What is SNMP

Simple Network Management Protocal

Standardized protocal for managing devices on a network. Widley spread between operating systems, Windows, Mac, Linux. If it has a network card, it likley has SNMP capabilities. Network switches and wireless access points usually are monitored with SNMP. Some capabilities will vary from operating system to operating system. It's purpose is to collect data on the physical device. Can work locally or though a WAN.

If needed to NAT, SNMP uses UDP/TCP IP: port 161 is sent from the manager, port 162 is sent from the agent.

Nagios is a SNMP manager. OIDVIEW is a MIB database, check there for MIBs.

Three versions of SNMP. Most popular being 2C. Version 1 goes way back to 1988 and is very limited in terms of speed. Version 2 is much improved and has support for bulk requests. Version 1 and 2 requests are done over cleartext. Version 3 uses encryption for all traffic with RSA key exchange. Version 3 also supports Username/password.

MIB

Men in Black? No. Management Information Base!
MIB files are descriptions of commands that can be used for a SNMP agent. MIB commands translate into OID number sets that is read by the agents. Like the user readable API for specific SNMP protocols.

Traps

Usually in the form of an OID (big number). Using a MIB could decrypt the message to understand it's description. Sent from the agent to the manager. Alerting something has changed. Essential for real time monitoring as delay in manager queries can be fatal.
Example: System uptime
The OID of the trap
Type of the trap

Get and Set

Sent from the manager, Get and Set data on a SNMP agent.

Back to the Mac

Agnostic to manager.
Activate SNMP, launchd plist task.
By default OSX SNMP is disabled. (disabled = true)
Can activate via ARD: sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist

SNMP configuration located at /etc/snmp/snmp.conf
This file is huge, all config options set under one file. Should write a script to load these configurations dynamically.
Add txt configurations at /etc/snmp/Components/
These txt files should be named the setting in the snmp.conf: echo 'public default .1.3.6.1.2.1.1.4' > /etc/snmp/Components/rwcommunity.txt
OID scripts can be loaded at /etc/snmp/Components/Extensions/
extend <OID> <name> <script path>

Add script to concat all files in Components named autoconfig.sh
Create launchd script to watch Components folder and run autoconfig.sh script. This rebuilds the monolithic snmp.conf file and whenever a file is changed in the Components folder the snmp.conf is rebuilt.

Any information about the OSX client can be monitored. From HD status to device serial number.

The magic of this is the ability to pipe any data in to Nagios. Exmaple, Applescripts can be used to. If the user sees a known error, send a trap to Nagios.

Net-SNMP Vs. SSH

Ability to get the same data with same result.

SNMP Pros

  • Very little setup on Server
  • Cross platform, anything with a network port
  • Data encrypted with V3
  • SSH Can be disabled on the Mac

SSH Pros

  • Does not require SNMP setup on the Mac
  • All development done on the SNMP server
  • Data encrypted by default
  • Modification can be stored in expansion packs

SNMP Cons

  • Configuration is mostly done on the computer to monitor

SSH Cons

  • Requires SSH enabled
  • Server admin must be able to script all platforms to monitor
  • Heavy processer load on server with large device count
  • Must have seperate expansion pack per platform to monitor