SNMPv3 Informs

In a recent monitoring project we had to set up SNMPv3 informs to be sent from the servers in the data center to our monitoring system. Since I found no really convincing documentation in the net I decided to write something here how to receive SNMPv3 with snmptrapd and how to send informs from the DISMAN part of the net-snmp agent.

Motivation

A monitoring system does scale if most of the checks are done on the devices and only errors are reported to the monitoring system. The SNMP eco system offers traps for this purpose. Traps are generated on the devices in case of a special event (fan broke, link down, ...) and are sent to the central monitoring system. A trap daemon revieces these traps and feeds it into the monitoring system.

In SNMPv2c offers informs instead of traps. Informs are acknowleged by the trap receiver. So the SNMP agent can be sure that its cry for help was heard. SNMPv3 inherited the informs but also offers authentication and encryption to proctet the information.

In this article I want to show how to set up a SNMPv3 inform receiver with the snmpdtrapd of the net-snmp package. In a next step I will show how to send out SNMPv3 informs from the the DISMAN part of the net-snmp agent.

Receiving SNMPv3 Informs

But first let us set up the trap receiver. Sending out the information is no fun if we have no means to verify the information on the other end. The snmptrapd comes with the net-snmp software. After installation the daemon reads its configuration from the file /etc/snmp/snmptrapd.conf. To make the service listen to encrypted informs enter

createUser   informuser   SHA              verysecret   AES
authUser     log          informuser       authPriv

Please make sure that you password for SNMPv3 is at least 8 characters long. After a restart of the service the daemon accepts SNMPv3 authenticated and encrypted informs.

Sending Informs from the Command Line

As a test we first send a inform from the command line and check if the daemon logs it correctly.

snmptrap  -v3 -u informuser -l authPriv -a SHA -A verysecret -x AES -X verysecret -Ci 127.0.0.1 42 coldStart

The option -Ci tells the command line trap utility to send a inform instead of a trap, 42 is a upTime and coldStart is a standard NOTIFICATION we can use for the test. The rest of the options define the parameters for SNMPv3.

In the system log file the snmptrapd should show an entry like:

nms snmptrapd[14222]: <UNKNOWN> [UDP: [127.0.0.1]:55530->[127.0.0.1]:162]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42) 0:00:00.42, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart

Configuration of the SNMP Agent

If the manual generation and processing of the SNMP trap works it is time to set up your SNMP agent to send traps or better informs in case of any events. net-snmp offers the DISMAN MIB for the active part of the monitoring of the agent. If your define

defaultMonitors yes

in your snmpd.conf then the agent looks for all events regarding processes, memory, extenstion (i.e., your scripts!), disks, processor or files you defined elsewhere in you agent. Please see the DisMan Event MIB section of man snmp.conf for the details. The option

trapsess -r 0 -Ci -v 3 -u informuser -n "" -l authPriv -a SHA -A verysecret -x AES -X verysecret 127.0.0.1

tells the SNMP agent to send the informs in a case of an event to the monitoring system.

With the default options load 12 10 5 in the snmpd.conf the agent sends a trap if the system load is higher than 10 in the 5 minutes average. This is logged in the system log file as:

nms snmptrapd[14222]: <UNKNOWN> [UDP: [127.0.0.1]:16936->[127.0.0.1]:162]: Trap ,
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (5820200) 16:10:02.00,
SNMPv2-MIB::snmpTrapOID.0 = OID:
DISMAN-EVENT-MIB::mteTriggerFired,
DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: laTable,
DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING: ,
DISMAN-EVENT-MIB::mteHotContextName.0 = STRING: ,
DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::laErrorFlag.2,
DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 1,
UCD-SNMP-MIB::laNames.2 = STRING: Load-5,
UCD-SNMP-MIB::laErrMessage.2 = STRING: 5 min Load Average too high (= 10.00)

Please feel free to contact me ms@sys4.de if you have any further questions.


Kommentare

Kommentare deaktiviert.