SNMP Monitoring
===============

Overview
--------

SNMP can be used to monitor hardware and software. There are no Swivel SNMP MIBs, but there are MIBs available for the OS and Apache Tomcat.

Operating System SNMP
---------------------

Swivel appliances use UDP port 161 for SNMP monitoring. The service is enabled by default but can be disabled through the :doc:`ApplianceMenu`.

SNMPD is pre-installed and the configuration file is located here: ``/etc/snmp/snmpd.conf``

You can edit the file using WinSCP. Refer to the :doc:`WinSCP_how_to_guide`.

The current version supports SNMP v3.

After editing the ``snmpd.conf`` restart snmp either through the CMI or from the command line with the command ``service snmpd restart``.

Adding a community string
~~~~~~~~~~~~~~~~~~~~~~~~~

Edit the ``/etc/snmp/snmpd.conf``. The following can be edited as required:

.. code-block:: ini

   ## description
   sysname         Appliance
   sysdescr        AuthControl Sentry Appliance
   syslocation     Leeds, GB
   syscontact      root <sysadmin@localhost>

   # First, map the community name "public" into a "security name"
   #       sec.name         source           community
   com2sec local            localhost        private
   com2sec mynetwork        192.168.0.0/24   public

Examples:

.. code-block:: ini

   #         sec.name  source           community
   com2sec   local     localhost        private
   com2sec   mynet     10.10.10.0/24    public
   com2sec   public    default          public
   com2sec6  mynet     fec0::/64        public

Adding the following allows the SNMP public to be read:

.. code-block:: ini

   rocommunity  public

Example SNMP config file
~~~~~~~~~~~~~~~~~~~~~~~~

.. code-block:: bash

    ####################################################
    #
    #  Swivel Secure Ltd SAA200 Appliance
    #
    ####################################################
    #
    ## description
    sysname         Appliance
    sysdescr        AuthControl Sentry Appliance
    syslocation     Leeds, GB
    syscontact      root <root@localhost>

    # First, map the community name "public" into a "security name"
    #       sec.name        source          community
    com2sec	local		localhost	private
    com2sec	mynetwork	192.168.209.0/24	public

    ####
    # Second, map the security name into a group name:
    #	groupName	securityModel	securityName
    group	local		v1		local
    group	local		v2c		local
    group	local		usm		local

    group	mygroup		v1		mynetwork
    group	mygroup		v2c		mynetwork
    group	mygroup		usm		mynetwork

    group	public		v1		public
    group	public		v2c		public
    group	public		usm		public

    ####
    # Third, create a view for us to let the group have rights to:

    #	name		incl/excl	subtree					mask(optional)
    view	all		included	.1					80
    view	system          included	system					fe
    view	mib2            included	.iso.org.dod.internet.mgmt.mib-2	fc
    #cpu view
    view 	v2c 		included 	.1.3.6.1.4.1.2021.11.10.0

    #	group		context	sec.model	sec.level	prefix  read    write   notice
    access	mygroup		""	any		noauth		exact	mib2	none	none
    access	public		""	any		noauth		exact	system	none	none
    access	local		""	any		noauth		exact	all	all	all

    # Added for support of bcm5820 cards.
    pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

    # Sub-Agents - Dell OpenManage
    smuxpeer .1.3.6.1.4.1.674.10892.1 lockbox
    rocommunity public 192.168.209.0/24
    trapsink  localhost public


Testing with snmpwalk
~~~~~~~~~~~~~~~~~~~~~

``snmpwalk`` can be used to verify that the community string can be read:

.. code-block:: bash

   snmpwalk -v2c -c public localhost system

Example output:

.. code-block:: console

   [admin@primary ~]# snmpwalk -v2c -c public locahost system
   SNMPv2-MIB::sysDescr.0 = STRING: Swivel Appliance
   SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
   DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (17346) 0:02:53.46
   SNMPv2-MIB::sysContact.0 = STRING: root <root@swivel.com>
   SNMPv2-MIB::sysName.0 = STRING: Swivel Standby
   SNMPv2-MIB::sysLocation.0 = STRING: Swivel server location
   SNMPv2-MIB::sysORLastChange.0 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB
   SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB
   SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB
   SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
   SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
   SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
   SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
   SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance
   SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
   SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers
   SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities
   SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations
   SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations
   SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations
   SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP.
   SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB.
   SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching.
   SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model.
   SNMPv2-MIB::sysORUpTime.1 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.2 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.3 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.4 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.5 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.6 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.7 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.8 = Timeticks: (2) 0:00:00.02
   SNMPv2-MIB::sysORUpTime.9 = Timeticks: (2) 0:00:00.02

SNMP Users
----------

To create users for SNMP v3 stop the SNMP agent and then add the below line to the file ``/var/net-snmp/snmpd.conf`` (where ``{myUser}`` and ``{myPassword}`` are the appropriate values for username and password, without the braces!). Then re-start the snmpd agent.

.. code-block:: bash

   createUser {myUser} MD5 {myPassword} DES

Disable the SNMP daemon (snmpd)
-------------------------------

Via the Appliance Menu
~~~~~~~~~~~~~~~~~~~~~~

In the :doc:`ApplianceMenu`, to disable the SNMP server, goto **Appliance Menu**, **Default Running Services**. If the service is currently set to **ON**, then select the service to set it to be **OFF**.. You then need to prevent it from running on startup of the appliance.

Via the Command Line
~~~~~~~~~~~~~~~~~~~~

Login to the :doc:`ApplianceMenu` using the :doc:`PuTTY_How_To_Guide`.

* Check the current run levels for the snmpd service:

.. code-block:: console

   [admin@standby ~]# chkconfig --list snmpd
   snmpd           0:off   1:off   2:off   3:on    4:on    5:on    6:off

* See that levels 3,4,5 are set to 'on', so to disable this service set these levels to be 'off':

.. code-block:: console

   [admin@standby ~]# chkconfig --level 345 snmpd off

* Check that the changes were successful:

.. code-block:: console

   [admin@standby ~]# chkconfig --list snmpd
   snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off

To stop the snmpd service run the following commands.

* First check the status of the service to see if it's running or not:

.. code-block:: console

   [admin@standby ~]# service snmpd status
   snmpd (pid 13904) is running...

* We can see that the service is running, so to stop it we run the following command:

.. code-block:: console

   [admin@standby ~]# service snmpd stop
   Stopping snmpd:                                            [  OK  ]