Simple Network Management Protocol (SNMP)
SNMP is a protocol to monitor and control network attached devices. SNMP agents that run on the devices can provide status information about the device upon request, or even send TRAP messages to specific hosts, when an event occurs. SNMP can also be used to manage devices over the network by setting the given parameter on the device.
SNMP is a client/server protocol. A SNMP server (or agent) is a piece of software that runs on hosts and keeps one or more databases of almost live information about the host. These databases are called Management Information Bases (MIBs).
On the other hand, the SNMP client queries SNMP servers/agents for information. This information can be used in a Network Management System (NMS) to monitor the status of the device, or can be used to draw statistics graphs.
There are various open-source SNMP suites available that can be used in FreeBSD. This tutorial discusses two important SNMP implementations in FreeBSD as shown here:
- Net-SNMP, that is available via ports system, is a very popular open-source SNMP toolkit.
- bsnmpd is a light-weight SNMP agent that is available in FreeBSD's base system.
The bsnmpd(1) daemon is a very light-weight SNMP daemon that is supposed to serve only the basic SNMP MIBS, and the other MIBS through loadable modules. The bsnmpd(1) is available in FreeBSD base system, out of the box.
Setting up a basic SNMP server using bsnmpd is pretty straightforward:
Adding this line to /etc/rc.conf file will enable the daemon so that it is started automatically, upon system start up. You should then start the daemon, manually, for the first time:
# /etc/rc.d/bsnmpd start
And you are set.
Now bsnmpd(1) is running with the default configuration (which is not always secure) and it is highly recommended that you customize the configuration for your needs.
The configuration file is located at /etc/snmpd.config. You need to change a few basic things, such as location and contact fields, and most importantly, the read and write to community strings.
In SNMP, the community strings are almost equal to passwords. Anyone who knows your community string can poll status information from your SNMP server, or even change the variables over the network.
Following is a sample of secured snmpd.config file:
location := "Datacenter" contact := "firstname.lastname@example.org" system := 1 # FreeBSD traphost := localhost trapport := 162 read := "p^49Gb*z0n$0" write := "wMt54%z@0Rcj3"
The sample configuration file also contains a modules section in which it loads appropriate modules, if necessary. One module that is loaded by default is SNMP MIB II module that contains basic information about the host. There are also a few other modules available such as Netgraph Module, PF Module, and Bridge Module. For more information about the other modules, please see documents and MIBs under the /usr/share/snmp directory.
NET-SNMP is a complete suite of open-source SNMP tools, including client and server components, and supports the SNMP v1, v2c, and v3 protocols. NET-SNMP is very popular, and has many modules that can be used to extend its functionality.
Unlike bsnmpd(1), the NET-SNMP is a fully loaded SNMP toolkit that contains many MIBs and supports many protocol extensions, and also includes a handful of client and test tools. NET-SNMP is the right choice for a complex SNMP scenario.
NET-SNMP is available in ports tree under the /usr/ports/net-mgmt/net-snmp directory. After installing the port, you can enable the NET-SNMP in the /etc/ rc.conf file using appropriate configuration variable:
You can then manually start the daemon by issuing the following command:
# /usr/local/etc/rc.d/snmpd start
The NET-SNMP configuration is somehow complicated, as compared to bsnmpd. The configuration consists of a set of configuration files that can be found under the /usr/local/share/snmp subdirectory. The most important configuration file is snmpd.conf,which contains configuration information for the SNMP server component.
You do not have to edit the configuration files manually. The snmpconf(1) utility can be used to edit the configuration in a step-by-step manner.
You need to perform some basic initial setup for your NET-SNMP daemon, before you can actually use it. These configuration parameters consist of the basic contact and location information, as well as community names and network access policies. All these steps can be done using the following command:
# snmpconf -i
The snmpconf(1) utility then asks you, which component you want to configure and starts asking you questions about your preferred setup parameters. Once finished, it will automatically install the configuration file in the correct location, and all you need to do is to start or restart the SNMP daemon.
The NET-SNMP is bundled with a Swiss army knife of SNMP client and test tools. Using these utilities, you can perform various SNMP operations from the command line. The client set consists of the following tools:
Utility Name Description of functionality snmpget Queries SNMP server for a specific variable using GET request. snmpgetnext Queries SNMP server for a specific variable using GETNEXT request. snmpset Sends a SET request to SNMP server to update a specific variable. snmpwalk Retrieves a subtree of variables from SNMP server. snmpbulkget Queries SNMP server for a set of variables using GETBULK request. snmpbulkwalk Retrieves a subtree of variable from SNMP server using GETBULK request. snmpdelta Monitors delta differences in SNMP counter values. snmpinform Sends an INFORM-PDU to the trap receiver. snmpnetstat Displays network status and configuration information of a SNMP server. snmptest Communicates with SNMP servers using user specified SNMP requests. snmpstatus Retrieves a fixed set of management information from SNMP server. snmptable Retrieves an SNMP table and displays it in tabular format. snmptranslate Translates OID names from numeric to text and vice versa. snmpusm Manages SNMPv3 users on SNMP servers. snmpvacm Manages SNMPv3 View-based Access Control on SNMP servers. snmpdf Retrieves disk usage information from SNMP server. snmptrap Sends TRAP-PDU or TRAP2-PDU to trap receiver.
The snmpget(1) utility is a handy tool to retrieve SNMP variables from an SNMP agent.
# snmpget -v 1 -c public 10.10.1.3 sysName.0 SNMPv2-MIB::sysName.0 = STRING: server01.example.org
This example shows retrieveing sysName variable from host 10.10.1.3. This query is initiaited using SNMP version 1 (hence the -v parameter) and a read-only community named public is configured on the SNMP server.
On the other hand, snmpwalk(1) actually retrieves a complete sub-tree from the SNMP server. It can be used to populate a complete set of data from an SNMP-enabled host.
# snmpwalk -v 1 -c public 10.10.1.3 IF-MIB::ifDescr IF-MIB::ifDescr.1 = STRING: sis0 IF-MIB::ifDescr.2 = STRING: xl0 IF-MIB::ifDescr.3 = STRING: lo0
This example shows how to retrieve the ifDescr sub-tree from IF-MIB. Note that you can retrieve the complete SNMP MIB tree from the host, if you do not specify any SNMP OID in parameters. This will most likely give a huge amount of output, but it is useful to see what kind of information you can get from the host.