Logging SNMP Access to the Router

Problem

You want to keep a log of SNMP operations that occur on the router and of the NMS systems that connect to the router to gather status and statistics.

Solution

Use the following command to log SNMP operations and NMS connections:

[edit snmp] aviva@router1# set traceoptions flag pdu

 

Discussion

You log SNMP access and operations by using SNMP trace logging. By default, the log messages are saved to a number of tracing files in the /var/log directory, including snmpd.

To see which NMS systems have connected to the router, this recipe sets the PDU tracing flag, which logs all NMS system request and responses to them, as well as any traps that get generated. To see the PDU traces, look in the /var/log/snmpd file:

Apr 27 12:04:34 snmpd[1370dced] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Apr 27 12:04:34 snmpd[1370dced] >>> Get-Request Apr 27 12:04:34 snmpd[1370dced] >>> Source: 172.16.20.182 Apr 27 12:04:34 snmpd[1370dced] >>> Destination: 192.168.15.1 Apr 27 12:04:34 snmpd[1370dced] >>> Version: SNMPv2 Apr 27 12:04:34 snmpd[1370dced] >>> Request_id: 0x1370dced Apr 27 12:04:34 snmpd[1370dced] >>> Community: public Apr 27 12:04:34 snmpd[1370dced] >>> Error: status=0 / vb_index=0 Apr 27 12:04:34 snmpd[1370dced] >>> OID : sysName.0 Apr 27 12:04:34 snmpd[1370dced] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Apr 27 12:04:34 snmpd[1370dced] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Apr 27 12:04:34 snmpd[1370dced] <<< Get-Response Apr 27 12:04:34 snmpd[1370dced] <<< Source: 192.168.15.1 Apr 27 12:04:34 snmpd[1370dced] <<< Destination: 172.16.20.182 Apr 27 12:04:34 snmpd[1370dced] <<< Version: SNMPv2 Apr 27 12:04:34 snmpd[1370dced] <<< Request_id: 0x1370dced Apr 27 12:04:34 snmpd[1370dced] <<< Community: public Apr 27 12:04:34 snmpd[1370dced] <<< Error: status=0 / vb_index=0 Apr 27 12:04:34 snmpd[1370dced] <<< OID : sysName.0 Apr 27 12:04:34 snmpd[1370dced] <<< type : OctetString Apr 27 12:04:34 snmpd[1370dced] <<< value: "router1" Apr 27 12:04:34 snmpd[1370dced] <<< HEX : 74 61 6e 71 75 65 72 61 Apr 27 12:04:34 snmpd[1370dced] <<< 79 Apr 27 12:04:34 snmpd[1370dced] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

This output shows a Get request from the NMS system 172.16.20.182 for the OID sysName. The router returned the value of router1 in its Get-Response message.

See Also

Recipe 5.1

Related

Категории