Forum Discussion

Robert_Sutcliff's avatar
Robert_Sutcliff
Icon for Nimbostratus rankNimbostratus
Feb 07, 2013

configsync.localconfigtime via snmp

Hi,

 

I'm running LTM v11.3 and trying to make use of the new feature of custom SNMP MIBs (ie creating my own OID to return data not normally in the MIB).

 

The data I'm trying to gather is the date/time of the last config change (configsync.localconfigtime in the database), to use in a nagios check (SNMP GET).

 

Unfortunately, the only way I can see to pull this data is via tmsh (list sys db configsync.localconfigtime), which works from the command line. The problem is, that because the BigIP LTM runs SELinux, when this is executed by the snmp daemon this results in a context mismatch (and therefore I get the message -- couldn't execute "tmsh": permission denied).

 

In my custom_mib.tcl I use the following statement...

 

set config_status [catch {exec /usr/bin/tmsh -c "list sys db configsync.localconfigtime one-line" | cut -d\" -f2} config]

 

executing other linux command line programs works as expected (eg. exec date +%s).

 

Is there any other way of getting this data (other than making "heavyweight" calls via SOAP, etc)

 

 

Rob

 

management
monitoring

3 Replies

  • Peter_Baumann's avatar
    Peter_Baumann
    Icon for Cirrostratus rankCirrostratus
    May 07, 2013

    Hi Robert,

     

    I'm looking for the same.

     

    I have created the following /configs/snmp/custom_mib.tcl:

     

    register_mib ".2" license int

     

     

    proc license {}

     

    {

     

    set status [catch {exec /usr/bin/monitors/zbx_bigip_license} result]

     

    return $result

     

    }

     

    And try to access it:

     

    snmpwalk -v2c -cpublic bigip .1.3.6.1.4.1.3375.2.100.2

     

    F5-BIGIP-COMMON-MIB::bigipTrafficMgmt.100.2.0 = STRING: "couldn't execute \"/usr/bin/monitors/zbx_bigip_license\": permission denied"

     

    The Script zbx_bigip_license is available and I can start it on the console.

     

     

    If someone knows howto solve this, it would be very much appreciated!

     

    Peter

     

  • Peter_Baumann's avatar
    Peter_Baumann
    Icon for Cirrostratus rankCirrostratus
    May 08, 2013

    Hi again Robert,

     

    I used the following workaround for my problem:

     

    Change /etc/selinux/config from "SELINUX=enforcing" to "SELINUX=permissive".

     

    This workround is not recommended on productive systems since you're disabling selinux with this setting.

     

     

    I also tried the solution according to the following bug:

     

    http://bugs.centos.org/view.php?id=3037

     

    But is does not help.

     

     

    F5 need to add selinux rules for external snmpd script to work...

     

     

    Peter

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    May 14, 2013
    Or have your script run from cron every X minutes, and write the results to a file in /tmp that you can then access from snmpd...

     

     

    - Plus variations on the theme...

     

     

    H