NO.B.0009——>Monitor SNMP equipment /net-snmp use /net-snmp polling to obtain information

1. SNMP overview:
Simple Network Management Protocol (SNMP-Simple Network Management Protocol) is a simple way to interact with network devices. This specification is defined in RFC 1157 issued by the IETF in May 1990.
There are currently three official versions of SNMPv1, SNMPv2, and SNMPv3

1. SNMP management protocol
5 message types of SNMP management protocol
(1) get-request operation: extract one or more parameter values ​​from the agent process.
(2) get-next-request operation: extract the next parameter value of one or more parameters from the agent process.
(3) Set-request operation: set one or more parameter values ​​of the agent process.
(4) Get-response operation: return one or more parameter values. This operation is issued by the agent process. It is the response operation of the previous 3 operations.
(5) Trap operation: messages sent by the agent process to notify the management process that something has happened.

2. The oid in net-snmp: is a unique key-value pair, also called an object identifier. Its function is the same as item.key.
There are three main versions of SNMP:
SNMPv1: When the server obtains information through the snmpv1 protocol , A password verification is required. Most manufacturers default to “public”. Most people call this password community (community characters), which can be understood as a password.
SNMPv2:
SNMPv3:

Snmp mainly uses two port numbers:
udp 161: often used on the client side === zabbix-agent 10050
udp 162: often used on the server side === zabbix-server 10051

snmp MIB:
Since OID is like an IPv6 address, it is often difficult for us to remember a string of numbers that is too long, so a MIB is created as a mapping, and the mapping becomes a text that is easy for people to remember.

There are two ways of net-snmp work:
net-snmp polling: It works in the same way as zabbix-agent-passive, unexpectedly he is also passively receiving instructions.
Net-snmp trap (trap): It works in the same way as zabbix-agent-active mode. It actively reports information to the server.

zabbix-agent works in two ways:
1. zabbix-agent-active: active mode, which means zabbix-agent wants zabbix-server to actively send information,
2. zabbix-agent-passive: passive mode, which means zabbix-agent passively receives zabbix-server instructions,

2. Use of net-snmp:
zabbix-serer: 192.168.1.59 zabbix
-client: 192.168.1.60

Net-snmp is obtained through the command line:

//通过linux系统和网络设备（Juniper netscreen）
//1、安装net-snmp和net-snmp工具
[root@localhost ~]# yum -y install net-snmp net-snmp-utils  
//2、启动snmpd服务
[root@localhost ~]# systemctl restart snmpd.service  
//3、通过snmpstatus方式进行信息获取
[root@localhost ~]# snmpstatus -v 2c -c public 192.168.1.60 
[UDP: [192.168.1.60]:161->[0.0.0.0]:46349]=>[Linux localhost.localdomain 3.10.0-957.el7.x86_64 
                #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64] Up: 0:00:37.30
Interfaces: 0, Recv/Trans packets: 0/0 | IP: 0/0
//4、通过snmpwalk命令查询设备MIB库的所有信息
[root@localhost ~]# snmpwalk -v 2c -c public 192.168.1.60 | head -n 6  
                                                        // 直通过heah -n 6显示前6条
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-957.el7.x86_64 
                                                    #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (413933) 1:08:59.33  
    //DISMAN-EVENT-MIB::sysUpTimeInstance 复制、查询  
    // snmpget -v 2c -c public -On 192.168.1.60DISMAN-EVENT-MIB::sysUpTimeInstance
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain   
    // SNMPv2-MIB 映射 sysName.0：UID  SNMPv2-MIB::sysName.0  ：OID  
    // SNMPv2-MIB::sysName.0复制查询  
    // snmpget -v 2c -c public -On 192.168.1.60 SNMPv2-MIB::sysName.0
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf) 
[root@localhost ~]# snmpget-v 2c -c public -On 192.168.1.60 DISMAN-EVENT-MIB::sysUpTimeInstance
.1.3.6.1.2.1.1.3.0 = Timeticks: (466687) 1:17:46.87
//5、使用mib的值我去查看OID的准确值
[root@localhost ~]# snmpget -v 2c -c public -On 192.168.1.60 SNMPv2-MIB::sysName.0  
.1.3.6.1.2.1.1.5.0 = STRING: localhost.localdomain                      //系统名称的OID

Configuration of network equipment:

Configuration——>Report.Settings——> SNMP——>Apply——> New Community——>Edit

Check the interface location: NetWork——>Interfaces——>List

SNMPv3: unique identification

//使用snmpv3查询信息：
//1、停止snmpd服务
[root@localhost ~]# systemctl stop snmpd
//2、创建用户名
[root@localhost ~]# net-snmp-create-v3-user -ro zabbix //创建一个用户名为zabbix，并且给它只读权限
Enter authentication pass-phrase:123456789   // 注意：密码设置不能低于8位，否则在获取信息时会报错
Enter encryption pass-phrase:123456789       //输入验证密码短语

//3、启动snmpd服务：
[root@localhost ~]# systemctl start snmpd
//4、使用snmpget去获取信息

[root@localhost ~]# 
> snmpget -u zabbix -A 123456789 -v 3 -l authNoPriv 192.168.1.60 SNMPv2-MIB::sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu 
Nov 8 23:39:32 UTC 2018 x86_64

3. Net-snmp polling to obtain information
Example 1: How to query our zabbix information through net-snmp polling:
add an SNMP host

How to detect firewall traffic:
[root@localhost ~]# snmpwalk -v 2c -c public 192.168.1.60 | moreFind
the key value of the interface

4. Introduction to net-snmp-trap:
Net snmp client uses udp 161
net snmp trap uses udp 162
net-snmp: it is a server that actively reports information to us, similar to zabbix-agent active mode
net-snmp trap : Mainly used to receive some values ​​that are considered unusual. This mode is not a replacement for net-snmp polling. It is a complement to it.

There are two most common ways to use Net-snmp-trap:
1. Use per1 script, which is efficient and simple to configure.
2. The method of using a custom script is inefficient, this method is inefficient, and the configuration is complicated. This is because some devices may not support the per1 mode and can only be used in this way.

Project test record:
Official configuration tutorial address: https://zabbix.org/wiki/Start_with_SNMP_traps_in_Zabbix
net snmp-trap per1 configuration:

//防火墙开启的状态下打开162端口
[root@localhost ~]# vim /etc/sysconfig/firewalld
firewall-cmd --add-port=162/udp --permanent
firewall-cmd --reload
//重启firewalld.serveice
[root@localhost ~]# systemctl restart firewalld.service 

//1、安装所需的工具包（在我们的zabbix服务器上安装trap工具包）：
[root@localhost ~]# yum install -y net-snmp-utils net-snmp-perl net-snmp
https://cdn.zabbix.com/zabbix/sources/stable/4.0/zabbix-4.0.25.tar.gz
//2、通过wget下载zabbix源码包： 
[root@localhost ~]# wget https://cdn.zabbix.com/zabbix/sources/stable/4.0/zabbix-4.0.25.tar.gz
//3、解压缩zabbix安装包：
[root@localhost ~]# tar -zxvf zabbix-4.0.25.tar.gz
//4、从源码包复制脚本，并授予可执行权限
[root@localhost ~]# cp ./zabbix-4.0.25/misc/snmptrap/zabbix_trap_receiver.pl /usr/bin/
[root@localhost ~]# chmod +x /usr/bin/zabbix_trap_receiver.pl 
//5、设置trap接收者和社区名字（就是snmp的密码）
[root@localhost ~]# vim /etc/snmp/snmptrapd.conf
authCommunity execute public
perl do "/usr/bin/zabbix_trap_receiver.pl";
//6、编辑zabbix-server的配置文件，开启snmp的trap
[root@localhost ~]# vim /etc/zabbix/zabbix_server.conf    
StartSNMPTrapper=1
#SNMPTrapperFile=/var/log/snmptrap/snmptrap.log    //注释掉
SNMPTrapperFile=/tmp/zabbix_traps.tmp  
            //该路径包括文件名必须要与/usr/bin/zabbix_trap_receiver.pl中的设置文件名一致(如下）
[root@localhost ~]#  cat   /usr/bin/zabbix_trap_receiver.pl    
$SNMPTrapperFile = '/tmp/zabbix_traps.tmp';   
//7、重启zabbix-server
[root@localhost ~]# systemctl restart zabbix-server.service
//8、启动snmptrapd服务，并设置开机自启动
[root@localhost ~]# systemctl start snmptrapd.service
[root@localhost ~]# systemctl enable snmptrapd.service

//9、在客户端测试：
[root@localhost ~]# snmptrap -v 1 -c 
> public 192.168.1.59 '.1.3.6.1.6.3.1.1.5.4' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.4 s "ens33"
//若发送成功之后，需在server端检查trap文件的接收位置：
[root@localhost ~]# cat /tmp/zabbix_traps.tmp 
12:22:27 2020/10/27 ZBXTRAP 192.168.1.105
receivedfrom                   UDP: [192.168.1.105]:51913->[192.168.1.59]:162

Configuration tutorial:

Case 1: Send the following command on the client to test:

//发送带有test字符消息：
[root@localhost ~]# snmptrap -Ci -v 2c -c  public 192.168.1.59 "" 
> "NET-SNMP-MIB::netSnmpExperimental" NET-SNMP-MIB::netSnmpExperimental s "test"

//在server端查看有无抓取到数据：
[root@localhost ~]# tail -f  /tmp/zabbix_traps.tmp 
//OR
[root@localhost ~]# tail -f /var/log/zabbix/zabbix_server.log    //都可以查到实时日志信息
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (14924885) 1 day, 17:27:28.85
SNMPv2-MIB::snmpTrapOID.0      type=6  value=OID: NET-SNMP-MIB::netSnmpExperimental
NET-SNMP-MIB::netSnmpExperimental type=4  value=STRING: "test"

There is a problem: the message word sent is not displayed.
When we select characters, we can only limit 255. More than 255 will be automatically intercepted.

You can get the complete value test

Example 2:

//client使用some other trp测试
[root@localhost ~]# snmptrap -Ci -v 2c -c  public 192.168.1.59 "" 
> "NET-SNMP-MIB::netSnmpExperimental" NET-SNMP-MIB::netSnmpExperimental s "some other trp"
//server收到数据：
[root@localhost ~]# tail -f  /tmp/zabbix_traps.tmp 
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (15182717) 1 day, 18:10:27.17
SNMPv2-MIB::snmpTrapOID.0      type=6  value=OID: NET-SNMP-MIB::netSnmpExperimental
NET-SNMP-MIB::netSnmpExperimental type=4  value=STRING: "some other trp"

And our latest data will not change. No information can be obtained without complete test characters.

Example 3:
He will not grab characters, as long as you send it, I will get the information:

//使用some other trap来测试
[root@localhost ~]# snmptrap -Ci -v 2c -c  public 192.168.1.59 "" 
> "NET-SNMP-MIB::netSnmpExperimental" NET-SNMP-MIB::netSnmpExperimental s "some other trap"

//使用some other tr来测试
 [root@localhost ~]# snmptrap -Ci -v 2c -c  public 192.168.1.59 "" 
> "NET-SNMP-MIB::netSnmpExperimental" NET-SNMP-MIB::netSnmpExperimental s "some other tr"
//d都是可以获取数据，不会筛选字符