- 1 Using SNMP scans features
- 1.1 How does it works ?
- 1.2 Configuration using Web Interface
- 1.3 Configuring Unix Unified Agent
- 1.4 Query SNMP inventory results
- 1.5 Advanced Apache configuration
Using SNMP scans features
How does it works ?
The main goal of the SNMP integration In Ocsinventory NG is to enhance data collected by Ipdiscover. Using SNMP scans, you will be able to get a lot of informations about network devices : printers, switchs, computers (wich don't have an OCS agent), etc...SNMP scans will be made by OCS agents using IP adresses collected using Ipdiscover. This IP adresses to scan are directly sent to OCS agent by OCS server when OCS agent take contact (PROLOG step).
You can find more information about Ipdiscover here.
|Warning: An OCS agent MUST BE Ipdiscover elected (or forced manually) to be able to make SNMP scans.|
This is the several steps of SNMP scanning :
- an OCS agent is Ipdiscover elected or Ipdiscover forced manually
- when the agent takes contact to server (PROLOG) and do its Ipdiscover network scan
- OCS agent send back the data collected (using Ipdiscover) to OCS server (IP adresses, MAC adresses, hostnames etc...)
- during the next contact to OCS server, OCS agent received from server the IP adresses to scan using SNMP (this IP adresses are get using previous Ipdiscover data sent back by OCS agent) and an URL to download snmp_com.txt file using HTTPS (this file is used to give differents SNMP communities used for SNMP scans)
- OCS agent download snmp_com.txt file using HTTPS
- OCS agent do its Ipdiscover scan (because it is Ipdscover elected anyway) and sent back data collected to OCS server
- OCS agent make SNMP scans using IP adresses received from server and SNMP communities found in snmp_com.txt file
- OCS agent sent back the SNMP data collected to the server
Once all this steps done, you will be able to view SNMP scans results using OCS Web Interface. You will be able to enable or disable SNMP scan features in Web Interface using global configuration or using computer or groups custom parameters. You will be able to add your own SNMP communities in Web Interface too.
Configuration using Web Interface
To manage SNMP general options in Web Interface, go to in Configuration menu, click on Configuration and go to the SNMP tab.
This is the SNMP configuration options avalaible:
- SNMP: activate or desactivate SNMP scan feature. If this option is OFF, no SNMP scan will be made by any OCS agent
- SNMP_DIR: directory where snmp_com.txt is stored. This file is stored at server side, on the same server which provides ocsreports (OCS Web Interface). This directory MUST BE valid. If not, OCS Web Interface won't be able to manage SNMP communities.
- SNMP_URI: URI where OCS agent will try to download snmp_com.txt file using HTTPS. This URI MUST BE valid (it will be often OCS server itself on which you configured openssl). If not, OCS agent won't be able to make SNMP scans. This URI will be often like this : HTTPS://myocsserver.domain/snmp
- SNMP_INVENTORY_DIFF: use SNMP Inventory diff feature to lighten your DB backend. SNMP inventory data will be written in database only if it changes. OCS server will use snmp_laststate table to make this comparison
Manage SNMP communities
To be enable to scan a SNMP device, you have use SNMP community. SNMP community can be viewed as authentifciation informations to be allowed to scan SNMP devices. SNMP community is created by 2 informations:
- SNMP version : it is the SNMP version supported by the SNMP device(s) (can be version 1, version 2, version 2c etc...)
- SNMP community name : it is the community name you set in your SNMP device(s). For many SNMP devices, the default SNMP community name is public.
|Note: In OCS Inventory NG 2.0, only SNMp v1, v2 and v2c are supported. SNMp v3 will be supported in future releases.|
If you set your own SNMP communities in your SNMP devices, you have to add it in OCS Inventory configuration. OCS agent will received informations about this communities and will try to scans SNMP devices using every SNMP communities you set in your configuration. SNMP communites informations are directly added in the snmp_com.txt file wich will be downloaded by OCS agent, using SNMP_URI (see General options upper) parameter using HTTPS.
|Note: By default, OCS Inventory included an SNMP version 2c community named public .|
To manage SNMP communities in Web Interface, go to in Network(s) menu, click on Administer and go to the Manage SNMP communites tab.
- You can now add a new SNMP communities using the Add button. A new screen screen is displayed:
You have to set a community name and a SNMP version (using the drop list)
- To delete a SNNMP community, click on the red cross
- To modify a SNMP community, click on the pencil
Configuring custom parameters
To make an OCS agent to scan its network using SNMP (without waiting for an Ipdiscover automatic election), you may have to set its custom parameters at computer side or at groups side.
Configuring computer custom parameters
To make a single OCS agent to scan its network using SNMP, you have to set it in its custom parameters. First, go to its inventory page, click on the Customization icon, and the click on the Select a parameter to be modified (pencil). Then, click on the Networks scans tab.
- If no network adress appeared in IPDISCOVER option, you have to set it manually using the drop list
- You can enable/disable a computer to make SNMP scans using SNMP_SWITCH option. By default, global configuration parameter is taken, corresponding to the Default radio button.
Click on the Update button to save your modifications.
Configuring groups custom parameters
To enable or disable SNMP scans for agents that are members of a group, you have to set the group custom parameters. First, go to the group page, click on the Customization icon, and the click on the Select a parameter to be modified (pencil). Then, click on the Networks scans tab.
- You can enable/disable agents members of a group to make SNMP scans using SNMP_SWITCH option. By default, global configuration parameter is taken, corresponding to the Default radio button.
Click on the Update button to save your modifications.
Configuring Unix Unified Agent
To be able do make SNMP using OCS Unified Unix agent, you have to install Net::SNMP perl module (see http://search.cpan.org/~dtown/Net-SNMP-v6.0.1/lib/Net/SNMP.pm .
To install it, use your distribution or OS packages as much as possible. For Debian like distributions, install libnet-snmp-perl package and for Redhat like distributions, install perl-Net-SNMP
If you cannot use packages, install Net::SNMP perl module using CPAN like this:
#cpan cpan>install Net::SNMP
SNMP scans feature is managed by Snmp.pm Unix Unified agent module. You have two ways to activate it in your Unix Unified agent installation:
- By using post installation interactive script by answering 'y' this question:
Do you want to use OCS-Inventory SNMP scans feature ?
- By editing /etc/ocsinventory-agent/modules.conf file and ucomment this line :
To be sure that Snmp.pm will be launched when Unix Unified agent will run, you can type using command:
If no errors are displayed on stdout, this means that you have no errors.
Copying SSL certificate file
To allow Unix Unified agent to download snmp_com.txt file using HTTPS, you have to copy SSL certificate file (as cacert.pem) in your OCS server configuration directory in your basevardir directory.
|Note: basevardir directory is the path specified in your /etc/ocsinventory-agent/ocsinventory-agent.cfg using basevardir= parameter.
Your OCS server configuration directory is a directory created automatically using your OCS server URL (http:__ocsinventory-ng_ocsinventory for example).
For example, if your basevardir parameter is /var/lib/ocsinventory-agent/ and your OCS server URL is http://ocsinventory-ng/ocsinventory, so you have to copy your cacert.pem certificate file in /var/lib/ocsinventory-agent/http:__ocsinventory-ng_ocsinventory directory.
|Note: If you already use a SSL certificate for OCS packages deployment, you may not have to copy a new one for SNMP scans feature. Indeed, if you use the same HTTPS server for OCS package deployment and snmp_com.txt file download, cacert.pem file will be same one in the same directory.|
Scans informations using debug mode
To see more informations about SNMP scans, you can launch ocsinventory-agent using debug mode, like this :
You will see an debug output about SNMP scans like this:
[Sun Jan 9 19:40:56 2011][debug] [snmp] Scanning 192.168.11.4 device [Sun Jan 9 19:40:56 2011][debug] [snmp] Running HP (11) MIB module [Sun Jan 9 19:40:56 2011][debug] [snmp] Running If MIB module [Sun Jan 9 19:40:56 2011][debug] [snmp] Running Printer MIB module [Sun Jan 9 19:40:57 2011][debug] [snmp] Scanning 192.168.11.2 device [Sun Jan 9 19:41:09 2011][info] [snmp] No more SNMP device to scan [Sun Jan 9 19:41:09 2011][debug] sending XML [Sun Jan 9 19:41:09 2011][debug] sending: <?xml version="1.0" encoding="UTF-8"?> <REQUEST> <CONTENT> <DEVICE> <CARTRIDGES> <COLOR></COLOR> <DESCRIPTION>Cartouche d'encre</DESCRIPTION> <LEVEL>147</LEVEL> <MAXCAPACITY>500</MAXCAPACITY> <TYPE>toner</TYPE> </CARTRIDGES> <COMMON> <CONTACT></CONTACT> <DESCRIPTION>HP ETHERNET MULTI-ENVIRONMENT,ROM V.29.11,JETDIRECT,JD115,EEPROM V.29.13,CIDATE 08/11/2005</DESCRIPTION> <IPADDR>192.168.11.4</IPADDR> <LOCATION></LOCATION> <MACADDR>00:11:0a:f6:85:02</MACADDR> <NAME>HPPRINTER1</NAME> <SNMPDEVICEID>07af1c5aad323d941bc27e5d7ca4a936</SNMPDEVICEID> <TYPE>Printer</TYPE> <UPTIME>8 days, 20:36:47.10</UPTIME> </COMMON> <PRINTERS> <COUNTER>11771 impressions</COUNTER> <ERRORSTATE></ERRORSTATE> <NAME>HP LaserJet 2100 Series</NAME> <SERIALNUMBER>FRGW102336</SERIALNUMBER> <STATUS>idle</STATUS> </PRINTERS> <TRAYS> <DESCRIPTION>Bac 3</DESCRIPTION> <LEVEL>79</LEVEL> <MAXCAPACITY>250</MAXCAPACITY> <NAME>Tray 3</NAME> </TRAYS> <TRAYS> <DESCRIPTION>Bac 1</DESCRIPTION> <LEVEL>200</LEVEL> <MAXCAPACITY>100</MAXCAPACITY> <NAME>Tray 1</NAME> </TRAYS> <TRAYS> <DESCRIPTION>Bac 2</DESCRIPTION> <LEVEL>25</LEVEL> <MAXCAPACITY>250</MAXCAPACITY> <NAME>Tray 2</NAME> </TRAYS> </DEVICE> </CONTENT> <DEVICEID>thekid-2010-10-13-20-11-26</DEVICEID> <QUERY>SNMP</QUERY> </REQUEST> [Sun Jan 9 19:41:09 2011][debug] [snmp] End snmp_end_handler :)
In this example, you can see that the agent scanned a printer and the data related.
Query SNMP inventory results
To query SNMP inventory results in Web Interface, go to in Network(s) menu, and click on SNMP.
You will see table containing all the SNMP devices scanned by OCS agents.
Show SNMP device inventory
To have more informations about a SNMP device, just click on its name to display its inventory page.
- At the bottom of the page, you have a grey frame corresponding to general information about SNMP device: IP address, MAC address, Name, Description etc...
- At the middle of the page, you have a blue frame corresponding to special information depending on the device type . For a printer you will have its number of impressions, its serial number, its status etc...For a switch, you will have its type, etc...
- At the bottom of the page, you have different tabs corresponding to inventory data. For example, you may have Administrative data, Cartridges, Trays tabs. The number of tabs will depends on the data scanned by OCS agent, so you may not have all the tabs for a SNMP device. However, you will have the Administrative data tab by default, to be able to modify administrative data on a SNMP device (like TAG or any administrative data you created).
Delete an SNMP device
- To delete a SNMP device, just click on the red cross at the right of the SNMP devices table.
- If you want to delete several SNMP devices, select it using the select box at the right of the table, and click on the Remove Selected" icon a the bottom of the table.
Advanced Apache configuration
By default, OCS Inventory NG installation script (setup.sh), creates Apache configuration to make snmp_com.txt file availaible for download (to make OCS agents be able to download this file). By default, Apache configuration is set to create a /snmp URI wich corresponds to https://yourocsserver/snmp. This section explains you how to modify this configuration if you want to change it.
By default, on Linux distributions, SNMP_DIR is created by OCS Inventory NG installtion script and corresponds to the /var/lib/ocsinventory-reports/snmp. You can create another one everywhere in you server, using this command :
Don't forget to set rights to the Apache user (often www-data or apache) to your new directory:
chown www-data /my/path/directory
You may want want to recover your snmp_com.txt file (to keep your SNMP communities configuration) into you new directory :
cp /var/lib/ocsinventory-reports/snmp/snmp_com.txt /my/path/snmpdirectory chown www-data /my/path/snmpdirectory
Once done, don't forget to change SNMP_DIR option in global configuration. See General options for more information.
After modifying SNMP_DIR directory, you have to modify ocsinventory-reports.conf file to modify your Apache configuration to make it corresponds to your new directory. On most Linux distributions, ocsinventory-reports.conf is located in /etc/apache2/conf.d/ or /etc/httpd/conf.d directory.
Edit your ocsinventory-reports.conf (using you preferred editor) to get a configuration like this :
Alias /snmp /my/path/snmpdirectory <Directory /my/path/snmpdirectory> Order Deny,Allow Deny From All </Directory>
If you want to replace the /snmp alias value by anything you want, don't forget to change the SNMP_URI value (see General options for more information).
Once done, don't forget to restart your Apache server to take care of your new configuration :
/etc/init.d/apache2 restart(on Debian based distribution)
/etc/init.d/httpd restart(on Redhat based distribution)