基于SNMP的网管软件。

prequirse

su – librenms pwd

entity physical for snmp walk

/usr/bin/snmpbulkwalk   -v2c   -c   public   -OQUs   -m   ENTITY-MIB:CISCO-ENTITY-VENDORTYPE-OID-MIB   -M   /opt/librenms/mibs:/opt/librenms/mibs/huawei   udp:192.168.0.12:161   entPhysicalEntry  

snmp walk entity physical without MIB

/usr/bin/snmpbulkwalk -v2c -c public -OQUs udp:192.168.0.12:161 1.3.6.1.2.1.47.1.1.1.1

snmpbulkwalk -v2c -c public -OQUs 192.168.0.12 1.3.6.1.2.1.47.1.1.1.1

interface for snmp walk dump from

 /usr/bin/snmpbulkwalk -v2c -c public -OQUs -m ENTITY-MIB:IF-MIB -M /opt/librenms/mibs:/opt/librenms/mibs/huawei udp:192.168.0.12:161 entAliasMappingIdentifier

………………………………………………

特点

• 它有一个移动友好的Web UI，可定制的仪表板
• 还支持提供核心功能的Android和iOS应用程序。
• 支持多种身份验证方法，例如MySQL，HTTP，LDAP，Radius和Active Directory。

安装

官方提供了VM镜像在此处：

https://docs.librenms.org/Installation/Images/

它是一种开放虚拟机的格式。可以使用

virtual box -> 导入

把此虚拟机导入到virtualbox内

启动virtual box

设置网络配置为「桥接」，一边可以在Windows内访问虚拟主机。 可以通过hostname -I命令查询此虚拟主机的ip地址。假设地址为

http://192.168.0.217/

即可启动此虚拟机，访问此地址，看到libreNMS的WebUI。

默认的一些帐号和密码

1. WebUI

   username: librenms password: D32fwefwef

2. SSH

   username: librenms password: CDne3fwdfds

3. MySQL/MariaDB

   username: librenms password: D42nf23rewD

添加设备

可以在菜单

Devices -> Add Device

内添加设备。输入ip地址，端口号（161)即可。我使用它验证添加了Huawei Smart M5683T，效果还不错。

部分OID可以在这里查询

oid-info.com/get/1.3.6.1…

部分术语

• STP Spanning Tree Protocols 生成树协议参数
• FDB Table. forword database, is used by a Layer 2 device (switch/bridge) to store the MAC addresses that have been learned and which ports that MAC address was learned on.
• .1.3.6.1.2.1.1.2 sysObjectID The vendor’s authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining what kind of box' is being managed. For example, if vendorFlintstones, Inc.’ was assigned the subtree 1.3.6.1.4.1.424242, it could assign the identifier 1.3.6.1.4.1.424242.1.1 to its `Fred Router’. OID 果然和我猜想的一样。.1.3.6.1.2.1.1.2 是强制实现的，在这里知名当前产品的根OID。比如.1.3.6.1.4.1.2011.2.133表示2011华为的2系列产品的133（OLT MA5803T）的根OID。比如.1.3.6.1.4.1.8072.3.2.10表示为8072netsnmp的3系列中的10linux。

URL: google : librenms huawei mib 中查找5683获知其OID为133

What is MIB?

Many network devices and programs come with so-called MIB files that describe the parameters and readings which are available for monitoring via SNMP. MIB files are information files that are independent of hardware and operating systems. They tell network management systems how to retrieve data from devices like routers, switches and network printers, as well as many server software products.

MIB files describe the available readings in tables, values, and registers, using a special abstract text format (Abstract Syntax Notation One ASN.1). Because of this, they need to be translated into a more software compliant form so that network monitoring tools such as PRTG Network Monitor can work quickly and seamlessly with the data. This is the task of a MIB browser. Our MIB-Importer translates MIB files into Paessler’s XML-based OID-Library format.

snmp translate

The snmptranslate tool is a very powerful tool that allows you to browse the MIB tree in various ways from the command line.In its simplest form, it merely looks up an OID and spits it back out in textual form:

% snmptranslate .1.3.6.1.2.1.1.3.0
SNMPv2-MIB::sysUpTime.0

It can also translate into numerical results as well, by adding the -On flag to its options

% snmptranslate -On SNMPv2-MIB::system.sysUpTime.0
.1.3.6.1.2.1.1.3.0

Note that the argument passed can describe a OID in any fashion, and the -On flag merely toggles which type of output is displayed:

% snmptranslate .iso.3.6.1.private.enterprises.2021.2.1.prNames.0
NET-SNMP-MIB::prNames.0
% snmptranslate -On .iso.3.6.1.private.enterprises.2021.2.1.prNames.0
.1.3.6.1.4.1.2021.2.1.2.0

Note how the oid was abbreviated for you? You can change this behaviour as well with -Of:

% snmptranslate -Of .iso.3.6.1.private.enterprises.2021.2.1.prNames.0 .iso.org.dod.internet.private.enterprises.ucdavis.procTable.prEntry.prNames.0

The problem with the above commands is that you have to remember the entire OID for what you’re looking for. Now, we wouldn’t be a very good package if we didn’t provide some sort of random-access lookup function right? Well, the good news is that we do. -IR nicely does this for us, and searches the MIB tree for the node you want:

% snmptranslate sysUpTime.0 Invalid object identifier: sysUpTime.0 % snmptranslate -IR sysUpTime.0 SNMPv2-MIB::sysUpTime.0

Finally, it’ll even try to do regex pattern matching to find the exact node you want given only a piece of its name by using the -Ib (best match) option:

% snmptranslate -Ib ‘sys.*ime’ system.sysUpTime To get a list of all the nodes that match a given pattern, use the -TB flag:

% snmptranslate -TB ‘vacm.*table’ SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyTable SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable SNMP-VIEW-BASED-ACM-MIB::vacmSecurityToGroupTable SNMP-VIEW-BASED-ACM-MIB::vacmContextTable To get extended information about a mib node, use the -Td (description) flag:

% snmptranslate -On -Td -Ib 'sys.*ime'
.1.3.6.1.2.1.1.3
sysUpTime OBJECT-TYPE
  -- FROM	SNMPv2-MIB, RFC1213-MIB
  SYNTAX	TimeTicks
  MAX-ACCESS	read-only
  STATUS	current
  DESCRIPTION	"The time (in hundredths of a second) since the network
            management portion of the system was last re-initialized."
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) system(1) 3 }

Finally, last but certainly not least, if you want a pretty diagram of a section of the mib tree, check out the -Tp flag:

% snmptranslate -Tp -IR system
+--system(1)
   |
   +-- -R-- String sysDescr(1)
   |        Textual Convention: DisplayString
   +-- -R-- ObjID sysObjectID(2)
   +-- -R-- TimeTicks sysUpTime(3)
   +-- -RW- String sysContact(4)
   |        Textual Convention: DisplayString
   +-- -RW- String sysName(5)
   |        Textual Convention: DisplayString
   +-- -RW- String sysLocation(6)
   |        Textual Convention: DisplayString
   +-- -R-- Integer sysServices(7)
   +-- -R-- TimeTicks sysORLastChange(8)
   |        Textual Convention: TimeStamp
   |
   +--sysORTable(9)
      |
      +--sysOREntry(1)
         |
         +-- ---- Integer sysORIndex(1)
         +-- -R-- ObjID sysORID(2)
         +-- -R-- String sysORDescr(3)
         |        Textual Convention: DisplayString
         +-- -R-- TimeTicks sysORUpTime(4)
                  Textual Convention: TimeStamp

As a homework assignment, we’ll leave it up to you to run snmptranslate -Tp without an oid argument, which prints the known MIB tree in its entirety.

添加MIBs

How do I add a MIB?

This is actually two separate questions, depending on whether you are referring to the tools, or the agent (or both). See the next question or the next section respectively.

How do I add a MIB to the tools?

Adding a MIB to the client-side tools has two main effects:

-  it allows you to refer to MIB objects by name
     (rather than having to use the numeric OIDs)
-  it allows the results to be displayed in a more immediately
   meaningful fashion.  Not just giving the object names, but
   also showing named enumeration values, and interpreting table
   indexes properly (particularly for string and OID index values).

There are two steps required to add a new MIB file to the tools. Firstly, copy the MIB file into the appropriate location:

	cp MY-MIB.txt /usr/local/share/snmp/mibs
            (which makes it available to everyone on the system)
    or
        mkdir $HOME/.snmp
        mkdir $HOME/.snmp/mibs
	cp MY-MIB.txt $HOME/.snmp/mibs
            (which makes it available to you only)

Note that the location of the shared MIB directory may be different from that given here – see the FAQ entry “Where should I put my MIB files?” for more information.

Secondly, tell the tools to load this MIB:

    snmpwalk -m +MY-MIB .....
        (load it for this command only)

or

	export MIBS=+MY-MIB
            (load it for this session only)
    or
        echo "mibs +MY-MIB" >> $HOME/.snmp/snmp.conf
            (load it every time)

librenms分析

可以查看inventory，这个功能非常好，但是如何做到的呢？

命令可以提供线索，

./discovery.php -h localhost -m entity-physical -d |more

发现其使用了snmpbulkwalk 传递的OID为 entPhysicalEntry ,定义在entity MIB内，详细完整描述在RFC 4133内。其实设备的构成本来就应该作为基础提供，而不是厂商特定的。

同理，librenms也提供了ports的类别，也可以通过

 ./discovery.php -h localhost -m ports -d |more

发现，其内部使用了IF-MIB定义的。规范定义于rfc2863。

这个命令，内部都是使用的netSNMP提供的snmpwalk，snmpget等命令，所以全面掌握netSNMP是非常必要的。

更多模块可以在在此命令行的介绍页面看到：

https://docs.librenms.org/Support/Discovery%20Support/

指定mib模块的方法

参数-m指定使用mib模块名称，-M指定mib模块的搜索目录。比如：

snmpget -v2c -c public -OQUs -mSNMPv2-MIB -M/opt/librenms/mibs:/opt/librenms/mibs/supermicro:/opt/librenmsmibs/dell udp:localhost:161 sysName.0 sysObjectID.0 sysDescr.0

即可获取系统名称：

sysName.0
sysName.0 = librenms

比如获取设备构成：

snmpget -v2c -c public -OQUs -mENTITY-MIB -M/opt/librenms/mibs:/opt/librenms/mibs/supermicro:/opt/librenmsmibs/dell udp:localhost:161 entPhysicalEntry

更多模块

Discovery modules os: Os detection. This module will pick up the OS of the device.

ports: This module will detect all ports on a device excluding ones configured to be ignored by config options.

ports-stack: Same as ports except for stacks.

entity-physical: Module to pick up the devices hardware support.

processors: Processor support for devices.

mempools: Memory detection support for devices.

cisco-vrf-lite: VRF-Lite detection and support.

ipv4-addresses: IPv4 Address detection

ipv6-addresses: IPv6 Address detection

route: This module will load the routing table of the device. The default route limit is 1000 (configurable in config.php with $config[‘routes’][‘max_number’] = 1000;), with history data.

sensors: Sensor detection such as Temperature, Humidity, Voltages + More

storage: Storage detection for hard disks

hr-device: Processor and Memory support via HOST-RESOURCES-MIB.

discovery-protocols: Auto discovery module for xDP, OSPF and BGP.

arp-table: Detection of the ARP table for the device.

fdb-table: Detection of the Forwarding DataBase table for the device, with history data.

discovery-arp: Auto discovery via ARP.

junose-atm-vp: Juniper ATM support.

bgp-peers: BGP detection and support.

vlans: VLAN detection and support.

cisco-mac-accounting: MAC Address account support.

cisco-pw: Pseudowires wires detection and support.

vrf: VRF detection and support.

cisco-cef: CEF detection and support.

cisco-sla: SLA detection and support.

vmware-vminfo: Detection of vmware guests on an ESXi host

libvirt-vminfo: Detection of libvirt guests.

toner: Toner levels support.

ucd-diskio: Disk I/O support.

services: *Nix services support.

charge: APC Charge detection and support.