Walking sysUptime and understanding it is easy; it's simply the uptime of the device -

system.sysUpTime.0 = Timeticks: (3124188865) 361 days, 14:18:08.65

Walking ifOperStatus and understanding it is easy as well; it's simply an up or a down for that interface. This is the output from 1 interface:

interfaces.ifTable.ifEntry.ifOperStatus.1 = up(1)

Walking ifLastChange and understanding it is a bit more difficult. This is the output from 1 interface:

interfaces.ifTable.ifEntry.ifLastChange.1 = Timeticks: (4322) 0:00:43.22

The part I don't understand is how to interpret the results.

Can you shed some more light on how to interpret the results?

Looks like this interface has been up for a long time.

ifLastChange.1 is returning 4322, so the interface has been up since the router's up time was 43 seconds.

In other words, it looks like the interface has been up for more than 361 days (sysUpTime - ifLastChange).

This looks nice but our Campus Servers are at 3.3.

I'm trying to find a way to do this from a command line so I can fulfill the current request.

IIRC, 3.3 supports the Data Extraction Engine (DEE). Extract the User Tracking data via that mechanism (I believe it's all there in 3.3, just packaged in a report under 4.0), parse it out and pipe the output to a results file after some expression matching and sorting. It can all be scripted in a command shell or via some VB code that you can execute from command line as a shell script (Unix) or compiled executable (Windows).

The DEE schema is documented in the 4.0 user guide. See specifically: http://www.cisco.com/en/US/products/sw/cscowork/ps563/products_user_guide_chapter09186a00802297ac.html#wp1034795

I have the DEE installed and will take a look at it. However, I would still like to know how to do this from the command line using the snmpwalk command. The results shown in Campus are only as good as the last discovery.

Not sure if you saw my earlier reply to your snmp walks:

Looks like this interface has been up for a long time.

ifLastChange.1 is returning 4322, so the interface has been up since the router's up time was 43 seconds.

In other words, it looks like the interface has been up for more than 361 days (sysUpTime - ifLastChange).

Actually, I did overlook your previous response.

Can you repeat how you calculated this using that interface?

Walk the sysUptime of a switch, the ifOperStatus to find a port that is down then subtract the sysUptime timeticks from the ifLastChange timeticks of an interface that is down then divide that value by 8640000 to get the number of days a port has been down.

Now all I need is a script that reads a list of devices from a file, determines how many ports are on the switch then performs the calculations......

RESULT1= snmpwalk .1.3.6.1.2.1.1.3 - sysUptime

RESULTS2= snmpwalk .1.3.6.1.2.1.2.2.1.8 - ifOperStatus - Find down ports

RESULTS3= snmpwalk .1.3.6.1.2.1.2.2.1.9 - ifLastChange

DOWNTIME of a port= ( RESULT1 - RESULTS3 ) / 8640000

I find it hard to believe no one has scripted this...

SNMP cannot distinguish between NOTCONNECT and ACTIVE ports, can it?