NAME

Net::SNMP - Object oriented interface to SNMP

SYNOPSIS

The Net::SNMP module implements an object oriented interface to the Simple Network Management Protocol. Perl applications can use the module to retrieve or update information on a remote host using the SNMP protocol. The module supports SNMP version-1, SNMP version-2c (Community-Based SNMPv2), and SNMP version-3. The Net::SNMP module assumes that the user has a basic understanding of the Simple Network Management Protocol and related network management concepts.

DESCRIPTION

The Net::SNMP module abstracts the intricate details of the Simple Network Management Protocol by providing a high level programming interface to the protocol. Each Net::SNMP object provides a one-to-one mapping between a Perl object and a remote SNMP agent or manager. Once an object is created, it can be used to perform the basic protocol exchange actions defined by SNMP.

A Net::SNMP object can be created such that it has either "blocking" or "non-blocking" properties. By default, the methods used to send SNMP messages do not return until the protocol exchange has completed successfully or a timeout period has expired. This behavior gives the object a "blocking" property because the flow of the code is stopped until the method returns.

The optional named argument -nonblocking can be passed to the object constructor with a true value to give the object "non-blocking" behavior. A method invoked by a non-blocking object queues the SNMP message and returns immediately, allowing the flow of the code to continue. The queued SNMP messages are not sent until an event loop is entered by calling the snmp_dispatcher() method. When the SNMP messages are sent, any response to the messages invokes the subroutine defined by the user when the message was originally queued. The event loop exits when all messages have been removed from the queue by either receiving a response, or by exceeding the number of retries at the Transport Layer.

Blocking Objects

The default behavior of the methods associated with a Net::SNMP object is to block the code flow until the method completes. For methods that initiate a SNMP protocol exchange requiring a response, a hash reference containing the results of the query is returned. The undefined value is returned by all methods when a failure has occurred. The error() method can be used to determine the cause of the failure.

The hash reference returned by a SNMP protocol exchange points to a hash constructed from the VarBindList contained in the SNMP response message. The hash is created using the ObjectName and the ObjectSyntax pairs in the VarBindList. The keys of the hash consist of the OBJECT IDENTIFIERs in dotted notation corresponding to each ObjectName in the VarBindList. The value of each hash entry is set equal to the value of the corresponding ObjectSyntax. This hash reference can also be retrieved using the var_bind_list() method.

Non-blocking Objects

When a Net::SNMP object is created having non-blocking behavior, the invocation of a method associated with the object returns immediately, allowing the flow of the code to continue. When a method is invoked that would initiate a SNMP protocol exchange requiring a response, either a true value (i.e. 0x1) is returned immediately or the undefined value is returned if there was a failure. The error() method can be used to determine the cause of the failure.

The contents of the VarBindList contained in the SNMP response message can be retrieved by calling the var_bind_list() method using the object reference passed as the first argument to the callback. The value returned by the var_bind_list() method is a hash reference created using the ObjectName and the ObjectSyntax pairs in the VarBindList. The keys of the hash consist of the OBJECT IDENTIFIERs in dotted notation corresponding to each ObjectName in the VarBindList. The value of each hash entry is set equal to the value of the corresponding ObjectSyntax. The undefined value is returned if there has been a failure and the error() method may be used to determine the reason.

METHODS

When named arguments are expected by the methods, two different styles are supported. All examples in this documentation use the dashed-option style:

$object->method(-argument => $value);

However, the IO:: style is also allowed:

$object->method(Argument => $value);
Non-blocking Objects Arguments

When a Net::SNMP object has been created with a "non-blocking" property, most methods that generate a SNMP message take additional arguments to support this property.

Callback

Most methods associated with a non-blocking object have an optional named argument called -callback. The -callback argument expects a reference to a subroutine or to an array whose first element must be a reference to a subroutine. The subroutine defined by the -callback option is executed when a response to a SNMP message is received, an error condition has occurred, or the number of retries for the message has been exceeded.

When the -callback argument only contains a subroutine reference, the subroutine is evaluated passing a reference to the original Net::SNMP object as the only parameter. If the -callback argument was defined as an array reference, all elements in the array are passed to subroutine after the reference to the Net::SNMP object. The first element, which is required to be a reference to a subroutine, is removed before the remaining arguments are passed to that subroutine.

Once one method is invoked with the -callback argument, this argument stays with the object and is used by any further calls to methods using the -callback option if the argument is absent. The undefined value may be passed to the -callback argument to delete the callback.

NOTE: The subroutine being passed with the -callback named argument should not cause blocking itself. This will cause all the actions in the event loop to be stopped, defeating the non-blocking property of the Net::SNMP module.

Delay

An optional argument -delay can also be passed to non-blocking objects. The -delay argument instructs the object to wait the number of seconds passed to the argument before executing the SNMP protocol exchange. The delay period starts when the event loop is entered. The -delay parameter is applied to all methods associated with the object once it is specified. The delay value must be set back to 0 seconds to disable the delay parameter.

SNMPv3 Arguments

A SNMP context is a collection of management information accessible by a SNMP entity. An item of management information may exist in more than one context and a SNMP entity potentially has access to many contexts. The combination of a contextEngineID and a contextName unambiguously identifies a context within an administrative domain. In a SNMPv3 message, the contextEngineID and contextName are included as part of the scopedPDU. All methods that generate a SNMP message optionally take a -contextengineid and -contextname argument to configure these fields.

Context Engine ID

The -contextengineid argument expects a hexadecimal string representing the desired contextEngineID. The string must be 10 to 64 characters (5 to 32 octets) long and can be prefixed with an optional "0x". Once the -contextengineid is specified it stays with the object until it is changed again or reset to default by passing in the undefined value. By default, the contextEngineID is set to match the authoritativeEngineID of the authoritative SNMP engine.

Context Name

The contextName is passed as a string which must be 0 to 32 octets in length using the -contextname argument. The contextName stays with the object until it is changed. The contextName defaults to an empty string which represents the "default" context.

session() - create a new Net::SNMP object

($session, $error) = Net::SNMP->session(
                        [-hostname      => $hostname,] 
                        [-port          => $port,]
                        [-localaddr     => $localaddr,]
                        [-localport     => $localport,]
                        [-nonblocking   => $boolean,]
                        [-version       => $version,]
                        [-timeout       => $seconds,]
                        [-retries       => $count,]
                        [-maxmsgsize    => $octets,]
                        [-translate     => $translate,]
                        [-debug         => $bitmask,]
                        [-community     => $community,]   # v1/v2c  
                        [-username      => $username,]    # v3  
                        [-authkey       => $authkey,]     # v3  
                        [-authpassword  => $authpasswd,]  # v3  
                        [-authprotocol  => $authproto,]   # v3  
                        [-privkey       => $privkey,]     # v3  
                        [-privpassword  => $privpasswd,]  # v3  
                        [-privprotocol  => $privproto,]   # v3
                     );

This is the constructor for Net::SNMP objects. In scalar context, a reference to a new Net::SNMP object is returned if the creation of the object is successful. In list context, a reference to a new Net::SNMP object and an empty error message string is returned. If a failure occurs, the object reference is returned as the undefined value. The error string may be used to determine the cause of the error.

Most of the named arguments passed to the constructor define basic attributes for the object and are not modifiable after the object has been created. The -timeout, -retries, -maxmsgsize, -translate, and -debug arguments are modifiable using an accessor method. See their corresponding method definitions for a complete description of their usage, default values, and valid ranges.

Transport Layer Arguments

The Net::SNMP module uses UDP/IP as the Transport Layer to pass SNMP messages between the local and remote devices. The destination device can be specified using the -hostname argument. The -hostname argument accepts either an IP network hostname or an IP address in dotted notation. This argument is optional and defaults to "localhost". The destination UPD port number can be specified using the -port argument. This argument is also optional and defaults to 161, which is the port number on which devices using default values expect to receive SNMP request messages. The -port argument will need to be specified for remote devices expecting to receive SNMP notifications since these device typically default to port 162.

By default, the source IP address and port number are assigned dynamically by the local device on which the Net::SNMP module is being used. This dynamic assignment can be overridden by using the -localaddr and -localport arguments. These values default to INADDR_ANY (typically 0.0.0.0) and 0 respectively. The -localaddr argument will accept either an IP network hostname or an IP address in dotted notation. If a hostname is specified, the resolved IP address must be a valid address on the local device.

Security Model Arguments

The -version argument controls which other arguments are expected or required by the session() constructor. The Net::SNMP module supports SNMPv1, SNMPv2c, and SNMPv3. The module defaults to SNMPv1 if no -version argument is specified. The -version argument expects either a digit (i.e. '1', '2', or '3') or a string specifying the version (i.e. 'snmpv1', 'snmpv2c', or 'snmpv3') to define the SNMP version.

The Security Model used by the Net::SNMP object is based on the SNMP version associated with the object. If the SNMP version is SNMPv1 or SNMPv2c a Community-based Security Model will be used, while the User-based Security Model (USM) will be used if the version is SNMPv3.

Community-based Security Model Argument

If the Security Model is Community-based, the only argument available is the -community argument. This argument expects a string that is to be used as the SNMP community name. By default the community name is set to 'public' if the argument is not present.

User-based Security Model Arguments

The User-based Security Model (USM) used by SNMPv3 requires that a securityName be specified using the -username argument. The creation of a Net::SNMP object with the version set to SNMPv3 will fail if the -username argument is not present. The -username argument expects a string 1 to 32 octets in length.

Different levels of security are allowed by the User-based Security Model which address authentication and privacy concerns. A SNMPv3 Net::SNMP object will derive the security level (securityLevel) based on which of the following arguments are specified.

By default a securityLevel of 'noAuthNoPriv' is assumed. If the -authkey or -authpassword arguments are specified, the securityLevel becomes 'authNoPriv'. The -authpassword argument expects a string which is at least 1 octet in length. Optionally, the -authkey argument can be used so that a plain text password does not have to be specified in a script. The -authkey argument expects a hexadecimal string produced by localizing the password with the authoritativeEngineID for the specific destination device. The snmpkey utility included with the distribution can be used to create the hexadecimal string (see snmpkey).

Two different hash algorithms are defined by SNMPv3 which can be used by the Security Model for authentication. These algorithms are HMAC-MD5-96 "MD5" (RFC 1321) and HMAC-SHA-96 "SHA-1" (NIST FIPS PUB 180-1). The default algorithm used by the module is HMAC-MD5-96. This behavior can be changed by using the -authprotocol argument. This argument expects either the string 'md5' or 'sha' to be passed to modify the hash algorithm.

By specifying the arguments -privkey or -privpassword the securityLevel associated with the object becomes 'authPriv'. According to SNMPv3, privacy requires the use of authentication. Therefore, if either of these two arguments are present and the -authkey or -authpassword arguments are missing, the creation of the object fails. The -privkey and -privpassword arguments expect the same input as the -authkey and -authpassword arguments respectively.

The User-based Security Model described in RFC 3414 defines a single encryption protocol to be used for privacy. This protocol, CBC-DES "DES" (NIST FIPS PUB 46-1), is used by default or if the string 'des' is passed to the -privprotocol argument. By working with the Extended Security Options Consortium http://www.snmp.com/eso/, the module also supports additional protocols which have been defined in draft specifications. The draft http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt defines the support of CBC-3DES-EDE "Triple-DES" (NIST FIPS 46-3) in the User-based Security Model. This protocol can be selected using the -privprotocol argument with the string '3desede'. The draft http://www.snmp.com/eso/draft-blumenthal-aes-usm-04.txt describes the use of CFB128-AES-128/192/256 "AES" (NIST FIPS PUB 197) in the USM. The three AES encryption protocols, differentiated by their key sizes, can be selected by passing 'aescfb128', 'aescfb192', or 'aescfb256' to the -privprotocol argument.

close() - clear the Transport Layer associated with the object

$session->close; 

This method clears the UDP Transport Layer and any errors associated with the object. Once closed, the Net::SNMP object can no longer be used to send or receive SNMP messages.

snmp_dispatcher() - enter the non-blocking object event loop

$session->snmp_dispatcher();

This method enters the event loop associated with non-blocking Net::SNMP objects. The method exits when all queued SNMP messages have received a response or have timed out at the Transport Layer. This method is also exported as the stand alone function snmp_dispatcher() by default (see "EXPORTS").

get_request() - send a SNMP get-request to the remote agent

$result = $session->get_request(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking 
                       [-contextengineid => $engine_id,] # v3 
                       [-contextname     => $name,]      # v3
                       -varbindlist      => \@oids,
                    );

This method performs a SNMP get-request query to gather data from the remote agent on the host associated with the Net::SNMP object. The message is built using the list of OBJECT IDENTIFIERs in dotted notation passed to the method as an array reference using the -varbindlist argument. Each OBJECT IDENTIFER is placed into a single SNMP GetRequest-PDU in the same order that it held in the original list.

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

get_next_request() - send a SNMP get-next-request to the remote agent

$result = $session->get_next_request(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking 
                       [-contextengineid => $engine_id,] # v3 
                       [-contextname     => $name,]      # v3
                       -varbindlist      => \@oids,
                    );

This method performs a SNMP get-next-request query to gather data from the remote agent on the host associated with the Net::SNMP object. The message is built using the list of OBJECT IDENTIFIERs in dotted notation passed to the method as an array reference using the -varbindlist argument. Each OBJECT IDENTIFER is placed into a single SNMP GetNextRequest-PDU in the same order that it held in the original list.

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

set_request() - send a SNMP set-request to the remote agent

$result = $session->set_request(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking 
                       [-contextengineid => $engine_id,] # v3 
                       [-contextname     => $name,]      # v3
                       -varbindlist      => \@oid_value,
                    );

This method is used to modify data on the remote agent that is associated with the Net::SNMP object using a SNMP set-request. The message is built using a list of values consisting of groups of an OBJECT IDENTIFIER, an object type, and the actual value to be set. This list is passed to the method as an array reference using the -varbindlist argument. The OBJECT IDENTIFIERs in each trio are to be in dotted notation. The object type is an octet corresponding to the ASN.1 type of value that is to be set. Each of the supported ASN.1 types have been defined and are exported by the package by default (see "EXPORTS").

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

trap() - send a SNMP trap to the remote manager

$result = $session->trap(
                       [-delay           => $seconds,]   # non-blocking 
                       [-enterprise      => $oid,]
                       [-agentaddr       => $ipaddress,]
                       [-generictrap     => $generic,]
                       [-specifictrap    => $specific,]
                       [-timestamp       => $timeticks,]
                       -varbindlist      => \@oid_value,
                    );

This method sends a SNMP trap to the remote manager associated with the Net::SNMP object. All arguments are optional and will be given the following defaults in the absence of a corresponding named argument:

  • The default value for the trap -enterprise is "1.3.6.1.4.1", which corresponds to "iso.org.dod.internet.private.enterprises". The enterprise value is expected to be an OBJECT IDENTIFER in dotted notation.

  • The default value for the trap -agentaddr is the local IP address from the host on which the script is running or the local address specified by the -localaddr option. The agent-addr is expected to be an IpAddress in dotted notation.

  • The default value for the -generictrap type is 6 which corresponds to "enterpriseSpecific". The generic-trap types are defined and can be exported upon request (see "EXPORTS").

  • The default value for the -specifictrap type is 0. No pre-defined values are available for specific-trap types.

  • The default value for the trap -timestamp is the "uptime" of the script. The "uptime" of the script is the number of hundredths of seconds that have elapsed since the script began running. The time-stamp is expected to be a TimeTicks number in hundredths of seconds.

  • The default value for the trap -varbindlist is an empty array reference. The variable-bindings are expected to be in an array format consisting of groups of an OBJECT IDENTIFIER, an object type, and the actual value of the object. This is identical to the list expected by the set_request() method. The OBJECT IDENTIFIERs in each trio are to be in dotted notation. The object type is an octet corresponding to the ASN.1 type for the value. Each of the supported types have been defined and are exported by default (see "EXPORTS").

A true value is returned when the method is successful. The undefined value is returned when a failure has occurred. The error() method can be used to determine the cause of the failure. Since there are no acknowledgements for Trap-PDUs, there is no way to determine if the remote host actually received the trap.

NOTE: When the object is in non-blocking mode, the trap is not sent until the event loop is entered and no callback is ever executed.

NOTE: This method can only be used when the version of the object is set to SNMPv1.

get_bulk_request() - send a get-bulk-request to the remote agent

$result = $session->get_bulk_request(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking 
                       [-contextengineid => $engine_id,] # v3 
                       [-contextname     => $name,]      # v3
                       [-nonrepeaters    => $non_reps,]
                       [-maxrepetitions  => $max_reps,]
                       -varbindlist      => \@oids,
                    );

This method performs a SNMP get-bulk-request query to gather data from the remote agent on the host associated with the Net::SNMP object. All arguments are optional except -varbindlist and will be given the following defaults in the absence of a corresponding named argument:

  • The default value for the get-bulk-request -nonrepeaters is 0. The non-repeaters value specifies the number of variables in the variable-bindings list for which a single successor is to be returned.

  • The default value for the get-bulk-request -maxrepetitions is 0. The max-repetitions value specifies the number of successors to be returned for the remaining variables in the variable-bindings list.

  • The -varbindlist argument expects an array reference consisting of a list of OBJECT IDENTIFIERs in dotted notation. Each OBJECT IDENTIFER is placed into a single SNMP GetBulkRequest-PDU in the same order that it held in the original list.

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

NOTE: This method can only be used when the version of the object is set to SNMPv2c or SNMPv3.

inform_request() - send an inform-request to the remote manager

$result = $session->inform_request(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking 
                       [-contextengineid => $engine_id,] # v3 
                       [-contextname     => $name,]      # v3
                       -varbindlist      => \@oid_value,
                    );

This method is used to provide management information to the remote manager associated with the Net::SNMP object using an inform-request. The message is built using a list of values consisting of groups of an OBJECT IDENTIFIER, an object type, and the actual value to be identified. This list is passed to the method as an array reference using the -varbindlist argument. The OBJECT IDENTIFIERs in each trio are to be in dotted notation. The object type is an octet corresponding to the ASN.1 type of value that is to be identified. Each of the supported ASN.1 types have been defined and are exported by the package by default (see "EXPORTS").

The first two variable-bindings fields in the inform-request are specified by SNMPv2 and should be:

  • sysUpTime.0 - ('1.3.6.1.2.1.1.3.0', TIMETICKS, $timeticks)

  • snmpTrapOID.0 - ('1.3.6.1.6.3.1.1.4.1.0', OBJECT_IDENTIFIER, $oid)

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

NOTE: This method can only be used when the version of the object is set to SNMPv2c or SNMPv3.

snmpv2_trap() - send a snmpV2-trap to the remote manager

$result = $session->snmpv2_trap(
                       [-delay           => $seconds,]   # non-blocking 
                       -varbindlist      => \@oid_value,
                    );

This method sends a snmpV2-trap to the remote manager associated with the Net::SNMP object. The message is built using a list of values consisting of groups of an OBJECT IDENTIFIER, an object type, and the actual value to be identified. This list is passed to the method as an array reference using the -varbindlist argument. The OBJECT IDENTIFIERs in each trio are to be in dotted notation. The object type is an octet corresponding to the ASN.1 type of value that is to be identified. Each of the supported ASN.1 types have been defined and are exported by the package by default (see "EXPORTS").

The first two variable-bindings fields in the snmpV2-trap are specified by SNMPv2 and should be:

  • sysUpTime.0 - ('1.3.6.1.2.1.1.3.0', TIMETICKS, $timeticks)

  • snmpTrapOID.0 - ('1.3.6.1.6.3.1.1.4.1.0', OBJECT_IDENTIFIER, $oid)

A true value is returned when the method is successful. The undefined value is returned when a failure has occurred. The error() method can be used to determine the cause of the failure. Since there are no acknowledgements for SNMPv2-Trap-PDUs, there is no way to determine if the remote host actually received the snmpV2-trap.

NOTE: When the object is in non-blocking mode, the snmpV2-trap is not sent until the event loop is entered and no callback is ever executed.

NOTE: This method can only be used when the version of the object is set to SNMPv2c. SNMPv2-Trap-PDUs are supported by SNMPv3, but require the sender of the message to be an authoritative SNMP engine which is not currently supported by the Net::SNMP module.

get_table() - retrieve a table from the remote agent

$result = $session->get_table(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking 
                       [-contextengineid => $engine_id,] # v3 
                       [-contextname     => $name,]      # v3
                       -baseoid          => $oid,
                       [-maxrepetitions  => $max_reps,]  # v2c/v3
                    );

This method performs repeated SNMP get-next-request or get-bulk-request (when using SNMPv2c or SNMPv3) queries to gather data from the remote agent on the host associated with the Net::SNMP object. The first message sent is built using the OBJECT IDENTIFIER in dotted notation passed to the method by the -baseoid argument. Repeated SNMP requests are issued until the OBJECT IDENTIFER in the response is no longer a child of the base OBJECT IDENTIFIER.

The -maxrepetitions argument can be used to specify the max-repetitions value that is passed to the get-bulk-requests when using SNMPv2c or SNMPv3. If this argument is not present, a value is calculated based on the maximum message size for the Net::SNMP object.

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

WARNING: Results from this method can become very large if the base OBJECT IDENTIFIER is close to the root of the SNMP MIB tree.

get_entries() - retrieve table entries from the remote agent

$result = $session->get_entries(
                       [-callback        => sub {},]     # non-blocking
                       [-delay           => $seconds,]   # non-blocking
                       [-contextengineid => $engine_id,] # v3
                       [-contextname     => $name,]      # v3
                       -columns          => \@columns,
                       [-startindex      => $start,]
                       [-endindex        => $end,]
                       [-maxrepetitions  => $max_reps,]  # v2c/v3
                    );

This method performs repeated SNMP get-next-request or get-bulk-request (when using SNMPv2c or SNMPv3) queries to gather data from the remote agent on the host associated with the Net::SNMP object. Each message specifically requests data for each OBJECT IDENTIFIER specified in the -columns array. The OBJECT IDENTIFIERs must correspond to column entries for a conceptual row in a table. They may however be columns in different tables as long as each table is indexed the same way. The optional -startindex and -endindex arguments may be specified to limit the query to specific rows in the table(s).

The -startindex can be specified as a single decimal value or in dotted notation if the index associated with the entry so requires. If the -startindex is specified, it will be include as part of the query results. If no -startindex is specified, the first request message will be sent without an index. To insure that the -startindex is included, the last subidentifier in the index is decremented by one. If the last subidentifier has a value of zero, the subidentifier is removed from the index.

The optional -endindex argument can be specified as a single decimal value or in dotted notation. If the -endindex is specified, it will be included as part of the query results. If no -endindex is specified, repeated SNMP requests are issued until the response no longer returns entries matching any of the columns specified in the -columns array.

The -maxrepetitions argument can be used to specify the max-repetitions value that is passed to the get-bulk-requests when using SNMPv2c or SNMPv3. If this argument is not present, a value is calculated based on the maximum message size of the object and the number of columns specified in the -columns array.

A reference to a hash is returned in blocking mode which contains the contents of the VarBindList. In non-blocking mode, a true value is returned when no error has occurred. In either mode, the undefined value is returned when an error has occurred. The error() method may be used to determine the cause of the failure.

version() - get the SNMP version from the object

$rfc_version = $session->version;

This method returns the current value for the SNMP version associated with the object. The returned value is the corresponding version number defined by the RFCs for the protocol version field (i.e. SNMPv1 == 0, SNMPv2c == 1, and SNMPv3 == 3). The RFC versions are defined as constant by the module and can be exported by request (see "EXPORTS").

error() - get the current error message from the object

$error_message = $session->error;

This method returns a text string explaining the reason for the last error. An empty string is returned if no error has occurred.

hostname() - get the hostname associated with the object

$hostname = $session->hostname;

This method returns the hostname string that is associated with the object as it was passed to the session() constructor.

error_status() - get the current SNMP error-status from the object

$error_status = $session->error_status;

This method returns the numeric value of the error-status contained in the last SNMP GetResponse-PDU received by the object.

error_index() - get the current SNMP error-index from the object

$error_index = $session->error_index;

This method returns the numeric value of the error-index contained in the last SNMP GetResponse-PDU received by the object.

var_bind_list() - get the hash reference to the last SNMP response

$response = $session->var_bind_list;

This method returns a hash reference created using the ObjectName and the ObjectSyntax pairs in the VarBindList of the last SNMP GetResponse-PDU received by the object. The keys of the hash consist of the OBJECT IDENTIFIERs in dotted notation corresponding to each ObjectName in the VarBindList. If any of the OBJECT IDENTIFIERs passed to the request method began with a leading dot, all of the OBJECT IDENTIFIER hash keys will be prefixed with a leading dot. The value of each hash entry is set equal to the value of the corresponding ObjectSyntax. The undefined value is returned if there has been a failure and the error() method may be used to determine the reason.

var_bind_names() - get the array of the ObjectNames in the last response

@names = $session->var_bind_names;

This method returns an array containing the OBJECT IDENTIFIERs corresponding to the ObjectNames in the VarBindList in the order that they were received in the last SNMP GetResponse-PDU. The entries in the array will map directly to the keys in the hash reference returned by the methods that perform SNMP message exchanges and by the var_bind_list() method. The array returned for the convenience methods get_table() and get_entries() will be in lexicographical order. An empty array is returned if there has been a failure and the error() method may be used to determine reason.

timeout() - set or get the current timeout period for the object

$seconds = $session->timeout([$seconds]);

This method returns the current value for the Transport Layer timeout for the Net::SNMP object. This value is the number of seconds that the object will wait for a response from the agent on the remote host. The default timeout is 5.0 seconds.

If a parameter is specified, the timeout for the object is set to the provided value if it falls within the range 1.0 to 60.0 seconds. The undefined value is returned upon an error and the error() method may be used to determine the cause.

retries() - set or get the current retry count for the object

$count = $session->retries([$count]);

This method returns the current value for the number of times to retry sending a SNMP message to the remote host. The default number of retries is 1.

If a parameter is specified, the number of retries for the object is set to the provided value if it falls within the range 0 to 20. The undefined value is returned upon an error and the error() method may be used to determine the cause.

max_msg_size() - set or get the current maxMsgSize for the object

$octets = $session->max_msg_size([$octets]);

This method returns the current value for the maximum message size (maxMsgSize) for the Net::SNMP object. This value is the largest message size in octets that can be prepared or processed by the object. The default maxMsgSize is 1472 octets.

If a parameter is specified, the maxMsgSize is set to the provided value if it falls within the range 484 to 2147483647 octets. The undefined value is returned upon an error and the error() method may be used to determine the cause.

NOTE: When using SNMPv3, the maxMsgSize is actually contained in the SNMP message (as msgMaxSize). If the value received from a remote device is less than the current maxMsgSize, the size is automatically adjusted to be the lower value.

translate() - enable or disable the translation mode for the object

$mask = $session->translate([ 
                     $mode |
                     [ # Perl anonymous ARRAY reference 
                        ['-all'            => $mode0,]
                        ['-none'           => $mode1,]
                        ['-octetstring     => $mode2,]
                        ['-null'           => $mode3,]
                        ['-timeticks'      => $mode4,]
                        ['-opaque'         => $mode5,]
                        ['-nosuchobject'   => $mode6,] 
                        ['-nosuchinstance' => $mode7,]
                        ['-endofmibview'   => $mode8,]
                        ['-unsigned'       => $mode9]  
                     ]
                  ]);

When the object decodes the GetResponse-PDU that is returned in response to a SNMP message, certain values are translated into a more "human readable" form. By default the following translations occur:

  • OCTET STRINGs and Opaques containing non-printable ASCII characters are converted into a hexadecimal representation prefixed with "0x". NOTE: The following ASCII control characters are considered to be printable by the module: NUL(0x00), HT(0x09), LF(0x0A), FF(0x0C), and CR(0x0D).

  • TimeTicks integer values are converted to a time format.

  • NULL values return the string "NULL" instead of an empty string.

  • noSuchObject exception values return the string "noSuchObject" instead of an empty string. If translation is not enabled, the SNMP error-status field is set to 128 which is equal to the exported definition NOSUCHOBJECT (see "EXPORTS").

  • noSuchInstance exception values return the string "noSuchInstance" instead of an empty string. If translation is not enabled, the SNMP error-status field is set to 129 which is equal to the exported definition NOSUCHINSTANCE (see "EXPORTS").

  • endOfMibView exception values return the string "endOfMibView" instead of an empty string. If translation is not enabled, the SNMP error-status field is set to 130 which is equal to the exported definition ENDOFMIBVIEW (see "EXPORTS").

  • Counter64, Counter, Gauge, and TimeTick values that have been incorrectly encoded as signed negative values are returned as unsigned values.

The translate() method can be invoked with two different types of arguments.

If the argument passed is any Perl variable type except an array reference, the translation mode for all ASN.1 types is set to either enabled or disabled, depending on the value of the passed parameter. Any value that Perl would treat as a true value will set the mode to be enabled for all types, while a false value will disable translation for all types.

A reference to an array can be passed to the translate() method in order to define the translation mode on a per ASN.1 type basis. The array is expected to contain a list of named argument pairs for each ASN.1 type that is to be modified. The arguments in the list are applied in the order that they are passed in via the array. Arguments at the end of the list supercede those passed earlier in the list. The argument "-all" can be used to specify that the mode is to apply to all ASN.1 types. Only the arguments for the ASN.1 types that are to be modified need to be included in the list.

The translate() method returns a bit mask indicating which ASN.1 types are to be translated. Definitions of the bit to ASN.1 type mappings can be exported using the :translate tag (see "EXPORTS"). The undefined value is returned upon an error and the error() method may be used to determine the cause.

debug() - set or get the debug mode for the module

$mask = $session->debug([$mask]);

This method is used to enable or disable debugging for the Net::SNMP module. Debugging can be enabled on a per component level as defined by a bit mask passed to the debug() method. The bit mask is broken up as follows:

  • 0x02 - Message or PDU encoding and decoding

  • 0x04 - Transport Layer

  • 0x08 - Dispatcher

  • 0x10 - Message Processing

  • 0x20 - Security

Symbols representing these bit mask values are defined by the module and can be exported using the :debug tag (see "EXPORTS"). If a non-numeric value is passed to the debug() method, it is evaluated in boolean context. Debugging for all of the components is then enabled or disabled based on the resulting truth value.

The current debugging mask is returned by the method. Debugging can also be enabled using the stand alone function snmp_debug(). This function can be exported by request (see "EXPORTS").

FUNCTIONS

oid_base_match() - determine if an OID has a specified OID base

$value = oid_base_match($base_oid, $oid);

This function takes two OBJECT IDENTIFIERs in dotted notation and returns a true value (i.e. 0x1) if the second OBJECT IDENTIFIER is equal to or is a child of the first OBJECT IDENTIFIER in the SNMP Management Information Base (MIB). This function can be used in conjunction with the get-next-request() or get-bulk-request() methods to determine when a OBJECT IDENTIFIER in the GetResponse-PDU is no longer in the desired MIB tree branch.

oid_lex_sort() - sort a list of OBJECT IDENTIFIERs lexicographically

@sorted_oids = oid_lex_sort(@oids);

This function takes a list of OBJECT IDENTIFIERs in dotted notation and returns the listed sorted in lexicographical order.

ticks_to_time() - convert TimeTicks to formatted time

$time = ticks_to_time($timeticks);

This function takes an ASN.1 TimeTicks value and returns a string representing the time defined by the value. The TimeTicks value is expected to be a non-negative integer value representing the time in hundredths of a second since some epoch. The returned string will display the time in days, hours, and seconds format according to the value of the TimeTicks argument.

EXPORTS

The Net::SNMP module uses the Exporter module to export useful constants and subroutines. These exportable symbols are defined below and follow the rules and conventions of the Exporter module (see Exporter).

Default

&snmp_dispatcher, INTEGER, INTEGER32, OCTET_STRING, OBJECT_IDENTIFIER, IPADDRESS, COUNTER, COUNTER32, GAUGE, GAUGE32, UNSIGNED32, TIMETICKS, OPAQUE, COUNTER64, NOSUCHOBJECT, NOSUCHINSTANCE, ENDOFMIBVIEW

Exportable

&snmp_debug, &snmp_dispatcher, &oid_base_match, &oid_lex_sort, &ticks_to_time, INTEGER, INTEGER32, OCTET_STRING, NULL, OBJECT_IDENTIFIER, SEQUENCE, IPADDRESS, COUNTER, COUNTER32, GAUGE, GAUGE32, UNSIGNED32, TIMETICKS, OPAQUE, COUNTER64, NOSUCHOBJECT, NOSUCHINSTANCE, ENDOFMIBVIEW, GET_REQUEST, GET_NEXT_REQUEST, GET_RESPONSE, SET_REQUEST, TRAP, GET_BULK_REQUEST, INFORM_REQUEST, SNMPV2_TRAP, DEBUG_ALL, DEBUG_NONE, DEBUG_MESSAGE, DEBUG_TRANSPORT, DEBUG_DISPATCHER, DEBUG_PROCESSING, DEBUG_SECURITY, COLD_START, WARM_START, LINK_DOWN, LINK_UP, AUTHENTICATION_FAILURE, EGP_NEIGHBOR_LOSS, ENTERPRISE_SPECIFIC, SNMP_VERSION_1, SNMP_VERSION_2C, SNMP_VERSION_3, SNMP_PORT, SNMP_TRAP_PORT, TRANSLATE_NONE, TRANSLATE_OCTET_STRING, TRANSLATE_NULL, TRANSLATE_TIMETICKS, TRANSLATE_OPAQUE, TRANSLATE_NOSUCHOBJECT, TRANSLATE_NOSUCHINSTANCE, TRANSLATE_ENDOFMIBVIEW, TRANSLATE_UNSIGNED, TRANSLATE_ALL

Tags
:asn1

INTEGER, INTEGER32, OCTET_STRING, NULL, OBJECT_IDENTIFIER, SEQUENCE, IPADDRESS, COUNTER, COUNTER32, GAUGE, GAUGE32, UNSIGNED32, TIMETICKS, OPAQUE, COUNTER64, NOSUCHOBJECT, NOSUCHINSTANCE, ENDOFMIBVIEW, GET_REQUEST, GET_NEXT_REQUEST, GET_RESPONSE, SET_REQUEST, TRAP, GET_BULK_REQUEST, INFORM_REQUEST, SNMPV2_TRAP

:debug

&snmp_debug, DEBUG_ALL, DEBUG_NONE, DEBUG_MESSAGE, DEBUG_TRANSPORT, DEBUG_DISPATCHER, DEBUG_PROCESSING, DEBUG_SECURITY

:generictrap

COLD_START, WARM_START, LINK_DOWN, LINK_UP, AUTHENTICATION_FAILURE, EGP_NEIGHBOR_LOSS, ENTERPRISE_SPECIFIC

:snmp

&snmp_debug, &snmp_dispatcher, &oid_base_match, &oid_lex_sort, &ticks_to_time, SNMP_VERSION_1, SNMP_VERSION_2C, SNMP_VERSION_3, SNMP_PORT, SNMP_TRAP_PORT

:translate

TRANSLATE_NONE, TRANSLATE_OCTET_STRING, TRANSLATE_NULL, TRANSLATE_TIMETICKS, TRANSLATE_OPAQUE, TRANSLATE_NOSUCHOBJECT, TRANSLATE_NOSUCHINSTANCE, TRANSLATE_ENDOFMIBVIEW, TRANSLATE_UNSIGNED, TRANSLATE_ALL

:ALL

All of the above exportable items.

EXAMPLES

1. Blocking SNMPv1 get-request for sysUpTime

This example gets the sysUpTime from a remote host.

#! /usr/local/bin/perl

use strict;

use Net::SNMP;

my ($session, $error) = Net::SNMP->session(
   -hostname  => shift || 'localhost',
   -community => shift || 'public',
   -port      => shift || 161 
);

if (!defined($session)) {
   printf("ERROR: %s.\n", $error);
   exit 1;
}

my $sysUpTime = '1.3.6.1.2.1.1.3.0';

my $result = $session->get_request(
   -varbindlist => [$sysUpTime]
);

if (!defined($result)) {
   printf("ERROR: %s.\n", $session->error);
   $session->close;
   exit 1;
}

printf("sysUpTime for host '%s' is %s\n",
   $session->hostname, $result->{$sysUpTime} 
);

$session->close;

exit 0;

2. Blocking SNMPv3 set-request of sysContact

This example sets the sysContact information on the remote host to "Help Desk x911". The named arguments passed to the session() constructor are for the demonstration of syntax only. These parameters will need to be set according to the SNMPv3 parameters of the remote host used by the script.

#! /usr/local/bin/perl

use strict;

use Net::SNMP;

my ($session, $error) = Net::SNMP->session(
   -hostname     => 'myv3host.company.com',
   -version      => 'snmpv3',
   -username     => 'myv3Username',
   -authkey      => '0x05c7fbde31916f64da4d5b77156bdfa7',
   -authprotocol => 'md5',
   -privkey      => '0x93725fd3a02a48ce02df4e065a1c1746'
);

if (!defined($session)) {
   printf("ERROR: %s.\n", $error);
   exit 1;
}

my $sysContact = '1.3.6.1.2.1.1.4.0';

my $result = $session->set_request(
   -varbindlist => [$sysContact, OCTET_STRING, 'Help Desk x911']
);

if (!defined($result)) {
   printf("ERROR: %s.\n", $session->error);
   $session->close;
   exit 1;
}

printf("sysContact for host '%s' set to '%s'\n", 
   $session->hostname, $result->{$sysContact}
);

$session->close;

exit 0;

3. Non-blocking SNMPv2c get-bulk-request for ifTable

This example gets the contents of the ifTable by sending get-bulk-requests until the responses are no longer part of the ifTable. The ifTable can also be retrieved using the get_table() method.

#! /usr/local/bin/perl

use strict;

use Net::SNMP qw(:snmp);

my ($session, $error) = Net::SNMP->session(
   -version     => 'snmpv2c',
   -nonblocking => 1,
   -hostname    => shift || 'localhost',
   -community   => shift || 'public',
   -port        => shift || 161 
);

if (!defined($session)) {
   printf("ERROR: %s.\n", $error);
   exit 1;
}

my $ifTable = '1.3.6.1.2.1.2.2';

my $result = $session->get_bulk_request(
   -callback       => [\&table_cb, {}],
   -maxrepetitions => 10,
   -varbindlist    => [$ifTable]
);

if (!defined($result)) {
   printf("ERROR: %s.\n", $session->error);
   $session->close;
   exit 1;
}

snmp_dispatcher();

$session->close;

exit 0;

sub table_cb
{
   my ($session, $table) = @_;

   if (!defined($session->var_bind_list)) {

      printf("ERROR: %s\n", $session->error);   

   } else {

      # Loop through each of the OIDs in the response and assign
      # the key/value pairs to the anonymous hash that is passed
      # to the callback.  Make sure that we are still in the table
      # before assigning the key/values.

      my $next;

      foreach my $oid (oid_lex_sort(keys(%{$session->var_bind_list}))) {
         if (!oid_base_match($ifTable, $oid)) {
            $next = undef;
            last;
         }
         $next = $oid; 
         $table->{$oid} = $session->var_bind_list->{$oid};   
      }

      # If $next is defined we need to send another request 
      # to get more of the table.

      if (defined($next)) {

         $result = $session->get_bulk_request(
            -callback       => [\&table_cb, $table],
            -maxrepetitions => 10,
            -varbindlist    => [$next]
         ); 

         if (!defined($result)) {
            printf("ERROR: %s\n", $session->error);
         }

      } else {

         # We are no longer in the table, so print the results.

         foreach my $oid (oid_lex_sort(keys(%{$table}))) {
            printf("%s => %s\n", $oid, $table->{$oid});
         }

      }
   }
}

4. Non-blocking SNMPv1 get-request for sysUpTime on multiple hosts

This example polls several hosts for their sysUpTime using non-blocking objects and reports a warning if this value is less than the value from the last poll.

 #! /usr/local/bin/perl

 use strict;

 use Net::SNMP qw(snmp_dispatcher ticks_to_time);

 # List of hosts to poll

 my @HOSTS = qw(1.1.1.1 1.1.1.2 localhost);

 # Poll interval (in seconds).  This value should be greater 
 # than the number of retries plus one, times the timeout value.

 my $INTERVAL  = 60;

 # Maximum number of polls, including the initial poll.

 my $MAX_POLLS = 10;

 my $sysUpTime = '1.3.6.1.2.1.1.3.0';

 # Create a session for each host and queue the first get-request.

 foreach my $host (@HOSTS) {

    my ($session, $error) = Net::SNMP->session(
       -hostname    => $host,
       -nonblocking => 0x1,   # Create non-blocking objects
       -translate   => [
          -timeticks => 0x0   # Turn off so sysUpTime is numeric
       ]  
    );
    if (!defined($session)) {
       printf("ERROR: %s.\n", $error);
       exit 1;
    }

    # Queue the get-request, passing references to variables that
    # will be used to store the last sysUpTime and the number of
    # polls that this session has performed. 

    my ($last_uptime, $num_polls) = (0, 0);

    $session->get_request(
        -varbindlist => [$sysUpTime],
        -callback    => [
           \&validate_sysUpTime_cb, \$last_uptime, \$num_polls
        ]
    );

 }

 # Define a reference point for all of the polls
 my $EPOC = time();

 # Enter the event loop
 snmp_dispatcher();

 exit 0;


 sub validate_sysUpTime_cb
 {
    my ($session, $last_uptime, $num_polls) = @_;

    if (!defined($session->var_bind_list)) {

       printf("%-15s  ERROR: %s\n", $session->hostname, $session->error);

    } else {
 
       # Validate the sysUpTime

       my $uptime = $session->var_bind_list->{$sysUpTime};

       if ($uptime < ${$last_uptime}) {
          printf("%-15s  WARNING: %s is less than %s\n",
             $session->hostname, 
             ticks_to_time($uptime), 
             ticks_to_time(${$last_uptime})
          );
       } else {
          printf("%-15s  Ok (%s)\n", 
             $session->hostname, ticks_to_time($uptime)
          );
       }

       # Store the new sysUpTime
       ${$last_uptime} = $uptime;

    }

    # Queue the next message if we have not reached $MAX_POLLS.  
    # Since we do not provide a -callback argument, the same 
    # callback and it's original arguments will be used.

    if (++${$num_polls} < $MAX_POLLS) {
       my $delay = (($INTERVAL * ${$num_polls}) + $EPOC) - time();
       $session->get_request(
          -delay       => ($delay >= 0) ? $delay : 0,
          -varbindlist => [$sysUpTime]
       );
    }

    $session->error_status;
 }

REQUIREMENTS

  • The Net::SNMP module uses syntax that is not supported in versions of Perl earlier than v5.6.0.

  • The non-core modules Crypt::DES, Digest::MD5, Digest::SHA1, and Digest::HMAC are required to support SNMPv3.

  • In order to support the AES Cipher Algorithm as a SNMPv3 privacy protocol, the non-core module Crypt::Rijndael is needed.

AUTHOR

David M. Town <dtown@cpan.org>

ACKNOWLEDGMENTS

The original concept for this module was based on SNMP_Session.pm written by Simon Leinen <simon@switch.ch>.

The Abstract Syntax Notation One (ASN.1) encode and decode methods were derived by example from the CMU SNMP package whose copyright follows: Copyright (c) 1988, 1989, 1991, 1992 by Carnegie Mellon University. All rights reserved.

COPYRIGHT

Copyright (c) 1998-2003 David M. Town. All rights reserved. This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.