[Nagiosplug-help] How to format send/expect strings for check_udp against SNMP managed devices?

[Ralph.Grothe at itdz-berlin.de]

Hi Tom,

you are absolutely right.

I simply forgot that according to SNMP RFCs every vendor is
demanded to furnish
with its own MIB extensions a minimal set of standard leaf
descriptors such as the sysDescr,
if his product shall conform to the standards.

So, as you suggested I make a check_snmp of
RFC1213-MIB::sysDescr.0 
my default "check_host" for SNMP managed devices.

Btw. what form of invocation is to prefer?
This one where I pass the MIB to load explicitly via -m



$ check_snmp -v -H sensor_r01 -o sysDescr.0 -P 1 -m RFC1213-MIB
/usr/bin/snmpget -t 1 -r 5 -m RFC1213-MIB -v 1 -c public
sensor_r01:161  sysDescr.0
RFC1213-MIB::sysDescr.0 = STRING: "sensorProbe8 v 2.0 SP8363
191006"

SNMP OK - "sensorProbe8 v 2.0 SP8363 191006" |
RFC1213-MIB::sysDescr.0="sensorProbe8 v 2.0 SP8363 191006"  



or the more often used form with prepended MIB?


$ check_snmp -v -H sensor_r01 -o RFC1213-MIB::sysDescr.0 -P 1
/usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public sensor_r01:161
RFC1213-MIB::sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: sensorProbe8 v 2.0 SP8363 191006

SNMP OK - sensorProbe8 v 2.0 SP8363 191006 |
SNMPv2-MIB::sysDescr.0=sensorProbe8 v 2.0 SP8363 191006  


As the really executed snmpget command, which the -v option
additionally displays, implies to me
the second form seems to load ALL MIBs from net-snmp's mib dirs
which to me seems to be more wasteful than the preselection via
-m.
Is this true?


> -----Original Message-----
> From: Tom Nail [mailto:tom.nail at amd.com]
> Sent: Wednesday, September 26, 2007 11:21 PM
> To: Grothe, Ralph
> Cc: nagiosplug-help at lists.sourceforge.net
> Subject: Re: [Nagiosplug-help] How to format send/expect
strings for
> check_udp against SNMP managed devices?
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ralph,
> 
> Why not use the check_snmp plugin and check for a standard OID
that is
> supposed to be there, such as "SNMPv2-MIB::sysDescr.0". This
confirms
> that you have an SNMP agent up and responding on the port 
> (your required
> output). and leaves you free to work on more important things.
> 
> I mean, your wheel is undoubtedly shiny, but there's already
one doing
> this job.
> 
> 
> Cheers,
> 
> - -=Tom Nail
> 
> Ralph.Grothe at itdz-berlin.de wrote:
> > Hello,
> > 
> > I am struggling a bit with check_udp.
> > 
> > I wish to define a check command that can be run against a
> > hostgroup snmp_hosts
> > which should serve as a kind of check_icmp or check_host for
all
> > SNMP managed 
> > devices which have a UDP listening socket at port 161.
> > 
> > This check should merely verify a willing to respond snmp
agent 
> > without querying any special OID(s) via e.g. check_snmp.
> > I will assume for simplicity that only SNMPv1 is involved and
> > that
> > the checking manager can authenticate by a simple community
> > string of "public".
> > 
> > Since UDP checks are a bit tricky I guess the check must coax
the
> > agent into
> > sending a response PDU.
> > Because I know next to nothing about the SNMP I looked at
RFC1157
> > to find out what the protocol requires minimally to be
> > implemented.
> > I also looked at a tcpdump in wireshark from my regular SNMP
> > check of a known device
> > to see that the used CPAN module adheres to the RFC.
> > 
> > So from what I saw in wireshark I naively tried this approach
> > 
> > 
> > $ check_udp -v -H sensor_r01 -p 161 -E -s "version: version-1
> > (0)\ncommunity: public" -e "version: version-1"
> > Using service UDP
> > Port: 161
> > flags: 0x2
> > Send string: version: version-1 (0)
> > community: public
> > server_expect_count: 1
> >         0: version: version-1
> > received 26 bytes from host
> > #-raw-recv-------#
> > 0
> > #-raw-recv-------#
> > looking for [version: version-1] anywhere in [0]
> > couldn't find it
> > UDP WARNING - Unexpected response from host/socket:
> > 0|time=0.022995s;;;0.000000;10.000000
> > 
> > 
> > Assuming that -m relates to the SNMP payload and thus only
caring
> > for the first 18 bytes of the response
> > also doesn't work.
> > 
> > 
> > $ check_udp -v -H sensor_r01 -p 161 -E -s "version: version-1
> > (0)\ncommunity: public" -m 18 -e "version: version-1"
> > Using service UDP
> > Port: 161
> > flags: 0x2
> > Send string: version: version-1 (0)
> > community: public
> > server_expect_count: 1
> >         0: version: version-1
> > received 26 bytes from host
> > #-raw-recv-------#
> > 0
> > #-raw-recv-------#
> > looking for [version: version-1] anywhere in [0]
> > couldn't find it
> > UDP WARNING - Unexpected response from host/socket:
> > 0|time=0.005487s;;;0.000000;10.000000
> > 
> > 
> > 
> > What do I need to change to get an OK from check_udp?
> > 
> > Regards
> > 
> > Ralph
> > 
> > 
> --------------------------------------------------------------
> -----------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Nagiosplug-help mailing list
> > Nagiosplug-help at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> > ::: Please include plugins version (-v) and OS when 
> reporting any issue. 
> > ::: Messages without supporting info will risk being sent 
> to /dev/null
> > 
> > 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
>
iD8DBQFG+s0q1zsLRjt/NQ0RAv1AAJwNJd6mVRZF0oyIApe35XP5CcT9HQCeJaBV
> PtrmAkBUdkY7rU8WYHsiFsg=
> =s5tj
> -----END PGP SIGNATURE-----
> 
> 
>