|Work with output from snmpwalk|
SNMPWALK is one of the main tools used by a network engineer to troubleshoot behavior or verify configuration of devices. The output however is pretty hard to understand. In this article, we will talk about how Unbrowse SNMP makes the task of working with SNMPWALK dumps much easier. Snmpwalk is a command line utility available on almost all router platforms. A standalone version is also available for free from the excellent Net-SNMP project.
You may also want to check out this 5-min screencast !
Lexicographic ordering in SNMP
First, a few words about how OIDs are ordered in the SNMP protocol. If you already know this you can skip this section. SNMP aware devices store information related to their configuration and performance in a tree structure called the Management Information Base or in short MIB. Each node in the tree is uniquely identified by an object identifier or OID. The OIDs are just strings of numbers like .184.108.40.206.220.127.116.11 or .18.104.22.168.4.1.2622.214.171.124.2. Just as words can be ordered alphabetically, OIDs are ordered lexicographically. This means that given two OIDs, we start by comparing each digit from left to right, if at any position the numbers are not equal, the OID corresponding to the larger number is declared to be lexicographically greater. If all numbers compared are equal, but one OID is longer than the other, the longer OID is lexicographically greater. The GETNEXT command retrieves the next lexicographically higher object from the device. The SNMPWALK is built on top of the basic GETNEXT command.
What does the SNMPWALK command do ?
The SNMPWALK command is used to retrieve a MIB subtree and print the results to the console. In reality, there is no "WALK" operation defined in the SNMP protocol. The SNMPWALK actually tool uses a series of GETNEXT requests in a loop. The first iteration of GETNEXT uses the OID supplied on the command line, all subsequent GETNEXTs use the OID contained in the previous response. The loop stops if the returned OID in the response is outside the subtree of the original OID or the end of MIB is reached.
$snmpwalk -v 1 -c public123 localhost .126.96.36.199
The problem with the output
A lot of network administrators have to deal with raw snmpwalk outputs such as the ones shown above. This causes a lot of aggravation for the following reasons.
Example : Walk the HOST-RESOURCE mib disk partition table
This is the raw output from the snmpwalk command
.188.8.131.52.184.108.40.206.220.127.116.117.1 = INTEGER: 1
The above text when run through the import feature in Unbrowse SNMP produces a spreadsheet-like walker as shown below.
How to convert an SNMPWALK output into a nice spreadsheet like table ?
Unbrowse SNMP makes it dramatically easier to work with output of snmpwalk commands. You send in a text file containing the snmpwalk output, and you will get a MyMib (which corresponds to the subtree extracted by the snmpwalk command) and a Spreadsheet like view of the results. This helps you boost your productivity because you no longer have to scratch your head when confronted with a large snmpwalk dump.
You can use this feature by importing a file or by "copy-paste"
Via a file import
If you have a file containing the snmpwalk output, you can select the “File > Import > From SNMPWALK dump” command. The exact steps are outlined below.
Via the clipboard ( copy-paste method)
If you have the snmpwalk dump in an email, a website, or a bug report, you can just copy paste the text into a special window. To use this feature, select “File > Import > From a SNMPWALK dump in the clipboard”. Paste the text into the box and press “Import!”
Supported snmpwalk formats
Unbrowse SNMP allows you to enter the snmpwalk output in a variety of formats. These may even be intermingled in the same input file. Most popular formats of Cisco, Juniper, and Net-SNMP are supported.