k Node Manager ' s di spl ay, sel ect " Mi sc SNMP
MI B Br owser . "
[ 2]
I f you don' t have NNM r unni ng, you can st ar t
t he MI B Br owser f r omt he command l i ne: /opt/OV/bin/xnmbrowser.
Fi gur e 8- 1 shows t he GUI . I t s i nput f i el ds ar e si mi l ar t o t he
var i abl es we have been set t i ng i n our Per l scr i pt s: Name or I P
Addr ess, Communi t y Name, MI B Obj ect I D, MI B I nst ance, SNMP Set
Val ue, and MI B Val ues.
[2]
I f you f i nd that the SNMP MI B Browser menu i temi s grayed out
and cannot be cl i cked on, cl i ck on an SNMP obj ect on your NNM
map. You shoul d then be abl e to cl i ck on the menu i temto start
your GUI .
Let ' s use t hi s br owser t o r un an snmpget . St ar t by i nser t i ng a
Name or I P Addr ess and Communi t y Name i n t he i nput boxes
pr ovi ded. To ent er t he obj ect you want t o r et r i eve, use t he MI B
Obj ect I D f i el d and t he t ext box bel ow i t . MI B Obj ect I D shows
us t hat we ar e cur r ent l y i n t he subt r ee . i so. or g. dod. i nt er net .
The t ext ar ea shows t he obj ect s at t he next l evel of t he t r ee:
di r ect or y, mgmt , et c. ( To see t he numer i c OI Ds f or t hese

obj ect s, cl i ck on t hei r names and t hen on t he " Descr i be"
but t on. ) Then br owse down t hr ough t he MI B by doubl e- cl i cki ng
mgmt , t hen mi b- 2, syst em, and f i nal l y sysCont act . Cl i ck on
sysCont act and t hen on " St ar t Quer y. " The r esul t t hat appear s
i n t he " MI B Val ues" f i el d ( as shown i n Fi gur e 8- 2) shoul d l ook
ver y si mi l ar t o t he val ue t hat was r et ur ned i n t he command- l i ne
exampl e.
Fi gure 8- 1. OpenVi ewxnmbrowser def aul t

Fi gure 8- 2. OpenVi ewxnmbrowser response

Let ' s go back t o t he command l i ne and pol l f or sysDesc agai n:
$ / opt / OV/ bi n/ snmpget orarout er1 . 1. 3. 6. 1. 2. 1. 1. 1. 0
system. sysDescr. 0 : DI SPLAY STRI NG- (asci i ): Ci sco I nternetwork Operati ng
SystemSof tware I OS (tm) 3000 Sof tware (I GS- I - L), Versi on 11. 0(16), RELEASE
SOFTWARE (f c1)Copyri ght (c) 1986- 1997 by ci sco Systems, I nc. Compi l ed Tue
24- J un- 97 12: 20 by j aturner
Looks t he same, r i ght ? Not i ce t hat we l ef t out t he communi t y
st r i ng. We can do t hi s because t he def aul t get communi t y st r i ng
i s publ i c, whi ch i s t he cor r ect communi t y st r i ng f or t he t ar get
host , orarouter1. You can change your def aul t communi t y st r i ngs i n
OpenVi ew' s gl obal set t i ngs. Let ' s see i f we can get an obj ect
wi t h a di f f er ent dat at ype:
$ / opt / OV/ bi n/ snmpget orarout er1 . 1. 3. 6. 1. 2. 1. 1. 3. 0
system. sysUpTi me. 0 : Ti meti cks: (159857288) 18 days, 12: 02: 52. 88
Thi s command r et ur ns t he syst emupt i me, whi ch i s of t ype
Ti meTi cks. Ti meTi cks ( RFC 1155) r epr esent s a nonnegat i ve i nt eger ,
whi ch count s t he t i me i n hundr edt hs of a second si nce some
epoch. I gnor i ng t he number i n par ent heses, t hi s shows me t hat
my r out er has been up and oper at i onal f or 18 days, 12 hour s, 02
mi nut es, and so on. The bi g number i n par ent heses i s t he exact
amount of t i me t he machi ne has been up, i n hundr edt hs of
seconds. I f you do t he mat h, you wi l l see t hi s adds up t o
18. 501 days, or 18 days, 12 hour s, and a l i t t l e bi t : exact l y
what we expect .
8. 1. 2 Usi ng Net - SNMP
The Net - SNMP t ool s pr ovi de an excel l ent command- l i ne i nt er f ace
t o SNMP oper at i ons. These t ool s ar e al so commonl y known as UCD-

SNMP - - you' l l st i l l f i nd t hi s ol der name i n many r ef er ences,
and even i n t he code i t sel f .
Chapt er 7 di scussed how t o compi l e, i nst al l , and conf i gur e t he
Net - SNMP agent . I f you' ve done t hat , you' ve al r eady compi l ed
and i nst al l ed t he SNMP t ool s. They' r e shi pped i n t he same
package as t he SNMP agent , and no r eal conf i gur at i on i s
necessar y f or t hem. Ther e i s a conf i gur at i on pr ogr am, cal l ed
snmpconf , whi ch can be used t o gener at e an snmp. conf f i l e t hat
pr ovi des def aul t val ues f or some of t he opt i ons t o t he
commands.
[ 3]
Unl ess you' r e usi ng SNMPv3, t hough, i t i sn' t r eal l y
necessar y. I t mi ght be handy t o set up a def aul t communi t y
st r i ng but , i n pr act i ce, t hi s i s of onl y l i mi t ed use: you
pr obabl y have di f f er ent communi t y st r i ngs on di f f er ent devi ces,
anyway. I f you deci de t o use snmpconf t o cr eat e t he t ool
conf i gur at i on f i l e, make sur e t hat you pl ace snmp. conf i n t he
. snmp subdi r ect or y of your home di r ect or y or ( i f you want t he
opt i ons t o appl y t o al l user s) i n / usr / l ocal / shar e/ snmp.
[3]
Thi s i s the same command used to create snmpd. conf , whi ch
conf i gures the Net- SNMP agent. The snmp. conf conf i gurati on f i l e
i s si mi l ar i n f ormto snmpd. conf .
We' l l assume t hat you won' t do any conf i gur at i on and wi l l
si mpl y use t he t ool s " out of t he box. " Her e' s a si mpl e pol l
t hat asks a r out er f or i t s l ocat i on:
$ snmpget orarout er1 publ i c . 1. 3. 6. 1. 2. 1. 1. 6. 0
system. sysLocati on. 0 =Sebastopol CA
I t ' s f ai r l y si mpl e: we pr ovi ded t he host name of t he r out er we
want ed t o pol l , a communi t y st r i ng, and t he OI D of t he obj ect
we want ed t o r et r i eve. I nst ead of usi ng t he numer i c OI D, you
can use t he l engt hy human- r eadabl e f or m. To save t ypi ng,
snmpget assumes ever yt hi ng up t o t he obj ect name and i nst ance
I D. Ther ef or e, t he f ol l owi ng command i s exact l y equi val ent t o
t he pr evi ous one:
$ snmpget orarout er1 publ i c sysLocat i on. 0
We' l l t ake a l ook at t he snmpwal k and snmpset commands t hat
come wi t h t he Net - SNMP package l at er i n t hi s chapt er , but t he
package cont ai ns many t ool s and i s wel l wor t h a mor e det ai l ed
expl anat i on. One t ool t hat ' s par t i cul ar l y usef ul i s
snmpt r ansl at e, whi ch conver t s bet ween t he numer i c and t ext ual
names of MI B obj ect s and can do t hi ngs such as l ook up t he
def i ni t i on of an obj ect i n a MI B f i l e. The sof t war e
di st r i but i on comes wi t h a number of st andar d MI Bs; you can
pl ace addi t i onal MI B f i l es i n / usr / l ocal / shar e/ snmp/ mi bs.
Appendi x C gi ves an over vi ew of t he Net - SNMP package.
8. 2 Ret ri evi ng Mul t i pl e MI B Val ues

The synt ax f or snmpwalk i s si mi l ar t o t he synt ax f or i t s
cousi n, snmpget. As di scussed i n Chapt er 2, snmpwalk t r aver ses
a MI B st ar t i ng wi t h some obj ect , cont i nuousl y r et ur ni ng val ues
unt i l i t get s t o t he end of t hat obj ect ' s br anch. For exampl e,
t he upcomi ng Per l scr i pt begi ns wal ki ng t he
. i so. or g. dod. i nt er net . mgmt . mi b-
2. i nt er f aces. i f Tabl e. i f Ent r y. i f Descr obj ect and pr ovi des a
descr i pt i on of each Et her net i nt er f ace on t he devi ce i t pol l s.
Thi s new scr i pt i s a mi nor modi f i cat i on of snmpget . pl . We
t ur ned t he scal ar $val ue i nt o t he ar r ay @val ues;
[ 4]
we need an
ar r ay because we expect t o get mul t i pl e val ues back. We al so
cal l ed t he f unct i on snmpwal k i nst ead of snmpget ( synt act i cal l y,
t he t wo f unct i ons ar e t he same) :
[4]
The Perl programwe used earl i er coul d have used the array
i nstead of the scal ar as wel l . Thi s i s possi bl e because Perl ' s
versi on of snmpget al l ows f or mul ti pl e OI Ds, not j ust one. To
speci f y mul ti pl e OI Ds, pl ace a comma (, ) between each OI D.
Remember to encl ose each OI Dwi thi n i ts own doubl e quotes.
#f i l ename: / opt/ l ocal / perl _scri pts/ snmpwal k. pl
use SNMP_uti l ;
$MI B1 =shi f t;
$HOST =shi f t;
($MI B1) &&($HOST) | | di e "Usage: $0 MI B_OI D HOSTNAME";
(@val ues) =&snmpwal k("$HOST", "$MI B1");
i f (@val ues) { pri nt "Resul ts : $MI B1: : @val ues: n"; }
Her e' s how t o r un t he scr i pt :
$ / opt / l ocal / perl _scri pt s/ snmpwal k. pl . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2 orarout er1
Thi s command wal ks down t he . i so. or g. dod. i nt er net . mgmt . mi b-
2. i nt er f aces. i f Tabl e. i f Ent r y. i f Descr obj ect , r et ur ni ng
i nf or mat i on about t he i nt er f aces t hat ar e on t he r out er . The
r esul t s l ook somet hi ng l i ke t hi s:
Resul ts : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : 1: Ethernet0 2: Seri al 0 3: Seri al 1:
The out put depends on t he i nt er f aces on t he host or r out er you
ar e pol l i ng. To gi ve some exampl es, I ' ve r un t hi s scr i pt
agai nst some of t he machi nes on my net wor k. Her e ar e t he
r esul t s.
Ci sco 7000 r out er :
Resul ts : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : 1: Ethernet0/ 0 2: Ethernet0/ 1 3: TokenRi ng1/ 0
4: TokenRi ng1/ 1 5: TokenRi ng1/ 2 6: TokenRi ng1/ 3 7: Seri al 2/ 0 8: Seri al 2/ 1
9: Seri al 2/ 2 10: Seri al 2/ 3 11: Seri al 2/ 4 12: Seri al 2/ 5 13: Seri al 2/ 6 14: Seri al 2/ 7
15: FastEthernet3/ 0 16: FastEthernet3/ 1 17: TokenRi ng4/ 0 18: TokenRi ng4/ 1:
Sun wor kst at i on:
Resul ts : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : 1: l o0 2: hme0:
Wi ndows NT PC:

Resul ts : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : 1: MS TCP Loopback i nterf ace
2: PCI 2 Token- Ri ng Network 16/ 4 Adapter :
APC uni nt er r upt i bl e power suppl y:
Resul ts : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : 1: peda:
For each devi ce, we see at l east one i nt er f ace. As you' d
expect , t he r out er has many i nt er f aces. The f i r st i nt er f ace on
t he r out er i s l i st ed as 1: Ethernet0/ 0, t he second i s l i st ed as
2: Ethernet0/ 1, and so on, up t hr ough i nt er f ace 18. SNMP keeps
t r ack of i nt er f aces as a t abl e, whi ch can have many ent r i es.
Even si ngl e- homed devi ces usual l y have t wo ent r i es i n t he
t abl e: one f or t he net wor k i nt er f ace and one f or t he l oopback
i nt er f ace. The onl y devi ce i n t he exampl e above t hat r eal l y has
a si ngl e i nt er f ace i s t he APC UPS - - but even i n t hi s case,
SNMP keeps t r ack of t he i nt er f ace t hr ough a t abl e t hat i s
i ndexed by an i nst ance number .
Thi s f eat ur e al l ows you t o append an i nst ance number t o an OI D
t o l ook up a par t i cul ar t abl e el ement . For exampl e, we woul d
use t he OI D . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2. 1 t o l ook at t he f i r st
i nt er f ace of t he Ci sco r out er , . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2. 2 t o l ook
at t he second, and so on. I n a mor e human- r eadabl e f or m,
i f Descr . 1 i s t he f i r st devi ce i n t he i nt er f ace descr i pt i on
t abl e, i f Descr . 2 i s t he second devi ce, and so on.
8. 2. 1 Wal ki ng t he MI B Tree wi t h OpenVi ew
Swi t chi ng over t o OpenVi ew' s snmpwal k, l et ' s t r y t o get ever y
obj ect i n t he . i so. or g. dod. i nt er net . mgmt . mi b- 2. syst emsubt r ee:
$ / opt / OV/ bi n/ snmpwal k oraswi t ch2 . 1. 3. 6. 1. 2. 1. 1
system. sysDescr. 0 : DI SPLAY STRI NG- (asci i ): Ci sco I nternetwork Operati ng
SystemSof tware I OS (tm) C2900XL Sof tware (C2900XL- H- M), Versi on 11. 2(8)
SA1, RELEASE SOFTWARE (f c1)Copyri ght (c) 1986- 1998 by ci sco Systems, I nc.
Compi l ed Tue 03- Feb- 98 14: 59 by rheaton
system. sysObj ectI D. 0: OBJ ECT I DENTI FI ER:
. i so. org. dod. i nternet. pri vate. enterpri ses. ci sco. ci scoProducts. ci sco2509
system. sysUpTi me. 0 : Ti meti cks: (168113316) 19 days, 10: 58: 53. 16
system. sysContact. 0 : DI SPLAY STRI NG- (asci i ): J . C. M. Pager 555- 1212
system. sysName. 0 : DI SPLAY STRI NG- (asci i ): oraswi tch2. ora. com
system. sysLocati on. 0 : DI SPLAY STRI NG- (asci i ): Sebastopol CA
system. sysServi ces. 0 : I NTEGER: 6
Let ' s go t o t he GUI MI B Br owser and t r y t hat same wal k. Repeat
t he st eps you t ook f or t he snmpget usi ng t he GUI . Thi s t i me
i nser t t he OI D . 1. 3. 6. 1. 2. 1. 1 and hi t t he " St ar t Quer y" but t on.
Check out t he r esul t s.

The GUI f i gur es out whet her i t needs t o per f or m
an snmpwal k or snmpget . I f you gi ve an i nst ance
val ue ( bei ng speci f i c) , t he br owser per f or ms an
snmpget . Ot her wi se, i t does an snmpwal k. I f you
ar e l ooki ng f or mor e speed and l ess cost t o your
net wor k, i ncl ude t he i nst ance val ue.

What wi l l happen i f you wal k t he ent i r e . i so subt r ee? I t may
hur t or even cr ash your machi ne, because i n most cases t he
devi ce can r et ur n sever al t housand val ues. Each i nt er f ace on a
r out er can add t housands of val ues t o i t s MI B t abl es. I f each
obj ect t akes . 0001 seconds t o comput e and r et ur n, and t her e ar e
60, 000 val ues t o r et ur n, i t wi l l t ake your devi ce 6 seconds t o
r et ur n al l t he val ues - - not count i ng t he l oad on t he net wor k
or on t he moni t or i ng st at i on. I f possi bl e, i t i s al ways a good
i dea t o per f or man snmpwal k st ar t i ng at t he MI B subt r ee t hat
wi l l pr ovi de you wi t h t he speci f i c i nf or mat i on you ar e l ooki ng
f or , as opposed t o wal ki ng t he ent i r e MI B.
I t mi ght be usef ul t o get a f eel f or how many MI B obj ect s a
gi ven devi ce has i mpl ement ed. One way t o do t hi s i s t o count
t he number of obj ect s each snmpwal k r et ur ns. Thi s can be
accompl i shed wi t h t he Uni x grep command. The -c swi t ch t o grep
t el l s i t t o r et ur n t he number of l i nes t hat mat ched. The per i od
( . ) t el l s grep t o mat ch ever yt hi ng. St ar t i ng f r omt he . syst em
obj ect ( . 1. 3. 6. 1. 2. 1. 1) , l et ' s go back one and see how many
obj ect s ar e i mpl ement ed i n t he mi b- 2 subt r ee. Take of f t he l ast
. 1 of f t he obj ect I D and r un t he snmpwalk command agai n, t hi s
t i me pi pi ng t he r esul t s i nt o grep -c:
$ / opt / OV/ bi n/ snmpwal k oraswi t ch2 . 1. 3. 6. 1. 2. 1 | grep - c .
The number of obj ect s you see wi l l depend on t he t ype of devi ce
and t he sof t war e r unni ng on i t . When I t r i ed sever al di f f er ent
devi ces, I got r esul t s r angi ng f r om164 t o 5193.
Thi s command i s gr eat when you want t o wal k a MI B t o see al l
t he t ypes of val ues t hat a devi ce i s capabl e of r et ur ni ng. When
I amt r yi ng out a new devi ce or MI B, I of t en wal k some decent -
si zed por t i on of t he MI B and r ead t hr ough al l t he r et ur ned
val ues, l ooki ng f or any i nf o t hat may be of i nt er est . When
somet hi ng cat ches my eye, I go t o t he MI B def i ni t i on and r ead
i t s descr i pt i on. Many GUI MI B Br owser s al l ow you t o check t he
descr i pt i on wi t h t he cl i ck of a but t on. I n OpenVi ew' s GUI ,
cl i ck on t he OI D and t hen on " Descr i be. "
8. 2. 2 Wal ki ng t he Tree wi t h Net - SNMP
Net - SNMP' s snmpwalk i s ver y si mi l ar i n f or mand f unct i on t o
OpenVi ew' s. Her e' s how you use i t :
$ snmpwal k orarout er1 publ i c . 1. 3. 6. 1. 2. 1. 1
system. sysDescr. 0 =Ci sco I nternetwork Operati ng SystemSof tware
I OS (tm) C820 Sof tware (C820- Y6- M), Versi on 12. 1(3)XG3, EARLY DEPLOYMENT RELEASE

SOFTWARE (f c1)
TAC: Home: SW: I OS: Speci al s f or i nf o
Copyri ght (c) 1986- 2000 by ci sco Systems, I nc.
Compi l ed Wed 20- Dec- 00 16: 21
system. sysObj ectI D. 0 =OI D: enterpri ses. 9. 1. 284
system. sysUpTi me. 0 =Ti meti cks: (100946413) 11 days, 16: 24: 24. 13
system. sysContact. 0 =thenetworkadmi ni strator@orei l l y. com
system. sysName. 0 =orarouter1@orei l l y. com
system. sysORLastChange. 0 =Ti meti cks: (0) 0: 00: 00. 00
Ther e ar en' t any r eal sur pr i ses. Agai n, you can use an obj ect
name i nst ead of a numer i cal I D; because you' r e wal ki ng a t r ee,
you don' t need t o speci f y an i nst ance number .
8. 3 Set t i ng a MI B Val ue
Wi t h snmpget and snmpwalk, we have r et r i eved management
i nf or mat i on onl y f r omdevi ces. The next l ogi cal st ep i s t o
change t he val ue of a MI B obj ect vi a SNMP. Thi s oper at i on i s
known as snmpset, or set. I n t hi s sect i on we' l l r ead t he val ue
of an obj ect , use snmpset t o change i t s val ue, t hen r ead t he
val ue agai n t o pr ove t hat i t ' s been changed.
Ther e' s obvi ousl y some danger her e: what happens i f you change
a var i abl e t hat ' s cr i t i cal t o t he st at e of t he syst emyou' r e
moni t or i ng? I n t hi s chapt er , we' l l deal onl y wi t h some si mpl e
obj ect s, such as t he admi ni st r at i ve cont act , t hat won' t damage
anyt hi ng i f t hey' r e changed i ncor r ect l y. Ther ef or e, i f you keep
t he OI Ds cor r ect , you shoul dn' t wor r y about hur t i ng any of your
devi ces. Al l t he obj ect s we set i n t hi s chapt er have an ACCESS
of read- wri te. I t ' s a good i dea t o get a f eel f or whi ch obj ect s
ar e wr i t abl e by r eadi ng t he MI B i n whi ch t he obj ect i s def i ned
- - ei t her one of t he RFCs or a MI B f i l e pr ovi ded by your
vendor .
Let ' s get st ar t ed. Run t he f ol l owi ng OpenVi ew command ( or use
one of t he ot her pr ogr ams we' ve di scussed) t o f i nd out t he
sysCont act f or your chosen devi ce:
$ / opt / OV/ bi n/ snmpget - c publ i c orarout er1 . 1. 3. 6. 1. 2. 1. 1. 4. 0
system. sysContact. 0 : DI SPLAY STRI NG- (asci i ): ORA I T Group
The - c publ i c swi t ch passes t he communi t y st r i ng publ i c t o t he
snmpget command.

Keep i n mi nd t hat your devi ces shoul dn' t use t he
same ( def aul t ) communi t y st r i ngs t hat ar e used
wi t hi n t hi s book. I n addi t i on, usi ng t he same
st r i ng f or t he r eadonl y ( snmpget) and r ead-
wr i t e ( snmpset) communi t i es i s a poor i dea.

Now l et ' s r un t he OpenVi ew snmpsetcommand. Thi s command t akes
t he val ue speci f i ed i n quot es on t he command l i ne and uses i t

t o set t he obj ect i ndi cat ed by t he gi ven OI D. Use t he same OI D
( syst em. sysCont act . 0) . Si nce t he new val ue f or sysCont act
cont ai ns wor ds and possi bl y number s, we must al so speci f y t he
var i abl e t ype octetstri ng.
[ 5]
Run t he OpenVi ew snmpset command wi t h
t he f ol l owi ng par amet er s:
[5]
I f you read RFC 1213 (MI B- I I ) you wi l l note that sysLocati on
has a SYNTAX of Di spl ayStri ng. Thi s i s real l y a textual conventi on
of type OCTET STRI NG wi th a si ze of 0. . 255 octets.
$ / opt / OV/ bi n/ snmpset - c pri vat e orarout er1 . 1. 3. 6. 1. 2. 1. 1. 4. 0
oct et st ri ng "Meg A. Byt e 555- 1212"
system. sysContact. 0 : DI SPLAY STRI NG- (asci i ): Meg A. Byte 555- 1212
The r esul t shows t hat snmpset successf ul l y changed t he r out er ' s
cont act per son t o Meg A. Byte 555- 1212. I f you don' t see t hi s
r esul t , t he set was not successf ul . Tabl e 8- 2 shows some of t he
common er r or messages you mi ght r ecei ve, and st eps you can t ake
t o cor r ect t he pr obl ems. To conf i r mt he val ue t he devi ce has
st or ed i n sysCont act , we can r epeat t he snmpget command.
I f we use OpenVi ew' s GUI , t hi ngs st ar t t o get a bi t easi er t o
see, set , and conf i r m. Use t he GUI t o get t he val ue of
sysCont act . Once you have conf i r med t hat a val ue i s t her e, t ype
a descr i pt i on i n t he SNMP Set Val ue t ext box. Si nce t her e i s
onl y one i nst ance f or sysCont act , you have t o i nser t a 0 ( zer o)
f or t he MI B I nst ance. Af t er you have compl et ed al l t he r equi r ed
i nput i t ems, cl i ck on t he " Set " but t on l ocat ed t o t he r i ght of
t he " SNMP Set Val ue" t ext box. You shoul d see a popup wi ndow
t hat r eads " Set has compl et ed successf ul l y. " To ver i f y t hat t he
set act ual l y occur r ed, cl i ck on " St ar t Quer y. " ( I t shoul d be
appar ent t o you by now t hat usi ng a GUI such as OpenVi ew' s MI B
Br owser pr ogr ammakes get t i ng and set t i ng MI B obj ect s much
easi er . )
To show how t hi s can be done pr ogr ammat i cal l y, we wi l l wr i t e
anot her smal l Per l scr i pt , named snmpset.pl:
#f i l ename: / opt/ l ocal / perl _scri pts/ snmpset. pl
use SNMP_uti l ;
$MI B1 =". 1. 3. 6. 1. 2. 1. 1. 6. 0";
$HOST ="oraswi tch2";
$LOC ="@ARGV";
($val ue) =&snmpset("pri vate@$HOST", "$MI B1", ' stri ng' , "$LOC");
Let ' s r un t hi s scr i pt :
$ / opt / l ocal / perl _scri pt s/ snmpset . pl A bl d J M- 10119 f l oor 7
Resul ts : . 1. 3. 6. 1. 2. 1. 1. 6. 0: : A bl d J M- 10119 f l oor 7:
Usi ng t he snmpget.pl scr i pt , we can ver i f y t hat t he set t ook
pl ace:
$ / opt / l ocal / perl _scri pt s/ snmpget . pl . 1. 3. 6. 1. 2. 1. 1. 6. 0 publ i c@oraswi t ch2
Resul ts : . 1. 3. 6. 1. 2. 1. 1. 1. 0: : A bl d J M- 10119 f l oor 7:

Now we' l l use t he Net - SNMP snmpset ut i l i t y t o change t he syst em
cont act :
$ snmpset oraswi t ch2 pri vat e sysCont act . 0 s mysel f
system. sysContact. 0 =mysel f
$ snmpget oraswi t ch2 publ i c sysCont act . 0
system. sysContact. 0 =mysel f
Ther e' s not hi ng r eal l y conf usi ng her e. We suppl i ed a communi t y
st r i ng, a host name, and an obj ect I D, f ol l owed by a dat at ype ( s
f or Stri ng) and t he new val ue of sysCont act . J ust t o convi nce
our sel ves t hat t he set act ual l y t ook pl ace, we f ol l owed i t wi t h
an snmpget. The onl y addi t i onal t hi ng you need t o know i s t he
mechani smf or speci f yi ng dat at ypes. Net - SNMP uses t he si ngl e-
char act er abbr evi at i ons shown i n Tabl e 8- 1.
Tabl e 8- 1. Net - SNMP Dat at ype Abbrevi at i ons
Abbreviation Meaning
a I P addr ess
b
[ 6]
Bi t s
d Deci mal st r i ng
D Doubl e
F Fl oat
i I nt eger
I Si gned i nt 64
n Nul l
o Obj ect I D
s St r i ng
t Ti me t i cks
u Unsi gned i nt eger
U Unsi gned i nt 64
x Hexadeci mal st r i ng
[6]
Whi l e the manpages showthi s as a val i d datatype, the hel p
output f romthe command does not.
8. 4 Error Responses

Tabl e 8- 2 shows t he er r or r esponses t hat a devi ce mi ght r et ur n
whi l e execut i ng t he commands pr esent ed i n t hi s chapt er . Consul t
your l ocal document at i on i f t hese expl anat i ons do not cover
your exact pr obl em.
Tabl e 8- 2. Error Response Tabl e
Server
Responded
with
Explanation
Contai ned under
subtree
snmpwalk r et ur ns t hi s er r or i f you have t r i ed
goi ng down a MI B and ar e al r eady at t he end, or i f
t he t r ee doesn' t exi st on t he cl i ent .
No response
arri ved bef ore
ti meout
Possi bl e causes i ncl ude i nval i d communi t y name,
agent i s not r unni ng, or t he node i s i naccessi bl e.
Agent reported
error wi th
vari abl e
You ar e t r yi ng t o set t o an obj ect wi t h a dat at ype
t hat i s not t he same as ( or cl ose t o) t he
var i abl e' s speci f i ed t ype. For exampl e, i f t he
var i abl e want s a Di spl ayStri ng, you' l l get t hi s er r or
i f you send i t an I NTEGER. Read t hr ough t he MI B t o
see what SYNTAX t ype t he var i abl e needs.
Mi ssi ng i nstance
val ue
f or . . .
When you ar e set t i ng a val ue, you must suppl y t he
ent i r e OI D and i nst ance. A scal ar obj ect wi l l end
wi t h zer o ( 0) and a t abul ar obj ect wi l l end wi t h
t he i nst ance number of t he obj ect i n a t abl e.
Ver i f y t hat t he i nst ance number you' r e usi ng wi t h
snmpget i s cor r ect and r et r y your set.
Access i s deni ed
f or vari abl e
Thi s may happen i f you ar e t r yi ng t o set a val ue
on a r eadonl y obj ect . Revi ew t he MI B t o see what
t he obj ect ' s ACCESS set t i ng i s.

Chapter 9. Pol l i ng and Threshol ds
SNMP gi ves you t he abi l i t y t o pol l your devi ces r egul ar l y,
col l ect i ng t hei r management i nf or mat i on. Fur t her mor e, you can
t el l t he NMS t hat t her e ar e cer t ai n t hr eshol ds t hat , i f
cr ossed, r equi r e some sor t of act i on. For exampl e, you mi ght
want t o be not i f i ed i f t he t r af f i c at an i nt er f ace j umps t o an
ext r emel y hi gh ( or l ow) val ue; t hat event mi ght si gnal a
pr obl emwi t h t he i nt er f ace, or i nsuf f i ci ent capaci t y, or even a
host i l e at t ack on your net wor k. When such a condi t i on occur s,
t he NMS can f or war d an al ar mt o an event - cor r el at i on engi ne or
have an i con on an OpenVi ew map f l ash. To make t hi s mor e
concr et e, l et ' s say t hat t he NMS i s pol l i ng t he st at us of an
i nt er f ace on a r out er . I f t he i nt er f ace goes down, t he NMS

r epor t s what has happened so t he pr obl emcan be qui ckl y
r esol ved.
SNMP can per f or mei t her i nt er nal or ext er nal pol l i ng. Internal
pol l i ng i s t ypi cal l y used i n conj unct i on wi t h an appl i cat i on
t hat r uns as a daemon or a f aci l i t y such as cron t hat
per i odi cal l y r uns a l ocal appl i cat i on. External pol l i ng i s done
by t he NMS. The OpenVi ew NMS pr ovi des a gr eat i mpl ement at i on of
ext er nal pol l i ng; i t can gr aph and save your dat a f or l at er
r et r i eval or not i f y you i f i t l ooks l i ke somet hi ng has gone
wr ong. Many sof t war e packages make good NMSs, and i f you' r e
cl ever about scr i pt i ng you can t hr ow t oget her an NMS t hat ' s
f i ne- t uned t o your needs. I n t hi s chapt er , we wi l l l ook at a
f ew of t he avai l abl e packages.
Pol l i ng i s l i ke checki ng t he oi l i n a car ; t hi s anal ogy may
hel p you t o t hi nk about appr opr i at e pol l i ng st r at egi es. Thr ee
di st i nct i t ems concer n us when checki ng t he oi l : t he physi cal
pr ocess ( openi ng t he hood, pul l i ng out t he di pst i ck, and
put t i ng i t back i n) ; t he pr eset gauge t hat t el l s us i f we have
a pr obl em( i s t he l evel t oo hi gh, t oo l ow, or j ust r i ght ?) ; and
t he f r equency wi t h whi ch we check i t ( once an hour , week,
mont h, or year ?) .
Let ' s assume t hat you ask your mechani c t o go t o t he car and
check t he oi l l evel . Thi s i s l i ke an NMS sendi ng a packet t o a
r out er t o per f or man snmpget on some pi ece of i nf or mat i on. When
t he mechani c i s f i ni shed, you pay hi m$30 and go on your way.
Because a l ow oi l l evel may r esul t i n r eal engi ne damage, you
want t o check t he oi l r egul ar l y. So how l ong shoul d you wai t
unt i l you send t he mechani c out t o t he car agai n? Checki ng t he
oi l has a cost : i n t hi s scenar i o, you pai d $30. I n net wor ks,
you pay wi t h bandwi dt h. Li ke money, you have onl y so much
bandwi dt h, and you can' t spend i t f r i vol ousl y. So t he r eal
quest i on i s, how l ong can you wai t bef or e checki ng t he oi l
agai n wi t hout ki l l i ng your budget ?
The answer l i es wi t hi n t he car i t sel f . A f i nel y t uned r aci ng
car needs t o have i t s f l ui ds at per f ect l evel s. A VWBeet l e,
[ 1]

unl i ke a r acecar , can have pl us or mi nus a quar t at any t i me
wi t hout ser i ousl y hi nder i ng i t s per f or mance. You' r e pr obabl y
not dr i vi ng a Beet l e, but you' r e pr obabl y not dr i vi ng a r acecar
ei t her . So you deci de t hat you can check t he oi l l evel about
ever y t hr ee weeks. But how wi l l you know what i s l ow, hi gh, or
j ust r i ght ?
[1]
The ol d ones f romthe 1960s, not the f ancy modern ones.
The car ' s di pst i ck t el l s you. Your mechani c doesn' t need t o
know t he car model , engi ne t ype, or even t he amount of oi l i n
t he car ; he onl y needs t o know what val ue he get s when he r eads
t he di pst i ck. On a net wor k, a devi ce' s di pst i ck i s cal l ed an
agent , and t he di pst i ck r eadi ng i s t he SNMP r esponse packet .

Al l SNMP- compat i bl e devi ces cont ai n st andar di zed agent s
( di pst i cks) t hat can be r ead by any mechani c ( NMS) . I t i s
i mpor t ant t o keep i n mi nd t hat t he dat a gat her ed i s onl y as
good as t he agent , or mechani c, t hat gener at ed i t .
I n bot h cases, some pr edef i ned t hr eshol d det er mi nes t he
appr opr i at e act i on. I n t he oi l exampl e, t he t hr eshol d i s " l ow
oi l , " whi ch t r i gger s an aut omat i c r esponse: add oi l . ( Cr ossi ng
t he " hi gh oi l " t hr eshol d mi ght t r i gger a di f f er ent ki nd of
r esponse. ) I f we' r e t al ki ng about a r out er i nt er f ace, t he
possi bl e val ues we mi ght r ecei ve ar e " up" and " down. " I magi ne
t hat your company' s gat eway t o t he I nt er net , a por t on a
r out er , must st ay up 24 hour s a day, 7 days a week. I f t hat
por t goes down, you coul d l ose $10, 000 f or each second i t st ays
down. Woul d you check t hat por t of t en? Most or gani zat i ons won' t
pay someone t o check r out er i nt er f aces ever y hour , l et al one
ever y second. Even i f you had t he t i me, t hat woul dn' t be f un,
r i ght ? Thi s i s wher e SNMP pol l i ng comes i n. I t al l ows net wor k
manager s t o guar ant ee t hat mi ssi on- cr i t i cal devi ces ar e up and
f unct i oni ng pr oper l y, wi t hout havi ng t o pay someone t o
const ant l y moni t or r out er s, ser ver s, et c.
Once you det er mi ne your moni t or i ng needs, you can speci f y at
what i nt er val you woul d l i ke t o pol l a devi ce or set of
devi ces. Thi s i s t ypi cal l y r ef er r ed t o as t he poll interval,
and can be as gr anul ar as you l i ke ( e. g. , ever y second, ever y
hour , et c. ) . The t hr eshol d val ue at whi ch you t ake act i on
doesn' t need t o be bi nar y: you mi ght deci de t hat somet hi ng' s
obvi ousl y wr ong i f t he number of packet s l eavi ng your I nt er net
connect i on f al l s bel ow a cer t ai n l evel .

Whenever you ar e f i gur i ng out how of t en t o pol l
a devi ce, r emember t o keep t hr ee t hi ngs i n mi nd:
t he devi ce' s agent / CPU, bandwi dt h consumpt i on,
and t he t ypes of val ues you ar e r equest i ng. Some
val ues you r ecei ve may be 10- mi nut e aver ages. I f
t hi s i s t he case, i t i s a wast e t o pol l ever y
f ew seconds. Revi ew t he MI Bs sur r oundi ng t he
dat a f or whi ch you ar e pol l i ng. My pr ef er ence i s
t o st ar t pol l i ng f ai r l y of t en. Once I see t he
t r ends and peak val ues, I back of f . Thi s can add
congest i on t o t he net wor k but ensur es t hat I
don' t mi ss any i mpor t ant i nf or mat i on.

What ever t he f r equency at whi ch you pol l , keep i n mi nd ot her
t hi ngs t hat may be happeni ng on t he net wor k. Be sur e t o st agger
your pol l i ng t i mes t o avoi d ot her event s i f possi bl e. Keep i n
mi nd backups, dat a l oads, r out i ng updat es, and ot her event s
t hat can cause st r ess on your net wor ks or CPUs.

9. 1 I nt ernal Pol l i ng

I t may seeml i ke a wast e of bandwi dt h t o pol l a devi ce j ust t o
f i nd out t hat ever yt hi ng i s okay. On a t ypi cal day, you may
pol l dozens of devi ces hundr eds or t housands of t i mes wi t hout
di scover i ng any f ai l ur es or out ages. Of cour se, t hat ' s r eal l y
what you want t o f i nd out - - and you' l l pr obabl y concl ude t hat
SNMP has ser ved i t s pur pose t he f i r st t i me you di scover a
f ai l ed devi ce and get t he devi ce back onl i ne bef or e user s have
had a chance t o st ar t compl ai ni ng. However , i n t he best of al l
possi bl e wor l ds, you' d get t he benef i t s of pol l i ng wi t hout t he
cost : t hat i s, wi t hout devot i ng a si gni f i cant chunk of your
net wor k' s bandwi dt h t o moni t or i ng i t s heal t h.
Thi s i s wher e i nt er nal pol l i ng comes i n. As i t s name i mpl i es,
i nt er nal pol l i ng i s per f or med by an agent t hat i s i nt er nal , or
bui l t i n, t o t he devi ce you want t o manage. Si nce pol l i ng i s
i nt er nal t o t he devi ce, i t doesn' t r equi r e t r af f i c bet ween t he
agent and your NMS. Fur t her mor e, t he agent doi ng t he pol l i ng
does not have t o be an act ual SNMP agent , whi ch can al l ow you
t o moni t or syst ems ( ei t her machi nes or sof t war e) t hat do not
suppor t SNMP. For exampl e, some i ndust r i al - st r engt h ai r -
condi t i oni ng- equi pment vendor s pr ovi de oper at i onal st at us
i nf or mat i on vi a a ser i al por t . I f t he ai r - condi t i oni ng uni t i s
at t ached t o a t er mi nal ser ver or si mi l ar devi ce, i t becomes
easy t o use scr i pt i ng l anguages t o moni t or t he uni t and
gener at e t r aps i f t he t emper at ur e exceeds a cer t ai n t hr eshol d.
Thi s i nt er nal pr ogr amcan be wr i t t en i n your f avor i t e scr i pt i ng
l anguage, and i t can check any st at us i nf or mat i on t o whi ch you
can get access. Al l you need i s a way t o get dat a f r omt he
scr i pt t o t he management st at i on.
One st r at egy f or wr i t i ng a pol l i ng pr ogr ami s t o use " hooks"
wi t hi n a pr ogr amt o ext r act i nf or mat i on t hat can t hen be f ed
i nt o an SNMP t r ap and sent t o t he NMS. We wi l l cover t r aps mor e
i n Chapt er 10. Anot her way t o do i nt er nal pol l i ng i s t o use a
pr ogr am( e. g. , sh, Per l , or C) t hat i s r un at set i nt er val s.
( On Uni x, you woul d use cron t o r un a pr ogr amat f i xed
i nt er val s; t her e ar e si mi l ar ser vi ces on ot her oper at i ng
syst ems. ) Hooks and cron- dr i ven scr i pt s bot h al l ow you t o check
i nt er nal var i abl es and r epor t er r or s as t hey ar e f ound. Her e i s
a Per l scr i pt t hat checks f or t he exi st ence of a f i l e and sends
a t r ap i f t he f i l e i s not f ound:
#Fi l ename: / opt/ l ocal / perl _scri pts/ check4f i l e. pl

use SNMP_uti l "0. 54"; #Thi s wi l l l oad the BER and SNMP_Sessi on modul es f or us

$FI LENAME ="/ etc/ passwd";

#
#i f the / etc/ passwd f i l e does not exi st, send a trap!
#
i f (!(- e $FI LENAME)) {
snmptrap("publ i c@nms: 162", ". 1. 3. 6. 1. 4. 1. 2789", "sunserver1", 6, 1547,

". 1. 3. 6. 1. 4. 1. 2789. 1547. 1", "stri ng", "Fi l e : $FI LENAME: Coul d
NOT Be Found");
}
Her e i s what t he Sun- st yl e crontab l ooks l i ke:
$ cront ab - l

#Check f or thi s f i l e every 15 mi nutes and report trap i f not f ound
4, 19, 34, 49 * * * * / opt/ l ocal / perl _scri pts/ check4f i l e. pl
Not i ce t hat we pol l f our mi nut es af t er each quar t er hour ,
r at her t han on t he quar t er hour . The next pol l we i nser t i nt o
t he crontab f i l e may r un f i ve mi nut es af t er t he quar t er hour
( 5, 20, 35, 50) . Thi s pr act i ce pr event s us f r omst ar t i ng a huge
number of pr ogr ams at t he same t i me. I t ' s a par t i cul ar l y good
i dea t o avoi d pol l i ng on t he hour - - t hat ' s a popul ar t i me f or
r andompr ogr ams and cron j obs t o st ar t up. Consul t t he cron
manpage i f you ar e unf ami l i ar wi t h i t s oper at i on.
9. 1. 1 Remot e Moni t ori ng ( RMON)
RMON i s a suppl ement t o t he MI B- I I gr oup. Thi s gr oup, i f
suppor t ed by t he devi ce' s SNMP agent , al l ows us t o do bot h
i nt er nal and ext er nal pol l i ng. We can pol l devi ces t hr ough a
r emot e NMS ( ext er nal pol l i ng) or have t he l ocal RMON agent
check i t sel f per i odi cal l y and r epor t any er r or s ( i nt er nal
pol l i ng) . The RMON agent wi l l send t r aps when er r or condi t i ons
ar e f ound.
Many devi ces suppor t RMON, maki ng i t an ef f ect i ve mechani smf or
i nt er nal pol l i ng. For exampl e, Ci sco suppor t s t he Event s and
Al ar ms RMON cat egor i es. You can conf i gur e t he Al ar ms cat egor y
t o pol l MI Bs i nt er nal l y and r eact i n di f f er ent ways when a
r i si ng or f al l i ng t hr eshol d occur s. Each t hr eshol d has t he
opt i on of cal l i ng an i nt er nal Event . Fi gur e 9- 1 shows t he f l ow
t hat t hese t wo RMON cat egor i es t ake.
Fi gure 9- 1. RMON process f l ow

The di st i nct i on bet ween al ar ms and event s i s i mpor t ant . Each
al ar mi s t i ed t o a speci f i c event , whi ch def i nes what act i on t o
per f or mwhen t he al ar mgoes of f . Once a t hr eshol d i s met ,
t r i gger i ng an al ar m, t he al ar mcal l s t he event , whi ch can
per f or maddi t i onal f unct i ons, i ncl udi ng sendi ng t r aps t o t he
NMS and wr i t i ng a r ecor d i n a l og. St andar d SNMP t r aps ar e
pr econf i gur ed by t he agent ' s vendor , whi ch gi ves net wor k
manager s no cont r ol over set t i ng any ki nd of t hr eshol ds;
however , RMON al l ows a net wor k manager t o set r i si ng and

f al l i ng t hr eshol ds. Fi gur e 9- 2 r epr esent s t he i nt er act i on
bet ween a r out er ' s RMON agent and an NMS.
Fi gure 9- 2. RMON and NMS i nt eract i on

I n Fi gur e 9- 2, t he Ci sco r out er ' s SNMP agent f or war ds a t r ap t o
t he NMS. Not i ce t he di r ect i on of communi cat i on: RMON t r ap
t r ansmi ssi on i s uni di r ect i onal . The NMS r ecei ves t he t r ap f r om
t he Ci sco r out er and deci des what act i on t o t ake, i f any.
I n addi t i on t o sendi ng t r aps, we can al so l og event s; i f we so
choose, we can even l og t he event wi t hout gener at i ng a t r ap.
Loggi ng can be par t i cul ar l y usef ul when you ar e i ni t i al l y
conf i gur i ng RMON al ar ms and event s. I f you make your al ar m
condi t i ons t oo sensi t i ve, you can cl og your NMS wi t h t r i gger -
happy RMON event s. Loggi ng can hel p you f i ne- t une your RMON
al ar ms bef or e t hey ar e r el eased i nt o pr oduct i on.
9. 1. 1. 1 RMON conf i gurat i on
As a pr act i cal exampl e of how t o conf i gur e RMON, we wi l l use
Ci sco' s RMON i mpl ement at i on, st ar t i ng wi t h event s. The
f ol l owi ng I OS command def i nes an RMON event :
rmon event number [l og] [trap communi ty] [descri pti on stri ng] [owner stri ng]
I f you' r e f ami l i ar wi t h I OS, you shoul d be expect i ng a
cor r espondi ng no command t hat di scar ds an RMON event :
no rmon event number
The par amet er s t o t hese I OS commands ar e:
number
Specifies the unique identification number for the event.
This value must be greater than 0; a value of 0 is not
allowed.
log
Tells the agent to log the entry when triggered. This
argument is optional.
trap community
Specifies the trap community string; i.e., a community
string to be included with the trap. Many network-
management programs can be configured to respond only to
traps with a particular community string.
description string
Describes the event.
owner string

Ties the event or item to a particular person.
Her e ar e t wo exampl es of how t o cr eat e Ci sco RMON event s. The
f i r st l i ne cr eat es a r i si ng al ar m, whi ch f aci l i t at es sendi ng a
t r ap t o t he NMS. The second cr eat es a f al l i ng al ar mt hat mi ght
i ndi cat e t hat t r af f i c has r et ur ned t o an accept abl e l evel ( t hi s
al ar mi s l ogged, but doesn' t gener at e a t r ap) :
(conf i g)#rmon event 1 l og t rap publ i c descri pt i on "Hi gh i f I nOct et s" owner dmauro
(conf i g)#rmon event 2 l og descri pt i on "Lowi f I nOct et s" owner dmauro
You can al so use l oggi ng t o keep t r ack of when t he event s wer e
cal l ed. Though you can conf i gur e t r aps wi t hout l oggi ng, what
happens i f t he l i ne t o your NMS goes down? Loggi ng ensur es t hat
you don' t l ose i nf or mat i on when t he NMS i s di sabl ed. We suggest
usi ng bot h l og and trap on al l your event s. You can vi ew t he l ogs
of your RMON event s by i ssui ng t he f ol l owi ng command on t he
r out er :
orarouter1#showrmon event

Event 1 i s acti ve, owned by dmauro
Descri pti on i s Hi gh i f I nOctets
Event f i ri ng causes l og and trap to communi ty publ i c, l ast f i red 00: 05: 04
Current l og entri es:
i ndex ti me descri pti on
1 00: 00: 31 Hi gh i f I nOctets
2 00: 05: 04 Hi gh i f I nOctets
Event 2 i s acti ve, owned by dmauro
Descri pti on i s Lowi f I nOctets
Event f i ri ng causes l og, l ast f i red 00: 00: 11
Current l og entri es:
i ndex ti me descri pti on
1 00: 00: 11 Lowi f I nOctets
The f ol l owi ng command wal ks t he r mon event t abl e, whi ch
di spl ays t he val ues we j ust set :
$ snmpwal k orarout er1 . i so. org. dod. i nt ernet . mgmt . mi b- 2. rmon. event . event Tabl e
rmon. event. eventTabl e. eventEntry. eventI ndex. 1 : I NTEGER: 1
rmon. event. eventTabl e. eventEntry. eventI ndex. 2 : I NTEGER: 2
rmon. event. eventTabl e. eventEntry. eventDescri pti on. 1
: DI SPLAY STRI NG- (asci i ): Hi gh i f I nOctets
rmon. event. eventTabl e. eventEntry. eventDescri pti on. 2
: DI SPLAY STRI NG- (asci i ): Lowi f I nOctets
rmon. event. eventTabl e. eventEntry. eventType. 1 : I NTEGER: l og- and- trap
rmon. event. eventTabl e. eventEntry. eventType. 2 : I NTEGER: l og
rmon. event. eventTabl e. eventEntry. eventCommuni ty. 1 : OCTET STRI NG- (asci i ): publ i c
rmon. event. eventTabl e. eventEntry. eventCommuni ty. 2 : OCTET STRI NG- (asci i ):
rmon. event. eventTabl e. eventEntry. eventLastTi meSent. 1 : Ti meti cks: (0) 0: 00: 00. 00
rmon. event. eventTabl e. eventEntry. eventLastTi meSent. 2 : Ti meti cks: (0) 0: 00: 00. 00
rmon. event. eventTabl e. eventEntry. eventOwner. 1 : DI SPLAY STRI NG- (asci i ): dmauro
rmon. event. eventTabl e. eventEntry. eventOwner. 2 : DI SPLAY STRI NG- (asci i ): dmauro
rmon. event. eventTabl e. eventEntry. eventStatus. 1 : I NTEGER: val i d
rmon. event. eventTabl e. eventEntry. eventStatus. 2 : I NTEGER: val i d
Most of t he i nf or mat i on we set on t he command l i ne i s avai l abl e
t hr ough SNMP. We see t wo event s, wi t h i ndexes 1 and 2. The

f i r st event has t he descr i pt i on Hi gh i f I nOctets; i t i s l ogged and a
t r ap i s gener at ed; t he communi t y st r i ng f or t he event i s publ i c;
t he event ' s owner i s dmauro; t he event i s val i d, whi ch essent i al l y
means t hat i t i s enabl ed; and we al so see t hat t he event has
not yet occur r ed. I nst ead of usi ng t he command l i ne t o def i ne
t hese event s, we coul d have used snmpset ei t her t o cr eat e new
event s or t o modi f y event s we al r eady have. I f you t ake t hi s
r out e, keep i n mi nd t hat you must set t he
event Ent r y. event St at us t o 1, f or " val i d, " f or t he event t o wor k
pr oper l y.

You can pol l t he obj ect s i f Descr and i f Type i n
t he mgmt . i nt er f aces. i f Ent r y subt r ee t o hel p you
i dent i f y whi ch i nst ance number you shoul d use
f or your devi ces. I f you ar e usi ng a devi ce wi t h
mul t i pl e por t s, you may need t o sear ch t he
i f Type, i f Admi nSt at us, and i f Oper St at us t o hel p
you i dent i f y what ' s what . I n Sect i on 9. 2, we
wi l l see t hat i t i s not necessar y t o keep t r ack
of t hese MI B var i abl es ( t he ext er nal pol l i ng
sof t war e t akes car e of t hi s f or us) .

Now t hat we have our event s conf i gur ed, l et ' s st ar t conf i gur i ng
al ar ms t o do some i nt er nal pol l i ng. We need t o know what we ar e
goi ng t o pol l , what t ype of dat a i s r et ur ned, and how of t en we
shoul d pol l . Assume t hat t he r out er i s our def aul t gat eway t o
t he I nt er net . We want t o pol l t he r out er ' s second i nt er f ace,
whi ch i s a ser i al i nt er f ace. Ther ef or e, we want t o pol l
mgmt . i nt er f aces. i f Ent r y. i f I nOct et s. 2 t o get t he number of
out bound oct et s on t hat i nt er f ace, whi ch i s an I NTEGER t ype.
[ 2]
To
be pr eci se, t he i f I nOct et s MI B obj ect i s def i ned as " The t ot al
number of oct et s r ecei ved on t he i nt er f ace, i ncl udi ng f r ami ng
char act er s. " ( The . 2 at t he end of t he OI D i ndi cat es t he second
ent r y i n t he i f Ent r y t abl e. On our r out er , t hi s denot es t he
second i nt er f ace, whi ch i s t he one we want t o pol l . ) We want t o
be not i f i ed i f t he t r af f i c on t hi s i nt er f ace exceeds 90, 000
oct et s/ second; we' l l assume t hi ngs ar e back t o nor mal when t he
t r af f i c f al l s back under 85, 000 oct et s/ second. Thi s gi ves us
t he r i si ng and f al l i ng t hr eshol ds f or our al ar m. Next , we need
t o f i gur e out t he i nt er val at whi ch we ar e goi ng t o pol l t hi s
obj ect . Let ' s st ar t by pol l i ng ever y 60 seconds.
[2]
FromRFC 1757, the al armVari abl e (the obj ect/ MI B we are goi ng
to pol l ) needs to resol ve to an ASN. 1 pri mi ti ve type of I NTEGER,
Counter, Gauge, or Ti meTi cks.
Now we need t o put al l t hi s i nf or mat i on i nt o a Ci sco RMON alarm
command. Her e i s t he command t o cr eat e an al ar m:
rmon al armnumber vari abl e i nterval {del ta | absol ute}
ri si ng- threshol d val ue [event- number]
f al l i ng- threshol d val ue [event- number]

[owner stri ng]
The f ol l owi ng command di scar ds t he al ar m:
no rmon al armnumber
The par amet er s t o t hese commands ar e:
number
Specifies the unique identification number assigned to the
alarm.
variable
Specifies which MIB object to monitor.
interval
Specifies the frequency at which the alarm monitors the
MIB variable.
delta
Indicates that the threshold values given in the command
should be interpreted in terms of the difference between
successive readings.
absolute
Indicates that the threshold values given in the command
should be interpreted as absolute values; i.e., the
difference between the current value and preceding values
is irrelevant.
rising-threshold value event-number
Specifies the value at which the alarm should be
triggered, calling the event, when the value is rising.
event-number is the event that should be called when the
alarm occurs. The event number is optional because the
threshold doesn't have to be assigned an event. If either
of the two thresholds is left blank the event number will
be set to 0, which does nothing.
falling-threshold value event-number
Specifies the value at which the alarm should be
triggered, calling the event, when the value is falling.
event-number is the event that should be called when the
alarm occurs. The event number is optional because the
threshold doesn't have to be assigned an event. If either
of the two thresholds is left blank the event number will
be set to 0, which does nothing.
owner string
Ties this alarm to a particular person.
To conf i gur e t he al ar mset t i ngs we j ust descr i bed, ent er t he
f ol l owi ng command, i n conf i gur at i on mode, on a Ci sco consol e:
orarouter1(conf i g)#rmon al arm25 i f Ent ry. 10. 2 60 absol ut e
ri si ng- t hreshol d 90000 1 f al l i ng- t hreshol d 85000 2 owner dmauro
Thi s command conf i gur es al ar mnumber 25, whi ch moni t or s t he
obj ect i n i f Ent r y. 10. 2 ( i nst ance 2 of i f Ent r y. i f I nOct et s, or
t he i nput oct et s on i nt er f ace 2) ever y 60 seconds. I t has a
r i si ng t hr eshol d of 90, 000 oct et s, whi ch has event number 1

t i ed t o i t : event 1 i s cal l ed when t r af f i c on t hi s i nt er f ace
exceeds 90, 000 oct et s/ second. The f al l i ng t hr eshol d i s set t o
85, 000 oct et s and has event number 2 t i ed t o i t . Her e' s how t he
al ar ml ooks i n t he r out er ' s i nt er nal t abl es:
orarouter1#showrmon al arm

Al arm1 i s acti ve, owned by dmauro
Moni tors i f Entry. 10. 2 every 60 second(s)
Taki ng absol ute sampl es, l ast val ue was 87051
Ri si ng threshol d i s 90000, assi gned to event 1
Fal l i ng threshol d i s 85000, assi gned to event 2
On startup enabl e ri si ng or f al l i ng al arm
The l ast l i ne of out put says t hat t he r out er wi l l enabl e t he
al ar mupon r eboot . As you' d expect , you can al so l ook at t he
al ar mset t i ngs t hr ough t he RMON MI B, begi nni ng wi t h t he subt r ee
1. 3. 6. 1. 2. 1. 16. As wi t h t he event s t hemsel ves, we can cr eat e,
change, edi t , and del et e ent r i es usi ng snmpset.
One pr obl emwi t h i nt er nal pol l i ng i s t hat get t i ng t r ends and
seei ng t he dat a i n a gr aph or t abl e i s di f f i cul t . Even i f you
devel op t he backend syst ems t o gat her MI B obj ect s and di spl ay
t hemgr aphi cal l y, r et r i evi ng dat a i s somet i mes pai nf ul . The
Mul t i Rout er Tr af f i c Gr apher ( MRTG) i s a gr eat pr ogr amt hat
al l ows you t o do bot h i nt er nal and ext er nal pol l i ng.
Fur t her mor e, i t i s desi gned t o gener at e gr aphs of your dat a i n
HTML f or mat . MRTG i s cover ed i n Chapt er 13.

9. 2 Ext ernal Pol l i ng
I t i s of t en i mpossi bl e t o pol l a devi ce i nt er nal l y, f or
t echni cal , secur i t y, or pol i t i cal r easons. For exampl e, t he
Syst emAdmi ni st r at i on gr oup may not be i n t he habi t of gi vi ng
out t he r oot passwor d, maki ng i t di f f i cul t f or you t o i nst al l
and mai nt ai n i nt er nal pol l i ng scr i pt s. However , t hey may have
no pr obl emwi t h i nst al l i ng and mai nt ai ni ng an SNMP agent such
as Concor d' s Syst emEDGE or Net - SNMP. I t ' s al so possi bl e t hat
you wi l l f i nd your sel f i n an envi r onment i n whi ch you l ack t he
knowl edge t o bui l d t he t ool s necessar y t o pol l i nt er nal l y.
Despi t e t he si t uat i on, i f an SNMP agent i s pr esent on a machi ne
t hat has obj ect s wor t h pol l i ng, you can use an ext er nal devi ce
t o pol l t he machi ne and r ead t he obj ect s' val ues.
[ 3]
Thi s
ext er nal devi ce can be one or mor e NMSs or ot her machi nes or
devi ces. For i nst ance, when you have a decent - si zed net wor k i t
i s somet i mes conveni ent , and possi bl y necessar y, t o di st r i but e
pol l i ng among sever al NMSs.
[3]
Many devi ces say they are SNMP- compati bl e but support onl y a
f ewMI Bs. Thi s makes pol l i ng nearl y i mpossi bl e. I f you don' t
have the obj ect(s) to pol l there i s nothi ng you can do, unl ess
there are hooks f or an extensi bl e agent. Even wi th extensi bl e

agents, unl ess you knowhowto program, the Si mpl e i n SNMP goes
away f ast.
Each of t he ext er nal pol l i ng engi nes we wi l l l ook at uses t he
same pol l i ng met hods, al t hough some NMSs i mpl ement ext er nal
pol l i ng di f f er ent l y. We' l l st ar t wi t h t he OpenVi ew xnmgraph
pr ogr am, whi ch can be used t o col l ect and di spl ay dat a
gr aphi cal l y. You can even use OpenVi ew t o save t he dat a f or
l at er r et r i eval and anal ysi s. We' l l i ncl ude some exampl es t hat
show how you can col l ect dat a and st or e i t aut omat i cal l y and
how you can r et r i eve t hat dat a f or di spl ay. Cast l e Rock' s SNMPc
al so has an excel l ent dat a- col l ect i on f aci l i t y t hat we wi l l use
t o col l ect and gr aph dat a.
9. 2. 1 Col l ect i ng and Di spl ayi ng Dat a wi t h OpenVi ew
One of t he easi est ways t o get some i nt er est i ng gr aphs wi t h
OpenVi ew i s t o use t he xnmgraph pr ogr am. You can r un xnmgraph
f r omt he command l i ne and f r omsome of NNM' s menus. One
pr act i cal way t o gr aph i s t o use OpenVi ew' s xnmbrowser t o
col l ect some dat a and t hen cl i ck " Gr aph. " I t ' s as easy as t hat .
I f t he node you ar e pol l i ng has mor e t han one i nst ance ( say,
mul t i pl e i nt er f aces) , OpenVi ew wi l l gr aph al l known i nst ances.
When an NMS quer i es a devi ce such as a r out er , i t det er mi nes
how many i nst ances ar e i n t he i f Tabl e and r et r i eves management
dat a f or each ent r y i n t he t abl e.
9. 2. 2 OpenVi ewGraphi ng
Fi gur e 9- 3 shows t he sor t of gr aph you can cr eat e wi t h NNM. To
cr eat e t hi s gr aph, we st ar t ed t he br owser ( Fi gur e 8- 2) and
cl i cked down t hr ough t he MI B t r ee unt i l we f ound t he
. i so. or g. dod. i nt er net . mgmt . mi b- 2. i nt er f aces. i f Tabl e. i f Ent r y
l i st . Once t her e, we cl i cked on i f I nOct et s; t hen, whi l e hol di ng
down t he Ct r l key, we cl i cked on i f Out Oct et s. Af t er bot h wer e
sel ect ed and we ver i f i ed t hat t he " Name or I P Addr ess" f i el d
di spl ayed t he node we want ed t o pol l , we cl i cked on t he " Gr aph"
but t on.
Fi gure 9- 3. OpenVi ewxnmgraph of oct et s i n/ out

Once t he gr aph has st ar t ed, you can change t he pol l i ng i nt er val
and t he col or s used t o di spl ay di f f er ent obj ect s. You can al so
t ur n of f t he di spl ay of some or al l of t he obj ect i nst ances.
The menu i t em" Vi ew Li ne Conf i gur at i on" l et s you speci f y
whi ch obj ect s you woul d l i ke t o di spl ay; i t can al so set
mul t i pl i er s f or di f f er ent i t ems. For exampl e, t o di spl ay
ever yt hi ng i n K, mul t i pl y t he dat a by . 001. Ther e i s al so an
opt i on ( " Vi ew St at i st i cs" ) t hat shows a st at i st i cal summar y
of your gr aph. Fi gur e 9- 4 shows some st at i st i cs f r omt he gr aph
i n Fi gur e 9- 3. Whi l e t he st at i st i cs menu i s up, you can l ef t -
cl i ck on t he gr aph; t he st at i st i cs wi ndow wi l l di spl ay t he
val ues f or t he speci f i c dat e and t i me t o whi ch you ar e poi nt i ng
wi t h t he mouse.
Fi gure 9- 4. xnmgraph st at i st i cs

St ar t i ng xnmgraph f r omt he command l i ne al l ows
you t o st ar t t he gr apher at a speci f i c pol l i ng
per i od and gi ves you sever al ot her opt i ons. By
def aul t , OpenVi ew pol l s at 10- second i nt er val s.
I n most cases t hi s i s f i ne, but i f you ar e
pol l i ng a mul t i por t r out er t o check i f some
t t d 10 d l l i

por t s ar e congest ed, a 10- second pol l i ng
i nt er val may be t oo qui ck and coul d cause
oper at i onal pr obl ems. For exampl e, i f t he CPU i s
busy answer i ng SNMP quer i es ever y 10 seconds,
t he r out er mi ght get bogged down and become ver y
sl ow, especi al l y i f t he r out er i s r esponsi bl e
f or OSPF or ot her CPU- i nt ensi ve t asks. You may
al so see messages f r omOpenVi ew compl ai ni ng t hat
anot her pol l has come al ong whi l e i t i s st i l l
wai t i ng f or t he pr evi ous pol l t o r et ur n.
I ncr easi ng t he pol l i ng i nt er val usual l y get s r i d
of t hese messages.

Some of NNM' s def aul t menus l et you use t he gr apher t o pol l
devi ces dependi ng on t hei r t ype. For exampl e, you can sel ect
t he obj ect t ype " r out er " on t he NNM and gener at e a gr aph t hat
i ncl udes al l your r out er s. Whet her you st ar t f r omt he command
l i ne or f r omt he menu, t her e ar e t i mes when you wi l l get a
message back t hat r eads " Request i ng mor e l i nes t han number of
col or s ( 25) . Reduci ng number of l i nes. " Thi s message means t hat
t her e ar en' t enough col or s avai l abl e t o di spl ay t he obj ect s you
ar e t r yi ng t o gr aph. The onl y good ways t o avoi d t hi s pr obl em
ar e t o br eak up your gr aphs so t hat t hey pol l f ewer obj ect s or
t o el i mi nat e obj ect i nst ances you don' t want . For exampl e, you
pr obabl y don' t want t o gr aph r out er i nt er f aces t hat ar e down
( f or what ever r eason) and ot her " dead" obj ect s. We wi l l soon
see how you can use a r egul ar expr essi on as one of t he
ar gument s t o t he xnmgraph command t o gr aph onl y t hose
i nt er f aces t hat ar e up and r unni ng.
Al t hough t he gr aphi cal i nt er f ace i s ver y conveni ent , t he
command- l i ne i nt er f ace gi ves you much mor e f l exi bi l i t y. The
f ol l owi ng scr i pt di spl ays t he gr aph i n Fi gur e 9- 3 ( i . e. , t he
gr aph we gener at ed t hr ough t he br owser ) :
#!/ bi n/ sh
#f i l ename: / opt/ OV/ l ocal / scri pts/ graphOctets
#syntax: graphOctets <hostname>
/ opt/ OV/ bi n/ xnmgraph - c publ i c - mi b
". i so. org. dod. i nternet. mgmt. mi b- 2. i nterf aces. i f Tabl e. i f Entry. i f I nOctets: : : : : : : : ,
. i so. org. dod. i nternet. mgmt. mi b- 2. i nterf aces. i f Tabl e. i f Entry. i f OutOctets: : : : : : : : "
$1
You can r un t hi s scr i pt wi t h t he command:
$ / opt / OV/ l ocal / scri pt s/ graphOct et s orarout er1
The wor st par t of wr i t i ng t he scr i pt i s f i gur i ng out what
command- l i ne opt i ons you want - - par t i cul ar l y t he l ong st r i ngs
of ni ne col on- separ at ed opt i ons. Al l t hese opt i ons gi ve you t he
abi l i t y t o r ef i ne what you want t o gr aph, how of t en you want t o
pol l t he obj ect s, and how you want t o di spl ay t he dat a. ( We' l l
di scuss t he synt ax of t hese opt i ons as we go al ong, but f or t he
compl et e st or y, see t he xnmgraph( 1) manpage. ) I n t hi s scr i pt ,

we' r e gr aphi ng t he val ues of t wo MI B obj ect s, i f I nOct et s and
i f Out Oct et s. Each OI D we want t o gr aph i s t he f i r st ( and i n
t hi s case, t he onl y) opt i on i n t he st r i ng of col on- separ at ed
opt i ons. On our net wor k, t hi s command pr oduces ei ght t r aces:
i nput and out put oct et s f or each of our f our i nt er f aces. You
can add ot her OI Ds t o t he gr aph by addi ng set s of opt i ons, but
at some poi nt t he gr aph wi l l become t oo conf usi ng t o be usef ul .
I t wi l l t ake some exper i ment i ng t o use t he xnmgraph command
ef f i ci ent l y, but once you l ear n how t o gener at e usef ul gr aphs
you' l l wonder how you ever got al ong wi t hout i t .

Keepi ng your scr i pt s neat i s not onl y good
pr act i ce, but al so aest het i cal l y pl easi ng. Usi ng
a " \ " at t he end of a l i ne i ndi cat es t hat t he
next l i ne i s a cont i nuat i on of t he cur r ent l i ne.
Br eaki ng your l i nes i nt el l i gent l y makes your
scr i pt s mor e r eadabl e. Be war ned t hat t he Uni x
shel l s do not l i ke ext r a whi t espace af t er t he
" \ " . The onl y char act er af t er each " \ " shoul d be
one car r i age r et ur n.

Now, l et ' s modi f y t he scr i pt t o i ncl ude mor e r easonabl e l abel s
- - i n par t i cul ar , we' d l i ke t he gr aph t o show whi ch i nt er f ace
i s whi ch, r at her t han j ust showi ng t he i ndex number . I n our
modi f i ed scr i pt , we' ve used numer i cal obj ect I Ds, most l y f or
f or mat t i ng conveni ence, and we' ve added a si xt h opt i on t o t he
ugl y sequence of col on- separ at ed opt i ons: . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2
( t hi s i s t he i f Descr , or i nt er f ace descr i pt i on, obj ect i n t he
i nt er f ace t abl e) . Thi s opt i on says t o pol l each i nst ance and
use t he r et ur n val ue of snmpget .1.3.6.1.2.1.2.2.1.2.INSTANCE
as t he l abel . Thi s shoul d gi ve us meani ngf ul l abel s. Her e' s t he
new scr i pt :
#!/ bi n/ sh
/ opt/ OV/ bi n/ xnmgraph - c publ i c - ti tl e Bi ts_I n_n_Out - mi b
". 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 6: : : : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : ,
. 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 8: : : : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : " $1
To see what we' l l get f or l abel s, her e' s t he r esul t of wal ki ng
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 2:
$ snmpwal k orarout er1 . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2
i nterf aces. i f Tabl e. i f Entry. i f Descr. 1 : DI SPLAY STRI NG- (asci i ): Ethernet0
i nterf aces. i f Tabl e. i f Entry. i f Descr. 2 : DI SPLAY STRI NG- (asci i ): Seri al 0
i nterf aces. i f Tabl e. i f Entry. i f Descr. 3 : DI SPLAY STRI NG- (asci i ): Seri al 1
Fi gur e 9- 5 shows our new gr aph. Wi t h t he addi t i on of t hi s si xt h
opt i on, t he names and l abel s ar e much easi er t o r ead.
Fi gure 9- 5. OpenVi ewxnmgraph wi t h newl abel s

Meani ngf ul l abel s and t i t l es ar e i mpor t ant , especi al l y i f
management i s i nt er est ed i n seei ng t he gr aphs. A l abel t hat
cont ai ns an OI D and not a t ext ual descr i pt i on i s of no use.
Some obj ect s t hat ar e usef ul i n bui l di ng l abel s ar e i f Type
( . 1. 3. 6. 1. 2. 1. 2. 2. 1. 3) and i f Oper St at us ( . 1. 3. 6. 1. 2. 1. 2. 2. 1. 8) .
Be car ef ul when usi ng i f Oper St at us; i f t he st at us of t he
i nt er f ace changes dur i ng a pol l , t he l abel does not change. The
l abel i s eval uat ed onl y once.
One of t he most wast ef ul t hi ngs you can do i s pol l a usel ess
obj ect . Thi s of t en happens when an i nt er f ace i s
admi ni st r at i vel y down or not conf i gur ed. I magi ne t hat you have
20 ser i al i nt er f aces, but onl y one i s act ual l y i n use. I f you
ar e l ooki ng f or oct et s i n and out of your ser i al i nt er f aces,
you' l l be pol l i ng 40 t i mes and 38 of t he pol l s wi l l al ways r ead
0. OpenVi ew' s xnmgraph al l ows you t o speci f y an OI D and r egul ar
expr essi on t o sel ect what shoul d be gr aphed. To put t hi s
f eat ur e t o use, l et ' s wal k t he MI B t o see what i nf or mat i on i s
avai l abl e:
$ snmpwal k orarout er1 . 1. 3. 6. 1. 2. 1. 2. 2. 1. 8
i nterf aces. i f Tabl e. i f Entry. i f OperStatus. 1 : I NTEGER: up
i nterf aces. i f Tabl e. i f Entry. i f OperStatus. 2 : I NTEGER: up
i nterf aces. i f Tabl e. i f Entry. i f OperStatus. 3 : I NTEGER: down
Thi s t el l s us t hat onl y t wo i nt er f aces ar e cur r ent l y up. By
l ooki ng at i f Descr , we see t hat t he l i ve i nt er f aces ar e
Et her net 0 and Ser i al 0; Ser i al 1 i s down. Not i ce t hat t he t ype of
i f Oper St at us i s I NTEGER, but t he r et ur n val ue l ooks l i ke a
st r i ng. How i s t hi s? RFC 1213 def i nes st r i ng val ues f or each
possi bl e r et ur n val ue:
i f OperStatus OBJ ECT- TYPE
SYNTAX I NTEGER {
up(1), - - ready to pass packets
down(2),
testi ng(3) - - i n some test mode
}
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The current operati onal state of the i nterf ace. The testi ng(3)
state i ndi cates that no operati onal packets can be passed. "
: : ={ i f Entry 8 }
I t ' s f ai r l y obvi ous how t o r ead t hi s: t he i nt eger val ue 1 i s
conver t ed t o t he st r i ng up. We can t her ef or e use t he val ue 1 i n
a r egul ar expr essi on t hat t est s i f Oper St at us. For ever y
i nst ance we wi l l check t he val ue of i f Oper St at us; we wi l l pol l

t hat i nst ance and gr aph t he r esul t onl y i f t he st at us r et ur ns
1. I n pseudocode, t he oper at i on woul d l ook somet hi ng l i ke t hi s:
i f (i f OperStatus ==1) {
pol l ForMI BData;
graphOctets;
}
Her e' s t he next ver si on of our gr aphi ng scr i pt . To put t hi s
l ogi c i nt o a gr aph, we use t he OI D f or i f Oper St at us as t he
f our t h col on opt i on, and t he r egul ar expr essi on ( 1) as t he
f i f t h opt i on:
#!/ bi n/ sh
/ opt/ OV/ bi n/ xnmgraph - c publ i c
- ti tl e Octets_I n_and_Out_For_Al l _Up_I nterf aces
- mi b ". 1. 3. 6. 1. 2. 1. 2. 2. 1. 10: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 8: 1: : : : ,
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 16: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 8: 1: : : : " $1
Thi s command gr aphs t he i f I nOct et s and i f Out Oct et s of any
i nt er f ace t hat has a cur r ent oper at i onal st at e equal t o 1, or
up. I t t her ef or e pol l s and gr aphs onl y t he por t s t hat ar e
i mpor t ant , savi ng on net wor k bandwi dt h and si mpl i f yi ng t he
gr aph. Fur t her mor e, we' r e l ess l i kel y t o r un out of col or s
whi l e maki ng t he gr aph because we won' t assi gn t hemt o usel ess
obj ect s. Not e, however , t hat t hi s sel ect i on happens onl y dur i ng
t he f i r st pol l and st ays ef f ect i ve t hr oughout t he ent i r e l i f e
of t he gr aphi ng pr ocess. I f t he st at us of any i nt er f ace changes
af t er t he gr aph has been st ar t ed, not hi ng i n t he gr aph wi l l
change. The onl y way t o di scover any changes i n i nt er f ace
st at us i s t o r est ar t xnmgraph.
Fi nal l y, l et ' s l ook at :
How to add a label to each of the OIDs we graph
How to multiply each value by a constant
How to specify the polling interval
The cr opped gr aph i n Fi gur e 9- 6 shows how t he l abel s change
when we r un t he f ol l owi ng scr i pt :
#!/ bi n/ sh
/ opt/ OV/ bi n/ xnmgraph - c publ i c - ti tl e I nternet_Traf f i c_I n_K - pol l 68 - mi b
". 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 6: I ncomi ng_Traf f i c: : : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : . 001: ,
. 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 8: Outgoi ng_Traf f i c: : : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : . 001: "
$1
The l abel s ar e gi ven by t he second and si xt h f i el ds i n t he
col on- separ at ed opt i ons ( t he second f i el d pr ovi des a t ext ual
l abel t o i dent i f y t he obj ect s we' r e gr aphi ng and t he si xt h uses
t he i f Descr f i el d t o i dent i f y t he par t i cul ar i nt er f ace) ; t he

const ant mul t i pl i er ( . 001) i s gi ven by t he ei ght h f i el d; and
t he pol l i ng i nt er val ( i n seconds) i s gi ven by t he -poll opt i on.
Fi gure 9- 6. xnmgraph wi t h l abel s and mul t i pl i ers

By now i t shoul d be appar ent how f l exi bl e OpenVi ew' s xnmgraph
pr ogr amr eal l y i s. These gr aphs can be i mpor t ant t ool s f or
t r oubl eshoot i ng your net wor k. When a net wor k manager r ecei ves
compl ai nt s f r omcust omer s r egar di ng sl ow connect i ons, he can
l ook at t he gr aph of i f I nOct et s gener at ed by xnmgraph t o see i f
any r out er i nt er f aces have unusual l y hi gh t r af f i c spi kes.
Gr aphs l i ke t hese ar e al so usef ul when you' r e set t i ng
t hr eshol ds f or al ar ms and ot her ki nds of t r aps. The l ast t hi ng
you want i s a t hr eshol d t hat i s t oo t r i gger y ( one t hat goes of f
t oo many t i mes) or a t hr eshol d t hat won' t go of f unt i l t he
ent i r e bui l di ng bur ns t o t he gr ound. I t ' s of t en usef ul t o l ook
at a f ew gr aphs t o get a f eel f or your net wor k' s behavi or
bef or e you st ar t set t i ng any t hr eshol ds. These gr aphs wi l l gi ve
you a basel i ne f r omwhi ch t o wor k. For exampl e, say you want t o
be not i f i ed when t he bat t er y on your UPS i s l ow ( whi ch means i t
i s bei ng used) and when i t i s back t o nor mal ( f ul l y char ged) .
The obvi ous way t o i mpl ement t hi s i s t o gener at e an al ar mwhen
t he bat t er y f al l s bel ow some per cent age of f ul l char ge, and
anot her al ar mwhen i t r et ur ns t o f ul l char ge. So t he quest i on
i s: what val ue can we set f or t he t hr eshol d? Shoul d we use 10%
t o i ndi cat e t hat t he bat t er y i s bei ng used and 100%t o i ndi cat e
t hat i t ' s back t o nor mal ? We can f i nd t he basel i ne by gr aphi ng
t he devi ce' s MI Bs.
[ 5]
For exampl e, wi t h a f ew days' wor t h of
gr aphs, we can see t hat our UPS' s bat t er y st ays r i ght ar ound
94- 97%when i t i s not i n use. Ther e was a br i ef per i od when t he
bat t er y dr opped down t o 89%, when i t was per f or mi ng a sel f -
t est . Based on t hese number s, we may want t o set t he " i n use"
t hr eshol d at 85%and t he " back t o nor mal " t hr eshol d at 94%.
Thi s pai r of t hr eshol ds gi ves us pl ent y of not i f i cat i on when
t he bat t er y' s i n use, but won' t gener at e usel ess al ar ms when
t he devi ce i s i n sel f - t est mode. The appr opr i at e t hr eshol ds
depend on t he t ype of devi ces you ar e pol l i ng, as wel l as t he
MI B dat a t hat i s gat her ed. Doi ng some i ni t i al t est i ng and
pol l i ng t o get a basel i ne ( nor mal number s) wi l l hel p you set
t hr eshol ds t hat ar e meani ngf ul and usef ul .
[5]
Di f f erent vendors have di f f erent UPS MI Bs. Ref er to your
parti cul ar vendor' s MI B to f i nd out whi ch obj ect represents l ow
battery power.

Bef or e l eavi ng xnmgraph, we' l l t ake a f i nal l ook at t he
nast i est aspect of t hi s pr ogr am: t he sequence of ni ne col on-
separ at ed opt i ons. I n t he exampl es, we' ve demonst r at ed t he most
usef ul combi nat i ons of opt i ons. I n mor e det ai l , her e' s t he
synt ax of t he gr aph speci f i cat i on:
obj ect: l abel : i nstances: match: expressi on: i nstance- l abel : truncator: mul ti pl i er: nodes
The par amet er s ar e:
object
The OID of the object whose values you want to graph. This
can be in either numeric or human-readable form, but it
should not have an instance number at the end. It can also
be the name of an expression (expressions are discussed in
Appendix A).
label
A string to use in making the label for all instances of
this object. This can be a literal string or the OID of
some object with a string value. The label used on the
graph is made by combining this label (for all instances
of the object) with instance-label, which identifies
individual instances of an object in a table. For example,
in Figure 9-6, the labels are Incoming_Traffic and
Outgoing_Traffic; instance-label is 1.3.6.1.2.1.2.2.1.2,
or the ifDescr field for each object being graphed.
instances
A regular expression that specifies which instances of
object to graph. If this is omitted, all instances are
graphed. For example, the regular expression 1 limits the
graph to instance 1 of object; the regular expression [4- 7]
limits the graph to instances 4 through 7. You can use the
match and expression fields to further specify which
objects to match.
match
The OID of an object (not including the instance ID) to
match against a regular expression (the match-expression),
to determine which instances of the object to display in
the graph.
expression
A regular expression; for each instance, the object given
by match is compared to this regular expression. If the
two match, the instance is graphed.
instance-label
A label to use to identify particular instances of the
object you are graphing. This is used in combination with
the label and truncator fields to create a label for each
instance of each object being graphed.
truncator
A string that will be removed from the initial portion of
the instance label, to make it shorter.
multiplier

A number that's used to scale the values being graphed.
nodes
The nodes to poll to create the graph. You can list any
number of nodes, separated by spaces. The wildcard "*"
polls all the nodes in OpenView's database. If you omit
this field, xnmgraph takes the list of nodes from the
final argument on the command line.
The onl y r equi r ed f i el d i s obj ect ; however , as we' ve seen, you
must have al l ei ght col ons even i f you l eave some ( or most ) of
t he f i el ds empt y.
9. 2. 3 OpenVi ewDat a Col l ect i on and Threshol ds
Once you cl ose t he OpenVi ew gr aphs, t he dat a i n t hemi s l ost
f or ever . OpenVi ew pr ovi des a way t o f i x t hi s pr obl emwi t h dat a
col l ect i on. Dat a col l ect i on al l ows t he user t o pol l and r ecor d
dat a cont i nuousl y. I t can al so l ook at t hese r esul t s and
t r i gger event s. One benef i t of dat a col l ect i on i s t hat i t can
wat ch t he net wor k f or you whi l e you' r e not t her e; you can st ar t
col l ect i ng dat a on Fr i day t hen l eave f or t he weekend knowi ng
t hat any i mpor t ant event s wi l l be r ecor ded i n your absence.
You can st ar t OpenVi ew' s Dat a Col l ect i on and Thr eshol ds
f unct i on f r omt he command l i ne, usi ng t he command
$OV_BIN/xnmcollect, or f r omNNM under t he Opt i ons menu. Thi s
br i ngs you t o t he " Dat a Col l ect i on and Thr eshol ds" wi ndow,
shown i n Fi gur e 9- 7, whi ch di spl ays a l i st of al l t he
col l ect i ons you have conf i gur ed and a summar y of t he col l ect i on
par amet er s.
Fi gure 9- 7. OpenVi ew' s Dat a Col l ect i on and Threshol ds wi ndow

Conf i gur ed col l ect i ons t hat ar e i n " Suspended" mode appear i n a
dar k or bol d f ont . Thi s i ndi cat es t hat OpenVi ew i s not
col l ect i ng any dat a f or t hese obj ect s. A " Col l ect i ng" st at us
i ndi cat es t hat OpenVi ew i s pol l i ng t he sel ect ed nodes f or t he
gi ven obj ect and savi ng t he dat a. To change t he st at us of a
col l ect i on, sel ect t he obj ect , cl i ck on " Act i ons, " and t hen
cl i ck on ei t her " Suspend Col l ect i on" or " Resume Col l ect i on. "
( Not e t hat you must save your changes bef or e t hey wi l l t ake
ef f ect . )
9. 2. 3. 1 Desi gni ng col l ect i ons
To desi gn a new col l ect i on, cl i ck on " Edi t Add MI B Obj ect . "
Thi s t akes you t o a new scr een. At t he t op, cl i ck on " MI B
Obj ect "
[ 6]
and cl i ck down t hr ough t he t r ee unt i l you f i nd t he
obj ect you woul d l i ke t o pol l . To l ook at t he st at us of our
pr i nt er ' s paper t r ay, f or exampl e, we need t o navi gat e down t o
. i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. hp. nm. syst em. net -
per i pher al . net -
pr i nt er . gener al Devi ceSt at us. gdSt at usEnt r y. gdSt at usPaper Out
( . 1. 3. 6. 1. 4. 1. 11. 2. 3. 9. 1. 1. 2. 8) .
[ 7]
The obj ect ' s descr i pt i on
suggest s t hat t hi s i s t he i t emwe want : i t r eads " Thi s
i ndi cat es t hat t he per i pher al i s out of paper . " ( I f you al r eady
know what you' r e l ooki ng f or , you can ent er t he name or OI D
di r ect l y. ) Once t her e, you can change t he name of t he
col l ect i on t o somet hi ng t hat i s easi er t o r ead. Cl i ck " OK" t o
move f or war d. Thi s br i ngs you t o t he menu shown i n Fi gur e 9- 8.
[6]
You can col l ect the val ue of an expressi on i nstead of a
si ngl e MI B obj ect. The topi c of expressi ons i s out of the scope
of thi s book but i s expl ai ned i n the mi bExpr. conf (4) manpage.
[7]
Thi s obj ect i s i n HP' s pri vate MI B, so i t won' t be avai l abl e
unl ess you have HP pri nters and have i nstal l ed the appropri ate
MI Bs. Note that there i s a standard pri nter MI B, RFC 1759, but
HP' s MI B has more usef ul i nf ormati on.
Fi gure 9- 8. OpenVi ewpol l conf i gurat i on menu

The " Sour ce" f i el d i s wher e you speci f y t he nodes f r omwhi ch
you woul d l i ke t o col l ect dat a. Ent er t he host names or I P
addr esses you want t o pol l . You can use wi l dcar ds l i ke
198. 27. 6. * i n your I P addr esses; you can al so cl i ck " Add Map"
t o add any nodes cur r ent l y sel ect ed. We suggest t hat you st ar t
wi t h one node f or t est i ng pur poses. Addi ng mor e nodes t o a
col l ect i on i s easy once you have ever yt hi ng set up cor r ect l y;
you j ust r et ur n t o t he wi ndow i n Fi gur e 9- 8 and add t he nodes
t o t he Sour ce l i st .
" Col l ect i on Mode" l et s you speci f y what t o do wi t h t he dat a NNM
col l ect s. Ther e ar e f our col l ect i on modes: " Excl ude
Col l ect i on, " " St or e, Check Thr eshol ds, " " St or e, No Thr eshol ds, "
and " Don' t St or e, Check Thr eshol ds. " Except f or " Excl ude
Col l ect i on, " whi ch al l ows us t o t ur n of f i ndi vi dual col l ect i ons
f or each devi ce, t he col l ect i on modes ar e f ai r l y sel f -
expl anat or y. ( " Excl ude Col l ect i on" may sound odd, but i t i s
ver y usef ul i f you want t o excl ude some devi ces f r omcol l ect i on
wi t hout st oppi ng t he ent i r e pr ocess; f or exampl e, you may have
a r out er wi t h a har dwar e pr obl emt hat i s bombar di ng you wi t h
meani ngl ess dat a. ) Dat a col l ect i on wi t hout a t hr eshol d i s
easi er t han col l ect i on wi t h a t hr eshol d, so we' l l st ar t t her e.
Set t he Col l ect i on Mode t o " St or e, No Thr eshol ds. " Thi s di sabl e
( gr ays out ) t he bot t ompar t of t he menu, whi ch i s used f or
t hr eshol d par amet er s. ( Sel ect " St or e, Check Thr eshol ds" i f you
want bot h dat a col l ect i on and t hr eshol d moni t or i ng. ) Then cl i ck
" OK" and save t he new col l ect i on. You can now wat ch your
col l ect i on gr ow i n t he $OV_DB/snmpCollect di r ect or y. Each
col l ect i on consi st s of a bi nar y dat af i l e, pl us a f i l e wi t h t he
same name pr eceded by an excl amat i on mar k ( ! ) ; t hi s f i l e st or es
t he col l ect i on i nf or mat i on. The dat a- col l ect i on f i l es wi l l gr ow

wi t hout bounds. To t r i mt hese f i l es wi t hout di st ur bi ng t he
col l ect or , del et e al l f i l es t hat do not cont ai n an " ! " mar k.
Cl i cki ng on " Onl y Col l ect on Nodes wi t h sysObj ect I D: " al l ows
you t o ent er a val ue f or sysObj ect I D. sysObj ect I D
( i so. or g. dod. i nt er net . mgmt . mi b- 2. syst em. sysObj ect I D) l et s you
l i mi t pol l i ng t o devi ces made by a speci f i c manuf act ur er . I t s
val ue i s t he ent er pr i se number t he devi ce' s manuf act ur er has
r egi st er ed wi t h I ANA. For exampl e, Ci sco' s ent er pr i se number i s
9, and HP' s i s 11 ( t he compl et e l i st i s avai l abl e at
ht t p: / / www. i si . edu/ i n- not es/ i ana/ assi gnment s/ ent er pr i se-
number s) ; t her ef or e, t o r est r i ct pol l i ng t o devi ces
manuf act ur ed by HP, set t he sysObj ect I D t o 11. RFC 1213
f or mal l y def i nes sysObj ect I D ( 1. 3. 6. 1. 2. 1. 1. 2) as f ol l ows:
sysObj ectI D OBJ ECT- TYPE
SYNTAX OBJ ECT I DENTI FI ER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The vendor' s authori tati ve i denti f i cati on of the network
management subsystemcontai ned i n the enti ty. Thi s val ue
i s al l ocated wi thi n the SMI enterpri ses subtree (1. 3. 6. 1. 4. 1)
and provi des an easy and unambi guous means f or determi ni ng
what ki nd of box' i s bei ng managed. For exampl e, i f vendor
' Fl i ntstones, I nc. ' was assi gned the subtree 1. 3. 6. 1. 4. 1. 4242,
i t coul d assi gn the i denti f i er 1. 3. 6. 1. 4. 1. 4242. 1. 1 to i ts
' Fred Router' . "
: : ={ system2 }
The pol l i ng i nt er val i s t he per i od at whi ch pol l i ng occur s. You
can use one- l et t er abbr evi at i ons t o speci f y uni t s: " s" f or
seconds, " m" f or mi nut es, " h" f or hour s, " d" f or days. For
exampl e, 32s i ndi cat es 32 seconds; 1. 5d i ndi cat es one and a
hal f days. When I ' mdesi gni ng a dat a col l ect i on, I usual l y
st ar t wi t h a ver y shor t pol l i ng i nt er val - - t ypi cal l y 7s ( 7
seconds bet ween each pol l ) . You pr obabl y woul dn' t want t o use a
pol l i ng i nt er val t hi s shor t i n pr act i ce ( al l t he dat a you
col l ect i s goi ng t o have t o be st or ed somewher e) , but when
you' r e set t i ng up a col l ect i on, i t ' s of t en conveni ent t o use a
shor t pol l i ng i nt er val . You don' t want t o wai t a l ong t i me t o
f i nd out whet her you' r e col l ect i ng t he r i ght dat a.
The next opt i on i s a dr op- down menu t hat speci f i es what
i nst ances shoul d be pol l ed. The opt i ons ar e " Al l , " " Fr omLi st , "
and " Fr omRegul ar Expr essi on. " I n t hi s case we' r e pol l i ng a
scal ar i t em, so we don' t have t o wor r y about i nst ances; we can
l eave t he set t i ng t o " Al l " or sel ect " Fr omLi st " and speci f y
i nst ance " 0" ( t he i nst ance number f or al l scal ar obj ect s) . I f
you' r e pol l i ng a t abul ar obj ect , you can ei t her speci f y a
comma- separ at ed l i st of i nst ances or choose t he " Fr omRegul ar
Expr essi on" opt i on and wr i t e a r egul ar expr essi on t hat sel ect s
t he i nst ances you want . Save your changes ( " Fi l e Save" ) , and
you' r e done.

9. 2. 3. 2 Creat i ng a t hreshol d
Once you' ve set al l t hi s up, you' ve conf i gur ed NNM t o
per i odi cal l y col l ect t he st at us of your pr i nt er ' s paper t r ay.
Now f or somet hi ng mor e i nt er est i ng: l et ' s use t hr eshol ds t o
gener at e some sor t of not i f i cat i on when t he t r af f i c comi ng i n
t hr ough one of our net wor k i nt er f aces exceeds a cer t ai n l evel .
To do t hi s, we' l l l ook at a Ci sco- speci f i c obj ect ,
l ocI f I nBi t sSec ( mor e f or mal l y
i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. ci sco. l ocal . l i nt er f ace
s. l i f Tabl e. l i f Ent r y. l ocI f I nBi t sSec) , whose val ue i s t he f i ve-
mi nut e aver age of t he r at e at whi ch dat a ar r i ves at t he
i nt er f ace, i n bi t s per second. ( Ther e' s a cor r espondi ng obj ect
cal l ed l ocI f Out Bi t sSec, whi ch measur es t he dat a l eavi ng t he
i nt er f ace. ) The f i r st par t of t he pr ocess shoul d be f ami l i ar :
st ar t Dat a Col l ect i on and Thr eshol ds by goi ng t o t he Opt i ons
menu of NNM; t hen cl i ck on " Edi t Add MI B Obj ect . " Navi gat e
t hr ough t he obj ect t r ee unt i l you get t o l ocI f I nBi t sSec; cl i ck
" OK" t o get back t o t he scr een shown i n Fi gur e 9- 8. Speci f y t he
I P addr esses of t he i nt er f aces you want t o moni t or and set t he
col l ect i on mode t o " St or e, Check Thr eshol ds" ; t hi s al l ows you
t o r et r i eve and vi ew t he dat a at a l at er t i me. ( I t ypi cal l y
t ur n on t he " St or e" f unct i on so I can ver i f y t hat t he col l ect or
i s act ual l y wor ki ng and vi ew any dat a t hat has accumul at ed. )
Pi ck a r easonabl e pol l i ng i nt er val - - agai n, when you' r e
t est i ng i t ' s r easonabl e t o use a shor t i nt er val - - t hen choose
whi ch i nst ances you' d l i ke t o pol l , and you' r e r eady t o set
t hr eshol ds.
The " Thr eshol d" f i el d l et s you speci f y t he poi nt at whi ch t he
val ue you' r e moni t or i ng becomes i nt er est i ng. What " i nt er est i ng"
means i s up t o you. I n t hi s case, l et ' s assume t hat we' r e
moni t or i ng a T1 connect i on, wi t h a capaci t y of 1. 544
Mbi t s/ second. Let ' s say somewhat ar bi t r ar i l y t hat we' l l st ar t
wor r yi ng when t he i ncomi ng t r af f i c exceeds 75%of our capaci t y.
So, af t er mul t i pl yi ng, we set t he t hr eshol d t o " > 1158000" . Of
cour se, net wor k t r af f i c i s f undament al l y bur st y, so we won' t
wor r y about a si ngl e peak - - but i f we have t wo or t hr ee
consecut i ve r eadi ngs t hat exceed t he t hr eshol d, we want t o be
not i f i ed. So l et ' s set " consecut i ve sampl es" t o 3: t hat shi el ds
us f r omget t i ng unwant ed not i f i cat i ons, whi l e pr ovi di ng ampl e
not i f i cat i on i f somet hi ng goes wr ong.
Set t i ng an appr opr i at e consecut i ve sampl es val ue wi l l make your
l i f e much mor e pl easant , t hough pi cki ng t he r i ght val ue i s
somet hi ng of an ar t . Anot her exampl e i s moni t or i ng t he / t mp
par t i t i on of a Uni x syst em. I n t hi s case, you may want t o set
t he t hr eshol d t o " >= 85" , t he number of consecut i ve sampl es t o
2, and t he pol l i nt er val t o 5m. Thi s wi l l gener at e an event
when t he usage on / t mp exceeds 85%f or t wo consecut i ve pol l s.
Thi s choi ce of set t i ngs means t hat you won' t get a f al se al ar m
i f a user copi es a l ar ge f i l e t o / t mp and t hen del et es t he f i l e
a f ew mi nut es l at er . I f you set consecut i ve sampl es t o 1, NNM

wi l l gener at e a Thr eshol d event as soon as i t not i ces t hat / t mp
i s f i l l i ng up, even i f t he condi t i on i s onl y t empor ar y and
not hi ng t o be concer ned about . I t wi l l t hen gener at e a Rear m
event af t er t he user del et es t he f i l e. Si nce we ar e r eal l y onl y
wor r i ed about / t mp f i l l i ng up and st ayi ng f ul l , set t i ng t he
consecut i ve t hr eshol d t o 2 can hel p r educe t he number of f al se
al ar ms. Thi s i s gener al l y a good st ar t i ng val ue f or consecut i ve
sampl es, unl ess your pol l i ng i nt er val i s ver y hi gh.
The r ear mpar amet er s l et us speci f y when ever yt hi ng i s back t o
nor mal or i s, at t he ver y l east , st ar t i ng t o r et ur n t o nor mal .
Thi s st at e must occur bef or e anot her t hr eshol d i s met . You can
speci f y ei t her an absol ut e val ue or a per cent age. When
moni t or i ng t he packet s ar r i vi ng at an i nt er f ace, you mi ght want
t o set t he r ear mt hr eshol d t o somet hi ng l i ke 926, 400 bi t s per
second ( an absol ut e val ue t hat happens t o be 60%of t he t ot al
capaci t y) or 80%of t he t hr eshol d ( al so 60%of capaci t y) .
Li kewi se, i f you' r e gener at i ng an al ar mwhen / t mp exceeds 85%
of capaci t y, you mi ght want t o r ear mwhen t he f r ee space
r et ur ns t o 80%of your 85%t hr eshol d ( 68%of capaci t y) . You can
al so speci f y t he number of consecut i ve sampl es t hat need t o
f al l bel ow t he r ear mpoi nt bef or e NNM wi l l consi der t he r ear m
condi t i on met .
The f i nal opt i on, " Conf i gur e Thr eshol d Event , " asks what
OpenVi ew event s you woul d l i ke t o execut e f or each st at e. You
can l eave t he def aul t event , or you can r ef er t o Chapt er 10 f or
mor e on how t o conf i gur e event s. The " Thr eshol d" st at e needs a
speci f i c event number t hat must r esi de i n t he HP ent er pr i se.
The def aul t Thr eshol d event i s OV_Dat aCol l ect Thr esh - 58720263.
Not e t hat t he Thr eshol d event i s al ways an odd number . The
Rear mevent i s t he next number af t er t he Thr eshol d event : i n
t hi s case, 58720264. To conf i gur e event s ot her t han t he
def aul t , cl i ck on " Conf i gur e Thr eshol d Event " and, when t he new
menu comes up, add one event ( wi t h an odd number ) t o t he HP
sect i on and a second event f or t he cor r espondi ng Rear m. Af t er
maki ng t he addi t i ons, save and r et ur n t o t he Col l ect i on wi ndows
t o ent er t he new number .
When you f i ni sh conf i gur i ng t he dat a col l ect i on, cl i ck " OK. "
Thi s br i ngs you back t o t he Dat a Col l ect i on and Thr eshol ds
menu. Cl i ck " Fi l e Save" t o make your cur r ent addi t i ons
act i ve. On t he bot t omhal f of t he " MI B Obj ect Col l ect i on
Summar y" wi ndow, cl i ck on your new obj ect and t hen on " Act i ons
Test SNMP. " Thi s br i ngs up a wi ndow showi ng t he r esul t s of an
SNMP t est on t hat col l ect i on. Af t er t he t est , wai t l ong enough
f or your pol l i ng i nt er val t o have expi r ed once or t wi ce. Then
cl i ck on t he obj ect col l ect i on agai n, but t hi s t i me cl i ck on
" Act i ons Show Dat a. " Thi s wi ndow shows t he dat a t hat has been
gat her ed so f ar . Tr y bl ast i ng dat a t hr ough t he i nt er f ace t o see
i f you can t r i gger a Thr eshol d event . I f t he Thr eshol d event s
ar e not occur r i ng, ver i f y t hat your t hr eshol d and pol l i ng
i nt er val s ar e set cor r ect l y. Af t er you' ve seen a Thr eshol d

event occur , wat ch how t he Rear mevent get s execut ed. When
you' r e f i ni shed t est i ng, go back and set up r eal i st i c pol l i ng
per i ods, add any addi t i onal nodes you woul d l i ke t o pol l , and
t ur n of f st or i ng i f you don' t want t o col l ect dat a f or t r end
anal ysi s. Ref er t o t he $OV_LOG/snmpCol.trace f i l e i f you ar e
havi ng any pr obl ems get t i ng your dat a col l ect i on r ol l i ng. Your
HP OpenVi ew manual shoul d descr i be how t o use t hi s t r ace f i l e
t o t r oubl eshoot most pr obl ems.
Once you have col l ect ed some dat a, you can use xnmgraph t o
di spl ay i t . The xnmgraph command t o use i s si mi l ar t o t he ones
we saw ear l i er ; i t ' s an awkwar d command t hat you' l l want t o
save i n a scr i pt . I n t he f ol l owi ng scr i pt , t he -browse opt i on
poi nt s t he gr apher at t he st or ed dat a:
#!/ bi n/ sh
#f i l ename: / opt/ OV/ l ocal / scri pts/ graphSavedData
#syntax: graphSavedData <hostname>
/ opt/ OV/ bi n/ xnmgraph - c publ i c - ti tl e Bi ts_I n_n_Out_For_Al l _Up_I nterf aces
- browse - mi b
". 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 6: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 8: 1: . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : ,
. 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 8: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 8: 1: . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : "
$1
Once t he gr aph has st ar t ed, no r eal ( l i ve) dat a wi l l be
gr aphed; t he di spl ay i s l i mi t ed t o t he dat a t hat has been
col l ect ed. You can cl i ck on " Fi l e Updat e Dat a" t o check f or
and i nser t any dat a t hat has been gat her ed si nce t he st ar t of
t he gr aph. Anot her opt i on i s t o l eave of f -browse, whi ch al l ows
t he gr aph t o cont i nue col l ect i ng and di spl ayi ng t he l i ve dat a
al ong wi t h t he col l ect ed dat a.
Fi nal l y, t o gr aph al l t he dat a t hat has been col l ect ed f or a
speci f i c node, go t o NNM and sel ect t he node you woul d l i ke t o
i nvest i gat e. Then sel ect " Per f or mance Gr aph SNMP Dat a
Sel ect Nodes" f r omt he menus. You wi l l get a gr aph of al l t he
dat a t hat has been col l ect ed f or t he node you sel ect ed.
Al t er nat el y, sel ect t he " Al l " opt i on i n " Per f or mance Gr aph
SNMP Dat a. " Wi t h t he number of col or s l i mi t ed t o 25, you wi l l
usual l y f i nd t hat you can' t f i t ever yt hi ng i nt o one gr aph.
9. 2. 4 Cast l e Rock' s SNMPc
The wor kgr oup edi t i on of Cast l e Rock' s SNMPc pr ogr amhas
si mi l ar capabi l i t i es t o t he OpenVi ew package. I t uses t he t er m
" t r end r epor t i ng" f or i t s dat a col l ect i on and t hr eshol d
f aci l i t i es. The ent er pr i se edi t i on of SNMPc even al l ows you t o
expor t dat a t o a web page. I n al l our exampl es we use t he
wor kgr oup edi t i on of SNMPc.
To see how SNMPc wor ks, l et ' s gr aph t he snmpOut Pkt s obj ect .
Thi s obj ect ' s OI D i s 1. 3. 6. 1. 2. 1. 11. 2
( i so. or g. dod. i nt er net . mgmt . mi b- 2. snmp. snmpOut Pkt s) . I t i s
def i ned i n RFC 1213 as f ol l ows:

snmpOutPkts OBJ ECT- TYPE
SYNTAX Counter
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The total number of SNMP messages whi ch were passed f rom
the SNMP protocol enti ty to the transport servi ce. "
: : ={ snmp 2 }
We' l l use t he or ahub devi ce f or t hi s exampl e. St ar t by cl i cki ng
on t he MI B Dat abase sel ect i on t ab shown i n Fi gur e 9- 9; t hi s i s
t he t ab at t he bot t omof t he scr een t hat l ooks somet hi ng l i ke a
spr eadsheet - - i t ' s t he second f r omt he l ef t . Cl i ck down t he
t r ee unt i l you come t o i so. or g. dod. i nt er net . mgmt . mi b- 2. snmp.
Cl i ck on t he obj ect you woul d l i ke t o gr aph ( f or t hi s exampl e,
snmpOut Pkt s) . You can sel ect mul t i pl e obj ect s wi t h t he Ct r l
key.
Fi gure 9- 9. SNMPc MI B Dat abase vi ew

SNMPc has a nonst andar d way of or gani zi ng MI B
i nf or mat i on. To get t o t he snmpOut Pkt s obj ect ,
you need t o cl i ck down t hr ough t he f ol l owi ng:
" Snmp MI Bs mgmt snmp snmpI nf o. " Though
t hi s i s qui cker t han t he RFC- based or gani zat i on
used by most pr oduct s, i t does get a l i t t l e
conf usi ng, par t i cul ar l y i f you wor k wi t h sever al
pr oduct s.

Once you have sel ect ed t he appr opr i at e MI B obj ect , r et ur n t o
t he t op l evel of your map by ei t her sel ect i ng t he house i con or
cl i cki ng on t he Root Subnet t ab ( at t he f ar l ef t ) t o sel ect t he
devi ce you woul d l i ke t o pol l . I nst ead of f i ndi ng and cl i cki ng
on t he devi ce, you can ent er i n t he devi ce' s name by hand. I f
you have pr evi ousl y pol l ed t he devi ce, you can sel ect i t f r om
t he dr op- down box. Fi gur e 9- 10 shows what a compl et ed menu bar
shoul d l ook l i ke.
Fi gure 9- 10. SNMPc menu bar graph sect i on

To begi n gr aphi ng, cl i ck t he but t on wi t h t he smal l j agged gr aph
( t he t hi r d f r omt he r i ght ) . Anot her wi ndow wi l l appear
di spl ayi ng t he gr aph ( Fi gur e 9- 11) . The cont r ol s at t he t op
change t he t ype of gr aph ( l i ne, bar , pi e, di st r i but i on, et c. )
and t he pol l i ng i nt er val and al l ow you t o vi ew hi st or i cal dat a
( t he hor i zont al sl i der bar ) . Revi ew t he document at i on on how
each of t hese wor k or , bet t er yet , pl ay ar ound t o l ear n t hese
menus even f ast er .
Fi gure 9- 11. SNMPc snmpOut Pkt s graph sect i on

Once you have a col l ect i on of f r equent l y used gr aphs, you can
i nser t t hemi nt o t he cust ommenus. Let ' s i nser t a menu i t emi n
t he Tool s menu t hat di spl ays al l t he i nf or mat i on i n t he
snmpI nf o t abl e as a pi e char t . Cl i ck on t he Cust omMenus t ab
( t he l ast one) , r i ght - cl i ck on t he Tool s f ol der , and t hen l ef t -
cl i ck on " I nser t Menu" . Thi s get s you t o t he " Add Cust omMenu"
wi ndow ( Fi gur e 9- 12) . Ent er a menu name and sel ect " Pi e" f or

t he di spl ay t ype. Use t he br owse but t on ( >>) t o cl i ck down t he
t r ee of MI B obj ect s unt i l you r each t he snmpI nf o t abl e; t hen
cl i ck " OK. " Back at " Add Cust omMenu, " use t he checkboxes i n
t he " Use Sel ect ed Obj ect " sect i on t o speci f y t he t ypes of nodes
t hat wi l l be abl e t o r espond t o t hi s cust ommenu i t em. For
exampl e, t o char t snmpI nf o a devi ce obvi ousl y needs t o suppor t
SNMP, so we' ve checked t he " Has SNMP" box. Thi s i nf or mat i on i s
used when you ( or some ot her user ) t r y t o gener at e t hi s char t
f or a gi ven devi ce. I f t he devi ce doesn' t suppor t t he necessar y
pr ot ocol s, t he menu ent r y f or t he pi e char t wi l l be di sabl ed.
Fi gure 9- 12. SNMPc Add Cust omMenu wi ndow

Cl i ck " OK" and pr oceed t o your map t o f i nd a devi ce t o t est .
Any SNMP- compat i bl e devi ce shoul d suf f i ce. Once you have
sel ect ed a devi ce, cl i ck on " Tool s" and t hen " Show Pi e Char t of
snmpI nf o. " You shoul d see a pi e char t di spl ayi ng t he dat a
col l ect ed f r omt he MI B obj ect s you have conf i gur ed. ( I f t he
devi ce doesn' t suppor t SNMP, t hi s opt i on wi l l be di sabl ed. )
Al t er nat el y, you coul d have doubl e- cl i cked your new menu i t em
i n t he Cust omMenu t ab.
SNMPc has a t hr eshol d syst emcal l ed Aut omat i c Al ar ms t hat can
t r ack t he val ue of an obj ect over t i me t o det er mi ne i t s hi ghs
and l ows ( peaks and t r oughs) and get a basel i ne. Af t er i t
obt ai ns t he basel i ne, i t al er t s you i f somet hi ng st r ays out of
bounds. I n t he mai n menu, cl i cki ng on " Conf i g Tr end Repor t s"
br i ngs up t he menu shown i n Fi gur e 9- 13.
Fi gure 9- 13. SNMPc Trend Report s Gl obal Set t i ngs menu

Check t he " Enabl e Aut omat i c Al ar ms" box t o enabl e t hi s f eat ur e.
The " Li mi t Al ar ms For " box l et s you speci f y how much t i me must
pass bef or e you can r ecei ve anot her al ar mof t he same nat ur e.
Thi s pr event s you f r ombei ng f l ooded by t he same message over
and over agai n. The next sect i on, " Basel i ne Cr eat i on, " l et s you
conf i gur e how t he basel i ne wi l l be l ear ned. The l ear ni ng per i od
i s how l ong SNMPc shoul d t ake t o f i gur e out what t he basel i ne
r eal l y i s. The " Expand Af t er " opt i on, i f checked, st at es how
many al ar ms you can get i n one day bef or e SNMPc i ncr eases t he
basel i ne par amet er s. I n Fi gur e 9- 13, i f we wer e t o get f our
al ar ms i n one day, SNMPc woul d i ncr ease t he t hr eshol d t o
pr event t hese messages f r ombei ng gener at ed so f r equent l y.
Checki ng t he " Reduce On No Al ar ms I n One Week" box t el l s SNMPc
t o r educe t he basel i ne i f we don' t r ecei ve any al ar ms i n one
week. Thi s opt i on pr event s t he basel i ne f r ombei ng set so hi gh
t hat we never r ecei ve any al ar ms. I f you check t he l ast opt i on
and cl i ck " OK, " SNMPc wi l l r est ar t t he l ear ni ng pr ocess. Thi s
gi ves you a way t o wi pe t he sl at e cl ean and st ar t over .
9. 2. 5 Open Source Tool s f or Dat a Col l ect i on and Graphi ng
One of t he most power f ul t ool s f or dat a col l ect i on and gr aphi ng
i s MRTG, f ami l i ar t o many i n t he open sour ce communi t y. I t
col l ect s st at i st i cs and gener at es gr aphi cal r epor t s i n t he f or m
of web pages. I n many r espect s, i t ' s a di f f er ent ki nd of ani mal
t han t he t ool s di scussed i n t hi s chapt er . We cover MRTG i n
Chapt er 13.
Chapter 10. Traps
Tr aps pr ovi de a way f or an agent t o send a moni t or i ng st at i on
asynchr onous not i f i cat i on about condi t i ons t hat t he moni t or
shoul d know about . The t r aps t hat an agent can gener at e ar e
def i ned by t he MI Bs i t suppor t s; t he number of t r aps can r ange
f r omzer o t o hundr eds. To see what t r aps ar e def i ned i n any MI B

f i l e, sear ch f or t he t er m" TRAP- TYPE" ( SMI v1) or " NOTI FI CATI ON-
TYPE" ( SMI v2) i n t he MI B f i l e. Thi s sear ch wi l l qui ckl y get you
a l i st of possi bl e t r aps.
Of cour se, j ust havi ng asynchr onous t r aps ar r i ve at your NMS
i sn' t t er r i bl y usef ul . You can conf i gur e t he NMS' s r esponse t o
di f f er ent t r aps; t he r esponse can be anyt hi ng f r omdi scar di ng
t he t r ap t o r unni ng a scr i pt t hat sends a message t o your pager
( or even t akes some dr ast i c act i on, such as shut t i ng down your
power suppl i es) . I n t hi s chapt er , we' l l show you how t o handl e
i ncomi ng t r aps usi ng OpenVi ew and ot her t ool s such as Per l .
Then we' l l di scuss how t o r ead and conf i gur e di f f er ent aspect s
of t r ap event s. Fi nal l y, we' l l show you how t o def i ne your own
t r aps t hat r epor t speci al condi t i ons of par t i cul ar i nt er est t o
your net wor k.

10. 1 Underst andi ng Traps
Bef or e di scussi ng t he t ool s f or r ecei vi ng and gener at i ng t r aps,
i t ' s wor t h r evi ewi ng what a t r ap i s. Tr aps wer e i nt r oduced i n
Chapt er 2. A t r ap i s basi cal l y an asynchr onous not i f i cat i on
sent f r oman SNMP agent t o a net wor k- management st at i on. Li ke
ever yt hi ng el se i n SNMP, t r aps ar e sent usi ng UDP ( por t 162)
and ar e t her ef or e unr el i abl e. Thi s means t hat t he sender cannot
assume t hat t he t r ap act ual l y ar r i ves, nor can t he dest i nat i on
assume t hat i t ' s get t i ng al l t he t r aps bei ng sent i t s way. Of
cour se, on a heal t hy net wor k most t r aps shoul d r each t hei r
dest i nat i ons. But i f net wor ks wer e al ways heal t hy, we woul dn' t
need SNMP.
I n somewhat mor e det ai l , a t r ap i s a bundl e of dat a t hat ' s
def i ned by a MI B. Tr aps f al l i nt o t wo cat egor i es, gener i c and
ent er pr i sespeci f i c. Ther e ar e seven gener i c t r ap number s ( 0-
6) , def i ned i n Tabl e 2- 8, f or condi t i ons r angi ng f r omsyst em
r eboot s ( col dSt ar t ) and i nt er f ace st at e changes ( l i nkUp and
l i nkDown) t o gener i c t r ap 6 ( ent er pr i seSpeci f i c) . Ent er pr i se-
speci f i c t r aps ar e t he l oophol e t hat makes t he t r ap mechani sm
so power f ul . Anyone wi t h an ent er pr i se number can def i ne
ent er pr i sespeci f i c t r aps f or what ever condi t i ons t hey consi der
wor t h moni t or i ng. An ent er pr i sespeci f i c t r ap i s i dent i f i ed by
t wo pi eces of i nf or mat i on: t he ent er pr i se I D of t he
or gani zat i on t hat def i ned t he t r ap and a speci f i c t r ap number
assi gned by t hat or gani zat i on. The not i on of an ent er pr i se-
speci f i c t r ap i s ext r emel y f l exi bl e, because or gani zat i ons ar e
al l owed t o subdi vi de t hei r ent er pr i ses as much as t hey l i ke.
For exampl e, i f your ent er pr i se number i s 2789, your ent er pr i se
I D i s . 1. 3. 6. 1. 4. 1. 2789. But you can f ur t her subdi vi de t hi s,
def i ni ng t r aps wi t h ent er pr i se I Ds such as
. 1. 3. 6. 1. 4. 1. 2789. 5000, . 1. 3. 6. 1. 4. 1. 2789. 5001, and so on.
The f act t hat you' ve r ecei ved a t r ap and t her ef or e know i t s
gener i c t r ap number , ent er pr i se I D, and speci f i c t r ap number i s

of t en al l you need t o di agnose a pr obl em. But t r aps al so car r y
addi t i onal i nf or mat i on. I n t he case of gener i c t r aps 0- 5, t he
speci f i c i nf or mat i on i s pr edef i ned and har dwi r ed i nt o t he NMS.
When you r ecei ve a gener i c t r ap, t he NMS knows how t o i nt er pr et
t he i nf or mat i on i t cont ai ns and wi l l be abl e t o di spl ay i t
appr opr i at el y, whet her i t ' s t he t i me of t he r eboot or t he
i dent i t y of t he i nt er f ace t hat j ust changed st at e. I n cont r ast ,
t he i nf or mat i on car r i ed by an ent er pr i sespeci f i c t r ap i s
ent i r el y up t o t he per son who def i ned t he t r ap. An ent er pr i se-
speci f i c t r ap can cont ai n any number of var i abl e bi ndi ngs, or
MI B obj ect - val ue pai r s. When you def i ne your own t r aps, you can
deci de what i nf or mat i on i s appr opr i at e f or t hemt o car r y. The
obj ect s cont ai ned i n a t r ap can be st andar d MI B obj ect s,
vendor - speci f i c obj ect s, or obj ect s of your own devi si ng. I t ' s
common t o def i ne obj ect s pur el y f or t he pur pose of i ncl udi ng
t hemwi t hi n a t r ap.
10. 1. 1 SNMPv2 Traps
SNMPv2 def i nes t r aps i n a sl i ght l y di f f er ent way. I n a MI B,
Ver si on 1 t r aps ar e def i ned as TRAP- TYPE, whi l e Ver si on 2 t r aps
ar e def i ned as NOTI FI CATI ON- TYPE. SNMPv2 al so does away wi t h t he
not i on of gener i c t r aps - - i nst ead, i t def i nes many speci f i c
t r aps ( pr oper l y speaki ng, not i f i cat i ons) i n publ i c MI Bs. SNMPv3
t r aps, whi ch ar e di scussed br i ef l y i n Appendi x F, ar e si mpl y
SNMPv2 t r aps wi t h added aut hent i cat i on and pr i vacy
capabi l i t i es. Most SNMP i mpl ement at i ons suppor t onl y Ver si on 1.
10. 2 Recei vi ng Traps
Let ' s st ar t by di scussi ng how t o deal wi t h i ncomi ng t r aps.
Handl i ng i ncomi ng t r aps i s t he r esponsi bi l i t y of t he NMS. Some
NMSs do as l i t t l e as di spl ay t he i ncomi ng t r aps t o st andar d
out put ( st dout ) . However , an NMS ser ver t ypi cal l y has t he
abi l i t y t o r eact t o SNMP t r aps i t r ecei ves. For exampl e, when
an NMS r ecei ves a l i nkDown t r ap f r oma r out er , i t mi ght r espond
t o t he event by pagi ng t he cont act per son, di spl ayi ng a popup
message on a management consol e, or f or war di ng t he event t o
anot her NMS. Thi s pr ocedur e i s st r eaml i ned i n commer ci al
packages but st i l l can be achi eved wi t h f r eel y avai l abl e open
sour ce pr ogr ams.
10. 2. 1 HP OpenVi ew
OpenVi ew uses t hr ee pi eces of sof t war e t o r ecei ve and i nt er pr et
t r aps:
ovtrapd (1M)
xnmtrap
xnmevents

OpenVi ew' s mai n t r ap- handl i ng daemon i s cal l ed ovt r apd. Thi s
pr ogr aml i st ens f or t r aps gener at ed by devi ces on t he net wor k
and hands t hemof f t o t he Post mast er daemon ( pmd ) . I n t ur n,
pmd t r i gger s what OpenVi ew cal l s an event . Event s can be
conf i gur ed t o per f or mact i ons r angi ng f r omsendi ng a popup
wi ndow t o NNM user s, f or war di ng t he event t o ot her NMSs, or
doi ng not hi ng at al l . The conf i gur at i on pr ocess uses xnmt r ap,
t he Event Conf i gur at i ons GUI . The xnmevent s pr ogr amdi spl ays
t he event s t hat have ar r i ved, sor t i ng t hemi nt o user -
conf i gur abl e cat egor i es.
OpenVi ew keeps a hi st or y of al l t he t r aps i t has r ecei ved; t o
r et r i eve t hat hi st or y, use t he command $OV_BIN/ovdumpevents.
Ol der ver si ons of OpenVi ew kept an event l oggi ng f i l e i n
$OV_LOG/trapd.log. By def aul t , t hi s f i l e r ol l s over af t er i t
gr ows t o 4 MB. I t i s t hen r enamed trapd.log.old and a new
trapd.log f i l e i s st ar t ed. I f you ar e havi ng pr obl ems wi t h
t r aps, ei t her because you don' t know whet her t hey ar e r eachi ng
t he NMS or because your NMS i s bei ng bombar ded by t oo many
event s, you can use tail -f t o wat ch trapd.log so you can see
t he t r aps as t hey ar r i ve. ( You can al so use ovdumpevent s t o
cr eat e a new f i l e. ) To l ear n mor e about t he f or mat of t hi s
f i l e, r ef er t o OpenVi ew' s manual pages f or trapd.conf ( 4) and
ovdumpevent s ( 1M) .
I t mi ght be hel pf ul t o def i ne what exact l y an OpenVi ew event
i s. Thi nk of i t as a smal l r ecor d, si mi l ar t o a dat abase
r ecor d. Thi s r ecor d def i nes whi ch t r ap OpenVi ew shoul d wat ch
out f or . I t f ur t her def i nes what sor t of act i on ( send an emai l ,
page someone, et c. ) , i f any, shoul d be per f or med.
10. 2. 2 Usi ng NNM' s Event Conf i gurat i ons
OpenVi ew uses an i nt er nal def i ni t i on f i l e t o det er mi ne how t o
r eact t o par t i cul ar si t uat i ons. Thi s def i ni t i on f i l e i s
mai nt ai ned by t he xnmtrap pr ogr am. We can st ar t xnmt r ap by
usi ng t he menu i t em" Opt i ons Event Conf i gur at i ons" ( on t he
NNM GUI ) or by gi vi ng t he command $OV_BIN/xnmtrap. I n t he
Ent er pr i se I dent i f i cat i on wi ndow, scr ol l down and cl i ck on t he
ent er pr i se name " OpenVi ew . 1. 3. 6. 1. 4. 1. 11. 2. 17. 1. " Thi s
di spl ays a l i st i n t he Event I dent i f i cat i on wi ndow. Scr ol l down
i n t hi s l i st unt i l you r each " OV_Node_Down. " Doubl e- cl i ck on
t hi s event t o br i ng up t he Event Conf i gur at or ( Fi gur e 10- 1) .
Fi gure 10- 1. OpenVi ewEvent Conf i gurat or - - OV_Node_Down

Fi gur e 10- 1 shows t he OV_Node_Down event i n t he Event
Conf i gur at or . When t hi s event get s t r i gger ed, i t i nser t s an
ent r y cont ai ni ng t he message " Node down, " wi t h a sever i t y l evel
of " War ni ng, " i nt o t he St at us Event s cat egor y. OpenVi ew l i kes
t o have a l eadi ng 0 ( zer o) i n t he Event Obj ect I dent i f i er ,
whi ch i ndi cat es t hat t hi s i s an event or t r ap - - t her e i s no
way t o change t hi s val ue your sel f . The number bef or e t he 0 i s
t he ent er pr i se OI D; t he number af t er t he 0 i s t he speci f i c t r ap
number , i n t hi s case 58916865.
[ 1]
Lat er we wi l l use t hese
number s as par amet er s when gener at i ng our own t r aps.
[1]
Thi s i s the def aul t number that OpenVi ewuses f or thi s
OV_Node_Down trap.
10. 2. 2. 1 Sel ect i ng event sources
The Sour ce opt i on i s usef ul when you want t o r ecei ve t r aps f r om
cer t ai n nodes and i gnor e t r aps f r omot her nodes. For exampl e,
i f you have a devel opment r out er t hat peopl e ar e t aki ng up and
down al l day, you pr obabl y woul d r at her not r ecei ve al l t he
event s gener at ed by t he r out er ' s act i vi t y. I n t hi s case, you
coul d use t he Sour ce f i el d t o l i st al l t he nodes f r omwhi ch you
woul d l i ke t o r ecei ve t r aps, and l eave out t he devel opment
r out er . To do t hi s, you can ei t her t ype each of t he host names
by hand and cl i ck " Add" af t er each one, or sel ect each node
( usi ng t he Ct r l and mouse- cl i ck sequence) on your OpenVi ew
Net wor k Node Map and cl i ck " Add Fr omMap. " Unf or t unat el y, t he
r esul t i ng l i st i sn' t easy t o manage. Even i f you t ake t he t i me
t o add al l t he cur r ent r out er s t o t he Event Sour ces, you' l l

event ual l y add a new r out er ( or some ot her har dwar e you want t o
manage) . You t hen have t o go back t o al l your event s and add
your new devi ces as sour ces. Newer ver si ons of OpenVi ew al l ow
you t o use pat t er n mat chi ng and sour ce f i l es, maki ng i t easi er
t o t ai l or and mai nt ai n t he sour ce l i st .
10. 2. 2. 2 Set t i ng event cat egori es
When NNM r ecei ves an event , i t sor t s t he event i nt o an event
cat egor y. The Cat egor i es dr op- down box l et s you assi gn t he
event you' r e conf i gur i ng t o a cat egor y. The l i st of avai l abl e
cat egor i es wi l l pr obabl y i ncl ude t he f ol l owi ng pr edef i ned
cat egor i es ( you can cust omi ze t hi s l i st by addi ng cat egor i es
speci f i c t o your net wor k and del et i ng cat egor i es, as we' l l see
l at er i n t hi s sect i on) :
Error events
Threshold events
Status events
Configuration events
Application alert events
Don't log or display
Log only
The l ast t wo cat egor i es r eal l y ar en' t event cat egor i es i n t he
t r ue sense of t he wor d. I f you sel ect " Don' t l og or di spl ay, "
OpenVi ew wi l l not save t he event i n i t s dat abase and wi l l not
di spl ay t he Event Log Message i n any Event Cat egor i es. OpenVi ew
wi l l di spl ay t he Popup Not i f i cat i on i n a popup wi ndow and r un
t he Command f or Aut omat i c Act i on. The " Log onl y" opt i on t el l s
OpenVi ew not t o di spl ay t he event but t o keep a l og of t he
event i n i t s dat abase.
[ 2]

[2]
Agai n, i n earl i er rel eases of OpenVi ewthi s l og was l ocated
i n $OV_LOG/ trapd. l og. Newversi ons use the OpenVi ewEvent
Database. Thi s i s backward- compati bl e usi ng the ovdumpevents
command to produce a trapd. l og f i l e.

" Log onl y" i s usef ul i f you have some event s
t hat ar e pr i mar i l y i nf or mat i onal ; you don' t want
t o see t hemwhen t hey ar r i ve, but you woul d l i ke
t o r ecor d t hemf or f ut ur e r ef er ence. The Ci sco
event f r DLCI St at usChange -
. 1. 3. 6. 1. 2. 1. 10. 32. 0. 1 i s a good exampl e of such
an event . I t t el l s us when a Vi r t ual Ci r cui t has
changed i t s oper at i onal st at e. I f di spl ayed, we
wi l l see not i f i cat i ons whenever a node goes down
and whenever a ci r cui t changes i t s oper at i onal
t t t d Thi i f t i i d d t

st at e t o down. Thi s i nf or mat i on i s r edundant
because we have al r eady got t en a st at us event of
" node down" and a DLCI change.
[ 3]
Wi t h t hi s event
set t o " Log onl y" we can go t o t he l og f i l e onl y
when we t hi nk t hi ngs ar e f i shy.
[3]
Newer versi ons of OpenVi ewhave a f eature
cal l ed Event Correl ati on that groups certai n
events together to avoi d f l oodi ng the user
wi th redundant i nf ormati on. You can customi ze
these setti ngs wi th a devel oper' s ki t.

10. 2. 2. 3 Forwardi ng event s and event severi t i es
The " For war d Event " r adi o but t on, once checked, al l ows you t o
f or war d an event t o ot her NMSs. Thi s f eat ur e i s usef ul i f you
have mul t i pl e NMSs or a di st r i but ed net wor k- management
ar chi t ect ur e. Say t hat you ar e based i n At l ant a, but your
net wor k has a management st at i on i n New Yor k i n addi t i on t o t he
one on your desk. You don' t want t o r ecei ve al l of New Yor k' s
event s, but you woul d l i ke t he node_down i nf or mat i on f or war ded
t o you. On New Yor k' s NMS, you coul d cl i ck " For war d Event " and
i nser t t he I P addr ess of your NMS i n At l ant a. When New Yor k
r ecei ves a node_down event , i t wi l l f or war d t he event t o
At l ant a.
The Sever i t y dr op- down l i st assi gns a sever i t y l evel t o t he
event . OpenVi ew suppor t s si x sever i t y l evel s: Unknown, Nor mal ,
War ni ng, Mi nor , Maj or , and Cr i t i cal . The sever i t y l evel s ar e
col or - coded t o make i dent i f i cat i on easi er ; Tabl e 10- 1 shows t he
col or associ at ed wi t h each sever i t y l evel . The l evel s ar e
l i st ed i n or der of i ncr easi ng sever i t y. For exampl e, an event
wi t h a sever i t y l evel of Mi nor has a hi gher pr ecedence t han an
event wi t h a sever i t y of War ni ng.
Tabl e 10- 1. OpenVi ewSeveri t y Level s
Severity Color
Unknown Bl ue
Nor mal Gr een
War ni ng Cyan
Mi nor Yel l ow
Maj or Or ange
Cr i t i cal Red

The col or s ar e used bot h on OpenVi ew' s maps and i n t he Event
Cat egor i es. Par ent obj ect s, whi ch r epr esent t he st ar t i ng poi nt
f or a net wor k, ar e di spl ayed i n t he col or of t he hi ghest
sever i t y l evel associ at ed wi t h any obj ect under neat h t hem.
[ 4]

For exampl e, i f an obj ect r epr esent s a net wor k wi t h 250 nodes
and one of t hose nodes i s down ( a Cr i t i cal sever i t y) , t he
obj ect wi l l be col or ed r ed, r egar dl ess of how many nodes ar e up
and f unct i oni ng nor mal l y. The t er mf or how OpenVi ew di spl ays
col or s i n r el at i on t o obj ect s i s status source ; i t i s
expl ai ned i n mor e det ai l i n Chapt er 6.
[4]
Parent obj ects can showstatus (col ors) i n f our ways: Symbol ,
Obj ect, Compound, or Propagated.
10. 2. 2. 4 Log messages, not i f i cat i ons, and aut omat i c act i ons
Ret ur ni ng t o Fi gur e 10- 1, t he Event Log Message and Popup
Not i f i cat i on f i el ds ar e si mi l ar , but ser ve di f f er ent pur poses.
The Event Log Message i s di spl ayed when you vi ew t he Event
Cat egor i es and sel ect a cat egor y f r omt he dr op- down l i st . The
Popup Not i f i cat i on, whi ch i s opt i onal , di spl ays i t s message i n
a wi ndow t hat appear s on any ser ver r unni ng OpenVi ew' s NNM.
Fi gur e 10- 2 shows a t ypi cal popup message. The event name,
del me i n t hi s case, appear s i n t he t i t l e bar . The t i me and dat e
at whi ch t he event occur r ed ar e f ol l owed by t he event message,
" Popup Message Her e. " To cr eat e a popup message l i ke t hi s,
i nser t " Popup Message Her e" i n t he Popup Not i f i cat i on sect i on
of t he Event Conf i gur at or . Ever y t i me t he event i s cal l ed, a
popup wi l l appear .
Fi gure 10- 2. OpenVi ewpop- up message

The l ast sect i on of t he Event Conf i gur at or i s t he Command f or
Aut omat i c Act i on. The aut omat i c act i on al l ows you t o speci f y a
Uni x command or scr i pt t o execut e when OpenVi ew r ecei ves an
event . You can r un mul t i pl e commands by separ at i ng t hemwi t h a
semi col on, much as you woul d i n a Uni x shel l . When conf i gur i ng
an aut omat i c act i on, r emember t hat r sh can be ver y usef ul . I
l i ke t o use rsh sunserver1 audioplay -v50
/opt/local/sounds/siren.au, whi ch causes a si r en audi o f i l e t o
pl ay. The aut omat i c act i on can r ange f r omt ouchi ng a f i l e t o
openi ng a t r oubl e t i cket .
I n each Event Log Message, Popup Not i f i cat i on, and Command f or
Aut omat i c Act i on, speci al var i abl es can hel p you i dent i f y t he
val ues f r omyour t r aps or event s. These var i abl es pr ovi de t he

user wi t h addi t i onal i nf or mat i on about t he event . Her e ar e some
of t he var i abl es you can use; t he onl i ne hel p has a compl et e
l i st :
$1
Print the first passed attribute (i.e., the value of the
first variable binding) from the trap.
$2
Print the second passed attribute.
$n
Print the nth attribute as a value string. Must be in the
range of 1-99.
$*
Print all the attributes as [seq] name (type).

Bef or e you st ar t r unni ng scr i pt s f or an event ,
f i nd out t he aver age number of t r aps you ar e
l i kel y t o r ecei ve f or t hat event . Thi s i s
especi al l y t r ue f or OV_Node_Down. I f you wr i t e a
scr i pt t hat opens a t r oubl e t i cket whenever a
node goes down, you coul d end up wi t h hundr eds
of t i cket s by t he end of t he day. Moni t or i ng
your net wor k wi l l make you pai nf ul l y awar e of
how much your net wor k " f l aps, " or goes up and
down. Even i f t he net wor k goes down f or a
second, f or what ever r eason, you' l l get a t r ap,
whi ch wi l l i n t ur n gener at e an event , whi ch
mi ght r egi st er a new t i cket , send you a page,
et c. The l ast t hi ng you want i s " The Net wor k
That Cr i ed Down! " You and ot her peopl e on your
st af f wi l l st ar t i gnor i ng al l t he f al se war ni ngs
and may mi ss any ser i ous pr obl ems t hat ar i se.
One way t o est i mat e how f r equent l y you wi l l
r ecei ve event s i s t o l og event s i n a f i l e ( " Log
onl y" ) . Af t er a week or so, i nspect t he l og f i l e
t o see how many event s accumul at ed ( i . e. , t he
number of t r aps r ecei ved) . Thi s i s by no means
sci ent i f i c, but i t wi l l gi ve you an i dea of what
you can expect .

10. 2. 3 Cust omEvent Cat egori es
OpenVi ew uses t he def aul t cat egor i es f or al l i t s def aul t
event s. Look t hr ough t he $OV_CONF/C/trapd.conf f i l e t o see how
t he def aul t event s ar e assi gned t o cat egor i es. You can add
cat egor i es by goi ng t o " Event Conf i gur at i on Edi t Conf i gur e
Event Cat egor i es. " Fi gur e 10- 3 shows t hi s menu, wi t h some
cust omcat egor i es added.
Fi gure 10- 3. Addi ng event cat egori es i n OpenVi ew

I t ' s wor t h your whi l e t o spend t i me t hi nki ng about what
cat egor i es ar e appr opr i at e f or your envi r onment . I f you pl ow
ever yt hi ng i nt o t he def aul t cat egor i es you wi l l be bot her ed by
t he Cr i t i cal " Pr i nt er Needs Paper " event , when you r eal l y want
t o be not i f i ed of t he Cr i t i cal " Pr oduct i on Ser ver on Fi r e"
event . Ei t her event wi l l t ur n St at us Event s r ed. The cat egor i es
i n Fi gur e 10- 3 ar e a good st ar t , but t hi nk about t he t ypes of
event s and act i vi t i es t hat wi l l be usef ul i n your net wor k. The
Schedul ed and Unschedul ed ( S/ U) Downt i me cat egor y i s a gr eat
exampl e of a cat egor y t hat i s mor e f or human i nt er vent i on t han
f or r epor t i ng net wor k er r or s. Pr i nt er Event s i s a ni ce
dest i nat i on f or your " Pr i nt er Needs Paper " and " Pr i nt er J ammed"
messages.
Even t hough none of t he def aul t cat egor i es ar e r equi r ed ( except
f or Er r or ) , we r ecommend t hat you don' t del et e t hem, pr eci sel y
because t hey ar e used f or al l of t he def aul t event s. Del et i ng
t he def aul t cat egor i es wi t hout f i r st r econf i gur i ng al l t he
def aul t event s wi l l cause pr obl ems. Any event t hat does not
have an event cat egor y avai l abl e wi l l be put i nt o t he def aul t
Er r or cat egor y. To edi t t he cat egor i es, copy t he trapd.conf
f i l e i nt o / t mp and modi f y /tmp/trapd.conf wi t h your f avor i t e
edi t or . The f i l e has some l ar ge war ni ngs t el l i ng you never t o
edi t i t by hand, but somet i mes a f ew si mpl e edi t s ar e t he best
way t o r eassi gn event s. An ent r y i n t he por t i on of t he f i l e
t hat def i nes event behavi or l ooks l i ke t hi s:
EVENT RMON_Ri se_Al arm. 1. 3. 6. 1. 2. 1. 16. 0. 1 "Threshol d Events" Warni ng
FORMAT RMON Ri si ng Al arm: $2 exceeded threshol d $5; val ue =$4. (Sampl e type =
$3; al armi ndex =$1)
SDESC
Thi s event i s sent when an RMON devi ce exceeds a preconf i gured threshol d.
EDESC
I t ' s f ai r l y obvi ous what t hese l i nes do: t hey map a par t i cul ar
RMON event i nt o t he Thr eshol d Event s cat egor y wi t h a sever i t y
of War ni ng; t hey al so speci f y what shoul d happen when t he event
occur s. To map t hi s event i nt o anot her cat egor y, change
Thr eshol d Event s t o t he appr opr i at e cat egor y. Once you' ve
edi t ed t he f i l e, use t he f ol l owi ng command t o mer ge i n your
updat es:
$ $OV_BI N/ xnmevent s - l l oad / t mp/ t rapd. conf

10. 2. 4 The Event Cat egori es Di spl ay
The Event Cat egor i es wi ndow ( Fi gur e 10- 4) i s di spl ayed on t he
user ' s scr een when NNM i s st ar t ed. I t pr ovi des a ver y br i ef
summar y of what ' s happeni ng on your net wor k; i f i t i s set up
appr opr i at el y, you can t el l at a gl ance whet her t her e ar e any
pr obl ems you shoul d be wor r yi ng about .
Fi gure 10- 4. OpenVi ewEvent Cat egori es

I f t he wi ndow get s cl osed dur i ng an OpenVi ew sessi on, you can
r est ar t i t usi ng t he " Faul t Event s" menu i t emor by i ssui ng
t he command $OV_BIN/xnmevents. The menu di spl ays al l t he event
cat egor i es, i ncl udi ng any cat egor i es you have cr eat ed. Two
cat egor i es ar e speci al : t he Er r or cat egor y i s t he def aul t
cat egor y used when an event i s associ at ed wi t h a cat egor y t hat
cannot be f ound; t he Al l cat egor y i s a pl acehol der f or al l
event s and cannot be conf i gur ed by t he Event Conf i gur at or . The
wi ndow shows you t he hi ghest sever i t y l evel of any event i n
each event cat egor y.
The box t o t he l ef t of St at us Event s i s cyan ( a l i ght bl ue) ,
showi ng t hat t he hi ghest unacknowl edged sever i t y i n t he St at us
Event s cat egor y i s War ni ng. Cl i cki ng on t hat box di spl ays an
al ar mbr owser t hat l i st s al l t he event s r ecei ved i n t he
cat egor y. A ni ce f eat ur e of t he Event Cat egor i es di spl ay i s t he
abi l i t y t o r est or e a br owser ' s st at e or r el oad event s f r omt he
trapd.log and trapd.log.old f i l es. Rel oadi ng event s i s usef ul
i f you f i nd t hat you need t o r est or e messages you del et ed i n
t he past .

Newer ver si ons of OpenVi ew ext end t he abi l i t i es
of Event Cat egor i es by keepi ng a common dat abase
of acknowl edged and unacknowl edged event s. Thus,
when a user acknowl edges an event , al l ot her
user s see t hi s event updat ed.

At t he bot t omof Fi gur e 10- 4, t he phr ase " [ Read- Onl y] " means
t hat you don' t have wr i t e access t o Event Cat egor i es. I f t hi s
phr ase i sn' t pr esent , you have wr i t e access. OpenVi ew keeps
t r ack of event s on a per - user basi s, usi ng a speci al dat abase

l ocat ed i n $OV_LOG/xnmevents.username.
[ 5]
Wi t h wr i t e access, you
have t he abi l i t y t o updat e t hi s f i l e whenever you exi t . By
def aul t , you have wr i t e access t o your own event cat egor y
dat abase, unl ess someone has al r eady st ar t ed t he dat abase by
st ar t i ng a sessi on wi t h your user name. Ther e may be onl y one
wr i t e- access Event Cat egor i es per user , wi t h t he f i r st one
get t i ng wr i t e access and al l ot her s get t i ng r eadonl y
pr i vi l eges.
[5]
Agai n, newer versi ons of OpenVi ewhave onl y one database that
i s common f or al l users.
10. 2. 5 The Al armBrowser
Fi gur e 10- 5 shows t he al ar mbr owser f or t he St at us Event s
cat egor y. I n i t we see a si ngl e War ni ng event , whi ch i s causi ng
t he St at us Event s cat egor y t o show cyan.
Fi gure 10- 5. OpenVi ewal armbrowser

The col or of t he St at us Event s box i s det er mi ned by t he
hi ghest - pr ecedence event i n t he cat egor y. Ther ef or e, t he col or
won' t change unt i l ei t her you acknowl edge t he hi ghest -
pr ecedence event or an event ar r i ves wi t h an even hi gher
pr ecedence. Cl i cki ng i n t he f ar l ef t col umn ( Ack) acknowl edges
t he message
[ 6]
and set s t he sever i t y t o 0.
[6]
Newer versi ons of OpenVi ewsupport Event Correl ati on, whi ch
has a col umn i n thi s wi ndowas wel l .
The Act i ons menu i n t he al ar mbr owser al l ows you t o
acknowl edge, deacknowl edge, or del et e some or al l event s. You
can even change t he sever i t y of an event . Keep i n mi nd t hat
t hi s does not change t he sever i t y of t he event on ot her Event
Cat egor i es sessi ons t hat ar e r unni ng. For exampl e, i f one user
changes t he sever i t y of an event f r omCr i t i cal t o Nor mal , t he
event wi l l r emai n Cr i t i cal f or ot her user s. The Vi ew menu l et s
you def i ne f i l t er s, whi ch al l ow you t o i ncl ude or di scar d
messages t hat mat ch t he f i l t er .
When conf i gur i ng event s, keep i n mi nd t hat you may r ecei ve mor e
t r aps t han you want . When t hi s happens, you have t wo choi ces.
Fi r st , you can go t o t he agent and t ur n of f t r ap gener at i on, i f
t he agent suppor t s t hi s. Second, you can conf i gur e your t r ap
vi ew t o i gnor e t hese t r aps. We saw how t o do t hi s ear l i er : you
can set t he event t o " Log onl y" or t r y excl udi ng t he devi ce
f r omt he Event Sour ces l i st . I f bandwi dt h i s a concer n, you

shoul d i nvest i gat e why t he agent i s sendi ng out so many t r aps
bef or e t r yi ng t o mask t he pr obl em.
10. 2. 6 Creat i ng Event s Wi t hi n OpenVi ew
OpenVi ew gi ves you t he opt i on of cr eat i ng addi t i onal ( pr i vat e)
event s. Pr i vat e event s ar e j ust l i ke r egul ar event s, except
t hat t hey bel ong t o your pr i vat e- ent er pr i se subt r ee, r at her
t han t o a publ i c MI B. To cr eat e your own event s, l aunch t he
Event Conf i gur at i on wi ndow f r omt he Opt i ons menu of NNM. You
wi l l see a l i st of al l cur r ent l y l oaded event s ( Fi gur e 10- 6) .
Fi gure 10- 6. OpenVi ew' s Event Conf i gurat i on

The wi ndow i s di vi ded i nt o t wo panes. The t op pane di spl ays t he
Ent er pr i se I dent i f i cat i on, whi ch i s t he l ef t most par t of an
OI D. Cl i cki ng on an ent er pr i se I D di spl ays al l t he event s
bel ongi ng t o t hat ent er pr i se i n t he l ower pane. To add your own
ent er pr i se I D, sel ect " Edi t Add Ent er pr i se I dent i f i cat i on"
and i nser t your ent er pr i se name and a r egi st er ed ent er pr i se
I D.
[ 7]
Now you' r e r eady t o cr eat e pr i vat e event s. Cl i ck on t he
ent er pr i se name you j ust cr eat ed; t he ent er pr i se I D you' ve
associ at ed wi t h t hi s name wi l l be used t o f or mt he OI D f or t he
new event . Cl i ck " Edi t Add Event " ; t hen t ype t he Event Name
f or your new event , maki ng sur e t o use Ent er pr i se Speci f i c ( t he
def aul t ) f or t he event t ype. I nser t an Event Obj ect I dent i f i er .
Thi s i dent i f i er can be any number t hat hasn' t al r eady been
assi gned t o an event i n t he cur r ent l y sel ect ed ent er pr i se.
Fi nal l y, cl i ck " OK" and save t he event conf i gur at i on ( usi ng
" Fi l e Save" ) .

[7]
Ref er to Chapter 2 f or i nf ormati on about obtai ni ng your own
enterpri se I D.
To copy an exi st i ng event , cl i ck on t he event you wi sh t o copy
and sel ect " Edi t Copy Event " ; you' l l see a new wi ndow wi t h
t he event you sel ect ed. Fr omt hi s poi nt on, t he pr ocess i s t he
same.
Tr aps wi t h " no f or mat " ar e t r aps f or whi ch not hi ng has been
def i ned i n t he Event Conf i gur at i on wi ndow. Ther e ar e t wo ways
t o sol ve t hi s pr obl em: you can ei t her cr eat e t he necessar y
event s on your own or you can l oad a MI B t hat cont ai ns t he
necessar y t r ap def i ni t i ons, as di scussed i n Chapt er 6. " No
f or mat " t r aps ar e f r equent l y t r aps def i ned i n a vendor - speci f i c
MI B t hat hasn' t been l oaded. Loadi ng t he appr opr i at e MI B of t en
f i xes t he pr obl emby def i ni ng t he vendor ' s t r aps and t hei r
associ at ed names, I Ds, comment s, sever i t y l evel s, et c.

Bef or e l oadi ng a MI B, r evi ew t he t ypes of t r aps
t he MI B suppor t s. You wi l l f i nd t hat most t r aps
you l oad come, by def aul t , i n LOGONLY mode. Thi s
means t hat you wi l l not be not i f i ed when t he
t r aps come i n. Af t er you l oad t he MI B you may
want t o edi t t he event s i t def i nes, speci f yi ng
t he l ocal conf i gur at i on t hat best f i t s your
si t e.

10. 2. 7 Moni t ori ng Traps wi t h Perl
I f you can' t af f or d an expensi ve package l i ke OpenVi ew, you can
use t he Per l l anguage t o wr i t e your own moni t or i ng and l oggi ng
ut i l i t y. You get what you pay f or , si nce you wi l l have t o wr i t e
al most ever yt hi ng f r omscr at ch. But you' l l l ear n a l ot and
pr obabl y get a bet t er appr eci at i on f or t he f i ner poi nt s of
net wor k management . One of t he most el ement ar y, but ef f ect i ve,
pr ogr ams t o r ecei ve t r aps i s i n a di st r i but i on of SNMP Suppor t
f or Per l 5, wr i t t en by Si mon Lei nen. Her e' s a modi f i ed ver si on
of Si mon' s pr ogr am:

use SNMP_Sessi on "0. 60";
use BER;
use Socket;
$sessi on =SNMPv1_Sessi on- >open_trap_sessi on ( );

whi l e (($trap, $sender, $sender_port) =$sessi on- >recei ve_trap ( ))
{
chomp ($DATE=`/ bi n/ date ' +%a %b %e %T' `);
pri nt STDERR "$DATE - " . i net_ntoa($sender) . " - port: $sender_portn";
pri nt_trap ($sessi on, $trap);
}
1;

sub pri nt_trap ($$) {
($thi s, $trap) =@_;
($communi ty, $ent, $agent, $gen, $spec, $dt, @bi ndi ngs) =
$thi s- >decode_trap_request ($trap);
pri nt " Communi ty: t". $communi ty. "n";
pri nt " Enterpri se: t". BER: : pretty_oi d ($ent). "n";
pri nt " Agent addr: t". i net_ntoa ($agent). "n";
pri nt " Generi c I D: t$genn";
pri nt " Speci f i c I D: t$specn";
pri nt " Upti me: t". BER: : pretty_upti me_val ue ($dt). "n";
$pref i x =" bi ndi ngs: t";
f oreach $encoded_pai r (@bi ndi ngs)
{
($oi d, $val ue) =decode_by_templ ate ($encoded_pai r, "%{%O%@");
#next unl ess def i ned $oi d;
pri nt $pref i x. BER: : pretty_oi d ($oi d). " =>". pretty_pri nt ($val ue). "n";
$pref i x =" ";
}
}
Thi s pr ogr amdi spl ays t r aps as t hey ar e r ecei ved f r omdi f f er ent
devi ces i n t he net wor k. Her e' s some out put , showi ng t wo t r aps:
Mon Apr 28 22: 07: 44 - 10. 123. 46. 26 - port: 63968
communi ty: publ i c
enterpri se: 1. 3. 6. 1. 4. 1. 2789. 2500
agent addr: 10. 123. 46. 26
generi c I D: 6
speci f i c I D: 5247
upti me: 0: 00: 00
bi ndi ngs: 1. 3. 6. 1. 4. 1. 2789. 2500. 1234 =>14264026886

Mon Apr 28 22: 09: 46 - 172. 16. 51. 25 - port: 63970
communi ty: publ i c
enterpri se: 1. 3. 6. 1. 4. 1. 2789. 2500
agent addr: 172. 16. 253. 2
generi c I D: 6
speci f i c I D: 5247
upti me: 0: 00: 00
bi ndi ngs: 1. 3. 6. 1. 4. 1. 2789. 2500. 2468 =>Hot Swap NowI n Sync
The out put f or mat i s t he same f or bot h t r aps. The f i r st l i ne
shows t he dat e and t i me at whi ch t he t r ap occur r ed, t oget her
wi t h t he I P addr ess of t he devi ce t hat sent t he t r ap. Most of
t he r emai ni ng out put i t ems shoul d be f ami l i ar t o you. The
bi ndi ngs out put i t eml i st s t he var i abl e bi ndi ngs t hat wer e sent
i n t he t r ap PDU. I n t he exampl e above, each t r ap cont ai ned one
var i abl e bi ndi ng. The obj ect I D i s i n numer i c f or m, whi ch i sn' t
par t i cul ar l y f r i endl y. I f a t r ap has mor e t han one var i abl e
bi ndi ng, t hi s pr ogr amdi spl ays each bi ndi ng, one af t er anot her .
An ad hoc moni t or i ng syst emcan be f ashi oned by usi ng t hi s Per l
scr i pt t o col l ect t r aps and some ot her pr ogr amt o i nspect t he
t r aps as t hey ar e r ecei ved. Once t he t r aps ar e par sed, t he
possi bi l i t i es ar e endl ess. You can wr i t e user - def i ned r ul es

t hat wat ch f or si gni f i cant t r aps and, when t r i gger ed, send an
emai l al er t , updat e an event dat abase, send a message t o a
pager , et c. These ki nds of sol ut i ons wor k wel l i f you' r e i n a
busi ness wi t h l i t t l e or no budget f or commer ci al l y avai l abl e
NMS sof t war e or i f you' r e on a smal l net wor k and don' t need a
heavywei ght management t ool .
10. 2. 8 Usi ng t he Net work Comput i ng Technol ogi es Trap Recei ver
The Tr ap Recei ver by Net wor k Comput i ng Technol ogi es i s a f r eel y
avai l abl e pr ogr amt hat ' s wor t h t r yi ng.
[ 8]
Thi s pr ogr am, whi ch
cur r ent l y r uns onl y on Wi ndows- based syst ems, di spl ays t r ap
i nf or mat i on as i t ' s r ecei ved. I t has a st andar d i nt er f ace but
can be conf i gur ed t o execut e cer t ai n act i ons agai nst t r aps,
l i ke OpenVi ew' s Command f or Aut omat i c Act i on f unct i on. Fi gur e
10- 7 shows Tr ap Recei ver ' s user i nt er f ace.
[8]
Thi s sof tware can be f ound on thei r web page at
http: / / www. ncomtech. com.
Fi gure 10- 7. Trap Recei ver

Ther e ar e ways t o l og and f or war d messages and t r aps, send
emai l or a page i n r esponse t o a t r ap, as wel l as execut e
commands. By wr i t i ng some code i n C or C++, you can gai n access
t o an i nt er nal t r ap st r eam. Thi s pr ogr amcan be a gr eat
st ar t i ng pl ace f or Wi ndows admi ni st r at or s who want t o use SNMP
but l ack t he r esour ces t o i mpl ement somet hi ng l i ke OpenVi ew.
I t ' s si mpl e t o use, ext ensi bl e, and f r ee.
10. 2. 9 Recei vi ng Traps Usi ng Net - SNMP
The l ast t r ap r ecei ver we' l l di scuss i s par t of t he Net - SNMP
package, whi ch i s al so f r eel y avai l abl e. snmptrapd al l ows you
t o send SNMP t r ap messages t o f aci l i t i es such as Uni x sysl og or
st dout . For most appl i cat i ons t he pr ogr amwor ks i n t he
backgr ound, shi ppi ng messages t o sysl og( 8) . Ther e ar e some
conf i gur at i on par amet er s f or t he sysl og si de of snmptrapd;
t hese t el l snmptrapd what f aci l i t y l evel i t shoul d use f or t he
sysl og messages. The f ol l owi ng command f or war ds t r aps t o
st andar d out put (-P) r at her t han t o sysl og as t hey ar e
r ecei ved:

$ . / snmpt rapd - P
2000- 12- 13 19: 10: 55 UCD- SNMP Versi on 4. 1. 2 Started.
2000- 12- 13 19: 11: 14 sunserver2. ora. com[12. 1. 45. 26] enterpri ses. 2789. 2500:
Enterpri se Speci f i c Trap (1224) Upti me: 5 days, 10: 01: 20. 42
enterpri ses. 2789. 2500. 1224 =123123

2000- 12- 13 19: 11: 53 sunserver2. ora. com[12. 1. 45. 26] enterpri ses. 2789. 2500:
Enterpri se Speci f i c Trap (1445) Upti me: 5 days, 10: 01: 21. 20
enterpri ses. 2789. 2500. 1445 ="Fai l Over Compl ete"
By now t he out put shoul d l ook f ami l i ar ; i t ' s si mi l ar t o t he
r epor t s gener at ed by t he ot her pr ogr ams we' ve seen i n t hi s
chapt er . The Net - SNMP t r ap daemon i s anot her gr eat t ool f or
scr i pt wr i t er s. A si mpl e Per l scr i pt can wat ch t he f i l e i n whi ch
snmptrapd l ogs i t s t r aps, l ooki ng f or i mpor t ant event s and
r eact i ng accor di ngl y. I t ' s easy t o bui l d a power f ul and
f l exi bl e moni t or i ng syst emat l i t t l e or no expense.
We have seen sever al packages t hat can r ecei ve t r aps and act on
t hem, based on t he t r aps' cont ent . Keep i n mi nd t hat al l of
t hese pr ogr ams, whet her t hey' r e f r ee or cost t ens of t housands
of dol l ar s, ar e basi cal l y doi ng t he same t hi ng: l i st eni ng on
some por t ( usual l y UDP por t 162) and wai t i ng f or SNMP messages
t o ar r i ve. What set s t he var i ous packages apar t i s t hei r
abi l i t y t o do somet hi ng const r uct i ve wi t h t he t r aps. Some l et
you pr ogr amhooks t hat execut e some ot her pr ogr amwhen a
cer t ai n t r ap i s r ecei ved. The si mpl er t r ap moni t or s j ust send a
message l oggi ng t he t r ap t o one or mor e f i l es or f aci l i t i es.
These packages ar e gener al l y l ess expensi ve t han t he commer ci al
t r ap moni t or s, but can be made t o oper at e l i ke f ul l - f l edged
syst ems wi t h some addi t i onal pr ogr ammi ng ef f or t . Pr ogr ams such
as Per l gi ve you t he abi l i t y t o ext end t hese si mpl er packages.

10. 3 Sendi ng Traps
By now you shoul d have a mechani smi n pl ace f or r ecei vi ng
t r aps. I n t hi s sect i on, we' l l l ook at some di f f er ent ut i l i t i es
t hat send t r aps and al l ow you t o devel op t r aps t hat ar e
appr opr i at e f or your own envi r onment . You' l l not i ce t hat al most
al l t r ap ut i l i t i es ar e command- l i ne based. Thi s al l ows you t o
execut e t he command f r omwi t hi n a scr i pt , whi ch i s al most
al ways what you want t o do. For exampl e, you can wr i t e a shel l
scr i pt t hat checks di sk space ever y f i ve mi nut es and sends a
t r ap t o t he NMS i f you' r e r unni ng l ow. You can al so use t hese
t r ap gener at or s wi t hi n exi st i ng pr ogr ams and scr i pt s. I f you
have a Per l scr i pt t hat accesses a dat abase, you can use t he
Per l SNMP modul e t o send a t r ap f r omwi t hi n t he scr i pt i f a
dat abase i nser t f ai l s. The possi bi l i t i es ar e al most endl ess.
Al t hough t her e ar e many di f f er ent snmptrap pr ogr ams, t hey ar e
al l f undament al l y si mi l ar . I n par t i cul ar , t hough t hei r command-
l i ne synt ax may var y, t hey al l expect r oughl y t he same
ar gument s:

Port
The UDP port to which to send the trap. The default port
is 162.
SNMP version
The SNMP version appropriate to the trap you want to send.
Many traps are defined only for Version 2. Note that many
SNMP tools support only Version 1.
Hostname or IP address of NMS
The hostname or IP address of your NMS -- i.e., the trap's
destination. It is better to use an IP address than a
hostname in case you are sending traps during a Domain
Name System (DNS) outage. Remember that SNMP is most
valuable when your network is failing; therefore, try to
avoid assuming that you have a fully functional network
when you design traps.
Community name
The community name to be sent with the trap. Most
management stations can be configured to ignore traps that
don't have an appropriate community string.
Enterprise OID
The full enterprise OID for the trap you want to send:
everything in the trap's OID from the initial .1 up to the
enterprise number, including any subtrees within the
enterprise but not the specific trap number. For example,
if your enterprise number is 2789, you've further
subdivided your enterprise to include a group of traps
numbered 5000, and you want to send specific trap 1234,
the enterprise OID would be .1.3.6.1.4.1.2789.5000.
If you have some reason to send a generic trap, you can
set the enterprise ID to anything you want -- but it's
probably best to set the enterprise ID to your own
enterprise number, if you have one.
Now for the most confusing case. There are a few specific
traps defined in various public MIBs. How do you send
them? Basically, you construct something that looks like
an enterprise OID. It's best to look at an example. One
such trap is rdbmsOutOfSpace, which is defined in the
RDBMS MIB. Its complete OID is .1.3.6.1.2.1.39.2.2
(.iso.org.dod.internet.mgmt.mib-
2.rdbmsMIB.rdbmsTraps.rdbmsOutOfSpace). To send this trap,
which is really an SNMPv2 notification, you would use
everything up to rdbmsTraps as the enterprise OID, and the
entire object ID as the specific trap number.
Hostname or IP address of sender
The IP address of the agent that is sending the trap.
Although this may appear to be superfluous, it can be
important if there is a proxy server between the agent and
the NMS. This parameter allows you to record the actual
address of the agent within the SNMP packet; in turn, the
NMS will read the agent's address from the trap and ignore
the packet's sender address. If you don't specify this

parameter, it will almost always default to the address of
the machine sending the trap.
Generic trap number
A number in the range 0-6. The true generic traps have
numbers 0-5; if you're sending an enterprise-specific
trap, set this number to 6. Table 2-8 lists the generic
traps.
Specific trap number
A number indicating the specific trap you want to send. If
you're sending a generic trap, this parameter is ignored -
- you're probably better off setting it to zero. If you're
sending a specific trap, the trap number is up to you. For
example, if you send a trap with the OID
.1.3.6.1.4.1.2500.3003.0, 3003 is the specific trap
number.
Timestamp
The time elapsed between the last initialization of the
network entity and the generation of the trap.
OID_1, type_1, value_1
Data bindings to be included in the trap. Each data
binding consists of an OID together with a datatype,
followed by the value you want to send. Most programs let
you include any number of data bindings in a trap. Note
that the OIDs for these variable bindings are often
specific to the trap and therefore "underneath" the
specific OID for the trap. But this isn't a requirement,
and it's often useful to send bindings that aren't defined
as part of the trap.
Bef or e we st ar t t o t ackl e t hi s sect i on, l et ' s t ake a moment t o
r evi ew what we l ear ned i n Chapt er 2 about t he var i ous
dat at ypes:
Each variable that we send has a particular datatype.
Different datatypes are supported by different versions of
SNMP.
Some common datatypes are I NTEGER, OctetStri ng, Nul l , Counter,
Gauge, and Ti meTi cks.
Be awar e t hat not al l pr ogr ams suppor t al l dat at ypes. For
exampl e, t he Per l SNMP modul e suppor t s onl y t he OctetStri ng,
I NTEGER, and OI D t ypes, whi l e t he OpenVi ew and Net _SNMP snmptrap
commands suppor t t hese t hr ee and many mor e. For each of t he
packages we use we wi l l l i st , i f appl i cabl e, each dat at ype t he
pr ogr amsuppor t s.
I n t he next sect i ons, we' l l di scuss snmptrap pr ogr ams f r om
OpenVi ew, Net wor k Comput i ng Technol ogi es, and Net - SNMP. We' l l
al so i ncl ude a scr i pt t hat uses a Per l modul e t o send t r aps. I f
you ar e not usi ng t hese par t i cul ar pr ogr ams i n your
envi r onment , don' t wor r y. You shoul d st i l l be abl e t o r el at e
t hese exampl es t o your i n- house pr ogr ams.

10. 3. 1 Sendi ng Traps wi t h OpenVi ew
OpenVi ew has a command- l i ne pr ogr amf or gener at i ng ar bi t r ar y
t r aps cal l ed snmptrap. snmptrap suppor t s t he counter, counter32,
counter64,
[ 9]
gauge, gauge32, i nteger, i nteger32, i paddress, nul l , obj ecti denti f i er,
octetstri ng, octetstri ngasci i , octetstri nghex, octetstri ngoctal , opaque, opaqueasci i ,
opaquehex, opaqueoctal , ti meti cks, and unsi gned32 dat at ypes. I t s command-
l i ne st r uct ur e l ooks l i ke t hi s:
[9]
Thi s type wi l l work onl y on agents that support SNMPv2.
snmptrap - c communi ty [- p port] node_addr enterpri se_i d agent- addr generi c
speci f i c ti mestamp [OI D type val ue] . . .
Her e' s a t ypi cal snmptrap command. I t sends one t r ap, wi t h
t hr ee ASCI I - st r i ng var i abl e bi ndi ngs f or val ues:
$ / opt / OV/ bi n/ snmpt rap - c publ i c nms
. 1. 3. 6. 1. 4. 1. 2789. 2500 "" 6 3003 ""
. 1. 3. 6. 1. 4. 1. 2789. 2500. 3003. 1 oct et st ri ngasci i "Oracl e"
. 1. 3. 6. 1. 4. 1. 2789. 2500. 3003. 2 oct et st ri ngasci i "Backup Not Runni ng"
. 1. 3. 6. 1. 4. 1. 2789. 2500. 3003. 3 oct et st ri ngasci i "Cal l t he DBA Nowf or Hel p"
I t ' s a compl i cat ed command, and i t ' s har d t o i magi ne t hat you
woul d ever t ype i t on t he command l i ne. Let ' s br eak i t up i nt o
pi eces. The f i r st l i ne speci f i es t he communi t y st r i ng ( publ i c)
and t he addr ess t o whi ch t he t r ap shoul d be sent ( nms, t hough
i n pr act i ce i t woul d be bet t er t o use an I P addr ess r at her t han
a node name) . The next l i ne i s i n many r espect s t he most
compl i cat ed. I t speci f i es t he ent er pr i se I D f or t he t r ap we' r e
goi ng t o send ( . 1. 3. 5. 1. 6. 1. 2789. 2500, whi ch i s a subt r ee of t he
ent er pr i sespeci f i c t r ee we' ve devot ed t o t r aps) ; t he addr ess
of t he agent sendi ng t he t r ap ( i n t hi s case, t he nul l st r i ng
"", whi ch def aul t s t o t he agent ' s addr ess; i f you' r e usi ng a
pr oxy ser ver , i t i s usef ul t o speci f y t he agent ' s addr ess
expl i ci t l y) ; t he gener i c t r ap number ( 6, whi ch i s used f or al l
ent er pr i sespeci f i c t r aps) ; t he speci f i c t r ap number ( 3003,
whi ch we' ve assi gned) ; and a t i mest amp ( "", whi ch def aul t s t o
t he cur r ent t i me) .
The r emai ni ng t hr ee l i nes speci f y t hr ee var i abl e bi ndi ngs t o be
i ncl uded wi t h t he t r ap. For each bi ndi ng, we have t he
var i abl e' s obj ect I D, i t s dat at ype, and i t s val ue. The
var i abl es we' r e sendi ng ar e def i ned i n our pr i vat e ( ent er pr i se-
speci f i c) MI B, so t hei r OI Ds al l begi n wi t h
. 1. 3. 6. 1. 4. 1. 2789. 2500. Al l t he var i abl es ar e st r i ngs, so t hei r
dat at ype i s octetstri ngasci i . The t r ap PDU wi l l be packed wi t h
t hese t hr ee st r i ngs, among ot her t hi ngs. The pr ogr amt hat
r ecei ves t he t r ap wi l l decode t he t r ap PDU and r eal i ze t hat
t her e ar e t hr ee var i abl e bi ndi ngs i n t he t r ap. These var i abl e
bi ndi ngs, l i ke t he one t hat r eads " Cal l t he DBA Now f or Hel p, "
can be used t o al er t t he oper at or t hat somet hi ng bad has
happened.
10. 3. 2 Sendi ng Traps wi t h Perl

I n Chapt er 8 we l ear ned how t o use t he get and set pi eces of
t he SNMP Per l modul e. I n t hi s sect i on we' l l see how t o use t he
snmptrap( ) r out i ne t o gener at e t r aps. Cur r ent l y, SNMP_uti l suppor t s
onl y t hr ee t ypes f or t r aps: stri ng, i nt, and oi d. Thi s can seem
l i mi t i ng, but i t cover s most needs. Her e' s how snmptrap i s
cal l ed:
snmptrap(communi tyname@host: port_number, enterpri seOI D, host_name_f rom,
generi c_I D, speci f i c_I D, OI D, type, val ue, [OI D, type, val ue . . . ])
One cal l t o snmptrap can i ncl ude any number of val ues; f or each
val ue, you must speci f y t he obj ect I D, t he dat at ype, and t he
val ue you' r e r epor t i ng. The next scr i pt gener at es a t r ap wi t h
onl y one val ue:
#Fi l ename: / opt/ l ocal / perl _scri pts/ snmptrap. pl

use SNMP_uti l "0. 54"; #Thi s wi l l l oad the BER and SNMP_Sessi on f or us

". 1. 3. 6. 1. 4. 1. 2789. 1247. 1", "i nt", "2448816");
The cal l t o snmptrap( ) sends a t r ap t o por t 162 on host nms. The
t r ap i s sent f r omhost sunserver1; i t cont ai ns a si ngl e var i abl e
bi ndi ng, f or t he obj ect . 1. 3. 6. 1. 4. 1. 2789. 1247. 1. The OI D' s t ype i s i nt
and i t s val ue i s 2448816.
Now l et ' s t r y sendi ng a t r ap wi t h mul t i pl e val ues ( mul t i pl e
var i abl e bi ndi ngs) . The f i r st obj ect we' l l r epor t i s an
i nt eger , t o whi ch we gi ve t he ar bi t r ar y val ue 4278475. The second
obj ect has a st r i ng val ue and i s a war ni ng t hat our dat abase
has st opped. Because we' r e usi ng OI Ds t hat bel ong t o our own
ent er pr i se, we can def i ne t hese obj ect s t o be anyt hi ng we want :
". 1. 3. 6. 1. 4. 1. 2789. 3301. 1", "i nt", "4278475",
". 1. 3. 6. 1. 4. 1. 2789. 3301. 2", "stri ng", "Sybase DB Stopped");
We can use t he Net - SNMP snmptrapd pr ogr amt o moni t or t he t r aps
comi ng i n. We execut ed t he pr ecedi ng Per l code whi l e r unni ng
snmptrapd i n st dout mode, and r ecei ved:
$ . / snmpt rapd - P
1999- 10- 12 09: 45: 08 [12. 1. 45. 26] enterpri ses. 2789. 3000:
Enterpri se Speci f i c Trap (3301) Upti me: 0: 00: 00
enterpri ses. 2789. 3301. 1 =4278475
enterpri ses. 2789. 3301. 2 ="Sybase DB Stopped"
snmptrapd r epor t ed bot h of t he val ues we sent i n t he t r ap: we
see t he i nt eger val ue 4278475 and t he not i f i cat i on t hat Sybase
has st opped. Al t hough t hi s exampl e i s hi ghl y ar t i f i ci al , i t ' s
not al l t hat di f f er ent f r omwhat you woul d do when wr i t i ng your
own moni t or i ng sof t war e. You woul d wr i t e what ever code i s
necessar y t o moni t or vi t al syst ems such as your dat abase and
use t he Per l SNMP modul e t o send t r aps when si gni f i cant event s
occur . You can t hen use any pr ogr amcapabl e of r ecei vi ng t r aps
t o i nf or myou when t he t r aps ar r i ve. I f you want , you can add

l ogi c t hat anal yzes t he val ues sent i n t he t r ap or t akes ot her
act i ons, such as not i f yi ng an oper at or vi a a pager .
10. 3. 3 Sendi ng Traps wi t h Net work Comput i ng Technol ogi es Trap Generat or
Thi s Wi ndows- based command- l i ne ut i l i t y gi ves us t he same
f eat ur es as i t s Uni x count er par t s. I t under st ands t he Stri ng,
Counter, Gauge, I nteger, Address, OI D, and Ti meTi cks dat at ypes. The
command l i ne f or nttrapgen l ooks l i ke t hi s:
nttrapgen. exe - d Desti nati onI pAddress: port - c Communi tyName
- o senderOI D - i senderI P - g Generi cTrapType
- s Speci f i cTrapType - t ti mestamp - v OI D TYPE VALUE
Her e' s how t o use nttrapgen t o send a t r ap not i f yi ng us t hat
t he UPS bat t er y i s r unni ng l ow. We use t he Stri ng dat at ype t o
send an i nf or mat i ve message, and we use t r ap 4025. 1 f r omour
pr i vat e ent er pr i se I D, 2789:
C: tool s>nt t rapgen. exe - d nms: 162 - c publ i c - o ^
1. 3. 6. 1. 4. 1. 2789. 4025 - i 10. 123. 456. 4 - g 6 - s 4025 - t 124501 ^
- v 1. 3. 6. 1. 4. 1. 2789. 4025. 1 STRI NG 5 Mi nut es Lef t On UPS Bat t ery
Thi s t r ap wi l l be sent t o our net wor k- management st at i on ( whi ch
has t he host name nms) on por t 162, whi ch i s t he st andar d por t
f or SNMP t r aps. Any management st at i on shoul d be abl e t o
r ecei ve t he t r ap and act on i t appr opr i at el y. You can use t hi s
command i n bat ch scr i pt s, whi ch ar e essent i al l y t he same as
Uni x shel l scr i pt s. Ther ef or e, you can use nttrapgen t o
gener at e t r aps as you need t hem: you can wr i t e scr i pt s t hat
moni t or key pr ocesses and gener at e t r aps when any i nt er est i ng
event s t ake pl ace. As wi t h t he ear l i er Per l exampl e, you can
use t hi s si mpl e t r ap gener at or i n your envi r onment i f you don' t
need a heavy- dut y management syst em.
10. 3. 4 Sendi ng Traps wi t h Net - SNMP
Thi s snmptrap pr ogr aml ooks ver y si mi l ar t o OpenVi ew' s
snmptrap. Thi s pr ogr amuses a si ngl e l et t er t o r ef er t o
dat at ypes, as shown i n Tabl e 10- 2.
Tabl e 10- 2. Net - SNMP snmpt rap Dat at ypes
Abbreviation Datatype
a I P addr ess
c Count er
i I nt eger
n Nul l

o Obj ect I D
s St r i ng
t Ti me t i cks
Her e' s how t he Net - SNMP snmptrap pr ogr ami s i nvoked:
snmptrap hostname communi ty enterpri seoi d agent
generi c- trap speci f i c- trap upti me [OI D type val ue]. . .
I f you use t wo si ngl e quot es ( ' ' ) i n pl ace of t he t i me,
snmptrap i nser t s t he cur r ent t i me i nt o t he t r ap. The f ol l owi ng
command gener at es a t r ap wi t h a si ngl e val ue. The obj ect I D i s
2005. 1, wi t hi n our pr i vat e ent er pr i se; t he val ue i s a st r i ng
t hat t el l s us t hat t he web ser ver has been r est ar t ed:
$ snmpt rap nms publ i c . 1. 3. 6. 1. 4. 1. 2789. 2005 nt server1 6 2476317 ' '
. 1. 3. 6. 1. 4. 1. 2789. 2005. 1 s "WWWServer Has Been Rest art ed"
Her e' s how t o send a Ver si on 2 not i f i cat i on wi t h Net - SNMP:
[ 10]

[10]
For i nf ormati on about sendi ng Versi on 3 noti f i cati ons wi th
Net- SNMP, see Appendi x F.
$ snmpt rap - v2c nms publ i c ' ' . 1. 3. 6. 1. 6. 3. 1. 1. 5. 3
i f I ndex i 2 i f Admi nSt at us i 1 i f OperSt at us i 1
The command i s act ual l y si mpl er t han i t s Ver si on 1 equi val ent .
Ther e ar e no gener i c number s, speci f i c number s, or vendor I Ds.
The "" ar gument def aul t s t o t he cur r ent syst emupt i me. The OI D
speci f i es t he l i nkDown not i f i cat i on, wi t h t hr ee dat a bi ndi ngs
speci f yi ng t he l i nk' s st at us. The def i ni t i on of l i nkDown i n t he
I F- MI B st at es t hat t he l i nkDown not i f i cat i on must i ncl ude t he
i f I ndex, i f Admi nSt at us, and i f Oper St at us obj ect s, whi ch r epor t
t he i ndex of t he i nt er f ace t hat went down, i t s admi ni st r at i ve
st at us, and i t s oper at i onal st at us, r espect i vel y. For
i f Admi nSt at us and i f Oper St at us, a val ue of 1 i ndi cat es t hat t he
l i nk i s up. So t hi s not i f i cat i on r epor t s t hat i nt er f ace 2 has
changed i t s st at e f r om" down" t o " up. "
Agai n, t he snmptrap command- l i ne t ool l et s you i nt egr at e SNMP
moni t or i ng i nt o shel l scr i pt s and ot her pr ogr ams.
10. 3. 5 Forci ng Your Hardware t o Generat e Traps
When you i nst al l a new pi ece of equi pment , you shoul d ver i f y
t hat i t gener at es t r aps cor r ect l y. Test i ng your equi pment ' s
abi l i t y t o gener at e t r aps has t he added benef i t of t est i ng t he
behavi or of your NMS; you can ensur e t hat i t handl es t r aps i n
t he way you want . The best way t o t est new har dwar e i s t o r ead
your vendor ' s MI B and l ook f or al l t he TRAP- TYPEs t hey have

def i ned. Thi s wi l l gi ve you a good f eel f or what sor t of t r aps
your vendor has i mpl ement ed. For exampl e, I r ead t hr ough our
APC MI B and not i ced t hat t he uni t wi l l send a t r ap when i t goes
ont o bat t er y power i f t he AC power goes out . To t est t hi s
f eat ur e, I secur ed t he ar ea i n our dat acent er and swi t ched of f
t he ci r cui t br eaker t o si mul at e a power f ai l ur e. The t r ap was
gener at ed, but i t showed up i n t he Er r or event cat egor y because
I di d not have t he cor r ect MI B l oaded i n OpenVi ew. I t ook t he
OI D f r omt he Er r or event s and sear ched t he APC MI Bs f or a
mat ch. When I f ound one, I l oaded t he MI B f i l e i nt o OpenVi ew
and r epeat ed t he t est . Thi s t i me, when t he t r ap was r ecei ved
OpenVi ew put an i nf or mat i ve message i n t he Event Cat egor i es.
Most SNMP- compat i bl e r out er s, swi t ches, and net wor k devi ces can
gener at e l i nkDown t r aps. Fr omRFC 1157, a l i nkDown t r ap i s a
" f ai l ur e i n one of t he communi cat i on l i nks r epr esent ed i n t he
agent ' s conf i gur at i on. " Thi s means t hat i f you st ar t unpl uggi ng
por t s on your r out er you shoul d r ecei ve t r aps, r i ght ? Yes, but
f i r st make sur e you don' t st ar t di sconnect i ng pr oduct i on
dat abase ser ver s. Fur t her mor e, make sur e you don' t di sconnect
t he por t by whi ch your devi ce woul d send t he t r ap back t o t he
NMS. Remember , SNMP i s desi gned wi t h t he assumpt i on t hat t he
net wor k i s unr el i abl e - - i f somet hi ng sends a t r ap but t her e' s
no way f or t he t r ap t o r each i t s dest i nat i on, no one wi l l f i nd
out . By def aul t , a l i nkDown t r ap won' t appear i n OpenVi ew' s
Event Cat egor i es, because t he def aul t set t i ng f or l i nkDown i s
" Log onl y" ; wat ch t he l og f i l e $OV_LOG/trapd.log t o see t hese
t r aps ar r i ve. Once you have a mechani smf or r ecei vi ng t r aps,
br i ngi ng t he l i nk up and down on your devi ce shoul d send some
t r aps your way.
10. 3. 6 Usi ng Hooks wi t h Your Programs
A hook i s a conveni ent i nt er f ace t hat l et s you i nt egr at e your
own code i nt o some ot her pr oduct . The Emacs t ext edi t or i s a
good exampl e of a pr ogr amt hat uses hooks, al most ent i r el y, t o
al l ow i t s user s t o ext end how i t oper at es. Let ' s l ook at t he
f ol l owi ng si mpl e pr ogr amt o expl ai n t hi s concept f ur t her :
#Logi cal Sampl e ProgramNH1
#PROGRAMCOMMENTS
#PROGRAMBEGI NS

PROGRAMADDS $VAR1 +$VAR2 =$VAR3
PROGRAMSUBTRACTS $VAR5 - $VAR6 =$VAR7
PROGRAMPRI NTS RESULTS $VAR3 $VAR7

#PROGRAMENDS
Thi s pr ogr amsi mpl y ADDS, SUBTRACTS, and PRI NTS RESULTS; i t does not
have any hooks. To add a f eat ur e, you have t o modi f y t he code.
For a smal l pr ogr aml i ke t hi s t hat i s a t r i vi al exer ci se, but
i t woul d be di f f i cul t i n a pr ogr amof any si ze. The next
pr ogr amcont ai ns some hooks t hat l et you add ext ensi ons:

#Logi cal Sampl e ProgramH1
#PROGRAMCOMMENTS
#PROGRAMBEGI NS
PROGRAMRUNS $PATH/ start. sh


PROGRAMRUNS $PATH/ end. sh
#PROGRAMENDS
Not i ce t he t wo addi t i onal RUNS st at ement s. These hooks al l ow you
t o r un anyt hi ng you want at t he st ar t or end of t he pr ogr am.
The f i r st pr ogr am, start.sh, mi ght be as si mpl e as t he command
echo "I am starting", whi ch sends a si mpl e message t o t he
syst emor management consol e. Thi s scr i pt coul d al so cal l one
of t he t r ap- gener at i on pr ogr ams t o send a t r ap t o t he NMS
st at i ng t hat some pr ogr ami s st ar t i ng. I t woul d be even mor e
usef ul t o send a message when t he pr ogr amt er mi nat es, possi bl y
i ncl udi ng i nf or mat i on about t he pr ogr am' s st at us. Her e' s a
sl i ght l y mor e compl i cat ed pr ogr amt hat r uns a scr i pt , pr ovi di ng
a number of ar gument s so t hat t he scr i pt can send usef ul
i nf or mat i on back t o t he NMS when i t gener at es a t r ap:
#Logi cal Sampl e ProgramH2
#PROGRAMCOMMENTS
#PROGRAMBEGI NS
PROGRAMRUNS $PATH/ start. sh $PROGRAM_NAME


PROGRAMRUNS $PATH/ end. sh $PROGRAM_NAME $VAR1 $VAR2 $VAR3 $VAR5 $VAR6 $VAR7
#PROGRAMENDS
Wi t h t he addi t i onal ar gument s avai l abl e t o t he hook pr ogr ams,
we can gener at e messages l i ke " The Pr ogr amWi dget has ended
wi t h sal es at $4 and YTD at $7. " I f your hook pr ogr ams ar e
shel l scr i pt s, you can si mpl y add snmptrap commands vi a a t ext
edi t or . Once you f i ni sh addi ng t he snmptrap code, you can t est
your hook pr ogr amby r unni ng i t on t he command l i ne.
On most syst ems, many scr i pt s can benef i t f r omsnmptrap hooks.
On Sol ar i s or Li nux machi nes, f or exampl e, some of your
/etc/init.d scr i pt s can be r et r of i t t ed t o make use of snmptrap
commands. I t mi ght be usef ul t o have some ki nd of not i f i cat i on
when i mpor t ant pr ocesses such as your web ser ver or DNS ser ver
st ar t and st op. Havi ng such i nf or mat i on on hand mi ght make l i f e
much easi er f or your hel pdesk. ( The Concor d Syst emEDGE SNMP
agent pr ovi des mor e r i gor ous pr ocess- moni t or i ng capabi l i t i es.
See Chapt er 11 f or mor e i nf or mat i on on t hi s pr oduct . )

I t ' s har der t o add hooks t o pr ogr ams wr i t t en i n l anguages l i ke
C, because you need access t o t he sour ce code as wel l as t he
abi l i t y t o f i gur e out wher e t o pl ace t he hooks. Once you have
i dent i f i ed wher e your hooks go and added t hem, you must
r ecompi l e t he sour ce code. Some pr ogr ams have hooks bui l t i n,
al l owi ng you t o r un ext er nal pr ogr ams or RPCs. Check your
pr ogr am' s document at i on f or t he l ocat i ons of t hese hooks. Thi s
i s much mor e conveni ent t han t r yi ng t o bui l d your own hooks
i nt o anot her pr ogr am. Once you have est abl i shed what t hese
ext er nal pr ogr ams ar e cal l ed, you can st ar t wr i t i ng your own
t r aps or addi ng t o exi st i ng ones.

Chapter 11. Extensi bl e SNMP Agents
Ther e wi l l come a t i me when you want t o ext end an agent ' s
f unct i onal i t y. Ext endi ng an agent usual l y means addi ng or
changi ng t he MI Bs t he agent suppor t s. Many agent s t hat cl ai mt o
suppor t SNMP cover onl y a mi ni mal number of somewhat usel ess
MI Bs - - obvi ousl y a f r ust r at i ng si t uat i on f or someone who i s
pl anni ng on doi ng l ot s of aut omat ed net wor k management .
Upgr adi ng your sof t war e t o a newer ver si on of SNMP, say Ver si on
2 or 3, won' t hel p; you won' t get any mor e i nf or mat i on out of a
devi ce t han i f you wer e usi ng SNMPv1. The newer ver si ons of
SNMP add f eat ur es t o t he pr ot ocol ( such as addi t i onal secur i t y
or mor e sophi st i cat ed opt i ons f or r et r i evi ng and set t i ng
val ues) , but t he i nf or mat i on t hat ' s avai l abl e f r omany devi ce
i s def i ned i n t he agent ' s MI Bs, whi ch ar e i ndependent of t he
pr ot ocol i t sel f .
When you ar e f aced wi t h an agent ' s l i mi t at i ons, you can t ur n t o
ext ensi bl e agent s.
[ 1]
These pr ogr ams, or ext ensi ons t o exi st i ng
pr ogr ams, al l ow you t o ext end a par t i cul ar agent ' s MI B and
r et r i eve val ues f r oman ext er nal sour ce ( a scr i pt , pr ogr am, or
f i l e) . I n some cases, dat a can be r et ur ned as i f i t wer e comi ng
f r omt he agent i t sel f . Most of t he t i me you wi l l not see a
di f f er ence bet ween t he agent ' s nat i ve MI Bs and your ext ensi bl e
ones. Many ext ensi bl e agent s gi ve you t he abi l i t y t o r ead
f i l es, r un pr ogr ams, and r et ur n t hei r r esul t s; t hey can even
r et ur n t abl es of i nf or mat i on. Some agent s have conf i gur abl e
opt i ons t hat al l ow you t o r un ext er nal pr ogr ams and have pr eset
f unct i ons, such as di sk- space checker s, bui l t i n.
[1]
We don' t make a di sti ncti on between exi sti ng agents that can
be extended and agents that exi st purel y to support extensi ons.
We' l l cal l themboth "extensi bl e agents. "
The OpenVi ew, Net - SNMP, and Syst emEDGE agent s ar e al l exampl es
of ext ensi bl e agent s. OpenVi ew pr ovi des a separ at e ext ensi bl e
agent t hat al l ows you t o ext end t he mast er agent ( snmpdm) ;
r equest s f or t he ext ensi bl e agent won' t wor k unl ess t he mast er
agent i s r unni ng. You can st ar t and st op t he ext ensi bl e agent

wi t hout di st ur bi ng t he mast er agent . To cust omi ze t he
ext ensi bl e agent you def i ne new obj ect s usi ng t he ASN. 1 f or mat ,
as speci f i ed by t he SMI . The Net - SNMP agent t akes an al t er nat e
appr oach. I t doesn' t make a di st i nct i on bet ween t he mast er
agent and t he ext ensi bl e agent ; t her e' s onl y one agent t o wor r y
about . You can use ASN. 1 t o def i ne new obj ect s ( as wi t h t he
OpenVi ew ext ensi bl e agent ) , but t her e' s al so a f aci l i t y f or
addi ng ext ensi ons wi t hout wr i t i ng any ASN. 1, maki ng t hi s agent
si gni f i cant l y mor e accessi bl e f or t he novi ce admi ni st r at or .
Syst emEDGE i s si mi l ar t o Net - SNMP i n t hat t her e i s onl y one
agent t o wor r y about . Of t he t hr ee agent s di scussed i n t hi s
chapt er , i t i s t he easi est t o ext end. Fi gur e 11- 1 compar es t he
desi gn st r at egi es of t he OpenVi ew, Net - SNMP, and Syst emEDGE
agent s.
Fi gure 11- 1. Archi t ect ure of ext ensi bl e agent s

Al l t hr ee agent s have f ai r l y compr ehensi ve conf i gur at i on
opt i ons and al l al l ow you t o ext end t he l ocal agent wi t hout
heavy pr ogr ammi ng. You may need t o wr i t e some scr i pt s or a f ew
shor t C pr ogr ams, but wi t h t he sampl e pr ogr ams her e and t he
t housands mor e t hat ar e on t he I nt er net ,
[ 2]
nonpr ogr ammer s can
st i l l get a l ot done.
[2]
See Chapter 1 f or a l i st of a f ewweb si tes that have l i nks
to commerci al and f ree SNMP sof tware.
We' l l st ar t wi t h t he Net - SNMP agent , si nce i t i s t he si mpl est ,
t hen move t o Syst emEDGE. We' l l r ound out t he di scussi on wi t h
OpenVi ew' s ext ensi bl e agent . Be sur e t o see Chapt er 5 f or
i nf or mat i on on wher e t o obt ai n t hese agent s.

11. 1 Net - SNMP
When you i nst al l t he Net - SNMP package, i t cr eat es a sampl e
snmpd.conf conf i gur at i on f i l e cal l ed EXAMPLE.conf i n t he sour ce
di r ect or y. Thi s f i l e cont ai ns some gr eat exampl es t hat
demonst r at e how t o ext end your agent . Read t hr ough i t t o see
t he t ypes of t hi ngs you can and can' t do. We wi l l t ouch on onl y
a f ew of Net - SNMP' s f eat ur es: checki ng f or any number of
r unni ng pr ocesses ( proc) , execut i ng a command t hat r et ur ns a

si ngl e l i ne of out put ( exec) , execut i ng a command t hat r et ur ns
mul t i pl e l i nes of out put ( exec) , and checki ng di sk- space
ut i l i zat i on ( di sk) .
The mai n Net - SNMP conf i gur at i on f i l e can be f ound at
$NET_SNMP_HOME/share/snmp/snmpd.conf, wher e $NET_SNMP_HOME i s
t he di r ect or y i n whi ch you i nst al l ed Net - SNMP. Her e i s t he
conf i gur at i on f i l e t hat we wi l l use f or t he r emai nder of t hi s
sect i on:
#Fi l ename: $NET_SNMP_HOME/ share/ snmp/ snmpd. conf
#Check f or processes runni ng
#I tems i n here wi l l appear i n the ucdavi s. procTabl e
proc sendmai l 10 1
proc httpd

#Return the val ue f romthe executed programwi th a passed parm.
#I tems i n here wi l l appear i n the ucdavi s. extTabl e
exec Fi l eCheck / opt/ l ocal / shel l _scri pts/ f i l echeck. sh / tmp/ vxpri nt. error

#Mul ti l i ne return f romthe command
#Thi s needs i ts own OI D
#I have used a subset of my regi stered enterpri se I D (2789) wi thi n the OI D
exec . 1. 3. 6. 1. 4. 1. 2021. 2789. 51 FancyCheck / opt/ l ocal / shel l _scri pts/ f ancycheck. sh
/ core

#Check di sks f or thei r mi ns
di sk / 100000
Whenever you make changes t o t he Net - SNMP agent ' s conf i gur at i on
f i l e, you can have i t r er ead t he conf i gur at i on by sendi ng t he
pr ocess an HUP si gnal :
$ ps - ef | grep snmpd
root 12345 1 0 Nov 16 ? 2: 35 / usr/ l ocal / bi n/ snmpd
$ ki l l - HUP 12345
Now l et ' s l ook at t he f i l e i t sel f . The f i r st proc command says
t o check f or t he pr ocess sendmai l . The number s 10 and 1 def i ne how
many sendmail pr ocesses we want r unni ng at any gi ven t i me ( a
maxi mumof 10 and a mi ni mumof 1). The second proc command says
t hat we want at l east one httpd pr ocess r unni ng. To see what
ef f ect t hese commands have on our agent , l et ' s l ook at an
snmpwalk of ucdavi s. pr ocTabl e ( . 1. 3. 6. 1. 4. 1. 2021. 2) :
$ snmpwal k sunserver2 publ i c . 1. 3. 6. 1. 4. 1. 2021. 2
enterpri ses. ucdavi s. procTabl e. prEntry. prI ndex. 1 =1
enterpri ses. ucdavi s. procTabl e. prEntry. prNames. 1 ="sendmai l "
enterpri ses. ucdavi s. procTabl e. prEntry. prNames. 2 ="httpd"
enterpri ses. ucdavi s. procTabl e. prEntry. prMi n. 1 =1
enterpri ses. ucdavi s. procTabl e. prEntry. prMax. 1 =10
enterpri ses. ucdavi s. procTabl e. prEntry. prCount. 1 =1
enterpri ses. ucdavi s. procTabl e. prEntry. prErrorFl ag. 1 =0

enterpri ses. ucdavi s. procTabl e. prEntry. prErrMessage. 1 =""
enterpri ses. ucdavi s. procTabl e. prEntry. prErrMessage. 2 =""
enterpri ses. ucdavi s. procTabl e. prEntry. prErrFi x. 1 =0
The agent r et ur ns t he cont ent s of t he pr ocTabl e. I n t hi s t abl e,
t he sendmail and httpd pr ocess ent r i es occupy i nst ances 1 and
2. prMi n and prMax ar e t he mi ni mumand maxi mumnumber s we set f or
t he sendmail and httpd pr ocesses.
[ 3]
The prCount val ue gi ves us
t he number of pr ocesses cur r ent l y r unni ng: i t l ooks l i ke we
have one sendmail pr ocess and si x httpd pr ocesses. To see what
happens when t he number of pr ocesses f al l s out si de t he r ange we
speci f i ed, l et ' s ki l l al l si x httpd pr ocesses and l ook at t he
pr ocTabl e agai n ( i nst ead of l i st i ng t he whol e t abl e, we' l l wal k
onl y i nst ance 2, whi ch descr i bes t he httpd pr ocess) :
[3]
When prMi n and prMax are both 0, i t says that we want at l east
one and a maxi mumof i nf i ni ty processes runni ng.
enterpri ses. ucdavi s. procTabl e. prEntry. prNames. 1 ="httpd"
enterpri ses. ucdavi s. procTabl e. prEntry. prErrMessage. 1 ="No httpd
process runni ng. "
We had si x httpd pr ocesses r unni ng and now, per prCount, we have
none. The prErrMessage r epor t s t he pr obl em, and t he prErrorFl ag has
changed f r om0 t o 1, i ndi cat i ng t hat somet hi ng i s wr ong. Thi s
f l ag makes i t easy t o pol l t he agent , usi ng t he t echni ques
di scussed i n Chapt er 9, and see t hat t he httpd pr ocesses have
st opped. Let ' s t r y a var i at i on on t hi s t heme. I f we set prMi n t o
i ndi cat e t hat we want mor e t han si x httpd pr ocesses r unni ng,
t hen r est ar t httpd, our prErrMessage i s:
enterpri ses. ucdavi s. procTabl e. prEntry. prErrMessage. 1 ="Too f ew
httpd runni ng (#=0)"
The next command i n t he conf i gur at i on f i l e i s exec; t hi s command
al l ows us t o execut e any pr ogr amand r et ur n t he pr ogr am' s
r esul t s and exi t val ue t o t he agent . Thi s i s hel pf ul when you
al r eady have a pr ogr amyou woul d l i ke t o use i n conj unct i on
wi t h t he agent . We' ve wr i t t en a si mpl e shel l scr i pt cal l ed
filecheck.sh t hat checks whet her t he f i l e t hat ' s passed t o i t
on t he command l i ne exi st s. I f t he f i l e exi st s, i t r et ur ns a 0
( zer o) ; ot her wi se, i t r et ur ns a 1 ( one) :
#!/ bi n/ sh
#Fi l eName: / opt/ l ocal / shel l _scri pts/ f i l echeck. sh

i f [ - f $1 ]; then
exi t 0

f i
exi t 1
Our conf i gur at i on f i l e uses filecheck.sh t o check f or t he
exi st ence of t he f i l e /tmp/vxprint.error. Once you have t he
filecheck.sh scr i pt i n pl ace, you can see t he r esul t s i t
r et ur ns by wal ki ng ucdavi s. ext Tabl e ( . 1. 3. 6. 1. 4. 1. 2021. 8) :
enterpri ses. ucdavi s. extTabl e. extEntry. extI ndex. 1 =1
enterpri ses. ucdavi s. extTabl e. extEntry. extNames. 1 ="Fi l eCheck"
enterpri ses. ucdavi s. extTabl e. extEntry. extCommand. 1 =
"/ opt/ l ocal / shel l _scri pts/ f i l echeck. sh / tmp/ vxpri nt. error"
enterpri ses. ucdavi s. extTabl e. extEntry. extResul t. 1 =0
enterpri ses. ucdavi s. extTabl e. extEntry. extOutput. 1 =""
enterpri ses. ucdavi s. extTabl e. extEntry. extErrFi x. 1 =0
The f i r st ar gument t o t he exec command
[ 4]
i n t he conf i gur at i on
f i l e i s a l abel t hat i dent i f i es t he command so we can easi l y
r ecogni ze i t i n t he ext Tabl e. I n our case we used Fi l eCheck - -
t hat ' s not a par t i cul ar l y good name, because we mi ght want t o
check t he exi st ence of sever al f i l es, but we coul d have named
i t anyt hi ng we deemed usef ul . What ever name you choose i s
r et ur ned as t he val ue of t he ext Tabl e. ext Ent r y. ext Names. 1
obj ect . Because t he f i l e /tmp/vxprint.error exi st s,
filecheck.sh r et ur ns a 0, whi ch appear s i n t he t abl e as t he
val ue of ext Tabl e. ext Ent r y. ext Resul t . 1. You can al so have t he
agent r et ur n a l i ne of out put f r omt he pr ogr am. Change
filecheck.sh t o per f or man ls -la on t he f i l e i f i t exi st s:
[4]
See the EXAMPLE. conf conf i gurati on f i l e i ntroduced at the
begi nni ng of thi s chapter.
#!/ bi n/ sh
#Fi l eName: / opt/ l ocal / shel l _scri pts/ f i l echeck. sh

i f [ - f $1 ]; then
l s - l a $1
exi t 0
f i

exi t 1
When we pol l t he agent , we see t he out put f r omt he scr i pt i n
t he ext Out put val ue t he agent r et ur ns:
enterpri ses. ucdavi s. extTabl e. extEntry. extOutput. 1 =
" 16 - rw- r- - r- - 1 root other 2476 Feb 3 17: 13 / tmp/ vxpri nt. error. "
Thi s si mpl e t r i ck wor ks onl y i f t he scr i pt r et ur ns a si ngl e
l i ne of out put . I f your scr i pt r et ur ns mor e t han one l i ne of
out put , i nser t an OI D i n f r ont of t he st r i ng name i n t he exec
command.
Her e' s t he next command f r omour snmpd.conf f i l e:
exec . 1. 3. 6. 1. 4. 1. 2021. 2789. 51 FancyCheck / opt/ l ocal / shel l _scri pts/ f ancycheck. sh
/ core

Thi s command r uns t he pr ogr amfancycheck.sh, wi t h t he
i dent i f yi ng st r i ng FancyCheck. We won' t bot her t o l i st
fancycheck.sh; i t ' s j ust l i ke filecheck.sh, except t hat i t adds
a check t o det er mi ne t he f i l e t ype. The OI D i dent i f i es wher e i n
t he MI B t r ee t he agent wi l l pl ace t he r esul t of r unni ng t he
command. I t needs t o be i n t he ucdavi s ent er pr i se
( . 1. 3. 6. 1. 4. 1. 2021) . We r ecommend t hat you f ol l ow t he ucdavi s
ent er pr i se I D wi t h your own ent er pr i se number , t o pr event
col l i si ons wi t h obj ect s def i ned by ot her sour ces and avoi d
over wr i t i ng one of ucdavi s' s subt r ees. Fol l ow your ent er pr i se
number wi t h anot her number t o i dent i f y t hi s par t i cul ar command.
I n t hi s case, our ent er pr i se I D i s 2789 and we assi gn t he
ar bi t r ar y number 51 t o t hi s command. Thus, t he compl et e OI D i s
. 1. 3. 6. 1. 4. 1. 2021. 2789. 51.
Her e ar e t he r esul t s f r omwal ki ng t he . 1. 3. 6. 1. 4. 1. 2021. 2789. 51
subt r ee:
$ snmpwal k sunserver2 publ i c . 1. 3. 6. 1. 4. 1. 2021. 2789. 51
enterpri ses. ucdavi s. 2789. 51. 1. 1 =1
enterpri ses. ucdavi s. 2789. 51. 2. 1 ="FancyCheck"
enterpri ses. ucdavi s. 2789. 51. 3. 1 =
"/ opt/ l ocal / shel l _scri pts/ f ancycheck. sh / core"
ucdavi s. 2789. 51. 100. 1 =0
ucdavi s. 2789. 51. 101. 1 ="- rw- r- - r- - 1 root other
346708 Feb 14 16: 30 / core. "
ucdavi s. 2789. 51. 101. 2 ="/ core: . . ELF 32- bi t MSB core f i l e SPARC
Versi on 1, f rom' httpd' . "
ucdavi s. 2789. 51. 102. 1 =0
Not i ce t hat we have a f ew addi t i onal l i nes i n our out put .
2789. 51. 100. 1 i s t he exi t number , 2789. 51. 101. 1 and
2789. 51. 101. 2 ar e t he out put f r omt he command, and
2789. 51. 102. 1 i s t he er r or Fi x val ue. These val ues can be usef ul
when you ar e t r yi ng t o debug your new ext ensi on.
( Unf or t unat el y, snmpwalk can gi ve you onl y t he numer i c OI D, not
t he human- r eadabl e name, because snmpwalk doesn' t know what
2789. 51. x i s. )
The l ast t ask f or Net - SNMP' s ext ensi bl e agent i s t o per f or m
some di sk- space moni t or i ng. Thi s i s a gr eat opt i on t hat l et s
you check t he avai l abi l i t y of di sk space and r et ur n mul t i pl e
( usef ul ) val ues. The di sk opt i on t akes a f i l esyst emmount poi nt
f ol l owed by a number . Her e i s what our ent r y l ooks l i ke i n
snmpd.conf:
#Check di sks f or thei r mi ns
di sk / 100000
The def i ni t i on of t he di sk opt i on f r omUCD-SNMP-MIB.txt i s
" Mi ni mumspace r equi r ed on t he di sk ( i n kByt es) bef or e t he
er r or s ar e t r i gger ed. " Let ' s f i r st t ake a l ook on sunser ver 2 t o
see what t he common df pr ogr amr et ur ns:
$ df - k /
Fi l esystem kbytes used avai l capaci ty Mounted on

/ dev/ dsk/ c0t0d0s0 432839 93449 296110 24% /
To see what SNMP has t o say about t he di sk space on our ser ver ,
r un snmpwalk agai nst t he ucdavi s. di skTabl e obj ect
( . 1. 3. 6. 1. 4. 1. 2021. 9) . Thi s r et ur ns vi r t ual l y t he same
i nf or mat i on as t he df command:
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskI ndex. 1 =1
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskPath. 1 ="/ " Hex: 2F
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskDevi ce. 1 =
"/ dev/ dsk/ c0t0d0s0"
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskMi ni mum. 1 =100000
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskMi nPercent. 1 =- 1
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskTotal . 1 =432839
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskAvai l . 1 =296110
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskUsed. 1 =93449
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskPercent. 1 =24
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskErrorFl ag. 1 =0
enterpri ses. ucdavi s. di skTabl e. dskEntry. dskErrorMsg. 1 =""
As you can see, t he Net - SNMP agent has many cust omi zabl e
f eat ur es t hat al l ow you t o t ai l or your moni t or i ng wi t hout
havi ng t o wr i t e your own obj ect def i ni t i ons. Be sur e t o r evi ew
$NET_SNMP_HOME/share/snmp/mibs/UCD-SNMP-MIB.txt f or compl et e
def i ni t i ons of al l Net - SNMP' s var i abl es. Whi l e we t ouched on
onl y a f ew cust omi zabl e opt i ons her e, you wi l l f i nd many ot her
usef ul opt i ons i n t he EXAMPLE.conf f i l e t hat comes wi t h t he
Net - SNMP package.
11. 2 Syst emEDGE
The Syst emEDGE agent i s al so ext ensi bl e. No ot her syst em
pr ocesses need t o be r un i n or der t o ext end t hi s agent . I t
comes wi t h t hr ee pr edef i ned ext ended obj ect s: Domai n Name
Syst em( DNS) f or Uni x, Net wor k I nf or mat i on Syst em( NI S) f or
Uni x, and Remot e Pi nger f or Uni x and Wi ndows NT. The f i r st
obj ect r et ur ns t he domai n name of t he under l yi ng oper at i ng
syst em, t he second r et ur ns t he NI S domai n name of t he
under l yi ng oper at i ng syst em, and t he t hi r d sends I CMP r equest s
t o a r emot e host f r omt he syst emon whi ch t he agent i s r unni ng.
Whi l e t hese ar e ni ce scr i pt s t o have, what we want t o f ocus on
i s how t o add your own OI Ds t o t he agent .
11. 2. 1 Ext ensi bi l i t y f or Uni x and Wi ndows NT
The Syst emEDGE agent has a pr i vat e MI B t hat def i nes a t abl e
cal l ed t he ext ensi onGr oup. I t s f ul l OI D i s 1. 3. 6. 1. 4. 1. 546. 14
( i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. empi r e. ext ensi onGr oup
) . Thi s i s wher e you def i ne your own obj ect s. The f i r st obj ect
you def i ne has t he OI D ext ensi onGr oup. 1. 0
( 1. 3. 6. 1. 4. 1. 546. 14. 1. 0) , wher e t he . 0 i ndi cat es t hat t he
obj ect i s scal ar ; t he next has t he OI D ext ensi onGr oup. 2. 0, and
so on. Not e t hat al l t he obj ect s def i ned t hi s way must be
scal ar . For advanced user s, Concor d has devel oped a pl ug- i n

ar chi t ect ur e f or Syst emEDGE t hat al l ows you t o devel op compl ex
ext ended obj ect s ( i ncl udi ng t abl es) and f ul l - bl own MI Bs.
To ext end t he agent , st ar t by edi t i ng t he sysedge.cf f i l e. Thi s
f i l e t el l s t he agent t o whi ch ext ended OI Ds i t must r espond.
The f or mat of a command i n t hi s f i l e i s:
extensi on Leaf Number Type Access ' Command'
The keywor d extensi on t el l s t he agent t hat t hi s conf i gur at i on
ent r y i s an ext ensi on t hat bel ongs t o t he ext ensi onGr oup.
Leaf Number i s t he ext ensi on obj ect number - - i . e. , t he number
you assi gn t o t he obj ect i n t he ext ensi onGr oup t abl e. Type i s
t he SNMP t ype f or t he OI D. Val i d t ypes ar e I nteger, Counter, Gauge,
Octetstri ng, Ti meTi cks, Obj ecti d, and I PAddress. Access i s ei t her Read- Onl y
or Read- Wri te. And f i nal l y, Command i s t he scr i pt or pr ogr amt he
agent wi l l execut e when t hi s par t i cul ar OI D i s quer i ed by an
NMS. We' l l t al k mor e about t hi s shor t l y. Her e ar e some exampl es
of ext ensi on obj ect s:
extensi on 1 I nteger Read- Onl y ' / usr/ l ocal / bi n/ Scri pt. sh'
extensi on 2 Gauge Read- Onl y ' / usr/ l ocal / bi n/ Scri pt. pl '
extensi on 33 Counter Read- Wri te ' / usr/ l ocal / bi n/ Program'
The f i r st i t emdef i nes a r eadonl y OI D of t ype I nteger. The OI D
i s 1. 3. 6. 1. 4. 1. 546. 14. 1. 0. The agent wi l l execut e t he command
/ usr / l ocal / bi n/ exampl eScr i pt . sh when t hi s OI D i s quer i ed. The
second ent r y i s si mi l ar , except i t s t ype i s Gauge and i t s
numer i c OI D i s 1. 3. 6. 1. 4. 1. 546. 14. 2. 0. The t hi r d exampl e si mpl y
shows t hat Leaf Number doesn' t have t o be sequent i al ; you can
use any number you want , pr ovi ded t hat i t i s uni que.
Ext endi ng t he agent al l ows you t o wr i t e your own scr i pt s t hat
do what ever you want : you can get i nf or mat i on about devi ces or
pr ogr ams t hat ar e not SNMP- capabl e, as l ong as you can wr i t e a
scr i pt t hat quer i es t hemf or t hei r st at us. I n t he exampl e
above, /usr/local/bin/Script.sh, /usr/local/bin/Script.pl, and
/usr/local/bin/Program ar e al l exampl es of scr i pt s t he agent
wi l l execut e when t he OI D assi gned t o each scr i pt i s quer i ed.
Two r equi r ement s must be met by any scr i pt or pr ogr am:
All set, get, and getnext requests must generate output.
For get and getnext, the output from the script should be
the actual value of the object requested. This means that
the script or program that fetches the required
information must return a single value. For a set request,
the script should return the object's new value. The
request will fail if there is no output. (Note that for a
set request, a script may succeed in changing the state of
the device even if it produces no output and the agent
considers the script to have failed.)
The script or program should print whatever information it
needs to return (based on the type of request), followed
by a newline character. The agent parses only up to this
character. If a newline is the first character the agent
encounters, the agent generates an error and returns this
to the NMS or SNMP application.

The agent sends t hr ee ar gument s t o t he scr i pt or pr ogr ami t
execut es: t he Leaf Number , t he r equest t ype ( GET, GETNEXT, or SET,
i n capi t al l et t er s) , and a st r i ng t hat r epr esent s some val ue t o
be set ( t he t hi r d ar gument i s used onl y f or SET r equest s) . The
f ol l owi ng skel et al Per l scr i pt , cal l ed skel.pl, shows how you
can use al l t hr ee ar gument s:

i f ($ARGV[0] ==1) {
#OI D queri ed i s 1. 3. 6. 1. 4. 1. 546. 14. 1. 0
i f ($ARGV[1] eq "SET") {
#use $ARGV[2] to set the val ue of somethi ng and return the set val ue,
#f ol l owed by a newl i ne character, to the agent
} el si f (($ARGV[1] eq "GET") | | ($ARGV[1] eq "GETNEXT")) {
#get the i nf ormati on to whi ch thi s OI D pertai ns, then return i t,
#f ol l owed by a newl i ne character, to the agent
}
} el se {
return 0;
#return 0, si nce I don' t knowwhat to do wi th thi s OI D
}
Al l you have t o do i s add t he l ogi c t hat t akes some act i on t o
r et r i eve ( or set ) t he appr opr i at e val ue and r et ur n t he cor r ect
val ue t o t he agent . The cor r espondi ng ent r y i n sysedge.cf mi ght
l ook somet hi ng l i ke t hi s:
extensi on 1 I nteger Read- Wri te ' / usr/ l ocal / bi n/ skel . pl '
What we' ve done so f ar gi ves t he agent t he abi l i t y t o r espond
t o r equest s f or a new ki nd of dat a. We st i l l need t o sol ve t he
ot her par t of t he puzzl e: t el l i ng t he management st at i on t hat
some new ki nd of dat a i s avai l abl e f or i t t o r et r i eve. Thi s
r equi r es cr eat i ng an ent r y i n a MI B f i l e.
[ 5]
Af t er addi ng t hi s
ent r y t o t he f i l e, you must r ecompi l e t he MI B i nt o your NMS
syst emso t hat t he NMS wi l l know t he access and t ype of each of
t he ext ended obj ect s i n t he MI B f or whi ch i t i s t o per f or m
quer i es. Her e i s a MI B ent r y t hat cor r esponds t o t he pr evi ous
agent ext ensi on:
[5]
Concord recommends that you keep al l your extended MI B
obj ects i n a separate f i l e, away f romthe SystemEDGE MI B f i l e.
Thi s makes i t easi er f or you to recompi l e i t i nto your NMS.
skel etonVari abl e OBJ ECT- TYPE
SYNTAX I nteger
ACCESS Read- Wri te
DESCRI PTI ON
"Thi s i s an exampl e obj ect. "
: : ={ extensi onGroup 1 }
Once t hi s i s compi l ed i nt o t he NMS, you can quer y t he obj ect by
speci f yi ng i t s f ul l name
( i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. empi r e. ext ensi onGr oup
. skel et onVar i abl e. 0) . Al t er nat i vel y, you can use t he numer i c
OI D; f or exampl e:

$ snmpget server. ora. compubl i c . 1. 3. 6. 1. 4. 1. 546. 14. 1. 0
Secur i t y can be a concer n when wr i t i ng your own ext ensi on
scr i pt s. On Uni x syst ems, i t ' s a good i dea t o cr eat e a separ at e
user and gr oup t o execut e your ext ensi ons, r at her t han al l owi ng
t he r oot user t o r un your scr i pt s.
11. 2. 2 Added Ext ensi bi l i t y f or Wi ndows NT
Whi l e t he ext ensi onGr oup i s suppor t ed on al l pl at f or ms, t he
Wi ndows NT ver si on of Syst emEDGE al l ows you t o ext end
Syst emEDGE wi t h obj ect s t aken f r omt he r egi st r y and per f or mance
r egi st r y. You can gai n access t o conf i gur at i on dat a and
per f or mance dat a, whi ch ar e nor mal l y vi ewed usi ng r egedi t and
per f mon. The Wi ndows NT ext ensi on gr oup i s def i ned as
i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. empi r e. nt . nt RegPer f
( 1. 3. 6. 1. 4. 1. 546. 5. 7 ) . As wi t h t he Uni x ext ensi ons, t he NT
ext ensi ons ar e def i ned i n t he sysedge.cf f i l e.
To conf i gur e a r egi st r y ext ensi on, add a l i ne wi t h t he
f ol l owi ng synt ax t o sysedge.cf:
ntregperf Leaf Number Type Regi stry ' Key' ' Val ue'
The keywor d ntregperf def i nes t hi s as an NT r egi st r y or
per f or mance ext ensi on obj ect . Leaf Number and Type ar e t he same
as f or Uni x ext ensi ons. The keywor d Regi stry i dent i f i es t hi s
ent r y as a r egi st r y ext ensi on. Regi st r y ext ensi ons ar e r ead-
onl y. Key i s a quot ed st r i ng t hat speci f i es t he r egi st r y key t o
be accessed. Val ue i s t he val ue you want t o r ead f r omt he key.
Her e i s an exampl e:
ntregperf 1 OctetStri ng Regi stry
' SYSTEMCurrentControl SetControl CrashControl ' ' DumpFi l e'
Thi s cr eat es a r egi st r y ext ensi on obj ect t hat r et ur ns t he pat h
t o t he cr ash- cont r ol dump f i l e. The OI D i s
1. 3. 6. 1. 4. 1. 546. 5. 7. 1. 0
( i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. empi r e. nt . nt RegPer f . 1
. 0) .
To conf i gur e a per f or mance ext ensi on, use t he f ol l owi ng synt ax:
ntregperf Leaf Number Type Perf ormance ' Obj ect' ' Counter' ' Perf I nstance'
Her e agai n, ntregperf i s t he keywor d t hat i ndi cat es t hi s i s an NT
r egi st r y/ per f or mance ext ensi on obj ect . Leaf Number and Type
shoul d be f ami l i ar t o you. The keywor d Perf ormance i ndi cat es t hat
we' r e r eadi ng a val ue f r omt he per f or mance r egi st r y;
per f or mance ext ensi ons ar e r eadonl y. Obj ect speci f i es t he
per f or mance obj ect t o be accessed. Count er speci f i es t he
obj ect ' s per f or mance count er val ue t o be accessed. Fi nal l y,
Per f I nst ance speci f i es t he per f or mance count er i nst ance t o be
accessed. Thi s shoul d be i dent i cal t o what ' s l i st ed wi t h
per f mon. Her e' s a t ypi cal per f or mance ext ensi on:
ntregperf 2 Counter Perf ormance ' TCP' ' Segments Sent/ sec' ' 1'

You can use t hi s ext ensi on t o wat ch t he t ot al number of TCP
segment s t r ansmi t t ed by t he syst em. I t s OI D i s
1. 3. 6. 1. 4. 1. 546. 5. 7. 2. 0
( i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. empi r e. nt . nt RegPer f . 2
. 0) . Keep i n mi nd t hat you shoul d cr eat e a MI B ent r y ( i n a MI B
f i l e) f or any NT ext ensi ons you cr eat e, si mi l ar t o t he ent r y we
def i ned above f or skel et onVar i abl e.
The exampl es i n t hi s sect i on shoul d be enough t o get you up and
r unni ng wi t h an ext ended Syst emEDGE agent . Be sur e t o r ead t he
Syst emEDGE manual f or a compl et e t r eat ment of t hi s t opi c.
11. 3 OpenVi ew' s Ext ensi bl e Agent
Bef or e you st ar t pl ayi ng ar ound wi t h OpenVi ew' s ext ensi bl e
agent , make sur e t hat you have i t s mast er agent ( snmpdm)
conf i gur ed and r unni ng pr oper l y. You must al so obt ai n an
ent er pr i se number , because ext endi ng t he OpenVi ew agent
r equi r es wr i t i ng your own MI B def i ni t i ons, and t he obj ect s you
def i ne must be par t of t he ent er pr i ses subt r ee.
[ 6]
Chapt er 2
descr i bes how t o obt ai n an ent er pr i se number .
[6]
Do not use my enterpri se number. Obtai ni ng your own pri vate
enterpri se number i s easy and f ree. Usi ng my number wi l l onl y
conf use you and others l ater i n the game.
MI Bs ar e wr i t t en usi ng t he SMI , of whi ch t her e ar e t wo
ver si ons: SMI v1, def i ned i n RFCs 1155 and 1212; and SMI v2,
def i ned i n RFCs 2578, 2579, and 2580. RFC 1155 not es t hat
" ASN. 1 const r uct s ar e used t o def i ne t he st r uct ur e, al t hough
t he f ul l gener al i t y of ASN. 1 i s not per mi t t ed. " Whi l e
OpenVi ew' s ext ensi bl e agent f i l e snmpd.extend uses ASN. 1 t o
def i ne obj ect s, i t r equi r es some addi t i onal ent r i es t o cr eat e a
usabl e obj ect . snmpd.extend al so does not suppor t some of t he
SNMPv2 SMI const r uct s. I n t hi s chapt er , we wi l l di scuss onl y
t hose const r uct s t hat ar e suppor t ed.
By def aul t , t he conf i gur at i on f i l e f or t he ext ensi bl e agent i n
t he Uni x ver si on of OpenVi ew i s /etc/SnmpAgent.d/snmp.extend.
To j ump r i ght i n, copy t he sampl e f i l e t o t hi s l ocat i on and
t hen r est ar t t he agent :
$ cp / opt / OV/ prg_sampl es/ eagent / snmpd. ext end / et c/ SnmpAgent . d/
$ / et c/ rc2. d/ S98SnmpExt Agt st op
$ / et c/ rc2. d/ S98SnmpExt Agt st art
You shoul d see no er r or s and get an exi t code of 0 ( zer o) . I f
er r or s occur , check t he snmpd.log f i l e.
[ 7]
I f t he agent st ar t s
successf ul l y, t r y wal ki ng one of t he obj ect s moni t or ed by t he
ext ensi bl e agent . The f ol l owi ng command checks t he st at us of
t he mai l queue:
[7]
On Sol ari s and HP- UX machi nes thi s f i l e i s l ocated i n
/ var/ adm/ snmpd. l og.

$ snmpwal k sunserver1 . 1. 3. 6. 1. 4. 1. 4242. 2. 2. 0
4242. 2. 2. 0 : OCTET STRI NG- (asci i ): Mai l queue i s empty
We' r e of f t o a good st ar t . We have successf ul l y st ar t ed and
pol l ed t he ext ensi bl e agent .
The key t o OpenVi ew' s snmpd.extend f i l e i s t he DESCRI PTI ON. I f
t hi s seems a l i t t l e wei r d, i t i s! Execut i ng commands f r om
wi t hi n t he DESCRI PTI ON sect i on i s pecul i ar t o t hi s agent , not par t
of t he SNMP desi gn. The DESCRI PTI ON t el l s t he agent wher e t o l ook
t o r ead, wr i t e, and r un f i l es. You can put a whol e sl ew of
par amet er s wi t hi n t he DESCRI PTI ON, but we' l l t ackl e onl y a f ew of
t he mor e common ones. Her e' s t he synt ax f or t he snmpd.extend
f i l e:
your- l abel - here DEFI NI TI ONS : : =BEGI N

- - i nsert your comments here

enterpri se- name OBJ ECT I DENTI FI ER : : ={ OI D- l abel (1) OI D- l abel {2) 3 }
subtree- name1 OBJ ECT I DENTI FI ER : : ={ OI D- l abel (3) 4 }
subtree- name2 OBJ ECT I DENTI FI ER : : ={ OI D- l abel (123) 56 }

data- I denti f i er
[8]
OBJ ECT- TYPE
SYNTAX I nteger | Counter | Gauge | Di spl ayStri ng
[9]

ACCESS readonl y | read- wri te
STATUS mandatory | opti onal | obsol ete | deprecated
[10]

DESCRI PTI ON
"
Enter Your Descri pti on Here
READ- COMMAND: / your/ command/ here passed1 passed2
READ- COMMAND- TI MEOUT: ti meout_i n_seconds (def aul ts to 3)
FI LE- COMMAND: / your/ f i l e- command/ here passed1 passed2
FI LE- COMMAND- FREQUENCY: f requency_i n_seconds (def aul ts to 10)
FI LE- NAME: / your/ f i l ename/ here
"
: : ={ parent- subtree- name subi denti f i er }

END
[8]
Thi s i s someti mes cal l ed a l eaf node, node, obj ect, or MI B.
[9]
These are j ust to name a f ewsupported datatypes.
[10]
For nowwe wi l l al ways use mandatory as our STATUS.
We can gl ean some st yl e gui del i nes f r omRFC 2578. Whi l e t her e
ar e many gui del i nes, some mor e usef ul t han ot her s, one t hi ng
st ands out : case does mat t er . Much of ASN. 1 i s case sensi t i ve.
Al l ASN. 1 keywor ds and macr os shoul d be i n upper case: OBJ ECT- TYPE,
SYNTAX, DESCRI PTI ON, et c. Your dat a- I dent i f i er s ( i . e. , obj ect names)
shoul d st ar t i n l ower case and cont ai n no spaces. I f you have
r ead any of t he RFC MI Bs or done any pol l i ng, you shoul d have
not i ced t hat al l t he obj ect names obey t hi s convent i on. Tr y t o
use descr i pt i ve names and keep your names wel l under t he 64-
char act er l i mi t ; RFC 2578 st at es t hat anyt hi ng over 32

char act er s i s not r ecommended. I f you def i ne an obj ect under an
exi st i ng subt r ee, you shoul d use t hi s subt r ee- name, or par ent -
name, bef or e each new obj ect - name you cr eat e. The i p subt r ee i n
mi b- 2 ( RFC 1213) pr ovi des an exampl e of good pr act i ce:

i pForwardi ng OBJ ECT- TYPE
. . .
: : ={ i p 1 }

i pDef aul tTTL OBJ ECT- TYPE
. . .
: : ={ i p 2 }
Thi s f i l e st ar t s by def i ni ng t he i p subt r ee. The names of
obj ect s wi t hi n t hat subt r ee st ar t wi t h i p and use i p as t he
par ent - subt r ee- name. As usef ul as t hi s r ecommended pr act i ce i s,
t her e ar e t i mes when i t i sn' t appr opr i at e. For exampl e, t hi s
pr act i ce makes i t di f f i cul t t o move your obj ect s t o di f f er ent
par ent s whi l e you ar e bui l di ng a MI B f i l e.
Her e' s a wor ki ng snmpd.extend f i l e t hat cont ai ns t hr ee
def i ni t i ons: psZombi eNum, pr t Di agExi t C, and whosOnCal l . I have
pl aced al l t hese obj ect s wi t hi n my own pr i vat e ent er pr i se
( 2789, whi ch I have named maur o) . Fi gur e 11- 2 shows t hi s
por t i on of my pr i vat e subt r ee.
Fi gure 11- 2. mauro subt ree

You can now wal k t he t r ee and see what my new obj ect s l ook
l i ke; my t r ee st ar t s at t he OI D . 1. 3. 6. 1. 4. 1. 2789, whi ch i s
equi val ent t o . i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. maur o.
I can or gani ze my own subt r ee any way I want , so I ' ve spl i t i t
i nt o t wo br anches beneat h maur o: maur o. sysI nf o ( 2789. 3) wi l l
hol d i nf or mat i on about t he st at us of t he syst emi t sel f
( psZombi eNumand pr t Di agExi t C ) , and maur o. ot her ( 2789. 255 )
wi l l hol d addi t i onal i nf or mat i on ( whosOnCal l ) . I f you l ook
f ur t her down, you can see t he t hr ee l eaf nodes we def i ne i n
t hi s f i l e:
Sampl eExt DEFI NI TI ONS : : =BEGI N

- - comments appear here behi nd the dashes

i nternet OBJ ECT I DENTI FI ER : : ={ i so(1) org(3) dod(6) 1 }
enterpri ses OBJ ECT I DENTI FI ER : : ={ i nternet(1) pri vate(4) 1 }
mauro OBJ ECT I DENTI FI ER : : ={ enterpri ses(1) 2789 }

- - Nowthat we have def i ned mauro, l et' s def i ne some obj ects

sysI nf o OBJ ECT I DENTI FI ER : : ={ mauro 3 }
other OBJ ECT I DENTI FI ER : : ={ mauro 255 }

psZombi eNumOBJ ECT- TYPE
SYNTAX I NTEGER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"Search through ps and return the number of zombi es.
READ- COMMAND: VALUE=`ps - ef | grep - v grep | grep - c <def unct>`; echo $VALUE
"
: : ={ sysI nf o 0 }

prtDi agExi tC OBJ ECT- TYPE
SYNTAX I NTEGER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"On Sol ari s, prtdi ag shows us systemdi agnosti c i nf ormati on. The
manpage states that i f thi s command exi ts wi th a non- zero val ue,
we have a probl em. Thi s i s a great pol l i ng mechani smf or some
systems.
READ- COMMAND: / usr/ pl atf orm/ `uname - m`/ sbi n/ prtdi ag >/ dev/ nul l ; echo $?"
: : ={ sysI nf o 1 }

whosOnCal l OBJ ECT- TYPE
SYNTAX OctetStri ng
ACCESS read- wri te
STATUS mandatory
DESCRI PTI ON
"Thi s f i l e contai ns the name of the person who wi l l be on cal l
today. The hel pdesk uses thi s f i l e. Onl y the hel pdesk and
managers shoul d update thi s f i l e. I f you are si ck or unabl e to
be on cal l pl ease contact your manager and/ or the hel pdesk.

FI LE- NAME: / opt/ l ocal / oncal l / today. txt"
: : ={ other 0 }

END
The f i r st t wo obj ect s, psZombi eNumand pr t Di agExi t C, bot h use
t he READ- COMMAND i n t he DESCRI PTI ON. Thi s t el l s t he agent t o execut e
t he named command and send any out put t he command pr oduces t o
t he NMS. By def aul t , t he pr ogr ammust compl et e wi t hi n t hr ee
seconds and have an exi t val ue of 0 ( zer o) . You can i ncr ease
t he t i meout by addi ng a READ- COMMAND- TI MEOUT:
READ- COMMAND: / some/ f s/ somecommand. pl
READ- COMMAND- TI MEOUT: 10
Thi s t el l s t he agent t o wai t 10 seconds i nst ead of 3 f or a
r epl y bef or e ki l l i ng t he pr ocess and r et ur ni ng an er r or .
The l ast obj ect , whosOnCal l , uses a FI LE- NAME i n t he DESCRI PTI ON.
Thi s t el l s t he agent t o r et ur n t he f i r st l i ne of t he f i l e,
pr ogr am, scr i pt , et c. speci f i ed af t er FI LE- NAME. Lat er we wi l l
l ear n how t o mani pul at e t hi s f i l e.
Now t hat we' ve cr eat ed a MI B f i l e wi t h our new def i ni t i ons, we
need t o l oad t he new MI B i nt o OpenVi ew. Thi s st ep i sn' t
st r i ct l y necessar y, but i t ' s much mor e conveni ent t o wor k wi t h
t ext ual names t han t o deal wi t h numer i c I Ds. To do t hi s, use
xnmloadmib, di scussed i n Chapt er 6. Af t er we l oad t he MI B f i l e
cont ai ni ng our t hr ee new obj ect s, we shoul d see t hei r names i n
t he MI B br owser and be abl e t o pol l t hemby name.
Once you have copi ed t he MI B f i l e i nt o t he appr opr i at e
di r ect or y and f or ced t he ext ensi bl e agent , ext subagt , t o r er ead
i t s conf i gur at i on ( by usi ng kill -HUP) , t r y wal ki ng t he new
obj ect s usi ng OpenVi ew' s snmpwalk pr ogr am:
$ snmpwal k sunserver2 - c publ i c . 1. 3. 6. 1. 4. 1. 2789
mauro. sysI nf o. psZombi eNum. 0 : I NTEGER: 0
mauro. sysI nf o. prtDi agExi tC. 0 : I NTEGER: 2
Not i ce anyt hi ng st r ange about our r et ur n val ues? We di dn' t get
anyt hi ng f or whosOnCal l . Not hi ng was r et ur ned f or t hi s obj ect
because we haven' t cr eat ed t he oncall.txt f i l e whose cont ent s
we' r e t r yi ng t o r ead. We must f i r st cr eat e t hi s f i l e and i nser t
some dat a i nt o t he f i l e. Ther e ar e t wo ways of doi ng t hi s.
Obvi ousl y, you can cr eat e t he f i l e wi t h your f avor i t e t ext
edi t or . But t he cl ever way i s t o use snmpset:
$ snmpset - c pri vat e sunserver2
. 1. 3. 6. 1. 4. 1. 2789. 255. 0. 0 oct et st ri ng "davi d j ones"
mauro. Other. whosOnCal l . 0 : OCTET STRI NG- (asci i ): davi d j ones
Thi s command t el l s t he SNMP agent t o put davi d j ones i n t he f i l e
/opt/local/oncall/today.txt. The f i l ename i s def i ned by t he
FI LE- NAME: / opt/ l ocal / oncal l / today. txt command t hat we wr ot e i n t he
ext ended MI B. The addi t i onal . 0 at t he end of t he OI D t el l s t he
agent we want t he f i r st ( and onl y) i nst ance of whosOnCal l . ( We
coul d have used

. i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. maur o. ot her . whosOnCal
l . 0 i nst ead of t he numer i c OI D. ) Fur t her mor e, t he snmpset
command speci f i es t he dat at ype octetstri ng, whi ch mat ches t he
OctetStri ng synt ax we def i ned i n t he MI B. Thi s dat at ype l et s us
i nser t st r i ng val ues i nt o t he f i l e. Fi nal l y, we' r e al l owed t o
set t he val ue of t hi s obj ect wi t h snmpset because we have read-
wri te access t o t he obj ect , as speci f i ed i n t he MI B.
I f you choose t o use an edi t or t o cr eat e t he f i l e, keep i n mi nd
t hat anyt hi ng af t er t he f i r st l i ne of t he f i l e i s i gnor ed. I f
you want t o r ead mul t i pl e l i nes you have t o use a t abl e; t abl es
ar e cover ed i n t he next sect i on.
Now l et ' s add anot her obj ect t o t he MI B f or our ext ended agent .
We' l l use a modi f i cat i on of t he exampl e OpenVi ew gi ves us.
We' l l cr eat e an obj ect named f mai l Li st Msgs ( 2) t hat summar i zes
t he messages i n t he mai l queue. Thi s obj ect wi l l l i ve i n a new
subt r ee, named f mai l ( 4) , under t he pr i vat e maur o subt r ee. So
t he name of our obj ect wi l l be maur o. f mai l . f mai l Li st Msgs or , i n
numer i c f or m, . 1. 3. 6. 1. 4. 1. 2789. 4. 2. Fi r st , we need t o def i ne
t he f mai l br anch under t he maur o subt r ee. To do t hi s, add t he
f ol l owi ng l i ne t o snmpd.extend:
f mai l OBJ ECT I DENTI FI ER : : ={ mauro 4 }
We pi cked 4 f or t he br anch number , but we coul d have chosen any
number t hat doesn' t conf l i ct wi t h our ot her br anches ( 3 and
255) . Af t er we def i ne f mai l we can i nser t t he def i ni t i on f or
f mai l Li st Msgs i nt o snmpd.extend, pl aci ng i t bef or e t he END
st at ement :
f mai l Li stMsgs OBJ ECT- TYPE
SYNTAX Di spl ayStri ng
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"Li st of messages on the mai l queue.
READ- COMMAND: / usr/ l i b/ sendmai l - bp
READ- COMMAND- TI MEOUT: 10"
: : ={ f mai l 2 }
When pol l ed, f mai l Li st Msgs r uns t he command sendmail -bp, whi ch
pr i nt s a summar y of t he mai l queue. When al l t hi s i s done, you
can use your management st at i on or a t ool such as snmpget t o
r ead t he val ue of maur o. f mai l . f mai l Li st Msgs and see t he st at us
of t he out goi ng mai l queue.
11. 3. 1 Tabl es
Tabl es al l ow t he agent t o r et ur n mul t i pl e l i nes of out put ( or
ot her set s of val ues) f r omt he commands i t execut es. At i t s
most el abor at e, a t abl e al l ows t he agent t o r et ur n somet hi ng
l i ke a spr eadsheet . We can r et r i eve t hi s spr eadsheet usi ng
snmpwal k - - a pr ocess t hat ' s si gni f i cant l y easi er t han i ssui ng
separ at e get oper at i ons t o r et r i eve t he dat a one val ue at a
t i me. One t abl e we' ve al r eady seen i s

. i so. or g. dod. i nt er net . mgmt . mi b- 2. i nt er f aces. i f Tabl e, whi ch i s
def i ned i n MI B- I I and cont ai ns i nf or mat i on about al l of a
devi ce' s i nt er f aces.
Ever y t abl e cont ai ns an integer index, whi ch i s a uni que key
t hat di st i ngui shes t he r ows i n t he t abl e. The i ndex st ar t s wi t h
1, f or t he f i r st r ow, and i ncr eases by one f or each f ol l owi ng
r ow. The i ndex i s used as an i nst ance i dent i f i er f or t he
col umns i n t he t abl e; gi ven any col umn, t he i ndex l et s you
sel ect t he dat a ( i . e. , t he r ow) you want . Let ' s l ook at a smal l
t abl e, r epr esent ed by t he t ext f i l e animal.db:
1 Tweety Bi rd Chi rp 2
2 Madi son Dog Bark 4
3 "Bi g Ben" Bear Grrr 5
Our goal i s t o make t hi s t abl e r eadabl e vi a SNMP, usi ng
OpenVi ew' s ext ensi bl e agent . Thi s f i l e i s al r eady i n t he f or mat
r equi r ed by t he agent . Each col umn i s del i mi t ed by whi t espace;
a newl i ne mar ks t he end of each r ow. Dat a t hat i ncl udes an
i nt er nal space i s sur r ounded by quot es. OpenVi ew doesn' t al l ow
col umn headi ngs i n t he t abl e, but we wi l l want t o t hi nk about
t he names of t he obj ect s i n each r ow. Logi cal l y, t he col umn
headi ngs ar e not hi ng mor e t han t he names of t he obj ect s we wi l l
r et r i eve f r omt he t abl e. I n ot her wor ds, each r ow of our t abl e
consi st s of f i ve obj ect s:
animalIndex
An index that specifies the row in the table. The first
row is 1, as you'd expect for SNMP tables. The SYNTAX for
this object is therefore I NTEGER.
animalName
The animal's name. This is a text string, so the SYNTAX of
this object will be Di spl ayStri ng.
animalSpecies
The animal's species (another text string, represented as
a Di spl ayStri ng).
animalNoise
The noise the animal makes (another Di spl ayStri ng).
animalDanger
An indication of how dangerous the animal is. This is
another I NTEGER, whose value can be from 1 to 6. This is
called an "enumerated integer"; we're allowed to assign
textual mnemonics to the integer values.
At t hi s poi nt , we have j ust about ever yt hi ng we need t o know t o
wr i t e t he MI B t hat al l ows us t o r ead t he t abl e. For exampl e, we
know t hat we want an obj ect named ani mal Noi se. 2 t o access t he
ani mal Noi se obj ect i n t he second r ow of t he t abl e; t hi s obj ect
has t he val ue Bark. I t ' s easy t o see how t hi s not at i on can be
used t o l ocat e any obj ect i n t he t abl e. Now l et ' s wr i t e t he MI B
def i ni t i on f or t he t abl e.

Tabl eExtExampl e DEFI NI TI ONS : : =BEGI N

i nternet OBJ ECT I DENTI FI ER : : ={ i so(1) org(3) dod(6) 1 }
enterpri ses OBJ ECT I DENTI FI ER : : ={ i nternet(1) pri vate(4) 1 }
mauro OBJ ECT I DENTI FI ER : : ={ enterpri ses(1) 2789 }
other OBJ ECT I DENTI FI ER : : ={ mauro 255 }

Ani mal Entry : : =
SEQUENCE {
ani mal I ndex I NTEGER,
ani mal Name Di spl ayStri ng,
ani mal Speci es Di spl ayStri ng,
ani mal Noi se Di spl ayStri ng,
ani mal Danger I NTEGER
}

ani mal Tabl e OBJ ECT- TYPE
SYNTAX SEQUENCE OF Ani mal Entry
STATUS mandatory
DESCRI PTI ON
"Thi s i s a tabl e of ani mal s that shows:
Name
Speci es
Noi se
Danger Level
FI LE- NAME: / opt/ l ocal / ani mal . db"
: : ={ other 247 }

ani mal Entry OBJ ECT- TYPE
SYNTAX Ani mal Entry
STATUS mandatory
DESCRI PTI ON
"Li st of ani mal Num"
I NDEX { ani mal I ndex }
: : ={ ani mal Tabl e 1 }

ani mal I ndex OBJ ECT- TYPE
SYNTAX I NTEGER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The uni que i ndex number we wi l l use f or each row"
: : ={ ani mal Ent ry 1 }

ani mal Name OBJ ECT- TYPE
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"My pet name f or each ani mal "

ani mal Speci es OBJ ECT- TYPE
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The ani mal ' s speci es"

ani mal Noi se OBJ ECT- TYPE
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The noi se or sound the ani mal makes"

ani mal Danger OBJ ECT- TYPE
SYNTAX I NTEGER {
no- Danger(1),
can- Harm(2),
some- Damage(3),
wi l l - Wound(4),
severe- Pai n(5),
wi l l - Ki l l (6)
}
ACCESS read- wri t e
STATUS mandatory
DESCRI PTI ON
"The l evel of danger that we may f ace wi th the parti cul ar ani mal "

END
The t abl e st ar t s wi t h a def i ni t i on of t he ani mal Tabl e obj ect ,
whi ch gi ves us our DESCRI PTI ON and t el l s t he agent wher e t he
animal.db f i l e i s l ocat ed. The SYNTAX i s SEQUENCE OF Ani mal Entry.
Ani mal Ent r y ( wat ch t he case) gi ves us a qui ck vi ew of al l our
col umns. You can l eave Ani mal Ent r y out , but we r ecommend t hat
you i ncl ude i t si nce i t document s t he st r uct ur e of t he t abl e.
The t abl e i s act ual l y bui l t f r omani mal Ent r y el ement s - -
because obj ect names ar e case sensi t i ve, t hi s obj ect i s
di f f er ent f r omAni mal Ent r y. ani mal Ent r y t el l s us what obj ect we
shoul d use f or our i ndex or key; t he obj ect used as t he key i s
i n br acket s af t er t he I NDEX keywor d.
The def i ni t i ons of t he r emai ni ng obj ect s ar e si mi l ar t o t he
def i ni t i ons we' ve al r eady seen. The par ent - subt r ee f or al l of
t hese obj ect s i s ani mal Ent r y, whi ch ef f ect i vel y bui l ds a t abl e
r ow f r omeach of t hese obj ect s. The onl y obj ect t hat ' s
par t i cul ar l y i nt er est i ng i s ani mal Danger , whi ch uses an
ext ensi on of t he I NTEGER dat at ype. As we not ed bef or e, t hi s
obj ect i s an enumer at ed i nt eger , whi ch al l ows us t o associ at e
t ext ual l abel s wi t h i nt eger val ues. The val ues you can use i n
an enumer at ed t ype shoul d be a ser i es of consecut i ve i nt eger s,

st ar t i ng wi t h 1.
[ 11]
For exampl e, t he ani mal Danger obj ect
def i nes si x val ues, r angi ng f r om1 t o 6, wi t h st r i ngs l i ke no-
danger associ at ed wi t h t he val ues.
[11]
Some SNMPv1 SMI - compl i ant MI B compi l ers wi l l not al l owan
enumerated type of 0 (zero).
You can save t hi s t abl e def i ni t i on i n a f i l e and use t he
xnmloadmib command t o l oad i t i nt o OpenVi ew. Once you' ve done
t hat and cr eat ed t he animal.db f i l e wi t h a t ext edi t or , you can
wal k t he t abl e:
$ snmpwal k sunserver1 . 1. 3. 6. 1. 4. 1. mauro. ot her. ani mal Tabl e
ani mal Entry. ani mal I ndex. 1 : I NTEGER: 1
ani mal Entry. ani mal Name. 1 : DI SPLAY STRI NG- (asci i ): Tweety
ani mal Entry. ani mal Name. 2 : DI SPLAY STRI NG- (asci i ): Madi son
ani mal Entry. ani mal Name. 3 : DI SPLAY STRI NG- (asci i ): Bi g Ben
ani mal Entry. ani mal Speci es. 1 : DI SPLAY STRI NG- (asci i ): Bi rd
ani mal Entry. ani mal Speci es. 2 : DI SPLAY STRI NG- (asci i ): Dog
ani mal Entry. ani mal Speci es. 3 : DI SPLAY STRI NG- (asci i ): Bear
ani mal Entry. ani mal Noi se. 1 : DI SPLAY STRI NG- (asci i ): Chi rp
ani mal Entry. ani mal Noi se. 2 : DI SPLAY STRI NG- (asci i ): Bark
ani mal Entry. ani mal Noi se. 3 : DI SPLAY STRI NG- (asci i ): Grrr
ani mal Entry. ani mal Danger. 1 : I NTEGER: can- Harm
ani mal Entry. ani mal Danger. 2 : I NTEGER: wi l l - Wound
ani mal Entry. ani mal Danger. 3 : I NTEGER: severe- Pai n
snmpwalk goes t hr ough t he t abl e a col umn at a t i me, r epor t i ng
al l t he dat a i n a col umn bef or e pr oceedi ng t o t he next . Thi s i s
conf usi ng - - i t woul d be easi er i f snmpwalk r ead t he t abl e a
r ow at a t i me. As i t i s, you have t o hop f r oml i ne t o l i ne when
you ar e t r yi ng t o r ead a r ow; f or exampl e, t o f i nd out
ever yt hi ng about Tweet y, you need t o l ook at ever y t hi r d l i ne
( al l t he . 1 i t ems) i n t he out put .
Two mor e t hi ngs ar e wor t h not i ci ng i n t he snmpwalk out put . The
f i r st set of val ues t hat snmpwalk r epor t s ar e t he i ndex val ues
( ani mal I ndex) . I t t hen appends each i ndex val ue t o each OI D t o
per f or mt he r est of t he wal k. Second, t he ani mal Danger out put
r epor t s st r i ngs, such as can- Harm, r at her t han i nt eger s. The
conver si on f r omi nt eger s t o st r i ngs t akes pl ace because we
def i ned t he ani mal Danger obj ect as an enumer at ed i nt eger , whi ch
associ at es a set of possi bl e val ues wi t h st r i ngs.
Of cour se, j ust r eadi ng a t abl e doesn' t do a whol e l ot of good.
Let ' s say t hat we need t o updat e t hi s f i l e per i odi cal l y t o
r ef l ect changes i n t he ani mal s' behavi or . The ani mal Danger
obj ect has an ACCESS of read- wri te, whi ch al l ows us t o set i t s
val ue and updat e t he dat abase f i l e usi ng our SNMP t ool s.
I magi ne t hat t he dog i n r ow 2 t ur ns ver y mean. We need t o t ur n
i t s danger l evel t o 5 ( severe- Pai n) . We coul d edi t t he f i l e by
hand, but i t ' s easi er t o i ssue an snmpset:

$ snmpset - c pri vat e sunserver2
mauro. ot her. ani mal Tabl e. ani mal Ent ry. ani mal Danger. 2 i nt eger "5"
mauro. other. ani mal Tabl e. ani mal Entry. ani mal Danger. 2 : I NTEGER: severe- Pai n
Now l et ' s go back and ver i f y t hat t he var i abl e has been
updat ed:
[ 12]

[12]
We coul d al ready deduce that the set was successf ul when
snmpset di dn' t gi ve us an error. Thi s exampl e does, however,
showhowyou can snmpget a si ngl e i nstance wi thi n a tabl e.
$ snmpget sunserver2
mauro. ot her. ani mal Tabl e. ani mal Ent ry. ani mal Danger. 2
mauro. other. ani mal Tabl e. ani mal Entry. ani mal Danger. 2 : I NTEGER: severe- Pai n
Once t he snmpset i s compl et e, check t he f i l e t o see how i t has
changed. I n addi t i on t o changi ng t he dog' s danger l evel , i t has
encl osed al l st r i ngs wi t hi n quot es:
1 "Tweety" "Bi rd" "Chi rp" 2
2 "Madi son" "Dog" "Bark" 5
3 "Bi g Ben" "Bear" "Grrr" 5
Ther e ar e even mor e possi bi l i t i es f or keepi ng t he f i l e up- t o-
dat e. For exampl e, you coul d use a syst empr ogr amor
appl i cat i on t o edi t t hi s f i l e. A cron j ob coul d ki ck of f ever y
hour or so and updat e t he f i l e. Thi s st r at egy woul d l et you
gener at e t he f i l e usi ng a SQL quer y t o a dat abase such as
Or acl e. You coul d t hen put t he quer y' s r esul t s i n a f i l e and
pol l t he f i l e wi t h SNMP t o r ead t he r esul t s. One pr obl emwi t h
t hi s st r at egy i s t hat you must ensur e t hat your appl i cat i on and
SNMP pol l i ng per i ods ar e i n sync. Make sur e you pol l t he f i l e
af t er Or acl e has updat ed i t , or you wi l l be vi ewi ng ol d dat a.
An ef f ect i ve way t o ensur e t hat t he f i l e i s up- t o- dat e when you
r ead i t i s t o use FI LE- COMMAND wi t hi n t he t abl e' s def i ni t i on. Thi s
t el l s t he agent t o r un a pr ogr amt hat updat es t he t abl e bef or e
r et ur ni ng any val ues. Let ' s assume t hat we' ve wr i t t en a scr i pt
named get_animal_status.pl t hat det er mi nes t he st at us of t he
ani mal s and updat es t he dat abase accor di ngl y. Her e' s how we' d
i nt egr at e t hat scr i pt i nt o our t abl e def i ni t i on:
ani mal Tabl e OBJ ECT- TYPE
SYNTAX SEQUENCE OF Ani mal Entry
STATUS mandatory
DESCRI PTI ON
"Thi s i s a tabl e of ani mal s that shows:
Name
Speci es
Noi se
Danger Level
FI LE- COMMAND: / opt/ l ocal / get_ani mal _status. pl
: : ={ other 247 }
The command must f i ni sh wi t hi n 10 seconds or t he agent wi l l
ki l l t he pr ocess and r et ur n t he ol d val ues f r omt he t abl e. By

def aul t , t he agent r uns t he pr ogr amspeci f i ed by FI LE- COMMAND onl y
i f i t has not got t en a r equest i n t he l ast 10 seconds. For
exampl e, l et ' s say you i ssue t wo snmpget commands, t wo seconds
apar t . For t he f i r st snmpget, t he agent r uns t he pr ogr amand
r et ur ns t he dat a f r omt he t abl e wi t h any changes. The second
t i me, t he agent won' t r un t he pr ogr amt o updat e t he dat a - - i t
wi l l r et ur n t he ol d dat a, assumi ng t hat not hi ng has changed.
Thi s i s ef f ect i vel y a f or mof cachi ng. You can i ncr ease t he
amount of t i me t he agent keeps i t s cache by speci f yi ng a val ue,
i n seconds, af t er FI LE- COMMAND- FREQUENCY. For exampl e, i f you want t o
updat e t he f i l e onl y ever y 20 mi nut es ( at most ) , i ncl ude t he
f ol l owi ng commands i n your t abl e def i ni t i on:
FI LE- COMMAND: / opt/ l ocal / get_ani mal _status. pl
FI LE- COMMAND- FREQUENCY: 1200
Thi s chapt er has gi ven you a br i ef i nt r oduct i on t o t hr ee of t he
mor e popul ar ext ensi bl e SNMP agent s on t he mar ket . Whi l e a
t hor ough t r eat ment of ever y conf i gur abl e opt i on f or each agent
i s beyond t he scope of t hi s chapt er , i t shoul d hel p you t o
under st and how t o use ext ensi bl e agent s. Wi t h an ext ensi bl e
agent , t he possi bi l i t i es ar e al most endl ess.

Chapter 12. Adapti ng SNMP to Fi t Your Envi ronment
SNMP can make your l i f e as a syst emadmi ni st r at or a l ot easi er
by per f or mi ng many of t he t asks t hat you' d ei t her have t o do by
hand or aut omat e by wr i t i ng some cl ever scr i pt . I t ' s r el at i vel y
easy t o t ake car e of most ever yday syst emmoni t or i ng: SNMP can
pol l f or di sk- space ut i l i zat i on, not i f y you when mi r r or s ar e
synci ng, or r ecor d who i s l oggi ng i n or out of t he syst em. The
SNMP scr i pt s i n t hi s chapt er r epr esent j ust a f ew of t he t hi ngs
SNMP al l ows you t o do; use t hemas a l aunchi ng pad f or your own
i deas.
12. 1 General Trap- Generat i on Program
Chapt er 10 cont ai ned some scr i pt s f or col l ect i ng SNMP
i nf or mat i on usi ng Per l , OpenVi ew' s snmptrap pr ogr am, and some
ot her t ool s. Her e' s how we used snmptrap t o gener at e a t r ap
gi vi ng us i nf or mat i on about some pr obl ems wi t h t he dat abase:
$ / opt / OV/ bi n/ snmpt rap - c publ i c nms . 1. 3. 6. 1. 4. 1. 2789. 2500 "" 6 3003 ""
. 1. 3. 6. 1. 4. 1. 2500. 3003. 1 oct et st ri ngasci i "Oracl e"
. 1. 3. 6. 1. 4. 1. 2500. 3003. 2 oct et st ri ngasci i "Backup Not Runni ng"
. 1. 3. 6. 1. 4. 1. 2500. 3003. 3 oct et st ri ngasci i "Cal l t he DBA Nowf or Hel p"
The way you send a t r ap i n Per l i s a l i t t l e mor e i nvol ved, but
i t ' s st i l l easy t o use:
#Fi l ename: / opt/ l ocal / perl _scri pts/ snmptrap. pl

use SNMP_uti l "0. 54"; #Thi s wi l l l oad the BER and SNMP_Sessi on

snmptrap("publ i c@nms: 162", ". 1. 3. 6. 1. 4. 1. 2789", "sunserver1",
6, 1247, ". 1. 3. 6. 1. 4. 1. 2789. 1247. 1", "i nt", "2448816");
I n t hi s chapt er , we won' t l ook so much at how t o wr i t e commands
l i ke t hese, but at how t o use t hemi n cl ever ways. We mi ght
want t o i ncl ude commands l i ke t hese i n st ar t up scr i pt s, or
i nvoke t hemvi a hooks i nt o ot her pr ogr ams. We' l l st ar t by
wr i t i ng some code t hat r ecor ds successf ul l ogi ns.
12. 2 Who' s Loggi ng i nt o My Machi ne? ( I - Am- i n)
When Uni x user s l og i n, t he syst emaut omat i cal l y execut es a
pr of i l e; f or user s of t he Bour ne, Kor n, or bash shel l s, t he
syst emwi de pr of i l e i s named /etc/profile. Ther e' s a si mi l ar
f i l e f or user s of csh and t csh ( /etc/login) . We can use SNMP t o
r ecor d l ogi ns by addi ng a t r ap t o t hese pr of i l es. By i t sel f
t hi s i sn' t al l t hat i nt er est i ng, because Uni x al r eady keeps a
l og of user l ogi ns. But l et ' s say t hat you' r e moni t or i ng a f ew
dozen machi nes and don' t want t o check each machi ne' s l og.
Addi ng a t r ap t o t he syst emwi de pr of i l e l et s you moni t or l ogi ns
t o al l your syst ems f r omone pl ace. I t al so makes your l oggi ng
mor e secur e. I t ' s not t oo di f f i cul t f or an i nt el l i gent user t o
del et e t he wtmp f i l e t hat st or es Uni x l ogi n r ecor ds. Usi ng SNMP
t o do t he l oggi ng st or es t he i nf or mat i on on anot her host , over
whi ch you shoul d have bet t er cont r ol .
[ 1]

[1]
Yes, a cl ever user coul d i ntercept and modi f y SNMP packets,
or rewri te the shel l prof i l e, or do any number of thi ngs to
def eat l oggi ng. We' re not real l y i nterested i n maki ng i t
i mpossi bl e to def eat l oggi ng; we j ust want to make i t more
di f f i cul t.
To gener at e t he t r ap, i nvoke t he ext er nal pr ogr am
/opt/local/mib_ programs/os/iamin i n /etc/profile ( you can cal l
t he same pr ogr amwi t hi n /etc/login) . Her e i s t he code f or
iamin:
#
#Fi l ename: / opt/ l ocal / mi b_programs/ os/ i ami n

chomp ($WHO=`/ bi n/ who ami | awk {' pri nt $1' }`);

exi t 123 unl ess ($WHOne ' ' );

chomp ($WHOAMI =`/ usr/ ucb/ whoami `);
chomp ($TTY =`/ bi n/ tty`);
chomp ($FROM=`/ bi n/ l ast - 1 $WHO| / bi n/ awk {' pri nt $3' }`);

i f ($FROM=~/ Sun| Mon| Tue| Wed| Thu| Fri | Sat/ ) { $FROM="N/ A"; }

#DEBUG BELOW
#pri nt "WHO: $WHO: n"; pri nt "WHOAMI : $WHOAMI : n"; pri nt "FROM: $FROM: n";

i f ("$WHOAMI " ne "$WHO") { $WHO="$WHO- >$WHOAMI "; }

#Sendi ng a trap usi ng Net- SNMP
#
system"/ usr/ l ocal / bi n/ snmptrap nms publ i c . 1. 3. 6. 1. 4. 1. 2789. 2500 ' ' 6 1502 ' '
. 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 1 s "$WHO"
. 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 2 s "$FROM"
. 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 3 s "$TTY"";

#Sendi ng a trap usi ng Perl
#
#use SNMP_uti l "0. 54"; #Thi s wi l l l oad the BER and SNMP_Sessi on f or us
#snmptrap("publ i c@nms: 162", ". 1. 3. 6. 1. 4. 1. 2789. 2500", myl ocal hostname, 6, 1502,
#". 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 1", "stri ng", "$WHO",
#". 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 2", "stri ng", "$FROM",
#". 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 3", "stri ng", "$TTY");

#Sendi ng a trap usi ng OpenVi ew' s snmptrap
#
#system"/ opt/ OV/ bi n/ snmptrap - c publ i c nms . 1. 3. 6. 1. 4. 1. 2789. 2500 "" 6 1502 ""
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 1 octetstri ngasci i "$WHO"
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 2 octetstri ngasci i "$FROM"
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1502. 3 octetstri ngasci i "$TTY"";
#

#
pri nt "n##############n";
pri nt "# NOTI CE #- You have been l ogged: : $WHO: : $FROM: : $TTY: n"; #
pri nt "##############nn";
Thi s scr i pt i s a bi t meat i er t han expect ed because we need t o
weed out a number of bogus ent r i es. For i nst ance, many pr ogr ams
r un wi t hi n a shel l and hence i nvoke t he same shel l pr of i l es.
Ther ef or e, we have t o f i gur e out whet her t he pr of i l e i s bei ng
i nvoked by a human user ; i f not , we qui t .
[ 2]
The next st ep i s t o
f i gur e out mor e about t he user ' s i dent i t y; i . e. , wher e she i s
l oggi ng i n f r omand what her r eal i dent i t y i s - - we don' t want
t o be conf used by someone who uses su t o swi t ch t o anot her
i dent i t y. The t hi r d par t of t he pr ogr amsends t he t r ap wi t h al l
t he newl y f ound i nf or mat i on ( who t he user i s, t he host f r om
whi ch she i s l oggi ng i n, and what TTY she i s on) . We' ve
i ncl uded t r ap- gener at i on code usi ng t he Net - SNMP ut i l i t i es, t he
nat i ve Per l modul e, and OpenVi ew' s ut i l i t i es. Take your pi ck
and use t he ver si on wi t h whi ch you' r e most comf or t abl e. The
l ast por t i on of t hi s pr ogr amt el l s t he user t hat she has been
l ogged.
[2]
Thi s wi l l al so f ai l i f the user i s su' i ng to another user. I n
a wel l - desi gned envi ronment, users real l y shoul dn' t have to su
al l that of ten - - usi ng sudo or desi gni ng appropri ate groups
shoul d greatl y reduce the need to su.

Thi s scr i pt i sn' t wi t hout i t s pr obl ems. The user can al ways
br eak out of t he scr i pt bef or e i t i s done, bypassi ng l oggi ng.
You can count er t hi s at t empt by usi ng t r ap( 1) , whi ch r esponds
t o di f f er ent si gnal s. Thi s f or ces t he user t o compl et e t hi s
pr ogr am, not l et t i ng her st op i n mi dst r eam. Thi s st r at egy
cr eat es i t s own pr obl ems, si nce t he r oot user doesn' t have any
way t o bypass t he check. I n a sense, t hi s i s good: we want t o
be par t i cul ar l y car ef ul about r oot l ogi ns. But what happens i f
you' r e t r yi ng t o i nvest i gat e a net wor k f ai l ur e or DNS pr obl em?
I n t hi s case, t he scr i pt wi l l hang whi l e DNS t r i es t o l ook up
t he host f r omwhi ch you' r e l oggi ng i n. Thi s can be ver y
f r ust r at i ng. Bef or e i mpl ement i ng a scr i pt l i ke t hi s, l ook at
your envi r onment and deci de whi ch pr of i l es you shoul d l ock.
Any of t he packages f or r ecei vi ng t r aps can be used t o l i st en
f or t he t r aps gener at ed by t hi s pr ogr am.

12. 3 ThrowCore
Pr ogr ams f r equent l y l eave cor e dumps behi nd. A cor e f i l e
cont ai ns al l t he pr ocess i nf or mat i on per t i nent t o debuggi ng. I t
usual l y get s wr i t t en when a pr ogr amdi es abnor mal l y. Whi l e
t her e ar e ways t o l i mi t t he si ze of a dump or pr event cor e
dumps ent i r el y, t her e ar e st i l l t i mes when t hey' r e needed
t empor ar i l y. Ther ef or e, most Uni x syst ems have some sor t of
cron scr i pt t hat aut omat i cal l y sear ches f or cor e f i l es and
del et es t hem. Let ' s add some i nt el l i gence t o t hese scr i pt s t o
l et us t r ack what f i l es ar e f ound, t hei r si zes, and t he names
of t he pr ocesses t hat cr eat ed t hem.
The f ol l owi ng Per l pr ogr ami s di vi ded i nt o f our par t s: i t
sear ches f or a f i l e wi t h a gi ven name ( def aul t s t o t he name
core) , get s t he f i l e' s st at i st i cs, del et es t he f i l e,
[ 3]
and t hen
sends a t r ap. Most of t he pr ocessi ng i s per f or med nat i vel y by
Per l , but we use t he command ls -l $FILENAME t o i ncl ude t he
per t i nent cor e f i l e i nf or mat i on wi t hi n t he SNMP t r ap. Thi s
command al l ows our oper at or s t o see i nf or mat i on about t he f i l e
i n a f or mat t hat ' s easy t o r ecogni ze. We al so use t he file
command, whi ch det er mi nes a f i l e' s t ype and i t s cr eat or . Unl ess
you know who cr eat ed t he f i l e, you won' t have t he chance t o f i x
t he r eal pr obl em.
[3]
Bef ore you start del eti ng core f i l es, you shoul d f i gure out
who or what i s droppi ng themand see i f the owner wants these
f i l es. I n some cases thi s core f i l e may be thei r onl y means of
debuggi ng.

#Fi nds and del etes core f i l es. I t sends traps upon compl eti on and
#errors. Arguments are:
#- path di rectory : search di rectory (and subdi rectori es); def aul t /

#- l ookf or f i l ename : f i l ename to search f or; def aul t core
#- debug val ue : debug l evel

whi l e ($ARGV[0] =~/ ^- / )
{
i f ($ARGV[0] eq "- path") { shi f t; $PATH =$ARGV[0]; }
el si f ($ARGV[0] eq "- l ookf or") { shi f t; $LOOKFOR =$ARGV[0]; }
el si f ($ARGV[0] eq "- debug") { shi f t; $DEBUG =$ARGV[0]; }
shi f t;
}

#################################################################
########################## Begi n Mai n #########################
#################################################################

requi re "f i nd. pl "; #Thi s gi ves us the f i nd f uncti on.

$LOOKFOR ="core" unl ess ($LOOKFOR); #I f we don' t have somethi ng
#i n $LOOKFOR, def aul t to core

$PATH ="/ " unl ess ($PATH); #Let' s use / i f we don' t get
#one on the command l i ne

(- d $PATH) | | di e "$PATH i s NOT a val i d di r!"; #We can search
#onl y val i d
#di rectori es

&f i nd("$PATH");

#################################################################
###################### Begi n SubRouti nes ######################
#################################################################

sub wanted
{
i f (/ ^$LOOKFOR$/ )
{
i f (!(- d $name)) #Ski p the di rectori es named core
{
&get_stats;
&can_f i l e;
&send_trap;
}
}
}

sub can_f i l e
{
pri nt "Del eti ng : $_: : $name: n" unl ess (!($DEBUG));
$RES =unl i nk "$name";
i f ($RES !=1) { $ERROR =1; }
}

sub get_stats
{
chop ($STATS =`l s - l $name`);
chop ($FI LE_STATS =`/ bi n/ f i l e $name`);

$STATS =~s/ s+/ / g;
$FI LE_STATS =~s/ s+/ / g;
}

sub send_trap
{
i f ($ERROR ==0) { $SPEC =1535; }
el se { $SPEC =1536; }
pri nt "STATS: $STATSn" unl ess (!($DEBUG));
pri nt "FI LE_STATS: $FI LE_STATSn" unl ess (!($DEBUG));

#
#system"/ usr/ l ocal / bi n/ snmptrap nms publ i c . 1. 3. 6. 1. 4. 1. 2789. 2500 ' ' 6 $SPEC ' '
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 1 s "$name"
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 2 s "$STATS"
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 3 s "$FI LE_STATS"";

#
use SNMP_uti l "0. 54"; #Thi s wi l l l oad the BER and SNMP_Sessi on f or us
snmptrap("publ i c@nms: 162", ". 1. 3. 6. 1. 4. 1. 2789. 2500", myl ocal hostname, 6, $SPEC,
". 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 1", "stri ng", "$name",
". 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 2", "stri ng", "$STATS",
". 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 3", "stri ng", "$FI LE_STATS");

#Sendi ng a trap usi ng OpenVi ew' s snmptrap
#
#system"/ opt/ OV/ bi n/ snmptrap - c publ i c nms
#. 1. 3. 6. 1. 4. 1. 2789. 2500 "" 6 $SPEC ""
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 1 octetstri ngasci i "$name"
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 2 octetstri ngasci i "$STATS"
#. 1. 3. 6. 1. 4. 1. 2789. 2500. 1535. 3 octetstri ngasci i "$FI LE_STATS"";
}
The l ogi c i s si mpl e, t hough i t ' s somewhat har d t o see si nce
most of i t happens i mpl i ci t l y. The key i s t he cal l t o f i nd( ),
whi ch set s up l ot s of t hi ngs. I t descends i nt o ever y di r ect or y
under neat h t he di r ect or y speci f i ed by $PATH and aut omat i cal l y
set s $_ ( so t he i f st at ement at t he begi nni ng of t he wanted()
subr out i ne wor ks) . Fur t her mor e, i t def i nes t he var i abl e name t o
be t he f ul l pat hname t o t he cur r ent f i l e; t hi s al l ows us t o
t est whet her or not t he cur r ent f i l e i s r eal l y a di r ect or y,
whi ch we woul dn' t want t o del et e.
Ther ef or e, we l oop t hr ough al l t he f i l es, l ooki ng f or f i l es
wi t h t he name speci f i ed on t he comand l i ne ( or named core, i f
no -lookfor opt i on i s speci f i ed) . When we f i nd one we st or e i t s
st at i st i cs, del et e t he f i l e, and send a t r ap t o t he NMS
r epor t i ng t he f i l e' s name and ot her i nf or mat i on. We use t he

var i abl e SPEC t o st or e t he speci f i c t r ap I D. We use t wo speci f i c
I Ds: 1535 i f t he f i l e was del et ed successf ul l y and 1536 i f we
t r i ed t o del et e t he f i l e but coul dn' t . Agai n, we wr ot e t he t r ap
code t o use ei t her nat i ve Per l , Net - SNMP, or OpenVi ew.
Uncomment t he ver si on of your choi ce. We pack t he t r ap wi t h
t hr ee var i abl e bi ndi ngs, whi ch cont ai n t he name of t he f i l e,
t he r esul t s of ls -l on t he f i l e, and t he r esul t s of r unni ng
/bin/file. Toget her , t hese gi ve us a f ai r amount of i nf or mat i on
about t he f i l e we del et ed. Not e t hat we had t o def i ne obj ect
I Ds f or al l t hr ee of t hese var i abl es; f ur t her mor e, al t hough we
pl aced t hese obj ect I Ds under 1535, not hi ng pr event s us f r om
usi ng t he same obj ect s when we send speci f i c t r ap 1536.
Now we have a pr ogr amt o del et e cor e f i l es and send t r aps
t el l i ng us about what was del et ed; t he next st ep i s t o t el l our
t r ap r ecei ver what t o do wi t h t hese i ncomi ng t r aps. Let ' s
assume t hat we' r e usi ng OpenVi ew. To i nf or mi t about t hese
t r aps, we have t o add t wo ent r i es t o trapd.conf, mappi ng t hese
t r aps t o event s. Her e t hey ar e:
EVENT f oundNDel Core . 1. 3. 6. 1. 4. 1. 2789. 2500. 0. 1535 "Status Al arms" Warni ng
FORMAT Core Fi l e Found : $1: Fi l e Has Been Del eted - LS : $2: FI LE : $3:
SDESC
Thi s event i s cal l ed when a server usi ng cronj ob l ooks f or core
f i l es and del etes them.

$1 - octetstri ngasci i - Name of f i l e
$2 - octetstri ngasci i - l s - l l i sti ng on the f i l e
$3 - octetstri ngasci i - f i l e $name
EDESC
#
#
#
EVENT f oundNNotDel Core . 1. 3. 6. 1. 4. 1. 2789. 2500. 0. 1536 "Status Al arms" Mi nor
FORMAT Core Fi l e Found : $1:
Fi l e Has Not Been Del eted For Some Reason - LS : $2: FI LE : $3:
SDESC
Thi s event i s cal l ed when a server usi ng cronj ob l ooks f or core
f i l es and then CANNOT del ete themf or some reason.

$1 - octetstri ngasci i - Name of f i l e
$2 - octetstri ngasci i - l s - l l i sti ng on the f i l e
$3 - octetstri ngasci i - f i l e $name
EDESC
#
#
#
For each t r ap, we have an EVENT st at ement speci f yi ng an event
name, t he t r ap' s speci f i c I D, t he cat egor y i nt o whi ch t he event
wi l l be sor t ed, and t he sever i t y. The FORMAT st at ement def i nes a
message t o be used when we r ecei ve t he t r ap; i t can be spr ead
over sever al l i nes and can use t he par amet er s $1, $2, et c. t o
r ef er t o t he var i abl e bi ndi ngs t hat ar e i ncl uded i n t he t r ap.

Al t hough i t woul d be a good i dea, we don' t need t o add our
var i abl e bi ndi ngs t o our pr i vat e MI B f i l e; trapd.conf cont ai ns
enough i nf or mat i on f or OpenVi ew t o i nt er pr et t he cont ent s of
t he t r ap.
Her e ar e some sampl e t r aps
[ 4]
gener at ed by t he throwcore scr i pt :
[4]
We' ve removed most of the host and date/ ti me i nf ormati on.
Core Fi l e Found : / usr/ sap/ HQD/ DVEBMGS00/ work/ core: Fi l e Has Been
Del eted - LS : - rw- rw- - - - 1 hqdadmsapsys 355042304 Apr 27 17: 04
/ usr/ sap/ HQD/ DVEBMGS00/ work/ core:
FI LE : / usr/ sap/ HQD/ DVEBMGS00/ work/ core: ELF 32- bi t MSB core f i l e
SPARC Versi on 1, f rom' di sp+work' :

Core Fi l e Found : / usr/ sap/ HQI / DVEBMGS10/ work/ core: Fi l e Has Been
Del eted - LS : - rw- r- - r- - 1 hqi admsapsys 421499988 Apr 28 14: 29
/ usr/ sap/ HQI / DVEBMGS10/ work/ core:
FI LE : / usr/ sap/ HQI / DVEBMGS10/ work/ core: ELF 32- bi t MSB core f i l e
SPARC Versi on 1, f rom' di sp+work' :
Her e i s r oot ' s crontab, whi ch r uns t he throwcore scr i pt at
speci f i c i nt er val s. Not i ce t hat we use t he -path swi t ch, whi ch
al l ows us t o check t he devel opment ar ea ever y hour :
#Check f or core f i l es every ni ght and every hour on speci al di rs
27 * * * * / opt/ l ocal / mi b_programs/ scri pts/ throwcore. pl - path / usr/ sap
23 2 * * * / opt/ l ocal / mi b_programs/ scri pts/ throwcore. pl

12. 4 Veri t as Di sk Check
The Ver i t as Vol ume Manager i s a package t hat al l ows you t o
mani pul at e di sks and t hei r par t i t i ons. I t gi ves you t he abi l i t y
t o add and r emove mi r r or s, wor k wi t h RAI D ar r ays, and r esi ze
par t i t i ons, t o name a f ew t hi ngs. Al t hough Ver i t as i s a
speci al i zed and expensi ve package t hat i s usual l y f ound at
l ar ge dat a cent er s, don' t assume t hat you can ski p t hi s
sect i on. The poi nt i sn' t t o show you how t o moni t or Ver i t as,
but t o show you how you can pr ovi de meani ngf ul t r aps usi ng a
t ypi cal st at us pr ogr am. You shoul d be abl e t o ext r act t he i deas
f r omt he scr i pt we pr esent her e and use t hemwi t hi n your own
cont ext .
Ver i t as Vol ume Manager ( vxvm) comes wi t h a ut i l i t y cal l ed
vxprint. Thi s pr ogr amdi spl ays r ecor ds f r omt he Vol ume Manager
conf i gur at i on and shows t he st at us of each of your l ocal di sks.
I f t her e i s an er r or , such as a bad di sk or br oken mi r r or , t hi s
command wi l l r epor t i t . A heal t hy vxprint on t he r oot vol ( / )
l ooks l i ke t hi s:
$ vxpri nt - h root vol
Di sk group: rootdg

TY NAME ASSOC KSTATE LENGTH PLOFFS STATE TUTI L0 PUTI L0
v rootvol root ENABLED 922320 - ACTI VE - -
pl rootvol - 01 rootvol ENABLED 922320 - ACTI VE - -

sd rootdi sk- B0 rootvol - 01 ENABLED 1 0 - - Bl ock0
sd rootdi sk- 02 rootvol - 01 ENABLED 922319 1 - - -
pl rootvol - 02 rootvol ENABLED 922320 - ACTI VE - -
sd di sk01- 01 rootvol - 02 ENABLED 922320 0 - - -
The KSTATE ( ker nel st at e) and STATE col umns gi ve us a behi nd- t he-
scenes l ook at our di sks, mi r r or s, et c. Wi t hout expl ai ni ng t he
out put i n det ai l , a KSTATE of ENABLED i s a good si gn; a STATE of
ACTI VE or - i ndi cat es t hat t her e ar e no pr obl ems. We can t ake
t hi s out put and pi pe i t i nt o a scr i pt t hat sends SNMP t r aps
when er r or s ar e encount er ed. We can send di f f er ent t r aps of an
appr opr i at e sever i t y, based on t he t ype of er r or t hat vxprint
r epor t ed. Her e' s a scr i pt t hat r uns vxprint and anal yzes t he
r esul t s:
#!/ usr/ l ocal / bi n/ perl - wc

$VXPRI NT_LOC ="/ usr/ sbi n/ vxpri nt";
$HOSTNAME =`/ bi n/ uname - n`; chop $HOSTNAME;

whi l e ($ARGV[0] =~/ ^- / )
{
i f ($ARGV[0] eq "- debug") { shi f t; $DEBUG =$ARGV[0]; }
el si f ($ARGV[0] eq "- state_acti ve") { $SHOW_STATE_ACTI VE =1; }
shi f t;
}

####################################################################
########################### Begi n Mai n ###########################
####################################################################

&get_vxpri nt; #Get i t, process i t, and send traps i f errors f ound!

####################################################################
######################## Begi n SubRouti nes #######################
####################################################################

sub get_vxpri nt
{

open(VXPRI NT, "$VXPRI NT_LOC | ") | | di e "Can' t Open $VXPRI NT_LOC";
whi l e($VXLI NE=<VXPRI NT>)
{
pri nt $VXLI NE unl ess ($DEBUG <2);
i f ($VXLI NE ne "n")
{
&i s_a_di sk_group_name;
&spl i t_vxpri nt_output;

i f (($TY ne "TY") &&
($TY ne "Di sk") &&
($TY ne "dg") &&
($TY ne "dm"))
{
i f (($SHOW_STATE_ACTI VE) &&($STATE eq "ACTI VE"))

{
pri nt "ACTI VE: $VXLI NE";
}
i f (($STATE ne "ACTI VE") &&
($STATE ne "DI SABLED") &&
($STATE ne "SYNC") &&
($STATE ne "CLEAN") &&
($STATE ne "SPARE") &&
($STATE ne "- ") &&
($STATE ne ""))
{
&send_error_msgs;
}
el si f (($KSTATE ne "ENABLED") &&
($KSTATE ne "DI SABLED") &&
($KSTATE ne "- ") &&
($KSTATE ne ""))
{
&send_error_msgs;
}
} #end i f (($TY
} #end i f ($VXLI NE
} #end whi l e($VXLI NE
} #end sub get_vxpri nt

sub i s_a_di sk_group_name
{
i f ($VXLI NE =~/ ^Di sksgroup: s(w+)n/ )
{
$DI SK_GROUP =$1;
pri nt "Found Di sk Group : $1: n" unl ess (!($DEBUG));
return 1;
}
}

sub spl i t_vxpri nt_output
{
($TY, $NAME, $ASSOC, $KSTATE,
$LENGTH, $PLOFFS, $STATE, $TUTI L0,
$PUTI L0) =spl i t(/ s+/ , $VXLI NE);

i f ($DEBUG) {
pri nt "SPLI T: $TY $NAME $ASSOC $KSTATE ";
pri nt "$LENGTH $PLOFFS $STATE $TUTI L0 $PUTI L0: n";
}
}

sub send_snmp_trap
{
$SNMP_TRAP_LOC ="/ opt/ OV/ bi n/ snmptrap";
$SNMP_COMM_NAME ="publ i c";
$SNMP_TRAP_HOST ="nms";

$SNMP_ENTERPRI SE_I D =". 1. 3. 6. 1. 4. 1. 2789. 2500";

$SNMP_GEN_TRAP ="6";
$SNMP_SPECI FI C_TRAP ="1000";

chop($SNMP_TI ME_STAMP ="1" . `date +%H%S`);
$SNMP_EVENT_I DENT_ONE =". 1. 3. 6. 1. 4. 1. 2789. 2500. 1000. 1";
$SNMP_EVENT_VTYPE_ONE ="octetstri ngasci i ";
$SNMP_EVENT_VAR_ONE ="$HOSTNAME";

$SNMP_EVENT_I DENT_TWO =". 1. 3. 6. 1. 4. 1. 2789. 2500. 1000. 2";
$SNMP_EVENT_VTYPE_TWO ="octetstri ngasci i ";
$SNMP_EVENT_VAR_TWO ="$NAME";

$SNMP_EVENT_I DENT_THREE =". 1. 3. 6. 1. 4. 1. 2789. 2500. 1000. 3";
$SNMP_EVENT_VTYPE_THREE ="octetstri ngasci i ";
$SNMP_EVENT_VAR_THREE ="$STATE";

$SNMP_EVENT_I DENT_FOUR =". 1. 3. 6. 1. 4. 1. 2789. 2500. 1000. 4";
$SNMP_EVENT_VTYPE_FOUR ="octetstri ngasci i ";
$SNMP_EVENT_VAR_FOUR ="$DI SK_GROUP";

$SNMP_TRAP ="$SNMP_TRAP_LOC - c $SNMP_COMM_NAME $SNMP_TRAP_HOST
$SNMP_ENTERPRI SE_I D "" $SNMP_GEN_TRAP $SNMP_SPECI FI C_TRAP $SNMP_TI ME_STAMP
$SNMP_EVENT_I DENT_ONE $SNMP_EVENT_VTYPE_ONE "$SNMP_EVENT_VAR_ONE"
$SNMP_EVENT_I DENT_TWO $SNMP_EVENT_VTYPE_TWO "$SNMP_EVENT_VAR_TWO"
$SNMP_EVENT_I DENT_THREE $SNMP_EVENT_VTYPE_THREE "$SNMP_EVENT_VAR_THREE"
$SNMP_EVENT_I DENT_FOUR $SNMP_EVENT_VTYPE_FOUR "$SNMP_EVENT_VAR_FOUR"";

#
#system"/ usr/ l ocal / bi n/ snmptrap $SNMP_TRAP_HOST $SNMP_COMM_NAME
#$SNMP_ENTERPRI SE_I D ' ' $SNMP_GEN_TRAP $SNMP_SPECI FI C_TRAP ' '
#$SNMP_EVENT_I DENT_ONE s "$SNMP_EVENT_VAR_ONE"
#$SNMP_EVENT_I DENT_TWOs "$SNMP_EVENT_VAR_TWO"
#$SNMP_EVENT_I DENT_THREE s "$SNMP_EVENT_VAR_THREE"
#$SNMP_EVENT_I DENT_FOUR s "$SNMP_EVENT_VAR_FOUR"";

#
#snmptrap("$SNMP_COMM_NAME@$SNMP_TRAP_HOST: 162", "$SNMP_ENTERPRI SE_I D",
#myl ocal hostname, $SNMP_GEN_TRAP, $SNMP_SPECI FI C_TRAP,
#"$SNMP_EVENT_I DENT_ONE", "stri ng", "$SNMP_EVENT_VAR_ONE",
#"$SNMP_EVENT_I DENT_TWO", "stri ng", "$SNMP_EVENT_VAR_TWO",
#"$SNMP_EVENT_I DENT_THREE", "stri ng", "$SNMP_EVENT_VAR_THREE",
#"$SNMP_EVENT_I DENT_FOUR", "stri ng", "$SNMP_EVENT_VAR_FOUR");

#Sendi ng a trap usi ng OpenVi ew' s snmptrap (usi ng VARs f romabove)
#
i f ($SEND_SNMP_TRAP) {
pri nt "Probl emRunni ng SnmpTrap wi th Resul t ";
pri nt ": $SEND_SNMP_TRAP: : $SNMP_TRAP: n";
}

sub send_error_msgs

{
$TY =~s/ ^v/ Vol ume/ ;
$TY =~s/ ^pl / Pl ex/ ;
$TY =~s/ ^sd/ SubDi sk/ ;

pri nt "VXf s Probl em: Host: [$HOSTNAME] State: [$STATE] Di skGroup: [$DI SK_GROUP]
Type: [$TY] Fi l eSystem: [$NAME] Assoc: [$ASSOC] Kstate: [$KSTATE] n"
unl ess (!($DEBUG));

&send_snmp_trap;
}
Knowi ng what t he out put of vxprint shoul d l ook l i ke, we can
f or mul at e Per l st at ement s t hat f i gur e out when t o gener at e a
t r ap. That t ask makes up most of t he get_vxpri nt subr out i ne. We
al so know what t ypes of er r or messages wi l l be pr oduced. Our
scr i pt t r i es t o i gnor e al l t he i nf or mat i on f r omt he heal t hy
di sks and sor t t he er r or messages. For exampl e, i f t he STATE
f i el d cont ai ns NEEDSYNC, t he di sk mi r r or s ar e pr obabl y not
synchr oni zed and t he vol ume needs some sor t of at t ent i on. The
scr i pt doesn' t handl e t hi s par t i cul ar case expl i ci t l y, but i t
i s caught wi t h t he def aul t ent r y.
The act ual mechani smf or sendi ng t he t r ap i s t i ed up i n a l ar ge
number of var i abl es. Basi cal l y, t hough, we use any of t he t r ap
ut i l i t i es we' ve di scussed; t he ent er pr i se I D i s
. 1. 3. 6. 1. 4. 1. 2789. 2500 ; t he speci f i c t r ap I D i s 1000 ; and we
i ncl ude f our var i abl e bi ndi ngs, whi ch r epor t t he host name, t he
vol ume name, t he vol ume' s st at e, and t he di sk gr oup.
As wi t h t he pr evi ous scr i pt , i t ' s a si mpl e mat t er t o r un t hi s
scr i pt per i odi cal l y and wat ch t he r esul t s on what ever net wor k-
management sof t war e you' r e usi ng. I t ' s al so easy t o see how you
coul d devel op si mi l ar scr i pt s t hat gener at e r epor t s f r omot her
st at us pr ogr ams.
12. 5 Di sk- Space Checker
OpenVi ew' s agent has a f i l eSyst emTabl e obj ect t hat cont ai ns
st at i st i cs about di sk ut i l i zat i on and ot her f i l esyst em
par amet er s. At f i r st gl ance, i t l ooks ext r emel y usef ul : you can
use i t t o f i nd out f i l esyst emnames, bl ocks f r ee, et c. But i t
has some qui r ks, and we' l l need t o pl ay a f ew t r i cks t o use
t hi s t abl e ef f ect i vel y. Wal ki ng
f i l eSyst emTabl e. f i l eSyst emEnt r y. f i l eSyst emDi r
( . 1. 3. 6. 1. 4. 1. 11. 2. 3. 1. 2. 2. 1. 10) l i st s t he f i l esyst ems t hat ar e
cur r ent l y mount ed:
[ 5]

[5]
We' ve truncated the l eadi ng
. i so. org. dod. i nternet. pri vate. enterpri ses. hp. nm. system. general
to the wal k resul ts f or space reasons.
[root][nms] / opt / OV/ l ocal / bi n/ di sk_space>snmpwal k spruce
. 1. 3. 6. 1. 4. 1. 11. 2. 3. 1. 2. 2. 1. 10

f i l eSystem. f i l eSystemTabl e. f i l eSystemEntry. f i l eSystemDi r. 14680064. 1
: DI SPLAY STRI NG- (asci i ): /
: DI SPLAY STRI NG- (asci i ): / var
: DI SPLAY STRI NG- (asci i ): / export
: DI SPLAY STRI NG- (asci i ): / opt
: DI SPLAY STRI NG- (asci i ): / usr
: DI SPLAY STRI NG- (asci i ): / proc
: DI SPLAY STRI NG- (asci i ): / dev/ f d
: DI SPLAY STRI NG- (asci i ): / net
: DI SPLAY STRI NG- (asci i ): / home
: DI SPLAY STRI NG- (asci i ): / xf n
Let ' s t hi nk about how we' d wr i t e a pr ogr amt hat checks f or
avai l abl e di sk space. At f i r st gl ance, i t l ooks l i ke t hi s wi l l
be easy. But t hi s t abl e cont ai ns a number of obj ect s t hat
ar en' t f i l esyst ems i n t he nor mal sense; /proc, f or exampl e,
pr ovi des access t o t he pr ocesses r unni ng on t he syst emand
doesn' t r epr esent st or age. Thi s r ai ses pr obl ems i f we st ar t
pol l i ng f or f r ee bl ocks: /proc i sn' t goi ng t o have any f r ee
bl ocks, and /dev/fd, whi ch r epr esent s a f l oppy di sk, wi l l have
f r ee bl ocks onl y i f a di sk happens t o be i n t he dr i ve. You' d
expect /home t o behave l i ke a nor mal f i l esyst em, but on t hi s
ser ver i t ' s aut omount ed, whi ch means t hat i t s behavi or i s
unpr edi ct abl e; i f i t ' s not i n use, i t mi ght not be mount ed.
Ther ef or e, i f we pol l ed f or f r ee bl ocks usi ng t he
f i l eSyst em. f i l eSyst emTabl e. f i l eSyst emEnt r y. f i l eSyst emBavai l
obj ect , t he l ast f i ve i nst ances mi ght r et ur n 0 under nor mal
condi t i ons. So t he r esul t s we' d get f r ompol l i ng al l t he
ent r i es i n t he f i l esyst emt abl e ar en' t meani ngf ul wi t hout
f ur t her i nt er pr et at i on. At a mi ni mum, we need t o f i gur e out
whi ch f i l esyst ems ar e i mpor t ant t o us and whi ch ar en' t . Thi s i s
pr obabl y goi ng t o r equi r e bei ng cl ever about t he i nst ance
number s.
When I di scover ed t hi s pr obl em, I not i ced t hat al l t he
f i l esyst ems I want ed t o check happened t o have i nst ance number s
wi t h t he same l eadi ng di gi t s; i . e. , f i l eSyst emDi r . 14680064. 1,
f i l eSyst emDi r . 14680067. 1, f i l eSyst emDi r . 14680068. 1, et c. That
obser vat i on pr oved t o be l ess usef ul t han i t seemed - - wi t h
t i me, I l ear ned t hat not onl y do ot her ser ver s have di f f er ent
l eadi ng i nst ance number s, but t hat on any ser ver t he i nst ance
number s coul d change. Even i f t he i nst ance number changes,
t hough, t he l eadi ng i nst ance di gi t s seemt o st ay t he same f or
al l di sks or f i l esyst ems of t he same t ype. For exampl e, di sk
ar r ays mi ght have i nst ance number s l i ke

f i l eSyst emDi r . 12312310. 1, f i l eSyst emDi r . 12312311. 1,
f i l eSyst emDi r . 12312312. 1, and so on. Your i nt er nal di sks mi ght
have i nst ance number s l i ke f i l eSyst emDi r . 12388817. 1,
f i l eSyst emDi r . 12388818. 1, f i l eSyst emDi r . 12388819. 1, and so on.
So, wor ki ng wi t h t he i nst ance number s i s possi bl e, but pai nf ul
- - t her e i s st i l l not hi ng st at i c t hat can be easi l y pol l ed.
Ther e' s no easy way t o say " Gi ve me t he st at i st i cs f or al l t he
l ocal f i l esyst ems, " or even " Gi ve me t he st at i st i cs f or /usr. "
I was f or ced t o wr i t e a pr ogr amt hat woul d do a f ai r amount of
i nst ance- number pr ocessi ng, maki ng guesses based on t he
behavi or I obser ved. I had t o use snmpwal k t o f i gur e out t he
i nst ance number s f or t he f i l esyst ems I car ed about bef or e doi ng
anyt hi ng mor e i nt er est i ng. By compar i ng t he i ni t i al di gi t s of
t he i nst ance number s, I was abl e t o f i gur e out whi ch
f i l esyst ems wer e l ocal , whi ch wer e net wor ked, and whi ch wer e
" speci al pur pose" ( l i ke /proc) . Her e' s t he r esul t :
#f i l ename: pol l i ng. pl
#opti ons:
# - mi n n : send trap i f l ess than n 1024- byte bl ocks f ree
# - tabl e f : tabl e of servers to watch (def aul ts to . / def aul t)
# - server s : speci f i es a si ngl e server to pol l
# - i nst n : number of l eadi ng i nstance- number di gi ts to compare
# - debug n : debug l evel

$| ++;

$SNMPWALK_LOC ="/ opt/ OV/ bi n/ snmpwal k - r 5";
$SNMPGET_LOC ="/ opt/ OV/ bi n/ snmpget";
$HOME_LOC ="/ opt/ OV/ l ocal / bi n/ di sk_space";
$LOCK_FI LE_LOC ="$HOME_LOC/ l ock_f i l es";
$GREP_LOC ="/ bi n/ grep";
$TOUCH_LOC ="/ bi n/ touch";
$PI NG_LOC ="/ usr/ sbi n/ pi ng"; #Pi ng Locati on
$PI NG_TI MEOUT =7; #Seconds to wai t f or a pi ng

$MI B_C =". 1. 3. 6. 1. 4. 1. 11. 2. 3. 1. 2. 2. 1. 6"; #f i l eSystemBavai l
$MI B_BSI ZE =". 1. 3. 6. 1. 4. 1. 11. 2. 3. 1. 2. 2. 1. 7"; #f i l eSystemBsi ze
$MI B_DI R =". 1. 3. 6. 1. 4. 1. 11. 2. 3. 1. 2. 2. 1. 10"; #f i l eSystemDi r

whi l e ($ARGV[0] =~/ ^- / )
{
i f ($ARGV[0] eq "- mi n") { shi f t; $MI N =$ARGV[0]; } #I n 1024 bl ocks
el si f ($ARGV[0] eq "- tabl e") { shi f t; $TABLE =$ARGV[0]; }
el si f ($ARGV[0] eq "- server") { shi f t; $SERVER =$ARGV[0]; }
el si f ($ARGV[0] eq "- i nst") { shi f t; $I NST_LENGTH =$ARGV[0]; }
el si f ($ARGV[0] eq "- debug") { shi f t; $DEBUG =$ARGV[0]; }
shi f t;
}

#################################################################
########################## Begi n Mai n #########################
#################################################################

$ALLSERVERS =1 unl ess ($SERVER);
$I NST_LENGTH =5 unl ess ($I NST_LENGTH);

$TABLE ="def aul t" unl ess ($TABLE);

open(TABLE, "$HOME_LOC/ $TABLE") | | di e "Can' t Open Fi l e $TABLE";
whi l e($LI NE=<TABLE>)
{
i f ($LI NE ne "n")
{
chop $LI NE;
($HOST, $I GNORE1, $I GNORE2, $I GNORE3) =spl i t(/ : / , $LI NE);

i f (&pi ng_server_bad("$HOST")) { warn "Can' t Pi ng Server
: $HOST: " unl ess (!($DEBUG)); }
el se
{
&f i nd_i nst;

i f ($DEBUG >99)
{
pri nt "HOST: $HOST: I GNORE1 : $I GNORE1: I GNORE2 : $I GNORE2:
I GNORE3 : $I GNORE3: n";
pri nt "Runni ng : $SNMPWALK_LOC $HOST $MI B_C | $GREP_LOC
. $GI NST: n";
}

$I GNORE1 ="C1ANT5MAT9CHT4HI S"
unl ess ($I GNORE1); #I f we don' t have anythi ng then l et' s set
$I GNORE2 ="CA2N4T6M8A1T3C5H7THI S"
unl ess ($I GNORE2); #to somethi ng that we can never match.
$I GNORE3 ="CAN3TMA7TCH2THI 6S" unl ess ($I GNORE3);

i f (($SERVER eq "$HOST") | | ($ALLSERVERS))
{
open(WALKER, "$SNMPWALK_LOC $HOST $MI B_C | $GREP_LOC
. $GI NST | ") | | di e "Can' t Wal k $HOST $MI B_Cn";
whi l e($WLI NE=<WALKER>)
{
chop $WLI NE;
($MI B, $TYPE, $VALUE) =spl i t(/ : / , $WLI NE);
$MI B =~s/ s+/ / g;
$MI B =~/ (d+. d+)$/ ;

$I NST =$1;

open(SNMPGET, "$SNMPGET_LOC $HOST $MI B_DI R. $I NST | ");
whi l e($DLI NE=<SNMPGET>)
{
($NULL, $NULL, $DNAME) =spl i t(/ : / , $DLI NE);
}

$DNAME =~s/ s+/ / g;

cl ose SNMPGET;

open(SNMPGET, "$SNMPGET_LOC $HOST $MI B_BSI ZE. $I NST | ");
whi l e($BLI NE=<SNMPGET>)
{
($NULL, $NULL, $BSI ZE) =spl i t(/ : / , $BLI NE);
}

cl ose SNMPGET;

$BSI ZE =~s/ s+/ / g;

$LOCK_RES =&i nst_f ound; $LOCK_RES ="[ $LOCK_RES ]";

pri nt "LOCK_RES : $LOCK_RES: n" unl ess ($DEBUG <99);

$VALUE =$VALUE * $BSI ZE / 1024; #Put i t i n 1024 bl ocks

i f (($DNAME =~/ . *$I GNORE1. */ ) | |
($DNAME =~/ . *$I GNORE2. */ ) | |
($DNAME =~/ . *$I GNORE3. */ ))
{
$DNAME ="$DNAME "i gnored"";
}

el se
{
i f (($VALUE <=$MI N) &&($LOCK_RES eq "[ 0 ]"))
{
&wri te_l ock;
&send_snmp_trap(0);
}

el si f (($VALUE >$MI N) &&($LOCK_RES eq "[ 1 ]"))
{
&remove_l ock;
&send_snmp_trap(1);
}
}

$VALUE =$VALUE / $BSI ZE * 1024; #Di spl ay i t as the
#ori gi nal bl ock si ze

wri te unl ess (!($DEBUG));

} #end whi l e($WLI NE=<WALKER>)
} #end i f (($SERVER eq "$HOST") | | ($ALLSERVERS))
} #end el se f romi f (&pi ng_server_bad("$HOST"))

} #end i f ($LI NE ne "n")
} #end whi l e($LI NE=<TABLE>)

#################################################################

###################### Begi n SubRouti nes ######################
#################################################################

f ormat STDOUT_TOP =
Server MountPoi nt Bl ocksLef t Bl ockSi ze MI B LockFi l e
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
.

f ormat STDOUT =
@<<<<<<<< @<<<<<<<<<<<<<<< @<<<<<<<<<<< @<<<<<<<<<< @<<<<<<<< @<<<<<<<<<
$HOST, $DNAME, $VALUE, $BSI ZE, $I NST, $LOCK_RES
.

sub i nst_f ound
{
i f (- e "$LOCK_FI LE_LOC/ $HOST. $I NST") { return 1; }
el se { return 0; }
}

sub remove_l ock
{
i f ($DEBUG >99) { pri nt "Removi ng Lockf i l e $LOCK_FI LE_LOC/ $HOST. $I NSTn"; }
unl i nk "$LOCK_FI LE_LOC/ $HOST. $I NST";
}

sub wri te_l ock
{
i f ($DEBUG >99) { pri nt "Wri ti ng Lockf i l e
$TOUCH_LOC $LOCK_FI LE_LOC/ $HOST. $I NSTn"; }
system"$TOUCH_LOC $LOCK_FI LE_LOC/ $HOST. $I NST";
}

#################################################################
##send_snmp_trap ##
####################
##
#Thi s subrouti ne al l ows you to send di f f traps dependi ng on the
# passed parmand gi ves you a chance to send both good and bad
# traps.
#
#$1 - i nteger - Thi s wi l l be added to the speci f i c event I D.
#
#I f we created two traps:
# 2789. 2500. 0. 1000 =Maj or
# 2789. 2500. 0. 1001 =Good
#
#I f we decl are:
# $SNMP_SPECI FI C_TRAP ="1000";
#
#We coul d send the 1st by usi ng:
# send_snmp_trap(0); #Here i s the math (1000 +0 =1000)
# And to send the second one:
# send_snmp_trap(1); #Here i s the math (1000 +1 =1001)
#

#Thi s way you coul d set up mul ti pl e traps wi th di f f errors usi ng
# the same f uncti on f or al l .
#
##
#################################################################

sub send_snmp_trap
{
$TOTAL_TRAPS_CREATED =2; #Let' s do some checki ng/ remi ndi ng
#here. Thi s number shoul d be the
#total number of traps that you
#created on the nms.

$SNMP_ENTERPRI SE_I D =". 1. 3. 6. 1. 4. 1. 2789. 2500";
$SNMP_SPECI FI C_TRAP ="1500";

$PASSED_PARM =$_[0];
$SNMP_SPECI FI C_TRAP +=$PASSED_PARM;

$SNMP_TRAP_LOC ="/ opt/ OV/ bi n/ snmptrap";
$SNMP_COMM_NAME ="publ i c";
$SNMP_TRAP_HOST ="nms";

$SNMP_GEN_TRAP ="6";

chop($SNMP_TI ME_STAMP ="1" . `date +%H%S`);

$SNMP_EVENT_I DENT_ONE =". 1. 3. 6. 1. 4. 1. 2789. 2500. $SNMP_SPECI FI C_TRAP. 1";
$SNMP_EVENT_VTYPE_ONE ="octetstri ngasci i ";
$SNMP_EVENT_VAR_ONE ="$DNAME";

$SNMP_EVENT_I DENT_TWO =". 1. 3. 6. 1. 4. 1. 2789. 2500. $SNMP_SPECI FI C_TRAP. 2";
$SNMP_EVENT_VTYPE_TWO ="i nteger";
$SNMP_EVENT_VAR_TWO ="$VALUE";

$SNMP_EVENT_I DENT_THREE =". 1. 3. 6. 1. 4. 1. 2789. 2500. $SNMP_SPECI FI C_TRAP. 3";
$SNMP_EVENT_VTYPE_THREE ="i nteger";
$SNMP_EVENT_VAR_THREE ="$BSI ZE";

$SNMP_EVENT_I DENT_FOUR =". 1. 3. 6. 1. 4. 1. 2789. 2500. $SNMP_SPECI FI C_TRAP. 4";
$SNMP_EVENT_VTYPE_FOUR ="octetstri ngasci i ";
$SNMP_EVENT_VAR_FOUR ="$I NST";

$SNMP_EVENT_I DENT_FI VE =". 1. 3. 6. 1. 4. 1. 2789. 2500. $SNMP_SPECI FI C_TRAP. 5";
$SNMP_EVENT_VTYPE_FI VE ="i nteger";
$SNMP_EVENT_VAR_FI VE ="$MI N";

$SNMP_TRAP ="$SNMP_TRAP_LOC - c $SNMP_COMM_NAME $SNMP_TRAP_HOST
$SNMP_ENTERPRI SE_I D "$HOST" $SNMP_GEN_TRAP $SNMP_SPECI FI C_TRAP
$SNMP_TI ME_STAMP
$SNMP_EVENT_I DENT_ONE $SNMP_EVENT_VTYPE_ONE "$SNMP_EVENT_VAR_ONE"
$SNMP_EVENT_I DENT_TWO $SNMP_EVENT_VTYPE_TWO "$SNMP_EVENT_VAR_TWO"
$SNMP_EVENT_I DENT_THREE $SNMP_EVENT_VTYPE_THREE "$SNMP_EVENT_VAR_THREE"
$SNMP_EVENT_I DENT_FOUR $SNMP_EVENT_VTYPE_FOUR "$SNMP_EVENT_VAR_FOUR"

$SNMP_EVENT_I DENT_FI VE $SNMP_EVENT_VTYPE_FI VE "$SNMP_EVENT_VAR_FI VE"";

i f (!($PASSED_PARM<$TOTAL_TRAPS_CREATED))
{
di e "ERROR SNMPTrap wi th a Speci f i c Number >
$TOTAL_TRAPS_CREATEDnSNMP_TRAP: $SNMP_TRAP: n";
}

#
#system"/ usr/ l ocal / bi n/ snmptrap $SNMP_TRAP_HOST $SNMP_COMM_NAME
#$SNMP_ENTERPRI SE_I D ' ' $SNMP_GEN_TRAP $SNMP_SPECI FI C_TRAP ' '
#$SNMP_EVENT_I DENT_ONE s "$SNMP_EVENT_VAR_ONE"
#$SNMP_EVENT_I DENT_TWOi "$SNMP_EVENT_VAR_TWO"
#$SNMP_EVENT_I DENT_THREE i "$SNMP_EVENT_VAR_THREE"
#$SNMP_EVENT_I DENT_FOUR s "$SNMP_EVENT_VAR_FOUR"";
#$SNMP_EVENT_I DENT_FI VE i "$SNMP_EVENT_VAR_FI VE"";

#
#snmptrap("$SNMP_COMM_NAME@$SNMP_TRAP_HOST: 162", "$SNMP_ENTERPRI SE_I D",
#myl ocal hostname, $SNMP_GEN_TRAP, $SNMP_SPECI FI C_TRAP,
#"$SNMP_EVENT_I DENT_ONE", "stri ng", "$SNMP_EVENT_VAR_ONE",
#"$SNMP_EVENT_I DENT_TWO", "i nt", "$SNMP_EVENT_VAR_TWO",
#"$SNMP_EVENT_I DENT_THREE", "i nt", "$SNMP_EVENT_VAR_THREE",
#"$SNMP_EVENT_I DENT_FOUR", "stri ng", "$SNMP_EVENT_VAR_FOUR",
#"$SNMP_EVENT_I DENT_FI VE", "i nt", "$SNMP_EVENT_VAR_FI VE");

#Sendi ng a trap usi ng OpenVi ew' s snmptrap (usi ng VARs f romabove)
#
i f ($SEND_SNMP_TRAP) {
pri nt "ERROR Runni ng SnmpTrap Resul t ";
pri nt ": $SEND_SNMP_TRAP: : $SNMP_TRAP: n"
}

sub f i nd_i nst
{
open(SNMPWALK2, "$SNMPWALK_LOC $HOST $MI B_DI R | ") | |
di e "Can' t Fi nd I nst f or $HOSTn";
whi l e($DLI NE=<SNMPWALK2>)
{
chomp $DLI NE;
($DI RTY_I NST, $NULL, $DI RTY_NAME) =spl i t(/ : / , $DLI NE);
$DI RTY_NAME =~s/ s+/ / g; #Lose the whi tespace, f ol ks!
pri nt "DI RTY_I NST : $DI RTY_I NST: nDI RTY_NAME : $DI RTY_NAME: n"
unl ess (!($DEBUG>99));
i f ($DI RTY_NAME eq "/ ")
{
$DI RTY_I NST =~/ f i l eSystemDi r. (d*). 1/ ;
$GI NST =$1;
$LENGTH =(l ength($GI NST) - $I NST_LENGTH);
whi l e ($LENGTH- - ) { chop $GI NST; }
cl ose SNMPWALK;

pri nt "Found I nst DI RTY_I NST : $DI RTY_I NST: DI RTY_NAME
: $DI RTY_NAME: GI NST : $GI NST: n"
unl ess (!($DEBUG >99));
return 0;
}
}

cl ose SNMPWALK2;
di e "Can' t Fi nd I nst f or HOST : $HOST: ";
}

sub pi ng_server_bad
{
l ocal $SERVER =$_[0];
$RES =system"$PI NG_LOC $SERVER $PI NG_TI MEOUT >/ dev/ nul l ";
pri nt "Res f romPi ng : $RES: - : $PI NG_LOC $SERVER: n"
unl ess (!($DEBUG));
return $RES;
}
The scr i pt cont ai ns a handf ul of usef ul f eat ur es:
We use an external ASCII file for a list of servers to
poll. We specify the file by using the switch -table
FILENAME. If no -table switch is given, the file named
default in the current directory is used.
We can specify a single server name (which must appear in
the file above) to poll using the switch -server
SERVER_NAME.
We can ignore up to three filesystems per server. For
example, we might want to ignore filesystems that are
being used for software development.
The script polls only servers that respond to a ping. We
don't want to get filesystem traps from a server that is
down or not on the network.
We can set the minimum threshold for each list of servers
in 1024-byte blocks using the -min blocks option.
The script sends a trap when a server's threshold has been
met and sends another trap when the state goes back to
normal.
We use lockfiles to prevent the server from sending out
too many redundant traps.
[6]
When a threshold has been met,
a file named hostname.instance is created. We send a trap
only if the lockfile doesn't exist. When the space frees
up, we delete the lockfile, allowing us to generate a trap
the next time free storage falls below the threshold.
[6]
There have been a f ewti mes that we have mi ssed the
f act that a systemhas f i l l ed up because a trap was l ost
duri ng transmi ssi on. Usi ng cron, we f requentl y del ete
everythi ng i n the l ock di rectory. Thi s resubmi ts the
entri es, i f any, at that ti me.

We can set the number of leading instance digits used to
grab the appropriate filesystem with the -inst switch.
Unfortunately, the number of instance digits you can
safely use to isolate a local filesystem varies from
installation to installation. The default is five, but a
lower value may be appropriate.
The script displays a useful table when we invoke it with
the -debug flag.
The scr i pt st ar t s by r eadi ng t he t abl e of ser ver s i n whi ch
we' r e i nt er est ed. I t pings t he ser ver s and i gnor es t hose t hat
don' t r espond. I t t hen cal l s t he subr out i ne f i nd_i nst, whi ch
i ncor por at es most of t he i nst ance- number l ogi c. Thi s subr out i ne
wal ks t he f i l esyst emt abl e t o f i nd a l i st of al l t he
f i l esyst ems and t hei r i nst ance number s. I t ext r act s t he ent r y
f or t he r oot f i l esyst em( / ) , whi ch we know exi st s, and whi ch we
assume i s a l ocal di sk. ( We can' t assume t hat t he r oot
f i l esyst emwi l l be l i st ed f i r st ; we do assume t hat you won' t
use a scr i pt l i ke t hi s t o moni t or di skl ess wor kst at i ons) . We
t hen st or e t he f i r st I NST_LENGTH di gi t s of t he i nst ance number i n
t he var i abl e GI NST, and r et ur n.
Back i n t he mai n pr ogr am, we ask f or t he number of bl ocks
avai l abl e f or each f i l esyst em; we compar e t he i nst ance number
t o GI NST, whi ch sel ect s t he l ocal f i l esyst ems ( i . e. , t he
f i l esyst ems wi t h an i nst ance number whose i ni t i al di gi t s mat ch
t he i nst ance number f or / ) . We t hen ask f or t he t ot al number of
bl ocks, whi ch al l ows us t o compar e t he space avai l abl e agai nst
our t hr eshhol ds. I f t he val ue i s l ess t hen our mi ni mumwe send
one of t he t wo ent er pr i sespeci f i c t r aps we' ve def i ned f or t hi s
pr ogr am, 1500, whi ch i ndi cat es t hat t he f i l esyst em' s f r ee space
i s bel ow t he t hr eshol d. I f t he f r ee space has r et ur ned t o a
saf e l evel we send t r ap 1501, whi ch i s an " out of danger "
not i f i cat i on. Some addi t i onal l ogi c uses a l ockf i l e t o pr event
t he scr i pt f r ombombar di ng t he NMS wi t h r epeat ed not i f i cat i ons;
we send at most one war ni ng a day and send an " out of danger "
onl y i f we' ve pr evi ousl y sent a war ni ng. I n ei t her case, we
st uf f t he t r ap wi t h usef ul i nf or mat i on: a number of var i abl e
bi ndi ngs speci f yi ng t he f i l esyst em, t he avai l abl e space, i t s
t ot al capaci t y, i t s i nst ance number , and t he t hr eshol d we' ve
set . Lat er , we' l l see how t o map t hese t r aps i nt o OpenVi ew
cat egor i es.
Let ' s put t he pr ogr amt o wor k by cr eat i ng a t abl e cal l ed
default t hat l i st s t he ser ver s we ar e i nt er est ed i n wat chi ng:
db_serv0
db_serv1
db_serv2
Now we can r un t he scr i pt wi t h t he -debug opt i on t o show us a
t abl e of t he r esul t s. The f ol l owi ng command asks f or al l
f i l esyst ems on t he ser ver db_ser v0 wi t h f ewer t han 50, 000
bl ocks ( 50 MB) f r ee:

$ / opt / OV/ l ocal / bi n/ di sk_space/ pol l i ng. pl - mi n 50000 - server db_serv0 - debug 1
Res f romPi ng : 0: - : / usr/ sbi n/ pi ng db_serv0:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
db_serv0 / 207766 1024 38010880. 1 [ 0 ]
db_serv0 / usr 334091 1024 38010886. 1 [ 0 ]
db_serv0 / opt 937538 1024 38010887. 1 [ 0 ]
db_serv0 / var 414964 1024 38010888. 1 [ 0 ]
db_serv0 / db1 324954 1024 38010889. 1 [ 0 ]
Not i ce t hat we di dn' t need t o speci f y a t abl e expl i ci t l y;
because we omi t t ed t he -table opt i on, t he polling.pl scr i pt
used t he def aul t f i l e we put i n t he cur r ent di r ect or y. The -
server swi t ch l et us l i mi t t he t est t o t he ser ver named
db_ser v0; i f we had omi t t ed t hi s opt i on t he scr i pt woul d have
checked al l ser ver s wi t hi n t he def aul t t abl e. I f t he f r ee space
on any of t he f i l esyst ems f al l s under 50, 000 1024- byt e bl ocks,
t he pr ogr amsends a t r ap and wr i t es a l ockf i l e wi t h t he
i nst ance number .
Because SNMP t r aps use UDP, t hey ar e unr el i abl e. Thi s means
t hat some t r aps may never r each t hei r dest i nat i on. Thi s coul d
spel l di sast er - - i n our si t uat i on, we' r e sendi ng t r aps t o
not i f y a manager t hat a f i l esyst emi s f ul l . We don' t want t hose
t r aps t o di sappear , especi al l y si nce we' ve desi gned our pr ogr am
so t hat i t doesn' t send dupl i cat e not i f i cat i ons. One wor kar ound
i s t o have cron del et e some or al l of t he f i l es i n t he lock
di r ect or y. We l i ke t o del et e ever yt hi ng i n t he lock di r ect or y
ever y hour ; t hi s means t hat we' l l get a not i f i cat i on ever y hour
unt i l some f r ee st or age appear s i n t he f i l esyst em. Anot her
pl ausi bl e pol i cy i s t o del et e onl y t he pr oduct i on- ser ver
l ockf i l es. Wi t h t hi s pol i cy, we' l l get hour l y not i f i cat i on
about f i l esyst emcapaci t y pr obl ems on t he ser ver we car e about
most ; on ot her machi nes ( e. g. , devel opment machi nes, t est
machi nes) , we wi l l get onl y a si ngl e not i f i cat i on.
Let ' s say t hat t he f i l esyst em/ db1 i s a t est syst emand we
don' t car e i f i t f i l l s up. We can i gnor e t hi s f i l esyst emby
speci f yi ng i t i n our t abl e. We can l i st up t o t hr ee f i l esyst ems
we woul d l i ke t o i gnor e af t er t he ser ver name ( whi ch must be
f ol l owed by a " : " ) :
db_serv0: db1
Runni ng t he polling.pl scr i pt agai n gi ves t hese r esul t s:
$ / opt / OV/ l ocal / bi n/ di sk_space/ pol l i ng. pl - mi n 50000 - server db_serv0 - debug 1
Res f romPi ng : 0: - : / usr/ sbi n/ pi ng db_serv0:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
db_serv0 / 207766 1024 38010880. 1 [ 0 ]
db_serv0 / usr 334091 1024 38010886. 1 [ 0 ]
db_serv0 / opt 937538 1024 38010887. 1 [ 0 ]
db_serv0 / var 414964 1024 38010888. 1 [ 0 ]
db_serv0 / db1 (i gnored) 324954 1024 38010889. 1 [ 0 ]

When t he / db1 f i l esyst emdr ops bel ow t he mi ni mumdi sk space,
t he scr i pt wi l l not send any t r aps or cr eat e any l ockf i l es.
Now l et ' s go beyond exper i ment at i on. The f ol l owi ng crontab
ent r i es r un our pr ogr amt wi ce ever y hour :
4, 34 * * * * / opt/ OV/ bi n/ pol l i ng. pl - mi n 50000
5, 35 * * * * / opt/ OV/ bi n/ pol l i ng. pl - mi n 17000 - tabl e stocks_tabl e
7, 37 * * * * / opt/ OV/ bi n/ pol l i ng. pl - mi n 25000 - tabl e bonds_tabl e - i nst 3
Next we need t o def i ne how t he t r aps polling.pl gener at es
shoul d be handl ed when t hey ar r i ve at t he NMS. Her e' s t he ent r y
i n OpenVi ew' s trapd.conf f i l e t hat shows how t o handl e t hese
t r aps:
EVENT Di skSpaceLow. 1. 3. 6. 1. 4. 1. 2789. 2500. 0. 1500 "Threshol d Al arms" Maj or
FORMAT Di sk Space For Fi l eSystem: $1: I s LowWi th : $2:
1024 Bl ocks Lef t - Current FS Bl ock Si ze : $3: - Mi n Threshol d
: $5: - I nst : $4:
SDESC
$1 - octetstri ngasci i - Fi l eSystem
$2 - i nteger - Current Si ze
$3 - i nteger - Bl ock Si ze
$4 - octetstri ngasci i - I NST
$5 - i nteger - Mi n Threshol d Si ze
EDESC
#
#
#
EVENT Di skSpaceNormal . 1. 3. 6. 1. 4. 1. 2789. 2500. 0. 1501 "Threshol d Al arms" Normal
FORMAT Di sk Space For Fi l eSystem: $1: I s Normal Wi th : $2:
1024 Bl ocks Lef t - Current FS Bl ock Si ze : $3: - Mi n Threshol d
: $5: - I nst : $4:
SDESC
$1 - octetstri ngasci i - Fi l eSystem
$2 - i nteger - Current Si ze
$3 - i nteger - Bl ock Si ze
$4 - octetstri ngasci i - I NST
$5 - i nteger - Mi n Threshol d si ze
EDESC
These ent r i es def i ne t wo OpenVi ew event s: a Di skSpaceLow event
t hat i s used when a f i l esyst em' s capaci t y i s bel ow t he
t hr eshol d, and a Di skSpaceNor mal event . We pl ace bot h of t hese
i n t he Thr eshol d Al ar ms cat egor y; t he l ow di sk space event has
a sever i t y of Maj or , whi l e t he " nor mal " event has a sever i t y of
Nor mal . I f you' r e usi ng some ot her package t o l i st en f or t r aps,
you' l l have t o conf i gur e i t accor di ngl y.
12. 6 Port Moni t or
Most TCP/ I P ser vi ces use st at i c por t s t o l i st en f or i ncomi ng
r equest s. Moni t or i ng t hese por t s al l ows you t o see whet her
par t i cul ar ser ver s or ser vi ces ar e r espondi ng or not . For
exampl e, you can t el l whet her your mai l ser ver i s al i ve by
per i odi cal l y poki ng por t 25, whi ch i s t he por t on whi ch an SMTP

ser ver l i st ens f or r equest s. Some ot her por t s t o moni t or ar e
FTP ( 23) , HTTP ( 80) and POP3 ( 110) .
[ 7]
A f r eel y avai l abl e
pr ogr amcal l ed net cat can connect t o and i nt er act wi t h a
speci f i c por t on any devi ce. We can wr i t e a wr apper f or t hi s
pr ogr amt o wat ch a gi ven por t or ser vi ce; i f somet hi ng happens
out si de of i t s nor mal oper at i on, t hen we can send a t r ap. I n
t hi s sect i on, we' l l devel op a wr apper t hat checks t he SMTP por t
( 25) on our mai l ser ver . The pr ogr ami s ver y si mpl e, but t he
r esul t s ar e out st andi ng!
[7]
Check your servi ces f i l e f or a l i sti ng of port numbers and
thei r correspondi ng servi ces. On Uni x systems, thi s f i l e i s
usual l y i n the di rectory / etc; on Wi ndows i t i s usual l y i n a
di rectory such as C: WI NNT System32dri versetc, though i ts
l ocati on may vary dependi ng on the versi on of Wi ndows you are
usi ng.
Bef or e we st ar t t o wr i t e t he pr ogr am, l et ' s est abl i sh what we
want t o do. Tel net t o por t 25 of your SMTP ser ver . Once you' r e
connect ed, you can i ssue t he command HELO mydomain.com. Thi s
shoul d gi ve you a r esponse of 250. Af t er you get a r esponse
f r omt he mai l ser ver , i ssue t he QUIT command, whi ch t el l s t he
ser ver you ar e done. Your sessi on shoul d l ook somet hi ng l i ke
t hi s:
$ t el net mai l . ora. com25
220 smtp. orei l l y. comESMTP O' Rei l l y &Associ ates Sendmai l 8. 11. 2 ready
HELO mydomai n. com
250 OK
QUI T
221 cl osi ng connecti on
The net cat pr ogr amneeds t o know what commands you want t o send
t o t he por t you ar e moni t or i ng. We wi l l be sendi ng onl y t wo
commands t o our mai l ser ver , so we' l l cr eat e a f i l e cal l ed
input.txt t hat l ooks l i ke t hi s:
HELOmydomai n. com
QUI T
Next , we shoul d t est t hi s f i l e and see what out put we get f r om
t he ser ver . The act ual net cat execut abl e i s named nc; t o t est
t he f i l e, r un i t l i ke t hi s:
$ / opt / OV/ l ocal / bi n/ net cat / nc - i 1 mai l server 25 <i nput . t xt
Thi s command pr oduces t he same r esul t s as t he t el net sessi on.
You won' t see t he commands i n your input.txt f i l e echoed, but
you shoul d see t he ser ver ' s r esponses. Once you have ver i f i ed
t hat net cat wor ks and gi ves t he same r esponse each t i me, save a
copy of i t s out put t o t he f i l e mail_good. Thi s f i l e wi l l be
used t o det er mi ne what a nor mal r esponse f r omyour mai l ser ver
l ooks l i ke. You can save t he out put t o a f i l e wi t h t he
f ol l owi ng command:
$ / opt / OV/ l ocal / bi n/ net cat / nc - i 1 mai l server 25 <i nput . t xt >mai l _good

An al t er nat e appr oach i s t o sear ch f or t he l i ne number ed 250 i n
t he mai l ser ver ' s out put . Thi s code i ndi cat es t hat t he ser ver
i s up and r unni ng, t hough not necessar i l y pr ocessi ng mai l
cor r ect l y. I n any case, sear chi ng f or 250 shi el ds you f r om
var i at i ons i n t he ser ver ' s r esponse t o your connect i on.
Her e' s a scr i pt cal l ed mail_poller.pl t hat aut omat es t he
pr ocess. Edi t t he appr opr i at e l i nes i n t hi s scr i pt t o r ef l ect
your l ocal envi r onment . Once you have cust omi zed t he scr i pt ,
you shoul d be r eady t o go. Ther e ar e no command- l i ne ar gument s.
The scr i pt gener at es an out put f i l e cal l ed mail_status t hat
cont ai ns a 0 ( zer o) i f t he ser ver i s okay ( i . e. , i f t he out put
of net cat mat ches $GOOD_FI LE) ; any number ot her t han 0
i ndi cat es t hat an er r or has occur r ed:
#f i l ename: mai l _pol l er. pl

$HOME_LOC ="/ opt/ OV/ l ocal / bi n/ netcat";
$NC_LOC ="/ opt/ netcat/ nc";
$DI FF_LOC ="/ bi n/ di f f ";
$ECHO_LOC ="/ bi n/ echo";

$MAI L_SERVER ="mai l . exampl edomai n. com";
$MAI L_PORT = 25;
$I NPUT_FI LE ="$HOME_LOC/ i nput. txt";
$GOOD_FI LE ="$HOME_LOC/ mai l _good";
$CURRENT_FI LE ="$HOME_LOC/ mai l _current";
$EXI T_FI LE ="$HOME_LOC/ mai l _status";

$DEBUG =0;

pri nt "$NC_LOC - i 1 - w3 $MAI L_SERVER $MAI L_PORT
<$I NPUT_FI LE >$CURRENT_FI LEn" unl ess (!($DEBUG));

$NETCAT_RES =system"$NC_LOC - i 1 - w3 $MAI L_SERVER $MAI L_PORT
<$I NPUT_FI LE >$CURRENT_FI LE";
$NETCAT_RES =$NETCAT_RES / 256;

i f ($NETCAT_RES)
{
#We had a probl emwi th netcat. . . maybe a ti meout?
system"$ECHO_LOC $NETCAT_RES >$EXI T_FI LE";
&cl eanup;
}

$DI FF_RES =system"$DI FF_LOC $GOOD_FI LE $CURRENT_FI LE";
$DI FF_RES =$DI FF_RES / 256;

i f ($DI FF_RES)
{
#l ooks l i ke thi ngs are di f f erent!
system"$ECHO_LOC $DI FF_RES >$EXI T_FI LE";
&cl eanup;
}

el se
{
#Al l systems go!
system"$ECHO_LOC 0 >$EXI T_FI LE";
&cl eanup;
}

sub cl eanup
{
unl i nk "$CURRENT_FI LE";
exi t 0;
}
Af t er you r un t he pr ogr am, r evi ew t he r esul t s i n mail_status.
I f you can, t r y shut t i ng down t he mai l ser ver and r unni ng t he
scr i pt agai n. Your f i l e shoul d now cont ai n a nonzer o er r or
st at us.
Once you have made sur e t he scr i pt wor ks i n your envi r onment ,
you can i nser t an ent r y i n crontab t o execut e t hi s pr ogr amat
what ever i nt er val you woul d l i ke. I n our envi r onment , we use a
10- mi nut e i nt er val :
#Check the mai l server and create a f i l e that we can pol l vi a OpenVi ew
1, 11, 21, 31, 41, 51 * * * * / opt/ OV/ l ocal / bi n/ netcat/ mai l _pol l er. pl
Not i ce we st agger ed t he pol l i ng so t hat we don' t check on t he
hour , hal f hour , or quar t er hour . Once cron has st ar t ed
updat i ng mail_status r egul ar l y, you can use t ool s such as t he
ext ensi bl e OpenVi ew agent t o check t he f i l e' s cont ent s. You can
conf i gur e t he agent t o pol l t he f i l e r egul ar l y and send t he
r esul t s t o your management consol e. The ent r y i n my
/etc/SnmpAgent.d/snmpd.extend l ooks l i ke t hi s:
servi ceI nf o OBJ ECT I DENTI FI ER : : ={ mauro 5 }

- - BEGI N - servi ceI nf o
- -

serMai l Port OBJ ECT- TYPE
SYNTAX I NTEGER
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"Thi s f i l e i s updated vi a crontab. I t uses netcat to check the
port and push a val ue i nto thi s f i l e.
FI LE- NAME: / opt/ OV/ l ocal / bi n/ netcat/ mai l _status"
: : ={ servi ceI nf o 0 }
We di scuss t he synt ax of t hi s f i l e i n Chapt er 11. Basi cal l y,
t hi s ent r y j ust def i nes a MI B obj ect i n t he ser vi ceI nf o t r ee,
whi ch i s node 5 under my pr i vat e- ent er pr i se t r ee. I n ot her
wor ds, t hi s obj ect ' s OI D i s maur o. ser vi ceI nf o. ser Mai l Por t
( 2789. 5. 0) . The obj ect can be r ead by any pr ogr amt hat can
i ssue an SNMP get oper at i on. The DESCRI PTI ON, as we saw i n Chapt er
11, speci f i es a f i l ename f r omwhi ch t he agent wi l l r ead an
i nt eger val ue t o use as t he val ue of t hi s obj ect . Thi s pr ogr am

can easi l y be modi f i ed t o moni t or any por t on any number of
machi nes. I f you' r e ambi t i ous, you mi ght want t o t hi nk about
t ur ni ng t he ser Mai l Por t obj ect i nt o an ar r ay t hat r epor t s t he
st at us of al l your mai l ser ver s.
Our goal i n t hi s chapt er hasn' t been t o pr ovi de you wi t h
scr i pt s you can i mmedi at el y pl ace i n your envi r onment . Mor e t o
t he poi nt , we have want ed t o show you what ' s possi bl e, and get
you t hi nki ng about how you mi ght be abl e t o wr i t e scr i pt s t hat
pr ovi de el abor at e cust ommoni t or i ng f eat ur es. I f you' r e
t hi nki ng cr eat i vel y about what you can do wi t h SNMP, we' ve
succeeded.

Chapter 13. MRTG
The Multi Router Traffic Grapher ( MRTG) i s a f r eel y avai l abl e
and f ul l y conf i gur abl e t r end- anal ysi s t ool t hat ' s easy t o
conf i gur e and use. I t ' s a sur pr i si ngl y smal l , l i ght wei ght
package because i t doesn' t i mpl ement a heavywei ght user
i nt er f ace. I nst ead, i t gener at es gr aphs i n t he f or mof GI F or
PNG i mages; t hese gr aphs ar e embedded i n st andar d HTML pages.
Ther ef or e, you can vi ew MRTG' s out put usi ng any gr aphi cal web
br owser and even make i t s r epor t s vi si bl e acr oss your net wor k
by usi ng a web ser ver .
Al t hough MRTG i s best at di spl ayi ng usage gr aphs f or r out er
i nt er f aces, i t can be conf i gur ed t o gr aph t hi ngs l i ke memor y
usage, l oad aver age, and di sk usage on ser ver equi pment . MRTG
i s par t i cul ar l y usef ul f or det er mi ni ng when somet hi ng " peaks
out " f or an ext ended per i od of t i me, whi ch i ndi cat es t hat you
have a capaci t y pr obl emand need t o upgr ade. For exampl e, you
mi ght f i nd t hat your T1 i nt er f ace i s maxed out dur i ng your peak
busi ness hour s and you need t o upgr ade t o a bi gger ci r cui t , or
you mi ght f i nd t hat you need t o add mor e memor y t o a ser ver .
Li kewi se, MRTG may l et you know t hat your net wor k connect i ons
ar e oper at i ng at a f r act i on of t he avai l abl e bandwi dt h and t hat
you can t her ef or e el i mi nat e a f ew T1 ci r cui t s and r educe your
t el ecommuni cat i ons cost s.
Many si t es t hat use MRTG use i t s def aul t gr aphi ng capabi l i t i es
f or capaci t y pl anni ng and pr ovi si oni ng. MRTG doesn' t pr ovi de
t he f i ne- gr ai ned st at i st i cal t ool s you need t o cal cul at e
basel i ne i nf or mat i on or pr oj ect when your net wor k wi l l need t o
be upgr aded. However , i t can be a ver y usef ul t ool f or
busi nesses t hat don' t have t he r esour ces necessar y t o pur chase
a f ul l - f l edged t r end- anal ysi s package. Basel i nes and
pr oj ect i ons ar e i nval uabl e, but MRTG' s gr aphs can gi ve you
si mi l ar behavi or at a gl ance; your eyes ar e ver y good at
spot t i ng t ypi cal behavi or and t r ends, even i f t hey can' t gi ve
you t he st at i st i cal anal ysi s t hat your management mi ght l i ke.

MRTG has many opt i ons t hat al l ow you t o cust omi ze how i t
oper at es. I t i s beyond t he scope of t hi s chapt er t o di scuss
ever y opt i on; i nst ead, we wi l l di scuss how t o i nst al l MRTG and
use i t s def aul t gr aphi ng capabi l i t i es. We' l l al so out l i ne how
you can conf i gur e MRTG t o gat her syst emi nf or mat i on f r oma
ser ver .
I t ' s i mpor t ant t o under st and t hat MRTG i s not an NMS sol ut i on.
Al t hough i t s gr aphi ng capabi l i t i es make i t l ook super f i ci al l y
l i ke an NMS, i t ' s r eal l y a si mpl e pol l i ng engi ne t hat ' s ver y
cl ever about t he out put i t gener at es. I t per f or ms t he same get
f unct i ons t hat an NMS woul d, but i t s j ob i sn' t pr obl em
det ect i on and r esol ut i on. I t doesn' t have a f aci l i t y f or
gener at i ng al ar ms or pr ocessi ng t r aps, nor does i t have t he
abi l i t y t o set obj ect s. I t ' s si mpl y desi gned t o pr ovi de a
gr aphi cal vi ew of how your net wor k i s per f or mi ng. I f you' r e
i nt er est ed i n an open sour ce NMS package, you shoul d
i nvest i gat e Bl uebi r d ( ht t p: / / www. opennms. or g) .
13. 1 Usi ng MRTG
Bef or e usi ng MRTG, you have t o downl oad and i nst al l t he
sof t war e. The pr i mar y MRTG web si t e i s ht t p: / / www. mr t g. or g. The
downl oad l i nk t akes you t o a di r ect or y mai nt ai ned by MRTG' s
i nvent or and pr i mar y devel oper , Tobi as Oet i ker ( ht t p: / / ee-
st af f . et hz. ch/ ~oet i ker / webt ool s/ mr t g/ pub/ ) . Thi s di r ect or y
cont ai ns some ol der MRTG r el eases, as wel l as t he cur r ent one.
We downl oaded t he f i l e mrtg-2.9.10.tar.gz ( t he Uni x ver si on)
f r omt he l i st . We wi l l f ocus on t hat ver si on i n t hi s chapt er .
MRTG r equi r es f our t hi r d- par t y packages i n or der t o r un: Per l
Ver si on 5. 004_5 ( at l east ) , and t he gd, l i bpng, and zl i b
l i br ar i es. MRTG comes wi t h a Per l - based i mpl ement at i on of SNMP,
so you don' t have t o wor r y about get t i ng and i nst al l i ng any
SNMP l i br ar i es. You can det er mi ne what ver si on of Per l you have
( and whet her i t ' s i nst al l ed) by t ypi ng t he command perl -v.
Thi s may or may not spi t out a bunch of i nf or mat i on. I f i t
does, t he f i r st l i ne wi l l be t he ver si on of Per l you have
i nst al l ed. I f you get some sor t of " command not f ound" er r or ,
Per l may not be i nst al l ed. I n any event , go t o
ht t p: / / www. per l . comt o get t he l at est ver si on of Per l .
The gd l i br ar y i s used t o gener at e t he GI F i mages t hat MRTG
di spl ays. You can downl oad i t f r omht t p: / / www. bout el l . com/ gd/ .
The ot her t wo packages, l i bpng and zl i b, ar e al so used f or
var i ous aspect s of gr aphi c i mage cr eat i on. They ar e avai l abl e
f r omht t p: / / www. l i bpng. or g/ pub/ png/ .
Once you have ensur ed t hat Per l , gd, l i bpng, and zl i b ar e
i nst al l ed on your machi ne, downl oad and unpack t he Uni x ver si on
of MRTG wi t h t he f ol l owi ng commands:
[root][l i nuxserver] >cd / usr/ l ocal
[root][l i nuxserver] >t ar - zxvf mrt g- 2. 9. 10. t ar. gz

Once i t ' s unpacked, cd i nt o t he di r ect or y i t cr eat ed ( whi ch
shoul d be mrtg-2.9.10) and r ead t he i nst al l at i on hi nt s f r omt he
README f i l e. To bui l d MRTG, you execut e t hr ee commands:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>. / conf i gure
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>make
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>make i nst al l
Al l t hr ee of t hese commands pr oduce a l ot of out put , whi ch we
have omi t t ed. The configure command i nspect s your syst emf or
t ool s i t needs t o bui l d MRTG. I t wi l l t el l you whi ch i t ems ar e
mi ssi ng and wher e t o go t o get t hem. Runni ng make bui l ds MRTG,
but don' t bot her r unni ng t hi s i f t he configure command f ai l ed;
MRTG wi l l not bui l d unl ess ever yt hi ng has been i nst al l ed and
conf i gur ed pr oper l y. Fi nal l y, make install i nst al l s MRTG and
i t s associ at ed f i l es i n t he appr opr i at e pl aces. Agai n, don' t
bot her r unni ng make install i f t he pr evi ous make command
t er mi nat ed wi t h er r or s. The def aul t l ocat i on f or t he MRTG
execut abl es i s /usr/local/mrtg-2/bin. You may want t o add t hi s
di r ect or y t o your sear ch pat h.
Once you' ve bui l t MRTG, you need t o deci de wher e t o put t he
gr aphs i t gener at es. Si nce MRTG' s gr aphs ar e desi gned t o be
vi ewed by a web br owser , t hey' r e of t en st or ed i n a di r ect or y
t hat ' s vi si bl e t o a web ser ver . However , i t r eal l y doesn' t
mat t er wher e t hey go. What ' s mor e i mpor t ant i s who you want t o
vi ew t he gr aphs. You pr obabl y don' t want t he wor l d t o see your
net wor k st at i st i cs. On a smal l net wor k, you can pl ace t he
gr aphs i n a di r ect or y t hat i s out of vi ew of t he web ser ver and
t hen use a web br owser t o vi ew t he HTML r epor t s i n t he l ocal
f i l esyst em. I n a l ar ger net wor k, ot her peopl e ( e. g. , ot her
net wor k st af f or management ) may need t o access t he r epor t s; t o
al l ow access wi t hout publ i shi ng your net wor k st at i st i cs t o t he
r est of t he wor l d, you may want t o set up some ki nd of a secur e
web ser ver . At any r at e, t he next set of commands you' l l want
t o execut e i s somet hi ng l i ke t hi s:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>mkdi r / mrt g/ i mages
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>cp . / i mages/ mrt g*. gi f / mrt g/ i mages/
The f i r st command cr eat es a di r ect or y f or st or i ng t he gr aphs
MRTG cr eat es. The second command copi es some MRTG i mages i nt o
t he newl y cr eat ed di r ect or y f or l at er use i n HTML f i l es. For
t he r emai nder of t hi s chapt er , we wi l l assume t hat gr aphs ar e
st or ed i n /mrtg/images.
You' r e now r eady t o set up your f i r st devi ce t o pol l , whi ch i s
cal l ed a target i n MRTG. MRTG uses a conf i gur at i on f i l e t o t el l
i t what devi ces t o pol l , what opt i ons t o appl y t o t he cr eat i on
of t he gr aphs i t wi l l gener at e, et c. The synt ax of t he
conf i gur at i on f i l e i s compl ex, but MRTG pr ovi des a t ool cal l ed
cfgmaker t o hel p you bui l d i t . You' l l pr obabl y need t o edi t t he
f i l e by hand, but i t ' s much easi er t o st ar t wi t h a wor ki ng
t empl at e. Her e' s how t o execut e cfgmaker:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>set env PATH / usr/ l ocal / mrt g- 2/ bi n: $PATH

[root][l i nuxserver] ~/ mrtg- 2. 9. 10>cf gmaker - - gl obal ' WorkDi r: / mrt g/ i mages'
- - out put / mrt g/ run/ mrt g. cf g publ i c@rout er
The f i r st ar gument t o cfgmaker set s t he WorkDi r var i abl e i n t he
conf i gur at i on f i l e. Thi s t el l s MRTG wher e t o st or e any dat a i t
gat her s f r omt he devi ces i t ' s goi ng t o pol l . The second
ar gument speci f i es wher e we want cfgmaker ' s out put sent ; i n
t hi s case i t ' s /mrtg/run/mrtg.cfg. The l ast ar gument speci f i es
t he devi ce we want t o pol l and t he communi t y st r i ng t o use when
pol l i ng t hat devi ce; i t s f or mat i s communi t y_st r i ng@devi ce.
The out put f r omcfgmaker i s a mi x of commands and HTML. I t
per f or ms get-next commands on t he devi ce you speci f i ed on t he
command l i ne, i n or der t o get an i dea of how many i nt er f aces
your devi ce has, whi ch ones ar e up, whi ch ar e down, et c. I t
wal ks t he i so. or g. dod. i nt er net . mgmt . mi b- 2. i nt er f aces
( 1. 3. 6. 1. 2. 1. 2) t r ee t o di scover t he t ot al number of i nt er f aces
i n t hi s t abl e. I t t hen cr eat es l ogi cal ent r i es t hat r epr esent a
l i st of devi ces t o pol l , except t he l i st of devi ces i s act ual l y
one devi ce wi t h each i nt er f ace number speci f i ed as a t ar get .
For exampl e, Et her net 0 i s i n t he f our t h r ow of t he i nt er f aces
t abl e on our Ci sco r out er , so cfgmaker cr eat ed a Target ent r y
cal l ed ci sco. 4. I f t hi s i nt er f ace occupi ed t he second r ow i n
t he i nt er f aces t abl e, t he Target ent r y woul d be cal l ed ci sco. 2.
Her e' s a shor t ened ver si on of our mrtg.cfg f i l e:
WorkDi r: / mrtg/ i mages/

Target[ci sco. 4]: 4: publ i c@ci sco
MaxBytes[ci sco. 4]: 1250000
Ti tl e[ci sco. 4]: ci sco (ci sco): Ethernet0
PageTop[ci sco. 4]: <H1>Traf f i c Anal ysi s f or Ethernet0
</ H1>
<TABLE>
<TR><TD>System: </ TD><TD>ci sco i n Atl anta, Ga</ TD></ TR>
<TR><TD>Mai ntai ner: </ TD><TD></ TD></ TR>
<TR><TD>I nterf ace: </ TD><TD>Ethernet0 (4)</ TD></ TR>
<TR><TD>I P: </ TD><TD>ci sco ( )</ TD></ TR>
<TR><TD>Max Speed: </ TD>
<TD>1250. 0 kBytes/ s (ethernetCsmacd)</ TD></ TR>
</ TABLE>
I t ' s wor t h l ear ni ng a bi t about t he f or mat of t he conf i gur at i on
f i l e. Comment l i nes begi n wi t h #; i n a r eal conf i gur at i on f i l e,
you' l l see many of t hem. Most of t he l i nes i n t he f i l e ar e
ei t her commands or sni ppet s of HTML t hat wi l l be used i n MRTG' s
out put f i l es. MRTG commands t ake t he f or mof command[ key] :
opt i ons. For exampl e, t he command f or t he t hi r d l i ne i s Target,
t he key i s ci sco. 4, and t he opt i ons ar e 4: publ i c@ci sco. The key i s an
i dent i f yi ng st r i ng t hat gr oups ent r i es i n t he conf i gur at i on
f i l e and pr ovi des a base f i l ename f or MRTG t o use when
gener at i ng gr aphs and HTML f i l es. At a compl ex si t e, MRTG mi ght
be used t o moni t or dozens of pi eces of equi pment , wi t h hundr eds
of i nt er f aces; t he key keeps t he conf i gur at i on f i l e i n some

sembl ance of or der . The opt i ons pr ovi de t he act ual par amet er s
t o t he command.
Thi s shoul d hel p you under st and t he conf i gur at i on f i l e. The
f i r st l i ne speci f i es t he wor ki ng di r ect or y i n whi ch MRTG wi l l
pl ace i t s gr aphs and HTML f i l es. Thi s i s a gl obal command, so
no key i s needed. The wor ki ng di r ect or y i s t ypi cal l y somewher e
under a web ser ver t r ee, so t hat MRTG' s r epor t s can be vi si bl e
f r oma web br owser . We' ve set our s t o / mrtg/ i mages/ . The t hi r d
l i ne ( Target) t el l s MRTG whi ch devi ce i t shoul d pol l . The f or mat
f or t hi s opt i on i s i nt er f ace: communi t y_st r i ng@devi ce, or i n our
case 4: publ i c@ci sco. The devi ce i s speci f i ed by i t s host name or I P
addr ess; we al r eady know about communi t y st r i ngs. Si nce MRTG i s
onl y a dat a- col l ect i on t ool , t he r eadonl y communi t y st r i ng
wi l l suf f i ce. I nterf ace speci f i es whi ch i nt er f ace on t he devi ce
t o pol l , accor di ng t o t he devi ce' s i f Tabl e. I n t hi s case, we' r e
pol l i ng i nt er f ace 4 i n t he i f Tabl e.
The MaxBytes l i ne set s up t he maxi mumval ue f or t he par amet er s
MRTG i s goi ng t o r ead f r omt hi s i nt er f ace. By def aul t , MRTG
r eads i f I nOct et s and i f Out Oct et s. I t t r i es t o pi ck a r easonabl e
maxi mumval ue dependi ng on t he i nt er f ace' s t ype, whi ch i t
shoul d be abl e t o r ead f r omt he devi ce i t sel f . Si nce t hi s i s an
Et her net i nt er f ace, MRTG set s MaxBytes t o 1250000. The Ti tl e
speci f i es t he t i t l e f or t he HTML page gener at ed f or t he gr aph.
Fi nal l y, PageTop and t he f ol l owi ng l i nes t el l MRTG what ki nd of
i nf or mat i on t o pl ace at t he t op of t he HTML page cont ai ni ng t he
usage gr aphs. The command cont ai ns act ual HTML code, whi ch was
gener at ed by cfgmaker.
Al t oget her , t hi s ent r y t el l s MRTG t o pol l f or t he def aul t
obj ect s ( i f I nOct et s and i f Out Oct et s) on ent r y 4 i n t he
i nt er f ace t abl e f or t he devi ce ci sco. Ther ef or e, MRTG wi l l
i ssue get commands f or t he OI Ds . 1. 3. 6. 1. 2. 1. 2. 2. 1. 10. 4
( i so. or g. dod. i nt er net . mgmt . mi b-
2. i nt er f aces. i f Tabl e. i f Ent r y. i f I nOct et s. 4 ) and
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 16. 4 ( i so. or g. dod. i nt er net . mgmt . mi b-
2. i nt er f aces. i f Tabl e. i f Ent r y. i f Out Oct et s. 4 ) . By def aul t , MRTG
wi l l gener at e t he f ol l owi ng gr aphs:
Daily graph with 5-minute averages
Weekly graph with 30-minute averages
Monthly graph with 2-hour averages
Yearly graph with 1-day averages
Once you' ve f i ni shed, t r y r unni ng MRTG by hand t o see i f t her e
ar e any pr obl ems wi t h t he conf i gur at i on scr i pt :
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>mrt g / mrt g/ run/ mrt g. cf g
I f MRTG has no pr obl ems wi t h your conf i gur at i on f i l e, i t wi l l
r un wi t h no conf i gur at i on- f i l e er r or s. I f i t does have
pr obl ems, i t wi l l gi ve you a f ai r l y ver bose descr i pt i on of t he

pr obl em. The f i r st t i me you r un MRTG, i t wi l l compl ai n about
not bei ng abl e t o f i nd any l og f i l es. I f you r un MRTG t hr ee
t i mes you' l l see messages si mi l ar t o t hese:
Rateup WARNI NG: / mrtg/ run/ / rateup coul d not read the pri mary l og f i l e f or ci sco. 4
Rateup WARNI NG: / mrtg/ run/ / rateup The backup l og f i l e f or ci sco. 4 was i nval i d as
wel l
Rateup WARNI NG: / mrtg/ run/ / rateup Can' t remove ci sco. 4. ol d updati ng l og f i l e
Rateup WARNI NG: / mrtg/ run/ / rateup Can' t rename ci sco. 4. l og to ci sco. 4. ol d
updati ng l og f i l e

Rateup WARNI NG: / mrtg/ run/ / rateup Can' t remove ci sco. 4. ol d updati ng l og f i l e

[root][l i nuxserver] ~/ mrtg- 2. 9. 10>
As you can see, t he f i r st t i me we r an t he pr ogr ami t spat out
some er r or s. The second r un pr oduced onl y one er r or , and t he
l ast t i me i t r an wi t h no er r or s. These er r or s ar e nor mal when
you r un MRTG f or t he f i r st t i me; don' t wor r y about t hem.
The next st ep i s t o make sur e MRTG r uns ever y f i ve mi nut es.
Ther e' s no need f or MRTG t o be r un by r oot ; any user wi l l do.
Add a l i ne l i ke t he f ol l owi ng t o t he crontab ent r y f or t he
appr opr i at e user :
*/ 5 * * * * / usr/ l ocal / mrtg- 2/ bi n/ mrtg / mrtg/ run/ mrtg. cf g
Thi s r uns MRTG ever y f i ve mi nut es of ever y day. Not e t hat t he
*/ 5 not at i on i s Li nux- speci f i c; on ot her Uni x syst ems you' l l
have t o speci f y t he t i mes expl i ci t l y ( 0, 5, 10, 15, 20, 25, 30, 35, 40, 45, 50, 55) .
I f your net wor k i s f ai r l y l ar ge, you mi ght r un i nt o pr obl ems i f
MRTG does not f i ni sh al l i t s pol l i ng dut i es bef or e t he next
pol l i ng cycl e st ar t s. I f t hi s i s t he case, set t i ng a f i ve-
mi nut e pol l i nt er val may not be a good i dea. You may have t o
exper i ment t o det er mi ne a good i nt er val f or your envi r onment .
13. 2 Vi ewi ng Graphs
Once you' ve gener at ed some gr aphs, you wi l l want t o l ook at
t hemt o see t he r esul t s. To make i t easi er t o vi ew t he gr aphs,
MRTG comes wi t h an indexmaker scr i pt t hat gener at es HTML i ndex
pages. Her e' s how t o r un indexmaker f or a t ypi cal set of
gr aphs:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>i ndexmaker - - t i t l e "Ci sco t o I nt ernet "
- - f i l t er name=~' ci sco' - - out put / mrt g/ i mages/ ci sco. ht ml / mrt g/ run/ mrt g. cf g
Thi s command cr eat es one i ndex page wi t h t he f i ve- mi nut e
aver age gr aph f or each t ar get you' ve speci f i ed i n your mrtg.cfg
f i l e. Keep i n mi nd t hat t he t ar get i s t he i nt er f ace f r omwhi ch
you' r e gat her i ng dat a. I f you have f our t ar get s f or your
r out er , t her e wi l l be f our gr aphs i n t he i ndex f i l e, al l
poi nt i ng t o t he dai l y, weekl y, mont hl y, and year l y summar y
gr aphs f or t hat t ar get . The - -title opt i on t el l s indexmaker

what t i t l e t o use f or t he i ndex f i l e. - -filter name=~cisco
al l ows you t o sel ect some of t he t ar get s i n t he mrtg.cfg f i l e
by usi ng a r egul ar expr essi on: we t ol d indexmaker t o f i nd al l
t ar get s t hat i ncl ude t he st r i ng ci sco. The - -output opt i on i s
t he name of t he i ndex f i l e. The f i nal ar gument on t he command
l i ne i s t he f ul l pat h t o t he conf i gur at i on f i l e. Tabl e 13- 1
gi ves a synopsi s of t hese opt i ons as wel l as some ot her usef ul
opt i ons t o indexmaker.
Tabl e 13- 1. Command- Li ne Opt i ons t o i ndexmaker
Option Description
--title Speci f y a t i t l e f or t he HTML page.
--
filter
Speci f y t he r egul ar expr essi on t hat wi l l be used t o
f i nd a speci f i c t ar get f r omt he mrtg.cfg f i l e. These
mat ched t ar get s ar e used t o cr eat e t he HTML r epor t
f i l es.
--
output
I ndi cat e t he f ul l pat hname f or t he HTML f i l e t hat i s t o
be gener at ed. The def aul t i s st andar d out put .
--sort Sor t how t he gr aphs show up on t he i ndex page.
--
columns
Ar r ange t he gr aphs on t he i ndex page by x col umns. The
def aul t i s 2.
--width
Set t he wi dt h of t he gr aphs. Thi s i s not set by
def aul t .
--
height
Set t he hei ght of t he gr aphs. Thi s i s not set by
def aul t .
--show
Pi ck whi ch gr aph t o show on t he i ndex page. The def aul t
i s day. Ot her opt i ons i ncl ude week, month, year, and none.
To di spl ay t he ent i r e l i st of opt i ons t o indexmaker, r un t he
command wi t hout any opt i ons. Fi gur e 13- 1 shows how t he
cisco.html f i l e gener at ed by indexmaker l ooks when i t ' s l oaded
i nt o a web br owser .
Fi gure 13- 1. Ci sco graph overvi ew

Ther e ar e f our gr aphs on t he page, one f or each of t he
oper at i onal i nt er f aces ( i nt er f aces t hat wer e up and r unni ng
when we r an cfgmaker) on our r out er . Thi s page i ncl udes l i nks
t o ot her pages t hat have mor e det ai l ed i nf or mat i on about
i ndi vi dual i nt er f aces; Fi gur e 13- 2 shows t he dai l y, weekl y,
mont hl y, and year l y t r af f i c gr aphs f or t he Et her net 0 i nt er f ace.
Fi gure 13- 2. Dai l y, weekl y, mont hl y, and yearl y graphs f or Et herenet 0

The dai l y gr aph ( whi ch act ual l y r epr esent s a 32- hour per i od) i s
t he one t hat most peopl e ar e i nt er est ed i n vi ewi ng. I t shows
t he f i ve- mi nut e aver age of t he t r af f i c on t hi s par t i cul ar
i nt er f ace. I ncomi ng t r af f i c ( i f I nOct et s) i s r epr esent ed by a
gr een l i ne; out goi ng t r af f i c ( I f Out Oct et s) i s r epr esent ed by a
bl ue l i ne. I f we had cl i cked on one of t he ot her i nt er f aces on
t he Ci sco i ndex page ( Fi gur e 13- 1) , we woul d have seen a
si mi l ar gr aph.
That ' s al l t her e i s t o vi ewi ng t he gr aphs. MRTG st or es t he r aw
dat a i t col l ect s i n f l at - t ext - f i l e f or mat but , due t o i t s
i nt el l i gent l og r ol l i ng capabi l i t i es, t he l og f i l es don' t gr ow
out of cont r ol ; t hei r si zes r emai n qui t e manageabl e even i f you
use MRTG ext ensi vel y.
13. 3 Graphi ng Ot her Obj ect s
MRTG pol l s and gr aphs t he MI B var i abl es i f I nOct et s and
i f Out Oct et s by def aul t , but i t i s possi bl e t o pol l and gr aph
t he val ues of ot her obj ect s, i n addi t i on t o pol l i ng di f f er ent
ki nds of devi ces. Let ' s f i r st get MRTG col l ect i ng i nput and
out put oct et s f r oma ser ver . To do t hi s, r un t he f ol l owi ng
command:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>cf gmaker publ i c@l i nuxserver >>
/ mrt g2/ run/ mrt g. cf g
Thi s i s al most i dent i cal t o t he command we r an ear l i er i n t he
chapt er , except f or t he communi t y st r i ng and t ar get
[ 1]

( publ i c@l i nuxser ver ) . We appended t he out put t o t he mrtg.cfg
f i l e, as opposed t o speci f yi ng an out put f i l e wi t h t he - -
output opt i on; t hi s l et s us add a new host t o t he exi st i ng
conf i gur at i on f i l e, r at her t han st ar t i ng a new f i l e. Because
t he exi st i ng f i l e al r eady speci f i es a wor ki ng di r ect or y, we
al so omi t t ed t he wor ki ng di r ect or y opt i on ( - -global 'WorkDir:
.. ' ) . Thi s cfgmaker command adds a number of l i nes l i ke t he
f ol l owi ng t o t he conf i gur at i on f i l e:
[1]
Make sure that your target i s runni ng an SNMP agent. See
Chapter 7 f or a di scussi on of howto conf i gure several SNMP
agents f or Uni x and Wi ndows NT.
Target[l i nuxserver]: 2: publ i c@l ocal host
MaxBytes[l i nuxserver]: 1250000
Ti tl e[l i nuxserver]: l i nuxserver(l i nuxserver): eth0
PageTop[l i nuxserver]: <H1>Traf f i c Anal ysi s f or eth0
</ H1>
<TABLE>
<TR><TD>System: </ TD><TD>l i nuxserver</ TD></ TR>
<TR><TD>I nterf ace: </ TD><TD>eth0 (2)</ TD></ TR>
<TR><TD>I P: </ TD><TD>l i nuxserver( )</ TD></ TR>
<TR><TD>Max Speed: </ TD>
<TD>1250. 0 kBytes/ s (ethernetCsmacd)</ TD></ TR>
</ TABLE>

These l i nes t el l MRTG how t o pol l t he ser ver ' s Et her net
i nt er f ace. The key used f or t hi s i nt er f ace i s l i nuxserver, and t he
t ar get number i s 2. Why 2? Remember t hat cfgmaker wal ks t he
i nt er f ace t abl e t o det er mi ne what ent r i es t o add t o t he
conf i gur at i on f i l e. Ther ef or e, you' l l see a set of l i nes l i ke
t hi s f or each i nt er f ace on t he devi ce, i ncl udi ng t he l oopback
i nt er f ace. The t ar get number s ar e act ual l y i ndexes i nt o t he
i nt er f ace t abl e; on t hi s ser ver , t he l oopback i nt er f ace has t he
i ndex 1.
Now l et ' s cr eat e an ent r y t o gr aph t he number of user s l ogged
ont o t he ser ver and t he t ot al number of pr ocesses r unni ng. MRTG
i s capabl e of gr aphi ng t hese par amet er s, but you have t o
speci f y expl i ci t l y whi ch MI B var i abl es t o gr aph. Fur t her mor e,
you have t o speci f y t wo var i abl es - - MRTG won' t gr aph j ust one.
( Thi s i s a r at her st r ange l i mi t at i on, but at l east i t ' s
consi st ent : r emember t hat t he def aul t gr aphs show bot h i nput
and out put oct et s. )
Fi r st , l et ' s l ook at t he MI B var i abl es we pl an t o gr aph. The
t wo var i abl es, hr Syst emNumUser s and hr Syst emPr ocesses, ar e
def i ned as OI Ds 1. 3. 6. 1. 2. 1. 25. 1. 5. 6. 0 and
1. 3. 6. 1. 2. 1. 25. 1. 6. 0, r espect i vel y. The . 0 at t he end of each
OI D i ndi cat es t hat t hese t wo obj ect s ar e bot h scal ar var i abl es,
not par t of a t abl e. Bot h come f r omt he Host Resour ces MI B ( RFC
2790) , whi ch def i nes a set of managed obj ect s f or syst em
admi ni st r at i on. ( Some agent s t hat r un on ser ver syst ems
i mpl ement t hi s MI B but , unf or t unat el y, t he Mi cr osof t and
Sol ar i s agent s do not . ) The def i ni t i ons f or t hese obj ect s ar e:
hrSystemNumUsers OBJ ECT- TYPE
SYNTAX Gauge
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The number of user sessi ons f or whi ch thi s host i s stori ng state
i nf ormati on. A sessi on i s a col l ecti on of processes requi ri ng a
si ngl e act of user authenti cati on and possi bl y subj ect to col l ecti ve
j ob control . "
: : ={ hrSystem5 }

hrSystemProcesses OBJ ECT- TYPE
SYNTAX Gauge
ACCESS readonl y
STATUS mandatory
DESCRI PTI ON
"The number of process contexts currentl y l oaded or runni ng on
thi s system. "
: : ={ hrSystem6 }
The ent r y we added t o our conf i gur at i on f i l e l ooks l i ke t hi s:
Target[l i nuxserver. users]: 1. 3. 6. 1. 2. 1. 25. 1. 5. 0&1. 3. 6. 1. 2. 1. 25. 1. 6. 0: publ i c@l i nuxserver
MaxBytes[l i nuxserver. users]: 512
Opt i ons[ l i nuxserver. users] : gauge

Ti tl e[l i nuxserver. users]: l i nuxserver (l i nuxserver): Number of users and processes
YLegend[ l i nuxserver. users] : Users/ Processes
LegendI [ l i nuxserver. users] : Users:
LegendO[ l i nuxserver. users] : Processes:
PageTop[l i nuxserver. users]: <H1>Number of users and processes</ H1>
<TABLE>
<TR><TD>System: </ TD><TD>l i nuxserver<TD></ TR>
</ TABLE>
We' ve hi ghl i ght ed t he changes and addi t i ons t o t he
conf i gur at i on f i l e i n bol d. The f i r st l i ne speci f i es t he devi ce
we want MRTG t o pol l , al ong wi t h t he t wo OI Ds ( hr Syst emNumUser s
and hr Syst emPr ocessess) we want t o gr aph. Thi s st at ement i s
obvi ousl y mor e compl ex t han t he Target st at ement we l ooked at
ear l i er ; i t s synt ax i s OI D1&OI D2: communi t y_st r i ng@devi ce. The
OI Ds must be separ at ed by an amper sand char act er ( &) . Usi ng
t hi s synt ax, you can convi nce MRTG t o gr aph any t wo scal ar -
val ued MI B var i abl es.
I n t he next l i ne, we set MaxBytes t o 512. Thi s i s t he maxi mum
val ue f or t he gr aph; val ues gr eat er t han 512 ar e set t o 512.
( For get about byt es; MaxBytes si mpl y def i nes a maxi mumval ue. )
For t he number of user s l ogged i n, t hi s i s a hi gh number ; t her e
shoul d never be t hi s many peopl e l ogged ont o our syst emat
once. The same goes f or t he t ot al number of pr ocesses r unni ng
on t he syst em. You can choose val ues t hat make sense f or your
par t i cul ar envi r onment . I f you need separ at e maxi mumval ues f or
each obj ect , r epl ace MaxBytes wi t h t wo l i nes set t i ng MaxBytes1 and
MaxBytes2.
The Opti ons command i s a new one; i t al l ows you t o change how
MRTG t r eat s t he dat a i t gat her s. The onl y opt i on we have
speci f i ed i s gauge. Thi s i nst r uct s MRTG t o t r eat t he gat her ed
dat a as Gauge dat a, not Counter dat a. Recal l t hat Counter dat a i s
monot oni cal l y i ncr easi ng, whi l e Gauge dat a i s not . Si nce t he MI B
def i ni t i ons f or bot h obj ect s speci f y t he Gauge dat at ype, t hi s
opt i on makes sense.
The YLegend, LegendI , and LegendO opt i ons ar e al so new. YLegend si mpl y
changes t he l abel t hat i s pl aced on t he Y- axi s of t he gr aph
i t sel f . Si nce we' r e gr aphi ng t he number of user s and pr ocesses,
we set t he l egend t o Users/ Processes. I t ' s i mpor t ant f or t he l egend
t o be shor t ; i f i t ' s t oo l ong, MRTG si l ent l y i gnor es i t and
doesn' t pr i nt anyt hi ng f or t he l abel . LegendI changes t he l egend
used bel ow t he gr aph f or t he so- cal l ed " i nput var i abl e" ( i n
t hi s case t he number of user s l ogged i nt o t he syst em- -
r emember t hat MRTG expect s t o be gr aphi ng i nput and out put
oct et s) . LegendO changes t he l egend f or t he " out put var i abl e"
( t he t ot al number of pr ocesses r unni ng on t he syst em) . The
t er mi nol ogy i s unf or t unat e; j ust r emember t hat MRTG al ways
gr aphs a pai r of obj ect s and t hat t he i nput l egend al ways

r ef er s t o t he f i r st obj ect , whi l e t he out put l egend r ef er s t o
t he second.
Once you have added t hi s ent r y t o your conf i gur at i on f i l e and
saved i t , MRTG wi l l st ar t gat her i ng dat a f r omt he devi ce ever y
t i me i t r uns. I f you have added t he appr opr i at e ent r y i n your
crontab f i l e, you' r e al l set . Now we' l l use indexmaker t o
cr eat e i nt ui t i ve i ndex f i l es f or t he ser ver gr aphs, j ust as we
di d f or t he r out er gr aphs. The command t o cr eat e a new i ndex
f i l e i s si mi l ar t o t he one we used t o cr eat e t he Ci sco i ndex
f i l e:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10> i ndexmaker - - t i t l e "Li nux Server"
- - f i l t er name=~' l i nuxserver' - - out put / mrt g/ i mages/ l i nux. ht ml / mrt g/ run/ mrt g. cf g
Fi gur e 13- 3 shows t he i ndex page f or t he ser ver gr aphs. I t
cont ai ns onl y t wo gr aphs: one shows t r af f i c on t he Et her net
i nt er f ace and t he ot her shows t he number of r unni ng pr ocesses
ver sus t he number of user s l ogged ont o t he syst em.
Fi gure 13- 3. Li nux Server overvi ewgraphs

Fi gur e 13- 4 shows t he dai l y, weekl y, mont hl y, and year l y gr aphs
f or t he number of user s and pr ocesses l ogged i nt o t he syst em.
Fi gure 13- 4. Dai l y, mont hl y, weekl y, and yearl y graphs f or number of users and processes

13. 4 Ot her Dat a- Gat heri ng Appl i cat i ons
What i f you need t o moni t or devi ces on your net wor k t hat don' t
suppor t SNMP? MRTG i s up t o t he t ask. For exampl e, you may have
a Per l scr i pt t hat gat her s usage st at i st i cs f r omsome devi ce
t hat doesn' t suppor t SNMP. How can you col l ect and gr aph t hi s
dat a? Let ' s make t hi s mor e concr et e. Assume t hat you have t he
f ol l owi ng scr i pt , /usr/local/scripts/hostinfo.pl, whi ch r epor t s
t he number of user s and t he number of pr ocesses on t he syst em:
#!/ usr/ bi n/ perl

$who ="/ usr/ bi n/ who | wc - l ";
$ps ="/ bi n/ ps - ef | wc - l ";

chomp($numUsers =i nt(`$who`));
#We subtract two because ps generates a header and the ps process
#i s counted as runni ng.
chomp($numProcesses =i nt(`$ps`) - 2);
pri nt "$numUsersn";
pri nt "$numProcessesn";

#
#The f ol l owi ng code pri nts the systemupti me and the hostname. These two
#i tems need to be i ncl uded i n every scri pt that you wri te and shoul d be the
#very l ast thi ng that i s pri nted.
#
chomp($upti me =`/ usr/ bi n/ upti me`);
pri nt "$upti men";

chomp($hostname =`/ bi n/ hostname`);
pri nt "$hostnamen";
Thi s scr i pt pr i nt s f our var i abl es: t he number of user s and t he
number of pr ocesses ( t he dat a we want MRTG t o col l ect ) and t he
syst emupt i me and host name ( r equi r ed by MRTG) . To get MRTG t o
r un t hi s scr i pt , we' l l have t o edi t mrtg.cfg by hand. The
modi f i cat i on i s act ual l y si mpl er t han our pr evi ous exampl e.
Her e' s t he new ent r y t o mrtg.cfg, wi t h t he changes shown i n
bol d:
Target[l i nuxserver. users]: `/ usr/ bi n/ perl / usr/ l ocal / bi n/ host i nf o. pl `
MaxBytes[l i nuxserver. users]: 512
Opti ons[l i nuxserver. users]: gauge
Ti tl e[l i nuxserver. users]: l i nuxserver (l i nuxserver): Number of
users and processes
YLegend[l i nuxserver. users]: Users/ Processes
LegendI [l i nuxserver. users]: Users:
LegendO[l i nuxserver. users]: Processes:
PageTop[l i nuxserver. users]: <H1>Number of users and processes
</ H1>
<TABLE>
<TR><TD>System: </ TD><TD>l i nuxserver<TD></ TR>
</ TABLE>
Not e t he addi t i on of `/ usr/ bi n/ perl / usr/ l ocal / bi n/ hosti nf o. pl ` t o t he Target
command. Thi s l i ne t el l s MRTG t o r un t he scr i pt or pr ogr am
bet ween t he backt i cks. The r est shoul d be f ami l i ar . MRTG
i nt er pr et s t he f i r st val ue t hat t he scr i pt pr i nt s ( t he number
of user s) as i t s i nput dat a; t he second val ue ( t he number of
pr ocesses) i s t he out put dat a. When i t gener at es gr aphs, i t
appl i es t he appr opr i at e i nput and out put l egends ( LegendI and
LegendO) .
13. 5 Pi t f al l s
Many SNMP- capabl e devi ces change t he or der of i nt er f aces i n t he
i nt er f aces t abl e whenever a new i nt er f ace car d i s i nser t ed or
an ol d one i s r emoved. I f you r un a f ai r l y st at i c r out er
envi r onment ( i . e. , you har dl y ever add or r emove car ds f r om
your r out er s) , t he conf i gur at i on exampl es we' ve shown shoul d
wor k wel l f or you. But i n t oday' s f ast - paced net wor k
envi r onment s, st abi l i t y i s r ar e. MRTG' s cfgmaker command
pr ovi des a command- l i ne opt i on, - -ifref, t o hel p wi t h t hi s

pr obl em. I t doesn' t sol ve t he pr obl em, but i t does al l ow you t o
gener at e gr aphs i n whi ch i nt er f aces ar e l abel ed wi t h t hei r
addr esses, descr i pt i ons, or names; wi t h t hi s i nf or mat i on, you
don' t have t o r emember whet her i nt er f ace 1 i s your l ocal
net wor k i nt er f ace or your T1 connect i on. Tabl e 13- 2 summar i zes
t he usage of - -ifref.
Tabl e 13- 2. Summary of - - i f ref Opt i ons
Option Description
--ifref=ip I dent i f y each i nt er f ace by i t s I P addr ess.
--ifref=eth
Use t he Et her net addr ess t o i dent i f y t he
i nt er f ace.
--
ifref=descr
Use t he i nt er f ace descr i pt i on t o i dent i f y t he
i nt er f ace.
--ifref=name Use t he i nt er f ace name t o i dent i f y t he i nt er f ace.
Thus, t o l abel i nt er f aces wi t h t hei r I P addr esses, r un cfgmaker
l i ke so:
[root][l i nuxserver] ~/ mrtg- 2. 9. 10>cf gmaker - - gl obal ' WorkDi r: / mrt g/ i mages'
- - out put / mrt g/ run/ mrt g. cf g - - i f ref =i p publ i c@rout er
Be sur e t o r ead t he cfgmaker manual t hat comes wi t h t he MRTG
document at i on.
13. 6 Get t i ng Hel p
The MRTG web si t e, ht t p: / / www. mr t g. or g, of f er s a gr eat deal of
i nf or mat i on and hel p. You can subscr i be t o t he MRTG mai l i ng
l i st f r omt hi s page. MRTG i s al so di scussed f r equent l y i n t he
Usenet newsgr oup comp. dcom. net - management . Fi nal l y, don' t
i gnor e MRTG' s document at i on, whi ch i s l ocat ed i n t he doc
subdi r ect or y of t he MRTG di st r i but i on. The document at i on i s
i ncl uded i n bot h t ext and HTML f or mand i s f ai r l y compl et e and
compr ehensi ve.

Appendi x A. Usi ng I nput and Output Octets
To be SNMP- compat i bl e, an I P devi ce must suppor t MI B- I I
( i so. or g. dod. i nt er net . mgmt . mi b- 2) obj ect s. MI B- I I cont ai ns t he
i nt er f aces t abl e ( mi b- 2. i nt er f aces. i f Tabl e. i f Ent r y) , whi ch i s
one of t he most usef ul obj ect s f or net wor k moni t or i ng. Thi s
t abl e cont ai ns i nf or mat i on about t he syst em' s net wor k
i nt er f aces. Some of i t s obj ect s ar e:
ifDescr
A user-provided description of the interface
ifType

The interface's type (token ring, Ethernet, etc.)
ifOperStatus
Whether the interface is up, down, or in some kind of test
mode
ifMtu
The size of the largest packet that can be sent over the
interface
ifSpeed
The maximum bandwidth of the interface
ifPhysAddress
The low-level (hardware) address of the interface
ifInOctets
The number of octets received by the interface
ifOutOctets
The number of octets sent by the interface
We expl or ed var i ous par t s of t hi s t abl e i n ot her chapt er s, but
avoi ded sayi ng t oo much about i f I nOct et s and i f Out Oct et s. RFC
1213 st at es t hat i f Out Oct et s and i f I nOct et s ar e t he t ot al
number of oct et s sent and r ecei ved on an i nt er f ace, i ncl udi ng
f r ami ng char act er s.
I n many envi r onment s, t hi s i nf or mat i on i s cr uci al . Compani es
such as I nt er net ser vi ce pr ovi der s ( I SPs) make t hei r
l i vel i hoods by pr ovi di ng usabl e bandwi dt h t o t hei r cust omer s,
and t hus spend huge amount s of t i me and money moni t or i ng and
measur i ng t hei r i nt er f aces, ci r cui t s, et c. When t hese pi pes
f i l l up or get cl ogged, cust omer s get upset . So t he bi g
quest i on i s, how can you moni t or bandwi dt h ef f ect i vel y? Bei ng
abl e t o answer t hi s quest i on i s of t en a l i f e and deat h i ssue.
The i nf or mat i on you need t o answer t hi s quest i on comes i n a f ew
par t s. Fi r st , you must know what t ype of l i ne you ar e t r yi ng t o
moni t or . Wi t hout t hi s i nf or mat i on, t he number s don' t mean much.
Then you must f i nd t he l i ne' s maxi mumspeed and det er mi ne
whet her i t i s used i n f ul l - or hal f - dupl ex mode. I n most cases,
you can f i nd bot h of t hese pi eces of i nf or mat i on usi ng SNMP.
The i f Speed obj ect def i ned i n MI B- I I ' s i nt er f aces t abl e
pr ovi des " an est i mat e of t he i nt er f ace' s cur r ent bandwi dt h i n
bi t s per second. " You can pol l t hi s obj ect t o f i nd t he l i ne' s
maxi mumspeed, or at l east what t he agent t hi nks t he l i ne' s
maxi mumspeed shoul d be. Not e, t hough, t hat you must wat ch f or
some pi t f al l s. For exampl e, Ci sco r out er s have def aul t maxi mum
bandwi dt hs f or var i ous t ypes of l i nks, but t hese def aul t s may
not have much t o do wi t h r eal i t y: f or i nst ance, t he def aul t
bandwi dt h f or a ser i al l i ne i s 1. 544 Mbps, r egar dl ess of t he
act ual l i ne speed. To get meani ngf ul dat a, you must conf i gur e
t he r out er t o r epor t t he maxi mumbandwi dt h cor r ect l y.
( Somet i mes, net wor k admi ni st r at or s i nt ent i onal l y set t he

i nt er f ace bandwi dt h t o an i ncor r ect number t o nudge r out i ng
pat hs a di f f er ent way. I f t hi s i s t he case, you' r e goi ng t o
have t r oubl e get t i ng meani ngf ul dat a out of SNMP. )
I t ' s easi er t o get r el i abl e i nf or mat i on about t he l i ne' s dupl ex
mode. Ser i al l i nes oper at e i n f ul l - dupl ex mode. Thi s means t hey
can send and r ecei ve i nf or mat i on at t he same t i me ( e. g. , a 56
Kbps ser i al l i ne can upl oad and downl oad at 56 Kbps
si mul t aneousl y, f or a t ot al of 112 Kbps) . Ot her t ypes of l i nes,
such as 10BaseT Et her net , can handl e onl y hal f dupl ex. I n a
t ypi cal 10BaseT envi r onment , t he di st i nct i on bet ween upl oadi ng
and downl oadi ng dat a i s meani ngl ess; t ot al bandwi dt h t hr ough
t he l i ne i s l i mi t ed t o 10 Mbps of i nput and out put combi ned.
Some devi ces have 10/ 100 car ds i n t hem, whi ch makes
i dent i f i cat i on even har der .
Many vendor s have pr i vat e MI Bs t hat r et ur n t he dupl ex st at e.
For exampl e, t he f ol l owi ng Ci sco obj ect r et ur ns t he dupl ex
st at e f or an i nt er f ace on t he model 2900 swi t ch:
i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. ci sco. ci scoMgmt . ci scoC
2900MI B
. c2900MI BObj ect s. c2900Por t . c2900Por t Tabl e. c2900Por t Ent r y. c2900P
or t Dupl exSt at us.
The t abl e t o whi ch t hi s obj ect bel ongs al so cont ai ns an obj ect
t hat can be used t o swi t ch an i nt er f ace' s dupl ex st at e. Thi s
obj ect i s usef ul i f you have a devi ce t hat i s i ncor r ect l y
negot i at i ng hal f dupl ex i nst ead of f ul l dupl ex; you can use i t
t o f or ce t he por t i nt o t he cor r ect dupl ex st at e.
Once you f i nd t he l i ne' s maxi mumspeed and dupl ex mode, you can
cal cul at e i t s ut i l i zat i on per cent age. Many NMS pr oduct s l et you
cr eat e expr essi ons, whi ch ar e named f or mul as t hat use MI B
obj ect s as var i abl es. OpenVi ew al l ows you t o def i ne expr essi ons
i n t he f i l e $OV_CONF/mibExpr.conf. The synt ax used i n t hi s f i l e
i s compl i cat ed. Expr essi ons ar e wr i t t en i n post f i x not at i on.
[ A]

The f i l e cont ai ns some ent r i es by def aul t ; t hese expr essi ons
ar e of t en usef ul , and may not need any t weaki ng
[ A]
t o wor k f or
your envi r onment . Her e i s t he def aul t def i ni t i on of t he
expr essi on I f %uti l :
[A]
Al so ref erred to as "reverse Pol i sh notati on. " I nstead of
wri ti ng "1 +2", you woul d wri te "1 2 +".
[A]
The recommended way to modi f y $OV_CONF/ mi bExpr. conf i s to use
xnmcol l ectwi th the - del Expr or - l oadExpr swi tch.
I f %uti l
"Percent of avai l abl e bandwi dth uti l i zed on an i nterf acen
Computed by: n
(Recei ved byte rate +transmi tted byte rate) * 8n
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - n
i nterf ace l i nk speedn
then converted to a percentage. "

. 1. 3. 6. 1. 2. 1. 2. 2. 1. 10.
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 16.
+
8
*
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 5.
/
100
*
Thi s expr essi on i s br oken up i nt o t hr ee par t s: an expr essi on
name, comment s, and t he expr essi on i t sel f . We wi l l use t he
expr essi on name wi t hi n xnmgraph f or our dat a- col l ect i on
def i ni t i ons. The comment s wi l l hel p us under st and what t hi s
expr essi on r eal l y does. The synt ax of t he expr essi on i s def i ned
i n t he mi bExpr . conf ( 4) manpage. I n shor t , i t adds t he val ues
of t wo MI B obj ect s ( i f I nOct et s and i f Out Oct et s) , mul t i pl i es by
8 t o get t he number of bi t s t r avel i ng t hr ough t he i nt er f ace,
di vi des by t he i nt er f ace speed ( i f Speed ) , and conver t s t he
r esul t t o a per cent age. As you can see her e, you can br eak
expr essi ons i nt o sever al l i nes by usi ng t he f ami l i ar Uni x
backsl ash- escape at t he end of each l i ne.
Once we have def i ned I f %uti l , we can use i t t o pl ot ut i l i zat i on
wi t h xnmgraph:
$ / opt / OV/ bi n/ xnmgraph - monochrome - c publ i c - pol l 5 - t i t l e I f ut i l _Formul a - mi b
I f %ut i l : Ci scoRout er1a: : : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : " Ci scoRout er14a
Thi s di spl ays a gr aph of t he per cent ut i l i zat i on f or ever y
i nt er f ace on t he devi ce Ci scoRout er 14a. Not e t hat you can use
an expr essi on name as t he f i r st of t he col on- separ at ed
ar gument s i n t he xnmgraph command.
Bef or e you st ar t usi ng I f %uti l t o measur e your ent i r e
or gani zat i on, not i ce t hat t hi s expr essi on measur es onl y hal f -
dupl ex l i nes - - t hat i s, i t compar es t he sumof t he i nput and
out put oct et s t o t he l i ne' s capaci t y. Any f ul l - dupl ex l i ne
gr aphed wi t h t hi s cal cul at i on wi l l l ook wr ong. To pr ove t hi s
poi nt , consi der a f ul l - dupl ex ser i al l i ne wi t h a maxi mumspeed
of 500 Kbps i n each di r ect i on t hat i s cur r ent l y sendi ng 125
Kbps and r ecei vi ng 125 Kbps. The f or mul a f or I f %uti l gi ves us a
ut i l i zat i on of 50%, whi ch i s i ncor r ect : t he l i ne i s r eal l y at
25%of capaci t y. For a f ul l - dupl ex l i ne, i t makes mor e sense t o
make separ at e comput at i ons f or i ncomi ng and out goi ng dat a. Thi s
gi ves you a bet t er r epr esent at i on of what your net wor k i s
doi ng, si nce i n f ul l - dupl ex mode t he i ncomi ng dat a r at e i sn' t
af f ect ed by t he out goi ng dat a. Her e ar e r evi sed expr essi ons f or
send ut i l i zat i on ( WANI F%SendUti l ) and r ecei ve ut i l i zat i on
( WANI F%RecvUti l ) :
WANI f %SendUti l
"%i nterf ace uti l i zati on f rom(i f OutOctets * 8 * 100) / i f Speed"
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 16.
8
*

100
*
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 5.
/

WANI f %RecvUti l
"%i nterf ace uti l i zati on f rom(i f I nOctets * 8 * 100) / i f Speed"
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 10.
8
*
100
*
. 1. 3. 6. 1. 2. 1. 2. 2. 1. 5.
/
Now l et ' s t ake a l ook at some act ual gr aphs. We gr aphed
di f f er ent expr essi ons and MI B obj ect s at t he same t i me f or a
10BaseT ( hal f - dupl ex) Et her net i nt er f ace. We t hen cr eat ed some
t r af f i c on t he i nt er f ace and capt ur ed t he r esul t s. Her e i s t he
scr i pt t hat gener at es t he gr aphs:
/ opt/ OV/ bi n/ xnmgraph - monochrome - c publ i c - pol l 5 - ti tl e
Ci sco_Pri vate_Local _Mi b - mi b
". 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 6: Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : ,
. 1. 3. 6. 1. 4. 1. 9. 2. 2. 1. 1. 8: Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : "
Ci scoRouter1a &

/ opt/ OV/ bi n/ xnmgraph - monochrome - c publ i c - pol l 5 - ti tl e I f uti l _Formul a
- mi b "I f %uti l : Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : " Ci scoRouter1a &

WANI f RecvUti l _Formul a - mi b
"WANI f %RecvUti l : Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : " Ci scoRouter1a &

WANI f SendUti l _Formul a - mi b
"WANI f %SendUti l : Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : " Ci scoRouter1a &

/ opt/ OV/ bi n/ xnmgraph - monochrome - c publ i c - pol l 5 - ti tl e i f I nOctets - mi b
". 1. 3. 6. 1. 2. 1. 2. 2. 1. 10: Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : "
Ci scoRouter1a &

/ opt/ OV/ bi n/ xnmgraph - monochrome - c publ i c - pol l 5 - ti tl e i f OutOctets - mi b
". 1. 3. 6. 1. 2. 1. 2. 2. 1. 16: Ci scoRouter1a: 4: : : . 1. 3. 6. 1. 2. 1. 2. 2. 1. 2: : : "
Ci scoRouter1a &
Fi gur e A- 1 shows t he MI B obj ect s
. i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. ci sco. l ocal . l i nt er f ac
es. l i f Tabl e. l i f Ent r y. l ocI f I nBi t sSec and
. i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses. ci sco. l ocal . l i nt er f ac
es. l i f Tabl e. l i f Ent r y. l ocI f Out Bi t sSec. These ar e pr i vat e Ci sco
MI B obj ect s t hat r epor t t he dat a r at e i n and out of an
i nt er f ace, i n bi t s per second.
Fi gure A- 1. Graph of Ci sco pri vat e MI B obj ect s

The next gr aph, shown i n Fi gur e A- 2, shows t he expr essi on
I f %uti l . I t ' s sur pr i si ngl y di f f er ent . The di f f er ence ar i ses
because Ci sco uses a f i ve- mi nut e decayi ng aver age f or t hese t wo
obj ect s. Thi s can be bot h good and bad. The decayi ng aver age
can pr event you f r omseei ng l ocal peaks and val l eys i n usage.
I n t hi s exampl e, we see t wo usage peaks, whi ch t he decayi ng
aver age smear s over a l onger per i od of t i me. When usi ng
vendor s' pr i vat e MI Bs, be sur e t o f i nd out how t hey cal cul at e
t hei r number s.
Fi gure A- 2. Graph of I f %ut i l

Fi gure A- 3. Graph of WANI f %RecvUt i l

Fi gur es A- 3 and A- 4 show t he WANI f %RecvUti l and WANI f %SendUti l
expr essi ons. Si nce t hi s i s a hal f - dupl ex i nt er f ace we don' t
need t o l ook at each di r ect i on ( i n and out ) separ at el y, but i t
may hel p t o ver i f y whet her t he r ecei ve pat h or t he send pat h i s
maxed out . Compar i ng Fi gur e A- 3 wi t h Fi gur e A- 4 shows t hat we
ar e sendi ng a bi t mor e t r af f i c t han we ar e r ecei vi ng.
Fi gure A- 4. Graph of WANI f %SendUt i l

Fi gure A- 5. Graph of i f I nOct et s

The st andar d MI B- I I obj ect s i f I nOct et s and i f Out Oct et s ar e
gr aphed i n Fi gur e A- 5 and Fi gur e A- 6. Remember t hat t hese do
not show bi t s per second. Agai n, t hese gr aphs show t hat we ar e
sendi ng mor e t r af f i c t han we ar e r ecei vi ng. The oct et gr aphs i n
Fi gur es A- 5 and A- 6 show a r eal - t i me pi ct ur e, l i ke t he WAN
expr essi ons but unl i ke Ci sco' s pr i vat e MI B obj ect s.
Fi gure A- 6. Graph of i f Out Oct et s

Tr y t o get a f eel f or what you ar e l ooki ng f or bef or e you st ar t
wr i t i ng expr essi ons. Ar e you t r yi ng t o f i nd someone who i s
f l oodi ng t he net wor k, or j ust l ooki ng f or a weekl y aver age? No
mat t er what you ar e gr aphi ng, be sur e t o r esear ch t he devi ce' s
MI B obj ect s bef or e you st ar t gener at i ng gr aphs t hat may l ook
good but cont ai n meani ngl ess dat a. Recheck t he var i abl es each
t i me you cr eat e new gr aphs.
Keep i n mi nd t hat some devi ces have t he abi l i t y t o swi t ch f r om
f ul l t o hal f dupl ex aut omat i cal l y. You shoul d be awar e of your

i nt er f ace' s sat ur at i on poi nt , whi ch i s t he poi nt at whi ch no
mor e t r af f i c can be sent or r ecei ved. Thi s sat ur at i on poi nt i s
i ndi cat ed i n your gr aphs by a sust ai ned hor i zont al cei l i ng l i ne
and can r eal l y be seen onl y over ext ended per i ods of t i me.
Thus, whi l e t her e ar e some hor i zont al l i nes i n t he gr aphs i n
t hi s appendi x, we ar e obvi ousl y not cl ose t o t he i nt er f ace' s
capaci t y.
I f you pl an t o use gr aphs l i ke t hese, be sur e t o pl an f or t he
aver age and not f or t he except i ons ( peaks) . Al l net wor ks have
t r af f i c spi kes her e and t her e; unl ess you l i ke spendi ng a l ot
mor e on t el ecommuni cat i ons t han you need t o, you shoul d pl an
your net wor k so t hat i t i s gear ed t owar d ser vi ci ng your aver age
day- t o- day act i vi t i es, not t he occasi onal peak.

Appendi x B. More on OpenVi ew' s NNM
By now you shoul d be f ami l i ar wi t h OpenVi ew' s NNM and i t s
suppor t i ng ut i l i t i es. Even t hough many net wor k admi ni st r at or s
can get by wi t h t he basi c OpenVi ew i nf or mat i on pr ovi ded i n t hi s
book, t her e i s much mor e t o l ear n. Conf i gur i ng NNM wi t h your
own cust omt ool s makes usi ng i t t hat much bet t er .
Whi l e we can' t cover al l t he f eat ur es of NNM i n t hi s appendi x,
we' l l di scuss each of t he f ol l owi ng:
Using external data with xnmgraph
Inserting additional menu items into NNM's menu
Creating NNM profiles for different users
Using NNM as a centralized communication device

B. 1 Usi ng Ext ernal Dat a
Chapt er 9 i nt r oduced t he xnmgraph command, but onl y t ouched on
i t s f eat ur es. One par t i cul ar l y usef ul f eat ur e i s t he abi l i t y t o
gr aph dat a f r omext er nal sour ces. To see how you mi ght gr aph
ext er nal dat a, f i r st gener at e a gr aph of any t ype - - one of t he
gr aphs we cr eat ed i n Chapt er 9 wi l l do - - and save t he dat a t o
a f i l e. Then exami ne t he cont ent s of t he f i l e. Each out put f i l e
cont ai ns a shor t t ut or i al showi ng how t o r eshow t he gr aph. Be
sur e t o l ook at $APP_DEFS/Xnmgraph, whi ch cont ai ns xnmgraph' s
def aul t set t i ngs.
Her e' s a t abl e we cr eat ed by hand, copyi ng t he f or mat of a
st andar d xnmgraph dat af i l e. The dat a poi nt s ar e or gani zed i nt o
st r eams. A stream i s a set of dat a t hat wi l l be pl ot t ed as a
si ngl e cur ve on t he gr aph. Al l t he st r eams i n t he f i l e wi l l be
combi ned i nt o a si ngl e gr aph wi t h mul t i pl e cur ves. The StartTi me
i s i gnor ed. The StopTi me pr ovi des t he val ue f or t he X

( hor i zont al ) axi s and t he Val ue pr ovi des t he val ue f or t he Y
( ver t i cal ) axi s:
#/ tmp/ data1
#
#StreamNumber StartTi me StopTi me Val ue
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
#Start of Stream1
#
1 0 04. 28. 2001- 12: 32: 16 7
1 0 04. 28. 2001- 12: 32: 20 3
1 0 04. 28. 2001- 12: 32: 24 23
1 0 04. 28. 2001- 12: 32: 28 4
1 0 04. 28. 2001- 12: 32: 31 7
1 0 04. 28. 2001- 12: 32: 35 12
1 0 04. 28. 2001- 12: 32: 39 1
#
#Start of Stream2
#
2 0 04. 28. 2001- 12: 32: 16 17
2 0 04. 28. 2001- 12: 32: 20 21
2 0 04. 28. 2001- 12: 32: 24 8
2 0 04. 28. 2001- 12: 32: 28 28
2 0 04. 28. 2001- 12: 32: 31 2
2 0 04. 28. 2001- 12: 32: 35 22
2 0 04. 28. 2001- 12: 32: 39 9
The f ol l owi ng xnmgraph command di spl ays our dat af i l e. Not i ce
t hat we use st r eamnumber s, pr eceded by mi nus si gns, i nst ead of
obj ect I Ds. The mi nus si gn i ndi cat es t hat t he st r eamcan t ake
on negat i ve val ues. I f t he st r eamnumber i s pr eceded by a + or
= si gn, xnmgraph wi l l t ake t he absol ut e val ue of al l negat i ve
number s i n t he dat af i l e.
cat / tmp/ data1 | xnmgraph - mi b "- 1: StreamOne: : : : : : : , - 2: StreamTwo: : : : : : : "
Fi gur e B- 1 shows t he r esul t of t hi s command. I f your gr aph
l ooks squi shed, r i ght - cl i ck on i t and t hen l ef t - cl i ck on " Show
Al l . " An opt i on under t he Vi ew menu l et s you gener at e a bl ack-
and- whi t e gr aph, whi ch i s of t en mor e ef f ect i ve i f you have onl y
a smal l number of st r eams.
Fi gure B- 1. Sampl e OpenVi ewgraph

Now t hat we can get dat a i nt o a f or mat t hat xnmgraph can
di spl ay, l et ' s see i f we can gener at e some gr aphs f r omt he
out put of t he Uni x vmstat ut i l i t y. vmstat shoul d be f ami l i ar t o
al l Uni x admi ni st r at or s; i t pr ovi des a l ot of i nf or mat i on about
your memor y syst em, i n a cumber some f or mat . Her e' s t he ki nd of
out put vmstat pr oduces:
procs memory page di sk f aul ts cpu
r b w swap f ree re mf pi po f r de sr s6 s2 s2 sd i n sy cs us sy i d
0 4 0 5431056 33672 1 2371 0 8 8 0 0 0 18 18 2 2161 5583 4490 17 14 69
0 2 0 5430912 33576 1 2499 0 20 20 0 0 0 1 1 0 2997 8374 7030 25 18 58
0 2 0 5431296 33824 0 179 4 0 0 0 0 0 0 0 1 2587 3990 6379 18 8 74
0 0 0 5431240 33792 1 2460 4 8 8 0 0 0 1 1 0 2909 7768 7080 25 18 57
0 3 0 5431216 33768 1 2359 0 12 12 0 0 0 2 2 0 1934 5057 3818 18 13 70
0 0 0 5431288 33824 0 136 0 0 0 0 0 0 0 0 1 1842 2190 3803 13 5 82
0 2 0 5431216 32920 2 1189 0 3196 3176 0 0 0 0 0 4 2734 9980 5642 24 11 65
0 4 0 5431032 32352 8 1571 0 3100 3044 0 0 0 2 2 5 2763 7767 5817 22 15 63
I magi ne t aki ng 10, 000 l i nes of t hi s out put and t r yi ng t o f i gur e
out t he t r ends ( mi n/ avg/ max) i n any gi ven par amet er . I t ' s not
easy. But wi t h some hel p f r oma Per l scr i pt , we can massage
t hi s dat a i nt o an xnmgraph i nput f i l e. Her e i s what our Per l
scr i pt l ooks l i ke:
#Fi l ename: / usr/ l ocal / bi n/ perl _scri pts/ cputi mes

$| ++; #Unbuf f er the output!

open(VMSTAT, "/ bi n/ vmstat 2 | ") | | di e "Can' t Open VMStat";
whi l e($CLI NE=<VMSTAT>)
{
($nul l , $r, $b, $w, $swap, $f ree, $re, $mf , $pi , $po, $f r, $de, $sr, $aa, $dd1,
$dd2, $f 0, $i n, $sy, $cs, $us, $sycpu, $i d) =spl i t(/ s+/ , $CLI NE);

i f (($i d) &&($i d ne "i d"))

{
$DATE =`date +%m. %d. %y- %H: %M: %S`;
chomp $DATE;
pri nt "1 0 $DATE $us n";
pri nt "2 0 $DATE $sycpu n";
pri nt "3 0 $DATE $i d n";
}
sl eep 2;
}
Thi s scr i pt pr i nt s t he cur r ent CPU usage, as a per cent age, i n
t he User ( $us) , Syst em( $sycpu) , and I dl e ( $i de) st at es; st r eam1
i s t he User per cent age, st r eam2 i s t he Syst emper cent age, and
st r eam3 i s t he I dl e per cent age. The f i r st i t emon each l i ne i s
t he st r eamnumber ; not e t hat we can i nt er l eave t he dat a f r om
t he t hr ee st r eams:
[root][nms] / >/ usr/ l ocal / bi n/ perl _scri pt s/ cput i mes
1 0 8. 14. 99- 21: 00: 22 6
2 0 8. 14. 99- 21: 00: 22 3
3 0 8. 14. 99- 21: 00: 22 92
1 0 8. 14. 99- 21: 00: 24 0
2 0 8. 14. 99- 21: 00: 24 0
3 0 8. 14. 99- 21: 00: 24 100
1 0 8. 14. 99- 21: 00: 26 1
2 0 8. 14. 99- 21: 00: 26 0
3 0 8. 14. 99- 21: 00: 26 98
1 0 8. 14. 99- 21: 00: 28 1
2 0 8. 14. 99- 21: 00: 28 0
3 0 8. 14. 99- 21: 00: 28 99
The f ol l owi ng command gener at es a gr aph f r omt he scr i pt ' s
out put :
/ usr/ l ocal / bi n/ perl _scri pts/ cputi mes | xnmgraph - ti tl e "CPU Ti me" - mi b
"+1: User: : : : : : : , +2: System: : : : : : : , +3: I dl e: : : : : : : "
Whi l e t hi s gr aph i s based on l i ve dat a, i t ' s t r i vi al t o save
dat a i n an appr opr i at e f or mat and wr i t e a scr i pt t hat pul l s
hi st or i cal dat a f r omyour l ogs and pl ot s i t wi t h xnmgraph.

B. 2 Addi ng a Menu t o NNM
Once you have a t ool box of scr i pt s, addi ng t hemt o an NNM menu
makes t hemeasi er t o access and execut e. Thi s t r i ck can be
especi al l y usef ul i f you pr ef er t o use NNM' s gr aphi cal
i nt er f ace.
The key t o addi ng cust ommenus i s t he di r ect or y
$OV_REGISTRATION/C. ( $OV_REGISTRATION cont ai ns di r ect or i es f or
al l t he l anguages avai l abl e on your syst em; C i s t he di r ect or y
f or t he def aul t l anguage and i s pr obabl y wher e you shoul d
st ar t . ) The C di r ect or y cont ai ns al l t he f i l es t hat make up t he
menu syst emyou see when you r un NNM. For exampl e, t he f i l e ovw

cont ai ns t he f ami l i ar opt i ons f r omt he mai n wi ndow ( New, Open,
Ref r esh, et c. ) .
Let ' s l ook at t he $OV_REGISTRATION/C/ovsnmp/xnmloadmib f i l e.
I t ' s f ai r l y easy t o see how t o hook an ext er nal command i nt o a
menu. Let ' s j ump r i ght i n and cr eat e a menu t hat i s t wo l evel s
deep wi t h t wo menu choi ces:
Appl i cati on "Graph Menu"
{
Menubar <100>"Local _Graphs" _p
{
<100>"Network" _N f . menu "network_menu";
}

Menu "network_menu"
{
<90>"5 Mi nute CPU" _Mf . acti on "5mi ncpu";
<90>"Bi ts I n and Out For Al l Up I nterf aces"
_B f . acti on "bi t_f or_al l _up";
}

Acti on "5mi ncpu" {
Command "/ opt/ OV/ l ocal / scri pts/ Ci sco_5mi n_cpu
"${OVwSel ecti ons}"";
Mi nSel ected 1;
MaxSel ected 7;
Sel ecti onRul e (i sSNMPSupported | | i sSNMPProxi ed) ;
}

Acti on "bi t_f or_al l _up" {
Command "/ opt/ OV/ l ocal / scri pts/ Ci sco_Li ne_Up_Bi ts
"${OVwSel ecti ons}"";
Mi nSel ected 1;
MaxSel ected 3;
}
}
Cr eat e a f i l e wi t hi n $OV_REGISTRATION/C and i nser t t he pr evi ous
code l i st i ng. Once t hi s i s done, r un ovw wi t h t he -verify
swi t ch, whi ch checks f or er r or s.
[ B]
You may see er r or s or
war ni ngs about your new menu i t embut , i f you' r e successf ul ,
you' l l see an i t emt hat l ooks l i ke t he menu i n Fi gur e B- 2.
[B]
Do not l eave any backup f i l es wi thi n any of the di rectori es,
because NNMtakes each f i l e seri ousl y. Backup or redundant
f i l es wi l l produce warni ngs when you run ovw.

NNM can be pi cky wi t h r egi st r at i on f i l es. I f you
can' t see your menu, t r y t he ovw -verify t r i ck.
I f i t r eveal s no er r or s, t ake some ent r i es out
and r est ar t ovw. Keep doi ng t hi s unt i l your
i t ems appear . You shoul d al so br eak up your menu
i t i t l t i l f i l D t t l l

i t ems i nt o mul t i pl e f i l es. Do not put al l your
menus and act i ons i nt o one f i l e. The mor e f i l es
you have, t he easi er i t wi l l be t o di agnose and
t r oubl eshoot your new menu i t ems.

Fi gure B- 2. A newmenu

Let ' s t al k about some commonal t i es wi t hi n our r egi st r at i on
f i l e:
Each menu and menu item is associated with a keyboard
shortcut that allows the user to access it. The trigger
character is preceded by an underscore. For example, from
the "Local_Graphs Network" menu, you can hit "M" to go
to the "5 Minute CPU" item.
Each menu item has a precedence number within angle
brackets. This allows you to control the order in which
items appear. Items with the highest precedence appear
first in a menu; items with the same precedence are listed
in the order in which they appear in the file. For
example, if we reduce the precedence of "5 Minute CPU"
from <90> to <80> it will appear after the "Bits In and
Out" menu item, because the higher-precedence item comes
first.
The Menubar ent r y cont ai ns t he menus t hat wi l l appear i n t he t op
NNM menu bar . We used t he f unct i on f . menu t o cal l a submenu. The
f ol l owi ng code shows how we coul d have used f . acti on t o cal l an
act i on di r ect l y:
Menubar <precedence>"menubar Label " _Mnemoni cChar
{
<precedence>"SubMenu Label " _Mnemoni cChar f . menu "menu- name"
<precedence>"Acti on Name" _Mnemoni cChar f . acti on "acti on- name"
}
A Menu l ooks and behaves l i ke t he menu bar ( or menu) t hat
cont ai ns i t , wi t h a f ew di f f er ences. Menus don' t decl ar e
mnemoni c char act er s or pr ecedence; t hese ar e def i ned by t he
cont ai ni ng menu or menu bar . The menu- name i s t he l i nki ng name
t hat appear s af t er f . menu.
Menu "menu- name"
{
<precedence>"SubMenu Label " _Mnemoni cChar f . menu "menu- name"
<precedence>"Acti on Name" _Mnemoni cChar f . acti on "acti on- name"
}
Acti ons ar e cal l ed j ust l i ke Menus. The act i on- name i s t he l i nki ng
name of an act i on t hat get s cal l ed when sel ect ed f r oma
pr evi ous i t em( ei t her a Menu or a Menubar) :

Acti on "acti on- name"
{
Command "/ opt/ OV/ l ocal / scri pts/ Ci sco_5mi n_cpu "${OVwSel ecti ons}"";
Mi nSel ected 1;
MaxSel ected 7;
}
Ther e ar e a f ew addi t i onal par amet er s i n our Acti on decl ar at i on:
Command specifies which program or script should be
executed. The "${OVwSel ecti ons}" at the end of the command
string passes all currently selected objects to the
program as arguments.
Mi nSel ected declares how many nodes must be selected before
this item becomes available. If nothing is selected, the
corresponding menu choice will be grayed out and
unclickable.
MaxSel ected works the same way, but declares the maximum
number of objects that can be selected.
Sel ecti onRul e uses capability fields
[B]
within a logical
statement. These rules declare what is necessary for the
selection to be deemed a "good selection."
[B]
Check out $OV_FI ELDS f or more def i ni ti ons of capabi l i ty
f i el ds.
Acti on decl ar at i ons can cont ai n many addi t i onal par amet er s, as
can r egi st r at i on f i l es. The exampl es we' ve gi ven shoul d be
enough t o get you goi ng i n t he r i ght di r ect i on. The OVwRegI nt r o
( 5) manpage def i nes t he synt ax of t he r egi st r at i on f i l es i n
det ai l ; r ead t hi s page car ef ul l y i f you' r e ser i ous about addi ng
cust ommenu i t ems.
B. 3 Prof i l es f or Di f f erent Users
Some user s may have speci f i c ways i n whi ch t hey want t o use
NNM. For exampl e, an oper at or who i s wat chi ng t he net wor k f or
pr obl ems may need a f ai r l y l i mi t ed set of menus and t ool s; a
seni or net wor k engi neer mi ght want a subst ant i al l y l ar ger set
of opt i ons. You can use t he $OV_REGISTRATION di r ect or y and t he
$OVwRegDi r envi r onment var i abl e t o cust omi ze NNM on a per - user
basi s.
The pr evi ous sect i on shows how t o add menus by modi f yi ng f i l es
i n t he $OV_REGISTRATION/C di r ect or y. By def aul t , t hi s i s t he
di r ect or y NNM uses when i t st ar t s. However , you can cr eat e as
many pr of i l es as you need under t he $OV_REGISTRATION di r ect or y.
Once you have cr eat ed anot her pr of i l e di r ect or y, you can change
t he $OVwRegDi r envi r onment var i abl e t o poi nt t o t hat new
di r ect or y. Then, when NNM st ar t s, i t wi l l use t he new pr of i l e.

One way t o set up user - speci f i c pr of i l es i s t o cr eat e an
account t hat anyone can use f or st ar t i ng an NNM sessi on. Wi t h
t hi s account , t he net wor k map i s opened r eadonl y
[ B]
and has
onl y t he mi ni mal menus ( " Fi l e Exi t , " " Map Ref r esh, " " Faul t
Al ar ms, " et c. ) . Cr eat e a new pr of i l e f or t hi s account i n t he
di r ect or y $OV_REGISTRATION/skel by copyi ng al l t he f i l es i n t he
def aul t pr of i l e $OV_REGISTRATION/C t o t he new skel di r ect or y.
Then modi f y t hi s pr of i l e by r emovi ng most of t he menu choi ces,
t hus pr event i ng t he oper at or f r ombei ng abl e r un any ext er nal
commands.
[ B]
To st ar t NNM usi ng t hi s pr of i l e, you must poi nt t he
$OVwRegDi r envi r onment var i abl e t o t he new pr of i l e di r ect or y.
To t est t he new pr of i l e, gi ve t he f ol l owi ng Bour ne shel l
commands:
[B]
When starti ng NNMvi a the command l i ne, use $OV_BI N/ ovw- ro
to open the def aul t map i n readonl y mode. Thi s wi l l prevent
the user f rommaki ng any map changes (moves, add, del etes,
etc. ).
[B]
J ust because a map i s opened readonl y does not mean that
users cannot make changes to the backend of NNM. A user who has
the abi l i ty to l aunch the menu i tems can make changes j ust l i ke
the superuser can. The best way to prevent these changes i s to
take out any/ al l conf i gurati on menu opti ons.
[root][nms] / >OVwRegDi r=/ et c/ opt / OV/ share/ regi st rat i on/ skel
[root][nms] / >export OVwRegDi r
[root][nms] / >$OV_BI N/ ovw
Once you' r e conf i dent t hat t hi s new pr of i l e wor ks, cr eat e an
account f or r unni ng NNM wi t h mi ni mal per mi ssi ons and, i n t he
st ar t up scr i pt f or t hat account , set $OVwRegDi r appr opr i at el y
( i . e. , t o poi nt t o your skel et on conf i gur at i on) . Then make sur e
t hat user s can' t r un NNM f r omt hei r nor mal account s - - per haps
by l i mi t i ng execut e access f or NNM t o a par t i cul ar gr oup, whi ch
wi l l f or ce user s not i n t hat gr oup t o use t he speci al account
when t hey want t o r un NNM. You shoul d al so make sur e t hat t he
user s you don' t t r ust can' t modi f y t he $OV_REGISTRATION
di r ect or y or i t s subdi r ect or i es.

B. 4 Usi ng NNMf or Communi cat i ons
One of t he mor e exot i c ways t o use SNMP i s as a t ool f or
passi ng messages back and f or t h. For exampl e, i t ' s cer t ai nl y
usef ul t o know t hat t he Or acl e dat abase has gone down, but i t ' s
even mor e usef ul t o send messages t o key user s not i f yi ng t hem
t hat t he dat abase has cr ashed or t hat i t ' s goi ng down f or
mai nt enance at t he end of t he day. I n a smal l envi r onment , i t ' s
easy t o come up wi t h hacks t hat pr ovi de var i ous ki nds of
not i f i cat i on. But i n a l ar ge company wi t h many of f i ces, i t ' s
usef ul t o have a st andar d way f or communi cat i ng wi t h ot her

depar t ment s. NNM' s Event Cat egor i es i s t he per f ect t ool t o use
as a cent r al i zed communi cat i on devi ce.
I magi ne a web i nt er f ace t hat al l ows you t o send t r aps t o Event
Cat egor i es. Fi l l i ng out a si mpl e f or mi n a br owser
aut omat i cal l y gener at es a t r ap t hat i s post ed t o t he
appr opr i at e cat egor i es. Fi gur e B- 3 shows such an i nt er f ace.
Fi gure B- 3. SNMP web i nt erf ace

What t ypes of quest i ons does ever yone ( you, manager s, user s,
et c. ) ask when t her e' s a pr obl em? The most t ypi cal ones ar e:
Who is in charge? Name, phone, pager
What is going on? Reboot, upgrade, failure
What servers are affected? Production, test, development
What services are affected? Mail, news, database, web server
When did this happen? E.g., 10 minutes ago, 4 days from now
When will this be fixed? E.g., immediately, tomorrow
What is the severity? Normal, Warning, Minor, Major, Critical
Al l t hese quest i ons can be answer ed usi ng t he HTML f or mi n
Fi gur e B- 3. The CGI scr i pt or J ava ser vl et t hat pr ocesses t he
f or mcan r ef use t o accept t he f or munt i l t he user has f i l l ed i n
al l t he f i el ds, guar ant eei ng t hat you have compl et e and
consi st ent i nf or mat i on.
Set t i ng up a r epor t i ng syst eml i ke t hi s i s not ver y di f f i cul t .
You can use any st andar d web ser ver ,
[ B]
a l i t t l e HTML, and your
f avor i t e l anguage f or pr ocessi ng t he f or m. Once you par se t he
out put f r omt he f or m, you can use any of t he t r ap- gener at i on
pr ogr ams we' ve di scussed t o send t he t r ap. Thi s t r ap wi l l t hen
show up i n one of NNM' s Event Cat egor i es. ( I f you' r e not usi ng
NNM, we' ve di scussed ot her t r ap daemons t hat can be used t o
r ecei ve t he t r ap and not i f y user s. However , NNM i s conveni ent
because i t wi l l do ever yt hi ng f or you. )
[B]
Check out http: / / www. apache. org f or more i nf ormati on on a
f ree Uni x or NT web server.

The key t o t hi s whol e set up i s get t i ng peopl e t o use and wat ch
NNM. I f i t i sn' t used by ever yone, t hi s mechani smr eal l y
doesn' t accompl i sh anyt hi ng. Tr ai ni ng user s i n nont echni cal
depar t ment s t o wat ch NNM f or i mpor t ant not i f i cat i ons may not be
easy, but i f you succeed you' l l have cr eat ed an el egant
mechani smf or get t i ng i mpor t ant i nf or mat i on t o user s.
Appendi x C. Net- SNMP Tool s
Thi s appendi x pr ovi des br i ef summar i es of t he command- l i ne
t ool s i ncl uded i n Ver si on 4. 2 of t he Net - SNMP package
( avai l abl e f r omht t p: / / net - snmp. sour cef or ge. net ) .
Rat her t han t r yi ng t o descr i be al l t he opt i ons t o al l t he
commands, we' ve f ocused on t hose t hat ar e most i mpor t ant and
usef ul . We have al so poi nt ed out a f ew cases i n whi ch t he
behavi or of t he commands di f f er s f r omt he behavi or t hat ' s
descr i bed i n t he manual pages. Unf or t unat el y, t her e ar e many
di scr epanci es. The cur r ent si t uat i on i s obvi ousl y f ar f r om
i deal , but hopef ul l y ei t her t he document at i on or t he commands
wi l l be f i xed i n some l at er r el ease.

C. 1 Net - SNMP and MI B Fi l es
By def aul t , Net - SNMP r eads t he MI B f i l es i n t he di r ect or y
/usr/local/share/snmp/mibs. When you i nst al l Net - SNMP i t
popul at es t hi s di r ect or y wi t h a f ew dozen MI B f i l es, i ncl udi ng
t he UCD MI B ( Net - SNMP used t o be cal l ed UCD- SNMP) and RFC 1213
MI B ( MI B- I I ) . Net - SNMP uses t he MI B f i l es t o t r ansl at e bet ween
numer i c obj ect I Ds and t hei r t ext ual r epr esent at i ons. The MI B
f i l es al so gi ve t he t ool s access t o i nf or mat i on about each
obj ect ( i t s synt ax, t he t ype of access al l owed, i t s
descr i pt i on, et c. ) . Addi ng a vendor - speci f i c MI B f i l e t o Net -
SNMP i s as si mpl e as pl aci ng i t i n t he mibs di r ect or y and
set t i ng t he envi r onment var i abl e $MI BS t o ALL, as di scussed i n
t he next sect i on.
C. 2 Common Command- Li ne Argument s
For t he most par t , t he Net - SNMP commands f ol l ow a si mi l ar
command st r uct ur e; t hey shar e many opt i ons and use r oughl y t he
same synt ax. For exampl e, i n t he abst r act , an snmpget command
l ooks l i ke t hi s:
snmpget opti ons hostname communi ty obj ectI D. . .
I n ot her wor ds, t he command name i s f ol l owed by a ser i es of
opt i ons, t he host name of t he syst emyou want t o pol l , t he
communi t y st r i ng, and one or mor e obj ect I Ds. ( Not e t hat you
can use t he -c communi t y opt i on i nst ead of pl aci ng t he
communi t y st r i ng af t er t he host name. You can al so pr ovi de a
def aul t host name i n your snmp.conf f i l e. ) The synt ax of snmpset
i s onl y sl i ght l y di f f er ent ; because snmpset changes obj ect

val ues, i t r equi r es you t o speci f y t he obj ect ' s dat at ype and
t he new val ue:
snmpset opti ons hostname communi ty obj ectI D type val ue. . .
Tabl e C- 1 summar i zes some of t he most usef ul opt i ons t hat ar e
common t o al l Net - SNMP commands. See t he snmpcmd( 1) manpage f or
a compl et e l i st .
Tabl e C- 1. Summary of Command- Li ne Opt i ons
Option Description
-m
Speci f i es whi ch MI B modul es you woul d l i ke t he command
t o l oad. I f you want t he command t o par se t he MI B f i l e
f or a par t i cul ar vendor , copy t he MI B f i l e t o
/usr/local/share/snmp/mibs and i nvoke t he command wi t h
t he opt i on -m ALL. The ar gument ALL f or ces t he command
t o r ead al l t he MI B f i l es i n t he di r ect or y. Set t i ng t he
envi r onment var i abl e $MI BS t o ALL achi eves t he same
t hi ng. I f you don' t want t he command t o r ead al l t he MI B
f i l es, you can f ol l ow t he -m opt i on wi t h a col on-
separ at ed l i st of t he MI B f i l es you want par sed.
-M
Al l ows you t o speci f y a col on- separ at ed l i st of
di r ect or i es t o sear ch f or MI B f i l es. Thi s opt i on i s
usef ul i f you don' t want t o copy MI B f i l es i nt o t he
def aul t MI B l ocat i on. Set t i ng t he shel l var i abl e
$MI BDI RS has t he same ef f ect .
-IR
Per f or ms a r andom- access sear ch t hr ough t he MI B dat abase
f or an OI D l abel . By def aul t , t he commands assume t hat
you speci f y an obj ect I D r el at i ve t o
. i so. or g. dod. i nt er net . mgmt . mi b- 2. I n pr act i ce, t hi s
opt i on al l ows you t o avoi d t ypi ng l ong OI Ds f or obj ect s
t hat ar en' t under t he mi b- 2 subt r ee. For exampl e,
t her e' s a gr oup of obj ect s i n t he Ci sco MI B named l cpu.
I f you use t he -IR opt i on, you can r et r i eve obj ect s i n
t hi s gr oup wi t hout t ypi ng t he ent i r e OI D; t he f ol l owi ng
command i s suf f i ci ent :
snmpget - I R hostname communi ty l cpu. 2
I f t her e i s mor e t han one obj ect wi t h t he gi ven name,
t he Net - SNMP t ool s wi l l access t he f i r st obj ect t hey
f i nd. Si nce t hi s f eat ur e i s bi l l ed as a r andom- access
sear ch, t her e' s no way t o pr edi ct whi ch obj ect t he t ool s
wi l l f i nd f i r st . Wi t hi n t he st andar d MI Bs, obj ect s
r ar el y ( i f ever ) have t he same name, but t her e' s no
guar ant ee t hat any name wi l l be uni que, par t i cul ar l y i f
you' r e usi ng vendor - speci f i c MI Bs.
-On
Pr i nt s OI Ds numer i cal l y ( e. g. , . 1. 3. 6. 1. 2. 1. 1. 3. 0) . Not e
t hat t he -O opt i ons can be combi ned, as l ong as t he

combi nat i on makes sense.
-Of Pr i nt s t he ent i r e OI D ( i . e. , st ar t i ng wi t h . 1) .
-Os
Di spl ays onl y t he f i nal par t of t he OI D, i n symbol i c
f or m( e. g. , sysUpTi me. 0) .
-OS
Same as -Os, but pr ef i xes t he obj ect name wi t h t he name
of t he MI B f i l e f r omwhi ch t he obj ect i s t aken ( e. g. ,
SNMPv2- MI B: : sysUpTi me. 0) .
-T
Speci f i es whet her t he command shoul d use TCP or UDP as
t he t r anspor t - l ayer pr ot ocol . UDP i s t he def aul t ; -T tcp
uses TCP.
-v
Speci f i es whi ch ver si on of SNMP t o use. By def aul t , t he
commands use Ver si on 1. Val i d opt i ons ar e - v 1, - v 2c,
and - v 3. Not e t hat some commands, such as snmpbulkget,
ar e avai l abl e onl y f or Ver si ons 2c and 3.
-h Di spl ays hel p i nf or mat i on f or t he command.
-c
Speci f i es t he communi t y st r i ng f or t he command.
Al t er nat el y, you can pl ace t he communi t y st r i ng af t er
t he host name and omi t t he -c opt i on.
C. 3 Net - SNMP Command- Li ne Tool s
Thi s sect i on br i ef l y descr i bes each of t he Net - SNMP t ool s. By
def aul t , i nst al l i ng Net - SNMP pl aces al l t hese commands i n
/usr/local/bin. Al l t he exampl es i n t hi s sect i on assume t hat
/usr/local/bin i s i n your pat h.
C. 3. 1 snmpwal k
snmpwalk per f or ms t he get - next oper at i on. We' ve used i t
t hr oughout t he book, so i t shoul d be f ami l i ar ; i n t hi s sect i on,
we' l l use i t t o demonst r at e some of t he opt i ons i nt r oduced i n
Tabl e C- 1.
Let ' s say you want t o per f or man snmpwalk agai nst a Ci sco
r out er . I f you don' t have any Ci sco MI Bs i nst al l ed, her e' s what
you wi l l see:
$ snmpwal k ci sco. ora. compubl i c . 1. 3. 6. 1. 4. 1. 9
enterpri ses. 9. 2. 1. 1. 0 =". . SystemBootstrap, Versi on 11. 2(17)GS2, [htseng 180]
EARLY DEPLOYMENT RELEASE SOFTWARE (f c1). . Copyri ght (c) 1999 by Ci sco Systems,
I nc. . . "
enterpri ses. 9. 2. 1. 2. 0 ="rel oad"
enterpri ses. 9. 2. 1. 3. 0 ="ci sco"
enterpri ses. 9. 2. 1. 4. 0 ="ora. com"
enterpri ses. 9. 2. 1. 5. 0 =I pAddress: 127. 45. 23. 1
enterpri ses. 9. 2. 1. 6. 0 =I pAddress: 0. 0. 0. 0
enterpri ses. 9. 2. 1. 8. 0 =131890952

enterpri ses. 9. 2. 1. 9. 0 =456
enterpri ses. 9. 2. 1. 10. 0 =500
enterpri ses. 9. 2. 1. 11. 0 =17767568
enterpri ses. 9. 2. 1. 12. 0 =0
enterpri ses. 9. 2. 1. 13. 0 =0
enterpri ses. 9. 2. 1. 14. 0 =104
enterpri ses. 9. 2. 1. 15. 0 =600
. . .
Recal l t hat . 1. 3. 6. 1. 4. 1 i s
. i so. or g. dod. i nt er net . pr i vat e. ent er pr i ses, and 9 i s Ci sco' s
pr i vat e ent er pr i se number . Ther ef or e, t he pr evi ous command i s
wal ki ng t he ent i r e Ci sco subt r ee, whi ch i s ver y l ar ge; we' ve
del et ed most of i t s out put . The out put you see i sn' t ver y
r eadabl e because we haven' t yet i nst al l ed t he Ci sco MI Bs, so
t he snmpwalk command has no way of pr ovi di ng human- r eadabl e
obj ect names. We j ust have t o guess what t hese obj ect s ar e.
Thi s pr obl emi s easy t o sol ve. Copy t he Ci sco MI Bs
[ C]
t o t he
mai n Net - SNMP r eposi t or y ( /usr/local/share/snmp/mibs) and use
t he -m ALL command- l i ne opt i on. Wi t h t hi s opt i on, snmpwalk
par ses al l t he f i l es i n t he MI B r eposi t or y. As a r esul t we get
t he obj ect I Ds i n st r i ng ( human- r eadabl e) f or m, and we can wal k
t he ci sco subt r ee by name r at her t han speci f yi ng i t s compl et e
numer i c obj ect I D ( . 1. 3. 6. 1. 4. 1. 9) :
[C]
You can f i nd many Ci sco MI Bs at
f tp: / / f tp. ci sco. com/ pub/ mi bs/ .
$ snmpwal k - mALL ci sco. ora. compubl i c ci sco
enterpri ses. ci sco. l ocal . l cpu. 1. 0 =". . SystemBootstrap, Versi on 11. 2(17)GS2,
[htseng 180] EARLY DEPLOYMENT RELEASE SOFTWARE (f c1). . Copyri ght (c) 1999 by Ci sco
Systems, I nc. . . "
enterpri ses. ci sco. l ocal . l cpu. 2. 0 ="rel oad"
enterpri ses. ci sco. l ocal . l cpu. 3. 0 ="ci sco"
enterpri ses. ci sco. l ocal . l cpu. 4. 0 ="ora. com"
enterpri ses. ci sco. l ocal . l cpu. 5. 0 =I pAddress: 127. 45. 23. 1
enterpri ses. ci sco. l ocal . l cpu. 6. 0 =I pAddress: 0. 0. 0. 0
enterpri ses. ci sco. l ocal . l cpu. 8. 0 =131888844
. . .
Now l et ' s t r i mt he out put by addi ng t he -Os opt i on, whi ch omi t s
t he i ni t i al par t of each OI D:
$ snmpwal k - mALL - Os ci sco. ora. compubl i c ci sco
l cpu. 1. 0 =". . SystemBootstrap, Versi on 11. 2(17)GS2, [htseng 180] EARLY
DEPLOYMENT RELEASE SOFTWARE (f c1). . Copyri ght (c) 1999 by Ci sco Systems, I nc. . . "
l cpu. 2. 0 ="rel oad"
l cpu. 3. 0 ="ci sco"

l cpu. 4. 0 ="ora. com"
l cpu. 5. 0 =I pAddress: 127. 45. 23. 1
l cpu. 6. 0 =I pAddress: 0. 0. 0. 0
l cpu. 8. 0 =131888844
l cpu. 9. 0 =456
l cpu. 10. 0 =500
l cpu. 11. 0 =17767568
l cpu. 12. 0 =0
l cpu. 13. 0 =0
l cpu. 14. 0 =104
l cpu. 15. 0 =600
. . .
Thi s out put i s a l i t t l e easi er t o r ead, si nce i t cut s of f t he
r edundant par t of each OI D. Let ' s t ake t hi s command one st ep
f ur t her :
$ snmpwal k - OsS ci sco. ora. compubl i c syst em
RFC1213- MI B: : sysDescr. 0 ="Ci sco I nternetwork Operati ng SystemSof tware . . I OS (tm)
GS Sof tware (GSR- K4P- M), Versi on 12. 0(15)S, EARLY DEPLOYMENT RELEASE SOFTWARE
(f c1). . TAC Support: http: / / www. ci sco. com/ cgi - bi n/ i bl d/ vi ew. pl ?i =support. .
Copyri ght (c) 1986- 2001 by Ci sco Systems, I nc. . . "
RFC1213- MI B: : sysObj ectI D. 0 =OI D: DTRConcentratorMI B: : catProd. 182
EXPRESSI ON- MI B: : sysUpTi meI nstance =Ti meti cks: (344626986) 39 days, 21: 17: 49. 86
RFC1213- MI B: : sysContact. 0 ="O' Rei l l y Data Center"
RFC1213- MI B: : sysName. 0 ="ci sco. ora. com"
RFC1213- MI B: : sysLocati on. 0 ="Atl anta, GA"
RFC1213- MI B: : sysServi ces. 0 =6
RFC1213- MI B: : system. 8. 0 =Ti meti cks: (0) 0: 00: 00. 00
Thi s command wal ks t he syst emsubt r ee. Si nce t he syst emgr oup
f al l s under mi b- 2, t her e i s no need t o use -m ALL; mi b- 2 i s one
of t he MI Bs t he Net - SNMP t ool s l oad aut omat i cal l y. Addi ng S t o
t he -O opt i on i nst r uct s t he command t o pr ef i x each l i ne of
out put wi t h t he name of t he MI B f i l e; we see t hat each l i ne
begi ns wi t h RFC1213- MI B, whi ch i s t he name of t he f i l e t hat
def i nes mi b- 2.
C. 3. 2 snmpget
The snmpget command i ssues a si ngl e get oper at i on. I t s synt ax
i s:
snmpget opti ons hostname communi ty obj ectI D. . .
C. 3. 3 snmpbul kget
SNMPv2 pr ovi des an oper at i on cal l ed get - bul k, whi ch i s
i mpl ement ed by t he snmpbulkget command. get - bul k al l ows you t o
r et r i eve a chunk of i nf or mat i on i n one oper at i on, as opposed t o
a si ngl e get or sequence of get - next oper at i ons. The synt ax of
snmpbulkget i s:
snmpbul kget - v 2c opti ons hostname communi ty obj ectI D
-v 2c i s r equi r ed because get - bul k i s def i ned by SNMP Ver si on
2.

Ther e i s one command- speci f i c opt i on, -B nonrep rep. nonr ep i s
t he number of scal ar obj ect s t hat t hi s command wi l l r et ur n; r ep
i s t he number of i nst ances of each nonscal ar obj ect t hat t he
command wi l l r et ur n. I f you omi t t hi s opt i on t he def aul t val ues
of nonr ep and r ep, 1 and 100, r espect i vel y, wi l l be used.
C. 3. 4 snmpbul kwal k
The snmpbulkwalk command uses t he get - bul k command sequence t o
r et r i eve par t s of a MI B. Thi s command di f f er s f r omsnmpbulkget
i n t hat i t does not need t he -B opt i on set ; i t wal ks t he ent i r e
t r ee unt i l i t r eaches t he end or r et r i eves al l t he r equest ed
obj ect s. I t s synt ax i s:
snmpbul kwal k - v 2c opti ons hostname communi ty obj ectI D
C. 3. 5 snmpset
The snmpset command i s used t o change, or set , t he val ue of a
MI B obj ect . The command l ooks l i ke t hi s:
snmpset opti ons hostname communi ty obj ectI D type val ue. . .
You can pr ovi de any number of obj ect I D/ t ype/ val ue t r i pl es; t he
command wi l l execut e set oper at i ons f or al l t he obj ect s you
gi ve i t . t ype i s a si ngl e- char act er abbr evi at i on t hat i ndi cat es
t he dat at ype of t he obj ect you' r e set t i ng. Tabl e C- 2 l i st s t he
val i d t ypes.
Tabl e C- 2. snmpset Obj ect Types
Abbreviation Type
a I P addr ess
b
[ C]
Bi t s
D Doubl e
F Fl oat
i I nt eger
I Si gned i nt 64
n Nul l
o Obj ect I D
s St r i ng
t Ti me t i cks

U Unsi gned i nt 64
[C]
Whi l e the manpages showthi s as a val i d datatype, the hel p
output f romthe command does not.
C. 3. 6 snmpt rap
To send a t r ap, use t he snmptrap command. The synt ax f or t hi s
command i s:
snmptrap opti ons hostname communi ty trap parameters. . .
For Ver si on 1, t he f ol l owi ng t r ap par amet er s ar e r equi r ed:
enterpri seoi d agent trap- type speci f i c- type upti me obj ectI D type val ue. . .
Thi s command i s di scussed i n det ai l i n Chapt er 10. Each obj ect
I D/ t ype/ val ue t r i pl et speci f i es a var i abl e bi ndi ng t o be
i ncl uded wi t h t he t r ap; you may i ncl ude any number of var i abl e
bi ndi ngs. Not e t hat t he agent and t he upt i me ar e not opt i onal ;
however , i f you pr ovi de an empt y st r i ng ( "") as a pl acehol der
t hey def aul t t o t he I P addr ess of t he syst emsendi ng t he t r ap
and t he syst em' s cur r ent upt i me.
The par amet er s ar e si mpl er f or Ver si on 2 t r aps, l ar gel y because
t r aps ( now cal l ed not i f i cat i ons) ar e f ul l - f l edged MI B obj ect s
i n t hei r own r i ght . The f ol l owi ng par amet er s ar e r equi r ed:
snmptrap - v 2c opti ons hostname communi ty upti me trapoi d obj ectI D type val ue. . .
C. 3. 7 snmpdel t a
The snmpdelta command moni t or s OI Ds and t r acks changes i n OI D
val ues over t i me. I t s synt ax i s:
snmpdel ta opti ons hostname communi ty obj ectI D. . .
snmpdelta r equi r es you t o speci f y t he OI D of an i nt eger - val ued
scal ar obj ect - - i t can' t moni t or t abl es. For exampl e, i f you
want t o want t o wat ch t he oct et s ar r i vi ng on an i nt er f ace, you
can' t j ust speci f y i f I nOct et s; you must speci f y t he i nt er f ace
number i n addi t i on t o t he obj ect name ( e. g. , i f I nOct et s. 3) . By
def aul t , snmpdelta pol l s t he gi ven obj ect ever y second.
Tabl e C- 3 l i st s some of t he snmpdelta- speci f i c opt i ons. Ther e
ar e many pr obl ems wi t h t he document at i on f or t hi s command, but
i f you st i ck t o t he opt i ons l i st ed bel ow you shoul d be on f i r m
gr ound.
Tabl e C- 3. snmpdel t a Opt i ons
Option Description

-t
The document at i on says " Det er mi ne t i me i nt er val f r omt he
moni t or ed ent i t y. " I t ' s not cl ear what t hi s means, but
you seemt o need t hi s ent r y t o get nonzer o r eadi ngs.
-s Di spl ay a t i mest amp wi t h ever y set of r esul t s.
-m Pr i nt t he maxi mumval ue obt ai ned.
-l
Wr i t e t he out put t o a f i l e. The f i l ename i s i n t he f or m
host name- OI D. For exampl e, i f you want t o moni t or t he
var i abl es i f I nOct et s. 3 and i f Out Oct et s. 3 on t he host
r out er , t he -l opt i on wi l l cr eat e t wo f i l es, host name-
i f I nOct et s. 3 and host name- i f Out Oct et s. 3, wher e t he
out put of snmpdelta wi l l be wr i t t en. ( Not e t hat t hi s
out put has no appar ent connect i on t o t he conf i gur at i on,
as t he document at i on cl ai ms. )
-p Speci f y t he pol l i ng i nt er val ( t he def aul t i s 1 second) .
-T Pr i nt out put i n t abul ar f or mat .
C. 3. 8 snmpdf
snmpdf wor ks exact l y l i ke t he Uni x df command, except i t uses
SNMP t o quer y host s on a net wor k. I t s synt ax i s:
snmpdf - Cu opti ons. . . hostname communi ty
The -Cu opt i on t el l s t he command t o consul t t he Net - SNMP
pr i vat e MI B. The Host Resour ces MI B i s used by def aul t .
C. 3. 9 snmpget next
The snmpgetnext command uses t he get - next oper at i on t o r et r i eve
t he next obj ect f r oma host . For exampl e, i f you ask i t t o
per f or ma get - next f or i f Out Oct et s. 4 i t wi l l r et r i eve t he next
obj ect i n t he MI B t r ee, whi ch wi l l pr obabl y be i f Out Oct et s. 5.
( I f t he machi ne you' r e pol l i ng has onl y f our i nt er f aces, you' l l
get t he next obj ect i n t he MI B, what ever t hat happens t o be.
You shoul d al so be awar e t hat t her e ar e some obscur e si t uat i ons
t hat cr eat e a " hol e" i n t he i nt er f ace t abl e, so t he i nt er f ace
f ol l owi ng . 4 mi ght be . 6 or . 7. ) You can use t hi s command t o
i mpl ement your own ver si on of snmpwalk. The synt ax i s:
snmpgetnext opti ons. . . hostname communi ty obj ectI D. . .
Ther e ar e no opt i ons speci f i c t o snmpgetnext.
C. 3. 10 snmpst at us
The snmpstatus command r et r i eves st at us i nf or mat i on f r oma
host . I t pr i nt s t he f ol l owi ng i nf or mat i on:
The IP address of the entity
A textual description of the entity (sysDescr.0)

The uptime of the entity (sysUpTime.0)
The sum of received packets on all interfaces
(ifInUcastPkts.* + ifInNUcastPkts.* )
The sum of transmitted packets on all interfaces
(ifOutUcastPkts.* + ifOutNUcastPkts.* )
The number of IP input packets (ipInReceives.0)
The number of IP output packets (ipOutRequests.0)
The synt ax of snmpstatus i s st r ai ght f or war d, and t her e ar e no
command- speci f i c opt i ons:
snmpstatus opti ons. . . hostname communi ty
C. 3. 11 snmpt abl e
The snmptable command uses get - next commands t o pr i nt t he
cont ent s of a t abl e i n t abul ar f or m. I t s synt ax i s:
snmptabl e opti ons. . . hostname communi ty obj ectI D
The obj ect I D must be t he I D of a t abl e ( e. g. , i f Tabl e) , not of
an obj ect wi t hi n a t abl e. Tabl e C- 4 l i st s some of t he
snmptable- speci f i c opt i ons.
Tabl e C- 4. snmpt abl e Opt i ons
Option Description
-Cf F
Separ at e t abl e col umns wi t h t he st r i ng F. For exampl e, -
Cf : separ at es col umns wi t h a col on, whi ch mi ght make i t
easi er t o i mpor t t he out put f r omsnmptable i nt o anot her
pr ogr am.
-Cw W
Set t he maxi mumwi dt h of t he t abl e t o W. I f t he l i nes
ar e l onger t han W, t he t abl e i s spl i t i nt o sect i ons.
Si nce t abl es can have many col umns, you al most cer t ai nl y
want t o use t hi s opt i on.
-Ci Pr epend t he i ndex of t he ent r y t o al l pr i nt ed l i nes.
-Cb Di spl ay a br i ef headi ng.
-Ch Pr i nt onl y col umn header s.
-CH Suppr ess col umn header s.
C. 3. 12 snmpusm
The snmpusm command pr ovi des si mpl e access t o t he agent ' s User-
based Security Model ( USM) t abl e. Thi s i s pr i mar i l y used f or
conf i gur i ng t he agent ' s SNMPv3 f eat ur es ( managi ng user s,
set t i ng and changi ng passphr ases, et c. ) . Thi s command i s
di scussed i n Appendi x F.

C. 3. 13 snmpconf
Thi s command i s an i nt er act i ve Per l scr i pt used t o cr eat e and
mai nt ai n t he Net - SNMP conf i gur at i on f i l es, snmp.conf and
snmpd.conf. I t s synt ax i s:
snmpconf f i l ename
f i l ename must be ei t her snmp.conf or snmpd.conf.
C. 3. 14 snmpi nf orm
Thi s command can be used t o send an SNMPv2 t r ap. I f you send a
t r ap wi t h snmpinform, i t wi l l wai t f or a r esponse f r omt he
r eci pi ent . Not e t hat you can send an inform usi ng t he snmptrap
command i f you speci f y -Ci. The opt i ons t o snmpinform ar e
i dent i cal t o t hose f or snmptrap.
C. 3. 15 snmpt ransl at e
The Net - SNMP package comes wi t h a handy t ool cal l ed
snmptranslate t hat t r ansl at es bet ween numer i cal and human-
r eadabl e obj ect names. Mor e gener al l y, i t can be used t o l ook
up i nf or mat i on f r omMI B f i l es. I t s synt ax i s:
snmptransl ate opti ons obj ectI D
snmptranslate does not per f or mquer i es agai nst any devi ce, so
i t doesn' t need t he host name or communi t y par amet er s. I t s sol e
pur pose i s t o r ead MI B f i l es and pr oduce out put about speci f i c
obj ect s. Bef or e l ooki ng at exampl es, i t ' s wor t h not i ng t hat
snmptranslate' s i nt er pr et at i ons of t he -O opt i ons ar e, t o be
ki nd, i nt er est i ng. To speak mor e pl ai nl y, t hey' r e j ust pl ai n
wr ong. The f ol l owi ng exampl es show what act ual l y happens when
you use t hese opt i ons - - we' l l l eave t he r at i onal i zat i on t o
you. We expect t hese pr obl ems t o be f i xed i n some l at er ver si on
of Net - SNMP.
Let ' s say you want t o know t he ent er pr i se OI D f or Ci sco
Syst ems. The f ol l owi ng command does t he t r i ck:
$ snmpt ransl at e - mALL - I R - Of ci sco
. 1. 3. 6. 1. 4. 1. 9
Thi s t el l s us t hat Ci sco' s ent er pr i se OI D i s . 1. 3. 6. 1. 4. 9. Not e
t he use of t he -IR opt i on, whi ch t el l s snmptranslate t o do a
r andom- access sear ch f or an obj ect named ci sco. I f you l eave
t hi s opt i on out , snmptranslate wi l l f ai l because i t wi l l t r y t o
l ocat e ci sco under t he mi b- 2 t r ee.
Let ' s say you want t o t ake . 1. 3. 6. 1. 4. 1. 9 and conver t i t t o i t s
f ul l symbol i c name. That ' s easy:
$ snmpt ransl at e - mALL - Of n . 1. 3. 6. 1. 4. 1. 9
. i so. org. dod. i nternet. pri vate. enterpri ses. ci sco
I n t hi s case, -IR i sn' t needed because we' r e not per f or mi ng a
r andom- access sear ch. -Ofn ensur es t hat we pr i nt t he f ul l

obj ect I D, i n symbol i c ( t ext ) f or m. Her e' s what happens i f we
use -Of by i t sel f :
$ snmpt ransl at e - mALL - Of . 1. 3. 6. 1. 4. 1. 9
enterpri ses. ci sco
As we sai d ear l i er , t hi s i s not how you' d expect -Ofn and -Of
t o behave. I f you' r e wr i t i ng scr i pt s, you shoul dn' t count on
t hi s behavi or st ayi ng t he same i n f ut ur e ver si ons.
Now, l et ' s say you want t o know a l i t t l e bi t mor e i nf or mat i on
about a par t i cul ar obj ect . The-Td opt i on di spl ays t he obj ect ' s
def i ni t i on as i t appear s i n t he MI B f i l e:
$ snmpt ransl at e - Td syst em. sysLocat i on
. 1. 3. 6. 1. 2. 1. 1. 6
- - FROM SNMPv2- MI B, RFC1213- MI B
- - TEXTUAL CONVENTI ON Di spl ayStri ng
SYNTAX OCTET STRI NG (0. . 255)
DI SPLAY- HI NT "255a"
MAX- ACCESS read- wri te
STATUS current
DESCRI PTI ON "The physi cal l ocati on of thi s node (e. g. , ' tel ephone
cl oset, 3rd f l oor' ). I f the l ocati on i s unknown, the
val ue i s the zero- l ength stri ng. "
: : ={ i so(1) org(3) dod(6) i nternet(1) mgmt(2) mi b- 2(1) system(1) 6 }
-Td can save you a l ot of wor k poki ng t hr ough MI B f i l es t o f i nd
an appr opr i at e def i ni t i on, par t i cul ar l y when combi ned wi t h -IR.
Fur t her mor e, t he l ast l i ne shows you t he ent i r e obj ect I D i n
bot h numer i c and st r i ng f or ms, not j ust t he obj ect ' s par ent .
Not e t hat t he ot her Net - SNMP commands have an unr el at ed -T
opt i on; don' t get conf used. -T i s meani ngl ess f or t hi s command,
because snmptranslate onl y l ooks up a l ocal f i l e and doesn' t
need t o access t he net wor k.
The -Tp opt i on pr i nt s an ent i r e OI D t r ee. The best way t o
under st and t hi s i s t o see i t :
$ snmpt ransl at e - Tp syst em
+- - system(1)
|
+- - - R- - Stri ng sysDescr(1)
| Textual Conventi on: Di spl ayStri ng
| Si ze: 0. . 255
+- - - R- - Obj I D sysObj ectI D(2)
+- - - R- - Ti meTi cks sysUpTi me(3)
+- - - RW- Stri ng sysContact(4)
| Si ze: 0. . 255
+- - - RW- Stri ng sysName(5)
| Si ze: 0. . 255
+- - - RW- Stri ng sysLocati on(6)
| Si ze: 0. . 255

+- - - R- - I nteger sysServi ces(7)
+- - - R- - Ti meTi cks sysORLastChange(8)
| Textual Conventi on: Ti meStamp
|
+- - sysORTabl e(9)
|
+- - sysOREntry(1)
|
+- - - - - - I nteger sysORI ndex(1)
+- - - R- - Obj I D sysORI D(2)
+- - - R- - Stri ng sysORDescr(3)
| Si ze: 0. . 255
+- - - R- - Ti meTi cks sysORUpTi me(4)
Textual Conventi on: Ti meStamp
We di spl ayed t he syst emsubt r ee because i t ' s f ai r l y shor t . Fr om
t hi s out put i t ' s r el at i vel y easy t o see al l t he obj ect s
under neat h syst em, t oget her wi t h t hei r t ypes and t ext ual
convent i ons. Thi s i s a gr eat way t o see what obj ect s ar e
def i ned i n a MI B, as wel l as t hei r r el at i onshi ps t o ot her
obj ect s. The out put can be vol umi nous, but i t ' s st i l l a
conveni ent way t o get a map and f i gur e out what obj ect s ar e
l i kel y t o be usef ul .

Appendi x D. SNMP RFCs
Thi s appendi x pr ovi des a br i ef l i st of al l t he SNMP RFCs, al ong
wi t h t he st at us of each RFC. Thi s l i st ( of t en r ef er r ed t o as
t he St andar ds Summar y) was t aken f r omThe Si mpl e Ti mes, an
onl i ne publ i cat i on t hat shoul d be f ami l i ar t o anyone wor ki ng
wi t h SNMP. I t i s used wi t h t hei r per mi ssi on and can be f ound i n
each quar t er l y edi t i on of t he magazi ne. Pl ease go t o
ht t p: / / www. si mpl e- t i mes. or g f or i nf or mat i on on how t o subscr i be
t o t hi s f r ee publ i cat i on.
D. 1 SMI v1 Dat a Def i ni t i on Language
Ful l St andar ds:
RFC 1155 -- Structure of Management Information
RFC 1212 -- Concise MIB Definitions
I nf or mat i onal :
RFC 1215 -- A Convention for Defining Traps
D. 2 SMI v2 Dat a Def i ni t i on Language
Ful l St andar ds:
RFC 2578 -- Structure of Management Information
RFC 2579 -- Textual Conventions
RFC 2580 -- Conformance Statements
D. 3 SNMPv1 Prot ocol

Ful l St andar ds:
RFC 1157 -- Simple Network Management Protocol
Pr oposed St andar ds:
RFC 1418 -- SNMP over OSI
RFC 1419 -- SNMP over AppleTalk
RFC 1420 -- SNMP over IPX

Dr af t St andar ds:
RFC 1905 -- Protocol Operations for SNMPv2
RFC 1906 -- Transport Mappings for SNMPv2
RFC 1907 -- MIB for SNMPv2
Exper i ment al :
RFC 1901 -- Community-based SNMPv2
RFC 1909 -- Administrative Infrastructure
RFC 1910 -- User-based Security Model

RFC 2571 -- Architecture for SNMP Frameworks
RFC 2572 -- Message Processing and Dispatching
RFC 2573 -- SNMP Applications
RFC 2574 -- User-based Security Model
RFC 2575 -- View-based Access Control Model
RFC 1905 -- Protocol Operations for SNMPv2
RFC 1906 -- Transport Mappings for SNMPv2
RFC 1907 -- MIB for SNMPv2
RFC 2576 -- Coexistence between SNMP Versions
RFC 2570 -- Introduction to SNMPv3
Exper i ment al :
RFC 2786 -- Diffie-Hellman USM Key Management
D. 6 SNMP Agent Ext ensi bi l i t y
RFC 2741 -- AgentX Protocol Version 1
RFC 2742 -- AgentX MIB
D. 7 SMI v1 MI B Modul es
Ful l St andar ds:
RFC 1213 -- Management Information Base II
RFC 1643 -- Ethernet-Like Interface Types MIB

RFC 1493 -- Bridge MIB
RFC 1559 -- DECnet phase IV MIB
RFC 1285 -- FDDI Interface Type (SMT 6.2) MIB
RFC 1381 -- X.25 LAPB MIB
RFC 1382 -- X.25 Packet Layer MIB
RFC 1414 -- Identification MIB
RFC 1461 -- X.25 Multiprotocol Interconnect MIB
RFC 1471 -- PPP Link Control Protocol MIB
RFC 1472 -- PPP Security Protocols MIB
RFC 1473 -- PPP IP NCP MIB
RFC 1474 -- PPP Bridge NCP MIB
RFC 1512 -- FDDI Interface Type (SMT 7.3) MIB
RFC 1513 -- RMON Token Ring Extensions MIB
RFC 1515 -- IEEE 802.3 MAU MIB
RFC 1525 -- Source Routing Bridge MIB
RFC 1742 -- AppleTalk MIB

D. 8 SMI v2 MI B Modul es
Ful l St andar ds:
RFC 2819 -- Remote Network Monitoring MIB
RFC 1657 -- BGP Version 4 MIB
RFC 1658 -- Character Device MIB
RFC 1659 -- RS-232 Interface Type MIB
RFC 1660 -- Parallel Printer Interface Type MIB
RFC 1694 -- SMDS Interface Type MIB
RFC 1724 -- RIP Version 2 MIB
RFC 1748 -- IEEE 802.5 Interface Type MIB
RFC 1850 -- OSPF Version 2 MIB
RFC 1907 -- SNMPv2 MIB
RFC 2115 -- Frame Relay DTE Interface Type MIB
RFC 2571 -- SNMP Framework MIB
RFC 2572 -- SNMPv3 MPD MIB
RFC 2573 -- SNMP Applications MIBs
RFC 2574 -- SNMPv3 USM MIB
RFC 2575 -- SNMP VACM MIB
RFC 2790 -- Host Resources MIB
RFC 2863 -- Interfaces Group MIB
RFC 1611 -- DNS Server MIB
RFC 1612 -- DNS Resolver MIB
RFC 1666 -- SNA NAU MIB
RFC 1696 -- Modem MIB
RFC 1697 -- RDBMS MIB
RFC 1747 -- SNA Data Link Control MIB

RFC 1749 -- 802.5 Station Source Routing MIB
RFC 1759 -- Printer MIB
RFC 2006 -- Internet Protocol Mobility MIB
RFC 2011 -- Internet Protocol MIB
RFC 2012 -- Transmission Control Protocol MIB
RFC 2013 -- User Datagram Protocol MIB
RFC 2020 -- IEEE 802.12 Interfaces MIB
RFC 2021 -- RMON Version 2 MIB
RFC 2024 -- Data Link Switching MIB
RFC 2051 -- APPC MIB
RFC 2096 -- IP Forwarding Table MIB
RFC 2108 -- IEEE 802.3 Repeater MIB
RFC 2127 -- ISDN MIB
RFC 2128 -- Dial Control MIB
RFC 2206 -- Resource Reservation Protocol MIB
RFC 2213 -- Integrated Services MIB
RFC 2214 -- Guaranteed Service MIB
RFC 2232 -- Dependent LU Requester MIB
RFC 2238 -- High Performance Routing MIB
RFC 2266 -- IEEE 802.12 Repeater MIB
RFC 2287 -- System-Level Application Mgmt MIB
RFC 2320 -- Classical IP and ARP over ATM MIB
RFC 2417 -- Multicast over UNI 3.0/3.1 / ATM MIB
RFC 2452 -- IPv6 UDP MIB
RFC 2454 -- IPv6 TCP MIB
RFC 2455 -- APPN MIB
RFC 2456 -- APPN Trap MIB
RFC 2457 -- APPN Extended Border Node MIB
RFC 2465 -- IPv6 Textual Conventions and General Group MIB
RFC 2466 -- ICMPv6 MIB
RFC 2493 -- 15 Minute Performance History TCs
RFC 2494 -- DS0, DS0 Bundle Interface Type MIB
RFC 2495 -- DS1, E1, DS2, E2 Interface Type MIB
RFC 2496 -- DS3/E3 Interface Type MIB
RFC 2512 -- Accounting MIB for ATM Networks
RFC 2513 -- Accounting Control MIB
RFC 2514 -- ATM Textual Conventions and OIDs
RFC 2515 -- ATM MIB
RFC 2558 -- SONET/SDH Interface Type MIB
RFC 2561 -- TN3270E MIB
RFC 2562 -- TN3270E Response Time MIB
RFC 2564 -- Application Management MIB
RFC 2576 -- SNMP Community MIB
RFC 2584 -- APPN/HPR in IP Networks
RFC 2591 -- Scheduling MIB
RFC 2592 -- Scripting MIB
RFC 2594 -- WWW Services MIB
RFC 2605 -- Directory Server MIB
RFC 2613 -- RMON for Switched Networks MIB
RFC 2618 -- RADIUS Authentication Client MIB
RFC 2619 -- RADIUS Authentication Server MIB

RFC 2667 -- IP Tunnel MIB
RFC 2662 -- ADSL Line MIB
RFC 2665 -- Ethernet-Like Interface Types MIB
RFC 2668 -- IEEE 802.3 MAU MIB
RFC 2669 -- DOCSIS Cable Device MIB
RFC 2670 -- DOCSIS RF Interface MIB
RFC 2677 -- Next Hop Resolution Protocol MIB
RFC 2720 -- Traffic Flow Measurement Meter MIB
RFC 2737 -- Entity MIB
RFC 2742 -- AgentX MIB
RFC 2787 -- Virtual Router Redundancy Protocol MIB
RFC 2788 -- Network Services Monitoring MIB
RFC 2789 -- Mail Monitoring MIB
RFC 2837 -- Fibre Channel Fabric Element MIB
RFC 2851 -- Internet Network Address TCs
RFC 2856 -- High Capacity Data Type TCs
RFC 2864 -- Interfaces Group Inverted Stack MIB
RFC 2895 -- RMON Protocol Identifier Reference
RFC 2925 -- Ping, Traceroute, Lookup MIBs
RFC 2932 -- IPv4 Multicast Routing MIB
RFC 2933 -- IGMP MIB
RFC 2940 -- COPS Client MIB
RFC 2954 -- Frame Relay Service MIB
RFC 2955 -- Frame Relay/ATM PVC MIB
RFC 2959 -- Real-Time Transport Protocol MIB
RFC 1628 -- Uninterruptible Power Supply MIB
RFC 2620 -- RADIUS Accounting Client MIB
RFC 2621 -- RADIUS Accounting Server MIB
RFC 2666 -- Ethernet Chip Set Identifiers
RFC 2707 -- Print Job Monitoring MIB
RFC 2896 -- RMON Protocol Identifier Macros
RFC 2922 -- Physical Topology MIB
Exper i ment al :
RFC 2758 -- SLA Performance Monitoring MIB
RFC 2786 -- Diffie-Hellman USM Key MIB
RFC 2934 -- IPv4 PIM MIB

D. 9 I ANA- Mai nt ai ned MI B Modul es
Interface Type Textual Convention
ftp://ftp.iana.org/mib/iana.mib/ianaiftype.mib
Address Family Numbers Textual Convention
ftp://ftp.iana.org/mib/iana.mib/ianaaddressfamilynumbers.m
ib
TN3270E Textual Conventions
ftp://ftp.iana.org/mib/iana.mib/ianatn3270etc.mib
Language Identifiers

ftp://ftp.iana.org/mib/iana.mib/ianalanguage.mib
IP Routing Protocol Textual Conventions
ftp://ftp.iana.org/mib/iana.mib/ianaiprouteprotocol.mib
D. 10 Rel at ed Document s
RFC 1270 -- SNMP Communication Services
RFC 1321 -- MD5 Message-Digest Algorithm
RFC 1470 -- Network Management Tool Catalog
RFC 2039 -- Applicability of Standard MIBs to WWW Server Management
RFC 2962 -- SNMP Application Level Gateway for Payload Address
Translation
Exper i ment al :
RFC 1187 -- Bulk Table Retrieval with the SNMP
RFC 1224 -- Techniques for Managing Asynchronously Generated Alerts
RFC 1238 -- CLNS MIB
RFC 1592 -- SNMP Distributed Program Interface
RFC 1792 -- TCP/IPX Connection MIB Specification
RFC 2593 -- Script MIB Extensibility Protocol
Appendi x E. SNMP Support f or Perl
Thi s appendi x summar i zes Mi ke Mi t chel l ' s SNMP_uti l modul e, whi ch
we have used i n our Per l scr i pt s t hr oughout t hi s book. Thi s
modul e i s di st r i but ed wi t h Si mon Lei nen' s SNMP Per l modul e;
Mi ke' s modul e, t oget her wi t h Si mon' s, can make SNMP pr ogr ammi ng
a snap. You can get t hese modul es f r om
ht t p: / / www. swi t ch. ch/ mi sc/ l ei nen/ snmp/ per l / or
ht t p: / / www. cpan. or g.
Per l scr i pt s need t wo use st at ement s t o t ake advant age of t he
SNMP Per l modul e:
use BER;
use SNMP_Sessi on;
The BER and SNMP_Sessi on modul es make up t he cor e of Si mon' s
package. The SNMP_uti l modul e di scussed i n t hi s appendi x makes
usi ng t hi s package a l i t t l e easi er . I t r equi r es onl y one use
st at ement :
use SNMP_uti l ;
Mi ke' s package uses t he ot her t wo modul es, so i t ' s not
necessar y t o i ncl ude al l t hr ee i n your scr i pt s.
E. 1 MI B Management Rout i nes
The f ol l owi ng sect i ons descr i be a set of r out i nes f or wor ki ng
wi t h MI Bs.
E. 1. 1 snmpmapOI D( )

The MI B obj ect s i n RFC 1213 ( MI B- I I ) and RFC 2955 ( Fr ame Rel ay)
ar e pr el oaded by t he r out i nes i n t hi s package. Thi s means t hat
you can r ef er t o a symbol i c name l i ke sysLocat i on. 0 r at her t han
t o i t s numer i c OI D ( . 1. 3. 6. 1. 2. 1. 1. 6 ) . The snmpmapOI D() r out i ne
al l ows you t o add name- OI D pai r s t o t hi s map. The r out i ne i s
used as f ol l ows:
snmpmapOI D(text, OI D, [text, OI D. . . ])
Al l t he par amet er s ar e st r i ngs. t ext i s t he t ext ual ( or
symbol i c) name t hat you want t o use and OI D i s t he numer i c
obj ect I D of t he obj ect t o whi ch t he name r ef er s. A si ngl e cal l
t o t hi s r out i ne may speci f y any number of name- OI D pai r s.
I f snmpmapOI D() f ai l s i t r et ur ns undef , so you can t est f or er r or s
l i ke t hi s:
@return =snmpmapOI D(. . );
i f (!@return) {
#error
}
E. 1. 2 snmpMI B_t o_OI D( )
Thi s r out i ne t akes t he f i l ename of a MI B as an ar gument . I t
r eads and par ses t he MI B f i l e and associ at es t he obj ect I Ds
def i ned by t he MI B wi t h t hei r t ext ual names. I t r et ur ns t he
number of mappi ngs i t cr eat ed. A r et ur n val ue of zer o means
t hat no mappi ngs wer e cr eat ed; - 1 means an er r or occur r ed
( i . e. , i t was unabl e t o open t he f i l e) . The r out i ne i s used as
f ol l ows:
snmpMI B_to_OI D(f i l ename)
E. 1. 3 snmpLoad_OI D_Cache( )
Thi s r out i ne al l ows you t o map t ext ual names t o obj ect I Ds
usi ng a f i l e. The f i l e shoul d consi st of a number of l i nes i n
t he f or m:
textual _name OI D
Thi s i s much f ast er t han cal l i ng snmpMI B_to_OI D() because i t
doesn' t r equi r e par si ng a MI B f i l e. The onl y ar gument t o t hi s
r out i ne i s t he name of t he f i l e t hat cont ai ns t he pr epar sed
dat a:
snmpLoad_OI D_Cache(f i l ename)
snmpLoad_OI D_Cache() r et ur ns - 1 i f i t can' t open t he f i l e; a r et ur n
val ue of 0 i ndi cat es success.
E. 1. 4 snmpQueue_MI B_Fi l e( )
Thi s r out i ne speci f i es a l i st of MI B f i l es t hat wi l l be used
f or mappi ng t ext ual names t o obj ect I Ds. I f a name or OI D can' t
be f ound i n t he i nt er nal map, each MI B f i l e i s par sed i n t ur n
unt i l a mat ch i s f ound. The r out i ne i s used as f ol l ows:
snmpQueue_MI B_Fi l e(f i l ename, [f i l ename])

E. 2 SNMP Operat i ons
The r out i nes f or per f or mi ng SNMP oper at i ons cor r espond t o t he
st andar d SNMP Ver si on 1 oper at i ons
[ E]
and have t he f ol l owi ng
par amet er s i n common:
[E]
Si mon Lei nen' s package supports both SNMP v1 and v2; Mi ke
Mi tchel l ' s SNMP_uti l modul e supports onl y v1.
community (optional)
The community string. If no community string is specified,
public is used.
host (required)
The hostname or IP address of the device you want to
query.
port (optional)
The port number to which to send the query or trap. The
default for all routines except snmptrap() is 161. The
default for snmptrap() is 162.
timeout (optional)
The timeout in seconds; if no response is received within
this period, the operation is considered to have failed
and is retried. The default is 2 seconds.
retries (optional)
The number of retries before the routine returns failure.
The default is 5.
backoff (optional)
The backoff value; for each successive retry, the new
timeout period is obtained by multiplying the current
timeout with the backoff. The default is 1.
OID (required)
The object ID or textual name of the object you are
querying.
E. 2. 1 snmpget ( )
The synt ax of t he snmpget() r out i ne i s:
snmpget(communi ty@host: port: ti meout: retri es: backof f , OI D, [OI D. . . ] )
I f snmpget() f ai l s, i t r et ur ns undef .
Recal l t hat al l t he MI B- I I obj ect s ar e pr el oaded i nt o t hi s Per l
modul e, so t he f ol l owi ng code i s l egal :
@sysDescr =snmpget("publ i c@ci sco. ora. com", "sysDescr");
We di d not speci f y any of t he opt i onal par amet er s ( t i meout ,
backof f , et c. ) ; t he def aul t val ues wi l l be used. Thi s r out i ne
l et s us r equest "sysDescr" as shor t hand f or sysDescr . 0. When t he
Per l modul e bui l ds i t s mappi ngs of names t o obj ect I Ds, i t

aut omat i cal l y appends t he t r ai l i ng . 0 t o any scal ar obj ect s i t
f i nds. Because sysDescr i s a scal ar obj ect def i ned by MI B- 2,
and because t he MI B- 2 obj ect s ar e pr e- l oaded, sysDescr i s
mapped t o . 1. 3. 6. 1. 2. 1. 1. 1. 0. I f you r equest a scal ar obj ect
f r oma pr i vat e MI B, you must append . 0 t o t he OI D.
Si nce one cal l t o snmpget() can r et r i eve many obj ect s, t he r et ur n
val ues ar e st or ed i n an ar r ay. For exampl e:
@oi ds =snmpget("publ i c@ci sco. ora. com", "sysDescr", "sysName");
When t hi s f unct i on cal l execut es, t he val ue f or sysDescr wi l l
be st or ed i n $oi ds[0]; t he val ue f or sysName wi l l be st or ed i n
$oi ds[1]. Al l t he r out i nes i n t hi s package shar e t hi s behavi or .
E. 2. 2 snmpget next ( )
The snmpgetnext() r out i ne per f or ms a get - next oper at i on t o
r et r i eve t he val ue of t he MI B obj ect t hat f ol l ows t he obj ect
you pass t o i t . I t s synt ax i s:
snmpgetnext(communi ty@host: port: ti meout: retri es: backof f , OI D, [OI D. . . ] )
I f snmpgetnext() f ai l s, i t r et ur ns undef .
As wi t h snmpget(), you can r equest many OI Ds; t he r et ur n val ue
f r omsnmpgetnext() i s an ar r ay, wi t h t he r esul t of each get - next
oper at i on i n each successi ve posi t i on i n t he ar r ay. The ar r ay
you get back f r omsnmpgetnext() di f f er s f r omt he ar r ay r et ur ned by
snmpget() i n t hat t he val ue of each obj ect i s pr eceded by t he
obj ect ' s I D, i n t he f or m:
OI D: val ue
Thi s r out i ne r et ur ns bot h t he OI D and t he val ue because wi t h
t he get - next oper at i on you don' t necessar i l y know what t he next
obj ect i n t he MI B t r ee i s.
E. 2. 3 snmpwal k( )
The snmpwal k() r out i ne coul d easi l y be i mpl ement ed wi t h r epeat ed
cal l s t o snmpgetnext(); i t t r aver ses t he ent i r e obj ect t r ee,
st ar t i ng wi t h t he obj ect passed t o i t . I t s synt ax i s:
snmpwal k(communi ty@host: port: ti meout: retri es: backof f , OI D)
I f snmpwal k() f ai l s, i t r et ur ns undef .
Unl i ke many of t he r out i nes i n t hi s modul e, snmpwal k() al l ows onl y
one OI D as an ar gument . Li ke t he ot her r out i nes, i t r et ur ns an
ar r ay of val ues; each el ement of t he ar r ay consi st s of an
obj ect ' s I D f ol l owed by i t s val ue, separ at ed by a col on. For
exampl e, af t er execut i ng t he f ol l owi ng code:
@system=snmpwal k("publ i c@ci sco. ora. com", "system");
The cont ent s of t he ar r ay @systemwoul d be somet hi ng l i ke:
1. 0: ci sco. ora. comCi sco
2. 0: 1. 3. 6. 1. 4. 1. 0
3. 0: 23 days, 11: 01: 57

4. 0: Ora Network Admi n Staf f
5. 0: ci sco. ora. com
6. 0: Atl anta, GA
7. 0: 4
Not e t hat t he ar r ay doesn' t i ncl ude t he ent i r e obj ect I D. We' ve
t ol d snmpwal k() t o wal k t he t r ee st ar t i ng at t he syst emobj ect ,
whi ch has t he OI D . 1. 3. 6. 1. 2. 1. 1. The f i r st chi l d obj ect , and
t he f i r st i t emi n t he ar r ay, i s sysName, whi ch i s
. 1. 3. 6. 1. 2. 1. 1. 1. 0. snmpwal k() r et ur ns 1. 0: ci sco. ora. combecause i t
omi t s t he gener i c par t of t he OI D ( i n t hi s case, syst em) and
pr i nt s onl y t he i nst ance- speci f i c par t ( 1. 0) . Si mi l ar l y, t he
next i t emi n t he ar r ay i s syst em. 2. 0, or syst em. sysObj ect I D. 0 ;
i t s val ue i s Ci sco' s ent er pr i se I D.
E. 2. 4 snmpset ( )
The snmpset() r out i ne al l ows you t o set t he val ue of an obj ect on
an SNMP- managed devi ce. I n addi t i on t o t he st andar d ar gument s
( host name, communi t y, et c. ) , t hi s r out i ne expect s t hr ee
ar gument s f or each obj ect you want i t t o set : t he obj ect ' s I D,
dat at ype, and val ue. The synt ax f or t hi s r out i ne i s:
snmpset(communi ty@host: port: ti meout: retri es: backof f ,
OI D, type, val ue, [OI D, type, val ue. . . ])
The t ype ar gument must be one of t he f ol l owi ng st r i ngs:
string
Represents the string type
int
Represents the 32-bit integer type
ipaddr
Represents the IP address type
oid
Represents the object identifier (OID) type
I f snmpset() f ai l s, i t r et ur ns undef .
Per f or mi ng a set f r oma scr i pt i s st r ai ght f or war d. The
f ol l owi ng code set s t he val ue of sysCont act t o "J oe@Ora". I f t he
oper at i on succeeds, snmpset() r et ur ns t he new val ue f or
sysCont act . I f t he oper at i on f ai l s, t he f s var i abl e i s not set
and snmpset() pr i nt s an er r or message:
$setResponse =
snmpset("pri vate@ci sco. ora. com", sysContact, "stri ng", "J oe@Ora");
i f ($setResponse) {
pri nt "SET: sysContact: $setResponsen";
} el se {
pri nt "No response f romci sco. ora. comn";
}

The most common r easons f or an snmpset() t o f ai l ar e t hat t he
host i sn' t up, t he host i sn' t r unni ng an SNMP agent , or t he
communi t y st r i ng i s wr ong.
E. 2. 5 snmpt rap( )
The snmptrap() r out i ne gener at es an SNMPv1 t r ap. Most of t he
ar gument s ar e f ami l i ar :
snmptrap(communi ty@host: port: ti meout: retri es: backof f ,
enterpri seOI D, agent, general I D, speci f i cI D,
OI D, type, val ue, [OI D, type, val ue. . . ] )
The ent er pr i seOI D, agent , gener al I D, and speci f i cI D ar gument s
ar e di scussed i n Chapt er 10. Each OI D/ t ype/ val ue t r i pl et
def i nes a dat a bi ndi ng t o be i ncl uded i n t he t r ap. OI D i s t he
obj ect I D of t he var i abl e you want t o send, val ue i s t he val ue
you want t o send f or t hi s obj ect , and t ype i s t he obj ect ' s
dat at ype. t ype must be one of t he f ol l owi ng t hr ee st r i ngs:
string
Represents the string type
int
Represents the 32-bit integer type
oid
Represents the object identifier (OID) type
I f snmptrap() f ai l s, i t r et ur ns undef . See Chapt er 10 f or a mor e
det ai l ed di scussi on of SNMP t r aps.

Appendi x F. SNMPv3
Secur i t y has been t he bi ggest weakness of SNMP si nce t he
begi nni ng. Aut hent i cat i on i n SNMP Ver si ons 1 and 2 amount s t o
not hi ng mor e t han a passwor d ( communi t y st r i ng) sent i n cl ear
t ext bet ween a manager and agent . Any secur i t y- consci ous
net wor k or syst emadmi ni st r at or knows t hat cl ear - t ext passwor ds
pr ovi de no r eal secur i t y at al l . I t i s t r i vi al f or someone t o
i nt er cept t he communi t y st r i ng, and once he has i t , he can use
i t t o r et r i eve i nf or mat i on f r omdevi ces on your net wor k, modi f y
t hei r conf i gur at i on, and even shut t hemdown.
The Si mpl e Net wor k Management Pr ot ocol Ver si on 3 ( SNMPv3)
addr esses t he secur i t y pr obl ems t hat have pl agued bot h SNMPv1
and SNMPv2. For al l pr act i cal pur poses, secur i t y i s t he onl y
i ssue SNMPv3 addr esses; t her e ar e no ot her changes t o t he
pr ot ocol . Ther e ar e no new oper at i ons; SNMPv3 suppor t s al l t he
oper at i ons def i ned by Ver si ons 1 and 2. Ther e ar e sever al new
t ext ual convent i ons, but t hese ar e r eal l y j ust mor e pr eci se
ways of i nt er pr et i ng t he dat at ypes t hat wer e def i ned i n ear l i er
ver si ons.

Thi s appendi x pr ovi des an i nt r oduct i on t o SNMPv3 and cover s
SNMPv3 conf i gur at i on f or a Ci sco r out er and t he Net - SNMP agent .
Al t hough SNMPv3 i s not yet a f ul l st andar d, a f ew vendor s sel l
pr oduct s wi t h SNMPv3 suppor t . We chose t o cover t wo popul ar
SNMPv3 i mpl ement at i ons f or our conf i gur at i on exampl es.

F. 1 Changes i n SNMPv3
Al t hough SNMPv3 makes no changes t o t he pr ot ocol asi de f r omt he
addi t i on of cr ypt ogr aphi c secur i t y, i t s devel oper s have managed
t o make t hi ngs l ook much di f f er ent by i nt r oduci ng new t ext ual
convent i ons, concept s, and t er mi nol ogy. The changes t o t he
t er mi nol ogy ar e so r adi cal t hat i t ' s har d t o bel i eve t he new
t er ms essent i al l y descr i be t he same sof t war e as t he ol d ones,
but t hey do. However , t hey do di f f er i n t er ms of how t hey
r el at e t o each ot her and i n t hat t hey speci f y much mor e
pr eci sel y t he pi eces t hat an SNMP i mpl ement at i on needs.
The most i mpor t ant change i s t hat Ver si on 3 abandons t he not i on
of manager s and agent s. Bot h manager s and agent s ar e now cal l ed
SNMP entities. Each ent i t y consi st s of an SNMP engi ne and one
or mor e SNMP appl i cat i ons, whi ch ar e di scussed i n t he f ol l owi ng
sect i ons. These new concept s ar e i mpor t ant because t hey def i ne
an ar chi t ect ur e, r at her t han si mpl y def i ni ng a set of messages;
t he ar chi t ect ur e hel ps t o separ at e di f f er ent pi eces of t he SNMP
syst emi n a way t hat makes a secur e i mpl ement at i on possi bl e.
Let ' s l ook at what t hese concept s mean, st ar t i ng wi t h t he RFCs
t hat def i ne t hem( Tabl e F- 1) .
Tabl e F- 1. RFCs f or SNMPv3
Name Number Status
Last Activity
Date
Ar chi t ect ur e f or SNMP
Fr amewor ks
RFC
2571
Dr af t Apr i l 1999
Message Pr ocessi ng and
Di spat chi ng
RFC
2572
SNMP Appl i cat i ons
RFC
2573
User - based Secur i t y Model
RFC
2574
Vi ew- based Access Cont r ol
Model
RFC
2575
Pr ot ocol Oper at i ons f or
SNMPv2
RFC
1905
Dr af t J anuar y 1996

Tr anspor t Mappi ngs f or
SNMPv2
RFC
1906
MI B f or SNMPv2
RFC
1907
Coexi st ence Bet ween SNMP
Ver si ons
RFC
2576
Pr oposed Mar ch 2000
I nt r oduct i on t o SNMPv3
RFC
2570
I nf or mat i onal Apr i l 1999
Di f f i e- Hel l man USM Key
Management
RFC
2786
Exper i ment al Mar ch 2000
F. 1. 1 The SNMPv3 Engi ne
The engi ne i s composed of f our pi eces: t he Di spat cher , t he
Message Pr ocessi ng Subsyst em, t he Secur i t y Subsyst em, and t he
Access Cont r ol Subsyst em. The Di spat cher ' s j ob i s t o send and
r ecei ve messages. I t t r i es t o det er mi ne t he ver si on of each
r ecei ved message ( i . e. , v1, v2, or v3) and, i f t he ver si on i s
suppor t ed, hands t he message of f t o t he Message Pr ocessi ng
Subsyst em. The Di spat cher al so sends SNMP messages t o ot her
ent i t i es.
The Message Pr ocessi ng Subsyst empr epar es messages t o be sent
and ext r act s dat a f r omr ecei ved messages. A message pr ocessi ng
syst emcan cont ai n mul t i pl e message pr ocessi ng modul es. For
exampl e, a subsyst emcan have modul es f or pr ocessi ng SNMPv1,
SNMPv2, and SNMPv3 r equest s. I t may al so cont ai n a modul e f or
ot her pr ocessi ng model s t hat ar e yet t o be def i ned.
The Secur i t y Subsyst empr ovi des aut hent i cat i on and pr i vacy
ser vi ces. Aut hent i cat i on uses ei t her communi t y st r i ngs ( SNMP
Ver si ons 1 and 2) or SNMPv3 user - based aut hent i cat i on. User -
based aut hent i cat i on uses t he MD5 or SHA al gor i t hms t o
aut hent i cat e user s wi t hout sendi ng a passwor d i n t he cl ear . The
pr i vacy ser vi ce uses t he DES al gor i t hmt o encr ypt and decr ypt
SNMP messages. Cur r ent l y, DES i s t he onl y al gor i t hmused,
t hough ot her s may be added i n t he f ut ur e.
The Access Cont r ol Subsyst emi s r esponsi bl e f or cont r ol l i ng
access t o MI B obj ect s. You can cont r ol what obj ect s a user can
access as wel l what oper at i ons she i s al l owed t o per f or mon
t hose obj ect s. For exampl e, you mi ght want t o l i mi t a user ' s
r ead- wr i t e access t o cer t ai n par t s of t he mi b- 2 t r ee, whi l e
al l owi ng r eadonl y access t o t he ent i r e t r ee.
F. 1. 2 SNMPv3 Appl i cat i ons
Ver si on 3 di vi des most of what we have come t o t hi nk of as SNMP
i nt o a number of appl i cat i ons:

Command generator
Generates get, get-next, get-bulk, and set requests and
processes the responses. This application is implemented
by a Network Management Station (NMS), so it can issue
queries and set requests against entities on routers,
switches, Unix hosts, etc.
Command responder
Responds to get, get-next, get-bulk, and set requests.
This application is implemented by an entity on a Cisco
router or Unix host. (For Versions 1 and 2, the command
responder is implemented by the SNMP agent.)
Notification originator
Generates SNMP traps and notifications. This application
is implemented by an entity on a router or Unix host. (For
Versions 1 and 2, the notification originator is part of
an SNMP agent. Freestanding utilities for generating traps
are also available.)
Notification receiver
Receives traps and inform messages. This application is
implemented by an NMS.
Proxy forwarder
Facilitates message-passing between entities.
RFC 2571 al l ows addi t i onal appl i cat i ons t o be def i ned over
t i me. Thi s abi l i t y t o ext end t he SNMPv3 f r amewor k i s a
si gni f i cant advant age over t he ol der SNMP ver si ons.
F. 1. 3 What Does an Ent i t y Look Li ke?
Thus f ar we' ve t al ked about t he SNMPv3 ent i t y i n t er ms of
abst r act def i ni t i ons. Fi gur e F- 1 ( t aken f r omRFC 2571) shows
how t he component s t hat make up an ent i t y f i t t oget her .
Fi gure F- 1. SNMPv3 ent i t y

F. 1. 4 SNMPv3 Text ual Convent i ons
SNMPv3 def i nes a number of addi t i onal t ext ual convent i ons,
out l i ned i n Tabl e F- 2.

Tabl e F- 2. SNMPv3 Text ual Convent i ons
Textual Convention Description
SnmpEngi neI D
An admi ni st r at i vel y uni que
i dent i f i er f or an SNMP engi ne.
Obj ect s of t hi s t ype ar e f or
i dent i f i cat i on, not f or addr essi ng,
even t hough an addr ess can be used
i n t he gener at i on of a speci f i c
val ue. RFC 2571 pr ovi des a det ai l ed
di scussi on of how SnmpEngi neI Ds ar e
cr eat ed.
SnmpSecur i t yModel
An SNMP secur i t yModel ( SNMPv1,
SNMPv2, or USM) . USM st ands f or
User - based Secur i t y Model , whi ch i s
t he secur i t y met hod used i n SNMPv3.
SnmpMessagePr ocessi ngModel
A Message Pr ocessi ng Model used by
t he Message Pr ocessi ng Subsyst em.
SnmpSecur i t yLevel
The l evel of secur i t y at whi ch SNMP
messages can be sent , or t he l evel
of secur i t y at whi ch oper at i ons ar e
bei ng pr ocessed. Possi bl e val ues ar e
noAuthNoPri v ( wi t hout aut hent i cat i on and
wi t hout pr i vacy) , authNoPri v ( wi t h
aut hent i cat i on but wi t hout pr i vacy) ,
and authPri v ( wi t h aut hent i cat i on and
wi t h pr i vacy) . These t hr ee val ues
ar e or der ed such t hat noAuthNoPri v i s
l ess t han authNoPri v and authNoPri v i s
l ess t han authPri v.
SnmpAdmi nSt r i ng
An oct et st r i ng cont ai ni ng
admi ni st r at i ve i nf or mat i on,
pr ef er abl y i n human- r eadabl e f or m.
The st r i ng can be up t o 255 byt es i n
l engt h.
SnmpTagVal ue
An oct et st r i ng cont ai ni ng a t ag
val ue. Tag val ues ar e pr ef er abl y i n
human- r eadabl e f or m. Accor di ng t o
RFC 2573, val i d t ags i ncl ude acme,
router, and host.
SnmpTagLi st
An oct et st r i ng cont ai ni ng a l i st of
t ag val ues. Tag val ues ar e
pr ef er abl y i n human- r eadabl e f or m.
Accor di ng t o RFC 2573, val i d
exampl es of a t ag l i st ar e t he empt y

st r i ng, acme router, and host managerStati on.
KeyChange
An obj ect used t o change
aut hent i cat i on and pr i vacy keys.

F. 2 Conf i guri ng SNMPv3
Now we get t o put t he SNMPv3 concept s t o use. We' l l l ook at t wo
exampl es: conf i gur i ng a Ci sco r out er and set t i ng up t he Net -
SNMP t ool s on a syst emr unni ng Uni x. The concept s ar e t he same
f or bot h ent i t i es; t he onl y di f f er ence i s how you conf i gur e
SNMPv3.
Most of t he wor k i n admi ni st er i ng SNMPv3 has t o do wi t h
managi ng user s and t hei r passwor ds. I t shoul dn' t be sur pr i si ng
t hat t he t abl e of user s, passwor ds, and ot her aut hent i cat i on
i nf or mat i on i s j ust anot her SNMP t abl e, cal l ed usmUser . The
t abl e' s f ul l obj ect I D i s
. i so. or g. dod. i nt er net . snmpV2. snmpModul es. snmpUsmMI B. usmMI BObj ec
t s usmUser ; t he numer i c f or mi s . 1. 3. 6. 1. 6. 3. 15. 1. 2.
F. 2. 1 Conf i guri ng SNMPv3 f or a Ci sco Rout er
Chapt er 7 descr i bes how t o conf i gur e SNMP on a Ci sco r out er .
Thi s sect i on assumes t hat you' r e al r eady f ami l i ar wi t h I OS and
t hat we don' t have t o t el l you t he basi cs, such as how t o l og
i nt o t he r out er and get t o pr i vi l eged mode. I t al so assumes
t hat you' ve r ead Chapt er 7 and have conf i gur ed basi c SNMP on
your r out er .
The f i r st t ask i n conf i gur i ng SNMPv3 i s t o def i ne a vi ew. To
si mpl i f y t hi ngs, we' l l cr eat e a vi ew t hat al l ows access t o t he
ent i r e i nt er net subt r ee:
router(conf i g)#snmp- server vi ewreadvi ewi nt ernet i ncl uded
Thi s command cr eat es a vi ew cal l ed r eadvi ew. I f you want t o
l i mi t t he vi ew t o t he syst emt r ee, f or exampl e, r epl ace i nternet
wi t h system. The i ncl uded keywor d st at es t hat t he speci f i ed t r ee
shoul d be i ncl uded i n t he vi ew; use excl uded i f you want ed t o
excl ude a cer t ai n subt r ee.
Next , cr eat e a gr oup t hat uses t he new vi ew. The f ol l owi ng
command cr eat es a gr oup cal l ed r eadonl y ; v3 means t hat SNMPv3
shoul d be used. The auth keywor d speci f i es t hat t he ent i t y
shoul d aut hent i cat e packet s wi t hout encr ypt i ng t hem; read readvi ew
says t hat t he vi ew named r eadvi ew shoul d be used whenever
member s of t he r eadonl y gr oup access t he r out er .
router(conf i g)#snmp- server group readonl y v3 aut h read readvi ew
Now l et ' s cr eat e a user . The f ol l owi ng command cr eat es a user
cal l ed kschmi dt , who bel ongs t o t he r eadonl y gr oup. auth md5
speci f i es t hat t he r out er shoul d use MD5 t o aut hent i cat e t he
user ( t he ot her possi bi l i t y i s sha) . The f i nal i t emon t he

command l i ne i s t he user ' s passwor d or passphr ase, whi ch may
not exceed 64 char act er s.
router(conf i g)#snmp- server user kschmi dt readonl y v3 aut h md5 mysecret pass
Thi s conf i gur at i on uses encr ypt i on onl y t o pr event passwor ds
f r ombei ng t r ansf er r ed i n t he cl ear . The SNMP packet s
t hemsel ves, whi ch may cont ai n i nf or mat i on t hat you don' t want
avai l abl e t o t he publ i c, ar e sent wi t hout encr ypt i on and can
t her ef or e be r ead by anyone who has a packet sni f f er and access
t o your net wor k. I f you want t o go a st ep f ur t her and encr ypt
t he packet s t hemsel ves, use a command l i ke t hi s:
router(conf i g)#snmp- server user kschmi dt readonl y v3 aut h md5 mysecret pass
pri v des56 passphrase
The addi t i onal keywor ds on t hi s command speci f y pr i vacy ( i . e. ,
encr ypt i on f or al l SNMP packet s) , use of DES 56- bi t encr ypt i on,
and a passphr ase t o use when encr ypt i ng packet s.
The encr ypt ed passwor ds and passphr ases depend on t he engi ne
I D, so i f t he engi ne I D changes you' l l need t o del et e any user s
you have def i ned ( wi t h t he f ami l i ar I OS no command) , and
r ecr eat e t hem( wi t h snmp-server user commands) . Why woul d t he
engi ne I D change? I t ' s possi bl e t o set t he engi ne I D on t he I OS
command l i ne. You shoul dn' t ever need t o set t he engi ne I D
expl i ci t l y, but i f you do, you' l l have t o del et e and r ecr eat e
your user s.
Thi s has been t he br i ef est of i nt r oduct i ons t o conf i gur i ng
SNMPv3 on a Ci sco r out er . For mor e i nf or mat i on see Ci sco' s
document at i on, whi ch i s avai l abl e at
ht t p: / / www. ci sco. com/ uni ver cd/ cc/ t d/ doc/ pr oduct / sof t war e/ i os120
/ 120newf t / 120t / 120t 3/ snmp3. ht m.
F. 2. 2 Conf i guri ng SNMPv3 f or Net - SNMP
Chapt er 7 descr i bes basi c conf i gur at i on f or Net - SNMP. I n t hi s
sect i on, we di scuss how t o conf i gur e Net - SNMP' s Ver si on 3
f eat ur es. Fi r st , we wi l l di scuss how t o conf i gur e SNMPv3 by
edi t i ng t he snmpd.conf
[ F]
f i l es. Not e t hat you must i nst al l
OpenSSL bef or e edi t i ng t he f i l es i f you want t o use ei t her DES
or SHA. OpenSSL i s avai l abl e f r omht t p: / / www. openssl . or g.
[F]
There are two snmpd. conf f i l es i n pl ay here: the normal
/ usr/ share/ snmp/ snmpd. conf f i l e and the persi stent / var/ ucd-
snmp/ snmpd. conf f i l e. The persi stent f i l e wi l l be di scussed
momentari l y.
To cr eat e a user named kschmi dt who has r ead- wr i t e access t o
t he syst emsubt r ee, add t he f ol l owi ng l i ne t o your snmpd.conf
f i l e:
rwuser kschmi dt auth system
To cr eat e a user wi t h r eadonl y access, use t he command rouser
i nst ead of rwuser. The auth keywor d r equest s secur e

aut hent i cat i on, but not pr i vacy: t he SNMP packet s t hemsel ves
ar en' t encr ypt ed. The ot her possi bi l i t i es ar e noauth ( no
aut hent i cat i on and no pr i vacy) and pri v ( aut hent i cat i on and
pr i vacy) . Now add t he f ol l owi ng l i ne t o /var/ucd-
snmp/snmpd.conf:
createUser kschmi dt MD5 mysecretpass
Thi s cr eat es an MD5 passwor d f or t he user kschmi dt . The
passwor d assi gned t o kschmi dt i s mysecretpass. To cr eat e a user
wi t h a DES passphr ase i n addi t i on t o an MD5 passwor d, add t he
f ol l owi ng l i ne t o /var/ucd-snmp/snmpd.conf:
createUser kschmi dt MD5 mysecretpass DES mypassphrase
I f you omi t mypassphrase, Net - SNMP set s t he DES passphr ase t o be
t he same as t he MD5 passwor d. The RFCs f or SNMPv3 r ecommend
t hat passwor ds and passphr ases be at l east ei ght char act er s
l ong; Net - SNMP enf or ces t hi s r ecommendat i on and won' t accept
shor t er passwor ds.
Af t er maki ng t hese changes, st op and r est ar t t he agent . When
t he agent i s st ar t ed, i t r eads t he conf i gur at i on f i l e, comput es
secr et keys f or t he user s you have added, and del et es t he
createUser commands f r omt he f i l e. I t t hen pl aces t he secr et key
i n t he conf i gur at i on f i l e. Thi s behavi or has a number of
consequences. The secr et key i s based on t he engi ne I D, whi ch
f or Net - SNMP i s based on t he I P addr ess. Ther ef or e, you can' t
copy conf i gur at i on f i l es f r omone machi ne t o anot her .
Fur t her mor e, i f you change a machi ne' s I P addr ess, you wi l l
have t o r econf i gur e Net - SNMP: st op t he agent , edi t /var/ucd-
snmp/snmpd.conf, del et e any ent r i es Net - SNMP has added f or your
user s, add createUser commands t o r ecr eat e your user s, and st ar t
t he agent agai n.
Now we can per f or man snmpwalk usi ng Ver si on 3 aut hent i cat i on.
The f ol l owi ng command speci f i es Ver si on 3, wi t h t he user name
kschmi dt, r equest i ng aut hent i cat i on wi t hout pr i vacy usi ng t he MD5
al gor i t hm. The passwor d i s mysecretpass:
$ snmpwal k - v 3 - u kschmi dt - l aut hNoPri v - a MD5 - A mysecret pass
server. ora. com
system. sysDescr. 0 =Li nux server 2. 2. 14- VA. 2. 1 #1 Mon J ul 31 21: 58: 22 PDT 2000 i 686
system. sysObj ectI D. 0 =OI D: enterpri ses. ucdavi s. ucdSnmpAgent. l i nux
system. sysUpTi me. 0 =Ti meti cks: (1360) 0: 00: 13. 60
system. sysContact. 0 ="Ora Network Admi n"
system. sysName. 0 =server
system. sysLocati on. 0 ="Atl anta, Ga"
system. sysORLastChange. 0 =Ti meti cks: (0) 0: 00: 00. 00
system. sysORTabl e. sysOREntry. sysORI D. 1 =OI D: i f MI B
. . .
system. sysORTabl e. sysOREntry. sysORUpTi me. 9 =No more vari abl es l ef t i n thi s MI B Vi ew
Not e t hat we see onl y obj ect s f r omt he syst emsubt r ee, even
t hough t he command t r i es t o wal k t he ent i r e t r ee. Thi s
l i mi t at i on occur s because we have gi ven kschmi dt access onl y t o

t he syst emsubt r ee. I f kschmi dt t r i es t o quer y a subt r ee he i s
not al l owed t o access, he get s t he f ol l owi ng r esul t :
$ snmpwal k - v 3 - u kschmi dt - l aut hNoPri v - a MD5 - A mysecret pass
server. ora. comi nt erf aces
i nterf aces =No more vari abl es l ef t i n thi s MI B Vi ew
I f you want pr i vacy i n addi t i on t o aut hent i cat i on, use a
command l i ke t hi s:
$ snmpwal k - v 3 - u kschmi dt - l aut hPri v - a MD5 - A mysecret pass - x DES - X
mypassphrase server. ora. com
Remember t hat t o use DES pr i vacy, you must i nst al l t he OpenSSL
l i br ar y.
F. 2. 2. 1 Usi ng snmpusmt o manage users
The Net - SNMP ut i l i t y snmpusmi s used t o mai nt ai n SNMPv3 user s.
The f ol l owi ng command cr eat es t he user kj s by cl oni ng t he
kschmi dt user :
$ snmpusm- v 3 - u kschmi dt - l aut hNoPri v - a MD5 - A mysecret pass l ocal host creat e kj s
kschmi dt
Si nce kj s was cl oned f r omkschmi dt , t he t wo user s now have t he
same aut hor i zat i on, passwor d, and passphr ase. I t ' s obvi ousl y
essent i al t o change kj s ' s passwor d. To do so, use snmpusmwi t h
t he -Ca opt i on. Si mi l ar l y, t o change t he pr i vacy passphr ase,
use -Cx. The f ol l owi ng t wo commands change t he passwor d and
passphr ase f or t he new user kj s:
$ snmpusm- v3 - l aut hNoPri v - u kj s - a MD5 - A mysecret pass l ocal host passwd
- Co - Ca mysecret pass mynewpass
$ snmpusm- v3 - l aut hPri v - u kj s - a MD5 - A mysecret pass l ocal host passwd
- Co - Cx mypassphrase mynewphrase
Ther e ar e many t hi ngs t o not e about t hi s seemi ngl y si mpl e
oper at i on:
You must know both the password and passphrase for
kschmidt to set up a new password and passphrase for kjs.
According to the documentation, Net-SNMP allows you to
clone any given user only once. It's not clear whether
this means that you can create only one clone of a user or
that once you have created a clone, you can't create a
clone of that clone. In any case, this restriction doesn't
appear to be enforced.
snmpusm can only clone users; it can't create them from
scratch. Therefore, you must create the initial user by
hand, using the process described above. (This isn't quite
true. snmpusm can create a user, but once you've done so
you have to assign it a password by changing its previous
password. So you're in a catch-22: the new user doesn't
have a password, so you can't change its password.)
For t he user t o be wr i t t en t o t he per si st ent snmpd.conf f i l e,
you must ei t her st op and r est ar t t he agent or send an HUP
si gnal t o t he snmpd pr ocess. Thi s f or ces t he agent t o wr i t e t he

cur r ent st at e of t he user t abl e t o di sk, so t he agent can
r er ead i t upon st ar t up. Not e t hat kill -9 does not pr oduce t he
desi r ed r esul t .
The snmpusm command exi st s pr i mar i l y t o al l ow end user s t o
manage t hei r own passwor ds and passphr ases. As t he
admi ni st r at or , you may want t o change your user s' passwor ds and
passphr ases per i odi cal l y. Thi s i s possi bl e onl y i f you keep a
mast er l i st of user s and t hei r passwor ds and passphr ases.
I f t he engi ne I D changes, you wi l l have t o r egener at e al l t he
user names, passwor ds, and passphr ases. ( Remember t hat t he
engi ne I D depends i n par t on t he host ' s I P addr ess and
t her ef or e changes i f you have t o change t he addr ess. ) To do
t hi s, st op t he agent and edi t t he /var/ucd-snmp/snmpd.conf
f i l e. Remove al l t he per si st ent usmUser ent r i es and add new
createUser commands ( as descr i bed pr evi ousl y) f or your user s. A
usmUser ent r y l ooks somet hi ng l i ke t hi s:
usmUser 1 3 0x800007e580e134af 77b9d8023b 0x6b6a7300 0x6b6a7300 NULL
. 1. 3. 6. 1. 6. 3. 10. 1. 1. 2 0xb84cc525635a155b6eb5f be0e3597873
. 1. 3. 6. 1. 6. 3. 10. 1. 2. 2 0x1cf d8d3cadd95abce8ef f f 7962002e24 ""
F. 2. 2. 2 Si mpl i f yi ng commands by set t i ng def aul t s
At t hi s poi nt you may be wonder i ng why anyone woul d use SNMPv3,
because t he commands ar e so pai nf ul l y l ong and compl ex t hat
i t ' s pr act i cal l y i mpossi bl e t o t ype t hemcor r ect l y.
For t unat el y, t her e' s a way ar ound t hi s pr obl em. Net - SNMP al l ows
you t o set conf i gur at i on var i abl es t hat t he commands pi ck up
when t hey execut e. Cr eat e a di r ect or y i n your home di r ect or y
cal l ed .snmp, t hen edi t t he snmp.conf f i l e. Add ent r i es t hat
l ook l i ke t hi s:
def Securi tyName kschmi dt
def AuthType MD5
def Securi tyLevel authPri v
def AuthPassphrase mysecretpass
def Pri vType DES
def Pri vPassphrase mypassphrase
def Versi on 3
The f i el ds i n t hi s f i l e ar e:
defSecurityName
The SNMPv3 username.
defAuthType
The authentication method (either MD5 or SHA).
defSecurityLevel
The security level for the user. Valid levels are
noAuthNoPri v, authNoPri v, and authPri v.
defAuthPassphrase
Your password; must be at least eight characters long.
defPrivType

The privacy protocol to use. Only DES is supported at this
time.
defPrivPassphrase
Your privacy passphrase; not needed if the security level
is noAuthNoPri v or authNoPri v. Must be at least eight characters
long.
defVersion
The SNMP version to use (in this case, SNMPv3).
You can al so use t he snmpconf command t o set up t hi s f i l e.
snmpconf pr ompt s you f or t he var i ous passwor ds and keywor ds
t hat need t o be i n t he f i l e. I n our opi ni on, i t ' s easi er t o
wr i t e t he f i l e your sel f .
Once you' ve cr eat ed snmp.conf, you can use def aul t s t o si mpl i f y
your commands. For exampl e, t he f ol l owi ng command:
$ snmpwal k - v3 - u kschmi dt - l aut hPri v - a MD5 - A mysecret pass - x DES - X mypassphrase
l ocal host
becomes:
$ snmpwal k l ocal host
These def aul t s appl y t o al l Net - SNMP commands, i ncl udi ng
snmpusm.
F. 2. 2. 3 Sendi ng SNMPv3 t raps wi t h Net - SNMP
Sendi ng an SNMPv3 t r ap wi t h Net - SNMP i s easy.
[ F]
Si mpl y r un
snmptrap wi t h t he nor mal SNMPv2 t r ap opt i ons combi ned wi t h
SNMPv3 opt i ons. For exampl e:
[F]
SNMPv3 traps are si mpl y SNMPv2 traps wi th added
authenti cati on and pri vacy capabi l i ti es.
$ snmpt rap - v3 - l aut hPri v - u kj s - a MD5 - A mysecret pass - x DES - X mypassphrase
l ocal host ' ' . 1. 3. 6. 1. 6. 3. 1. 1. 5. 3 i f I ndex i 2 i f Admi nSt at us i 1 i f OperSt at us i 1
Set t i ng t he appr opr i at e conf i gur at i on opt i ons i n
~/.snmp/snmp.conf gr eat l y r educes t he compl exi t y of t he
command:
$ snmptrap l ocal host ' ' . 1. 3. 6. 1. 6. 3. 1. 1. 5. 3 i f I ndex i 2 i f Admi nStatus i 1 i f OperStatus
i 1

F. 3 Fi nal Words on SNMPv3
Whi l e vendor s have begun t o suppor t SNMPv3 i n t hei r pr oduct s,
keep i n mi nd t hat i t i s st i l l a dr af t st andar d, not a f ul l
st andar d. I f you woul d l i ke t o keep t r ack of SNMPv3 happeni ngs,
you can vi si t t he I nt er net Engi neer i ng Task For ce' s ( I ETF)
SNMPv3 wor ki ng gr oup si t e at
ht t p: / / www. i et f . or g/ ht ml . char t er s/ snmpv3- char t er . ht ml .

Colophon

Our l ook i s t he r esul t of r eader comment s, our own
exper i ment at i on, and f eedback f r omdi st r i but i on channel s.
Di st i nct i ve cover s compl ement our di st i nct i ve appr oach t o
t echni cal t opi cs, br eat hi ng per sonal i t y and l i f e i nt o
pot ent i al l y dr y subj ect s.
The ani mal s on t he cover of Essential SNMP ar e r ed deer ( Cer vus
el aphus) . Mal e r ed deer , al so known as st ags or har t s, can gr ow
t o over 400 l bs. and st and 42- 54 i nches t al l at t he shoul der .
Femal es, or hi nds, ar e mor e sl i ght l y bui l t and usual l y r each a
wei ght of onl y about 200 l bs. The col or of t he r ed deer ' s coat
r anges f r oma war mr eddi sh- br own i n t he summer t o a dar ker
gr ayi sh- br own i n wi nt er . Cal ves ar e spot t ed at bi r t h, but t he
spot s f ade af t er about t wo mont hs.
The t ypi cal f ami l y gr oup consi st s of a hi nd, a new cal f , a
year l i ng cal f , and per haps a 2- 3 year ol d st ag. Mat ur e st ags
and hi nds l i ve i n separ at e gr oups f or most of t he year , wi t h
t he hi nds t endi ng t o monopol i ze t he bet t er , mor e gr assy
habi t at s. At t he st ar t of t he mat i ng season ( t he r ut ) i n t he
ear l y f al l , t he st ags spl i t up and j oi n t he f emal es. Each
el i gi bl e st ag est abl i shes a har emof up t o 20 or mor e hi nds,
whi ch he def ends vi gor ousl y dur i ng t he r ut . Dur i ng t hi s per i od,
whi ch t ypi cal l y l ast s 6- 8 weeks, t he st ags of t en f or ego eat i ng
and can l ose as much as 15%of t hei r body mass.
Red deer ar e one of t he most wi del y di st r i but ed deer speci es:
t hough t hey ar e nat i ve t o Eur ope, t oday t hey can be f ound
ever ywher e f r omNew Zeal and t o Nor t h Amer i ca. They ar e
her bi vor es, f eedi ng mai nl y on r ough gr asses, young t r ee shoot s,
and shr ubs. For est - dwel l er s by nat ur e, t hey can adapt easi l y t o
di f f er ent cl i mat es and t er r ai n. I n many of t he ar eas i n whi ch
t hey wer e i nt r oduced r ed deer ar e commer ci al l y f ar med f or
veni son and ant l er vel vet , whi ch has been used i n t r adi t i onal
Chi nese medi ci ne f or over 2, 000 year s t o t r eat a br oad r ange of
ai l ment s i ncl udi ng anemi a, ar t hr i t i c pai n and r heumat i sm,
ki dney di sor der s, and st r ess.
Rachel Wheel er was t he pr oduct i on edi t or and copyedi t or f or
Essential SNMP. Col l een Gor man was t he pr oof r eader and
Cat her i ne Mor r i s pr ovi ded qual i t y cont r ol . Sada Pr ei sch
pr ovi ded pr oduct i on assi st ance. J an Wr i ght wr ot e t he i ndex.
El l i e Vol ckhausen desi gned t he cover of t hi s book, based on a
ser i es desi gn by Edi e Fr eedman. The cover i mage i s a 19t h-
cent ur y engr avi ng f r omt he Dover Pi ct or i al Ar chi ve. Emma Col by
pr oduced t he cover l ayout wi t h Quar kXPr ess 4. 1 usi ng Adobe' s
I TC Gar amond f ont .
Davi d Fut at o desi gned t he i nt er i or l ayout based on a ser i es
desi gn by Nancy Pr i est . Nei l Wal l s conver t ed t he f i l es f r om
Mi cr osof t Wor d t o Fr ameMaker 5. 5. 6 usi ng t ool s cr eat ed by Mi ke
Si er r a. The t ext and headi ng f ont s ar e I TC Gar amond Li ght and
Gar amond Book; t he code f ont i s Const ant Wi l l i son. The

i l l ust r at i ons t hat appear i n t he book wer e pr oduced by Rober t
Romano and J essamyn Read usi ng Macr omedi a Fr eeHand 9 and Adobe
Phot oshop 6. Thi s col ophon was wr i t t en by Rachel Wheel er .
The onl i ne edi t i on of t hi s book was cr eat ed by t he Saf ar i
pr oduct i on gr oup ( J ohn Chodacki , Becki Mai sch, and Madel ei ne
Newel l ) usi ng a set of Fr ame- t o- XML conver si on and cl eanup
t ool s wr i t t en and mai nt ai ned by Er i k Ray, Benn Sal t er , J ohn
Chodacki , and J ef f Li gget t .

O'Reilly - Essential SNMP

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

O'Reilly - Essential SNMP

Transféré par

Droits d'auteur :

Formats disponibles

Table of Contents

Vous aimerez peut-être aussi

O&#39;Reilly - Essential SNMP

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

O&#39;Reilly - Essential SNMP

Transféré par

Droits d'auteur :

Formats disponibles

Table of Contents

Vous aimerez peut-être aussi

O'Reilly - Essential SNMP

O'Reilly - Essential SNMP