CA Nimsoft Monitor snmptd Guide v3.0 series
Legal Notices Copyright 2013, CA. All rights reserved. Warranty The material contained in this document is provided "as is," and is subject to being changed, without notice, in future editions. Further, to the maximum extent permitted by applicable law, Nimsoft LLC disclaims all warranties, either express or implied, with regard to this manual and any information contained herein, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. Nimsoft LLC shall not be liable for errors or for incidental or consequential damages in connection with the furnishing, use, or performance of this document or of any information contained herein. Should Nimsoft LLC and the user have a separate written agreement with warranty terms covering the material in this document that conflict with these terms, the warranty terms in the separate agreement shall control. Technology Licenses The hardware and/or software described in this document are furnished under a license and may be used or copied only in accordance with the terms of such license. No part of this manual may be reproduced in any form or by any means (including electronic storage and retrieval or translation into a foreign language) without prior agreement and written consent from Nimsoft LLC as governed by United States and international copyright laws. Restricted Rights Legend If software is for use in the performance of a U.S. Government prime contract or subcontract, Software is delivered and licensed as "Commercial computer software" as defined in DFAR 252.227-7014 (June 1995), or as a "commercial item" as defined in FAR 2.101(a) or as "Restricted computer software" as defined in FAR 52.227-19 (June 1987) or any equivalent agency regulation or contract clause. Use, duplication or disclosure of Software is subject to Nimsoft LLC s standard commercial license terms, and non-dod Departments and Agencies of the U.S. Government will receive no greater than Restricted Rights as defined in FAR 52.227-19(c)(1-2) (June 1987). U.S. Government users will receive no greater than Limited Rights as defined in FAR 52.227-14 (June 1987) or DFAR 252.227-7015 (b)(2) (November 1995), as applicable in any technical data. Trademarks Nimsoft is a trademark of CA. Adobe, Acrobat, Acrobat Reader, and Acrobat Exchange are registered trademarks of Adobe Systems Incorporated. Intel and Pentium are U.S. registered trademarks of Intel Corporation. Java(TM) is a U.S. trademark of Sun Microsystems, Inc. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Netscape(TM) is a U.S. trademark of Netscape Communications Corporation. Oracle is a U.S. registered trademark of Oracle Corporation, Redwood City, California. UNIX is a registered trademark of the Open Group. ITIL is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. For information on licensed and public domain software, see the Nimsoft Monitor Third-Party Licenses and Terms of Use document at: http://docs.nimsoft.com/prodhelp/en_us/library/index.htm?toc.htm?1981724.html.
Contact CA Nimsoft Contact CA Support For your convenience, CA Technologies provides one site where you can access the information that you need for your Home Office, Small Business, and Enterprise CA Technologies products. At http://ca.com/support, you can access the following resources: Online and telephone contact information for technical assistance and customer services Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your product Providing Feedback About Product Documentation Send comments or questions about CA Technologies Nimsoft product documentation to nimsoft.techpubs@ca.com. To provide feedback about general CA Technologies product documentation, complete our short customer survey which is available on the CA Support website at http://ca.com/docs.
Contents Chapter 1: snmptd 3.0 7 snmptd Overview... 7 Chapter 2: snmptd Probe Deployment 9 Supported Platforms... 9 System Requirements... 9 Software Requirements... 9 Monitoring System Requirements... 10 Probe Deployment Information... 10 Installation Notes... 10 Chapter 3: snmptd Configuration 11 Probe Defaults... 11 Probe GUI... 12 Left Pane... 12 Right Pane... 14 Toolbar... 14 Probe Configuration... 14 Add New Profile... 15 Add New PDU Variable Comparison Rule... 17 Variable Expansion... 20 General Setup... 21 SNMP Trap Monitor... 25 Launch the MIB Setup Wizard... 28 User/Security Manager... 31 MIB Trap Browser... 32 Chapter 4: snmptd QoS Metrics 33 Contents 5
Chapter 1: snmptd 3.0 This description applies to the snmptd probe version 3.0. This section contains the following topics: snmptd Overview (see page 7) Documentation Changes (see page 8) snmptd Overview The snmptd probe enables you to receive SNMP trap messages from other monitoring tools. You can then generate alarms that are based on those messages. The snmptd probe acts as a gateway from the SNMP environment into Nimsoft, converting SNMP-TRAPs to the Nimsoft messages. Most network devices, such as routers, switches, and bridges are SNMP driven. The devices report error conditions as SNMP-TRAPs, which are sent to a directed UDP port (162) in the network. The SNMP-TRAPs can be sent to a management station, for example, HP OpenView Network Node Manager. The snmptd probe listens to port 162 and converts the incoming traps according to the defined profiles. Note: By default, the port number is 162, but it is configurable. Chapter 1: snmptd 3.0 7
snmptd Overview Documentation Changes This table describes the version history for this document. Version Date What's New? 3.0 June 2013 Added the description for the feature of prepopulating the OIDs to be monitored for unidentified received traps while creating the profile. Added the description for the feature to use the source address or the agent address to associate a trap to a device. Added the description for the merged cim_traps probe profiles and dom_traps probe profiles with the snmptd probe. Added a variable $MIB_DESCR to provide the actual trap description that is defined in the MIB. Added the Select Module to Display option to filter the traps for a selected module. Added probe defaults section. 2.1 July 2012 Fixed the following: The SNMPv2/SNMPv3 TRAP details. The memory leaks. Junk character issue that comes on NAS in TRAP variables. The MIB upload issue. 2.0 December 2010 Added support for reading alarm tokens from configuration. Related Documentation Documentation for other versions of the snmptd probe (../../snmptd.html) The Release Notes for the snmptd probe Monitor Metrics Reference Information for CA Nimsoft Probes (http://docs.nimsoft.com/prodhelp/en_us/probes/probereference/index.htm) 8 snmptd Guide
Chapter 2: snmptd Probe Deployment This section contains the system requirements and deployment information for the snmptd probe. This section contains the following topics: Supported Platforms (see page 9) System Requirements (see page 9) Software Requirements (see page 9) Monitoring System Requirements (see page 10) Probe Deployment Information (see page 10) Installation Notes (see page 10) Supported Platforms The snmptd probe supports the same set of operating systems and databases as supported by the Nimsoft Server solution. Please refer to the Nimsoft Compatibility Support Matrix for the latest information on supported platforms. See also the Support Matrix for Nimsoft Probes, for additional specific information on the snmptd probe. System Requirements The snmptd probe can be installed on systems with the following minimum resources: Memory: 2-4 GB of RAM. The OOB configuration of the probe requires 256 MB of RAM CPU: 3-GHz dual core processor (32 bit or 64 bit) Software Requirements The snmptd probe requires the following software environment: Nimsoft Monitor Server 5.1.1 to 6.5 Nimsoft Robot 5.23 to 5.70 JRE 1.6.26 Chapter 2: snmptd Probe Deployment 9
Monitoring System Requirements Monitoring System Requirements The snmptd probe monitors the incoming SNMP-TRAP messages that are received from other monitoring tools and converts them to Nimsoft messages. Probe Deployment Information There are two ways to distribute archive packages. You can distribute the package within Infrastructure Manager or use the standalone Nimsoft Distribution application.see Probe Deployment for more information on deploying probes. Installation Notes While upgrading the probe from snmptd probe version 2.0 to version 3.0, the probe merges the SNMPv3 and SNMPv2 checkpoints. If the checkpoints have same names in the SNMPv2 and SNMPv3 sections, the SNMPv2 checkpoint configuration takes precedence. As a result, SNMPv2 settings override the SNMPv3 settings. 10 snmptd Guide
Chapter 3: snmptd Configuration You can configure the snmptd probe to trigger an alarm for an incoming SNMP-TRAP. You can define the severity levels, subsystem identification, and a powerful variable expansion scheme for this alarm. In addition to generating an alarm, the snmptd probe can generate a Nimsoft message that is published under the subject "SNMP-TRAP". The alarm is useful whenever SNMP parsing requirements or correlation is needed. The snmptd probe is also capable of relaying all version 1 SNMP-TRAPs to a list of other SNMP-TRAP managers. Note: The probes that support SNMP on Linux are interface_traffic, snmptd, and snmpget. These probes use the SNMP library that can cause newer Linux systems to issue the following message in the console log: process snmptd is using obsolete setsockopt SO_BSDCOMPAT The preceding message is an informational message from the network portion of the glibc library. The message informs that an unsupported flag is being sent to the setsockopt function. If the library ignores the flag, you can safely ignore this flag. The reason for this message is that the SNMP library must support older versions of glibc which required this flag for sockets to work correctly. Important! The field description for intuitive terms in the GUI has not been included in the document. This section contains the following topics: Probe Defaults (see page 11) Probe GUI (see page 12) Probe Configuration (see page 14) Probe Defaults At the time of deploying a probe for the first time on the robot, some default configuration are deployed automatically. These probe defaults are Alarms, QoS, Profiles, and so on, which save time to configure the default settings. The default QoS available when you install the probe for the first time is QOS_SNMPTD. Chapter 3: snmptd Configuration 11
Probe GUI Probe GUI The snmptd probe GUI contains the following three sections: The left pane that displays the registered enterprises. The right pane that displays the trap definitions available to the selected enterprise. The toolbars that contain five buttons for configuring the probe. Left Pane The left pane indicates the registered enterprises. The enterprise identifies the type of object causing the trap. A list of registered enterprise numbers is available at http://www.iana.org/assignments/enterprise-numbers. 12 snmptd Guide
Probe GUI The left pane consists of the following folders: V1 Traps Contains the profiles for SNMPv1 traps. The V1 Traps folder contains two default profiles, which are Default/Standard SNMP Traps and Nimsoft Traps Examples. This folder further contains the following subfolders: CIM Traps Contains the profiles for the SNMP traps sent from HP or Compaq Insight Manager. Using these profiles, you can convert the HP or Compaq Insight Manager messages to Nimsoft alarms. DOM Traps V2 & V3 Traps Contains the profiles for the SNMP traps sent from Dell OpenManage. Using these profiles, you can convert the Dell OpenManage messages to Nimsoft alarms. Contains the profiles for SNMPv2 and SNMPv3 traps. The V2 & V3 Traps folder contains two default profiles, which are IF-MIB and SNMPv2 Traps (unknown MIB). To add, edit, delete, or rename entries, right-click in the Enterprise identifier list and click the required option from the context menu. Note: You cannot create an Enterprise identifier for V2 and V3 traps. The probe automatically arranges the V2 and V3 traps that are based on the MIB module. The selection of the New or Edit menu item in the enterprise definition list opens the following dialog. The Enterprise dialog contains the following field: Enterprise identifier Specifies the identification (OID) for the enterprise. Note: You can enter only numeric characters in this text box. Chapter 3: snmptd Configuration 13
Right Pane When you select an enterprise identifier in the left pane, all the available profiles that are associated with that identifier appear in the right pane. To add, edit, delete, or rename a profile, right-click in the list and click the required option from the context menu. Toolbar The toolbar contains the following buttons (from left to right): General Setup Start the SNMP Trap Monitor Launch MIB Setup Wizard User/Security Manager Launch MIB Trap Browser Probe Configuration This section describes the configuration concepts and procedures for setting up the snmptd probe. You can configure the snmptd probe by double-clicking the line representing the probe in the Infrastructure Manager. The configuration tool for the probe opens. 14 snmptd Guide
Add New Profile You can configure the probe to add a profile for monitoring the SNMP v1, v2, and v3 traps and convert to the Nimsoft SNMP-TRAP messages. You can create profiles manually, or you can capture incoming SNMP-TRAPs, using the SNMP Trap Monitor. You can also generate profiles using the contents of the SNMP-TRAP. Follow these steps: 1. Open the snmptd probe configuration GUI in the Infrastructure Manager. 2. Select the Enterprise identifier in the left pane for which you want to create a profile. 3. In the right pane, right-click in the profile list and select New. The following profile property dialog appears. Chapter 3: snmptd Configuration 15
4. Enter the field information and click OK. The new profile is created for monitoring the SNMP-TRAPs and converting them into the Nimsoft messages. Note: You can also create a profile using the right-click options available in the SNMP Trap Monitor and the MIB Trap Browser. The New Trap dialog contains the following fields: Generic trap type Specifies the type of the trap (generic) to which this profile applies. Note: This field applies to SNMP v1 traps only. Specific trap number Specifies the Enterprise specific trap number. Note: This field applies to SNMP v1 traps only. Convert to Nimsoft SNMP-TRAP message Converts the incoming trap to a Nimsoft message (published under the subject SNMP-TRAP). Log trap to file Logs the incoming trap to the "trap.log" log file. Send QoS on number of traps Sends the QoS messages on the number of traps. The source is the IP address and target is the trap name or OID and specific trap number, if available. A QoS message indicates the number of times a specific trap has been received during the interval. By default, the interval is 1 minute and can be set under the Setup tab. Convert to Nimsoft Alarm Default Converts the incoming trap to an alarm. Message Text Specifies the alarm message text. The variable can be expanded using $. Subsystem Specifies the subsystem identifier of the alarm. 16 snmptd Guide
PDU Variable Rules Sets one or more rules to check the contents of the PDU (Protocol Data Units). This feature is useful for knowing the contents of the PDU. You can perform the new, edit, delete, move up, and move down functions in this tab. Note: If you create the profile using the SNMP Trap Monitor, the PDU Variable Rules tab contains some predefined variables. When you create new PDU variable rules, the OID values are generated on using the predefined variable values for that profile. Process all rules Selects all the defined PDU rules regardless of any matching conditions. Clearing this option results in stopping the processing of the rules when a match is found. Send Default message if no match Advanced Allows you to send the default message that is defined under the Default tab. This message is sent if the trap is received and no match occurs for the conditions that are set as the PDU variable rules. If you clear this check box, the default message is not sent. The purpose of this check box is to enable the alarms on traps when the conditions, as given by PDU variable rules, are matched. By default, this check box is selected for new profiles. Alarm source Specifies the originator of the alarm. You can use the variable expansion ($) in this field. Alarm suppression key Groups several alarm messages into a single message. You can use the variable expansion ($) in this field. Use Agent IP as Source Sets the agent IP address as the originator of the alarm. If you select this check box, the Alarm Source field is disabled. Note: This check box is available only for SNMP v1 traps. Add New PDU Variable Comparison Rule The PDU Variable Rules tab allows you to set up one or more rules to check the contents of the PDU (Protocol Data Units). You can add or edit a rule to check the varbind values in the content of the incoming traps. Chapter 3: snmptd Configuration 17
For example, an incoming trap is sent from a printer. Some printers send a specific trap to indicate, for example, "Toner Low". Other printers send a general trap with a variable indicating "Toner Low". You can then use the PDU variable rules to check the value of the variable. You can also use the "Trap sniffer" to display the contents of the incoming traps. Follow these steps: 1. Double-click the profile for which you want to add a PDU variable rule. 2. Select the PDU Variable Rules tab in the profile properties dialog. 3. Right-click in the list of variables and select New from the context menu. 18 snmptd Guide
The PDU Variable Comparison Rule dialog appears. 4. Enter the field information. 5. Click OK to save the PDU Variable Comparison rule. You have now created the PDU Variable Comparison rule for checking the varbind values of the profile. Chapter 3: snmptd Configuration 19
Variable Expansion The SNMP-TRAP contains many elements, such as the Enterprise identifier, community string, trap types (generic and specific), and a variable list. The snmptd probe provides the means of extracting this information from the SNMP-TRAP as variables. You can use this information as part of the alarm message body. When you type $ (a dollar sign) in the Message text box, the following list of variables appears: $E $C Defines the enterprise identification. Defines the community string. $IP Defines the source IP address. $GENERIC_TYPE Returns the generic trap type, which is a number. 20 snmptd Guide
$SPECIFIC_TYPE Returns the specific trap type (used if the trap is an Enterprise Specific (6) trap). $TRAP_DESCR Represents a string describing the SNMP-TRAP generic type. $MIB_DESCR Provides the trap description that is defined in the MIB file. $NUM_VARIABLES Indicates the number of variables in the SNMP-TRAPs. $VARIABLES Indicates that all variables in the SNMP-TRAP are expanded. $n, where n > 0 Expands into the variable at position n. For example, $1 expands the first variable. $VARIABLE_DUMP Functions identical to $VARIABLES, but includes the variable position. $OID Sets the object ID as a parameter. General Setup You can launch the Setup dialog using the General Setup button on the toolbar. The Setup dialog contains the Setup tab and the Generic tab. Chapter 3: snmptd Configuration 21
Setup Tab The Setup tab allows you to configure the general setup parameters for the probe. The Setup tab contains the following fields: SNMP TRAP Ports Specifies the UDP port for listening. Multiple ports can be specified in a comma-separated list. SNMP Relay targets Specifies a comma-separated list of IP addresses or host names that receives relayed SNMP-TRAPs. Log Level Log Size Sets the level on which the probe logs information to its log file. Specifies the maximum size (in KB) for the log file. Enable Name Resolution Enables the probe to resolve a host name into an IP address (if a host name is specified in the SNMP Relay targets field). Enable Generic Enables the Generic tab. By default, this tab is disabled. 22 snmptd Guide
Remove Double Quotes Removes double quotes from the string variable values. Interval for sending QoS on traps Specifies the interval after which the probe sends QoS messages on the number of traps. By default, the interval is 1 minute. Generic Tab The Generic tab allows you to configure the probe for converting SNMP-TRAP to Nimsoft message and sending QoS messages and alarms. The Generic tab contains the following fields: Convert to Nimsoft SNMP-TRAP message Converts the incoming trap to a Nimsoft message. The message is published under the subject SNMP-TRAP. Log trap to file Logs the incoming trap to the "trap.log" log file. Chapter 3: snmptd Configuration 23
Send QoS on number of traps Allows you to send the QoS messages that are based on the number of traps. Here, the source is the IP address and target is the trap name or OID and specific trap number, if available. A QoS message is sent based on the number of times a specific trap has been received during the interval. By default, the interval is 1 minute and it can be set through the Setup tab. Convert to Nimsoft Alarm Default Converts the incoming trap to an alarm. Message Text Specifies the message text for the alarm. The variable can be expanded using $. Subsystem Advanced Specifies the subsystem identifier of the alarm. Alarm Source Specifies the originator of the alarm. The variable can be expanded using $. Alarm Suppression Key Groups several alarm messages into a single message. The variable can be expanded using $. 24 snmptd Guide
SNMP Trap Monitor You can launch the SNMP Trap Monitor dialog by clicking the Starts The SNMP Trap Monitor button in the toolbar. The SNMP Trap Monitor dialog is used to capture the incoming SNMP-TRAPs. You can also generate profiles using the contents of the SNMP Trap Monitor. The toolbar in the SNMP Trap Monitor dialog contains the following buttons (from left to right): Start Starts the SNMP-TRAP monitor. Stop Stops the SNMP-TRAP monitor. Clear the event list Clears all entries in the SNMP-TRAP list. Chapter 3: snmptd Configuration 25
Block multiple instances of the same trap Prevents the list from being filled with multiple instances of the same trap. A trap appears in the list only once. The Count column in the list indicates the number of times the trap has been received. Edit trap profile Opens the trap properties dialog for the selected trap enabling you to edit the properties. View trap details Opens the window with information about the selected trap. You can engage an SNMP-TRAP "sniffer" in the snmptd probe by clicking the Start button. A green diode indicates that "sniffing" is in progress. All traps (known as well as unknown) appear in the list. Unknown SNMP-TRAPs (traps without a profile) are indicated with a question mark. To create a profile of the unknown SNMP-TRAP, right-click and select the Create profile option from the context menu. Note: The profile changes are active only on restarting the probe. 26 snmptd Guide
Right-clicking in the list allows you to perform the following functions: View the details of the selected trap Edit the selected profile Copy the selected profile to the clipboard (multiselect supported) Chapter 3: snmptd Configuration 27
The SNMP-TRAP is decoded and displayed by selecting the Trap Details from the right-click menu (or by double-clicking the list element). A list of SNMP-TRAP variables appears. Launch the MIB Setup Wizard Management Information Bases (MIBs) are a collection of definitions, which define the properties of the managed object within the device to be managed. Every managed device keeps a database of values for each of the definitions that are written in the MIB. An MIB can be regarded as an information warehouse. Running the MIB Setup Wizard helps you to upload and install the MIB files from Internet. You can also add or remove the MIB files from your local MIB repository. Note: The MIB files that are uploaded from the Internet can contain errors and references to other MIB files. The MIB files with errors are not uploaded at the probe start-up. The MIB is included in the probe distribution and is stored in the Program Files/Nimsoft/MIBS folder. Follow these steps: 1. Click the Launch MIB Setup Wizard button in the toolbar. 28 snmptd Guide
The MIB Setup Wizard dialog appears. 2. Click the link for downloading and storing the MIB files locally on your computer. Chapter 3: snmptd Configuration 29
3. Click Next. The dialog for Step 1 appears. 4. Click the green plus button for adding the MIB files, which you have downloaded (if any) to your MIB repository. 5. Click the red cross button for removing the MIB files from your MIB repository. Note: You can also select multiple MIB files from a folder (using Windows explorer) and drag and drop them onto the list in the wizard. 6. Click Next. The dialog for Step 2 appears. 7. Select the Reload new MIBS on Finish check box and click Finish to activate your modifications. You have now added or removed the required MIB files from your local MIB repository. You have also notified the probe of the changes to the MIB directory. 30 snmptd Guide
User/Security Manager You can launch the Security Properties dialog by clicking the User/Security Manager toolbar button. The Security Properties dialog appears enabling you to specify the following security aspects: Community: The SNMP-TRAP v1 contains community strings. Here you can specify the incoming traps that the snmptd probe accepts. Normally, the community string Public is used. A * (or no community string at all) means that all incoming traps are accepted. User: This tab applies to SNMP v3 only. If there is a SNMPv3 trap, the message is rejected unless the SNMPv3 user sending the trap is defined. You can refer the user using a combination of the name of the user and an identifier for the given SNMP application that you are talking to (called an "EngineID"). Denied Hosts: This tab allows you to define a list of hosts from where the probe does not accept incoming traps. You can specify one or more specific IP addresses. Else, you can specify a subnet of the form 193.71.55.XX, where all hosts on the subnet are denied. Note: A context menu is available for all three tabs (Community, User, and Denied Hosts) to perform New, Add, and Delete functions. The plus or cross toggle button allows you to add or delete definitions from the lists. Chapter 3: snmptd Configuration 31
MIB Trap Browser You can launch the MIB Trap Browser by clicking the Launch the MIB Trap Browser button on the toolbar: The MIB Trap Browser dialog appears enabling you to view all the traps that are enabled in the MIB. You can filter the traps for a selected module by using the Select Module to Display option. To create or delete a profile from the list of traps, right-click the trap and click the required option from the context menu. 32 snmptd Guide
Chapter 4: snmptd QoS Metrics The following table describes the QoS metrics that can be configured using the snmptd probe: Monitor Name Units Description QOS_SNMPTD Traps Traps Chapter 4: snmptd QoS Metrics 33