Date created: Monday, April 29, 2013 2:12:28 PM. Last modified: Tuesday, September 19, 2017 12:03:05 PM

SNMP Extend

In /etc/snmp/snmpd.conf add an `extend` option as below to run the script check_health.sh when the SNMP value `checkhealh` is queried:

...
group MyROGroup v2c        readonly
view all    included  .1 
extend checkhealth /path/to/scripts/check_health.sh
access MyROGroup ""      any       noauth    exact  all    none   none
...

Don't forget to restart snmpd! The snmp query would look like this;

snmpget -c C0mMun17y -v 2c 192.0.2.5 'NET-SNMP-EXTEND-MIB::nsExtendOutputFull."checkhealth"'
NET-SNMP-EXTEND-MIB::nsExtendOutputFull."checkhealth" = STRING: OK

Could also use nsExtendOutput1Line, nsExtendOutNumLines and nsExtendResult. The response looks like this from the client;

 sudo tcpdump -nlAS -s 0 -vvv -i eth1 udp port 161
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:11:14.149664 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 91)
    172.22.0.222.49553 > 192.0.2..161: [bad udp cksum 0xe7f5 -> 0x4005!]  { SNMPv2c C=C0mMun17y { GetRequest(43) R=133510695  .1.3.6.1.4.1.8072.1.3.2.3.1.2.11.99.104.101.99.107.104.101.97.108.116.104 } } 
E..[..@.@.R.....Y........G..0=.....C0mMun17y.+....6'......0.0...+............	checkhealth..

14:11:15.080660 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto UDP (17), length 93)
    192.0.2..161 > 172.22.0.222.49553: [udp sum ok]  { SNMPv2c C=C0mMun17y { GetResponse(45) R=133510695  .1.3.6.1.4.1.8072.1.3.2.3.1.2.11.99.104.101.99.107.104.101.97.108.116.104="OK" } } 
E..]..@.<.V.Y............I..0?.....C0mMun17y.-....6'......0.0...+............	checkhealth..OK
 

Entries in `viduso` to allow the snmp user to run commands in scritps without `sudo`;

# Cmnd alias specification
Cmnd_Alias CAT = /bin/cat
# User privilege specification
snmp ALL=CAT NOPASSWD: CAT