system function

miamilinux

Ive been trying to run system commands in a script that I want to create to be able to view SNMP info. The SNMP commands can only be run on a different server. If I run the following command on the command line it works perfectly. It returns the SNMP info, but when I try to run it in the script it doesnt work 😕

system("ssh $server snmpwalk -v1 -c $comString $routerIp CISCO-STACK-MIB:: portAdminSpeed.2.$port")

MarkR

It's probably a permissions problem. Do you know what user the web server is running under? Have you tried su'ing into that user and then running the command?

Seeing as it's snmp, would it not be simpler to install snmpwalk on the web server machine, and grant whatever access is required to enable it to be able to access the snmp directly?

Mark

miamilinux

MarkR wrote:
It's probably a permissions problem. Do you know what user the web server is running under? Have you tried su'ing into that user and then running the command?

Seeing as it's snmp, would it not be simpler to install snmpwalk on the web server machine, and grant whatever access is required to enable it to be able to access the snmp directly?

Mark

im ssh'ing to a server that has snmp utils installed and running it on that. But I think your right about the perms...because i havent done anything with that.

miamilinux

MarkR wrote:
It's probably a permissions problem. Do you know what user the web server is running under? Have you tried su'ing into that user and then running the command?

Seeing as it's snmp, would it not be simpler to install snmpwalk on the web server machine, and grant whatever access is required to enable it to be able to access the snmp directly?

Mark

the reason I dont want to do what you recommended is because the web server is accessed by the outside world...the server with the snmp utils is not accessible by anyone. its too risky to have switch community strings on a server thats not behind a firewall

MarkR

Right, but if you have the ssh login / password or key stored on the server, if the server is compromised, the other machine will be too.

So if you created a readonly community string, then they'd only be able to read stats off the router anyway.

Whereas ssh gives them a lot more access.

Mark