OpenBSD comes with a SNMP v2c and v3 daemon in base. Simplistic and privileged separated, this SNMP service is easy to configure and secure – putting Simple, backing into Simple Network Management Protocol (SNMP).
Recently, I have needed to flick on snmpd(8) to provide data to the Cacti logging service. The default configuration in /etc/examples/snmpd.conf will get most people going while only letting the daemon listen on the localhost interface, keeping your SNMP service reasonably secure.
Lets walk through SNMP to see what system information can be obtained:
$ snmpctl snmp walk localhost community public oid all
This will walk through ‘all’ the SNMP ‘oid’ entries and print the corresponding value to the screen. What does the above do? ‘snmpctl’ is the controlling program that can interrogate the SNMP daemon, we want it to perform a ‘snmp walk’ on the host ‘localhost’ authenticating with the read-only ‘community’ string that is set ‘public’ by default.
In this case, I need to monitor the Input and Output Octets on the interface vmx1 [vmx(4)]. Walking the interface descriptions will help determine that:
$ snmpctl snmp walk localhost community public oid iso.org.dod.internet.mgmt.mib_2.interfaces.ifTable.ifEntry.ifDescr ifDescr.2="vmx1"
This interface is known as #2 to snmpd(8).
Now we know this, we can then ‘get’ directly the value from the correct oid:
$ snmpctl snmp get localhost community public oid iso.org.dod.internet.mgmt.mib_2.interfaces.ifTable.ifEntry.ifInOctets.2 2=783507826 $ snmpctl snmp get localhost community public oid iso.org.dod.internet.mgmt.mib_2.interfaces.ifTable.ifEntry.ifOutOctets.2 2=204956711
As the results show above, we now have the amount of octets (In and Out) that have passed on the interface since either the reset of the machine or the 64bit integer reaches its upper limit and resets. Need to know the numerical identifier of the oid? Simply invoke the -n flag on the command line:
$ snmpctl -n snmp get localhost community public oid iso.org.dod.internet.mgmt.mib_2.interfaces.ifTable.ifEntry.ifInOctets.2 1.3.6.1.2.1.2.2.1.10.2=784097318 $ snmpctl -n snmp get localhost community public oid iso.org.dod.internet.mgmt.mib_2.interfaces.ifTable.ifEntry.ifOutOctets.2 1.3.6.1.2.1.2.2.1.16.2=205432563
If you need remote monitoring, change what IP address the daemon listens on and as best practice, restrict what hosts can connect to that UDP SNMP service with pf(4). Changing the community string from ‘public’ is also highly advisable. See snmpd.conf(5) for more concise information.