[SOLVED] snmpd on RMerlin ASUSWRT with extended scripts

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

mad_ady

Regular Contributor
Hello everyone!
I'd like to keep an eye on who is connected over OpenVPN, so I thought I'd make a script to parse openvpn status and report back who is connected via snmp (there is a snmp agent polling the router periodically). To do this I enabled snmp and it works (I am able to get data for IF-MIB), but I'd like to extend it with custom scripts.

As far as I've seen I could use the 'extend' keyword, add a string and the path to the script in the configuration and the script's output should be exposed via SNMP in the NET-SNMP-EXTEND-MIB (http://www.oidview.com/mibs/8072/NET-SNMP-EXTEND-MIB.html). I've added the following line to /tmp/snmpd.conf and restarted snmpd manually:
Code:
extend test /bin/echo hello
However, when I do a snmpwalk, I do not get that OID. It could be that the OID is out of tree, so a direct walk would not expose it, so I tried specific walks, like this:
Code:
$ snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.4.1.8072.1.3.2
iso.3.6.1.4.1.8072.1.3.2 = No Such Object available on this agent at this OID
So, it seems that extended objects are not supported?

Any ideas what I should try next? I'm thinking of the following:
1. Disable builtin SNMP and install snmpd from opkg in hopes that it's more complete
2. Research a different way to expose a script's output via SNMP

Has anyone played with this before?
 

mad_ady

Regular Contributor
Ok, here's an update. I disabled the built-in snmpd daemon and installed snmpd and snmp-utils from opkg:
Code:
opkg install snmpd snmp-utils

I copied the config file from /tmp/snmpd.conf to /jffs/config/snmpd.conf and adjusted this path in /opt/etc/init.d/S47snmpd (ARGS).

Now, inside the config file I have something like this:
Code:
agentAddress  udp:161
createUser admin
rwuser admin noauth
rocommunity iezaejeeseTh2aekaoNg default
sysName arcturus
sysLocation Home
extend test /bin/echo hello
extend ovpntestuser /jffs/ovpn-status.sh testuser

You can start it with
Code:
# /opt/etc/init.d/S47snmpd start
 Starting snmpd...              done.

The /jffs/ovpn-status.sh script just does a grep in the ovpn status files to see if the user is connected or not and reports back via wc -l:
Code:
#!/bin/sh
/bin/grep "CLIENT_LIST,$1" /etc/openvpn/server1/status /etc/openvpn/server2/status | /opt/bin/wc -l

You can query it via SNMP with
Code:
# snmpwalk -v2c -c iezaejeeseTh2aekaoNg 127.0.0.1 .1.3.6.1.4.1.8072.1.3.2.3.1.1
iso.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116 = STRING: "hello"
iso.3.6.1.4.1.8072.1.3.2.3.1.1.12.111.118.112.110.116.101.115.116.117.115.101.114 = STRING: "0"

The OID is composed from a base iso.3.6.1.4.1.8072.1.3.2.3.1.1 + id + string you used in the config converted to decimal (use this to convert it https://www.rapidtables.com/convert/number/ascii-hex-bin-dec-converter.html).

Hope this helps!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top