This isn't exactly esoteric science but at least for me it has been too hard and I've rather looked up OIDs manually, which makes little sense in the long run.
NET-SNMP
First of all, you probably want to set system wide version and community, so you never need to type them on snmpbulkwalk
# cat /etc/snmp/snmp.conf
defVersion 2c
defCommunity supersecret
#
Also I prefer to have vendor MIBs for my user only, as I might want to load lot of them, which will give lot of warnings, which other users may not want.
# cat ~/.snmp/snmp.conf
mibs +ALL
#
Instead of +ALL you could add named MIBs which to load, ~/.snmp/mibs/ directory is searched for users MIBs. You could start by uncompressing ftp://ftp.cisco.com/pub/mibs/v2/v2.tar.gz there. Now you should be able to snmpbulkwalk router by giving just its name, no version, no community and OIDs should be resolved.
WIRESHARK/TSHARK
To me this is more useful than net-snmp, to lab what type of traps router would send and in what situation. For some weird reason wireshark/tshark doesn't honour net-snmp settings, but needs its own settings.
# cat ~/.wireshark/prefefences
name_resolve: mtC
name_resolve_load_smi_modules: TRUE
snmp.display_oid: TRUE
snmp.desegment: TRUE
snmp.var_in_tree: TRUE
# cat ~/.wireshark/smi_paths
"/home/WINRARISU/.snmp/mibs"
# cat ~/.wireshark/smi_modules
"IP-MIB"
"IF-MIB"
"TCP-MIB"
"UDP-MIB"
"SNMPv2-MIB"
"RFC1213-MIB"
"IPV6-ICMP-MIB"
"IPV6-MIB"
"SNMP-COMMUNITY-MIB"
"SNMP-FRAMEWORK-MIB"
"SNMP-MPD-MIB"
"SNMP-NOTIFICATION-MIB"
"SNMP-PROXY-MIB"
"SNMP-TARGET-MIB"
"SNMP-USER-BASED-SM-MIB"
"SNMP-USM-DH-OBJECTS-MIB"
"SNMP-VIEW-BASED-ACM-MIB"
"BGP4-MIB"
"CISCO-BGP4-MIB"
"MPLS-LDP-CAPABILITY"
"MPLS-LDP-GENERIC-STD-MIB"
"MPLS-LDP-STD-MIB"
"CISCO-IETF-ISIS-CAPABILITY"
"CISCO-IETF-ISIS-MIB"
#
Now 'tshark port snmp-trap or port snmp' should happily display resolved names as well. To decide which MIBs to add in smi_modules you can use 'snmptranslate OID' to translate given OID to its symbolic name for easy grep against your MIB dir.
No comments:
Post a Comment