5.1.2.1. SNMP
The SNMP protocol (Simple Network Management Protocol) allows us to exchange management data between network devices.
From OpenNAC Enterprise, we support both SNMP v1, SNMP v2 and SNMP v3 so that external agents can monitor the behavior of the different components. To carry out this monitoring, we will filter the IP from the firewall so that only certain authorized devices can obtain information about OpenNAC Enterprise. This way, we can have more limited visibility to external devices.
The SNMP service is configured so that the status of each of the services included in the health check can be queried. We can carry out this check for ON Core Principal/Worker, ON Analytics, ON Sensor and ON Core Proxy.
Here we have a list of the available services for consultation:
Component |
Service Name |
OID Translation (Extended Result) |
Extended Result UP Value (Integer) |
Extended Result WARNING Value (Integer) |
Extended Result DOWN Value (Integer) |
OID Translation (Extended Outline) |
Extended Outline UP Value (String) |
Extended Outline WARNING Value (String) |
Extended Outline DOWN Value (String) |
|---|---|---|---|---|---|---|---|---|---|
ON PRINCIPAL |
SYSTEM_LOAD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_LOAD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_LOAD”.1 |
OK |
WARNING |
CRITICAL |
SYSTEM_INFO |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_INFO” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_INFO”.1 |
OK |
WARNING |
||
BACKEND |
NET-SNMP-EXTEND-MIB::nsExtendResult.”BACKEND” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”BACKEND”.1 |
HTTP OK |
HTTP CRITICAL |
||
HTTP_CERTIFICATE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”HTTP_CERTIFICATE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”HTTP_CERTIFICATE”.1 |
OK |
WARNING |
CRITICAL |
|
RADIUS |
NET-SNMP-EXTEND-MIB::nsExtendResult.”RADIUS” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”RADIUS”.1 |
Service RADIUSD is UP |
Service RADIUSD is DOWN |
||
RADIUS_CERTIFICATE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”RADIUS_CERTIFICATE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”RADIUS_CERTIFICATE”.1 |
OK |
WARNING |
CRITICAL |
|
UDS |
NET-SNMP-EXTEND-MIB::nsExtendResult.”UDS” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”UDS”.1 |
OK |
CRITICAL |
||
CACHE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”CACHE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”CACHE”.1 |
Service REDIS is UP |
Service REDIS is DOWN |
||
QUEUE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”QUEUE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”QUEUE”.1 |
Service QUEUES is UP |
QUEUES is DOWN |
||
LOGCOLLECTOR |
NET-SNMP-EXTEND-MIB::nsExtendResult.”LOGCOLLECTOR” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”LOGCOLLECTOR”.1 |
OK |
CRITICAL |
||
PORTAL |
NET-SNMP-EXTEND-MIB::nsExtendResult.”PORTAL” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”PORTAL”.1 |
HTTP OK |
HTTP CRITICAL |
||
DB |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DB” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DB”.1 |
OK |
QUERY CRITICAL |
||
NTLM |
NET-SNMP-EXTEND-MIB::nsExtendResult.”NTLM” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”NTLM”.1 |
OK |
CRITICAL |
||
BACKUP |
NET-SNMP-EXTEND-MIB::nsExtendResult.”BACKUP” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”BACKUP”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_ROOT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_ROOT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_ROOT”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_VAR_LOG |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_VAR_LOG” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_VAR_LOG”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_BACKUP |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_BACKUP” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_BACKUP”.1 |
OK |
WARNING |
CRITICAL |
|
ON WORKER |
SYSTEM_LOAD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_LOAD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_LOAD”.1 |
OK |
WARNING |
CRITICAL |
SYSTEM_INFO |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_INFO” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_INFO”.1 |
OK |
WARNING |
||
BACKEND |
NET-SNMP-EXTEND-MIB::nsExtendResult.”BACKEND” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”BACKEND”.1 |
HTTP OK |
HTTP CRITICAL |
||
HTTP_CERTIFICATE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”HTTP_CERTIFICATE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”HTTP_CERTIFICATE”.1 |
OK |
WARNING |
CRITICAL |
|
RADIUS |
NET-SNMP-EXTEND-MIB::nsExtendResult.”RADIUS” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”RADIUS”.1 |
Service RADIUSD is UP |
Service RADIUSD is DOWN |
||
RADIUS_CERTIFICATE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”RADIUS_CERTIFICATE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”RADIUS_CERTIFICATE”.1 |
OK |
WARNING |
CRITICAL |
|
UDS |
NET-SNMP-EXTEND-MIB::nsExtendResult.”UDS” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”UDS”.1 |
OK |
CRITICAL |
||
CACHE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”CACHE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”CACHE”.1 |
Service REDIS is UP |
Service REDIS is DOWN |
||
QUEUE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”QUEUE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”QUEUE”.1 |
Service QUEUES is UP |
QUEUES is DOWN |
||
LOGCOLLECTOR |
NET-SNMP-EXTEND-MIB::nsExtendResult.”LOGCOLLECTOR” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”LOGCOLLECTOR”.1 |
OK |
CRITICAL |
||
PORTAL |
NET-SNMP-EXTEND-MIB::nsExtendResult.”PORTAL” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”PORTAL”.1 |
HTTP OK |
HTTP CRITICAL |
||
CAPTIVE_PORTAL |
NET-SNMP-EXTEND-MIB::nsExtendResult.”CAPTIVE_PORTAL” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”CAPTIVE_PORTAL”.1 |
OK |
CRITICAL |
||
CAPTIVE_PORTAL_THEMES |
NET-SNMP-EXTEND-MIB::nsExtendResult.”CAPTIVE_PORTAL_THEMES” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”CAPTIVE_PORTAL_THEMES”.1 |
OK |
CRITICAL |
||
DB |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DB” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DB”.1 |
OK |
QUERY CRITICAL |
||
DBREPLICATION |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DBREPLICATION” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DBREPLICATION”.1 |
Service MYSQL Replication is UP |
Service MYSQL Replication is WARNING |
Service MYSQL Replication is DOWN |
|
COLLECTD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”COLLECTD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”COLLECTD”.1 |
PROCS OK |
PROCS CRITICAL |
||
FILEBEAT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”FILEBEAT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”FILEBEAT”.1 |
PROCS OK |
PROCS CRITICAL |
||
DHCPHELPERREADER |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DHCPHELPERREADER” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DHCPHELPERREADER”.1 |
PROCS OK |
PROCS CRITICAL |
||
NTLM |
NET-SNMP-EXTEND-MIB::nsExtendResult.”NTLM” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”NTLM”.1 |
OK |
CRITICAL |
||
AD_DOMAIN_MEMBER |
NET-SNMP-EXTEND-MIB::nsExtendResult.”AD_DOMAIN_MEMBER” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”AD_DOMAIN_MEMBER”.1 |
Join is OK |
CRITICAL |
||
WINBIND |
NET-SNMP-EXTEND-MIB::nsExtendResult.”WINBIND” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”WINBIND”.1 |
Service WINBIND is UP |
Service WINBIND is DOWN |
||
ADM_USER_PASSWD_EXPIRATION |
NET-SNMP-EXTEND-MIB::nsExtendResult.”ADM_USER_PASSWD_EXPIRATION” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”ADM_USER_PASSWD_EXPIRATION”.1 |
OK |
WARNING |
CRITICAL |
|
TIME_SYNC |
NET-SNMP-EXTEND-MIB::nsExtendResult.”TIME_SYNC” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”TIME_SYNC”.1 |
Service TIME_SYNC is OK |
CRITICAL |
||
BACKUP |
NET-SNMP-EXTEND-MIB::nsExtendResult.”BACKUP” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”BACKUP”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_ROOT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_ROOT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_ROOT”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_VAR_LOG |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_VAR_LOG” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_VAR_LOG”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_BACKUP |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_BACKUP” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_BACKUP”.1 |
OK |
WARNING |
CRITICAL |
|
ON PROXY |
SYSTEM_LOAD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_LOAD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_LOAD”.1 |
OK |
WARNING |
CRITICAL |
RADIUS |
NET-SNMP-EXTEND-MIB::nsExtendResult.”RADIUS” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”RADIUS”.1 |
Service RADIUSD is UP |
Service RADIUSD is DOWN |
||
RADIUS_CERTIFICATE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”RADIUS_CERTIFICATE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”RADIUS_CERTIFICATE”.1 |
OK |
WARNING |
CRITICAL |
|
LOGCOLLECTOR |
NET-SNMP-EXTEND-MIB::nsExtendResult.”LOGCOLLECTOR” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”LOGCOLLECTOR”.1 |
OK |
CRITICAL |
||
COLLECTD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”COLLECTD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”COLLECTD”.1 |
PROCS OK |
PROCS CRITICAL |
||
TIME_SYNC |
NET-SNMP-EXTEND-MIB::nsExtendResult.”TIME_SYNC” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”TIME_SYNC”.1 |
Service TIME_SYNC is OK |
CRITICAL |
||
BACKUP |
NET-SNMP-EXTEND-MIB::nsExtendResult.”BACKUP” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”BACKUP”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_ROOT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_ROOT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_ROOT”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_VAR_LOG |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_VAR_LOG” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_VAR_LOG”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_BACKUP |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_BACKUP” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_BACKUP”.1 |
OK |
WARNING |
CRITICAL |
|
ON ANALYTICS |
SYSTEM_LOAD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_LOAD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_LOAD”.1 |
OK |
WARNING |
CRITICAL |
CACHE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”CACHE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”CACHE”.1 |
Service REDIS is UP |
Service REDIS is DOWN |
||
LOGCOLLECTOR |
NET-SNMP-EXTEND-MIB::nsExtendResult.”LOGCOLLECTOR” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”LOGCOLLECTOR”.1 |
OK |
CRITICAL |
||
COLLECTD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”COLLECTD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”COLLECTD”.1 |
PROCS OK |
PROCS CRITICAL |
||
ELASTICSEARCH |
NET-SNMP-EXTEND-MIB::nsExtendResult.”ELASTICSEARCH” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”ELASTICSEARCH”.1 |
OK |
WARNING |
CRITICAL |
|
KIBANA |
NET-SNMP-EXTEND-MIB::nsExtendResult.”KIBANA” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”KIBANA”.1 |
Service KIBANA is UP |
Service KIBANA is DOWN |
||
LOGSTASH |
NET-SNMP-EXTEND-MIB::nsExtendResult.”LOGSTASH” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”LOGSTASH”.1 |
Service LOGSTASH is UP |
Service LOGSTASH is DOWN |
||
TIME_SYNC |
NET-SNMP-EXTEND-MIB::nsExtendResult.”TIME_SYNC” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”TIME_SYNC”.1 |
Service TIME_SYNC is OK |
Service TIME_SYNC is WARNING |
Service TIME_SYNC is CRITICAL |
|
DISK_ROOT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_ROOT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_ROOT”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_VAR |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_VAR” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_VAR”.1 |
OK |
WARNING |
CRITICAL |
|
ELASTIC_INDEX_READ_ONLY |
NET-SNMP-EXTEND-MIB::nsExtendResult.”ELASTIC_INDEX_READ_ONLY” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”ELASTIC_INDEX_READ_ONLY”.1 |
ELASTIC_INDEX_READ_ONLY is in status OK |
ELASTIC_INDEX_READ_ONLY is in status ERROR |
||
ON SENSOR |
SYSTEM_LOAD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”SYSTEM_LOAD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”SYSTEM_LOAD”.1 |
OK |
WARNING |
CRITICAL |
CACHE |
NET-SNMP-EXTEND-MIB::nsExtendResult.”CACHE” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”CACHE”.1 |
Service REDIS is UP |
Service REDIS is DOWN |
||
FILEBEAT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”FILEBEAT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”FILEBEAT”.1 |
PROCS OK |
PROCS CRITICAL |
||
DHCPHELPERREADER |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DHCPHELPERREADER” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DHCPHELPERREADER”.1 |
PROCS OK |
PROCS CRITICAL |
||
ZEEK |
NET-SNMP-EXTEND-MIB::nsExtendResult.”ZEEK” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”ZEEK”.1 |
ZEEKCTL STATUS OK |
ZEEKCTL STATUS CRITICAL |
||
COLLECTD |
NET-SNMP-EXTEND-MIB::nsExtendResult.”COLLECTD” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”COLLECTD”.1 |
PROCS OK |
PROCS CRITICAL |
||
TIME_SYNC |
NET-SNMP-EXTEND-MIB::nsExtendResult.”TIME_SYNC” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”TIME_SYNC”.1 |
Service TIME_SYNC is OK |
Service TIME_SYNC is WARNING |
Service TIME_SYNC is CRITICAL |
|
DISK_ROOT |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_ROOT” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_ROOT”.1 |
OK |
WARNING |
CRITICAL |
|
DISK_VAR |
NET-SNMP-EXTEND-MIB::nsExtendResult.”DISK_VAR” |
0 |
1 |
2 |
NET-SNMP-EXTEND-MIB::nsExtendOutLine.”DISK_VAR”.1 |
OK |
WARNING |
CRITICAL |
The above table can be viewed in more detail at OpenNAC SNMP OIDs
5.1.2.1.1. Configuration
To check the status of the services, the first step is to allow SNMP traffic in the iptables of the component we intend to monitor:
>/etc/sysconfig/iptables
# SNMP enabled
-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A INPUT -s <Source-IP> -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
<Source-IP>: IP address of the component that performs the monitoring.
Restart the iptables service after this modification executing the following command:
service iptables restart
5.1.2.1.1.1. SNMP community configuration
It is advisable to customize the “SNMP community” value. To do so, execute the following steps:
Edit the
snmpd.conffile:
[root@principal]# vi /etc/snmp/snmpd.conf
Replace the default “public” value in the following line with your new community value:
com2sec notConfigUser default public
Restart the SNMP service and check its status:
[root@principal]# systemctl restart snmpd
[root@principal]# systemctl status snmpd
You should see output similar to the following:
[root@principal]# systemctl restart snmpd
[root@principal]# systemctl status snmpd
snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; preset: disabled)
Active: active (running) since Thu 2024-09-26 13:56:27 CEST; 7s ago
Main PID: 688253 (snmpd)
Tasks: 1 (limit: 99266)
Memory: 4.1M
CPU: 49ms
CGroup: /system.slice/snmpd.service
└─688253 /usr/sbin/snmpd -LS0-6d -f
Sep 26 13:56:26 oncore09 systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Sep 26 13:56:27 oncore09 snmpd[688253]: NET-SNMP version 5.9.1
Sep 26 13:56:27 oncore09 systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..
5.1.2.1.2. Enabling SNMPv3 Configuration
To enable SNMPv3 on the OpenNAC nodes, follow these steps:
Modify the
/etc/snmp/snmpd.conffile to disable SNMPv1 and SNMPv2 by commenting out the following lines:
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
Restart the SNMPD service:
systemctl restart snmpd
Create a new user with a new password for SNMPv3 using the following command:
net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]
Example:
net-snmp-create-v3-user -ro -A <Password> -a SHA -X <Password> -x AES <User>
5.1.2.1.3. Service Status Checks
Once you have configured the SNMP protocol, there are several methods to consult the status of the services.
Check the specific status of one of the services. To do this, use the following OIDs and access with the configured community value (by default, it has a public value).
It is possible to get the result of the service status in two ways: with a nagios plugin-style result code or in text format.
Note
Nagios Plugin Result code:
0: The plugin was able to check the service and it appeared to be functioning properly.
1: The plugin was able to check the service, but it appeared to be above some “warning” threshold or did not appear to be working properly.
2: The plugin detected that either the service was not running or it was above some “critical” threshold.
3: Invalid command line arguments were supplied to the plugin or low-level failures internal to the plugin that prevent it from performing the specified operation. Higher-level errors are outside of the control of plugins and should generally NOT be reported as UNKNOWN states.
The healthcheck in the following image is used as an example to explain both types of results.
To know the status in code format result of a SERVICE, use the following command:
snmpget -v2c -c public <IP_node> 'NET-SNMP-EXTEND-MIB::nsExtendResult."<SERVICE>"'For example, to know the status of the BACKEND service, use the following command:
snmpget -v2c -c public <IP_node> 'NET-SNMP-EXTEND-MIB::nsExtendResult."BACKEND"'We get a result code of 0, as the service is working correctly, as we can see in the healthcheck.
If we check the status of one of the services that the healthcheck marks as CRITICAL:
snmpget -v2c -c public <IP_node> 'NET-SNMP-EXTEND-MIB::nsExtendResult."CAPTIVE_PORTAL"'We obtain result code 2:
To know the status in text format of a SERVICE, use the following command:
snmpget -v2c -c public <IP_node> 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."<SERVICE>".1'In the case of the BACKEND service, we would execute the following command:
snmpget -v2c -c public <IP_node> 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."BACKEND".1'Obtaining the following output:
On the other hand, in the case of the CAPTIVE_PORTAL service, we would execute the following command:
snmpget -v2c -c public <IP_node> 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."CAPTIVE_PORTAL".1'Obtaining the following output:
The names of the services correspond to those listed in the table displayed at the beginning of this section table. Additionally, you can obtain a list of the services and their various options using the following command:
snmpwalk -v2c -c public <IP_node>.1.3.6.1.4.1.8072.1.3.2
In the case of having SNMPv3 configured, it would be done in a similar way to that described for SNMPv2, changing the parameters for those corresponding to the v3 version.
Test the monitoring for SNMPv3 using the command:
snmpget -v3 -a SHA -A <your_password> -x AES -X <your_password> -l authPriv -u <your_user> 127.0.0.1 'NET-SNMP-EXTEND-MIB::nsExtendResult."SERVICE"'For example, to check the status of the BACKEND service with output in code result format:
snmpget -v3 -a SHA -A <your_password> -x AES -X <your_password> -l authPriv -u <your_user> 127.0.0.1 'NET-SNMP-EXTEND-MIB::nsExtendResult."BACKEND"'And to check the status of the BACKEND service with output in text format:
snmpget -v3 -a SHA -A <your_password> -x AES -X <your_password> -l authPriv -u <your_user> 127.0.0.1 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."BACKEND".1'
5.1.2.1.4. Service Status Checks Script
In the path described below you will find a script to facilitate the work of checking the status of the services via SNMP:
/usr/share/opennac/healthcheck/integration/check_opennac.sh
We can see a description of it as well as the options available with the --help option.
