vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

SNMP enhancements #718

Browse Source
This commit is contained in:
jokob-sk
2024-07-02 19:17:52 +10:00
parent 612ff7c293
commit 1b6e806830
7 changed files with 68 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
front/plugins/snmp_discovery/README.md
View File

@@ -1,17 +1,19 @@
## Overview
A plugin for importing devices from an SNMP enabled router or switch. Using SNMP offers an efficient way to discover IPv4 devices across one or more networks/subnets/vlans.
A plugin for importing devices from an SNMP-enabled router or switch. Using SNMP offers an efficient way to discover IPv4 devices across one or more networks/subnets/vlans.
### Usage
Specify the following settings in the Settings section of NetAlertX:
- `SNMPDSC_routers` - A list of `snmpwalk` commands to execute against IP addresses of roputers/switches with SNMP turned on. For example:
- `SNMPDSC_routers` - A list of `snmpwalk` commands to execute against IP addresses of routers/switches with SNMP turned on. For example:
- `snmpwalk -v 2c -c public -OXsq 192.168.1.1 .1.3.6.1.2.1.3.1.1.2`
- `snmpwalk -v 2c -c public -Oxsq 192.168.1.1 .1.3.6.1.2.1.3.1.1.2` (note: lower case `x`)
If unsure, please check [snmpwalk examples](https://www.comparitech.com/net-admin/snmpwalk-examples-windows-linux/).
### Setup Cisco IOS
Enable IOS SNMP service and restrict to selected (internal) IP/Subnet.
@@ -35,5 +37,24 @@ show snmp
### Notes
- Only IPv4 supported.
- The SNMP OID `.1.1.1.3.6.1.2.1.3.1.1.2` is specifically for devices IPv4 ARP table. This OID has been tested on Cisco ISRs and other L3 devices. Support may vary between other vendors / devices.
- Expected output (ingestion) in format `iso.3.6.1.2.1.3.1.1.2.3.1.192.168.1.2 "6C 6C 6C 6C 6C 6C "`.
- The SNMP OID `.1.1.1.3.6.1.2.1.3.1.1.2` is specifically for devices IPv4 ARP table. This OID has been tested on Cisco ISRs and other L3 devices. Support may vary between other vendors/devices.
- Expected output (ingestion) in formats:
- `iso.3.6.1.2.1.3.1.1.2.3.1.192.168.1.2 "6C 6C 6C 6C 6C 6C "`.
- `ipNetToMediaPhysAddress[3][192.168.1.9] 6C:6C:6C:6C:6C:b6C1`.
### Finding your OID
- Ssh into the router (in this example the IP of the router is `192.168.1.1`)
- On the router execute `snmptranslate -On -IR ipNetToMediaPhysAddress` (This is a UniFi router example, and the `object_id` is `ipNetToMediaPhysAddress`. This might vary between vendors, google your router manufacturer examples.)
```bash
jokob@SecurityGateway-USG:~$ snmptranslate -On -IR ipNetToMediaPhysAddress
.1.3.6.1.2.1.4.22.1.2
```
- Use the `snmpwalk -v 2c -OXsq -c public 192.168.1.1 .1.3.6.1.2.1.4.22.1.2` command in NetAlertX

24
front/plugins/snmp_discovery/script.py
View File

@@ -60,11 +60,9 @@ def main():
for line in lines:
tmpSplt = line.split('"')
tmpSplt = line.split('"')
if len(tmpSplt) == 3:
ipStr = tmpSplt[0].split('.')[-4:] # Get the last 4 elements to extract the IP
macStr = tmpSplt[1].strip().split(' ') # Remove leading/trailing spaces from MAC
@@ -86,6 +84,26 @@ def main():
else:
mylog('verbose', [f'[SNMPDSC] ipStr does not seem to contain a valid IP:', ipStr])
elif line.startswith('ipNetToMediaPhysAddress'):
# Format: snmpwalk -OXsq output
parts = line.split()
if len(parts) == 2:
ipAddress = parts[0].split('[')[-1][:-1]
macAddress = parts[1]
mylog('verbose', [f'[SNMPDSC] IP: {ipAddress} MAC: {macAddress}'])
plugin_objects.add_object(
primaryId = handleEmpty(macAddress),
secondaryId = handleEmpty(ipAddress.strip()),
watched1 = '(unknown)',
watched2 = handleEmpty(snmpwalkArgs[6]),
extra = handleEmpty(line),
foreignKey = handleEmpty(macAddress)
)
mylog('verbose', ['[SNMPDSC] Entries found: ', len(plugin_objects)])
plugin_objects.write_result_file()