One great thing about OpenBSD is that it comes with many services included. SNMP is one of them, meaning it can be set up without installing anything.

I am not sure how much value SNMP provides by itself, so I will be using it with RRDTool to capture, store and graph the measurements.

The reason for doing this is to get some nice graphs that can give a quick overview of how the server is doing in terms of CPU load and network traffic. SNMP can measure more than this but I think it is enough to start with.

I begin by copying the snmpd.conf file from /etc/examples to /etc/. As this file contains the password to access the service in cleartext it should be kept readable for root only.

Next I add a “listen” line for localhost only and by not specifying anything more, it seems version 3 of the SNMP protocol is being used. Other examples are shown in the file.

listen on 127.0.0.1                     # SNMPv3 on one specific address

The next thing is to add a user and set the passwords:

user "user" auth hmac-sha256 authkey "Dash A pass" enc aes enckey "Dash X pass"

These are obviously not my passwords, I set them just to show that spaces can be used and clearly show what parameter they follow.

Then enable the service so it starts automatically at boot, and start it now:

doas rcctl enable snmpd
doas rcctl start snmpd

Now to make a query and check that it works. The command ends up being quite long unfortunately:

snmp get -A "Dash A pass" -a SHA-256 -l authPriv -u user -X "Dash X pass" localhost sysDescr.0

This gives me output similar to running uname -a which shows it worked as expected.

To find all the things that can be queried, use snmp walk without the oid at the end. Oid is short for Object Identifier and is a unique value used to identify an object in the database.

snmp walk -A "Dash A pass" -a SHA-256 -l authPriv -u user -X "Dash X pass" localhost

The first word on each line is the oid that can be queried. Here I’m showing most of the ones I will be using: Uptime, interface names, counted traffic in bytes incoming and outgoing as well as the processor load:

hrSystemUptime.0 = Timeticks: (8372996) 23:15:29.96
ifDescr.1 = STRING: vio0
ifDescr.2 = STRING: enc0
ifDescr.3 = STRING: lo0
ifDescr.4 = STRING: wg0
ifDescr.5 = STRING: pflog0
ifInOctets.1 = Counter32: 778325427
ifInOctets.2 = Counter32: 0
ifInOctets.3 = Counter32: 165314
ifInOctets.4 = Counter32: 18752512
ifInOctets.5 = Counter32: 0
ifOutOctets.1 = Counter32: 29768284
ifOutOctets.2 = Counter32: 0
ifOutOctets.3 = Counter32: 178199
ifOutOctets.4 = Counter32: 10483350
ifOutOctets.5 = Counter32: 0
hrProcessorLoad.1 = INTEGER: 1

To get counters for incoming traffic it is possible to get them one by one with get or all of them at once with walk. To get just one counter the full oid is needed, to get all of them at once, the . and the number behind must be dropped:

17:17:20 user@obsd-web:~$ snmp get -A "Dash A pass" -a SHA-256 -l authPriv -u user -X "Dash X pass" localhost ifInOctets.1
ifInOctets.1 = Counter32: 790324829
17:17:29 user@obsd-web:~$ snmp walk -A "Dash A pass" -a SHA-256 -l authPriv -u user -X "Dash X pass" localhost ifInOctets
ifInOctets.1 = Counter32: 790442290
ifInOctets.2 = Counter32: 0
ifInOctets.3 = Counter32: 1129722
ifInOctets.4 = Counter32: 18856304
ifInOctets.5 = Counter32: 0
17:17:40 user@obsd-web:~$

This has been easy so far and this is it for now. Next up is installing RRDTool, collecting some data and making some graphs.