Provided by: munin-doc_2.0.19-3ubuntu0.3_all 
NAME
Munin::Plugin::SNMP - Net::SNMP subclass for Munin plugins
SYNOPSIS
The Munin::Plugin::SNMP module extends Net::SNMP with methods useful for Munin plugins.
SNMP CONFIGURATION
SNMP plugins (that use this module) share a common configuration interface implemented in
the function session(). Please see the documentation for that function for complete
instructions and examples on how to configure SNMP. The documentation is located there to
ensure that it is up to date and matches the code.
DEBUGGING
Additional debugging messages can be enabled by setting $Munin::Plugin::SNMP::DEBUG,
$Munin::Plugin::DEBUG, or by exporting the "MUNIN_DEBUG" environment variable before
running the plugin (by passing the "--pidebug" option to "munin-run", for instance).
METHODS
config_session() - Decode environment to get the needed plugin configuration parameters
($host, $port, $version, $tail) = Munin::Plugin::SNMP->config_session();
This is a convenience function for the "config" part of the plugin - it decodes the
environment/plugin name to retrieve the information needed in the configuration phase. It
returns a 4 tuple consisting of:
1) the host name
2) the UDP port to use
3) the SNMP version to use (3 for version 3, 2 for version 1 or 2c)
4) the tail of the plugin name: whatever is left of the plugin name after "snmp_<host>_".
The tail can be interesting for the "fetch" part of the plugin as well.
session([optional Net::SNMP options]) - create new Munin::Plugin::SNMP object
$session = Munin::Plugin::SNMP->session();
This method overrides the Net::SNMP constructor to get the connection information from the
plugin name and/or environment. Please note that no error string is returned. The
function handles errors internally - giving a error message and calling die. Calling die
is the right thing to do.
The host name is taken from the plugin symlink, which must be on the form
"snmp[v3]_<hostname>_<plugin_name>[_args]".
The "v3" form is taken to mean that SNMPv3 is to be used. It is also a name trick
providing a separate "namespace" for devices that use SNMPv3 so it can be configured
separately in munin/plugin-conf.d/ files. E.g.:
[snmp_*]
env.version 2
env.community public
[snmpv3_*]
env.v3username snmpoperator
env.v3authpassword s3cr1tpa55w0rd
See below for how to configure for each different case. The first case above shows
Munin's default configuration.
NOTE: munin-node-configure does not yet utilize the "v3" thing.
The following environment variables are consulted:
"env.host"
If the plugin name (symlink) does not contain the host name this is used as the host
name to connect to.
The host name must be specified, but is usually specified in the plugin name. If the
hostname somehow does not resolve in DNS (or the hosts file) it is possible to do
this:
[snmp_*]
env.version 2c
env.community floppa
[snmp_switch1.langfeldt.net]
env.host 192.168.2.45
[snmp_switch2.langfeldt.net]
env.host 192.168.2.46
"env.port"
The port to connect to. Default 161.
"env.timeout"
The timeout in seconds to use. Default 5.
"env.version"
The SNMP version to use for the connection. One of 1, 2, 3, snmpv1, snmpv2c or snmpv3.
SNMP v2 is better as it supports bulk operations. Therefore 2 is the default in
"Munin::Plugin::SNMP". If your device supports v3 that may be even better as it
supports proper security - but the encryption may slow things down.
Security is handled differently for versions 1/2c and 3. See below.
SNMP 1/2c authentication
"env.community"
The community name for version 1 and 2c agents. The default is 'public'. If this
works your device is probably very insecure and needs a security checkup.
SNMP 3 authentication
SNMP v3 has three security levels. Lowest is "noAuthNoPriv", which provides neither
authentication nor encryption. If a username and "authpassword" are given it goes up
to "authNoPriv", and the connection is authenticated. If "privpassword" is given the
security level becomes "authPriv" - the connection is authenticated and encrypted.
Note: Encryption can slow down slow or heavily loaded network devices. For most uses
"authNoPriv" will be secure enough -- the password is sent over the network encrypted
in any case.
"Munin::Plugin::SNMP" does not support ContextEngineIDs and such for
authentication/privacy. If you see the need and know how it should be done please
send patches!
For further reading on SNMP v3 security models please consult RFC3414 and the
documentation for Net::SNMP.
If version is set to 3 or snmpv3 the following variables are used to define
authentication:
"env.v3username"
Username. There is no default.
"env.v3authpassword"
Authentication password. Optional when encryption is also enabled, in which case
defaults to the privacy password ("env.v3privpassword"). The password is sent
encrypted (one way hash) over the network.
"env.v3authprotocol"
Authentication protocol. One of 'md5' or 'sha' (HMAC-MD5-96, RFC1321 and
SHA-1/HMAC-SHA-96, NIST FIPS PIB 180, RFC2264). The default is 'md5'.
"env.v3privpassword"
Privacy password to enable encryption. An empty ('') password is considered as no
password and will not enable encryption.
Privacy requires a v3privprotocol as well as a v3authprotocol and a
v3authpassword, but all of these are defaulted (to 'des', 'md5', and the
v3privpassword value, respectively) and may therefore be left unspecified.
"env.v3privprotocol"
If the v3privpassword is set this setting controls what kind of encryption is used
to achieve privacy in the session. Only the very weak 'des' encryption method is
supported officially. The default is 'des'.
The implementing perl module (Net::SNMP) also supports '3des' (CBC-3DES-EDE aka
Triple-DES, NIST FIPS 46-3) as specified in IETF draft-reeder-snmpv3-usm-3desede.
Whether or not this works with any particular device, we do not know.
get_hash() - retrieve a table as a hash of hashes
$result = $session->get_hash(
[-callback => sub {},] # non-blocking
[-delay => $seconds,] # non-blocking
[-contextengineid => $engine_id,] # v3
[-contextname => $name,] # v3
-baseoid => $oid,
-cols => \%columns
);
This method transforms the -baseoid and -cols to a array of -columns and calls
"get_entries()" with all the other arguments. It then transforms the data into a hash of
hashes in the following manner:
The keys of the main hash are the last element(s) of the OIDs, after $oid and the matching
keys from %columns are removed. The values are hashes with keys corresponding to the
values of %columns hash and values from the subtables corresponding to the keys of
%columns.
For this to work, all the keys of "-cols" must have the same number of elements. Also,
don't try to specify a next-to-next-to-leaf-node baseoid, the principle it breaks both
"get_entries" and the logic in "get_hash".
If (all) the OIDs are unavailable a defined but empty hashref is returned.
Example:
$session->get_hash(
-baseoid => '1.3.6.1.2.1.2.2.1', # IF-MIB
-cols => {
1 => 'index',
2 => 'descr',
4 => 'mtu',
}
);
given the following SNMP table:
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifDescr.1 = STRING: lo0
IF-MIB::ifDescr.2 = STRING: lna0
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.1 = INTEGER: 32768
IF-MIB::ifMtu.2 = INTEGER: 1500
...
will return a hash like this:
'1' => {
'index' => '1',
'mtu' => '32768',
'descr' => 'lo0'
},
'2' => {
'index' => '2',
'descr' => 'lna0',
'mtu' => '1500'
}
get_single() - Retrieve a single value by OID
$uptime = $session->get_single("1.3.6.1.2.1.1.3.0") || 'U';
If the call fails to get a value the above call sets $uptime to 'U' which Munin interprets
as "Undefined" and handles accordingly.
If you stop to think about it you should probably use "get_hash()" (it gets too much, but
is good for arrays) or "get_entries()" - it gets exactly what you want, so you mus
get_by_regex() - Retrive table of values filtered by regex applied to the value
This example shows the usage for a netstat plugin.
my $tcpConnState = "1.3.6.1.2.1.6.13.1.1.";
my $connections = $session->get_by_regex($tcpConnState, "[1-9]");
It gets all OIDs based at $tcpConnState and only returns the ones that contain a number in
the value.
TODO
Lots.
BUGS
Ilmari wrote: "get_hash()" doesn't handle tables with sparse indices.
Nicolai Langfeldt: Actually I think it does.
SEE ALSO
Net::SNMP
AUTHOR
Dagfinn Ilmari Mannsaaker, Nicolai Langfeldt Rune Nordboe Skillingstad added timeout
support.
COPYRIGHT/License.
Copyright (c) 2004-2009 Dagfinn Ilmari Mannsaaker and Nicolai Langfeldt.
All rights reserved. This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by the Free Software
Foundation; version 2 dated June, 1991.
POD ERRORS
Hey! The above document had some coding errors, which are explained below:
Around line 545:
Non-ASCII character seen before =encoding in 'Mannsaaker,'. Assuming UTF-8