Sunday, November 08, 2009  
Google
Web pcquest.com

CIOL Network sites

Search by Issue | Sitemap | Advanced Search

• For most updated version of DQ TOP 20 issue, visit dqindia.com • Ad : Play and Plug ERP by IBM
 RSS |  Follow Us on twitter
 Home > Network

SNMP Monitoring and Alerting

With SNMP traps and an SNMP collection program you can easily know of the problems in the network

Wednesday, April 07, 2004

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit TwitterTwitter

You do not need to monitor devices such as switches and routers actively; you can configure them to send traps to the monitoring station whenever they encounter abnormal behavior such as a machine sending too many broadcast packets or too many packets being dropped at the router. The network-monitoring station can then generate alerts. 

Devices that support SNMP (Simple Network Management Protocol) can send SNMP traps to a monitoring station whenever errors or specific events as described above occur. The monitoring host can collect those traps and based on the type of trap generate alerts. We will discuss here how to use do this.

To configure devices to send SNMP traps, configure your device, which could be a router, printer, switch or a workstation supporting SNMP to send traps to the monitoring station. For this access your device's interface through telnet, Web browser or a device-management application and specify the IP addresses of the monitoring station where traps will be sent. For example, we configured our Intel switch to send traps to the IP 192.168.3.13, which is the address of our monitoring machine running Linux. Then configure the device for the types of events or errors for which traps will be sent. For our switch we set it such that when broadcast packets/sec from the port to which our file server was connected increases beyond a certain level, the switch will generate a trap. You can add more traps like if collisions on the switch increase beyond a limit it will generate a trap. Now you need to configure your monitoring host to take an action whenever it receives a trap.

To configure monitoring host to receive SNMP traps and generate alerts in Linux, you should have net-snmp and net-snmp-utils packages installed. The packages are available with most Linux distributions. Now start the snmptrapd daemon process by issuing the command.

#service snmptrapd start

To make the process start with system boot up issue the command.

#chkconfig snmptrapd on

Now that the trap collection program is running on the system, you have to specify what kinds of traps it will look for and what action it will take. This is specified in the snmptrapd.conf file. So create a file named snmptrapd.conf in the directory /etc/snmp, if it does not exist already. Open the file in any text editor and specify the actions to be taken. But before telling you the syntax for the actions that have to be specified in the file, first let's understand some SNMP basics. SNMP works with various variables with each variable having a unique identifier called Object Identifier (OID). The various variables and their structure along with their OIDs are defined in a Management Information Base (MIB), which is nothing but a collection of text files containing the SNMP variables' definitions. The default location for the MIBs is /usr/share/snmp/mibs. You can add additional MIBs specific to your device in this directory. Now back to the snmptrapd.conf file. Here you have to specify the action to be taken. So add a line in it with the following syntax.

traphandle the OID of the trap variable action to be taken

So, for our Intel switch which sends RMON traps to the monitoring machine we added a line like this.

traphandle RMON-MIB::risingAlarm /usr/bin/traptoemail -s 192.168.1.19 -f sys@cmil.com admin@cmil.com 

The line says whenever the snmptrapd process receives a RMON rising alarm trap it will execute the /usr/bin/traptoemail program with some arguments. The RMON-MIB file is present in the /usr/share/snmp/mibs directory and contains the definitions and OIDs for various RMON variables including the risingAlarm variable. You can even replace the variable name RMON-MIB::risingAlarm by its OID, which is 1.3.6.1.2.1.16.0.1

Once you configure your hoist machine to receive alerts, the next step is to decide the means through which alerts will be sent.

These can be through e-mail, SMS, instant messenger, etc. We will talk about using e-mail as an alerting mean. 

The SNMP program comes with a script called traptoemail which can send email alerts describing the trap and the variables enclosed in it giving detailed information about the trap, like the IP address of the device generating the trap, the event which triggered it and the set threshold and actual values which raised the alarm. The arguments the script takes are the SMTP server address, the e-mail ID from which the e-mail will be sent and the e-mail ID to which the e-mail will be sent.

Restart the snmptrapd program.

#service snmptrapd restart

This is it, whenever there is any abnormal behavior in your network you will get a mail in your inbox so that you get to know of the problem first hand.

Next Page :

Sending SMS alerts

Page(s)   1  2  3  
I am interested in more information about this product
I am interested in buying this product
Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit TwitterTwitter


Untitled Document



ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice
   
 

 
 

Magazine Subscription | RQS | Contact Us | Team PCQuest | Advertising - Print | jobs@cybermedia

 
 
 
 
   

Copyright © CyberMedia. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmasterciol@cybermedia.co.in