BLOG     |     FORUM
Work with output from snmpwalk

Convert snmpwalk to mib browserSNMPWALK is one of the main tools used by a network engineer to troubleshoot behavior or verify configuration of devices. The output however is pretty hard to understand. In this article, we will talk about how Unbrowse SNMP makes the task of working with SNMPWALK dumps much easier. Snmpwalk is a command line utility available on almost all router platforms. A standalone version is also available for free from the excellent Net-SNMP project.

 

You may also want to check out this 5-min screencast !


Lexicographic ordering in SNMP

First, a few words about how OIDs are ordered in the SNMP protocol. If you already know this you can skip this section. SNMP aware devices store information related to their configuration and performance in a tree structure called the Management Information Base or in short MIB. Each node in the tree is uniquely identified by an object identifier or OID. The OIDs are just strings of numbers like .1.3.6.1.2.1.1.3 or .1.3.6.1.4.1.2636.3.34.1.2. Just as words can be ordered alphabetically, OIDs are ordered lexicographically. This means that given two OIDs, we start by comparing each digit from left to right, if at any position the numbers are not equal, the OID corresponding to the larger number is declared to be lexicographically greater. If  all numbers compared are equal, but one OID is longer than the other, the longer OID is lexicographically greater.  The GETNEXT command retrieves the next lexicographically higher object from the device. The SNMPWALK is built on top of the basic GETNEXT command.

 

What does the SNMPWALK command do ?

The SNMPWALK command is used to retrieve a MIB subtree and print the results to the console. In reality, there is no "WALK" operation defined in the SNMP protocol. The SNMPWALK actually tool uses a series of GETNEXT requests in a loop. The first iteration of GETNEXT uses the OID supplied on the command line, all  subsequent GETNEXTs use the OID contained in the previous response. The loop stops if the returned OID in the response is outside the subtree of the original OID or the end of MIB is reached.

Sample outputs

$snmpwalk -v 1 -c public123 localhost .1.3.6.1
sysDescr.0 = STRING: Software: Whistler Version 5.1 Service Pack 2 (Build 2600)
sysObjectID.0 = OID: win32
sysUpTimeInstance = Timeticks: (15535) 0:02:35.35
sysContact.0 = STRING: unknown
sysName.0 = STRING: UDLDEV
sysLocation.0 = STRING: unknown
sysServices.0 = INTEGER: 72
sysORID.4 = OID: snmpMPDCompliance

The problem with the output

A lot of network administrators have to deal with raw snmpwalk outputs such as the ones shown above. This causes a lot of aggravation for the following reasons.

  • Hard to visualize especially for MIB tables, because we are trying to visualize a two dimensional table using a one dimensional dump of text output.
  • If the snmpwalk output contains OIDs instead of names, then we are completely lost.
  • We cannot easily navigate to the definition of each node or look at the textual convention or type of the value.
  • A graphical table is better than plain text !

Example :  Walk the HOST-RESOURCE mib disk partition table

This is the raw output from the snmpwalk command

.1.3.6.1.2.1.25.3.7.1.1.1537.1 = INTEGER: 1
.1.3.6.1.2.1.25.3.7.1.1.1537.2 = INTEGER: 2
.1.3.6.1.2.1.25.3.7.1.1.1537.3 = INTEGER: 3
.1.3.6.1.2.1.25.3.7.1.2.1537.1 = STRING: "/dev/hdb1"
.1.3.6.1.2.1.25.3.7.1.2.1537.2 = STRING: "/dev/hdb2"
.1.3.6.1.2.1.25.3.7.1.2.1537.3 = STRING: "/dev/hdb3"
.1.3.6.1.2.1.25.3.7.1.3.1537.1 = STRING: "0x341"
.1.3.6.1.2.1.25.3.7.1.3.1537.2 = STRING: "0x342"
.1.3.6.1.2.1.25.3.7.1.3.1537.3 = STRING: "0x343"
.1.3.6.1.2.1.25.3.7.1.4.1537.1 = INTEGER: 14877060 KBytes
.1.3.6.1.2.1.25.3.7.1.4.1537.2 = INTEGER: 9920624 KBytes
.1.3.6.1.2.1.25.3.7.1.4.1537.3 = INTEGER: 0 KBytes
.1.3.6.1.2.1.25.3.7.1.5.1537.1 = INTEGER: 1
.1.3.6.1.2.1.25.3.7.1.5.1537.2 = INTEGER: 3
.1.3.6.1.2.1.25.3.7.1.5.1537.3 = INTEGER: 0


The above text when run through the import feature in Unbrowse SNMP produces a spreadsheet-like walker as shown below.

Snmpwalk import into mib browser

Go to the Unbrowse SNMP Page

How to convert an SNMPWALK output into a nice spreadsheet like table ?

Unbrowse SNMP makes it dramatically easier to work with output of snmpwalk commands. You send in a text file containing the snmpwalk output, and you will get a MyMib (which corresponds to the subtree extracted by the snmpwalk command) and a Spreadsheet like view of the results. This helps you boost your productivity because you no longer have to scratch your head when confronted with a large snmpwalk dump.

You can use this feature by importing a file or by "copy-paste"

Via a file import

If you have a file containing the snmpwalk output, you can select the “File > Import > From SNMPWALK dump” command. The exact steps are outlined below.

  • Close all browser and walker windows
  • Select File->Import->From a SNMPWALK dump.. menu item
  • Select the snmpwalk dump file
  • A status window appears indicating progress, you can stop at any time.
  • Unresolved OIDs are MIB objects in the snmpwalk dump that are not known to Unbrowse SNMP. These unresolved OIDs are shown in the text area on the status window.
  • During SNMPWALK processing:
  • First a MyMIB is created containing all the objects in the snmpwalk input file. You can save it for use later.
  • Next the MIB Walker view (a spreadsheet like view) is created
  • Please be patient as this may take time if the input file is large. It can take upto 2 minutes to fully construct the sheet when large inputs are selected.
  • You can save the MyMIB and the Walker view, or export the Walker view to HTML for easier offline analysis

Via the clipboard ( copy-paste method)

If you have the snmpwalk dump in an email, a website, or a bug report, you can just copy paste the text into a special window. To use this feature, select “File > Import > From a SNMPWALK dump in the clipboard”. Paste the text into the box and press “Import!”

Supported snmpwalk formats

Unbrowse SNMP allows you to enter the snmpwalk output in a variety of formats. These may even be intermingled in the same input file. Most popular formats of Cisco, Juniper, and Net-SNMP are supported.

 

Partial OID only

47.1.1.1.1.2.1 : OCTET STRING- (ascii): Cisco Systems WS-C6506 6 slot switch

47.1.1.1.1.2.2 : OCTET STRING- (ascii): WS-C6506 6 slot switch chassis slot

47.1.1.1.1.2.3 : OCTET STRING- (ascii): WS-C6506 6 slot switch chassis slot

Module name, object

HOST-RESOURCES-MIB::hrPartitionIndex.1537.1 = INTEGER: 1

CISCO-VTP-MIB::vtpVlanState.1.1 = INTEGER: operational(1)

CISCO-VTP-MIB::vtpVlanState.1.2 = INTEGER: operational(1)

Full OID

.1.3.6.1.2.1.25.3.7.1.2.1537.1 = STRING: "/dev/hdb1"

.1.3.6.1.2.1.25.3.7.1.2.1537.2 = STRING: "/dev/hdb2"

.1.3.6.1.2.1.25.3.7.1.2.1537.3 = STRING: "/dev/hdb3"

Partial Name only

interfaces.ifTable.ifEntry.ifDescr.1 = ATM1/0

interfaces.ifTable.ifEntry.ifDescr.2 = BRI0/0

interfaces.ifTable.ifEntry.ifDescr.3 = FastEthernet0/0

Full Name

.iso.org.dod.internet.mgmt.mib-2.host.hrDevice.hrPartitionTable.hrPartitionEntry.hrPartitionFSIndex.1537.2 = INTEGER: 3

.iso.org.dod.internet.mgmt.mib-2.host.hrDevice.hrPartitionTable.hrPartitionEntry.hrPartitionFSIndex.1537.3 = INTEGER: 0

Short form (last name only)

hrPartitionSize.1537.1 = INTEGER: 14877060 KBytes

hrPartitionSize.1537.2 = INTEGER: 9920624 KBytes

hrPartitionSize.1537.3 = INTEGER: 0 KBytes
 

Sitemap | Privacy

Copyright © 2011-14 Unleash Networks