本文首发在与
这两天算是跟SNMP杠上了……各种监控的自定义资源。伤不起了!
"石头"大神写的使用snmp监控网络接口流量的check_traffic脚本可以说是比较好用和成熟的脚本了,
脚本下载: |
但是最近在用的时候却发现了一些问题:
同一个脚本,但是在不同的机器上,去查看Windows被监控的网络参数,却读取到的是16进制的数据,数据的前缀明显的是Hex-STRING,这……让我情何以堪……
[root@mon01 libexec]# ./check_traffic.sh -V 2c -C ubisoft -H 10.199.4.11 -L List Interface for host 10.199.4.11. RFC1213-MIB::ifDescr.1 = Hex-STRING: 53 6F 66 74 77 61 72 65 20 4C 6F 6F 70 62 61 63 6B 20 49 6E 74 65 72 66 61 63 65 20 31 00 RFC1213-MIB::ifDescr.2 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 53 53 54 50 29 00 RFC1213-MIB::ifDescr.3 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4C 32 54 50 29 00 RFC1213-MIB::ifDescr.4 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 50 50 54 50 29 00 RFC1213-MIB::ifDescr.5 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 50 50 50 4F 45 29 00 RFC1213-MIB::ifDescr.6 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 50 76 36 29 00 RFC1213-MIB::ifDescr.7 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4E 65 74 77 6F 72 6B 20 4D 6F 6E 69 74 6F 72 29 00 RFC1213-MIB::ifDescr.8 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 50 29 00 RFC1213-MIB::ifDescr.9 = Hex-STRING: 52 41 53 20 41 73 79 6E 63 20 41 64 61 70 74 65 72 00 RFC1213-MIB::ifDescr.10 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 4B 45 76 32 29 00 RFC1213-MIB::ifDescr.11 = Hex-STRING: 42 72 6F 61 64 63 6F 6D 20 42 43 4D 35 37 31 36 43 20 4E 65 74 58 74 72 65 6D 65 20 49 49 20 47 69 67 45 20 28 4E 44 49 53 20 56 42 44 20 43 6C 69 65 6E 74 29 00 RFC1213-MIB::ifDescr.12 = Hex-STRING: 4D 69 63 72 6F 73 6F 66 74 20 49 53 41 54 41 50 20 41 64 61 70 74 65 72 00 RFC1213-MIB::ifDescr.13 = Hex-STRING: 42 72 6F 61 64 63 6F 6D 20 42 43 4D 35 37 31 36 43 20 4E 65 74 58 74 72 65 6D 65 20 49 49 20 47 69 67 45 20 28 4E 44 49 53 20 56 42 44 20 43 6C 69 65 6E 74 29 20 23 32 00 |
然后就是各种查google,发现没有民间的解决方法,最后只能去查SNMP的官方文档,于是发现了下面的内容:
The list of valid datatypes can be found at the end of the snmpset help output: $ snmpset -h |& tail -4 type - one of i, u, t, a, o, s, x, d, n i: INTEGER, u: unsigned INTEGER, t: TIMETICKS, a: IPADDRESS o: OBJID, s: STRING, x: HEX STRING, d: DECIMAL STRING U: unsigned int64, I: signed int64, F: float, D: double |
于是知道了,输出的字符是可以自定义类型的,那么这货一定是输出了x类型……好吧……我们得改,查看check_traffic.sh的内容,发现之所以能使用-L来查看网络设备的列表,是因为它使用了这个语句:
list_interface(){ $SNMPWALK -v $Version $Community $Host "IF-MIB::ifDescr" |sed 's/IF-MIB::ifDescr./Interface index /g' | sed 's/= STRING:/orresponding to /g' exit 3} |
知道了之所以能查出interface的列表,调用的其实是snmpwalk的命令,那么我们查看snmpwalk的help,发现其实也是可以定义输出类型的:
-O OUTOPTS Toggle various defaults controlling output display: 0: print leading 0 for single-digit hex characters a: print all strings in ascii format b: do not break OID indexes down e: print enums numerically E: escape quotes in string indices f: print full OIDs on output n: print OIDs numerically q: quick print for easier parsing Q: quick print with equal-signs s: print only last symbolic element of OID S: print MIB module-id plus last element t: print timeticks unparsed as numeric integers T: print human-readable text along with hex strings u: print OIDs using UCD-style prefix suppression U: don't print units v: print values only (not OID = value) x: print all strings in hex format X: extended index format |
我们注意到,可以使用-O选项,后面跟a即可,让所有的东西都用标准的ASCII来显示,于是我们修改脚本,在查看list的那句里面加上 –Oa 这串内容
list_interface(){ $SNMPWALK -v $Version $Community –Oa $Host "IF-MIB::ifDescr" |sed 's/IF-MIB::ifDescr./Interface index /g' | sed 's/= STRING:/orresponding to /g' exit 3} |
再次使用脚本获取~则……:
[root@mon01 libexec]# ./check_traffic.sh -V 2c -C ubisoft -H 10.199.4.11 –L List Interface for host 10.199.4.11. RFC1213-MIB::ifDescr.1 orresponding to "Software Loopback Interface 1." RFC1213-MIB::ifDescr.2 orresponding to "WAN Miniport (SSTP)." RFC1213-MIB::ifDescr.3 orresponding to "WAN Miniport (L2TP)." RFC1213-MIB::ifDescr.4 orresponding to "WAN Miniport (PPTP)." RFC1213-MIB::ifDescr.5 orresponding to "WAN Miniport (PPPOE)." RFC1213-MIB::ifDescr.6 orresponding to "WAN Miniport (IPv6)." RFC1213-MIB::ifDescr.7 orresponding to "WAN Miniport (Network Monitor)." RFC1213-MIB::ifDescr.8 orresponding to "WAN Miniport (IP)." RFC1213-MIB::ifDescr.9 orresponding to "RAS Async Adapter." RFC1213-MIB::ifDescr.10 orresponding to "WAN Miniport (IKEv2)." RFC1213-MIB::ifDescr.11 orresponding to "Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)." RFC1213-MIB::ifDescr.12 orresponding to "Microsoft ISATAP Adapter." RFC1213-MIB::ifDescr.13 orresponding to "Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #2." |
OK,果断搞起。