SOLVED: Advanced Switch monitoring

Nagios
1

Hi Forum,

We have just gotten some nice HP ProCurve J8697A 5406zl switch’s :slight_smile:

I’m have setup a quick script on my RedHat Nagios server to query our switch’s about what MAC’s are behind each port:
for ip in $nets; do
snmpwalk -v 1 -Os $ip -c $comm .1.3.6.1.2.1.17.4.3.1.1 | while read line
do
mac=echo $line | cut -d= -f2 | cut -d: -f2 | cut -d" " -f2- | tr " " : | cut -d: -f1-6
first=echo $line | cut -d= -f 1 | cut -d. -f 7-
Bridge=snmpwalk -v 1 -Os $ip -c $comm .1.3.6.1.2.1.17.4.3.1.2.$first | cut -d" " -f4
ifIndex=snmpwalk -v 1 -Os $ip -c $comm .1.3.6.1.2.1.17.1.4.1.2.$Bridge | cut -d" " -f4
ifName=snmpwalk -v 1 -Os $ip -c $comm .1.3.6.1.2.1.31.1.1.1.1.$ifIndex | cut -d" " -f4
echo "$mac $ip $ifName"
done
done
EX: 00:06:5B:FC:7A:93 switch1 D18
(meaning that MAC 00:06:5B:FC:7A:93 is located in switch switch1 in port D18)

  1. Anyone who knows a link to a working MIB :slight_smile: ?

  2. I would now like to take it a bit further and put a nice picture of each switch into NagVis and have a field telling me what DNS-hostname is located behind each port in the switch.
    I have tried to make a full snmpwalk but i can’t find anything matching IP (therefor currently getting the MAC) - anyone who know if this is possible on my switch’s (do our Network Service Provider need to allow more snmpinfo for my RO-snmp account or can this only be done on routers or not at all ? [telnet/ssh to the switch’s are not an option as our Network Service Provider is not allowing this])

  3. If it is possible only to get the MAC via snmp i need to convert MAC to DNS hostname.
    This can be done with arp, but will only give me the hosts that my monitoring server has been communicating with recently (within the last 8 minutes?) and it will only be hosts on the same network as my monitoring server…
    I could then multihome my monitoring server to each and every network we have or i could install something like arpwatch on “outsourced” server in each network and gather the information from them… neither I think is optimal though (multihoming will make monitoring of routing difficult and “outsourcing” makes a dependency to the servers)
    Anyone who has already done similar or knows of a better approach ?

Thanks in advance
~Maymann

2

I did that some years ago… i seem to remember you need info from a switch and a router to make a complete mac-ip match, plus something for DNS…
There’s a cacti plugin for identifying hosts and ports… not sure anymore, sorry. For sure you’ll need a DB to store the data, so you’ll gather info and age it out only if the port switches to down status or you get a new mac address on the other side, you’ll have to exclude “trunk” ports from this… it may become a little hell :slight_smile:

3

**Hi Luca,

thanks for your reply and hints…

Couldn’t wait so i made it myself…:slight_smile:
if anyone else needs something similar here is a working script:
—**
#!/bin/sh
TMPFILE=/tmp/switchports.txt
LOGFILE=YOUR_LOGFILE
EXFILE=YOUR_EXCLUDE_FILE
COMM=YOUR_READONLY SNMP_COMMUNITY_STRING

Overwrite logfile with header

echo “#HOSTNAME ; IP ; MAC ; SWITCH ; PORT ; VLAN ; IN ; OUT ; ALIAS” > $EXFILE

Get MAC-IP matchup

ROUTER=$(snmpwalk -v 2c -Os gw1 -c $COMM | grep “^atPhysAddress.”)

Get info from each Switch Port

for i in 1 2 3 4 5 6; do
for switch in sw{i}; do
snmpwalk -v 2c -Os $switch -c $COMM .1.3.6.1.2.1.17.4.3.1.1 | while read line; do
first=echo $line | cut -d= -f 1 | cut -d. -f 7-
Bridge=snmpwalk -v 2c -Os $switch -c $COMM .1.3.6.1.2.1.17.4.3.1.2.$first | cut -d" " -f4
ifIndex=snmpwalk -v 2c -Os $switch -c $COMM .1.3.6.1.2.1.17.1.4.1.2.$Bridge | cut -d" " -f4
ifName=snmpwalk -v 2c -Os $switch -c $COMM .1.3.6.1.2.1.31.1.1.1.1.$ifIndex | cut -d" " -f4
vlan=snmpwalk -v 2c -Os $switch -c $COMM mib-2.17.7.1.4.5.1.1.$ifIndex | cut -d: -f2 | cut -d" " -f2
ifin=snmpwalk -v 2c -Os $switch -c $COMM ifInOctets.$ifIndex | cut -d: -f2 | cut -d" " -f2
ifout=snmpwalk -v 2c -Os $switch -c $COMM ifOutOctets.$ifIndex | cut -d: -f2 | cut -d" " -f2
ifalias=snmpwalk -v 2c -Os $switch -c $COMM ifAlias.$ifIndex | cut -d: -f2 | cut -d" " -f2
mac=echo $line | cut -d= -f2 | cut -d: -f2
ip=echo "$ROUTER" | grep "$mac" | cut -d = -f1 | cut -d. -f4-
mac_readable=echo $mac | tr " " : | cut -d: -f1-6
if “$ip” != “” ]; then
hostname=host $ip | cut -d" " -f5 | cut -d. -f1
if “$hostname” != “no” -a “$ifName” != “” -a “$ifName” != “A1” -a “$ifName” != “A2” ]; then
echo “$hostname ; $ip; $mac_readable ; $switch ; $ifName ; $vlan ; $ifin ; $ifout ; $ifalias” >> $TMPFILE
else
echo " ; $ip; $mac_readable ; $switch ; $ifName ; $vlan ; $ifin ; $ifout ; $ifalias" >> $EXFILE
fi
else
echo " ; ; $mac_readable ; $switch ; $ifName ; $vlan ; $ifin ; $ifout ; ifalias" >> $EXFILE
fi
sleep 0.1
done
done
done

Overwrite logfile with header, sort the file by hostname & cleanup

echo “#HOSTNAME ; IP ; MAC ; SWITCH ; PORT ; VLAN ; IN ; OUT ; ALIAS” > $LOGFILE
cat $TMPFILE | sort -k 1,1 >> $LOGFILE
rm -rf $TMPFILE
**—
I found mibs at hp.com/rnd/software/MIBs.htm
Now i only need to put the info into a nice info field in NagVis - so from here it is just a walk in the park :wink:
**