2021.08.24 - Custom SNMP on UBNT Edge Router

I wanted to get info from SNMP that UBNT didn't offer, so I made my own custom OID

• Home
  
  
• Intro
• Getting Started
• Final Steps

Intro

Well I'm not writing these as often as I was at first, summer is busy! Anyways learned how to do something new today that is both useful and something I'll use rarely enough I'll definitely forget how I did it.

My goal is to have a way to monitor the number of received routes from a BGP Peer. Cisco (and probably others) have a facility to do that at OID .1.3.6.1.4.1.9.9.187.1.2.4.1.1 (CISCO-BGP4-MIB::cbgpPeerAcceptedPrefixes) but the router that I'm using, a UBNT Edge Router Infinity has only the most basic of SNMP support and as best I can tell does not offer that function. I'll be generally follow the steps laid out in this post: https://paulierco.ro/add-temperature-and-fan-data-to-snmp-edgerouter.html just streamlined and altered for my uses.

Getting Started

First we'll be creating the scripts to actaully get the data we'll be asking for. In my case I have two BGP peers to monitor, CompanyA at 192.168.0.1 and CompanyB at 10.10.10.1. The approach I'm taking feels the most secure and least error prone to me, but is also the most work. However I only have 2 peers so not that much more work. The scripts will be created in the /config/scripts folder which should cause them to be backed up with system backups and survive firmware upgrades.

I'll be running as root to make all the commands below. If you prefer (the safer option) you can stay running on the current user and just preface the commands with sudo. Otherwise to switch to the root user just run sudo su.

You'll have to use vi to create and edit the script files, which is annoying but not that bad. just push the Insert key as soon as you get in and it mostly works like a normal text editor. When you are ready to exit push ESC to exit insert mode, then :wq to save and exit or :q! to lose changes and exit (or :q to just exit if you didn't make any changes).

vi /config/scripts/CompanyARoutes

#!/bin/bash acceptedPrefixes=$(sudo /opt/vyatta/bin/vtyshow.pl show ip bgp neighbors 192.168.0.1 | grep -F 'accepted prefixes'| sed 's/ accepted prefixes//g') # Run the show command to get neighbor info, get the accepted prefixes line and remove all the text but the number # sudo is required becuase the snmp user doesn't have permissions (at least I don't think) to run the show command echo $2 echo counter32 echo $acceptedPrefixes # the snmpd daemon wants 3 lines of info back, the OID, type of data and data, each on its own line. # the snmpd daemon will call this program with OID as the second arg so that's easy to get # in Cisco's MIB file they call this a counter32 type, so I'm using the same

Then save/exit (ESC :wq), make the file executable chmod +x /config/scripts/CompanyARoutes. Then make the vi /config/scripts/CompanyBRoutes the same way, just changing the IP address from 192.168.0.1 to 10.10.10.1 (or whatever the real IP addresses of your BGP Neighbors are.

Final Steps

Short one today isn't it? These steps will likely need to be repeated whenever the firmware is updated.

Next we'll need to add the snmp users to the sudoers files and give them permission to run the vtyshow.pl command as root. That is as simple as running this command: echo "Debian-snmp ALL = NOPASSWD: /opt/vyatta/bin/vtyshow.pl" >> /etc/sudoers It's not really the right way to edit the suders file, you should be using visudo but this is probably fine.

Only thing left to do then is add the new OIDs to the snmpd.conf file. Unlike the linked directions I'll be using the snmpd.local.conf file, so Vyatta doesn't erase my changes.

vi /etc/snmp/snmpd.local.conf

pass .1.3.6.1.4.1.9.9.187.1.2.4.1.1.192.168.0.1 /config/scripts/CompanyARoutes pass .1.3.6.1.4.1.9.9.187.1.2.4.1.1.10.10.10.1 /config/scripts/CompanyARoutes #Obviously change the above IP addresses and script names as necessary

Then save/exit (ESC :wq), restart snmpd /etc/init.d/snmpd restart and you should be all set!

-Nick