User:Mortheres/Doc SNMP

From OCS Inventory NG
Jump to: navigation, search

Using SNMP scans features

How does it works ?

The main goal of the SNMP integration In Ocsinventory NG is to enhance data collected by Ipdiscover. Using SNMP scans, you will be able to get a lot of informations about network devices : printers, switchs, computers (wich don't have an OCS agent), etc...SNMP scans will be made by OCS agents using IP adresses collected using Ipdiscover. This IP adresses to scan are directly sent to OCS agent by OCS server when OCS agent take contact (PROLOG step).

You can find more information about Ipdiscover here.

Warning: An OCS agent MUST BE Ipdiscover elected (or forced manually) to be able to make SNMP scans.

This is the several steps of SNMP scanning :

  1. an OCS agent is Ipdiscover elected or Ipdiscover forced manually
  2. when the agent takes contact to server (PROLOG) and do its Ipdiscover network scan
  3. OCS agent send back the data collected (using Ipdiscover) to OCS server (IP adresses, MAC adresses, hostnames etc...)
  4. during the next contact to OCS server, OCS agent received from server the IP adresses to scan using SNMP (this IP adresses are get using previous Ipdiscover data sent back by OCS agent) and an URL to download snmp_com.txt file using HTTPS (this file is used to give differents SNMP communities used for SNMP scans)
  5. OCS agent download snmp_com.txt file using HTTPS
  6. OCS agent do its Ipdiscover scan (because it is Ipdscover elected anyway) and sent back data collected to OCS server
  7. OCS agent make SNMP scans using IP adresses received from server and SNMP communities found in snmp_com.txt file
  8. OCS agent sent back the SNMP data collected to the server

Once all this steps done, you will be able to view SNMP scans results using OCS Web Interface. You will be able to enable or disable SNMP scan features in Web Interface using global configuration or using computer or groups custom parameters. You will be able to add your own SNMP communities in Web Interface too.

Configuration using Web Interface

General options

To manage SNMP general options in Web Interface, go to in Configuration menu, click on Configuration and go to the SNMP tab.

EN ocsreports snmp general config.png

This is the SNMP configuration options avalaible:

  • SNMP: activate or desactivate SNMP scan feature. If this option is OFF, no SNMP scan will be made by any OCS agent
  • SNMP_DIR: directory where snmp_com.txt is stored. This file is stored at server side, on the same server which provides ocsreports (OCS Web Interface). This directory MUST BE valid. If not, OCS Web Interface won't be able to manage SNMP communities.
  • SNMP_URI: URI where OCS agent will try to download snmp_com.txt file using HTTPS. This URI MUST BE valid (it will be often OCS server itself on which you configured openssl). If not, OCS agent won't be able to make SNMP scans. This URI will be often like this : HTTPS://myocsserver.domain/snmp
  • SNMP_INVENTORY_DIFF: use SNMP Inventory diff feature to lighten your DB backend. SNMP inventory data will be written in database only if it changes. OCS server will use snmp_laststate table to make this comparison

Manage SNMP communities

To be enable to scan a SNMP device, you have use SNMP community. SNMP community can be viewed as authentifciation informations to be allowed to scan SNMP devices. SNMP community is created by 2 informations:

  • SNMP version : it is the SNMP version supported by the SNMP device(s) (can be version 1, version 2, version 2c etc...)
  • SNMP community name : it is the community name you set in your SNMP device(s). For many SNMP devices, the default SNMP community name is public.

Note: In OCS Inventory NG 2.0, only SNMp v1, v2 and v2c are supported. SNMp v3 will be supported in future releases.

If you set your own SNMP communities in your SNMP devices, you have to add it in OCS Inventory configuration. OCS agent will received informations about this communities and will try to scans SNMP devices using every SNMP communities you set in your configuration. SNMP communites informations are directly added in the snmp_com.txt file wich will be downloaded by OCS agent, using SNMP_URI (see General options upper) parameter using HTTPS.

Note: By default, OCS Inventory included an SNMP version 2c community named public .

To manage SNMP communities in Web Interface, go to in Network(s) menu, click on Administer and go to the Manage SNMP communites tab.

EN ocsreports snmp communities.png

  • You can now add a new SNMP communities using the Add button. A new screen screen is displayed:

EN ocsreports snmp add community.png

You have to set a community name and a SNMP version (using the drop list)

  • To delete a SNNMP community, click on the red cross
  • To modify a SNMP community, click on the pencil

Configuring custom parameters

To make an OCS agent to scan its network using SNMP (without waiting for an Ipdiscover automatic election), you may have to set its custom parameters at computer side or at groups side.

Configuring computer custom parameters

To make a single OCS agent to scan its network using SNMP, you have to set it in its custom parameters. First, go to its inventory page, click on the Customization icon, and the click on the Select a parameter to be modified (pencil). Then, click on the Networks scans tab.

EN ocsreports snmp computer custom parameters.png

  • If no network adress appeared in IPDISCOVER option, you have to set it manually using the drop list
  • You can enable/disable a computer to make SNMP scans using SNMP_SWITCH option. By default, global configuration parameter is taken, corresponding to the Default radio button.

Click on the Update button to save your modifications.

Configuring groups custom parameters

To enable or disable SNMP scans for agents that are members of a group, you have to set the group custom parameters. First, go to the group page, click on the Customization icon, and the click on the Select a parameter to be modified (pencil). Then, click on the Networks scans tab.

EN ocsreports snmp group custom parameters.png

  • You can enable/disable agents members of a group to make SNMP scans using SNMP_SWITCH option. By default, global configuration parameter is taken, corresponding to the Default radio button.

Click on the Update button to save your modifications.

Configuring Unix Unified Agent


To be able do make SNMP using OCS Unified Unix agent, you have to install Net::SNMP perl module (see .

To install it, use your distribution or OS packages as much as possible. For Debian like distributions, install libnet-snmp-perl package and for Redhat like distributions, install perl-Net-SNMP

If you cannot use packages, install Net::SNMP perl module using CPAN like this:

cpan>install Net::SNMP


SNMP scans feature is managed by Unix Unified agent module. You have two ways to activate it in your Unix Unified agent installation:

  • By using post installation interactive script by answering 'y' this question:
Do you want to use OCS-Inventory SNMP scans feature ?
  • By editing /etc/ocsinventory-agent/modules.conf file and ucomment this line :
use Ocsinventory::Agent::Modules::Snmp;

To be sure that will be launched when Unix Unified agent will run, you can type using command:

#perl /etc/ocsinventory-agent/modules.conf

If no errors are displayed on stdout, this means that you have no errors.

Copying SSL certificate file

To allow Unix Unified agent to download snmp_com.txt file using HTTPS, you have to copy SSL certificate file (as cacert.pem) in your OCS server configuration directory in your basevardir directory.

Note: basevardir directory is the path specified in your /etc/ocsinventory-agent/ocsinventory-agent.cfg using basevardir= parameter.

Your OCS server configuration directory is a directory created automatically using your OCS server URL (http:__ocsinventory-ng_ocsinventory for example).

For example, if your basevardir parameter is /var/lib/ocsinventory-agent/ and your OCS server URL is http://ocsinventory-ng/ocsinventory, so you have to copy your cacert.pem certificate file in /var/lib/ocsinventory-agent/http:__ocsinventory-ng_ocsinventory directory.

Note: If you already use a SSL certificate for OCS packages deployment, you may not have to copy a new one for SNMP scans feature. Indeed, if you use the same HTTPS server for OCS package deployment and snmp_com.txt file download, cacert.pem file will be same one in the same directory.

Scans informations using debug mode

To see more informations about SNMP scans, you can launch ocsinventory-agent using debug mode, like this :

#ocsinventory-agent --debug

You will see an debug output about SNMP scans like this:

[Sun Jan  9 19:40:56 2011][debug] [snmp] Scanning device
[Sun Jan  9 19:40:56 2011][debug] [snmp] Running HP (11) MIB module
[Sun Jan  9 19:40:56 2011][debug] [snmp] Running If MIB module
[Sun Jan  9 19:40:56 2011][debug] [snmp] Running Printer MIB module
[Sun Jan  9 19:40:57 2011][debug] [snmp] Scanning device
[Sun Jan  9 19:41:09 2011][info] [snmp] No more SNMP device to scan
[Sun Jan  9 19:41:09 2011][debug] sending XML
[Sun Jan  9 19:41:09 2011][debug] sending: <?xml version="1.0" encoding="UTF-8"?>
        <DESCRIPTION>Cartouche d'encre</DESCRIPTION>
        <UPTIME>8 days, 20:36:47.10</UPTIME>
        <COUNTER>11771 impressions</COUNTER>
        <NAME>HP LaserJet 2100 Series</NAME>
        <NAME>Tray 3</NAME>
        <NAME>Tray 1</NAME>
        <NAME>Tray 2</NAME>
[Sun Jan  9 19:41:09 2011][debug] [snmp] End snmp_end_handler :)

In this example, you can see that the agent scanned a printer and the data related.

Query SNMP inventory results

To query SNMP inventory results in Web Interface, go to in Network(s) menu, and click on SNMP.

You will see table containing all the SNMP devices scanned by OCS agents.

EN ocsreports snmp table.png

Show SNMP device inventory

To have more informations about a SNMP device, just click on its name to display its inventory page.

EN ocsreports snmp inventory printer.png

  • At the bottom of the page, you have a grey frame corresponding to general information about SNMP device: IP address, MAC address, Name, Description etc...
  • At the middle of the page, you have a blue frame corresponding to special information depending on the device type . For a printer you will have its number of impressions, its serial number, its status etc...For a switch, you will have its type, etc...
  • At the bottom of the page, you have different tabs corresponding to inventory data. For example, you may have Administrative data, Cartridges, Trays tabs. The number of tabs will depends on the data scanned by OCS agent, so you may not have all the tabs for a SNMP device. However, you will have the Administrative data tab by default, to be able to modify administrative data on a SNMP device (like TAG or any administrative data you created).

Delete an SNMP device

  • To delete a SNMP device, just click on the red cross at the right of the SNMP devices table.
  • If you want to delete several SNMP devices, select it using the select box at the right of the table, and click on the Remove Selected" icon a the bottom of the table.

Advanced Apache configuration

By default, OCS Inventory NG installation script (, creates Apache configuration to make snmp_com.txt file availaible for download (to make OCS agents be able to download this file). By default, Apache configuration is set to create a /snmp URI wich corresponds to https://yourocsserver/snmp. This section explains you how to modify this configuration if you want to change it.

Modifying SNMP_DIR

By default, on Linux distributions, SNMP_DIR is created by OCS Inventory NG installtion script and corresponds to the /var/lib/ocsinventory-reports/snmp. You can create another one everywhere in you server, using this command :

mkdir /my/path/snmpdirectory

Don't forget to set rights to the Apache user (often www-data or apache) to your new directory:

chown www-data /my/path/directory

You may want want to recover your snmp_com.txt file (to keep your SNMP communities configuration) into you new directory :

cp /var/lib/ocsinventory-reports/snmp/snmp_com.txt /my/path/snmpdirectory
chown www-data /my/path/snmpdirectory

Once done, don't forget to change SNMP_DIR option in global configuration. See General options for more information.

Modifying ocsinventory-reports.conf

After modifying SNMP_DIR directory, you have to modify ocsinventory-reports.conf file to modify your Apache configuration to make it corresponds to your new directory. On most Linux distributions, ocsinventory-reports.conf is located in /etc/apache2/conf.d/ or /etc/httpd/conf.d directory.

Edit your ocsinventory-reports.conf (using you preferred editor) to get a configuration like this :

Alias /snmp /my/path/snmpdirectory

<Directory /my/path/snmpdirectory>
        Order Deny,Allow
        Deny From All

If you want to replace the /snmp alias value by anything you want, don't forget to change the SNMP_URI value (see General options for more information).

Once done, don't forget to restart your Apache server to take care of your new configuration :

/etc/init.d/apache2 restart
(on Debian based distribution)


/etc/init.d/httpd restart
(on Redhat based distribution)