parses response from getoidval

splunker30039 · ‎04-13-2011

I am looking for resources on how to poll e.g. Cisco ASA firewalls via snmp (snmpget) from Splunk. I would like to pull things like interface usage, RAM usage, CPU usage etc, anything that can be gathered via SNMP.

Is it something along the lines of scripting snmpgets, writing output into a file on the splunk server and then pulling the data out?

Does anyone have any good examples for this?

Damien_Dallimor · ‎05-28-2013

Check out this new add-on : http://splunk-base.splunk.com/apps/88686/snmp-modular-input

bmacias84 · ‎09-20-2012

Here is a simple quick and dirty prototype of an snmp manager I've written using pysnmp.



from pysnmp.entity import engine, config

from pysnmp.carrier.asynsock.dgram import udp

from pysnmp.entity.rfc3413 import cmdgen

from pysnmp.smi import builder, view, error

from time import localtime, strftime

import sys, os

parses response from getoidval

def cbFun(sendRequestHandle, errorIndication, errorStatus, errorIndex,varBinds, cbCtx):
cbCtx['errorIndication'] = errorIndication
cbCtx['errorStatus'] = errorStatus
cbCtx['varBinds'] = varBinds
return 1 # will countine if using bulk or next

gets oid and value

def getoidval(agentname, params, communitystr, targetadd, targetport, targetoid):
snmpEngine = engine.SnmpEngine()
#transport and snmpv2 setup
config.addV1System(snmpEngine, agentname, communitystr)
config.addTargetParams(snmpEngine, params, agentname, 'noAuthNoPriv', 1)
config.addTargetAddr( snmpEngine, targetname, config.snmpUDPDomain,(targetadd, targetport), params)
config.addSocketTransport(snmpEngine,config.snmpUDPDomain,udp.UdpSocketTransport().openClientMode())

#test = cmdgen.NextCommandGenerator().sendReq(snmpEngine, targetname, ((targetoid, None),), cbFun)
cbCtx = {}
cmdgen.GetCommandGenerator().sendReq(snmpEngine, targetname, ((targetoid, None),), cbFun, cbCtx)

snmpEngine.transportDispatcher.runDispatcher()
return  cbCtx

generates tsv file for all oid give for target

def gensnmbtsv(agentname, params, communitystr, targetadd, targetport, lstoid,basepath, filename):
mibView = view.MibViewController(mibBuilder)
lstreturn = []
localdate = strftime("_%Y-%m%d", localtime())
timestamp = strftime("%Y-%m-%d\t%H:%M\t",localtime())
header = 'date time\t'
value = timestamp
tsvname = basepath + filename + localdate + '.tsv'
errname= basepath + filename + 'Err.log'
for targetoid in lstoid:

dictoidval = {}
returnoid = getoidval(agentname, params, communitystr, targetadd, targetport, targetoid)
if returnoid['errorIndication']:
errfile = open(errname, 'a')
errfile.write(timestamp+str(returnoid['errorIndication']) + '\n')
print str(returnoid['errorIndication'])
errfile.close()
sys.exit(12)
elif returnoid['errorStatus']:
errfile = open(errname, 'a')
errfile.write(timestamp+str(returnoid['errorStatus']) + '\n')
print str(returnoid['errorStatus'])
errfile.close()
sys.exit(12)
else:
try:
oid, labels, suffix = mibView.getNodeName(returnoid['varBinds'][0][0])
dictoidval[labels[-1]] = str(returnoid['varBinds'][0][1])
lstreturn.append(dictoidval)
except:
print 'Unable to find label associated with oid. Make sure you have loaded all necessary .py MIB definitions. This can done by using builder.MibBuilder().loadModules.'
sys.exit(12)
for i in range(len(lstreturn)):
header += lstreturn[i].keys()[0] + '\t'
value += lstreturn[i].values()[0] + '\t'
tsvfile = basepath + filename + localdate
if not (os.path.exists(tsvname)):
tsvfile =open(tsvname, 'w')
tsvfile.write(header.lower() + '\n' + value +'\n')
tsvfile.close()
else:
tsvfile =open(tsvname, 'a')
tsvfile.write(value + '\n')
tsvfile.close()

Main

########################

Set alternative location of mib sources and loads mibs

mibsource = '<pysnmpMibDir>/mib'
mibBuilder = builder.MibBuilder()
mibPath = mibBuilder.getMibSources() + (builder.DirMibSource(mibsource),)
mibBuilder.setMibSources(*mibPath)
mibBuilder.loadModules('MSFT-MIB','WINDOWS-NT-PERFORMANCE','SNMPv2-TC','RFC1213-MIB','RFC1155-SMI','RFC1158-MIB','RFC1354-MIB','MSFT-MIB','WINS-MIB','InternetServer-MIB','HTTPSERVER-MIB')

agentname = ''
params = ''
targetname = ''
communitystr = ''
targetadd = ''
targetport = 161
lstoid = ['1.3.6.1.4.1.311.1.7.3.1.14.0',
'1.3.6.1.4.1.311.1.7.3.1.15.0',
'1.3.6.1.4.1.311.1.7.3.1.16.0',
'1.3.6.1.4.1.311.1.7.3.1.17.0',
'1.3.6.1.4.1.311.1.7.3.1.18.0',]
basepath = '<script path/python/snmp/>' # Where error and out put wil be placed
filename = '<somename>' # file will be a tsv with current data appended

gensnmbtsv(agentname, params, communitystr, targetadd, targetport, lstoid,basepath, filename)

sys.exit(0)

dwaddle · ‎04-13-2011

I don't have a good example, but yes it's fundamentally how you describe it - define a scripted input into Splunk that runs your script to do the various snmpget commands and format their output.

One thing to consider might be that Cisco has always been a little skimpy in their PIX/ASA MIBS. The stuff you're looking for might not be available via SNMP - but you could always resort to something like expect.

dwaddle · ‎04-14-2011

This is something that I'll try to look into when I have time.

splunker30039 · ‎04-14-2011

I could need some pointers on how to do that, tbh. Thanks.

snmpget, snmptrap - Splunk and SNMP polling

parses response from getoidval

gets oid and value

generates tsv file for all oid give for target

Main

########################

Set alternative location of mib sources and loads mibs

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...