[hobbit] hobbit_snmpcollect

Henrik Stoerner henrik at hswn.dk
Wed Oct 3 14:55:18 CEST 2007


On Wed, Oct 03, 2007 at 01:37:37PM +0200, Lars Ebeling wrote:
> I want to learn about snmp, so I downloaded the source to 
> net-snmp 5.4.1 and installed it. Now I want to test hobbit_snmpcollect.
> 
> How is it run and what do I expect to see.
> 
> I configured  hobbit_snmpcollect.cfg like this: (copied from Henriks mail)
> 
> [localhost]                                                
> version=1                                                  
> community=public                                           
> mrtg=2 IF-MIB::ifInOctets.2 IF-MIB::ifOutOctets.2 Main IO  
> # ifmib=2 LAN                                              
> # ifmib=(eth0) LAN                                         
> # ifmib=[0:e:a6:ce:d6:85] LAN                              
> ifmib={leopg9.no-ip.org} LAN                               
> 
> This is what I get when I run hobbit_snmpcollect from commandline:
>  
> [Main IO]
> 	ds1 = 2908625400
> 	ds2 = 2908625400

As I'd expect.

An introduction to SNMP is really out-of-scope for this mailing list,
you can probably find some information on the net. I can give you a
quick run-down:

Data in SNMP is structured hierarchially. An entry in the hierarchy is 
identified by a sequence of numbers, e.g.
   .1.3.6.1.2.1.2.2.1.10.2
is the "Object IDentifier" (OID) for the number of bytes received on the
second network interface of a system. Nobody can remember these
number-ID's, so there are short-hand notations for them - e.g. 
   IF-MIB::ifInOctets.2
represent the same data item. From this, you may also note that if
I have a third network interface, I could get the bytes received from
that one with IF-MIB::ifInOctets.3 .

So you can think of the last "2" or "3" as an index into the table 
of network interfaces. But there's an important difference: The
index need not be 1,2,3... it can be 1,2,7,902,10293 - e.g. one of 
the SNMP datasets details the running processes, and here the index
is the process-ID.

To access the data, you can use the "snmpget" utility from Net-SNMP. 
For this, you must know the exact OID you want to query, e.g.
   $ snmpget -c public -v2c localhost IF-MIB::ifInOctets.2
retries the number of bytes received in interface 2 on "localhost",
using the community name (userid) "public", and SNMP version 2c as
the protocol.

snmpget is very picky about the OID's. E.g. if you didn't know what
interfaces exist on a host, you might think that you could just do
   $ snmpget -c public -v2c localhost IF-MIB::ifInOctets
without the interface number in the OID; but this doesn't work:
   IF-MIB::ifInOctets = No Such Instance currently exists at this OID

So what do you do when you don't know the exact OID's, e.g. to get the
proces info ? You use the "snmpwalk" utility - this uses the SNMP "get
NEXT" query to traverse all of the available OID's.

   $ snmpwalk -c public -v2c localhost interfaces
   IF-MIB::ifNumber.0 = INTEGER: 3
   IF-MIB::ifIndex.1 = INTEGER: 1
   IF-MIB::ifIndex.2 = INTEGER: 2
   IF-MIB::ifIndex.3 = INTEGER: 3
   IF-MIB::ifDescr.1 = STRING: lo
   IF-MIB::ifDescr.2 = STRING: eth0
   IF-MIB::ifDescr.3 = STRING: ra0
   <lots more snipped>
   IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00
   IF-MIB::ifInOctets.1 = Counter32: 14391389
   IF-MIB::ifInOctets.2 = Counter32: 1040756809
   IF-MIB::ifInOctets.3 = Counter32: 0
   IF-MIB::ifInUcastPkts.1 = Counter32: 200369

So here you can see that my box has 3 network interfaces, with index
1, 2 and 3. Their description is "lo", "eth0" and "ra0" which are
the names I use when configuring them in Linux. And I can see the
various statistics about them, including the in-byte-counts we looked
at earlier.

How do you know what the different items mean ? For that, you'll
have to look in the "MIB" files - these are text files, but with
a specific syntax (there are actually "MIB compilers") which contain
a description of all of the data items. These are either standard MIB's
defined by the Internet standard groups (IANA et al), or they are
vendor-specific MIB's that hardware- or software-vendors produce to
enable monitoring of their products. Net-SNMP ships with some of the
standard MIB files, on my Linux box they are in /usr/share/snmp/mibs/ .
In IF-MIB.txt, we find the ifInOctets definition:

ifInOctets OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The total number of octets received on the interface,
	including framing characters."
    ::= { ifEntry 10 }

One important thing to note here is that it's a 32-bit counter;
with 100mbit or Gbit interfaces, this means it can wrap around
very quickly! There is actually an extension to the IF-MIB 
definition with 64-bit counters to handle this problem, but not
all devices have implemented support for it.


So to get back to hobbit_snmpcollect, what happens when you 
have an entry in the config file like

    [localhost]                                                
	version=1                                                  
	community=public                                           
	mrtg=2 IF-MIB::ifInOctets.2 IF-MIB::ifOutOctets.2 Main IO  
	# ifmib=2 LAN                                              
	# ifmib=(eth0) LAN                                         
	# ifmib=[0:e:a6:ce:d6:85] LAN                              
	ifmib={leopg9.no-ip.org} LAN                               

The "mrtg=2 IF...." line causes hobbit_snmpcollect to fetch those
two OID's, and report them in under the "[Main IO]" heading. That
is what your output shows - ds1 is the ifInOctets.2 value, and ds2
is the ifOutOctets.2 value. This is intended for people who would
like to keep the data from their old MRTG setups - the RRD file
generated by this data should be compatible with those produced by MRTG
(if you're running MRTG in the way that uses RRD files instead of the
old MRTG text-based datalogs).

The "ifmib=(leo..." line causes Hobbit to try and fetch all of the
network statistics for an interface. Since it's in parenthesis, 
hobbit_snmpcollect will try to find an interface where the ifDescr
item has the value "leopg9.no-ip.org". There is no such interface,
which is why this doesn't produce any data. If you had used the real
name of the network interface, it should work.


Regards,
Henrik




More information about the Xymon mailing list