Scribd Logo
Importer

Bienvenue sur Scribd !

  • Configuring SNMP Event Monitoring

    Transféré par

    arun0076@gmail.com
    64 vues4 pages
    Configuring SNMP Event Monitoring

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Configuring SNMP Event Monitoring

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    64 vues4 pages

    Configuring SNMP Event Monitoring

    Transféré par

    arun0076@gmail.com
    Configuring SNMP Event Monitoring

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    Configuring SNMP Event Monitoring &

    Testing Alerts
    Published: 01/03/2017

    Configuring SNMP Event Monitoring in


    UnboundID
    This section will outline how to configure the UnboundID Server to send out SNMP traps and
    how to setup a basic SNMP trap receiver for testing. The assumption is that you are on a Redhat
    or similar distribution of Linux.

    SNMP OS Level Configuration


    1. You will need to install the following software on a typical Linux system:

    $ yum install net-snmp net-snmp-utils

    2. Once the software is installed you can then modify the configuration files and configure
    this to be enabled during server reboot. Also all traps will be logged to the
    /var/log/snmptrap.log for this purpose.

    3. Create the SNMPv3 User


    4. Make sure snmpd is stopped:
    5.
    6. $ service snmpd stop
    7. $ net-snmp-create-v3-user -A password -a MD5 -x DES snmpagent
    8.
    9. The command will output the following information:
    10.
    11. adding the following line to /var/lib/net-snmp/snmpd.conf:
    12. createUser snmpagent MD5 "password" DES
    13. adding the following line to /etc/snmp/snmpd.conf:
    rwuser snmpagent

    14. Start the SNMP deamon

    $ service snmpd start

    15. Test to ensure that the configuration is working:

    16. $ snmpwalk -u snmpagent -A password -a MD5 \


    -l authnoPriv localhost -v3
    17. Edit the SNMP configuration files

    18. Edit the /etc/snmp/snmpd.conf file and make sure the master agentx
    19. and trap2sink lines are added:
    20.
    21. master agentx agentXSocket tcp:localhost:705 udp:161
    22. trap2sink localhost:162 public
    23. rwuser snmpagent
    24.
    25. Edit the /etc/snmp/snmptrapd.conf file and make sure the following
    26. lines are set
    27.
    28. authCommunity log,execute,net public
    29. logOption f /var/log/snmptrap.log
    30. Edit the /etc/init.d/snmpd start file
    31.
    32. In this file you will need to change the OPTIONS section and update
    33. it to look as follows ( should all be on one line):
    34.
    35. OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
    --master=agentx --agentXSocket=tcp:localhost:705 udp:161"

    36. Then you can restart the SNMP deamon :

    $ service snmpd restart

    37. Edit the /etc/init.d/snmptrapd file

    38. Make sure the following line is in place:


    39.
    # config: /etc/snmp/snmptrapd.conf

    40. Then you can restart the SNMP Trad Deamon:

    $ service snmptrapd restart

    UnboundID Product Configuration


    The UnboundID Servers are all configured in the same way to allow SNMP traps to be sent out
    so the following commands will work on any of the UnboundID products. For these instructions
    we will use the UnboundID Data Store as the reference product we are configuring.

    1. Enable the Data Store’s SNMP plug-in using the dsconfig tool. Make sure to specify the
    address and port of the SNMP master agent. On each Data Store instance, enable the
    SNMP subagent. Note that the SNMPv3 context name is limited to 30 bytes maximum. If
    the default dynamically-constructed instance name is greater than 30 bytes, there will be
    an error when attempting to enable the plugin.
    2. $ bin/dsconfig set-plugin-prop --plugin-name "SNMP Subagent" \
    3. --set enabled:true --set agentx-address:localhost \
    4. --set agentx-port:705 --set session-timeout:5s \
    --set connect-retry-max-wait:10s

    5. Enable the SNMP Subagent Alert Handler so that the sub-agent will send traps for
    administrative alerts generated by the server.

    6. $ bin/dsconfig set-alert-handler-prop \
    --handler-name "SNMP Subagent Alert Handler" --set enabled:true

    7. Install the MIB definitions for the Net-SNMP client tools, usually located in the
    /usr/share/snmp/mibs directory.

    $ cp resource/mib/* /usr/share/snmp/mibs

    8. You should now see a line in the error log of the data store similar to the following:

    9. [29/Jul/2014:15:33:37.831 -0500] instanceName="hostname:port"


    threadID=-1
    10. category=PLUGIN severity=NOTICE msgID=1886847020 msg="The SNMP sub-
    agent
    11. connected successfully to the master agent at localhost:705. The SNMP
    context name is {hostname:port}"

    12. Now you can do some tests to ensure that you can query the Data Store via SNMP

    13. $ snmpget -v 3 -u snmpagent -A password -a MD5 -l \


    14. authnoPriv -n {hostname:port} \
    15. -m all localhost localDBBackendCount.0
    16.
    17. Where {hostname:port} is the SNMP context name that was listed in
    18. the log file in step 4 above. Should be the hostname and ldap port
    19. of the server.
    20.
    UNBOUNDID-LOCAL-DB-BACKEND-MIB::localDBBackendCount.0 = INTEGER: 1

    21. You can use the 'snmp walk' command to get the status of the server.

    22. $ snmpwalk -v 3 -u snmpagent -A password -a MD5 \


    23. -l authnoPriv -n {hostname:port} \
    24. -m all localhost systemStatus
    25.
    26. Where {hostname:port} is the SNMP context name that was listed in
    27. the log file in step 4 above. Should be the hostname and ldap port
    28. of the server.
    29.
    30. UNBOUNDID-SYSTEM-STATUS-MIB::totalConnections.0 = Counter64: 574
    31. UNBOUNDID-SYSTEM-STATUS-MIB::currentNumConnections.0 = INTEGER: 259
    32. UNBOUNDID-SYSTEM-STATUS-MIB::maxWorkQueueSize.0 = Gauge32: 0
    33. UNBOUNDID-SYSTEM-STATUS-MIB::averageWorkQueueSize.0 = STRING: "0"
    34. UNBOUNDID-SYSTEM-STATUS-MIB::maxWorkerThreadPercentBusy.0 = Gauge32:
    13
    UNBOUNDID-SYSTEM-STATUS-MIB::averageWorkerThreadPercentBusy.0 =
    Gauge32: 0
    Testing Alerts over SNMP
    1. You can test the alerting function of the Data Store now by sending in a test alert using
    the Task feature in the server.

    2. Create an LDIF file (test-alert.ldif) with the following information:

    3. dn: ds-task-id=Test Leaving Lockdown Mode Alert,cn=Scheduled


    Tasks,cn=Tasks
    4. objectClass: top
    5. objectClass: ds-task
    6. objectClass: ds-task-alert
    7. ds-task-id: Test Leaving Lockdown Mode Alert
    8. ds-task-class-name: com.unboundid.directory.server.tasks.AlertTask
    9. ds-task-alert-type: leaving-lockdown-mode
    ds-task-alert-message: Testing SNMP Alerts

    10. Add this entry to the Data Store using ldapmodify:

    11. $ bin/ldapmodify -p {port} -D "cn=directory manager" \


    -w {password} -a -f /path/to/test-alert.ldif

    12. You should then see something similar in the /var/log/snmptrap.log file

    13. 2016-05-12 12:30:52 localhost [UDP: [127.0.0.1]:57153->[127.0.0.1]]:


    14. DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (17018) 0:02:50.18
    15. SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.
    16. 30221.2.10.3.29 SNMPv2-SMI::enterprises.30221.2.10.4.1 = INTEGER: 0
    17. SNMPv2-SMI::enterprises.30221.2.10.4.2 = STRING:
    18. "Server Leaving Lockdown Mode" SNMPv2-SMI::enterprises.30221.2.10.4.3
    =
    19. STRING: "Testing" SNMPv2-SMI::enterprises.30221.2.10.4.4 = STRING:
    20. "UnboundID Identity Data Store (#####.unboundid.lab:####):
    21. com.unboundid.directory.server.types.AlertType"
    22. SNMPv2-SMI::enterprises.30221.2.10.4.5 = INTEGER: 4
    23. SNMPv2-SMI::enterprises.30221.2.10.4.6 = Hex-STRING: 07 E0 05 0C 0C 1E
    34 08 2D FB 00
    24. SNMPv2-SMI::enterprises.30221.2.10.4.7 = INTEGER: 549
    25. SNMPv2-SMI::enterprises.30221.2.10.4.8 = STRING: "Server Leaving
    Lockdown Mode"
    26. SNMPv2-SMI::enterprises.30221.2.10.4.9 = INTEGER: 6 SNMPv2-
    27. SMI::enterprises.30221.2.10.4.10 = INTEGER: 71
    SNMPv2- SMI::enterprises.30221.2.10.4.11 = STRING: "Testing SNMP
    Alerts"

    Vous aimerez peut-être aussi