using if to identify proper mib for use with a cisco switch

Shell Programming and Scripting
1

Happy ThanksGiving guys,

I'm working on a script that will use nmap to enumerate a network for active cisco switches. Once the list is complete, we use sed to clean up the file (called nmapres) so it is only a list of IP addresses. Next I want to use a while statement to go down that list of IPs and snmpwalk each switch to retreive that switches serial number and record it to a mysql db. The intent is to have a click option on a web site that will php shellexec this script and print out a list of active serial numbers on a network. Here is what I have so far and it is taking place on Fedora 9...

#!/bin/bash

/bin/touch error
/bin/touch log

# obtain a list of active devices
nmap -sP 10.0.0.0/24 > nmapres

# Clean nmapres up to just a list of IPs
sed -i 's/Starting.//g' nmapres
sed -i 's/Host //g' nmapres
sed -i 's/ appears.//g' nmapres
sed -i 's/Nmap.*//g' nmapres
sed -i /^$/d nmapres

# Identify some variables
line=1

num= 'wc -l < nmapres'

3550mib=mib-2.47.1.1.1.1.11.1

3560mib=mib-2.47.1.1.1.1.11.1001

# the real work
while [ "$line" -le "$num" ]
do
# Extract line x from file of ip addresses
ip=`sed -n "$line"p nmapres`

if 
             
fi


    \# Used to increment loop variable
    line=\`expr "$line" \+ 1\`

done

Between the if and fi I would like to snmpwalk each IP address and check if the switch prefers 3550mib or 3560mib. I know that if I snmpwalk a switch and it doesn't like the mib I query for I get this (SNMPv2-SMI::mib-2.47.1.1.1.1.11.1 = No Such Instance currently exists at this OID) but if the switch does like the requested mib the output is (SNMPv2-SMI::mib-2.47.1.1.1.1.11.1001 = STRING: "serial number"). Do you guys know how I could do this?

Thanks.

2

Hi,

i don't know the programs your are using and you provided very
few examples of what you have or want. This is what i would try:

sed -i 's/Starting.*//g;s/Host //g;s/ appears.*//g;s/Nmap.*//g;/^$/d' nmapres

Does in one processes what you use five for.

while read line
do
    output=$(snmpwalk $line)
    [[ $output =~ No]] && ... || ...
done < nmapres

Will read in the file nmapres line by line and save the line in $line.
Then snmpwalk ist invoked with the value provided by $line. The output
is saved in the variable $output. Now $output is matched with a regexp
against the string No. If this is true && ... else || ...

HTH Chris

3

Chris,
Thanks for the suggestion of a one liner for sed, I'll change that but what I need the if to do is...

snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib", if the output from this command has (STRING) in it then I know this is the proper mib. If the output returns (No such oid supported) then I want if to test this
snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib"

To make it easier, since there is only 2 options for an mib I'm thinking

if [condition] then
echo "correct mib"
else [condition]
echo "condition 2 correct"
fi

but I don't understand how to write this.

4

That's is pretty much what i wrote. Replace ($)line with ($)ip:

while read ip
do
    output=$(snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib")
    [[ $output =~ No]] snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib") || snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib")
done < nmapres

But most probably snmpwalk returns an exit code if the program failed. So you could simply run it and if the exit code ist not 0, then it failed for whatever reason and you have to run it again.

So this should work, too:

while read ip
do
    snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib"
    [[ $? -ne 0]] && snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib") 
done < nmapres

or this:

while read ip
do
    snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib" \
    || snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib") 
done < nmapres

All three assume that their is a file called nmapres with one correctly
formated ip-address per line. It reads this ip-address into variable $ip,
runs you command with this ip-address and checks the exit status.
If the command failed, it runs your second command.

HTH Chris

5

Sorry for the typos. Replace every occurence of

"$3560mib")

with

"$3560mib"

6

awesome, just go back to work today and I'm going to play around with this. Thank you and I will post the complete working code once it is. thank you.

7

So thanks to Christoph's help, this little betty will query a subnet of devices (Cisco) and report enviroment variables to a mysql db.

#!/bin/bash
# Removes all data from working files
cat /dev/null > /var/switch_enviro/environment.output
cat /dev/null > /var/switch_enviro/models.text

# get a list of active IP's and pull off all the junk we don't need
nmap -sP 10.0.0.0/23 | sed 's/Starting.*//g' | sed 's/Host //g' | sed 's/ appears.*//g' | sed 's/Nmap.*//g' | sed '/^$/d' > activeips

#set the OIDS for global use
#Temperature
toid1=1.3.6.1.4.1.9.5.1.2.13.0  #Temp OID for 3550,3560-24/48, 3750
    				 #2950's have no temperature sensor
toid2=1.3.6.1.4.1.9.9.13.1.3.1.6.1 #Temp OID for 4506

#Fan
foid1=1.3.6.1.4.1.9.9.13.1.4.1.3 #Fan OID for 3550, 3560-24/48
foid2=1.3.6.1.4.1.9.9.13.1.4.1.3.1 #Fan OID for 2950
foid3=1.3.6.1.4.1.9.9.13.1.4.1.3.1004  #Fan OID for 3750
foid4=1.3.6.1.4.1.9.9.13.1.4.1.3.1 #fan OID for 4506

#Power Supply
poid1=1.3.6.1.4.1.9.9.13.1.5.1.3.1 #PS OID for 3550
poid2=1.3.6.1.4.1.9.5.1.2.4.0  #PS OID for 3560-24/48
poid3=1.3.6.1.4.1.9.9.13.1.5.1.4 #PS OID for 3750
poid4=1.3.6.1.4.1.9.9.13.1.5.1.3.1 #PS OID for 2950
poid5=1.3.6.1.4.1.9.9.13.1.5.1.3.1 #PS OID for 4506

#####################################################################################
#####################################################################################

while read ip
do
 # Walk each ip in iteration from the file 'activeips'.  Given that IP, get the sysDescr and get rid of everything but the model number.
 # Then set the model of the given IP to a variable.  Both model and the IP will be used conditionally with the models correct OID.
 model=`snmpwalk -v 2c -c community_string -Ov -Oq $ip sysDescr.0 | grep IOS | sed 's/^.*, C//' | sed 's/ Software.*//' | sed 's/IOS (tm) C//' | sed 's/lre//' | sed 's/atalyst //' |  sed 's/ L3.*//'`

 # Get the name of the current switch
 name=`snmpwalk -v 2c -c community_string -Ov -Oq $ip sysName.0 | sed 's/.domain.name.*//'`

  echo $ip $model ###used just for visual stimulus while designing
 echo "|"$ip >> /var/switch_enviro/environment.output #send the current IP to the output file
 echo $name >> /var/switch_enviro/environment.output     #send the current switch name to the output file

 # Given the IP and MODEL for the currently polled device, compare model for correct OID
 case $model in
   3560) snmpwalk -Os -c community_string -v 1 "$ip" "$toid1" >> /var/switch_enviro/environment.output;
   snmpwalk -Os -c community_string -v 1 "$ip" "$foid1" >> /var/switch_enviro/environment.output;
   snmpwalk -Os -c community_string -v 1 "$ip" "$poid2" >> /var/switch_enviro/environment.output;
   ;;
  3550) snmpwalk -Os -c community_string -v 1 "$ip" "$toid1" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$foid1" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$poid1" >> /var/switch_enviro/environment.output;
   ;;
  3750) snmpwalk -Os -c community_string -v 1 "$ip" "$toid1" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$foid3" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$poid3" >> /var/switch_enviro/environment.output;
   ;;
  2950) echo 5 >> /var/switch_enviro/environment.output;    #######this is done because the 2950 has no temp sensor and for output format
                        snmpwalk -Os -c community_string -v 1 "$ip" "$foid2" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$poid4" >> /var/switch_enviro/environment.output;
   ;;
  4500) snmpwalk -Os -c community_string -v 1 "$ip" "$toid2" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$foid4" >> /var/switch_enviro/environment.output;
                        snmpwalk -Os -c community_string -v 1 "$ip" "$poid5" >> /var/switch_enviro/environment.output;
   ;;
 esac

done < activeips

#####################################################################################
#####################################################################################

#clean up the output file
sed -i 's/enterprises.*: //g' /var/switch_enviro/environment.output

#send the results of the output file to the database
echo "TRUNCATE TABLE environment_table;" | mysql switch_environment -h localhost -u username -p'password'
echo "LOAD DATA LOCAL INFILE '/var/switch_enviro/environment.output' INTO TABLE environment_table FIELDS TERMINATED BY '\n' LINES TERMINATED BY '|'  (ipaddress, hostname, temp_status, fan_status, ps_status);" | mysql switch_environment -h localhost -u username -p'password'