使用 Debian 8.9 去 Build VyOS ISO 小筆記

前導文件:

vyos [ vyatta ]
http://xrcd2.blogspot.tw/2014/09/vyos-vyatta.html

VyOS OpenVpn Plugin OTP ( SOP )
http://xrcd2.blogspot.tw/2015/03/vyos-openvpn-plugin-otp-sop.html

VyOS+OpenVPN+MFA
http://xrcd2.blogspot.tw/2016/09/vyosopenvpnmfa.html


Debian 9（stretch） — 當前的穩定版

https://www.debian.org/releases/

發行版目錄

下一代 Debian 正式發行版的代號為 buster — 發布時間尚未確定
Debian 9（stretch） — 當前的穩定版
Debian 8（jessie） — 被淘汰的穩定版
Debian 7（wheezy） — 被淘汰的穩定版
Debian 6.0（squeeze） — 被淘汰的穩定版


VyOS build 的方式可參考:

https://wiki.vyos.net/wiki/Howto_build_an_ISO_image

1.2.0-beta and newer
The image build scripts for 1.2.0 had been rewritten from scratch to clean up the legacy code and
make it easier to add new features.

The build procedures also got much simpler.

Build host preparation
For building VyOS 1.2.0, the build host should run Debian Jessie. Building on Wheezy or Stretch
is theoretically possible but wasn't tested, you can try it at your own risk.

或

https://github.com/vyos/vyos-build/

===============================

VyOS 官網 https://vyos.io/


這裡選擇使用 Debian 8（jessie）做出 ISO  ( live-image-amd64.hybrid.iso ) ,
使用它去開機即可看到如下畫面:

開機完成後即可以看 vyos login 的登入畫面,如下所示: ( default id/pwd vyos/vyos )

安裝及設定方式可參考如下URL

https://wiki.vyos.net/wiki/Installation
https://wiki.vyos.net/wiki/User_Guide
https://wiki.vyos.net/wiki/OpenVPN

為方便安裝 debian 套件所以必需修改 /etc/apt/sources.list
可參考 https://linuxconfig.org/debian-apt-get-jessie-sources-list


Security Updates

# /etc/apt/sources.list :
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free


Taiwan Mirror

# /etc/apt/sources.list :
deb http://ftp.tw.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.tw.debian.org/debian/ jessie main contrib non-free


之後下 apt-get update 即可透過  apt-get install 去安裝 google-authenticator

google-authenticator  git url  https://github.com/google/google-authenticator 

#apt-get install libpam-google-authenticator


OpenVPN MFA 的介接設定


root@Test-OTP-VPN-Server:~# cat /etc/pam.d/openvpn

## A B part

auth required    /lib/security/pam_google_authenticator.so   forward_pass
auth required    /lib/x86_64-linux-gnu/security/pam_unix.so  use_first_pass


vyos@Test-OTP-VPN-Server:~$ cat /etc/debian_version
8.9

root@Test-OTP-VPN-Server:~# uname  -ar
Linux Test-OTP-VPN-Server 4.4.47-amd64-vyos #1 SMP Sun Jul 23 11:41:18
EDT 2017 x86_64 GNU/Linux
root@Test-OTP-VPN-Server:~#


vyos@Test-OTP-VPN-Server:~$ show version
Version:          VyOS 999.201709061524
Built by:         root@debian
Built on:         Wed 06 Sep 2017 15:24 UTC
Build ID:         b1b93737-e3ee-459c-9e72-082479727dac

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-42 3a e8 ed 94 81 e8 34-4f c3 a7 33 b3 2a 8a ef
Hardware UUID:    423AE8ED-9481-E834-4FC3-A733B32A8AEF

Copyright:        VyOS maintainers and contributors
vyos@Test-OTP-VPN-Server:~$


vyos@Test-OTP-VPN-Server:~$ show system image
The system currently has the following image(s) installed:

   1: 999.201709061524 (default boot)

vyos@Test-OTP-VPN-Server:~$

OpenVpn MFA 參考設定:

vyos@Test-OTP-VPN-Server:~$ show configuration commands
set interfaces ethernet eth0 address '192.168.1.168/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '00:50:56:ba:38:3b'
set interfaces ethernet eth0 smp-affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces loopback 'lo'
set interfaces openvpn vtun0 encryption 'aes128'
set interfaces openvpn vtun0 hash 'sha1'
set interfaces openvpn vtun0 local-port '1194'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 openvpn-option '--reneg-sec 0
                                                --duplicate-cn --comp-lzo
                                               --script-security 2
                                               --plugin  /usr/lib/openvpn/openvpn-plugin-auth-pam.so
                                                openvpn
                                          --username-as-common-name'
set interfaces openvpn vtun0 protocol 'tcp-passive'
set interfaces openvpn vtun0 server push-route '192.168.1.0/24'
set interfaces openvpn vtun0 server push-route '192.168.2.0/24'
set interfaces openvpn vtun0 server subnet '192.168.168.0/28'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/keys/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/keys/vpn-server.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/keys/dh1024.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/keys/vpn-server.key'
set nat source rule 10 destination address '0.0.0.0/0'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 protocol 'all'
set nat source rule 10 source address '192.168.170.0/28'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop '192.168.1.202'
set service ssh port '22'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system host-name 'Test-OTP-VPN-Server'
set system login user vyos authentication encrypted-password 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system name-server '168.95.1.1'
set system name-server '168.95.192.1'
set system ntp server '168.95.195.12'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'Asia/Taipei'


PC 的 client.ovpn  參考設定


client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 1194
ca ca.crt
cert client.crt
key client.key
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 3
route-method exe
route-delay 2
auth-user-pass
reneg-sec 0
keepalive 10 120
auth-nocache
inactive 600

cacti plugin thold + Line API Alert

 cacti 0.8.x  + setting plugin (0.71)

# vi /var/www/html/cacti/plugins/settings/include/functions.php

function send_mail($to, $from, $subject, $message, $filename = '', $headers = '') {
....
.....

       // Line API plugin here

        return '';

}

## thold (0.5)

# vi /var/www/html/cacti/plugins/thold/thold_functions.php


function thold_mail($to, $from, $subject, $message, $filename, $headers = '') {
....
.....

       // Line API plugin here

        return '';
}


======================================================

cacti 1.1.x

# vi /var/www/html/cacti/lib/functions.php


function send_mail($to, $from, $subject, $body, $attachments = '', $headers = '', $html = false) {
....
...

// Line API plugin here

        return mailer($from, $to, '', '', '', $subject, $body, '', $attachments, $headers, $html);
}


## thold (1.0.x)


# vi /var/www/html/cacti/plugins/thold/thold_functions.php



function thold_mail($to_email, $from_email, $subject, $message, $filename, $headers = '') {
.......
....

// Line API plugin here

        return '';
}


參考資訊

如何做出 cacti plugin manager + Line API Alert
http://xrcd2.blogspot.tw/2017/01/cacti-plugin-manager-line-api-alert.html

使用 Perl 建立 Line API 運用環境
http://xrcd2.blogspot.tw/2016/12/perl-line-api.html

Line API 使用小筆記
http://www.vlab.com.tw/index.php/forum/21/15572-line-api

本 LAB 參考資訊

CACTI Alert 增加 LineNotify
http://penguinbbs.blogspot.tw/2017/08/cacti-alert-linenotify.html



Demo

Demo2

PRTG Network Monitor 整合 Line Alert 試作圖解

PRTG ( ver 17.2.31.2153 ) 整合 Line Alert 試作圖解如下,
下方其它參考資訊有 Perl 的範例程式,可供參考,
使用其的慣用程式也行,至於 Line API 的使用方式,
亦參考下面的其它參考資訊中的URL,或見 https://github.com/line

關於 PRTG  URL https://www.paessler.com/prtg

圖解開始:

Demo

其它參考資訊

http://xrcd2.blogspot.tw/2017/08/perl-for-windows.html

http://xrcd2.blogspot.tw/2017/07/zabbix-30x-line-alert_19.html

http://xrcd2.blogspot.tw/2016/12/perl-line-api.html

http://xrcd2.blogspot.tw/2017/07/line-api-emoticons.html

https://xexexjonathan.wordpress.com/2012/05/29/prtg-network-monitor-notification/

Perl for Windows

Perl for windows

依據 https://www.perl.org/ 這裡的介紹,我們可以知道 Perl 可以在不同的平台上使用,
如 AIX/Solaris/Linux/FreeBSD/Windows/MAC OS.....

但在 Windows 平台上並沒有內建 Perl 的,所以得另外安裝,目前較多人使用有:

Strawberry Perl ( http://strawberryperl.com/ )

ActivePerl ( https://www.activestate.com/activeperl )

以 ActivePerl 為例可透過 ppm 去安裝 perl module ,
ppm 是一個 Windows UI 介面的安裝
如下圖中的 ActivePerl  為 5.20.2 (目前官網上已有更新至其它較新版本)

Microsoft Windows [版本 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user>perl -v

This is perl 5, version 20, subversion 2 (v5.20.2) built for MSWin32-x86-multi-thread-64int
(with 1 registered patch, see perl -V for more detail)

Copyright 1987-2015, Larry Wall

Binary build 2001 [298913] provided by ActiveState http://www.ActiveState.com
Built Mar 19 2015 15:26:52

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.


C:\Users\user>

另外 如使用  Strawberry Perl  則可使用 cpan or cpanm 去安裝,
下面 Demo 為  Strawberry Perl ( 5.26.0 )

Microsoft Windows [版本 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Windows\system32>perl -v

This is perl 5, version 26, subversion 0 (v5.26.0) built for MSWin32-x86-multi-thread-64int

Copyright 1987-2017, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.


C:\Windows\system32>cpanm
Usage: cpanm [options] Module [...]

Try `cpanm --help` or `man cpanm` for more options.

C:\Windows\system32>cpanm LINE::Bot::API
--> Working on LINE::Bot::API
Fetching http://www.cpan.org/authors/id/Y/YA/YAPPO/LINE-Bot-API-1.04.tar.gz ...
OK
Configuring LINE-Bot-API-1.04 ... OK
==> Found dependencies: Furl
--> Working on Furl
Fetching http://www.cpan.org/authors/id/T/TO/TOKUHIROM/Furl-3.11.tar.gz ... OK
Configuring Furl-3.11 ... OK
==> Found dependencies: HTTP::Parser::XS, Test::TCP
--> Working on HTTP::Parser::XS
Fetching http://www.cpan.org/authors/id/K/KA/KAZUHO/HTTP-Parser-XS-0.17.tar.gz .
.. OK
Configuring HTTP-Parser-XS-0.17 ... OK
Building and testing HTTP-Parser-XS-0.17 ... OK
Successfully installed HTTP-Parser-XS-0.17
--> Working on Test::TCP
Fetching http://www.cpan.org/authors/id/T/TO/TOKUHIROM/Test-TCP-2.19.tar.gz ...
OK
Configuring Test-TCP-2.19 ... OK
==> Found dependencies: Test::SharedFork
--> Working on Test::SharedFork
Fetching http://www.cpan.org/authors/id/E/EX/EXODIST/Test-SharedFork-0.35.tar.gz
 ... OK
Configuring Test-SharedFork-0.35 ... OK
Building and testing Test-SharedFork-0.35 ... OK
Successfully installed Test-SharedFork-0.35
Building and testing Test-TCP-2.19 ... O
......
.........

這要看個人喜愛,這2個都不錯...


當然  ActivePerl  也是可以在 CLI 下 ppm install 去裝 Perl module 如下 Demo...

C:\Perl\bin>ppm install LINE-Bot-API
Downloading LINE-Bot-API-1.04...done
Downloading Furl-3.08...done
Downloading JSON-XS-3.03...done
Downloading HTTP-Parser-XS-0.17...done
Downloading Class-Accessor-Lite-0.08...done
Downloading common-sense-3.74...done
Downloading Types-Serialiser-1.0...done
Unpacking LINE-Bot-API-1.04...done
Unpacking Furl-3.08...done
Unpacking JSON-XS-3.03...done
Unpacking HTTP-Parser-XS-0.17...done
Unpacking Class-Accessor-Lite-0.08...done
Unpacking common-sense-3.74...done
Unpacking Types-Serialiser-1.0...done
Generating HTML for LINE-Bot-API-1.04...done
Generating HTML for Furl-3.08...done
Generating HTML for JSON-XS-3.03...done
Generating HTML for HTTP-Parser-XS-0.17...done
Generating HTML for Class-Accessor-Lite-0.08...done
Generating HTML for common-sense-3.74...done
Generating HTML for Types-Serialiser-1.0...done
Updating files in site area...done
  54 files installed

C:\Perl\bin>

Zabbix 3.0.x 整合 Line Alert 圖解

Zabbix 3.0.x 整合 Line Alert 圖解,下方有 Perl 的範例程式,可供參考,
使用其的慣用程式也行,至於 Line API 的使用方式可參考下面的其它參考資訊,
或見 https://github.com/line

Demo

其它參考資訊

http://xrcd2.blogspot.tw/2016/12/perl-line-api.html
http://xrcd2.blogspot.tw/2017/07/line-api-emoticons.html

Demo Perl Shell:

[root@CentOS73 shell]# pwd
/usr/local/zabbix/shell
[root@CentOS73 shell]# cat line.pl
#!/usr/local/perl-5.26/bin/perl
# Line
#recipient = sys.argv[1]  $ARGV[0]
#subject = sys.argv[2]    $ARGV[1]
#body = sys.argv[3]       $ARGV[2]

$myid="$ARGV[0]";
$subj="$ARGV[1]";
$body="$ARGV[2]";

use LINE::Bot::API;
use LINE::Bot::API::Builder::SendMessage;
$bot = LINE::Bot::API->new(
 channel_secret => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx',
 channel_access_token => 'xxxxxxxxxxxxxxxxxxxxxx',
);

$messages = LINE::Bot::API::Builder::SendMessage->new;
$messages->add_text( text => "$subj \r\n \r\n $body " );
$bot->push_message($myid, $messages->build);
[root@CentOS73 shell]#

line API emoticons 試用

為解一個 line API 傳送文字的限制,在官網上看到的資訊,
順便玩玩這個  emoticons 功能.
官網上的 URL 為 https://devdocs.line.me/en/#send-message-object

Send message object

JSON object which contains the contents of the message you send.

Text
Image
Video
Audio
Location
Sticker
Imagemap
Template
Text

Text example
{
    "type": "text",
    "text": "Hello, world"
}
Field Type Required Description
type String Yes text
text String Yes Message text
Max: 2000 characters
Text example with emoticon

{
    "type": "text",
    "text": "Hello, world 􀂲"
}
You can include emoticons in your message text. Because emoticons are
a part of Unicode, they must be converted from their character codes.
Note that the character code, 0x1000B2, is used in the example on the
right. Although the emoticon does not show up correctly in the browser,
it will show up in LINE.
For a list of emoticons that can be sent with the Messaging API,
see emoticon list.

https://devdocs.line.me/files/emoticon.pdf

perl 的用法可參考
http://www.drdobbs.com/web-development/unicode-in-perl/184416148 
及
https://github.com/patch-orphan/text-emoticon-unicode-pm5


加上 https://github.com/line/line-bot-sdk-perl

所以可以加以變化成 如下的程式.....

[root@CentOS73 bin]# cat Send-Line-Message.pl
#!/usr/local/perl-5.26/bin/perl
use LINE::Bot::API;
use LINE::Bot::API::Builder::SendMessage;

$bot = LINE::Bot::API->new(
    channel_secret       => 'xxxxxxxxxxxxxxxxxxxxxxxxx',
    channel_access_token => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=',
);


use Text::Emoticon;
$emoticon = Text::Emoticon->new('Unicode');
$msg = $emoticon->filter('Howdy :) :( ');


$ToLineUid = 'Uxxxxxxxxxxxxxxxxxxxxxxxxxxxx';


$messages = LINE::Bot::API::Builder::SendMessage->new;
$messages->add_text( text => "Example push text \r\n $msg \x{1F480}" );
$bot->push_message($ToLineUid, $messages->build);
[root@CentOS73 bin]#

Demo

其它參考資訊

http://unicode.org/emoji/charts/full-emoji-list.html

http://xrcd2.blogspot.tw/2016/12/perl-line-api.html

使用 netdata 監控 SNMP 設備試作

使用 netdata 監控 SNMP 設備試作

在 netdata 試裝 ( http://xrcd2.blogspot.tw/2017/06/netdata_21.html ) 後
,接著試透過 netdata 來做一般的 snmp monitor ,
其實大多數的網管軟體都提供這樣的基本功能,但以 netdata 來說,
還是需要一些 snmp 的基礎觀念.故整理一下之前所寫的一些基礎,
供需求的人參考之.


SNMP 基礎


(1) http://xrcd2.blogspot.tw/2012/10/snmp-oids-zabbix.html
     [ 利用SNMP OIDs 加入 Zabbix 監控 ]
(2) http://xrcd2.blogspot.tw/2012/10/snmp-oid.html
     [ 再論 SNMP OIDs ]
(3) http://xrcd2.blogspot.tw/2016/11/snmp-oids.html
     [ 三論 SNMP OIDs ]
(4) http://xrcd2.blogspot.tw/2017/04/snmp-oids.html
     [ 四論 SNMP OIDs ]

其它補充

(2) http://xrcd2.blogspot.tw/2012/11/cisco-router-interface-reliability.html
[ Cisco Router Interface Reliability Status Monitor ( DIY cacti template ) ]


本文開始

參考設定

https://github.com/firehol/netdata/blob/master/conf.d/node.d/snmp.conf.md

SNMP Data Collector


example:

{
    "enable_autodetect": false,
    "update_every": 5,
    "max_request_size": 100,
    "servers": [
        {
            "hostname": "10.11.12.8",
            "community": "public",
            "update_every": 10,
            "max_request_size": 50,
            "options": { "timeout": 10000 },
            "charts": {
                "snmp_switch.bandwidth_port1": {
                    "title": "Switch Bandwidth for port 1",
                    "units": "kilobits/s",
                    "type": "area",
                    "priority": 1,
                    "family": "ports",
                    "dimensions": {
                        "in": {
                            "oid": "1.3.6.1.2.1.2.2.1.10.1",
                            "algorithm": "incremental",
                            "multiplier": 8,
                            "divisor": 1024,
                            "offset": 0
                        },
                        "out": {
                            "oid": "1.3.6.1.2.1.2.2.1.16.1",
                            "algorithm": "incremental",
                            "multiplier": -8,
                            "divisor": 1024,
                            "offset": 0
                        }
                    }
                },
                "snmp_switch.bandwidth_port2": {
                    "title": "Switch Bandwidth for port 2",
                    "units": "kilobits/s",
                    "type": "area",
                    "priority": 1,
                    "family": "ports",
                    "dimensions": {
                        "in": {
                            "oid": "1.3.6.1.2.1.2.2.1.10.2",
                            "algorithm": "incremental",
                            "multiplier": 8,
                            "divisor": 1024,
                            "offset": 0
                        },
                        "out": {
                            "oid": "1.3.6.1.2.1.2.2.1.16.2",
                            "algorithm": "incremental",
                            "multiplier": -8,
                            "divisor": 1024,
                            "offset": 0
                        }
                    }
                }
            }
        }
    ]
}



依據上述的範例,得知 netdata snmp data collector 的方式為 OIDs ,
以 Interface Traffic 來說,可以用 1.3.6.1.2.1.2.2.1.10.ifName ( Inbound )
用 1.3.6.1.2.1.2.2.1.10.ifName (Outgoing )取得流量使用資訊.

這時可以使用  snmpwalk +  snmpget 來確定如何設定正確的 snmp.conf

以 Cisco 2960S Switch 為例



[root@centos73 ~]#  snmpwalk -Os -c cisco -v 2c 192.168.111.198  system | more
sysDescr.0 = STRING: Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M),
Version 15.2(1)E, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 27-Aug-13 11:59 by prod_rel_team
sysObjectID.0 = OID: enterprises.9.1.1208
sysUpTimeInstance = Timeticks: (758822632) 87 days, 19:50:26.32
sysContact.0 = STRING:
sysName.0 = STRING: Switch
sysLocation.0 = STRING:
sysServices.0 = INTEGER: 6
sysORLastChange.0 = Timeticks: (0) 0:00:00.00
sysORID.1 = OID: enterprises.9.7.129
sysORID.2 = OID: enterprises.9.7.115

.....
.....
.....
.....


[root@centos73 ~]#  snmpwalk -Os -c cisco  -v 2c 192.168.111.198  1.3.6.1.2.1.31.1.1.1.1
ifName.1 = STRING: Vl1
ifName.5137 = STRING: StackPort1
ifName.10101 = STRING: Gi1/0/1
ifName.10102 = STRING: Gi1/0/2
ifName.10103 = STRING: Gi1/0/3
ifName.10104 = STRING: Gi1/0/4
ifName.10105 = STRING: Gi1/0/5
ifName.10106 = STRING: Gi1/0/6
ifName.10107 = STRING: Gi1/0/7
ifName.10108 = STRING: Gi1/0/8
ifName.10109 = STRING: Gi1/0/9
ifName.10110 = STRING: Gi1/0/10
ifName.10111 = STRING: Gi1/0/11
ifName.10112 = STRING: Gi1/0/12
ifName.10113 = STRING: Gi1/0/13
ifName.10114 = STRING: Gi1/0/14
ifName.10115 = STRING: Gi1/0/15
ifName.10116 = STRING: Gi1/0/16
ifName.10117 = STRING: Gi1/0/17
ifName.10118 = STRING: Gi1/0/18
ifName.10119 = STRING: Gi1/0/19
ifName.10120 = STRING: Gi1/0/20
ifName.10121 = STRING: Gi1/0/21
ifName.10122 = STRING: Gi1/0/22
ifName.10123 = STRING: Gi1/0/23
ifName.10124 = STRING: Gi1/0/24
ifName.10125 = STRING: Gi1/0/25
ifName.10126 = STRING: Gi1/0/26
ifName.10127 = STRING: Gi1/0/27
ifName.10128 = STRING: Gi1/0/28
ifName.10129 = STRING: Gi1/0/29
ifName.10130 = STRING: Gi1/0/30
ifName.10131 = STRING: Gi1/0/31
ifName.10132 = STRING: Gi1/0/32
ifName.10133 = STRING: Gi1/0/33
ifName.10134 = STRING: Gi1/0/34
ifName.10135 = STRING: Gi1/0/35
ifName.10136 = STRING: Gi1/0/36
ifName.10137 = STRING: Gi1/0/37
ifName.10138 = STRING: Gi1/0/38
ifName.10139 = STRING: Gi1/0/39
ifName.10140 = STRING: Gi1/0/40
ifName.10141 = STRING: Gi1/0/41
ifName.10142 = STRING: Gi1/0/42
ifName.10143 = STRING: Gi1/0/43
ifName.10144 = STRING: Gi1/0/44
ifName.10145 = STRING: Gi1/0/45
ifName.10146 = STRING: Gi1/0/46
ifName.10147 = STRING: Gi1/0/47
ifName.10148 = STRING: Gi1/0/48
ifName.10149 = STRING: Gi1/0/49
ifName.10150 = STRING: Gi1/0/50
ifName.10151 = STRING: Gi1/0/51
ifName.10152 = STRING: Gi1/0/52
ifName.12001 = STRING: Nu0
ifName.12002 = STRING: Fa0
[root@centos73 ~]#

取得該 Switch Port  Gi1/0/11 的流量資訊 (ifName.10111 = STRING: Gi1/0/11)

In

[root@centos73 ~]# snmpget -v2c -c cisco 192.168.111.198  1.3.6.1.2.1.2.2.1.10.10111
IF-MIB::ifInOctets.10111 = Counter32: 2637654576

Out

[root@centos73 ~]# snmpget -v2c -c cisco 192.168.111.198  1.3.6.1.2.1.2.2.1.16.10111
IF-MIB::ifOutOctets.10111 = Counter32: 1963738193
[root@centos73 ~]#



=================


[root@centos73 node.d]# pwd
/etc/netdata/node.d


抄改上面的  example:


[root@centos73 node.d]# vi   snmp.conf  [圖一]
{
    "enable_autodetect": false,
    "update_every": 5,
    "max_request_size": 100,
    "servers": [
        {
            "hostname": "192.168.111.198",
            "community": "cisco",
            "update_every": 10,
            "max_request_size": 50,
            "options": { "timeout": 10000 , "version": 1 },
            "charts": {
                "snmp_switch.bandwidth_port1": {
                    "title": "Switch Bandwidth for port 1",
                    "units": "kilobits/s",
                    "type": "area",
                    "priority": 1,
                    "family": "ports",
                    "dimensions": {
                        "in": {
                            "oid": "1.3.6.1.2.1.2.2.1.10.10101",
                            "algorithm": "incremental",
                            "multiplier": 8,
                            "divisor": 1024,
                            "offset": 0
                        },
                        "out": {
                            "oid": "1.3.6.1.2.1.2.2.1.16.10101",
                            "algorithm": "incremental",
                            "multiplier": -8,
                            "divisor": 1024,
                            "offset": 0
                        }
                    }
                },
                "snmp_switch.bandwidth_port11": {
                    "title": "Switch Bandwidth for port 11",
                    "units": "kilobits/s",
                    "type": "area",
                    "priority": 1,
                    "family": "ports",
                    "dimensions": {
                        "in": {
                            "oid": "1.3.6.1.2.1.2.2.1.10.10111",
                            "algorithm": "incremental",
                            "multiplier": 8,
                            "divisor": 1024,
                            "offset": 0
                        },
                        "out": {
                            "oid": "1.3.6.1.2.1.2.2.1.16.10111",
                            "algorithm": "incremental",
                            "multiplier": -8,
                            "divisor": 1024,
                            "offset": 0
                        }
                    }
                }
            }
        }
    ]
}



========

修改自另一個範例 multiply_range


[root@centos73 node.d]# cat snmp.conf [圖二]
{
    "enable_autodetect": false,
    "update_every": 60,
    "servers": [
        {
            "hostname": "192.168.111.198",
            "community": "cisco",
            "update_every": 60,
            "options": { "timeout": 20000, "version": 1 },
            "charts": {
                "snmp_switch.bandwidth_port": {
                    "title": "Switch Bandwidth for port ",
                    "units": "kilobits/s",
                    "type": "area",
                    "priority": 1,
                    "family": "ports",
                    "multiply_range": [ 10101, 10152 ],
                    "dimensions": {
                        "in": {
                            "oid": "1.3.6.1.2.1.2.2.1.10.",
                            "algorithm": "incremental",
                            "multiplier": 8,
                            "divisor": 1024,
                            "offset": 0
                        },
                        "out": {
                            "oid": "1.3.6.1.2.1.2.2.1.16.",
                            "algorithm": "incremental",
                            "multiplier": -8,
                            "divisor": 1024,
                            "offset": 0
                        }
                    }
                }
            }
        }
    ]
}

===================

驗證 snmp plugin

( 可參考 https://github.com/firehol/netdata/blob/master/conf.d/node.d/snmp.conf.md
 [ Testing the configuration ] 這一段的方式 )

[root@centos73 node.d]# /usr/libexec/netdata/plugins.d/node.d.plugin 1 snmp
/usr/libexec/netdata/plugins.d/node.d.plugin: line 2: exec: ERROR node.js IS NOT AVAILABLE IN THIS SYSTEM: not found


出現上述這訊息即為,未安裝 nodejs 套件

解法

#yum install epel-release
#yum install nodejs

驗證 nodejs

[root@centos73 node.d]# node --version
v6.10.3


裝好後再測試一次

[root@centos73 node.d]# /usr/libexec/netdata/plugins.d/node.d.plugin 1 snmp
2017-06-22 11:07:00: node.d.plugin: ERROR: snmp: 192.168.111.198: Received error = TypeError: snmp.varbindError is not a function
    at Object.responseCb (/usr/libexec/netdata/node.d/snmp.node.js:267:89)
    at Object.feedCb (/usr/libexec/netdata/node.d/node_modules/net-snmp.js:646:8)
    at Object.Session.onSimpleGetResponse [as onResponse] (/usr/libexec/netdata/node.d/node_modules/net-snmp.js:960:7)
    at Session.onMsg (/usr/libexec/netdata/node.d/node_modules/net-snmp.js:929:9)
    at emitTwo (events.js:106:13)
    at Socket.emit (events.js:191:7)
    at UDP.onMessage (dgram.js:549:8) varbinds = undefined
DISABLE

出現上述訊息則為 snmp.conf 設定錯誤,請利用 snmpwalk +  snmpget 來確認 snmp 相關資訊的配置.


過關無誤則會出現以下資訊

[root@centos73 node.d]# /usr/libexec/netdata/plugins.d/node.d.plugin 1 snmp
CHART "snmp_switch.bandwidth_port1" "snmp_switch.bandwidth_port1" "Switch Bandwidth for port 1" "kilobits/s" "ports" "" "area" 50001 10
DIMENSION "in" "in" "incremental" 8 1024
DIMENSION "out" "out" "incremental" -8 1024
BEGIN snmp_switch.bandwidth_port1
SET in = 1167620306
SET out = 220094275
END

CHART "snmp_switch.bandwidth_port11" "snmp_switch.bandwidth_port11" "Switch Bandwidth for port 11" "kilobits/s" "ports" "" "area" 50001 10
DIMENSION "in" "in" "incremental" 8 1024
DIMENSION "out" "out" "incremental" -8 1024
BEGIN snmp_switch.bandwidth_port11
SET in = 2509704807
SET out = 1913107763
END

BEGIN snmp_switch.bandwidth_port1 3548000
SET in = 1167620306
SET out = 220107600
END

BEGIN snmp_switch.bandwidth_port11 3548000
SET in = 2509816273
SET out = 1913162904
END

BEGIN snmp_switch.bandwidth_port1 10040000
SET in = 1167620306
SET out = 220133355
END

BEGIN snmp_switch.bandwidth_port11 10040000
SET in = 2510106481
SET out = 1913238854
END
.....

新增圖示可參考如下 URL

https://github.com/firehol/netdata/wiki/Add-more-charts-to-netdata#network

Add more charts to netdata

configuring plugins

Most plugins come with auto-detection, configured to work out-of-the-box on popular
operating systems with the default settings.

However, there are cases that auto-detection fails. Usually the reason is that the
applications to be monitored do not allow netdata to connect. In most of the cases,
allowing the user netdata from localhost to connect and collect metrics, will
automatically enable data collection for the application in question
(it will require a netdata restart).

You can verify netdata plugins are able to collect metrics, following this procedure:

# become user netdata
sudo su -s /bin/bash netdata

# execute the plugin in debug mode, for a specific module.
# example for the python plugin, mysql module:
/usr/libexec/netdata/plugins.d/python.d.plugin 1 debug mysql

其它參考資訊

General Info node.d

https://github.com/firehol/netdata/wiki/General-Info---node.d


Demo

2 interface [圖一]

All Interface [圖二]

netdata 試裝

今天在網上亂逛,剛好看到一個 netdata 的軟體,
網上是說~它是可以用來即時監控 Linux 的網管軟體,
而且安裝很簡單,就順手裝來玩看看.

安裝的 SOP 如下:  OS　以 CentOS 7 為例　(netdata  release 1.6.0)

#yum install -y zlib-devel gcc make git autoconf autogen automake pkgconfig libuuid libuuid-devel

#git clone https://github.com/firehol/netdata.git

#cd netdata

#./netdata-installer.sh

如缺相依軟體則會顯示
....

Sorry! netdata failed to build...

You many need to check these:

1. The package uuid-dev (or libuuid-devel) has to be installed.

   If your system cannot find libuuid, although it is installed
   run me with the option:  --libs-are-really-here

2. The package zlib1g-dev (or zlib-devel) has to be installed.

   If your system cannot find zlib, although it is installed
   run me with the option:  --libs-are-really-here

3. You need basic build tools installed, like:

   gcc make autoconf automake pkg-config

   Autoconf version 2.60 or higher is required.

If you still cannot get it to build, ask for help at github:

   https://github.com/firehol/netdata/issues

如安裝完成則會顯示:
....

Downloading default configuration from netdata...
New configuration saved for you to edit at /etc/netdata/netdata.conf
 --- Check KSM (kernel memory deduper) ---

Memory de-duplication instructions

You have kernel memory de-duper (called Kernel Same-page Merging,
or KSM) available, but it is not currently enabled.

To enable it run:

    echo 1 >/sys/kernel/mm/ksm/run
    echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs

If you enable it, you will save 40-60% of netdata memory.

 --- Check version.txt ---
 --- Check apps.plugin ---
 --- Generate netdata-uninstaller.sh ---
 --- Basic netdata instructions ---

netdata by default listens on all IPs on port 19999,
so you can access it with:

  http://this.machine.ip:19999/

To stop netdata run:

  systemctl stop netdata

To start netdata run:

  systemctl start netdata


Uninstall script generated: ./netdata-uninstaller.sh
Update script generated   : ./netdata-updater.sh

netdata-updater.sh can work from cron. It will trigger an email from cron
only if it fails (it does not print anything when it can update netdata).
Run this to automatically check and install netdata updates once per day:

sudo ln -s /usr/local/src/netdata/netdata/netdata-updater.sh /etc/cron.daily/netdata-updater

 --- We are done! ---

  ^
  |.-.   .-.   .-.   .-.   .-.   .  netdata                          .-.   .-
  |   '-'   '-'   '-'   '-'   '-'   is installed and running now!  -'   '-'
  +----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--->

  enjoy real-time performance and health monitoring...

..

那就可以直接連入該主機的  monitor  web 了,
如果安裝多台亦可以在同一個 Browser 去點選不同的主機.

關於 netdata

https://github.com/firehol/netdata


Demo

http://my-netdata.io/#demosites



其它的 Demo Sites URL 寫在 ( https://github.com/firehol/netdata/wiki )

http://london.my-netdata.io/
http://atlanta.my-netdata.io/
http://bangalore.my-netdata.io/
http://sanfrancisco.my-netdata.io
.....


https://my-netdata.io

★ Scalable
netdata scales out, your web browser is the central netdata connecting all your servers together.
But netdata can also replicate its database to other netdata, and archive its metrics to graphite,
 opentsdb, influxdb or prometheus at a lower rate, to avoid congesting these servers with the
amount of data collected.


https://github.com/firehol/netdata/wiki/netdata-backends

所以 dashboard 就有多種的變化可能....

如 grafana  + netdata ( https://grafana.com/dashboards/1295 ).....

四論 SNMP OIDs

基礎入門

(1)利用SNMP OIDs 加入 Zabbix 監控
http://xrcd2.blogspot.tw/2012/10/snmp-oids-zabbix.html

(2)再論 SNMP OIDs
http://xrcd2.blogspot.tw/2012/10/snmp-oid.html

(3)三論 SNMP OIDs
http://xrcd2.blogspot.tw/2016/11/snmp-oids.html

(4)四論 SNMP OIDs


本文開始


縁起於 http://www.netadmin.com.tw/article_content.aspx?sn=1702080002
網管人-技術專欄
2017/2/15
透過SNMP Query Index協助管理 資源流量圖表自動產出
Cacti監控報表圖多不愁　批次抓取設備資料繪製
丁光立

因為想多學一點 Cacti 的技巧,所以參考了上述文章,一些觀念,寫成這個小筆記供需要
的人參考,但本文會著重於 Linux (CentOS) 的 snmp 實用指令簡介及運用與
 snmp.conf 的撰寫參考等等.建議在閱讀本文之前,可看參考上述基本門,強化
 snmp 基本觀念.


(1) linux (  CentOS ) snmpd.conf
詳細設定可參考
http://net-snmp.sourceforge.net/docs/man/snmpd.conf.html

為方便使用可參考如下設定,請抄改成個人的使用環境配置.

[root@bbb /]# cat /etc/snmp/snmpd.conf

rocommunity public

#這一行是宣告 MIB 檔的目錄.
#MIBDIRS /usr/share/snmp/mibs:/usr/share/snmp/private-mibs
#這一行是宣告載入所有的 MIB 檔
#MIBS all

#宣告使用 CHECK-R77-MIB及CISCO-QOS-PIB-MIB
mibs +CHECK-R77-MIB:CISCO-QOS-PIB-MIB
#宣告使用 CISCO-MEMORY-POOL-MIB
mibs +CISCO-MEMORY-POOL-MIB

#另一種宣告方式

mibfile /usr/share/snmp/mibs/CHECK-R77-MIB.txt

#其它資訊

sysLocation vlab
sysContact wwww.vlab.com.tw
sysName Cacti

# 其它參考資訊如下 URL
# http://www.net-snmp.org/FAQ.html#How_do_I_add_a_MIB_
# 系統預設的 mibs 的目錄為 /usr/share/snmp/mibs 可將自行下載的 mib 檔放置於此目錄內.


測試一下 本機 liunx 的系統資訊

[root@bbb /]# snmpwalk -v2c -c public localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux www.vlab.com.tw 2.6.32-642.11.1.el6.x86_64 #1 SMP Fri Nov 18 19:25:05 UTC 2016 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (11265) 0:01:52.65
SNMPv2-MIB::sysContact.0 = STRING: wwww.vlab.com.tw
SNMPv2-MIB::sysName.0 = STRING: Cacti
SNMPv2-MIB::sysLocation.0 = STRING: vlab
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1
SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (3) 0:00:00.03
[root@bbb /]#


===================================================

Cisco 設備啟用 snmp 服務


Router#sh run 
.....
.....
!
!
snmp-server community public RO
!
!
....
.....

Router#sh ver 
Cisco IOS XE Software, Version 03.10.02.S - Extended Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.3(3)S2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 31-Jan-14 20:10 by mcpre
.....


Router#show memory 
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor  7F4216AD6010   2232382384   195274364   2037108020   2036934440   1332474908
 lsmpi_io  7F41C34CE1A8     6295128     6294304         824         824         412


=================================================


測試一下 Cisco 設備的系統資訊

[root@bbb /]# snmpwalk -v2c -c public 192.168.111.158 system
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.3(3)S2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 31-Jan-14 20:10 by mcpre
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.1537
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (10206994) 1 day, 4:21:09.94
SNMPv2-MIB::sysContact.0 = STRING: 
SNMPv2-MIB::sysName.0 = STRING: Router
SNMPv2-MIB::sysLocation.0 = STRING: 
SNMPv2-MIB::sysServices.0 = INTEGER: 78
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00



(2)使用 export MIBS , 以 CISCO-MEMORY-POOL-MIB 為例


[root@bbb /]# MIBS=+CISCO-MEMORY-POOL-MIB
[root@bbb /]# export MIBS


[root@bbb /]#   snmpwalk -c public -v2c     192.168.111.158   .1.3.6.1.4.1.9.9.48
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.1 = STRING: Processor
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.14 = STRING: lsmpi_io
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.1 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.14 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.1 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.14 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.1 = Gauge32: 195206240 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.14 = Gauge32: 6294296 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.1 = Gauge32: 2037176144 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.14 = Gauge32: 832 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.1 = Gauge32: 1332474908 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.14 = Gauge32: 412 bytes


(3) 未使用 CISCO-MEMORY-POOL-MIB


[root@bbb /]#  snmpwalk -c public -v2c     192.168.111.158   .1.3.6.1.4.1.9.9.48
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.1 = STRING: "Processor"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.14 = STRING: "lsmpi_io"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.3.1 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.48.1.1.1.3.14 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.48.1.1.1.4.1 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.48.1.1.1.4.14 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.1 = Gauge32: 195206240
SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.14 = Gauge32: 6294296
SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.1 = Gauge32: 2037176144
SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.14 = Gauge32: 832
SNMPv2-SMI::enterprises.9.9.48.1.1.1.7.1 = Gauge32: 1332474908
SNMPv2-SMI::enterprises.9.9.48.1.1.1.7.14 = Gauge32: 412

一般而言,有導入使用 MIB 檔會比較方便閱讀與理解.


(4)透過 load mib 參數



[root@bbb/]# snmpwalk -c public -v2c 192.168.111.158 CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolMIB
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.1 = STRING: Processor
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.14 = STRING: lsmpi_io
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.1 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.14 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.1 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.14 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.1 = Gauge32: 195216024 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.14 = Gauge32: 6294296 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.1 = Gauge32: 2037166360 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.14 = Gauge32: 832 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.1 = Gauge32: 1332474908 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.14 = Gauge32: 412 bytes


或

[root@bbb /]# snmpwalk -c public -v2c  -m CISCO-MEMORY-POOL-MIB   192.168.111.158   .1.3.6.1.4.1.9.9.48
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.1 = STRING: Processor
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.14 = STRING: lsmpi_io
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.1 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.14 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.1 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.14 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.1 = Gauge32: 195216016 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.14 = Gauge32: 6294296 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.1 = Gauge32: 2037166368 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.14 = Gauge32: 832 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.1 = Gauge32: 1332474908 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.14 = Gauge32: 412 bytes


(5) OIDs 表示法

[root@bbb /]#  snmpwalk -c public -v2c  192.168.111.158 .iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB

CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.1 = STRING:  Processor
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.14 = STRING: lsmpi_io
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.1 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.14 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.1 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.14 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.1 = Gauge32: 195210248 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.14 = Gauge32: 6294296 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.1 = Gauge32: 2037172136 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.14 = Gauge32: 832 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.1 = Gauge32: 1332474908 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.14 = Gauge32: 412 bytes
[root@bbb /]#

如未載入  CISCO-MEMORY-POOL-MIB

[root@bbb /]# snmpwalk -c public -v2c  192.168.111.158 .iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB

No log handling enabled - turning on stderr logging
.iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB: Unknown Object Identifier (Sub-id not found: enterprises -> cisco)

[root@bbb /]#

改用數字

[root@bbb /]#  snmpwalk -c public -v2c     192.168.111.158   .1.3.6.1.4.1.9.9.48
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.1 = STRING: "Processor"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.14 = STRING: "lsmpi_io "
SNMPv2-SMI::enterprises.9.9.48.1.1.1.3.1 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.48.1.1.1.3.14 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.48.1.1.1.4.1 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.48.1.1.1.4.14 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.1 = Gauge32: 195210248
SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.14 = Gauge32: 6294296
SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.1 = Gauge32: 2037172136
SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.14 = Gauge32: 832
SNMPv2-SMI::enterprises.9.9.48.1.1.1.7.1 = Gauge32: 1332474908
SNMPv2-SMI::enterprises.9.9.48.1.1.1.7.14 = Gauge32: 412
[root@bbb snmp]#


(6)  snmptranslate

可參考 http://net-snmp.sourceforge.net/tutorial/tutorial-5/commands/mib-options.html


[root@bbb /]#  snmptranslate  1.3.6.1.4.1.9.9.48
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolMIB
[root@bbb /]#


未載入  CISCO-MEMORY-POOL-MIB

[root@bbb /]#  snmptranslate  1.3.6.1.4.1.9.9.48
SNMPv2-SMI::enterprises.9.9.48

[root@bbb /]#  snmptranslate  -IR -On ciscoMemoryPoolMIB
Unknown object identifier: ciscoMemoryPoolMIB
[root@bbb /]#

指定載入  CISCO-MEMORY-POOL-MIB

[root@bbb /]#  snmptranslate -m CISCO-MEMORY-POOL-MIB  -IR -Onf ciscoMemoryPoolMIB
.iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB

或預設載入  CISCO-MEMORY-POOL-MIB

[root@bbb /]# snmptranslate  -IR -On ciscoMemoryPoolMIB
.1.3.6.1.4.1.9.9.48

[root@bbb /]# snmptranslate  .1.3.6.1.4.1.9.9.48
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolMIB
[root@bbb /]#

OIDs 的二種表示法

[root@bbb /]# snmptranslate  -IR -Onf ciscoMemoryPoolMIB
.iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB

[root@bbb /]# snmptranslate  -IR -On ciscoMemoryPoolMIB
.1.3.6.1.4.1.9.9.48
[root@bbb /]#

(7)SNMP OIDs Tree [ CISCO-MEMORY-POOL-MIB  ]

[root@bbb /]# snmptranslate -Tp -m  CISCO-MEMORY-POOL-MIB  
+--iso(1)
   |
   +--org(3)
      |
      +--dod(6)
         |
         +--internet(1)
            |
            +--directory(1)
            |
            +--mgmt(2)
            |  |
            |  +--mib-2(1)
            |     |
            |     +--transmission(10)
            |
            +--experimental(3)
            |
            +--private(4)
            |  |
            |  +--enterprises(1)
            |     |
            |     +--cisco(9)
            |        +--ciscoProducts(1)
            |        +--local(2)
            |        +--temporary(3)
            |        +--pakmon(4)
            |        +--workgroup(5)
            |        +--otherEnterprises(6)
            |        |  +--ciscoSB(1)
            |        |  +--ciscoSMB(2)
            |        |
            |        +--ciscoAgentCapability(7)
            |        +--ciscoConfig(8)
            |        +--ciscoMgmt(9)
            |        |  +--ciscoMemoryPoolMIB(48)
            |        |     |
            |        |     +--ciscoMemoryPoolObjects(1)
            |        |     |  |
            |        |     |  +--ciscoMemoryPoolTable(1)
            |        |     |  |  |
            |        |     |  |  +--ciscoMemoryPoolEntry(1)
            |        |     |  |     |  Index: ciscoMemoryPoolType
            |        |     |  |     |
            |        |     |  |     +-- ---- Integer32 ciscoMemoryPoolType(1)
            |        |     |  |     |        Textual Convention: CiscoMemoryPoolTypes
            |        |     |  |     |        Range: 1..65535
            |        |     |  |     +-- -R-- String    ciscoMemoryPoolName(2)
            |        |     |  |     |        Textual Convention: DisplayString
            |        |     |  |     |        Size: 0..255
            |        |     |  |     +-- -R-- Integer32 ciscoMemoryPoolAlternate(3)
            |        |     |  |     |        Range: 0..65535
            |        |     |  |     +-- -R-- EnumVal   ciscoMemoryPoolValid(4)
            |        |     |  |     |        Textual Convention: TruthValue
            |        |     |  |     |        Values: true(1), false(2)
            |        |     |  |     +-- -R-- Gauge     ciscoMemoryPoolUsed(5)
            |        |     |  |     +-- -R-- Gauge     ciscoMemoryPoolFree(6)
            |        |     |  |     +-- -R-- Gauge     ciscoMemoryPoolLargestFree(7)
            |        |     |  |
            |        |     |  +--ciscoMemoryPoolUtilizationTable(2)
            |        |     |     |
            |        |     |     +--ciscoMemoryPoolUtilizationEntry(1)
            |        |     |        |
            |        |     |        +-- -R-- INTEGER   ciscoMemoryPoolUtilization1Min(1)
            |        |     |        |        Textual Convention: Percent
            |        |     |        |        Range: 0..100
            |        |     |        +-- -R-- INTEGER   ciscoMemoryPoolUtilization5Min(2)
            |        |     |        |        Textual Convention: Percent
            |        |     |        |        Range: 0..100
            |        |     |        +-- -R-- INTEGER   ciscoMemoryPoolUtilization10Min(3)
            |        |     |                 Textual Convention: Percent
            |        |     |                 Range: 0..100
            |        |     |
            |        |     +--ciscoMemoryPoolNotifications(2)
            |        |     |
            |        |     +--ciscoMemoryPoolConformance(3)
            |        |        |
            |        |        +--ciscoMemoryPoolCompliances(1)
            |        |        |  |
            |        |        |  +--ciscoMemoryPoolCompliance(1)
            |        |        |  +--ciscoMemoryPoolComplianceRev1(2)
            |        |        |
            |        |        +--ciscoMemoryPoolGroups(2)
            |        |           |
            |        |           +--ciscoMemoryPoolGroup(1)
            |        |           +--ciscoMemoryPoolUtilizationGroup(2)
            |        |
            |        +--ciscoExperiment(10)
            |        +--ciscoAdmin(11)
            |        |  +--ciscoProxy(1)
            |        |  |  |
            |        |  |  +--ciscoPartyProxy(1)
            |        |  |  |
            |        |  |  +--ciscoContextProxy(2)
            |        |  |
            |        |  +--ciscoRptrGroupObjectID(2)
            |        |  |  +--ciscoUnknownRptrGroup(1)
            |        |  |  +--cisco2505RptrGroup(2)
            |        |  |  +--cisco2507RptrGroup(3)
            |        |  |  +--cisco2516RptrGroup(4)
            |        |  |  +--ciscoWsx5020RptrGroup(5)
            |        |  |
            |        |  +--ciscoChipSets(3)
            |        |     +--ciscoChipSetSaint1(1)
            |        |     +--ciscoChipSetSaint2(2)
            |        |     +--ciscoChipSetSaint3(3)
            |        |     +--ciscoChipSetSaint4(4)


.............................

.............................


(8) 實戰透過 snmpwalk 取得 ciscoMemoryPool 資訊

可參考http://www.oidview.com/mibs/9/CISCO-MEMORY-POOL-MIB.html

以   Processor Memory Pool 及 lsmpi_io Memory Pool 為例

[root@bbb /]# snmptranslate  -IR -Onf ciscoMemoryPoolName
.iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB.ciscoMemoryPoolObjects.ciscoMemoryPoolTable.ciscoMemoryPoolEntry.ciscoMemoryPoolName

或


[root@bbb /]# snmptranslate -m CISCO-MEMORY-POOL-MIB  -IR -Onf ciscoMemoryPoolName
.iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoMemoryPoolMIB.ciscoMemoryPoolObjects.ciscoMemoryPoolTable.ciscoMemoryPoolEntry.ciscoMemoryPoolName

[root@bbb /]# snmptranslate -m CISCO-MEMORY-POOL-MIB  -IR -On ciscoMemoryPoolName
.1.3.6.1.4.1.9.9.48.1.1.1.2
[root@bbb /]#


或

[root@bbb ~]#  snmpwalk -c public -v2c     192.168.111.158   1.3.6.1.4.1.9.9.48
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.1 = STRING: "Processor"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.14 = STRING: "lsmpi_io"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.3.1 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.48.1.1.1.3.14 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.48.1.1.1.4.1 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.48.1.1.1.4.14 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.1 = Gauge32: 195206240
SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.14 = Gauge32: 6294296
SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.1 = Gauge32: 2037176144
SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.14 = Gauge32: 832
SNMPv2-SMI::enterprises.9.9.48.1.1.1.7.1 = Gauge32: 1332474908
SNMPv2-SMI::enterprises.9.9.48.1.1.1.7.14 = Gauge32: 412



[root@bbb /]#  snmpwalk -c public -v2c  192.168.111.158 .1.3.6.1.4.1.9.9.48
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.1 = STRING: Processor
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.14 = STRING: lsmpi_io
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.1 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolAlternate.14 = INTEGER: 0
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.1 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolValid.14 = INTEGER: true(1)
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.1 = Gauge32: 195210248 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.14 = Gauge32: 6294296 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.1 = Gauge32: 2037172136 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.14 = Gauge32: 832 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.1 = Gauge32: 1332474908 bytes
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolLargestFree.14 = Gauge32: 412 bytes
[root@bbb /]#



[root@bbb /]# snmpwalk -c public -v2c     192.168.111.158   1.3.6.1.4.1.9.9.48.1.1.1.2
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.1 = STRING: Processor
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolName.14 = STRING: lsmpi_io


Processor MemoryPool


[root@bbb /]#  snmpwalk -c public -v2c     192.168.111.158   1.3.6.1.4.1.9.9.48.1.1.1.5.1
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.1 = Gauge32: 195206240 bytes
[root@bbb log]#

[root@bbb /]#  snmpwalk -c public -v2c     192.168.111.158   1.3.6.1.4.1.9.9.48.1.1.1.6.1
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.1 = Gauge32: 2037176144 bytes



lsmpi_io MemoryPool


[root@bbb /]#  snmpwalk -c public -v2c     192.168.111.158   1.3.6.1.4.1.9.9.48.1.1.1.5.14
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolUsed.14 = Gauge32: 6294296 bytes


[root@bbb /]#  snmpwalk -c public -v2c     192.168.111.158   1.3.6.1.4.1.9.9.48.1.1.1.6.14
CISCO-MEMORY-POOL-MIB::ciscoMemoryPoolFree.14 = Gauge32: 832 bytes



對照 Cicso 設備下指令顯示的資訊,看到的資訊應該跟 snmpget 到的資訊差不多才是


Router#show memory 
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor  7F4216AD6010   2232382384   195274364   2037108020   2036934440   1332474908
 lsmpi_io  7F41C34CE1A8     6295128     6294304         824         824         412
....
....


---End


Cacti Demo

http://www.oidview.com/mibs/9/CISCO-MEMORY-POOL-MIB.html

加碼 Demo

FortiGate SNMP OIDs

fgSysDiskUsage 1.3.6.1.4.1.12356.101.4.1.6
fgSysDiskCapacity 1.3.6.1.4.1.12356.101.4.1.7

FortiGate CLI

FortiGateCMD#dia sys logdisk usage


http://www.oidview.com/mibs/12356/FORTINET-FORTIGATE-MIB.html

[root@bbb mibs]# snmptranslate -m FORTINET-FORTIGATE-MIB  -IR -Onf fgSysDiskUsage
.iso.org.dod.internet.private.enterprises.fortinet.fnFortiGateMib.fgSystem.fgSystemInfo.fgSysDiskUsage

[root@bbb mibs]# snmptranslate -m FORTINET-FORTIGATE-MIB  -IR -On fgSysDiskUsage
.1.3.6.1.4.1.12356.101.4.1.6
[root@bbb mibs]#


[root@bbb mibs]# snmptranslate -m FORTINET-FORTIGATE-MIB  -IR -Onf fgSysDiskCapacity
.iso.org.dod.internet.private.enterprises.fortinet.fnFortiGateMib.fgSystem.fgSystemInfo.fgSysDiskCapacity

[root@bbb mibs]# snmptranslate -m FORTINET-FORTIGATE-MIB  -IR -On  fgSysDiskCapacity
.1.3.6.1.4.1.12356.101.4.1.7
[root@bbb mibs]#


FortiGate

FortiGate

Cacti