510 likes | 814 Vues
Integrating PATROL with SNMP (Simple Network Management Protocol). Eric Anderson BMC Software Developer Connection. SNMP - Overview. Network protocols Transport layer (UDP/IP) Message protocol (ASN.1) Versions SNMPv1 SNMPv2 SNMPv3 OSI network management implementation CMIP - CMOT.
 
                
                E N D
Integrating PATROL with SNMP (Simple Network Management Protocol) Eric Anderson BMC Software Developer Connection
SNMP - Overview • Network protocols • Transport layer (UDP/IP) • Message protocol (ASN.1) • Versions • SNMPv1 • SNMPv2 • SNMPv3 • OSI network management implementation • CMIP - CMOT
UDP/IP implications (unsafe) unreliable no confirmation or guarantee order uncertain may duplicate unsecure No authentication on transport layer No verification of origin (message spoofing) No integrity (message can be tampered with) SNMP : Underlying Transport
SNMP message protocol • ASN.1 (iso 8824 - “abstract notation one”) • Does information exchange with well defined syntax • comparable in functionality with XML • BER (iso 8825) • Basic Encoding Rules • TLV (Type, Length, Value) encoding
Management Operations • Get, Get Next, Set • for SNMPv1 • Get Bulk (for SNMPv2) • Unsolicited Traps from Agent (v1) • Informs (v3 and v3)
Get Request handling • Agent gets request from mgr • listens on specific port : typically 161 • receives PDU : request ID + OID • Lookup of OID in memory • Agent sends get response • request ID • OID • error status + index • value • Similar for get-next operation • returns next OID in tree
Trap sending • SNMP Agent determines when • 7 predefined Generic trap types (0-6) • 6=enterpriseSpecfic • Send via to port 162 on trap receiving machine • Trap destinations has to be configured • Patrol : /snmp/piV1m_list
Listening for traps • Only one process can listen on a port • That means only one trap listener per system ! • Solution : • PATROL : trap demultiplexer (Dietmar Hildebrand) • No PATROL : (DIY= write your own)
MIB (Management Information Base) • The MIB file • textual description of MIB layout • Written in SMI : Structure of Managment Information • SMI (the MIB definition language) • Support for multiple datatypes • Support for data definitions : indexed tables, structures, values,...
Naming hierarchy unique identifier, down to the instance of any object 1.3.6.1.4.1.1031 is the OID of the BMC Software subtree NAMING in MIB iso 1 org 3 6 dod 1 internet 2 private 4 mgmt 1 enterprises enterpriseID 442 peer 1031 Company X BMC Whatever you like
The SNMP Manager • What is an SNMP manager ?Components : • present MIB info (display MIB files) • send requests • listen for traps
The SNMP Agent • What is an SNMP agent ? • Components : • MIB (the MIB in memory) • request handling • trap sending
Sub agent Sub agent Sub agent Multiple SNMP Agents on 1 system • Conflict : only 1 process can listen on a port • Solutions : • SMUX (SNMP Multiplexer) • AgentX - Agent Extensibility (rfc 2741) • Emanate (proprietary SNMP Research) Master Agent 161
SNMPv3 • New standardization effort for v2 with enhanced Security • User Based security model (rfc 2574)
SNMP v1 RFCs 1155 SMI 1157 protocol 1212 Concise MIB 1213 MIB2 1215 traps SNMP v2 RFCs historical See also : The Simple Web http://snmp.cs.utwente.nl/ SNMP v2C RFCs 1902-1907 SNMP v3 RFCs 1905-1907 2571-2575 2578-2580 http://www.ietf.org SNMP References
Encapsulator Applications Uses Windows SNMP API Applications Uses Windows SNMP API process Applications Uses Windows SNMP API Applications Uses Windows SNMP API Access Method SNMP Runtime Application PATROL SNMP – Windows NT PATROL Console Management Station Port 161 Port 8161 PATROL SNMP Master Agent SNMP Agent (Master) Windows Service Snmpget() SMUX Port 191 PATROL Agent With SNMP Sub Agent
Encapsulator Applications Uses Windows SNMP API Applications Uses Windows SNMP API process Applications Uses Windows SNMP API Applications Dynamically loaded into Agent space Access Method SNMP Runtime Application PATROL SNMP – UNIX PATROL Console Management Station Port 161 Port 8161 Snmpget() PATROL SNMP Master Agent SNMP Agent (Master) SMUX Port 191 PATROL Agent With SNMP Sub Agent
Master agent confusion • Only needed when accessing PATROL MIB data !! • Not needed for : • receiving traps • sending traps • get/set/walk/... operations
PATROL Agent as SNMP Manager • Receiving traps • Getting information from other SNMP agents • No Master Agent is needed for this !
Configuring PATROL for SNMP • Set the port number and community name for the PATROL SNMP Master Agent • The PATROL SNMP Master Agent/Sub-Agent model is based on an industry standard known as SMUX that allows one or more SNMP Sub-Agents to connect to a single SNMP Master Agent using a TCP SMUX port (TCP port 199 by default). • Turn on the SNMP support variable. • agent configuration variable /snmp/agent_auto_start is set to yes, the PATROL Agent starts the SNMP Sub-Agent when the PATROL Agent is started • Add the SNMP manager to the list of interested SNMPV1 managers. • The SNMP management console needs to know how to recognize PATROL traps, and what to do about them. On some consoles it involves configuration of internal rules and tables. In others it may involve configuring the "trapd.conf" configuration file. • Configure events to send SNMP traps.
SNMP support variable(s) • The SNMPStart parameter is defined within each <platform>.km. The “out of box” default setting for this parameter is the active state. If active, SNMPStart launches the PATROL SNMP Master Agent (snmpmagt) if it is not started already. SNMPStart then starts the SNMP Sub-Agent. • The configuration of the PATROL SNMP Sub Agent is controlled by the values contained in the PATROL configuration file. • On UNIX, it is $PATROL_HOME/lib/config.default • On Windows NT, it is %PATROL_HOME%\lib\ config.default • The important variables are: "/snmp/support" = { REPLACE="yes" }, "/snmp/agent_auto_start" = { REPLACE="yes" }, "/snmp/default_port" = { REPLACE="161" }, "/snmp/master_agent_port" = { REPLACE="1161" }, "/snmp/trap_port" = { REPLACE="162" }, "/snmp/sysName" = { REPLACE = "unknown" }, "/snmp/sysContact" = { REPLACE = "http://www.bmc.com" }, "/snmp/sysLocation" = { REPLACE = "BMC Software Inc." }, "/snmp/piV1m_list" = { REPLACE="" },
Master agent configuration • See file ./lib/snmpmagt.cfg • UNIX : default port 1161, community public • NT : default port 1161, community public • No need for BMC master agent if SMUX master agent available (eg. AIX) • What about HP ? • They use emanate master agent = proprietary • Run 2 master agents, one on 161 (default) and one on 1161 (Patrol)
PATROL SNMP Master Agent • The configuration of the PATROL SNMP Master Agent is controlled by the values contained in the PATROL SNMP Master Agent configuration file. • On UNIX, it is $PATROL_HOME/lib/snmpmagt.cfg. • On Windows NT, it is %PATROL_HOME%\lib\snmpmagt.cfg. • # GRAMMAR: • # • # MANAGER manager • # [SEND [ALL | NO ] TRAPS • # [TO PORT <#>] • # [WITH COMMUNITY <name>]] • # • # COMMUNITY <name> • # ALLOW op [,op]* [OPERATIONS] • # [USE encrypt ENCRYPTION] • # [MEMBERS <manager> [,<manager>]* ] • # • # manager ::= <hostname> | ipaddr • # where: hostname is defined in /etc/hosts • # • # ipaddr ::= <a.b.c.d> • # op ::= ALL | GET | SET | TRAP • # encrypt ::= NO COMMUNITY public ALLOW ALL OPERATIONS USE NO ENCRYPTION TRANSPORT ordinary SNMP OVER UDP SOCKET AT PORT 1161
PATROL Agent as SNMP sub agent • Ability to send traps • Has an accessible MIB • To access MIB, the master agent must be set up correctly
Sending traps • Automatically : • From event catalogs • Trap destinations : piV1m_List ( + /snmp/trapMibTable=yes) • Filter possibility (see config.default for filter options) • From PSL • snmp_trap_send : full control • snmp_trap_raise_std_trap : uses piV1m_List
MIB Object Groups iso (1) org (3) dod (6) internet (1) mgmt (2) Mib-2 (1) system (1) private (4) enterprises (1) bmc (1031)
OID StrLen Type applicationName 1.3.6.1.4.1.1031.1.1.1.6.1.1.0 2 string HP 1.3.6.1.4.1.1031.1.1.1.6.1.1.1 11 string PATROLAGENT 1.3.6.1.4.1.1031.1.1.1.6.1.1.2 9 string SNMP_Test 1.3.6.1.4.1.1031.1.1.1.6.1.1.3 10 string COLLECTORS 1.3.6.1.4.1.1031.1.1.1.6.1.1.4 3 string CPU 1.3.6.1.4.1.1031.1.1.1.6.1.1.5 4 string DISK 1.3.6.1.4.1.1031.1.1.1.6.1.1.6 10 string FILESYSTEM 1.3.6.1.4.1.1031.1.1.1.6.1.1.7 6 string KERNEL 1.3.6.1.4.1.1031.1.1.1.6.1.1.8 6 string MEMORY 1.3.6.1.4.1.1031.1.1.1.6.1.1.9 7 string NETWORK 1.3.6.1.4.1.1031.1.1.1.6.1.1.10 3 string NFS 1.3.6.1.4.1.1031.1.1.1.6.1.1.11 6 string PATROL 1.3.6.1.4.1.1031.1.1.1.6.1.1.12 7 string PRINTER 1.3.6.1.4.1.1031.1.1.1.6.1.1.13 7 string PROCESS 1.3.6.1.4.1.1031.1.1.1.6.1.1.14 8 string SECURITY 1.3.6.1.4.1.1031.1.1.1.6.1.1.15 3 string SMP 1.3.6.1.4.1.1031.1.1.1.6.1.1.16 4 string SWAP 1.3.6.1.4.1.1031.1.1.1.6.1.1.17 5 string USERS 1.3.6.1.4.1.1031.1.1.1.6.1.1.18 3 string LOG MIB Tables – Indexing a Table OS>%PSL print(snmp_walk("sess47", "1.3.6.1.4.1.1031.1.1.1.6.1.1")."\n"); Table Column Index Row Index
Objects Table bmc (1031) patrolMIB (1) patrolAgent (1) patrolObjects (1) objectsMask (1) r/w patrolTraps (2) objectsCwd (2) r/w agentExecuteCommand (3) objectsTable (3) na patrolConsole (2) objectsEntry (1) na variablesTable (5) objectName (1) r applicationsTable (6) objectDescr (3) r applInstTable (7) objectRowStatus (4) r/w parametersTable (8)
Browsing PATROL namespace - 1 • Set objectCwd to the tree you want to inspect • for example “/” • Go to the desired “node” • get the “objectsTable”, you see NT_CPU • set objectCwd to “/CPU” … pick inst from objectsTable • set objectCwd to “/CPU/CPU”… pick param from objectsTable • set objectCwd to “/CPU/CPU/CPUCpuUtil” • Read the wanted values • get the “variablesTable” to find all the attributes • Problem : No way to enforce a “session”, your set of objectCwd might have been overwritten !
Execute PSL through SNMP • Set variable “agentExecuteCommand” • Agent will execute immediately • Fail/Success from return value of snmp_set()
Variables Table bmc (1031) patrolMIB (1) patrolAgent (1) patrolObjects (1) objectsMask (1) objectsCwd (2) objectsTable (3) variablesTable(5) na patrolTraps (2) VariablesEntry (1) na variableName (2) r agentExecuteCommand(3) variableType (3) r variableValue (4) r/w patrolConsole (2) variableDesr (5) r/w variableRowStatus (6) r/w
Direct namespace access – Variables Table • “Hooked” on OID of : .variablesTable.variableEntry.variableValue • Need conversion of namespace variable • <length> = length of namespace variable • <conv> = ascii to value conversion of namespace variablefor example : /CPU = 47.67.80.85 • Simply get : bmc.1.1.1.5.1.4.<len>.<conv> • Result : • Fastest Namespace access • not useful for namespace “discovery” • Not “walk-able”
Applications Table bmc (1031) patrolMIB (1) patrolAgent (1) patrolObjects (1) variablesTable(5) applicationsTable(6) na applicationsEntry(1) na applicationName(1) r applicationState (2) r patrolTraps (2) applWorstInst (3) r applMasterVersion(4) r agentExecuteCommand(3) applMinorRevision (5) r applicationRowStatus (6) r patrolConsole (2) applicationOid (7) na
Browsing PATROL namespace - 2 • Look for the application in “applicationTable” • Use that index to get the instances from the application in “applInstTable” • Use both indexes to get the parameters from the “parametersTable” • Get the required attribute from your parameter • This method is “safe” but requires some processing
Applications Example applicationsTable applicationsEntry(index) applicationName OS>%PSL print(snmp_walk("sess47", "1.3.6.1.4.1.1031.1.1.1.6.1.1")."\n"); 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.0 2 string HP 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.1 11 string PATROLAGENT 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.2 9 string SNMP_Test 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.3 10 string COLLECTORS 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.4 3 string CPU 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.5 4 string DISK 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.6 10 string FILESYSTEM 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.7 6 string KERNEL 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.8 6 string MEMORY 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.9 7 string NETWORK 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.10 3 string NFS 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.11 6 string PATROL 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.12 7 string PRINTER 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.13 7 string PROCESS 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.14 8 string SECURITY 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.15 3 string SMP 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.16 4 string SWAP 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.17 5 string USERS 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.18 3 string LOG Application ID String Length Type Application Name
Instances Table patrolObjects (1) variablesTable(5) applicationsTable(6) applInstTable(7) na applInstEntry (1) na applInstName (1) r applInstRuleState (2) r applInstStatus (3) r applInstWorstParam (4) r applInstCreateIcon (5) r applInstRowStatus (6) r applInstOid (7) na applInstPApplOid (8) r applInstPInstOid (9) r
Instances Example 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.9 7 string NETWORK 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.10 3 string NFS 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.11 6 string PATROL 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.12 7 string PRINTER 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.13 7 string PROCESS 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.14 8 string SECURITY applInstTable applInstEntry(index) applInstName OS>%PSL print(snmp_walk("sess47", "1.3.6.1.4.1.1031.1.1.1.7.1.1.12")."\n"); 20000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.816 5 string lj4mv 20000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.836 3 string lp 220000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.844 8 string sweetlip 20000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.860 14 string Nutria_HPLaser Application ID Application Instance ID Application Name
Parameters Table parametersTable(8) na parametersEntry (1) na parameterAutoScale (8) r parameterName (1) r parameterState (2) r parameterYaxisMin (9) r parameterCurrentTime (3) r parameterYaxisMax (10) r parameterCurrentValue (4) r parameterRowStatus (11) r/w parameterPollingInt (5) r parameterObjId (12) na parameterRetries (6) r parameterIntValue (13) r parameterOutputMode (7) r parameterActiveStat (14) r/w parameterRunningStat (15) r/w
Parameters Example 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.11 6 string PATROL 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.12 7 string PRINTER 20000207121727 1.3.6.1.4.1.1031.1.1.1.6.1.1.13 7 string PROCESS OS>%PSL print(snmp_walk("sess47", "1.3.6.1.4.1.1031.1.1.1.7.1.1.12")."\n"); 20000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.816 5 string lj4mv 20000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.836 3 string lp 220000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.844 8 string sweetlip 20000207121828 1.3.6.1.4.1.1031.1.1.1.7.1.1.12.860 14 string Nutria_HPLaser parametersTable parametersEntry(index) parameterName applicationName applInstName OS>%PSL print(snmp_walk("sess47", "1.3.6.1.4.1.1031.1.1.1.8.1.1.12.816")."\n"); 20000207121938 1.3.6.1.4.1.1031.1.1.1.8.1.1.12.816.818 10 string PRNQLengthOS Application ID Application Instance ID Parameter ID parameterIntValue >%PSL print(snmp_walk("sess47", "1.3.6.1.4.1.1031.1.1.1.8.1.13.12.816")."\n"); 20000207122103 1.3.6.1.4.1.1031.1.1.1.8.1.13.12.816.818 integer 0 Value
Trap Table bmc (1031) patrolMIB (1) patrolAgent (1) patrolObjects (1) patrolTraps (2) patrolTrapText (1) r patrolTrapOrigin (2) r patrolTrapExtra (3) r piV1mTable (10) na piV1mIp (10) na piV1mPort (10) na piV1mCommunity (10) na piV1mRowStatus (10) r/w agentExecuteCommand(3) patrolConsole (2)
Enterprise Traps Standard Traps patrolTraps (2) patrolTrapWarmStart (1) Enterprise Traps (6) [1031.1.1.2] patrolTrapText (1) patrolInformation (1) VARIABLES {patrolTrapText, patrolTrapOrigin, patrolTrapExtra} A patrolInformation trap is sent when a corresponding event which may cause to that trap occurred. patrolTrapOrigin (2) patrolTrapExtra (3) patrolChangeStatus (2) VARIABLES {patrolTrapText,patrolTrapOrigin,patrolTrapExtra} A patrolChangeStatus is sent when a corresponding event which may cause to that trap occurred. piV1mTable (10) piV1mIp (10) patrolError (3) VARIABLES {patrolTrapText,patrolTrapOrigin,patrolTrapExtra} A patrolError is sent when a corresponding event which may cause to that trap occurred. piV1mPort (10) patrolWarning (4) VARIABLES {patrolTrapText,patrolTrapOrigin, patrolTrapExtra} A patrolWarning is sent when a corresponding event which may cause to that trap occurred. piV1mCommunity (10) piV1mRowStatus (10) patrolAlarm (5) VARIABLES {patrolTrapText,patrolTrapOrigin, patrolTrapExtra} A patrolAlarm is sent when a corresponding event which may cause to that trap occurred. patrolTrapV1Raised (10) OBJECTS{patrolTrapText} A patrolTrapV2Raised trap is sent when one of the PSL scripts calls snmp_trap()function. Traps are sent to SNMP V1 entity according to piV1mTable. patrolTrapV1StateChanged (11) OBJECTS{patrolTrapText} A patrolTrapV1StateChanged is sent when Patrol Agent changes state of one of the discovered application instances.
Trap Example patrolAlarm (5) ========== SNMP Trap Received ============= From: 172.19.204.16 (1.3.6.1.4.1.1031.1.1.2) Enterprise Specific (5) Uptime: 0 day(s) 23:34:55 (8489554) 1.3.6.1.4.1.1031.1.1.2.1.0 84 string Alarm #2 of global parameter 'NFSSNull' triggered on 'NFS.NFS'. 50 <= 100.00 <= 100 1.3.6.1.4.1.1031.1.1.2.2.0 17 string /NFS/NFS/NFSSNull 1.3.6.1.4.1.1031.1.1.2.3.0 0 string ========== End SNMP Trap Received ============= ========== SNMP Trap Received ============= From: 172.19.204.16 (1.3.6.1.4.1.1031.1.1.2) Enterprise Specific (2) Uptime: 0 day(s) 23:37:56 (8507631) 1.3.6.1.4.1.1031.1.1.2.1.0 99 string Alert on 'NFS.NFS.NFSSNull' from global parameter 'NFSSNull' cancelled; exception no longer exists. 1.3.6.1.4.1.1031.1.1.2.2.0 17 string /NFS/NFS/NFSSNull 1.3.6.1.4.1.1031.1.1.2.3.0 0 string ========== End SNMP Trap Received ============= ========== SNMP Trap Received ============= From: 172.19.204.16 (1.3.6.1.4.1.1031.1.1.2) Enterprise Specific (4) Uptime: 0 day(s) 23:40:56 (8525616) 1.3.6.1.4.1.1031.1.1.2.1.0 85 string Alarm #1 of global parameter 'NFSSReadDir' triggered on 'NFS.NFS'. 18 <= 19.19 <= 30 1.3.6.1.4.1.1031.1.1.2.2.0 20 string /NFS/NFS/NFSSReadDir 1.3.6.1.4.1.1031.1.1.2.3.0 0 string ========== End SNMP Trap Received ============= patrolTrapText patrolTrapOrigin patrolTrapExtra Source IP address Enterprise Traps (6) [1031.1.1.2] patrolChangeStatus (2) patrolWarning (4)
1st step : Starting SNMP subsystem • PATROL SNMP functionality can be stopped • snmp_agent_start() • starts SNMP support • snmp_agent_stop() • stops SNMP support • snmp_agent_config() • tells if SNMP support is active
PSL functions for SNMP managers • “All” SNMPv1 functions • snmp_(h_)get • snmp_(h_)get_next • snmp_(h_)set • Plus • snmp_walk (just loop around get_next) • No support for v2(c), v3 !! • security, bulk get, new datatypes
Return format of snmp_functions • If type is • String and first character printable • OID <tab> [strlen] <tab> “string” <tab> [actual string] • String and first character non-printable • OID <tab> [strlen] <tab> “string” <tab> [series of hex] • gauge, timeticks • OID <tab> [type] <tab> [value] <tab> “(“[hex-value]”)” • integer, oid, ipAddress • OID <tab> [type] <tab> [value]
Receiving traps • PSL functions : • snmp_trap_ignore : close all listeners (close socket) • snmp_trap_listen : start listening for traps (open socket) starts accumulating traps • snmp_trap_receive : process incoming traps (block/poll based) only 1 per agent • Functionality is based on a “gentlemen's agreement”Only one receiver for multiple KM’s • Need for a “trap dispatcher” in PATROL ?
Getting info from other SNMP Agents • What is an SNMP session in PATROL ? • snmp_open() : opens an SNMP session • snmp_close() : closes an SNMP session • snmp_config() : lists the SNMP sessions • No real session (like TCP session) because SNMP = connectionless / stateless • just a memory structure, so ... • Easier for the developer … open session once, reuse the session with the session attributes ! • Allows you to set timeouts/retries/port • Faster