Complete Contents
Introduction
Chapter 1 Introducing Netscape Console
Chapter 2 The Netscape Server Family Setup Program
Chapter 3 Using Netscape Console
Chapter 4 User and Group Administration
Chapter 5 Using SSL
Chapter 6 Delegating Server Administration
Chapter 7 Using SNMP to Monitor Services
Chapter 8 Administration Server Basics
Chapter 9 Administration Server Configuration
Appendix A Distinguished Name Attributes and Syntax
Appendix B Administration Server Command Line Tools
Appendix C FORTEZZA
Appendix D Introduction to Public-Key Cryptography
Appendix E Introduction to SSL
Managing Servers with Netscape Console: Using SNMP to Monitor Servers
Previous Next Contents Index


Chapter 7 Using SNMP to Monitor Servers

You can use Simple Network Management Protocol (SNMP) together with Netscape management information bases (MIB) and network management software, such as HP OpenView, to monitor your servers in real time just as you monitor other devices in your network. If you're using Windows NT, SNMP service is built in, and you use the Windows NT Control Panel to manage it. If you're using Unix or another platform that doesn't support the SNMP multiplexing protocol (SMUX), you can use Netscape Console to manage the SNMP service Netscape provides.

This chapter contains the following sections:


SNMP Basics
SNMP is a protocol used to exchange data about network activity. With SNMP, data travels between a managed device and a network management station (NMS) where users remotely manage the network. A managed device is anything that runs SNMP, such as hosts, routers, and Netscape servers.

An NMS is usually a powerful workstation with one or more network management applications installed. A network management application such as HP OpenView graphically shows information about managed devices. For example, it might show which servers in your enterprise are up or down, or the number and type of error messages received. When you use SNMP with a Netscape server, this information is transferred between the NMS and the sever through the use of two types of agents.

SNMP Subagent

The subagent gathers information about the server and passes the information to the server's master agent. Every Netscape server, except for the Administration Server, has as subagent.

SNMP Master Agent

The master agent exchanges information between the various subagents and the NMS. The master agent is installed with Netscape Console Administration Server.

You can have multiple subagents installed on a host computer, but only one master agent (see Figure 7.1). For example, if you had the Directory Server, the Enterprise Server, and the Collabra Server all installed on the same host, the subagents for each of the servers would communicate with the same master agent.

Figure 7.1    Interaction between the a network management station and a host computer.

 How SNMP Works
A managed entity, such as a server, stores variables pertaining to network management. Variables that the master agent can access are known as managed objects. Managed objects are defined in a tree-like hierarchy known as a server's management information base (MIB).

Each Netscape server subagent provides a management information base (MIB) for use in SNMP communication. The MIB is a tree-like hierarchy that contains variables pertaining to the server's management. The server reports significant events to the network management station (NMS) by sending messages or traps containing these variables. The NMS can also query the server's MIB for data, or can remotely change variables in the MIB.

Netscape MIBs
Each Netscape server has its own management information base (MIB). All Netscape MIBs are located at

<server root>/plugins/snmp

A server's MIB contains variable definitions pertaining to network management for that particular server. See your server's Administrator's Guide for detailed information about your server's network management variables. Additionally, each Netscape server uses an Administration Server MIB.

The Administration Server MIB
The Netscape Console Administration Server MIB is a file named

netscape-main.mib.

This file lists each object identifier for all servers currently supported by Netscape. It also defines the object identifier shared by all Netscape servers as

netscape OJBECT IDENTIFIER: :={enterprises 1450}

Types of SNMP Messages
GET and SET are two types of messages defined by SNMP. GET and SET messages are sent by an NMS to a master agent. You can use one or the other, or both with Netscape Console Administration Server. Messages sent by the server to the NMS are known as traps. The following examples best illustrate the use of GET, SET, and trap messages.

NMS-initiated communication. The NMS either requests information from the server or changes the value of a variable store in the server's MIB. For example:

    1. The MNS sends a message to the Administration Server master agent. The message might be a request for data (a GET message), or an instruction to set a variable in the MIB (a SET message).

    2. The master agent forwards the message to the appropriate subagent.

    3. The subagent retrieves the data or changes the variable in the MIB.

    4. The subagent reports data or status to the master agent, then the master agent forwards the message back (a GET message) to the NMS.

    5. The NMS displays the data textually or graphically through its network management application.

Server-initiated communication. The server subagent sends a message or trap to the NMS when a significant event has occurred. For example:

    1. The subagent informs the master agent that the server has stopped.

    2. The master agent sends a message, or trap reporting the event to the NMS.

    3. The NMS displays the information textually or graphically through its network management application.
Setting Up SNMP on a Netscape Server
In general, to use SNMP you must have a master agent and at least one subagent installed and running on your system. You need to install the master agent before you can enable a subagent.

The procedures for setting up SNMP are different depending upon your system. Table 7.1 provides an overview of the procedures you follow for various situations. The actual procedures are described in detail later in the chapter.

Before you begin, examine your system.

See your system documentation for information on how to verify this information.

Table 7.1 Overview of procedures for enabling SNMP master agents and subagents.
If your server meets these conditions....
...follow these procedures. These are discussed in detail in the following sections.
No native agent is currently running

  1. Start the master agent.

  2. Enable the subagent for each server installed on the system.

  1. Stop the native agent when you install the master agent for your Administration Server.

  2. Start the master agent.

  3. Enable the subagent for each server installed on the system.

  1. Install a proxy SNMP agent.

  2. Start the proxy SNMP agent.

  3. Restart the native agent using a port number other than the master agent port number.

  4. Start the master agent.

  5. Enable the subagent for each server installed on the system.

  1. Reconfigure the SNMP native agent.

  2. Enable the subagent for each server installed on the system.


Using a Proxy SNMP Agent
You need to use a proxy SNMP agent when you already have a native agent running (Figure 7.2), and you want to continue using it concurrently with a Netscape Console master agent. Before you start, be sure to stop the native master agent. (See your system documentation for detailed information.)

Figure 7.2    Using a proxy server when you're running a native SNMP agent.

 To use a proxy agent, you'll need to install it and then start it. You'll also have to restart the native SNMP master agent using a port number other than the one the Netscape Console master agent is running on.

Installing the Proxy SNMP Agent
To install the SNMP proxy agent, edit the CONFIG file (you can give this file a different name), located in plugins/snmp/sagt in the server root directory, so that it includes the port that the SNMP daemon will listen to. It also needs to include the MIB trees and traps that the proxy SNMP agent will forward.

Starting the Proxy SNMP Agent
To start the proxy SNMP agent, at the command prompt, enter:

Restarting the Native SNMP Daemon
After starting the proxy SNMP agent, you need to restart the native SNMP daemon at the port you specified in the CONFIG file. To restart the native SNMP daemon, at the command prompt, enter

For example, on the Solaris platform, using the port in the previously mentioned example CONFIG file, you'd enter


Reconfiguring the SNMP Native Agent
If your SNMP daemon is running on AIX, it supports SMUX. For this reason, you don't need to install a master agent. However, you do need to change the AIX SNMP daemon configuration.

AIX uses several configuration files to screen its communications. One of them, snmpd.conf, needs to be changed so that the SNMP daemon accepts the incoming messages from the SMUX subagent. For more information, see the online manual page for snmpd.conf. You need to add a line to define each subagent.

For example, you might add this line to the snmpd.conf:

smux 1.3.6.1.4.1.1.1450.1 "" <IP_address> <net_mask>

IP_address is the IP address of the host the subagent is running on, and net_mask is the network mask of that host.

Note. Do not use the loopback address 127.0.0.1; use the real IP address instead.


Enabling and Starting the SNMP Master Agent
Master agent operation is defined in an agent configuration file named CONFIG. You can edit the CONFIG file using Netscape Console, or you can edit the file manually.

Manually Configuring the SNMP Master Agent
To configure the master SNMP agent manually:

  1. Log in as root.

  2. Check to see if there is an SNMP daemon (snmpd) running on port 161.

  3. Edit the CONFIG file located in plugins/snmp/magt in the server root directory.

  4. (Optional) Define sysContact and SysLocation variables in the CONFIG file.
Editing the Master Agent Config File

The CONFIG file defines the community and the manager that master agent will work with. The manager value should be a valid system name or an IP address. Here is an example of a basic CONFIG file:

Defining sysContact and SysLocation variables

You can edit the CONFIG file to add initial values for sysContact and sysLocation which specify the sysContact and sysLocation MIB-II variables. Note that the strings for sysContact and sysLocation in this example are enclosed in quotes. Any string that contains spaces, line breaks, tabs, and so on must be in quotes. You can also specify the value in hexadecimal notation.

Here is an example of a CONFIG file with sysContract and sys Location variables defined:

Starting the SNMP master agent
Once you have installed the SNMP master agent, you can start it manually or by using Netscape Console.

Manually starting the SNMP master agent
To start the master agent manually, enter the following at the command prompt:


The INIT file is a nonvolatile file that contains information from the MIB-II system group, including system location and contact information. If INIT doesn't already exist, starting the master agent for the first time will create it. An invalid manager name in the CONFIG file will cause the master agent startup to fail.

To start a master agent on a nonstandard port, use one of two methods:

Method one: In the CONFIG file, specify a transport mapping for each interface over which the master agent listens for SNMP requests from managers. Transport mappings allow the master agent to accept connections at the standard port and at a nonstandard port. The master agent can also accept SNMP traffic at a nonstandard port. The maximum number of concurrent SNMP is limited by your target system's limits on the number of open sockets or file descriptors per process. Here is an example of a transport mapping entry:


Method two: Edit the /etc/services file to allow the master agent to accept connections at the standard port as well as at a nonstandard port.

Starting the SNMP master agent using Netscape Console
To start the SNMP master agent using Netscape Console:

  1. Log in as root.

  2. In Netscape Console, open the console for the Administration Server that is running the management software.

  3. In the Administration Server Console, choose Tasks, then double-click Configure SNMP Master Agent.

  4. Click Start.
Configuring the SNMP Master Agent
Once you've enabled the master agent and enabled a subagent on a host computer, you need to configure the host's Administration Server. This entails specifying community strings and trap destinations.

Configuring the Community String
A community string is a text string that an SNMP agent uses for authorization. This means that a network management station would send a community string with each message it sends to the agent. The agent can then verify whether the network management station is authorized to get information. Community strings are not concealed when sent in SNMP packets; strings are sent in ASCII text.

The master agent uses the community string for authentication.You can configure the community string for the SNMP master agent from Netscape Console. You also define which SNMP-related operations a particular community can perform. From Netscape Console, you can also view, edit, and remove the communities you have already configured.

Adding, Editing, or Removing a Community String
To add, modify, or remove a community string:

  1. In Netscape Console, open the console for the Administration Server that is running the management software.

  2. In the Administration Server Console, click Tasks.

  3. Click the Configure SNMP Master Agent button, then click Communities

    .

  4. Click Add, Edit, or Remove as necessary.

  5. Enter community string information as necessary

    :

    6. Community. Enter a community string you want to add or edit. A community string is a password that an SNMP agent uses for authorization.

    GET and SET. Choose this option if you want to use this community string for requesting data or replying to messages, and for setting variable values.

    GET only. Choose this option if you want to use this community string only for requesting messages or replying to messages.

  6. Click OK.

    7. SET only. Choose this option if you want to allow this community string only for setting variable values.

Configuring Trap Destinations
An SNMP trap is a message the SNMP agent sends to a network management station. For example, an SNMP agent sends a trap when an interface's status has changed from up to down. The SNMP agent must know the address of the network management station so that it knows where to send traps. You can configure this trap destination for the SNMP master agent from Netscape Console. You can also view, edit, and remove the trap destinations you have already configured. When you configure trap destinations using Netscape Console, you are actually editing the CONFIG file.

To Add, Edit, or Remove a Trap Destination:

  1. In Netscape Console, open the console for the Administration Server that is running the management software.

  2. In the Administration Server Console, Click Tasks.

  3. Click the Configure SNMP Master Agent button, then click Managers

    .

  4. Click Add, Edit, or Remove as necessary.

  5. Enter Manager information as necessary:

    6. Manager Station. Enter a valid system name or an IP address for the NMS.

    Trap Port. Enter the port number the NMS uses to listen for traps. (The default is 162.)

    With Community. Enter the community string you want to use in the trap. A community string is a password that an SNMP agent uses for authentication

  6. Click OK.
Enabling the Subagent
For information on enabling the subagent, see the Administrator's Guide for your Netscape server. If you need more information, see your system documentation.


Communities
Use this dialog box to add or modify the community strings used by the Administration Server's master agent.

Add. displays a dialog box for adding a new community string.

Edit. Displays a dialog box for editing an existing community string.

Remove. Removes a community string.

See Also

"SNMP Basics"


Add or Edit Community String
Use this dialog box when you want to add or change the community strings used by the Administration Server's master agent.

Community. Enter a community string you want to edit. A community string is a password that an SNMP agent uses for authentication.

GET and SET. Choose this option if you want to allow this community string for requesting data or replying to messages, and for setting variable values.

GET only. Choose this option if you want to allow this community string only for reqesting messages or replying to messages, and not for setting variables.

SET only. Choose this option if you want to allow this community string only for setting variable values.


Managers
Use this dialog box to modify manager information used by the network management station (NMS) to communicate with the Administration Server's master agent.

Add. Displays a dialog box for adding a network management station (NMS) or system to receive traps.

Edit. Displays a dialog box for editing an existing NMS name.

Remove. Removes the NMS system from the list of authorized managers.


Add or Edit Manager
Use this dialog box to modify the trap destinations or community strings expected by the network management station (NMS) in "trap" messages sent by the master agent.

Manager Station. Enter a valid system name or an IP address for the NMS.

Trap Port. Enter the port number the NMS uses to listen for traps. (The default is 162.)

With Community. Enter the community string you want to use in the trap. A community string is a password that an SNMP agent uses for authentication.


Status
Use this dialog box to start and stop the SNMP master agent for the Administration Server.

Check Status. Simply displays a message indicating whether the master agent is running (On) or not (Off).

Restart. Restarts the master agent.

Stop. Stops the master agent from running. You might need to stop the master agent when you're doing routine maintenance or upgrades, for example.

 

©Copyright 1999 Netscape Communications Corporation