:.: snmp & snmpd
Hi there, this little log entry is about these fellows snmp(1), snmpd(8), snmpd.conf(5), you have them in OpenBSD's base and you can get a lot of information of your system with them.
For monitoring and alerts I usually use Zabbix but as a minimalist I like to keep it simple and easy for my home servers or small ones where I don't need so much information and alerts.
As I always tell you I am not gonna explain the protocol or go deep into it, for that you have the official documentation, RFC and man pages, what I will do is to explain a bit how to setup snmpd(8) and make it work to gather information about the system, after that with that information rrdtool ($ doas pkg_add rrdtool) and some free time you will be able to make some nice graphs about the information, like this:
As almost all the daemons on OpenBSD you can get a .conf example file for it inside the directory /etc/examples, so let's copy the example into our /etc and make some adjustments to make it work:
$ doas cp /etc/examples/snmpd.conf /etc
$ doas cat /etc/snmpd.conf
listen on 127.0.0.1 snmpv2c snmpv3
read-only community MWgp3MWbD2khaYnwy2B
user "gonzalo" auth hmac-sha1 authkey "password123" enc aes enckey "password123"
system contact "gonzalo"
system description "Powered by OpenBSD"
system location "Rack A1, Room 666"To break it up a little bit, listen on 127.0.0.1 snmpv2c snmpv3 - we make snmpd(8) listen on localhost using the version 2 and 3 of the Simple Network Management Protocol (SNMP), we create a community with a hash (or password) for it, user "gonzalo" auth hmac-sha1 authkey "password123" enc aes enckey "password123" - we create a username and passwords for it (this is only need it when we use version 3, if you plan to just use version 2, can skip it), and the rest is just some random info of the server to identify it, let's start the daemon and play with it:
$ doas snmpd -n -v
configuration ok
$ doas rcctl enable snmpd
$ doas rcctl start snmpdConfiguration OK, we enable on boot time and started the daemon, now playtime, I will gather the server information, and then list my network interfaces, with those basic ones you will be able to play later with other values and get the proper information you need.
Using version 3 (with encryption) without specifying any oid, snmp(1) will use mib-2 (.1.3.6.1.2.1) as default:
$ doas snmp walk -v 3 -c MWgp3MWbD2khaYnwy2B -a SHA -A password123 -l authPriv -u gonzalo -X password123 127.0.0.1 | head
sysDescr.0 = STRING: Powered by OpenBSD
sysObjectID.0 = OID: localSystem.1
sysUpTime.0 = Timeticks: (478374) 1:19:43.74
sysContact.0 = STRING: gonzalo
sysName.0 = STRING: tomato
sysLocation.0 = STRING: Rack A1, Room 666
sysORLastChange.0 = Timeticks: (0) 0:00:00.00Using version 2 we can specified for example ifName and get all the network interfaces in the system:
$ doas snmp walk -v 2c -c MWgp3MWbD2khaYnwy2B 127.0.0.1 ifName
ifName.1 = STRING: iwm0
ifName.2 = STRING: enc0
ifName.3 = STRING: lo0
ifName.4 = STRING: veb64
ifName.5 = STRING: veb65
ifName.6 = STRING: vport64
ifName.7 = STRING: vport65
ifName.8 = STRING: wg0
ifName.9 = STRING: wg1
ifName.10 = STRING: wg2
ifName.11 = STRING: lo1
ifName.12 = STRING: pflog0
ifName.16 = STRING: tun0Cute, now let's see the in/out of iwm0 (ifName.1 = STRING: iwm0), so we can create a graph like this:
$ doas snmp walk -v 2c -c MWgp3MWbD2khaYnwy2B 127.0.0.1 ifInOctets.1
ifInOctets.1 = Counter32: 1101795968
$ doas snmp walk -v 2c -c MWgp3MWbD2khaYnwy2B 127.0.0.1 ifOutOctets.1
ifOutOctets.1 = Counter32: 99789498Nice isn't it? So you learn how to configure this cool service and use it over version 2 and 3 and gather information of your system, now go and make some nice graphs with all that information!.