How to configure a switch in Nagios to be polled via SNMP v3?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to configure a switch in Nagios to be polled via SNMP v3?
Hi all,
I have a Cisco 2960 which is configured for SNMP. The machine's IP is 10.10.10.3 and can communicate with the Cisco 2960 switch 10.10.10.2 via SNMP.
(I tested it with snmpwalk -v 3 -u tom -l authPriv -a sha -A [passwordpassword] -x aes -X passwordpassword 10.10.10.2)
And I also modified Nagios's switch.cfg (code below). Nagios is now monitoring the switch, but I would like the switch to be polled via SNMP v3. So I understand the check_command part should be changed but am not sure how to do that.
Can you please help?
Thanks in advance,
t
Code:
###############################################################################
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
###############################################################################
# Define the switch that we'll be monitoring
define host{
use generic-switch ; Inherit default values from a template
host_name linksys-srw224p ; The name we're giving to this switch
alias Linksys SRW224P Switch ; A longer name associated with the switch
address 192.168.1.253 ; IP address of the switch
hostgroups switches ; Host groups this switch is associated with
}
define host{
use generic-switch
host_name core-switch
alias Cisco Core Switch
address 10.10.10.2
hostgroups switches
}
###############################################################################
###############################################################################
#
# HOST GROUP DEFINITIONS
#
###############################################################################
###############################################################################
# Create a new hostgroup for switches
define hostgroup{
hostgroup_name switches ; The name of the hostgroup
alias Network Switches ; Long name of the group
}
###############################################################################
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
###############################################################################
# Create a service to PING to switch
define service{
use generic-service ; Inherit values from a template
host_name linksys-srw224p ; The name of the host the service is associated with
service_description PING ; The service description
check_command check_ping!200.0,20%!600.0,60% ; The command used to monitor the service
normal_check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_check_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
# Monitor uptime via SNMP
define service{
use generic-service ; Inherit values from a template
host_name linksys-srw224p
service_description Uptime
check_command check_snmp!-C public -o sysUpTime.0
}
# Monitor Port 1 status via SNMP
define service{
use generic-service ; Inherit values from a template
host_name linksys-srw224p
service_description Port 1 Link Status
check_command check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB
}
# Monitor bandwidth via MRTG logs
define service{
use generic-service ; Inherit values from a template
host_name linksys-srw224p
service_description Port 1 Bandwidth Usage
check_command check_local_mrtgtraf!/var/lib/mrtg/192.168.1.253_1.log!AVG!1000000,1000000!5000000,5000000!10
}
# Service definition to ping the switch using check_ping
define service{
use generic-service
hostgroup_name switches
service_description PING
check_command check_ping!200.0,20%!600.0,60%
normal_check_interval 5
retry_check_interval 1
}
# Service definition to monitor switch uptime using check_snmp
define service{
use generic-service
hostgroup_name switches
service_description Uptime
check_command check_snmp!-C public -o sysUpTime.0
}
# Monitor status of port number 1 on the Cisco core switch
define service{
use generic-service
host_name core-switch
service_description Port 1 Link Status
check_command check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB
}
# Monitor status of port number 5 on the Cisco core switch
define service{
use generic-service
host_name core-switch
service_description Port 5 Link Status
check_command check_snmp!-C public -o ifOperStatus.5 -r 1 -m RFC1213-MIB
}
# Monitor ports 1 - 6 on the Cisco core switch.
define service{
use generic-service
host_name core-switch
service_description Ports 1-6 Link Status
check_command check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB, -o ifOperStatus.2 -r 1 -m RFC1213-MIB, -o ifOperStatus.3 -r 1 -m RFC1213-MIB, -o ifOperStatus.4 -r 1 -m RFC1213-MIB, -o ifOperStatus.5 -r 1 -m RFC1213-MIB, -o ifOperStatus.6 -r 1 -m RFC1213-MIB
}
Run the check_snmp command from command line with the -h flag to see what it gives you for help. If it allows for specifying the snmp version it should show up in the help output. e.g.
/usr/local/nagios/bin/check_snmp -h
I don't have it installed here so can't do it for you.
Alternatively you don't have to use check_snmp - you can create your own script and do the snmpwalk or other command and tailor the check to your needs. An example I found on my install is disk_by_snmp:
Code:
#!/bin/sh
#
# 2003-01-17, Fredrik Wanglund
#
# This plugin will check the used-space on a particular disk via SNMP.
# The plugin returns warning and critical status when the free space
# drops below specified percentages.
#
# To use the plugin you need to set up a few things;
# First, add the following check-command (typically in etc/checkcommands.cfg)
#
# define command {
# command_name disk_by_snmp
# command_line /usr/local/nagios/libexec/disk_by_snmp $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$ $ARG4$
# }
#
# If your Nagios-plugin is not located in /usr/local/nagios/libexec/,
# You have to change the path in the command-definition AND the
# variable NAGIOSPLUGSDIR below.
#
#
# Second, find the index of the disk you would like to monitor. This is
# easiest to do with snmpwalk.
# Run the following command on your Nagios-server.
#
# snmpwalk -O n -c <community> <host-to-monitor> .1.3.6.1.2.1.25.2.3.1.3
# (If you are using the old UCD-snmp, prior to net-snmp 5, the command
# should be, snmpwalk -O n localhost public .1.3.6.1.2.1.25.2.3.1.3)
#
# an example output from a linux-system looks like:
#
# [user@server]# snmpwalk -O n -c public localhost .1.3.6.1.2.1.25.2.3.1.3
# .1.3.6.1.2.1.25.2.3.1.3.1 = STRING: /
# .1.3.6.1.2.1.25.2.3.1.3.2 = STRING: /proc/bus/usb
# .1.3.6.1.2.1.25.2.3.1.3.3 = STRING: /dev/pts
# .1.3.6.1.2.1.25.2.3.1.3.4 = STRING: /dev/shm
# .1.3.6.1.2.1.25.2.3.1.3.101 = STRING: Real Memory
# .1.3.6.1.2.1.25.2.3.1.3.102 = STRING: Swap Space
# .1.3.6.1.2.1.25.2.3.1.3.103 = STRING: Memory Buffers
# [user@server]#
# And from a Windows-system:
#
# [user@server]# snmpwalk -O n -c public win-server .1.3.6.1.2.1.25.2.3.1.3
# .1.3.6.1.2.1.25.2.3.1.3.1 = STRING: A:\
# .1.3.6.1.2.1.25.2.3.1.3.2 = STRING: C:\ Label: Serial Number 386ec682
# .1.3.6.1.2.1.25.2.3.1.3.3 = STRING: D:\ Label: Serial Number 8468ec06
# .1.3.6.1.2.1.25.2.3.1.3.4 = STRING: E:\ Label: Serial Number 6c0d9f08
# .1.3.6.1.2.1.25.2.3.1.3.5 = STRING: F:\
# .1.3.6.1.2.1.25.2.3.1.3.6 = STRING: Virtual Memory
# [user@server]#
#
# The interresting part is the last digit in the oid (the sequence of digits
# and dots) for the disk you want to monitor. If you for example want to
# monitor drive D: on the wWindows-system, the index you should use is 3,
# and for / on the linux-system, the index is 1.
#
#
# Third, set up the service. Add the following service-definition (typically
# in etc/services.cfg):
#
# define service {
# host_name nagios
# service_description disk-usage
# check_command disk_by_snmp!public!1!20!10
# use generic-service
# normal_check_interval 10
# }
#
# Replace the 'use' statement with whatever template you would like to use,
# or fill up the definition with required parameters if you dont want to
# use any template.
#
# The arguments to the 'check_command' is:
# 1) The command-name, disk_by_snmp
# 2) The SNMP community-string
# 3) The index if the drive
# 4) The percentage-free at which the plugin will return warning
# 5) The percentage-free at which the plugin will return critical
#
# READY.
#
#
# Change this if you have installed NAgios in a non-default place:
NAGIOSPLUGSDIR=/usr/local/nagios/libexec
HOST=$1
COMM=$2
INDEX=$3
WARN=$4
CRIT=$5
if [ $# -lt 5 ]; then
echo "Usage: $0 <hostname> <SNMP-comunity> <drive-index> <warning> <critical> [Scale]"
exit 127
fi
RETSTR="Disk usage:"
RETVAL=0
# Get the allocation units...
UNIT=`$NAGIOSPLUGSDIR/check_snmp -H $HOST -C $COMM -o .1.3.6.1.2.1.25.2.3.1.4.$INDEX`
RES=$?
#If all is good so far, get the total size...
if [ $RES = 0 ]; then
SIZE=`$NAGIOSPLUGSDIR/check_snmp -H $HOST -C $COMM -o .1.3.6.1.2.1.25.2.3.1.5.$INDEX`
RES=$?
#Everything should be working. Get the used space...
if [ $RES = 0 ]; then
USED=`/usr/local/nagios/libexec/check_snmp -H $HOST -C $COMM -o .1.3.6.1.2.1.25.2.3.1.6.$INDEX`
RES=$?
fi
fi
#Bail out if anything went wrong...
if [ $RES != 0 ]; then
RETSTR="$RETSTR SNMP problem. No data received from host."
RETVAL=3
else
#Else start the calculations...
#Parse the arguments...
UNIT=`echo $UNIT|cut -d "-" -f 2|awk '{print $1}'`
SIZE=`echo $SIZE|awk '{print $NF}'`
USED=`echo $USED|awk '{print $NF}'`
#Convert used and fre space to kB, MB and GB.
FREE=`echo "$SIZE $USED - p"|dc`
BFREE=`echo "$FREE $UNIT * p"|dc`
KFREE=`echo "$BFREE 1024 / p"|dc`
MFREE=`echo "$BFREE 1048576 / p"|dc`
GFREE=`echo "$BFREE 1073741824 / p"|dc`
BUSED=`echo "$USED $UNIT * p"|dc`
KUSED=`echo "$BUSED 1024 / p"|dc`
MUSED=`echo "$BUSED 1048576 / p"|dc`
GUSED=`echo "$BUSED 1073741824 / p"|dc`
#Calculate percentage free
PROC=`echo "$FREE 10000 * $SIZE / 50 + 100 / p"|dc`
#Print used space in the apropriate format.
if [ $KUSED -lt 5000 ] ; then
RETSTR="$RETSTR $KUSED kB used,"
elif [ $MFREE -lt 5000 ]; then
RETSTR="$RETSTR $MUSED MB used,"
else
RETSTR="$RETSTR $GUSED GB used,"
fi
#Print used space in the apropriate format.
if [ $KFREE -lt 5000 ] ; then
RETSTR="$RETSTR $KFREE kB (${PROC}%) free."
elif [ $MFREE -lt 5000 ]; then
RETSTR="$RETSTR $MFREE MB (${PROC}%) free."
else
RETSTR="$RETSTR $GFREE GB (${PROC}%) free."
fi
#Check warning and critical levels
if [ $PROC -lt $CRIT ]; then
RETVAL=2
elif [ $PROC -lt $WARN ] && [ $RETVAL = 0 ]; then
RETVAL=1
fi
fi
echo $RETSTR
exit $RETVAL
Thanks for your reply. I ran the help command and the result is posted below.
What I would like to do is to configure Nagios to poll this switch via SNMP v3. I am sure the Cisco switch is configured to work with SNMP v3 because the below command gives me a long output:
Code:
snmpwalk -v 3 -u tom -l authPriv -a sha -A mypasswordmypassword -x aes -X passwordpassword 10.10.10.2
Here are some commands I ran:
Code:
[root@servername]# /usr/local/nagios/libexec/check_snmp -H 10.10.10.2 -C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB
SNMP OK - up(1) | RFC1213-MIB::ifOperStatus.1=up(1)
When I run this command below I get no output:
Code:
snmpwalk -v 3 -c public 10.10.10.2 -m ALL .1
If I replace v 3 with v1 or v2c, I get a long output.
So what I am after right now is that how I can configure Nagios to poll this switch via SNMP v3. Would you please help me with this?
Thanks in advance
Code:
[root@servername]# /usr/local/nagios/libexec/check_snmp -help
check_snmp v1859 (nagios-plugins 1.4.11)
Copyright (c) 1999-2007 Nagios Plugin Development Team
<nagiosplug-devel@lists.sourceforge.net>
Check status of remote machines and obtain sustem information via SNMP
Usage:check_snmp -H <ip_address> -o <OID> [-w warn_range] [-c crit_range]
[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]
[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]
[-m miblist] [-P snmp version] [-L seclevel] [-U secname] [-a authproto]
[-A authpasswd] [-X privpasswd]
Options:
-h, --help
Print detailed help screen
-V, --version
Print version information
-H, --hostname=ADDRESS
Host name, IP Address, or unix socket (must be an absolute path)
-p, --port=INTEGER
Port number (default: 161)
-n, --next
Use SNMP GETNEXT instead of SNMP GET
-P, --protocol=[1|2c|3]
SNMP protocol version
-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]
SNMPv3 securityLevel
-a, --authproto=[MD5|SHA]
SNMPv3 auth proto
-C, --community=STRING
Optional community string for SNMP communication (default is "public")
-U, --secname=USERNAME
SNMPv3 username
-A, --authpassword=PASSWORD
SNMPv3 authentication password
-X, --privpasswd=PASSWORD
SNMPv3 privacy password
-o, --oid=OID(s)
Object identifier(s) or SNMP variables whose value you wish to query
-m, --miblist=STRING
List of MIBS to be loaded (default = none if using numeric oids or 'ALL'
for symbolic oids.)
-d, --delimiter=STRING
Delimiter to use when parsing returned data. Default is "=" Any data on t he right hand side of the delimiter is considered
to be the data that should be used in the evaluation.
-w, --warning=INTEGER_RANGE(s)
Range(s) which will not result in a WARNING status
-c, --critical=INTEGER_RANGE(s)
Range(s) which will not result in a CRITICAL status
-s, --string=STRING
Return OK state (for that OID) if STRING is an exact match
-r, --ereg=REGEX
Return OK state (for that OID) if extended regular expression REGEX matches
-R, --eregi=REGEX
Return OK state (for that OID) if case-insensitive extended REGEX matches
-l, --label=STRING
Prefix label for output from plugin (default -s 'SNMP')
-u, --units=STRING
Units label(s) for output data (e.g., 'sec.').
-D, --output-delimiter=STRING
Separates output on multiple OID requests
-t, --timeout=INTEGER
Seconds before connection times out (default: 10)
-v, --verbose
Show details for command-line debugging (Nagios may truncate output)
This plugin uses the 'snmpget' command included with the NET-SNMP package.
if you don't have the package installed, you will need to download it from
http://net-snmp.sourceforge.net before you can use this plugin.
- Multiple OIDs may be indicated by a comma- or space-delimited list (lists with
internal spaces must be quoted) [max 8 OIDs]
- Ranges are inclusive and are indicated with colons. When specified as
'min:max' a STATE_OK will be returned if the result is within the indicated
range or is equal to the upper or lower bound. A non-OK state will be
returned if the result is outside the specified range.
- If specified in the order 'max:min' a non-OK state will be returned if the
result is within the (inclusive) range.
- Upper or lower bounds may be omitted to skip checking the respective limit.
- Bare integers are interpreted as upper limits.
- When checking multiple OIDs, separate ranges by commas like '-w 1:10,1:,:20'
- Note that only one string and one regex may be checked at present
- All evaluation methods other than PR, STR, and SUBSTR expect that the value
returned from the SNMP query is an unsigned integer.
Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net
In your initial snmpwalk you're specifying user and password. The snmpwalk that fails doesn't have that so your issue has to do with snmp security not Nagios per se. You'll need to work out if there is a way to do that via snmpwalk without a password before troubleshooting with check_snmp.
However in your help output it does show check_snmp does allow for SNMP V3:
You can therefore modify your check_snmp command to include those flags. You should test that from command line before adding to configuration files so you're sure of correct syntax. Also note that although your services.cfg has "check_snmp" that is not directly calling the binary - it is calling a command definition (often in commands.cfg) of that name which in turn calls the binary. The command definition allows for the passing of the flags seen in services.cfg so might need to be adjusted.
./check_snmp -H 10.10.10.2 -o "ifOperStatus.1" -U tom -A mypasswordmypassword -X passwordpassword -L authPriv -P 3 -a MD5 -c 1050
But after running it I get the following error:
Code:
SNMP problem - No data received from host
CMD: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 3 [authpriv] 10.10.10.2:161 ifOperStatus.1
If I replace 3 with 2c or 1, it will then return:
Code:
SNMP OK - 1 | IF-MIB::ifOperStatus.1=1
Could you please help me find out why it's happening?
Thanks
Quote:
Originally Posted by MensaWater
In your initial snmpwalk you're specifying user and password. The snmpwalk that fails doesn't have that so your issue has to do with snmp security not Nagios per se. You'll need to work out if there is a way to do that via snmpwalk without a password before troubleshooting with check_snmp.
However in your help output it does show check_snmp does allow for SNMP V3:
It also has various SNMPv3 related functions including these two for user and password:
You can therefore modify your check_snmp command to include those flags. You should test that from command line before adding to configuration files so you're sure of correct syntax. Also note that although your services.cfg has "check_snmp" that is not directly calling the binary - it is calling a command definition (often in commands.cfg) of that name which in turn calls the binary. The command definition allows for the passing of the flags seen in services.cfg so might need to be adjusted.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.