When an environment gets beyond a certain size or level of complexity, it becomes more difficult to monitor closely....
In situations like this, it's best to set up a monitoring system to make sure everything runs smoothly. One of the key technologies involved in monitoring an environment with diverse systems is Simple Network Management Protocol, the protocol that governs network management and monitors network devices. Simple Network Management Protocol does this by gathering and sorting data, including errors, traffic statistics, uptime and more. You can also use Simple Network Management Protocol to set up configuration documents to configure hosts.
In this article, I'll show you how to implement a basic Simple Network Management Protocol (SNMP) setup with specific focus on gathering and reporting. For reference, SNMP collects all of its data using User Datagram Protocol on port 161.
Before experimenting, ensure that you've correctly configured any firewalls between the source and destination. This setup doesn't address the security considerations of a production environment.
There are essentially two sets of configurations used within SNMP: the community strings read and read-write. The read strings can be read by any application that can talk SNMP. The read-write SNMP configuration allows a user to set values and should be protected by a username and password.
To begin, set up the free Observium SNMP management software -- instructions can be found on the Observium website. If you'd like to give it a test run first, you can use the prebuilt downloadable open virtualization format implementation. You can easily have it up and running in under 10 minutes. I'll be using this version for the tutorial.
Once the server is powered on, there will be several screens to fill in with straightforward information. You can see my configuration setup in Figure A; yours will obviously differ, but it provides a good overview.
Once you've run the setup and are ready to configure Observium, retrieve information from the hosts that you want to monitor. The public community string we're going to use is "mycommunity01." You'll need to set all the hosts you intend to monitor to this string -- I don't recommend using the default vendor string.
Adding an item to Observium
Log in to Observium using the admin username and the password you set up when configuring the Observium server. Add a device by going to the Devices menu and selecting Add device. If the firewall doesn't allow you to ping the device, tick the box to skip Internet Control Message Protocol checks.
Once added, an entry should look something like Figure B. Note that it can take up to 15 minutes to get data back.
Now let's discuss how to configure this device to pull data from a VMware, Linux or Windows host. You can also scan a network to pick up SNMP-capable servers, devices that have been configured with the appropriate public strings and the service started.
To pull data from a Linux host, log in to your guest with Secure Shell (SSH) and, assuming it's a Debian-based system, use apt-get to install the required components:
sudo apt-get install snmpd –y
The configuration file may initially look intimidating, but you can pare it down to just the essential items. Rename the /etc/snmpd.conf and use the command sudo vi /etc/snmpd.conf.
The three lines that will give a decent base configuration are as follows:
syslocation "My DC, MyTown"
Pulling data from a Windows host is a little trickier because Windows doesn't support SNMP out of the box. To configure a Windows 2012 server to use SNMP, you need to install the components that make up the service. To install it, do the following:
1) Open the server management console;
2) Select Add roles and features;
3) Click Next;
4) Select Role based or feature based installation, and then click Next;
5) Click Next on destination server query;
6) Select SNMP service and accept the additions, click Add Features and finish the wizard;
7) Open the services management console, SNMP service properties and edit the community string to the string we selected before;
8) Configure the server; and
9) Start/restart the service.
At this point, you can manually add Simple Network Management Protocol as you would any other device.
With VMware, setting up ESXi monitoring is slightly more involved, but not overbearing; you don't need to install any components, but there are a few you need to enable. To enable SNMP, do the following:
1) Enable SSH on the server in question.
2) Log in using SSH and the root account and password.
3) At this point, issue the following series of commands, substituting your own configuration details:
esxcli system snmp set -r
esxcli system snmp set -c mycommunity01
esxcli system snmp set -p 161
esxcli system snmp set -L "MyDC, MyTown"
esxcli system snmp set -C email@example.com
esxcli system snmp set -e yes
If you follow these steps, the data should be available to you.
Most appliances have a built-in functionality to enable SNMP. If SNMP isn't enabled through the GUI, it's straightforward to install and configure using the Linux example above as a base template.
In summary, Simple Network Management Protocol is useful for monitoring your estate and alerting you to any unusual issues or situations such as a host reboot or failed device. There's a lot more that can be achieved using this system and it's up to you to experiment and modify it to your specifications.
SNMP exploit in NSA cyberweapon a threat to Cisco ASA
How does SNMP monitoring augment network monitoring tools?
The importance of hardware in vendor-agnostic environments