How to Guides: The SNMP Toolkit
Transcription
How to Guides: The SNMP Toolkit
Haf Saba – Attachmate | NetIQ How to Guides: The SNMP Toolkit Prepared by Haf Saba Senior Technical Consultant Asia Pacific haf.saba@netiq.com th October 13 , 2009 1 Haf Saba – Attachmate | NetIQ Table of Contents Introduction .......................................................................................................................................................................... 2 Pre-Requisites ....................................................................................................................................................................... 2 Server Requirements ................................................................................................................................................... 2 Installation ............................................................................................................................................................................ 3 SNMP Script Configuration ............................................................................................................................................... 9 Other SNMP Scripts .................................................................................................................................................... 22 Introduction The following is a monitoring guide for NetIQ SNMP Toolkit monitoring. This document will go through the steps involved in implementing SNMP for Cisco VPN concentrator monitoring as an example. Please read the guide before beginning with the monitoring as there are many steps involved. It is important to understand how to follow MIBs and general SNMP functionality. Pre-Requisites To begin with, a list of requirements must be met before the installation can begin. Server Requirements o An existing AppManager (AM) environment o Windows 2000 SP4 or Windows 2003 Server with the AM agent already installed o The Windows SNMP Service installed and running as LocalSystem o SNMP Security Tab entered with appropriate Read Community String and set to accept from any host o Network Device set with a defined SNMP READ community string This document shows screenshots of various MIBs using the MIB Browser tool from MG Soft (www.mg-soft.si). This tool is invaluable to SNMP monitoring as it has the ability to poll a device and inform you of what MIBs it is using and more importantly, return a value for everything that it can report on. This saves several hours in MIB browsing walking MIBs that don’t return any data. You can download an evaluation of the product from the website. SNMP monitoring requires much patience. It will take time browsing MIBs to determine what values you can even poll let alone what you want to monitor. There are hundreds of MIBs available for various devices and with the beauty of the toolkit you can monitor any SNMP-related device provided you have the MIB for it. A good location to check for the MIB is the manufacturer’s website or online MIBs at websites such as www.snmplink.org and http://www.oidview.com/mibs/detail.html. 2 Haf Saba – Attachmate | NetIQ Once you have your MIB you can then walk it against your SNMP object and determine what values you are getting back and how you will need to interpret them. This takes the most time as each device will have many MIBs. Engaging the support of the manufacturer may help in determining what you need to monitor. Installation We are now ready to begin the installation of the module. Run the SNMP .msi on the server configured to do the polling and also run the .msi on the server hosting the AppManager QDB so that the scripts are loaded into the database. Simply clicking next through the setup will suffice to install the SNMP components. Upon completion, when returning to the AM Console, open the script in the Discovery tab called “SNMP”. 3 Haf Saba – Attachmate | NetIQ You can list the SNMP devices comma-separated by IP address and then enter the community string. Drag and drop this script on the agent where you installed the Toolkit. Once discovery has complete, you will then see the SNMP tab appear as a view or under the Master tab, you will see as displayed below, the SNMP tab with the SNMP scripts. For a reference on what you can do with each of these scripts, please refer to the PDF document packaged with the SNMP toolkit installer. The scripts that we will use are DeviceReboot, InterfaceState, SyncGet, and SyncGetTable. But before we can monitor via those scripts, we’ll need to add the MIBs to the agent using the AddMIB script. Your tree view will have the following objects listed after the Discovery is complete. Below is an example of some discovered SNMP objects: 4 Haf Saba – Attachmate | NetIQ As the SNMP scripts do have a generic name, it is good practice to copy them to their own folder (by right clicking each script, choosing “copy knowledge script” and naming it “<folder_name>_Script Name” so that the script goes in the folder of your choice). Below is an example of the scripts copied to use for the purpose of this document. Notice the tab below is called “Wipro”. It is recommended at this time that you enter the community string information on the agent in NetIQ Security Manager. In the Operator Console, click on Extensions > Security Manager. Click the server listed under “computers” that will be the server that polls the network devices and then click the SNMP tab. Enter the string and click apply. 5 Haf Saba – Attachmate | NetIQ Here is a list of all the MIBs used by a Cisco VPN 3000 Concentrator. While you do not need to use all of these MIBs to monitor the VPN, many of them will be useful and it is recommended that you add each of these MIBs labeled “Altiga” and “Cisco” to our agent. The MIBs at the top of this list with no manufacturer definition are already included in the base agent for SNMP. The screenshot above comes from the MG-SOFT MIB Browser “Agent Snapshot” 6 Haf Saba – Attachmate | NetIQ The first step will be to add the MIBs to the agent. This is performed using the Snmp_AddMIBs script. Make sure each MIB name is comma-separated in the values. The agent will accept .MIB, .txt, and .my files. Note: Some of the MIBs may reference other MIBs and so will generate a yellow event upon completion of the job. This event will say that the referenced MIB didn’t exist. It will still add the MIB and all you will need to do is make sure you add the MIB that has been referenced in the detailed event message. 7 Haf Saba – Attachmate | NetIQ The ALTIGA-SESSION-STATS-MIB is what will generate much of the session info for us from the following locations listed in the diagram below. These being the alStatsSessionGlobal and alActiveSessionEntry sub fields. Again, this image is a screenshot from the MG Soft MIB browser showing the tree structure of the Cisco MIBs. 8 Haf Saba – Attachmate | NetIQ SNMP Script Configuration We will go through each of the SNMP scripts that are being used to determine how to collect data and/or event on the appropriate information. There are two types of scripts being used: Snmp_SyncGet and Snmp_SyncGetTable. By default each of the scripts is designed with the following values. Raise event if SNMP timeout exceeded? Yes o Severity 25 Raise event if SNMP Response error occurred? Yes o Severity 40 These settings are on a lower severity so as not to be considered “severe” events in the environment but rather problems with AppManager’s scripts or inherent network issues. SNMP_SyncGet Scripts. These scripts perform a simple poll for one value of data. You can make a copy of this script and use it to monitor any additional value you can poll on. Note: It is important to emphasize the leading “.” in an OID address if using this script otherwise the OID will not be read correctly. (See examples below) Note: Each script has been copied from the original SNMP_SyncGet script and given a new name. 9 Haf Saba – Attachmate | NetIQ ActiveSessionCount This KS monitors the count of active sessions at any given time on any VPN. The OID value for session counts is: .1.3.6.1.4.1.3076.2.1.2.17.1.1.0 The script will label the units as “Active Sessions” with a threshold of 200. 10 Haf Saba – Attachmate | NetIQ ActiveSessionCountRAS This script is designed to count the number of active remote access sessions via VPN to a RAS VPN server. The OID for remote access session counts is: .1.3.6.1.4.1.3076.2.1.2.17.1.9.0 Units are labeled as “Active Remote Access Sessions” with a threshold of 200. 11 Haf Saba – Attachmate | NetIQ TotalActiveTunnelCountPhase1 This script is designed to count the Phase 1 IPSec Tunnels that have been created. The OID for Phase 1 counts is: .1.3.6.1.4.1.9.9.171.1.2.1.1.0 Units are labeled “Phase 1 Active Tunnels” with a threshold of 200 12 Haf Saba – Attachmate | NetIQ TotalActiveTunnelCountPhase2 This script is designed to count the Phase 2 IPSec Tunnels that have been created. The OID for Phase 2 counts is: .1.3.6.1.4.1.9.9.171.1.3.1.1.0 Units are labeled “Phase 2 Active Tunnels” with a threshold of 200 13 Haf Saba – Attachmate | NetIQ VPN_CPU_Load This script measures the CPU Utilization of the Concentrator. The OID for this value is: .1.3.6.1.4.1.3076.2.1.2.25.1.2.0 Units are labeled as “%” with a threshold of 60. Note: So as not to event on a “spike” in utilization, this script is using the advanced properties set as follows: “Raise event if condition exists 3 times within 3 job iterations”. Since this script runs every 5 minutes, it will require a CPU load above the threshold for 15 minutes before generating an event. 14 Haf Saba – Attachmate | NetIQ VPN_CPU_Temp This script measures the CPU Temperature of the Concentrator. The OID for this value is: .1.3.6.1.4.1.3076.2.1.2.22.1.29.0 Units are labeled as “Centigrade” with a threshold of 40. 15 Haf Saba – Attachmate | NetIQ VPN_CPU_Voltage This script measures the CPU Voltage of the Concentrator. The OID for this value is: .1.3.6.1.4.1.3076.2.1.2.22.1.1.0 Units are labeled as “Centivolts” with a threshold of 160 minimum and 200 maximum. 16 Haf Saba – Attachmate | NetIQ VPN_FanSpeed1 This script measures the fan speed of Fan 1 of the Concentrator. The OID for this value is: .1.3.6.1.4.1.3076.2.1.2.22.1.37.0 Units are labeled as “rpm” with a threshold of 1 minimum and no maximum. 17 Haf Saba – Attachmate | NetIQ VPN_FanSpeed2 This script measures the fan speed of Fan 2 of the Concentrator. The OID for this value is: .1.3.6.1.4.1.3076.2.1.2.22.1.41.0 Units are labeled as “rpm” with a threshold of 1 minimum and no maximum. SNMP_SyncGetTable Scripts. These scripts perform a poll for values of data on multiple rows of a table. You can make a copy of this script and use it to monitor any additional table values you can poll on. This script uses a combination of “descriptive” and “data” OIDs to poll accordingly. Using this method, you can then get a value for a line of a table along with the index name for that 18 Haf Saba – Attachmate | NetIQ entry. The merging of these values returns data that gives more meaning to the report or chart data. (See examples below) ActiveSessionConnectTime This script takes values from the Active Session Table and uses them against an IP address for that value to match to a connection time. The value returned is in seconds and it converted to minutes by using the “divisor” option with a value of “60”. There is no threshold for this script as it is used purely for reporting purposes. Descriptive ODE: alActiveSessionIndex,alActiveSessionPublicIpAddress Data ODE: alActiveSessionConnectTime 19 Haf Saba – Attachmate | NetIQ ThroughputRecdPerSession This script takes values from the Active Session Table and uses them against an IP address for that value to match to a throughput for octets received. The value returned is in octets and it converted to MB by using the “divisor” option with a value of “1048576”. (1024*1024) There is no threshold for this script as it is used purely for reporting purposes. Descriptive ODE: alActiveSessionIndex,al,ActiveSessionPublicIpAddress Data ODE: alActiveSessionOctetsRcvd 20 Haf Saba – Attachmate | NetIQ ThroughputSentPerSession This script takes values from the Active Session Table and uses them against an IP address for that value to match to a throughput for octets sent. The value returned is in octets and it converted to MB by using the “divisor” option with a value of “1048576”. (1024*1024) There is no threshold for this script as it is used purely for reporting purposes. Descriptive ODE: alActiveSessionIndex,alActiveSessionPublicIpAddress Data ODE: alActiveSessionOctetsSent 21 Haf Saba – Attachmate | NetIQ Other SNMP Scripts Snmp_DeviceReboot This script checks for a device reboot by measuring the SysUptime.0 counter between iterations. It also collects data for the uptime of a concentrator 22