[SOLVED] snmpd on RMerlin ASUSWRT with extended scripts

[mad_ady]

Hello everyone!
I'd like to keep an eye on who is connected over OpenVPN, so I thought I'd make a script to parse openvpn status and report back who is connected via snmp (there is a snmp agent polling the router periodically). To do this I enabled snmp and it works (I am able to get data for IF-MIB), but I'd like to extend it with custom scripts.

As far as I've seen I could use the 'extend' keyword, add a string and the path to the script in the configuration and the script's output should be exposed via SNMP in the NET-SNMP-EXTEND-MIB (http://www.oidview.com/mibs/8072/NET-SNMP-EXTEND-MIB.html). I've added the following line to /tmp/snmpd.conf and restarted snmpd manually:

extend test /bin/echo hello

However, when I do a snmpwalk, I do not get that OID. It could be that the OID is out of tree, so a direct walk would not expose it, so I tried specific walks, like this:

$ snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.4.1.8072.1.3.2
iso.3.6.1.4.1.8072.1.3.2 = No Such Object available on this agent at this OID

So, it seems that extended objects are not supported?

Any ideas what I should try next? I'm thinking of the following:
1. Disable builtin SNMP and install snmpd from opkg in hopes that it's more complete
2. Research a different way to expose a script's output via SNMP

Has anyone played with this before?

 

[mad_ady]

Ok, here's an update. I disabled the built-in snmpd daemon and installed snmpd and snmp-utils from opkg:

opkg install snmpd snmp-utils

I copied the config file from /tmp/snmpd.conf to /jffs/config/snmpd.conf and adjusted this path in /opt/etc/init.d/S47snmpd (ARGS).

Now, inside the config file I have something like this:

agentAddress  udp:161
createUser admin
rwuser admin noauth
rocommunity iezaejeeseTh2aekaoNg default
sysName arcturus
sysLocation Home
extend test /bin/echo hello
extend ovpntestuser /jffs/ovpn-status.sh testuser

You can start it with

# /opt/etc/init.d/S47snmpd start
 Starting snmpd...              done.

The /jffs/ovpn-status.sh script just does a grep in the ovpn status files to see if the user is connected or not and reports back via wc -l:

#!/bin/sh
/bin/grep "CLIENT_LIST,$1" /etc/openvpn/server1/status /etc/openvpn/server2/status | /opt/bin/wc -l

You can query it via SNMP with

# snmpwalk -v2c -c iezaejeeseTh2aekaoNg 127.0.0.1 .1.3.6.1.4.1.8072.1.3.2.3.1.1
iso.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116 = STRING: "hello"
iso.3.6.1.4.1.8072.1.3.2.3.1.1.12.111.118.112.110.116.101.115.116.117.115.101.114 = STRING: "0"

The OID is composed from a base iso.3.6.1.4.1.8072.1.3.2.3.1.1 + id + string you used in the config converted to decimal (use this to convert it https://www.rapidtables.com/convert/number/ascii-hex-bin-dec-converter.html).

Hope this helps!