Getting Data In
Highlighted

snmpget, snmptrap - Splunk and SNMP polling

Path Finder

I am looking for resources on how to poll e.g. Cisco ASA firewalls via snmp (snmpget) from Splunk. I would like to pull things like interface usage, RAM usage, CPU usage etc, anything that can be gathered via SNMP.

Is it something along the lines of scripting snmpgets, writing output into a file on the splunk server and then pulling the data out?

Does anyone have any good examples for this?

Highlighted

Re: snmpget, snmptrap - Splunk and SNMP polling

SplunkTrust
SplunkTrust

I don't have a good example, but yes it's fundamentally how you describe it - define a scripted input into Splunk that runs your script to do the various snmpget commands and format their output.

One thing to consider might be that Cisco has always been a little skimpy in their PIX/ASA MIBS. The stuff you're looking for might not be available via SNMP - but you could always resort to something like expect.

Highlighted

Re: snmpget, snmptrap - Splunk and SNMP polling

Path Finder

I could need some pointers on how to do that, tbh. Thanks.

0 Karma
Highlighted

Re: snmpget, snmptrap - Splunk and SNMP polling

SplunkTrust
SplunkTrust

This is something that I'll try to look into when I have time.

0 Karma
Highlighted

Re: snmpget, snmptrap - Splunk and SNMP polling

Champion

Here is a simple quick and dirty prototype of an snmp manager I've written using pysnmp.


from pysnmp.entity import engine, config
from pysnmp.carrier.asynsock.dgram import udp
from pysnmp.entity.rfc3413 import cmdgen
from pysnmp.smi import builder, view, error
from time import localtime, strftime
import sys, os

parses response from getoidval

def cbFun(sendRequestHandle, errorIndication, errorStatus, errorIndex,varBinds, cbCtx):
cbCtx['errorIndication'] = errorIndication
cbCtx['errorStatus'] = errorStatus
cbCtx['varBinds'] = varBinds
return 1 # will countine if using bulk or next

gets oid and value

def getoidval(agentname, params, communitystr, targetadd, targetport, targetoid):
snmpEngine = engine.SnmpEngine()
#transport and snmpv2 setup
config.addV1System(snmpEngine, agentname, communitystr)
config.addTargetParams(snmpEngine, params, agentname, 'noAuthNoPriv', 1)
config.addTargetAddr( snmpEngine, targetname, config.snmpUDPDomain,(targetadd, targetport), params)
config.addSocketTransport(snmpEngine,config.snmpUDPDomain,udp.UdpSocketTransport().openClientMode())

#test = cmdgen.NextCommandGenerator().sendReq(snmpEngine, targetname, ((targetoid, None),), cbFun)
cbCtx = {}
cmdgen.GetCommandGenerator().sendReq(snmpEngine, targetname, ((targetoid, None),), cbFun, cbCtx)

snmpEngine.transportDispatcher.runDispatcher()
return  cbCtx

generates tsv file for all oid give for target

def gensnmbtsv(agentname, params, communitystr, targetadd, targetport, lstoid,basepath, filename):
mibView = view.MibViewController(mibBuilder)
lstreturn = []
localdate = strftime("_%Y-%m%d", localtime())
timestamp = strftime("%Y-%m-%d\t%H:%M\t",localtime())
header = 'date time\t'
value = timestamp
tsvname = basepath + filename + localdate + '.tsv'
errname= basepath + filename + 'Err.log'
for targetoid in lstoid:

dictoidval = {}
returnoid = getoidval(agentname, params, communitystr, targetadd, targetport, targetoid)
if returnoid['errorIndication']:
errfile = open(errname, 'a')
errfile.write(timestamp+str(returnoid['errorIndication']) + '\n')
print str(returnoid['errorIndication'])
errfile.close()
sys.exit(12)
elif returnoid['errorStatus']:
errfile = open(errname, 'a')
errfile.write(timestamp+str(returnoid['errorStatus']) + '\n')
print str(returnoid['errorStatus'])
errfile.close()
sys.exit(12)
else:
try:
oid, labels, suffix = mibView.getNodeName(returnoid['varBinds'][0][0])
dictoidval[labels[-1]] = str(returnoid['varBinds'][0][1])
lstreturn.append(dictoidval)
except:
print 'Unable to find label associated with oid. Make sure you have loaded all necessary .py MIB definitions. This can done by using builder.MibBuilder().loadModules.'
sys.exit(12)
for i in range(len(lstreturn)):
header += lstreturn[i].keys()[0] + '\t'
value += lstreturn[i].values()[0] + '\t'
tsvfile = basepath + filename + localdate
if not (os.path.exists(tsvname)):
tsvfile =open(tsvname, 'w')
tsvfile.write(header.lower() + '\n' + value +'\n')
tsvfile.close()
else:
tsvfile =open(tsvname, 'a')
tsvfile.write(value + '\n')
tsvfile.close()

Main

########################

Set alternative location of mib sources and loads mibs

mibsource = '<pysnmpMibDir>/mib'
mibBuilder = builder.MibBuilder()
mibPath = mibBuilder.getMibSources() + (builder.DirMibSource(mibsource),)
mibBuilder.setMibSources(*mibPath)
mibBuilder.loadModules('MSFT-MIB','WINDOWS-NT-PERFORMANCE','SNMPv2-TC','RFC1213-MIB','RFC1155-SMI','RFC1158-MIB','RFC1354-MIB','MSFT-MIB','WINS-MIB','InternetServer-MIB','HTTPSERVER-MIB')

agentname = ''
params = ''
targetname = ''
communitystr = ''
targetadd = ''
targetport = 161
lstoid = ['1.3.6.1.4.1.311.1.7.3.1.14.0',
'1.3.6.1.4.1.311.1.7.3.1.15.0',
'1.3.6.1.4.1.311.1.7.3.1.16.0',
'1.3.6.1.4.1.311.1.7.3.1.17.0',
'1.3.6.1.4.1.311.1.7.3.1.18.0',]
basepath = '<script path/python/snmp/>' # Where error and out put wil be placed
filename = '<somename>' # file will be a tsv with current data appended

gensnmbtsv(agentname, params, communitystr, targetadd, targetport, lstoid,basepath, filename)

sys.exit(0)

Highlighted

Re: snmpget, snmptrap - Splunk and SNMP polling

Ultra Champion