Frequently Asked Questions (FAQ) for the UCD SNMP package ========================================================= FAQ Author: Dave Shield ucd-snmp Project Author: Wes Hardaker Email: ucd-snmp-coders@ece.ucdavis.edu TABLE OF CONTENTS ================= TABLE OF CONTENTS GENERAL What is it? Where can I get it? What documentation is available? Are there binaries available? What operating systems does it run on? What happens if mine isn't listed? How do I find out about new releases? How can I find out what other people are doing? How do I submit a patch or bug report? What's the difference between SNMPv1 and SNMPv2? What are all these different SNMPv2's anyway? Which SNMPv2 is supported in this package? Where can I find more information? AGENT What MIBs are supported? How do I add a MIB? How do I add functionality? What traps are sent by the agent? When I run the agent it runs and then quits without staying around. Why? TECHNICAL How do I write C code to integrate with the agent? What ASN.1 parser is used? How does the agent fetch the value of a variable from the system? What is the Official Slogan of the ucd-snmp-coders list? PROBLEMS How come ever since version 3.2 my mib files are no longer read? What's this about a "party database", when I try to send a query? Why can't I see values in the UCDavis 'extensible' tree? Why can't I see values in the tree? I've done that, and I still can't see the values. Why not? The agent is complaining about 'snmpd.conf'. Where is this? What does "klread: bad address" mean? What does "nlist err: wombat not found" (or similar) mean? How about "Can't open /dev/kmem"? Or "sendto: permission denied" ? I'm using the Perl SNMP module, and get something about "bad free"? I can't load any of the mib files, and they seem to be missing the first two characters of the filename. What's happening? How do I compile with 'gcc' instead of 'cc'? I cannot set any variables in the MIB. Sometimes I seem to get the wrong answers. Why? GENERAL ======= What is it? ---------- - Various tools relating to the Simple Network Management Protocol including: * An extensible agent * An SNMP library * tools to request or set information from SNMP agents * tools to generate and handle SNMP traps * a version of the unix 'netstat' command using SNMP * a Tk/perl interface to the UCD extensions This package is originally based on the Carnegie Mellon University SNMP implementation (version 2.1.2.1) Where can I get it? ------------------ - ftp://ftp.ece.ucdavis.edu/pub/snmp/ucd-snmp.tar.gz - ftp://sunsite.cnlab-switch.ch/mirror/ucd-snmp/ucd-snmp.tar.gz What documentation is available? ------------------------------- This FAQ (!) README INSTALL PORTING EXAMPLE.conf man pages for the individual tools, files and the API Are there binaries available? ---------------------------- - Nope, sorry. The distribution ought to compile cleanly and run on a range of systems (see the next answer). See the file INSTALL for more details. What operating systems does it run on? ------------------------------------- * HP-UX 9.05, 9.03, 9.01 on HPPA 1.1 systems * HP-UX 10.10, 10.01 on HPPA 1.1 systems * Ultrix 4.4, 4.3, 4.2 on DEC MIPS systems * Solaris 2.5, 2.4, 2.3 on Sun SPARC systems * Solaris 2.5 on x86 systems * SunOS 4.1.3, 4.1.3, 4.1.2 on Sun SPARC systems * OSF 3.2, 4.0 on DEC Alpha systems * NetBSD 1.2, 1.1, 1.0 on all? systems * FreeBSD 2.x on all? systems * BSDi 2.1 on all? systems The applications (though not necessarily the agent) run on the following systems: * Linux - all? versions? * Irix 6.2 What happens if mine isn't listed? --------------------------------- It's worth trying anyway, particularly if the system is based around the BSD kernel. If it seems to work correctly, let us know so that we can update the list above. If it doesn't work, let us know and we'll try to help. If the agent almost compiles, but certain files in the agents/mibgroup directory fail, you can try re-running confugure with the flag --with-out-mib-modules="list" to omit particular modules. You'll then need to re-compile. Either way, try it and let us know how you get on (see below for how). How do I find out about new releases? ------------------------------------ There is a mailing list for these announcements ucd-snmp-announce@ece.ucdavis.edu To be added to (or removed from) this list, send a message to the address 'ucd-snmp-announce-request@ece.ucdavis.edu' with a subject line of 'subscribe' (or 'unsubscribe' as appropriate). Major code revisions may be announced more widely (e.g. on the SNMP mailing lists, or comp.protocols.snmp) but this list is the most reliable way to keep in touch with the status of this package. How can I find out what other people are doing? ---------------------------------------------- There is a general purpose discussion list ucd-snmp@ece.ucdavis.edu To be added to (or removed from) this list, send a message to the address 'ucd-snmp-request@ece.ucdavis.edu' with a subject line of 'subscribe' (or 'unsubscribe' as appropriate). There's not a great deal of traffic at the moment, but you can always try to do something about that! How do I submit a patch or bug report? ------------------------------------- There is a script that you can use to submit a bug report. This allow you to describe the problem you're having, and includes various pieces of information about your system that are useful in trying to track down the problem. Alternatively, you can send a message to 'ucd-snmp-coders@ece.ucdavis.edu' containing a description of the problem, and as much other relevant details as you can. Useful information includes the version of the package that you've been working with, the output of the command 'uname -a', the precise command that you've used, and a copy of the output it produces. We can't promise to be able to solve the problem, but we'll certainly try and help. If you're trying to port the package to a new system, the output of the command 'make -k' is a good start. If you're reporting success on a new system, please let us know both details of the hardware you're using, and what versions of the operating system you've tried it on. The entry 'host' in the file 'config.status' will show this information. Oh, and congratulations! What's the difference between SNMPv1 and SNMPv2? ----------------------------------------------- What are all these different SNMPv2's anyway? -------------------------------------------- A full description is probably beyond the scope of this FAQ. Very briefly, practical experience showed up various problems and deficiencies with the original protocol and framework (described in RFCs 1155-1157 and known now as SNMPv1). The revised framework that attempted to address these was described in RFCs 1441-1452, and is known as "SNMPv2 classic". The changes proposed include: * new ways of defining information (MIB structure) (SMI, Textual conventions, conformance statements) * new protocol packet types and transport mappings * new mechanisms for administration and security * mechanisms for remote configuration Unfortunately, while much of these were generally accepted, there is still some disagreement in these last two areas, security/admin and remote configuration. This has resulted in a number of variants and alternative proposals: SNMPv2c Contains the new protocol and MIB structure elements, using the existing SNMPv1 administration structure. This is the agreed SNMPv2 standard (described in RFCs 1901-1908), superseding SNMPv2 classic, and known as "Community-based SNMPv2" or simply "SNMPv2". SNMPv2 usec } Alternative proposals to address the SNMPv2* } limitations of SNMPv1 administration } These are both super-sets of SNMPv2c SNMP-NG The most recent attempt to reach agreement between the proponents of usec and v2star. SNMPv3 The formal successor to SNMP-NG, aiming to produce Proposed Standards for the next generation of core SNMP functions over the next twelve months. Which SNMPv2 is supported in this package? ----------------------------------------- This package currently supports SNMPv2 classic (i.e. RFCs 1441-1452), as that was the version current at the time the package was originally developed. This is now regarded as "historic", and it is hoped to move to SNMPv2c as soon as possible. When an agreed standard for SNMPv3 finally emerges, we would hope to include support for that. Where can I find more information? --------------------------------- A couple of sites with network management information on the WWW are http://netman.cit.buffalo.edu/index.html http://wwwsnmp.cs.utwente.nl/ The newsgroup 'comp.protocols.snmp' has an FAQ (split into two parts) which discusses more general issues related to SNMP, including books, software, other sites, how to get an enterprise number, etc, etc. These are available from ftp://rtfm.mit.edu/pub/usenet/comp.protocols.snmp/ or via either of the two Web sites above. AGENT ===== What MIBs are supported? ----------------------- The following MIBs are supported (at least in part): - MIB-2 General network statistics (RFC 1213) - UCD agent extensions (processes, disks, memory, load average, shell commands, error handling) - SNMPv2 Party MIB (RFC 1447 - now 'historic') - SNMPv2 Manager-to-Manager MIB (RFC 1451 - now 'historic') How do I add a MIB? ------------------ The tools look in a predefined directory (PREFIX/lib/snmp/mibs) and regard any file held there as defining a MIB module or modules to be included. If the agent to be queried supports a particular MIB module, then by placing the relevant file in this directory, all the tools will be able to take advantage of this new information. The UCD agent, however, does not use these MIB text files at all, and will work quite happily without them. (Actually it needs to find the main MIB file, though it doesn't do anything with it!). The values returned by the agent are simple numeric (or string) responses, and the syntax and scope of the variables supported are hard-coded into the implementation. The MIB text files are only used to translate these responses into more meaningful terms. Adding a file to the MIB directory does not automatically extend the functionality of the agent to include this MIB. (Would that life were so simple). See the next question for how to do this. How do I add functionality? -------------------------- Some extra functionality is already provided - in particular the ability to monitor a station for the presence, absence or excess numbers of particular processes, or excessive use of disk space or CPU. More general functionality can be added by providing a command (such as a shell script) to be run and report the necessary information, or perform the required actions. Detailed information and examples are provided in the snmpd(1) and snmpd.conf(5) manual pages, or the EXAMPLE.conf file. Alternatively, the agent itself can be extended to support additional MIB groups (see 'Technical' below). Note that there is effectively no difference between 'pass-through' MIB support, and modules implemented within the agent itself. Tools querying the agent will see a single MIB structure. What traps are sent by the agent? -------------------------------- The agent will send a 'coldStart(0)' trap when it first starts up. The destination to send the trap to, and the community name to use, are set by putting entries in the snmpd.conf file for 'trapsink' and 'trapcommunity' - note that both are required. The agent can also be configured to send 'authenticationFailure(4)' traps when it receives SNMPv1 requests using a community name that is not recognised. This is done with the snmpd.conf entry 'authtrapsenable 1'. When I run the agent it runs and then quits without staying around. Why? ----------------------------------------------------------------------- The normal operation of the agent is to 'fork' itself into the background, detaching itself so that it will continue running even when you log out, and freeing the command line for subsequent use. This looks at first sight as if the agent has died, but using 'ps' to show all processes should reveal that the agent is still running. To prevent this behaviour, such as when attempting to debug the agent, you can start it with the '-f' flag. This suppresses the fork, and the agent will run as a 'normal' command. TECHNICAL ========= How do I write C code to integrate with the agent? ------------------------------------------------- At the moment, the only technique for integrating external C code with the agent (as opposed to using the 'pass-through' shell extensibility mentioned above) is to implement it within the agent itself. The implementation of the agent has recently been re-organised to make it easier to incorporate new MIB groups. The relevant code is held in the directory 'agent/mibgroup', with one file (plus header) per group in most cases. The README file in that directory gives more information as to the structure of these files, and how to add a new group. Contact the list 'ucd-snmp-coders@ece.ucdavis.edu' for further advice. It is hoped to implement some form of proxy mechanism (such as the agentx protocols) once the specification for these have settled. What ASN.1 parser is used? ------------------------- The parser used by both the agent and client programs is coded by hand. The source code can be found in the snmplib directory, and the parser is usually bundled into the library 'libsnmp.a' How does the agent fetch the value of a variable from the system? ---------------------------------------------------------------- Much of the information is extracted from kernel memory - usually by seeking to the appropriate location and reading the structures directly. Some systems provide cleaner interfaces to such kernel information (it would be hard to think of a less clean interface!), via ioctl() calls or similar system routines and these mechanisms are usually used in preference. What is the Official Slogan of the ucd-snmp-coders list? ------------------------------------------------------- "The current implementation is non-obvious and may need to be improved." (with thanks to Rohit Dube) PROBLEMS ======== Why aren't my mib files read in any more? ----------------------------------------- As from version 3.2, the parser has been re-written. One effect of this is that only a specified set of MIB modules are read in by default. This list can be amended by using environmental variables. The value of the environmental variable 'MIBS' will be taken as a list of MIB module names to be read in from the mib directory (which can itself be set using the environmental variable 'MIBDIRS') Additional MIB files can be specified using the environmental variable 'MIBFILES'. Any MIB module required by those listed will also be loaded (as long as it can be found), without needing to be explicitly mentioned. See the 'mib_api(3)' man page for more details. What's this about a "party database", when I try to send a query? ---------------------------------------------------------------- By default, the applications send SNMPv2 (classic) queries. This relies on party configuration information being available. The easiest way to proceed is probably to use SNMPv1 instead. Just give the option "-v 1" to any of the applications. Why can't I see values in the UCDavis 'extensible' tree? ------------------------------------------------------- Why can't I see values in the tree? ----------------------------------------------------------- If you perform an 'snmpwalk' on an agent, without specifying a starting point, it will return just the values in the 'mib-2' tree. The same hold for any of the other tools provided. To examine anything under the 'private.enterprises' branch (or anywhere else in the MIB structure) you will need to specify the full specification, starting from the root of the tree - e.g: .iso.org.dod.internet.private.enterprises.ucdavis Alternatively, by defining the environmental variable PREFIX, the tools can be told to look for non-fully specified objects in a different sub-tree. This can be done by the command (C shell family) setenv PREFIX .iso.org.dod.internet.private.enterprises.ucdavis or (Bourne shell family) PREFIX=.iso.org.dod.internet.private.enterprises.ucdavis export PREFIX after which, the following example should work: snmpwalk -v 1 localhost public processes I've done that, and I still can't see the values. Why not? --------------------------------------------------------- The other possibility is that there is a clash of names somewhere within the MIB tree. Try running the command 'snmptranslate -x zzz' which will inform you of any duplicates. The agent is complaining about 'snmpd.conf'. Where is this? ----------------------------------------------------------- It doesn't exist in the distribution as shipped. You need to create it to reflect your local requirement. To get started, you can either just create this as an empty file, or try copying the EXAMPLE.conf file which will use some of the UCD extensions. See the snmpd.conf(5) manual page for further details. What does "klread: bad address" mean? ------------------------------------- This means that the agent was unable to extract some of the necessary information from the kernel structures. This is possibly due to: - either looking in the wrong place for kernel information (check the value of KERNEL_LOC) - an error in the implementation of part of the MIB tree for that architecture. Try and identify which OID is generating the error, and contact the list 'ucd-snmp-coders@ece.ucdavis.edu' What does "nlist err: wombat not found" (or similar) mean? ---------------------------------------------------------- This means that the agent wasn't able to locate one of the kernel structures it was looking for. This may or may not be important - some systems provide alternative mechanisms for obtaining the necessary information - Solaris, for example, can produce a whole slew of such messages, but still provide the correct information. This error only occurs if you have used the flag '--enable-debugging' as part of the initial configuration. Reconfigure the agent with '--disable-debugging' and these messages will disappear. How about "Can't open /dev/kmem"? -------------------------------- This device is normally restricted to just being accessible by root (or possibly by a special group such as 'kmem' or 'sys'). The agent must be able to read this device to obtain the necessary information about the running system. Check that the agent was started by root, and is running with UID 0 (or suitable GID if appropriate) Or "sendto: permission denied"? ------------------------------ This was due to a minor problem in setting network addresses, which has now been fixed. If you are seeing this error, please install the most recent version of the UCD snmp tools. I'm using the Perl SNMP module, and get something about "bad free"? ------------------------------------------------------------------ This problem has also been fixed in the most recent release of the UCD SNMP tools. In general, if you experience any problem like this, try checking to see if there's a newer release first. I can't load any of the mib files, and they seem to be missing the first two characters of the filename. What's happening? ----------------------------------------------------------- This is a problem experienced with Sun systems when the tools have been compiled with a mixture of BSD and Solaris environments. You'll need to re-configure and compile the tools, making sure that '/usr/ucb' is not in your PATH (or at least comes at the end). How do I compile with 'gcc' instead of 'cc'? ------------------------------------------- Set the environmental variable 'CC' to have the value 'gcc' before running the configure script. I cannot set any variables in the MIB. ------------------------------------- There are three possible reasons for this: The majority of MIB variables are "read-only" and cannot be changed. Of those that can legitimately be set, many of them have not been implemented in the agent - most of those that can are contained within the 'system' sub-tree, relating to general contact information. With the distribution as shipped, the community name "private" must be used to set these values. This can be changed by setting the second community string (via the snmpd.conf entry "community 2 newstring"). Note that the community string "public" can *not* be used to set variables. Sometimes I seem to get the wrong answers. Why? ----------------------------------------------- Many of the variables in the basic MIB-2 tree require information that is not easily available in the common Unix kernels. In the absence of anything better, the agent returns hardwired 'null' values. The items affected are: interface.ifType other(1) interface.ifSpeed 1 interface.ifLastChange 0 interface.ifInNUCastPkts 0 interface.ifInDiscards 0 interface.ifInUnknownProtos 0 interface.ifOutNUCastPkts 0 interface.ifSpecific Null OID ip.ipInUnknownProtos 0 ip.ipInDiscards 0 ip.ipOutRequests 0 ip.ipOutDiscards 0 ip.ipFragOKs 0 ip.ipFragFails 0 ip.ipFragCreates 0 ip.ipRouteDiscards 0 ipAddrEntry.ipAdEntReasmMaxSize -1 ipRouteEntry.ipRouteAge 0 tcp.tcpMaxConn -1 tcp.tcpOutRsts 0 udp.udpInDatagrams 0 udp.udpNoPorts 0 udp.udpOutDatagrams 0 The following variables have 'likely guess' values, that are not necessarily strictly accurate. The SNMP protocol standards (RFCs 1157 and 1905) could actually be taken to imply that the agent should return a 'genErr' in these cases. interface.ifInOctets guess based on # of packets interface.ifInUCastPkts includes non-unicast packets interface.ifOutOctets guess based on # of packets interface.ifOutUCastPkts includes non-unicast packets ip.ipInDelivers Doesn't handle fragments properly ip.ipReasmOKs Assumes fragments are complete datagrams ipRouteEntry.ipRouteProto local(2) or icmp(4) tcp.tcpRtoAlgorithm vanJ(4) (probably correct!) The following variables are simply not implemented according to specification tcp.tcpAttemptFails } actually counting tcp.tcpEstabResets } something different tcp.tcpOutResets } Some systems may return the correct information for these values. Systems that are known to have corrected some of these values are as follows: * FreeBSD & BSDi provide correct interface statistics * Solaris & HP-UX provide correct statistics throughout