logIt Log Around The Clock

Running Raddle in RHEL

Raddle is a great SNMP player written in Perl. I say player to this emulator application, meaning that I can append or dump snmpwalk output from a device and then replay that from Raddle. Installing it can be both simple and tedious tasks. I used Red Hat Enterprise Linux 5.2 inside a virtual machine (VirtualBox) to make it compact without interfering my own host snmpd setting.

net-SNMP packages are required for Raddle to work on top of primarily snmpd.

yum install net-snmp net-snmp-utils

Prior to installation some rpm packages must be downloaded separately as my local repo (created from original RHEL CD images) may not contain them. They are installed as follow:

rpm -i perl-Carp-Clan-6.00-1.el4.rf.noarch.rpm
rpm -i perl-Bit-Vector-6.4-2.el5.rf.i386.rpm
rpm -i perl-Crypt-DES-2.05-3.2.el5.rf.i386.rpm
rpm -i perl-Digest-SHA1-2.11-1.el5.rf.i386.rpm
rpm -i perl-Digest-HMAC-1.01-2.2.el5.rf.noarch.rpm
rpm -i perl-Socket6-0.20-1.el5.rf.i386.rpm
rpm -i perl-Net-SNMP-5.2.0-1.2.el5.rf.noarch.rpm
rpm -i perl-Date-Pcalc-1.2-1.2.el5.rf.noarch.rpm
rpm -i perl-Date-Calc-5.4-1.el5.rf.i386.rpm

continued by installing net-snmp-perl from original repo

yum install net-snmp-perl

Uncompressing Raddle and successful make test will mean installation is good and can be finished by make install

cd Net-Raddle-0.08
perl Makefile.PL
make test
make install

Replaying SNMP Packets

The idea is to run snmpd which replays a specific prepared-SNMP-packets instead of our own real time system SNMP data (in this case the condition of RHEL 5.2 host). There are three files to do that, let’s name them r1.*:

  1. r1.snmp
    A capture from i.e.
    snmpwalk -v 1 -c <community string> -OneU <device> > r1.snmp
  2. r1.conf
    snmpd will run this instead of the original OS default:
    snmpd -C -I vacm_vars -c /usr/local/etc/snmp-emulator/r1.conf
  3. r1.pl
    the perl script where the most basic is to just replay the above r1.snmp

An official documentation to replay SNMP can be found here. I got hold back when trying to listen from other host, it turns out that I must remove the localhost section in r1.conf which will make it to use standard port 161 as well

# Listen on port 9501
#agentaddress    udp:localhost:9501,tcp:localhost:9501

It is also wise to always cut the r1.snmp first to see if the perl works (test with perl -w /usr/local/etc/snmp-emulator/r1.pl) either with warning or clean, meaning no problem with just some of the OIDs found inside the file.

Leave a Reply