snmpwalk v3 and snmpget v3 examples

Nick Bettison — Sat, 01 Apr 2017 15:22:00 +0100

I always forget the syntax for snmpwalk/snmpget v3; so posting here to remember.

snmpwalk version 3

The command is: snmpwalk -v3 -l authPriv -u snmp-poller -a SHA -A "PASSWORD1" -x AES -X "PASSWORD1" 10.10.60.50

Example output:

[nick@server ~]$  snmpwalk -v3  -l authPriv -u snmp-poller -a SHA -A "PASSWORD1"  -x AES -X "PASSWORD1" 10.10.60.50
SNMPv2-MIB::sysDescr.0 = STRING: Cisco Adaptive Security Appliance Version 9.6(2)11
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.1199
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (201155400) 23 days, 6:45:54.00
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: fw01.local
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 4
IF-MIB::ifNumber.0 = INTEGER: 1
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifDescr.1 = STRING: Adaptive Security Appliance 'v101' interface
IF-MIB::ifType.1 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.1 = INTEGER: 1500
IF-MIB::ifSpeed.1 = Gauge32: 1000000000
IF-MIB::ifPhysAddress.1 = STRING: aa:11:22:33:44:55
IF-MIB::ifAdminStatus.1 = INTEGER: up(1)
IF-MIB::ifOperStatus.1 = INTEGER: up(1)
IF-MIB::ifLastChange.1 = Timeticks: (6600) 0:01:06.00
IF-MIB::ifInOctets.1 = Counter32: 56388261
IF-MIB::ifInUcastPkts.1 = Counter32: 316701
...
[nick@server ~]$

snmpget version 3

A command for just getting the hostname: snmpget -v3 -l authPriv -u snmp-poller -a SHA -A "PASSWORD1" -x AES -X "PASSWORD1" 10.10.60.50 sysName.0

Example output:

[nick@server ~]$ snmpget -v3  -l authPriv -u snmp-poller -a SHA -A "PASSWORD1"  -x AES -X "PASSWORD1" 10.10.60.50 sysName.0
SNMPv2-MIB::sysName.0 = STRING: fw01.local
[nick@server ~]$

A command for getting the hostname and the uptime: snmpget -v3 -l authPriv -u snmp-poller -a SHA -A "PASSWORD1" -x AES -X "PASSWORD1" 10.10.60.50 sysName.0 system.sysUpTime.0

Example output:

[nick@server ~]$ snmpget -v3  -l authPriv -u snmp-poller -a SHA -A "PASSWORD1"  -x AES -X "PASSWORD1" 10.10.60.50 sysName.0 system.sysUpTime.0
SNMPv2-MIB::sysName.0 = STRING: fw01.local
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (14100) 0:02:21.00
[nick@server ~]$

These tests are on a Cisco ASA.

This is the ASA snmp v3 config used:

snmp-server group the-noc v3 priv
snmp-server user snmp-poller the-noc v3 auth sha PASSWORD1 priv aes 128 PASSWORD1
snmp-server host v101 10.10.62.100 version 3 snmp-poller

I've used the same password for authentication & encryption to make it easy. The username is "snmp-poller", the source of my polling is "10.10.61.100", the group "the-noc" is for if you have more than one user account.

Cacti. How to Enable SNMP v3 Polling.

nick — Wed, 30 Mar 2005 09:41:00 +0100

Cacti SNMP v3 How-To (0.2)

Preface:

This document is intended to describe the process required to enable encrypted snmp polling within cacti. The document was written whilst performing the installation on a Linux Fedora Core 3 server, although implemntations on Fedora Core 1 & White Box Enterprise Linux have also been sucesful. The host used to gather data from for the purpose of this document is a Nokia IPSO appliance.

Limitations:

The version of cacti used will be 0.8.6b, "TheWitness" has told me that this version has a pooler crash, but I've yet to try upgrading to 8.8.6c.

System Requirements:

Apache, php, mysql, snmp, rrd-tool, and cacti ;-)

Installation:

I'm going to assume that you've got to the point where all of the parts needed for system requirements are working, cacti is installed, and you've just logged in after step 8 of and was going to create a device.

Log out ;-)

Before we can create any snmp v3, we need to enable it; to enable snmp we need to make some changes to the php files.
Change: \~/cacti_install_dir/lib/snmp.php.txt
Line 46:
- Change: \$version = "1";
- to: \$version = "3";
Line 65:
- Change: \$snmp_auth = "-u \$username -X \$password"; /* v3 - username/password */
- to: \$snmp_auth = "-u \$username -A \$password"; /* v3 - username/password */
Line 119:
- Change: \$snmp_auth = "-u \$username -X \$password"; /* v3 - username/password */
- to: \$snmp_auth = "-u \$username -A \$password"; /* v3 - username/password */
Change: \~/cacti_install_dir/include/config_form.php.txt
Line 655:
- Change: "method" => "hidden"
- to: "method" => "textbox"
Line 663:
- Change: "method" => "hidden"
- to: "method" => "textbox"
Change: config_settings.php.txt

Uncomment Line 186 -> 199, i.e. remove the "//" from the begining of each line.
Change: config_array.php.txt
Line 135:
- Change:
  \$snmp_versions = array(1 =>
  "Version 1" ,
  "Version 2" );
- To:
  \$snmp_versions = array(1 =>
  "Version 1",
  "Version 2",
  "Version 3");
Create /etc/snmp/snmp.conf

The contents of the file should be:
defContext ""
defSecurityLevel authNoPriv
Create Device

As documented. http://www.cacti.net/downloads/docs/html/graph_howto.html#NEW_DEVICE
(For Nokia IPSO Appliences use host Templaye Generic SNMP-enabled
HOST, and Associated Data Queries: SNMP - Get Processor Infomation & SNMP -
Interface Statistics )
Create Graph

As Documented. http://www.cacti.net/downloads/docs/html/graph_howto.html

Appendix:

Rpms on my FC3 Machine

$SHELL>rpm -qa | grep mysql
mysql-3.23.58-14
php-mysql-4.3.10-3.2
mysql-server-3.23.58-14
mysql-devel-3.23.58-14
libdbi-dbd-mysql-0.6.5-9

$SHELL> rpm -qa | grep php
php-ldap-4.3.10-3.2
php-mysql-4.3.10-3.2
php-odbc-4.3.10-3.2
php-4.3.10-3.2
php-pear-4.3.10-3.2

$SHELL> rpm -qa | grep http
httpd-suexec-2.0.52-3.1
system-config-httpd-1.3.1-1
httpd-2.0.52-3.1
httpd-manual-2.0.52-3.1

$SHELL> rpm -qa | grep rrd
rrdtool-1.0.49-3

$SHELL> rpm -qa | grep snmp
net-snmp-libs-5.1.2-11
net-snmp-5.1.2-11
net-snmp-utils-5.1.2-11

How to setup snmp v3 on IPSO

(The is a quick guide of the steps needed)
1. Log into Voyager 2. Click Config 3. Below the heading "Security and Access Configuration" Click Users 4. Add a new user (Username , uid {eg. 110}, home {eg /var/uid}), Click Apply 5. Set new users password , click apply 6. CLick Home, config, snmp 7. at the bottom of page set user to read-write

to test from cacti server, try from shell, snmpwalk -u user -A password ,
you should get....

\$SHELL>snmpwalk -u user -A password default_gw
SNMPv2-MIB::sysDescr.0 = STRING: IP650 rev AAA06449-411, IPSO xxx 3.7.1-BUILD004 releng 1227 11.06.2003-010000 i386
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.94.1.21.2.1.8
SNMPv2-MIB::sysUpTime.0 = Timeticks: (382157315) 44 days, 5:32:53.15
SNMPv2-MIB::sysContact.0 = STRING: Me
SNMPv2-MIB::sysName.0 = STRING: Nokia
SNMPv2-MIB::sysLocation.0 = STRING: Here
SNMPv2-MIB::sysServices.0 = INTEGER: 76
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (16) 0:00:00.16
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB

SNMPv2-MIB::sysORID.2 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
.......

ChangeLog
1. 16/3/2005 : [NICK] Doc Complete
2. 17/3/2005 : [NICK] Doc Published on http://forums.cacti.net/
3. 30/3/2005: [NICK] Doc moved into Wordpress to allow viewers to comment directly
END

And I think that's all folks, I hope it works for you & that you find this of some use !.

LINICKX.com

snmpwalk v3 and snmpget v3 examples

snmpwalk version 3

snmpget version 3

These tests are on a Cisco ASA.

Cacti. How to Enable SNMP v3 Polling.

Cacti SNMP v3 How-To (0.2)

Preface:

Limitations:

System Requirements:

Installation:

Appendix:

ChangeLog

END