{"id":686,"date":"2016-05-16T23:23:48","date_gmt":"2016-05-17T04:23:48","guid":{"rendered":"http:\/\/www.anthonyreinke.com\/?p=686"},"modified":"2016-05-16T23:30:46","modified_gmt":"2016-05-17T04:30:46","slug":"geist-watchdog-15-snmp-and-splunk","status":"publish","type":"post","link":"https:\/\/anthonyreinke.com\/index.php\/2016\/05\/16\/geist-watchdog-15-snmp-and-splunk\/","title":{"rendered":"Geist Watchdog 15, SNMP, and Splunk"},"content":{"rendered":"

I have a few of the Geist Watchdog 15<\/a> devices in my data center. \u00a0They do a good job monitoring, but getting data out of them isn’t as easy as it could be. \u00a0Their latest firmware does introduce JSON over XML. \u00a0Unfortunately, there is no way to do API calls to return certain time frames. \u00a0You have to download the whole log file. \u00a0Geist heavily uses the SNMP method to pull the information. \u00a0While this is normally ok, but you do need the custom MIB file<\/a>\u00a0for the device which makes it a pain. \u00a0I tried multiple ways to have Splunk grab the values from the device, but failed each time. \u00a0With a deadline to produce a dashboard (it was 11pm and we had people visiting the office at 8am), I put my Google<\/a>, Linux, and Splunk<\/a> skills to a test.<\/p>\n

First, let’s install the SNMP tools.<\/p>\n

# yum install net-snmp net-snmp-devel net-snmp-utils<\/span><\/p>\n

Let’s check where the default location of the MIBs are. <\/span><\/span><\/p>\n

\r\n# net-snmp-config --default-mibdirs\r\n<\/span>\/root\/.snmp\/mibs:\/usr\/share\/snmp\/mibs<\/span><\/pre>\n
We will want to copy the MIBs to the second location.<\/p>\n
# cp \/tmp\/geist_bb_mib.mib\u00a0\/usr\/share\/snmp\/mibs\/geist_bb_mib.mib<\/span>\r\n(Source location will differ. \u00a0The location \/tmp\/ was where I copied the file to)<\/span><\/pre>\n
Referencing the\u00a0MIB Worksheet<\/a>, we can find the OID for the items we want. \u00a0In this script I selected:\u00a0internalName,\u00a0internalTemp,\u00a0internalDewPoint,\u00a0internalHumidity,\u00a0tempSensorName,\u00a0tempSensorTemp<\/p>\n
Geist does not put the first period for the OID. \u00a0In the worksheet they list\u00a0internalName as\u00a01.3.6.1.4.1.21239.5.1.2.1.3<\/span> where the SNMP call would be to .1.3.6.1.4.1.21239.5.1.2.1.3<\/span>. \u00a0We also need to reference the device ID for the OID at the end of the OID. \u00a0The base for the Remote Temperature Sensor is\u00a0.1.3.6.1.4.1.21239.5.1.4.1.3<\/span>. \u00a0To call the first Remote Temperature Sensor I would reference\u00a0.1.3.6.1.4.1.21239.5.1.4.1.3.1<\/span> and the second Sensor is\u00a0.1.3.6.1.4.1.21239.5.1.4.1.3.2<\/span>.<\/p>\n
To make the call to the device using SNMP, we will be using the snmpget command.<\/p>\n
# \/usr\/bin\/snmpget -m all -Ov -v 2c -c public\u00a010.10.10.10 .1.3.6.1.4.1.21239.5.1.4.1.3.1<\/span><\/pre>\n
-m all<\/span> = Use all of the MIB files
\n-Ov<\/span> = Print values only
\n-v 2c<\/span> = Use version 2c
\n-c \u00a0public<\/span> = Use the public snmp string
\n10.10.10.10<\/span> = IP address of the Watchdog 15
\n.1.3.6.1.4.1.21239.5.1.4.1.3.1<\/span> =\u00a0tempSensorName for\u00a0Device 1<\/p>\n
STRING:\u00a0ExternalTempSensor1<\/span><\/pre>\n
We are almost there. \u00a0Now to clear up the return to only give us the second part of the response.<\/p>\n
 # \/usr\/bin\/snmpget -m all -Ov -v 2c -c public\u00a010.10.10.10 .1.3.6.1.4.1.21239.5.1.4.1.3.1 | awk '{print $2}'\r\n <\/span>ExternalTempSensor1<\/span><\/pre>\n
Great, now we are getting just the value. \u00a0Time to tie the field and value together. \u00a0Since the internal name is going to be the same but we are gathering multiple values, I am also adding the _temp so I am able to tell which field I am getting.<\/p>\n
InternalName01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public\u00a010.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.3.1 | awk '{print $2}'`<\/span>\r\n InternalTemp01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public\u00a010.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.5.1 | awk '{print $2}'`<\/span>\r\n Section01=$InternalName01\"_temp,\"$InternalTemp01\r\n echo $Section01\r\n ExternalTempSensor1_temp,871<\/span>\r\n <\/span><\/pre>\n
Almost there, now let’s add a date\/time stamp.<\/p>\n
InternalName01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public\u00a010.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.3.1 | awk '{print $2}'`<\/span>\r\n InternalTemp01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public\u00a010.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.5.1 | awk '{print $2}'`<\/span>\r\n Section01=$InternalName01\"_temp,\"$InternalTemp01\r\n echo -e `date --rfc-3339=seconds`\",\"$Section01\r\n 2016-05-16 22:07:57-05:00,ExternalTempSensor1_temp,871<\/span>\r\n <\/span><\/pre>\n
I repeated the section for the different pieces of sensor data I wanted and ended up with a small script.<\/p>\n
#!\/bin\/bash<\/span>\r\n\r\nInternalName01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.3.1 | awk '{print $2}'`<\/span>\r\n InternalTemp01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.5.1 | awk '{print $2}'`<\/span>\r\n Section01=$InternalName01\"_temp,\"$InternalTemp01<\/span>\r\n echo -e `date --rfc-3339=seconds`\",\"$Section01<\/span>\r\n\r\nInternalDewPoint01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.7.1 | awk '{print $2}'`<\/span>\r\n Section02=$InternalName01\"_dewpoint,\"$InternalDewPoint01<\/span>\r\n echo -e `date --rfc-3339=seconds`\",\"$Section02<\/span>\r\n\r\nInternalHumidity01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.2.1.6.1 | awk '{print $2}'`<\/span>\r\n Section03=$InternalName01\"_humidity,\"$InternalHumidity01<\/span>\r\n echo -e `date --rfc-3339=seconds`\",\"$Section03<\/span>\r\n\r\nRemoteName01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.4.1.3.1 | awk '{print $2}'`<\/span>\r\n RemoteTemp01=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.4.1.5.1 | awk '{print $2}'`<\/span>\r\n Section04=$RemoteName01\"_temp,\"$RemoteTemp01<\/span>\r\n echo -e `date --rfc-3339=seconds`\",\"$Section04<\/span>\r\n\r\nRemoteName02=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.4.1.3.2 | awk '{print $2}'`<\/span>\r\n RemoteTemp02=`\/usr\/bin\/snmpget -m all -Ov -v 2c -c public 10.10.10.10 .1.3.6.1.4.1.21239.5.1.4.1.5.2 | awk '{print $2}'`<\/span>\r\n Section05=$RemoteName02\"_temp,\"$RemoteTemp02<\/span>\r\n echo -e `date --rfc-3339=seconds`\",\"$Section05<\/span>\r\n\r\n2016-05-16 22:12:57-05:00,Base_temp,873<\/span>\r\n 2016-05-16 22:12:57-05:00,Base_dewpoint,620<\/span>\r\n 2016-05-16 22:12:57-05:00,Base_humidity,43<\/span>\r\n 2016-05-16 22:12:57-05:00,ExternalSensor1_temp,688<\/span>\r\n 2016-05-16 22:12:57-05:00,ExternalSensor2_temp,717<\/span><\/pre>\n
I created a folder \/opt\/scripts\/ and \/opt\/scripts\/logs\/. \u00a0I placed the script in\u00a0\/opt\/scripts\/ and named it geist.sh. \u00a0I set the script to be able to run with:<\/p>\n
# chmod +x\u00a0\/opt\/scripts\/geist.sh<\/span><\/pre>\n
I then add it to the crontab.<\/p>\n
# crontab -e<\/span><\/pre>\n
*\/1 * * * *\u00a0\/opt\/scripts\/geist.sh >> \/opt\/scripts\/logs\/`date +”%Y%d%m”`_geist.log<\/span><\/p>\n
You can verify that the script is set to run with:<\/p>\n
# crontab -l<\/p>\n
*\/1 * * * *\u00a0\/opt\/scripts\/geist.sh >> \/opt\/scripts\/logs\/`date +\"%Y%d%m\"`_geist.log<\/span><\/pre>\n
Now we can log in to Splunk and add the log in to Splunk. \u00a0After you log in, go to Settings and then Data inputs.<\/p>\n
\"datainputs\"<\/a><\/p>\n
Under the Files & directories, click the Add new link.<\/p>\n
\"addnew\"<\/a><\/p>\n
Under the Full path to your data, enter the path to the log file you are writing in the crontab. \u00a0Check the box for the More settings option.<\/p>\n
\"adddata1\"<\/a><\/p>\n
You can set the Host that will be indexed with your data. \u00a0In the source type, select From list and then select csv. \u00a0You then can select an index for the log files.<\/p>\n
\"adddata2\"<\/a><\/p>\n
Now we will set up the field extractions. \u00a0You will need to edit the props.conf and transforms.conf files. \u00a0If you want to keep this in a certain application, change the file path to $SPLUNK_HOME\/etc\/apps\/{appname}\/local\/props.conf<\/span>.<\/p>\n
# vi $SPLUNK_HOME\/etc\/system\/local\/props.conf<\/span><\/pre>\n
[csv]<\/span>\r\n REPORT-Geist = REPORT-Geist<\/span>\r\n\r\n# vi $SPLUNK_HOME\/etc\/system\/local\/transforms.conf<\/span>\r\n\r\n[REPORT-Geist]<\/span>\r\n DELIMS = \",\"<\/span>\r\n FIELDS = \"DateTime\",\"SensorName\",\"SensorValue\"<\/span><\/pre>\n
Restart Splunk and you should be able to search you SNMP values.<\/p>\n
# $SPLUNK_HOME\/bin\/splunk restart<\/span><\/pre>\n","protected":false},"excerpt":{"rendered":"
I have a few of the Geist Watchdog 15 devices in my data center. \u00a0They do a good job monitoring, but getting data out of them isn’t as easy as it could be. \u00a0Their latest firmware does introduce JSON over XML. \u00a0Unfortunately, there is no way to do API calls to return certain time frames. […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-686","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/posts\/686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/comments?post=686"}],"version-history":[{"count":6,"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/posts\/686\/revisions"}],"predecessor-version":[{"id":700,"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/posts\/686\/revisions\/700"}],"wp:attachment":[{"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/media?parent=686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/categories?post=686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anthonyreinke.com\/index.php\/wp-json\/wp\/v2\/tags?post=686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}