Chapter 11   Using SNMP to Monitor Servers


You can use the Simple Network Management Protocol (SNMP) to manage your iPlanet and Netscape servers. This chapter explains how SNMP works and tells you how to set it up on your network. The chapter contains the following sections:

• SNMP Basics

• Setting Up SNMP on UNIX Systems

• Using a Proxy SNMP Agent on UNIX Systems

• Reconfiguring a Native Agent on UNIX Systems

• Starting the Master Agent on UNIX Systems

• Enabling the Subagent on UNIX Systems

• Using the Windows NT SNMP Service

SNMP Basics

---

SNMP is a protocol used to exchange data about network activity. It defines a standard method of communication used to manage products from different vendors. This standard allows administrators to remotely manage hardware and software located across their network.

Each piece of controlled hardware and software is known as a managed device. A managed device is anything that runs SNMP, such as a host, router, or iPlanet server.

The machine used to monitor and configure managed devices is called a network management station. A network management station is usually a powerful workstation running network management applications which graphically show information about managed devices. For example, a network management application might show which servers in your enterprise are running and which are shut down, or the application might report the number and type of error messages received.

iPlanet and Netscape servers transmit data to a network management station using two types of agents: SNMP subagents and SNMP master agents. An SNMP subagent gathers information and sends it to an SNMP master agent. The SNMP master agent transfers the data to the network management station. Every iPlanet and Netscape server has an SNMP subagent except for iPlanet Administration Server, which either has a master agent (on UNIX) or no agent (on Windows NT).

A single machine can host multiple subagents, but a machine can only have one master agent. For example, if you have one instance each of Enterprise Server, Directory Server, and Messaging Server installed on one host, each will have its own subagent. All three subagents will report to the same master agent. This master agent is located on the same host machine as the subagents. Figure 11-1 illustrates this example.

Figure 11-1    Interaction Between a Network Management Station and a Host Computer

The Windows NT operating system includes an SNMP master agent. iPlanet Administration Server employs this service when utilizing SNMP. You can access and operate this master agent through the Network control panel. In the UNIX environment, the master agent is installed with Administration Server.

Some UNIX operating systems support an extended version of SNMP called the SNMP multiplexing protocol (usually known as SMUX). This allows iPlanet servers to operate without a master agent. For those versions of UNIX that do not support SMUX, you can use iPlanet Console to manage the master agent that iPlanet provides.

How SNMP Works

A managed device, such as a server, stores its configuration and management settings as variables. Some of these variables can be read and changed over SNMP while others cannot. The variables that the master agent can read and change are called managed objects. Managed objects are defined in a tree-like hierarchy known as a management information base (MIB).

Each iPlanet or Netscape server provides a management information base (MIB) for use in SNMP communication. This MIB contains managed objects pertaining to the server's operation. Each managed object has a unique object identifier. A server can report significant events to the network management station by sending "trap" messages (often called just "traps") containing these object identifiers. In addition, the network management station can initiate communication, and then specify one or more object identifiers when querying a server's MIB for data. The network management station can also remotely change variables in the MIB by specifying an object identifier and sending its new value.

iPlanet MIBs

Each iPlanet or Netscape server has its own MIB. All iPlanet MIBs are located in the <server root>/plugins/snmp directory.

A server's MIB contains variable definitions used when managing that particular server. Some of these variables can be modified over SNMP by a network management station while others are flagged as read-only or inaccessible. See your server's documentation for detailed information about its management variables.

The Administration Server MIB

iPlanet Administration Server stores its MIB in a file called netscape-main.mib.

The Administration Server MIB lists the object identifiers for all installed iPlanet servers. It also defines the object identifier shared by all iPlanet and Netscape servers. This object identifier is

netscape OJBECT IDENTIFIER: :={enterprises 1450}

The netscape-main.mib file may look like this:

-- -- Netscape Main Mib for SNMP support -- NETSCAPE-MIB DEFINITIONS ::= BEGIN    IMPORTS OBJECT-TYPE                    FROM SNMPv2-SMI            MODULE-IDENTITY                    FROM SNMPv2-SMI            enterprises                    FROM ObjectIds            OBJECT-IDENTITY, Counter64                   FROM SNMPv2-SMI;    netscape OBJECT IDENTIFIER ::= { enterprises 1450 } -- All netscape sub-agents must branch off of the netscape root -- above. Following objids for individual sub-agents have been -- taken already. -- http OBJECT IDENTIFIER ::= { netscape 1 } -- nsmail OBJECT IDENTIFIER ::= { netscape 5 } -- END

Types of SNMP Messages

SNMP defines three types of messages: GET, SET, and trap. The network management station uses GET messages to request data and SET messages to change variable values in the MIB. The messages sent by a server to the network management station are known as trap messages.

The following examples illustrate how a network management station, and the servers it communicates with, use GET, SET, and trap messages.

Network Management Station-Initiated Communication

A network management station can request information from a server or change the value of a variable stored in a server's MIB. For example:

1. The network management station sends a GET message to the Administration Server master agent. The GET message is a request for the number of Directory Server errors encountered since the server was last started.

2. The master agent forwards the message to the Directory Server's SNMP subagent.

3. The subagent retrieves the data.

4. The subagent sends the data to the master agent. The master agent sends a trap message containing the data to the network management station.

5. The network management station displays the data through its network management application.

Server-Initiated Communication

The server subagent sends a trap message to the network management station when a significant event has occurred. For example:

1. The Directory Server's subagent informs the master agent that the server has stopped.

2. The master agent sends a trap message reporting the event to the network management station.

3. The network management station displays the information textually or graphically through its network management application.

Setting Up SNMP on UNIX Systems

---

In general, to use SNMP on UNIX Systems you must have a master agent and at least one subagent installed and running on your system. You need to install a master agent before you can enable a subagent. Some UNIX systems have their own SNMP master agent. If your system has one of these native agents, you can either disable it or change the port number that it uses. If you disable the native agent, you will only be able to use the master agent included with Administration Server. If you change the port number that the native agent uses, you can use it alongside Administration Server's master agent.

The procedures for setting up SNMP are different depending upon your system. Table 11-1 provides an overview of the procedures to follow in various situations. The actual procedures are described in detail later in this chapter.

Before you begin, examine your system.

• Is your system already running an SNMP agent that's native to your operating system?

• If so, does your native SNMP agent support SMUX communication? If your native agent supports SMUX, you don't need to install a master agent. However, you do need to change the native agent's configuration.

If you are unsure of how to verify this information, see your system documentation.

Table 11-1    Overview of Procedures for Enabling SNMP Master Agents and Subagents 

If your server meets these conditions...	... follow these procedures
The system does not have a native agent, or the native agent is not currently running.	Start the master agent. Enable the subagent for each server installed on the system.
The native agent is running, SMUX is not supported, and the system does not need to continue using the native agent.	Stop the native agent. Start the master agent. Enable the subagent for each server installed on the system.
The native agent is running, SMUX is not supported, and the system needs to continue using the native agent.	Install and start a proxy SNMP agent. Restart the native agent using a port number that is different from the master agent's port number. Start the master agent. Enable the subagent for each server installed on the system.
The native agent is running and SMUX is supported.	Reconfigure the SNMP native agent. Enable the subagent for each server installed on the system.

Using a Proxy SNMP Agent on UNIX Systems

---

If you want to use a native agent and the iPlanet Console master agent concurrently, you will need to set up a proxy agent. The proxy agent fields requests from the iPlanet master agent and then passes them on to the native agent. This scenario is illustrated in Figure 11-2.

Figure 11-2    Using a Proxy Agent When You're Running a Native SNMP Agent

In order to use both master agents simultaneously, you need to install and start the proxy SNMP agent. You also have to restart the native SNMP master agent using a port number other than the one used by the iPlanet Console master agent.

Installing and Starting the Proxy SNMP Agent

Before you install the proxy SNMP agent, make sure to stop the native master agent. See your system documentation for detailed instructions.

To Install the SNMP Proxy Agent

• Edit the CONFIG file located in the <server-root>/plugins/snmp/sagt directory so that it includes the port that the SNMP proxy agent will listen to. The file also needs to include the MIB trees and traps that the SNMP proxy agent will forward.

  Here is a sample CONFIG file:

  AGENT AT PORT 1161 WITH COMMUNITY public SUBTREES  1.3.6.1.2.1.1,           1.3.6.1.2.1.2,           1.3.6.1.2.1.3,           1.3.6.1.2.1.4,           1.3.6.1.2.1.5,           1.3.6.1.2.1.6,           1.3.6.1.2.1.7,           1.3.6.1.2.1.8 FORWARD ALL TRAPS;

To Start the SNMP Proxy Agent

• At the command prompt, enter

  sagt -c CONFIG&

After the proxy SNMP agent starts, you need to restart the native agent on the port you specified in the CONFIG file.

To Restart the Native Agent

• At the command prompt, enter

  snmpd -P portNumber (specified in the CONFIG file)

  For example, on the Solaris platform, using the port in the sample CONFIG file above, you would enter

  snmpd -P 1161

Reconfiguring a Native Agent on UNIX Systems

---

If your native agent supports SMUX, you don't need to install a master agent. However, you do need to change the native agent's configuration.

UNIX uses several configuration files to screen its communications. One of them, etc/snmp/conf/snmpd.conf, needs to be changed so that the native agent accepts incoming messages from SMUX subagents. To change the file, add a line defining each subagent by its object identifier.

For example, you might add this line to snmpd.conf:

smux 1.3.6.1.4.1.1.1450.1 "" IPAddress netMask

where IPAddress is the IP address of the host on which the subagent is running and netMask is the network mask of that host (for instance, 255.255.0.0).

---

Note	Do not use the loopback address 127.0.0.1; use the host's actual IP address instead.

---

For more information on configuring SNMP and SMUX, see the online manual page for snmpd.conf.

Configuring the Master Agent on UNIX Systems

---

In order to use SNMP, you must configure the master agent by specifying community strings and trap destinations.

Community Strings

A community string is a password that an SNMP agent uses for authorization.

A community string is a text string that an SNMP master agent uses for authorization. Whenever a network management station sends a message, it includes a community string. The agent receiving the message can then verify whether the network management station is authorized to obtain information. Community strings are not concealed when sent in SNMP packets; they are sent as ASCII text.

To ensure that a network management station is authorized to obtain information, the SNMP master agent compares the community string sent by the station to its list of accepted community strings. If the community string is listed, the network management station is authenticated.

Trap Destinations

An SNMP trap is a message the SNMP agent sends to a network management station. For example, an SNMP agent might send a trap when a server goes down. The SNMP agent must know the address of the network management station in order to send traps. This address is called a trap destination.

Configuring the Master Agent using iPlanet Console

iPlanet Console provides an easy way to work with SNMP parameters. You can add, edit, and remove community strings and trap destinations from the Administration Server management window. You can also set the SNMP operations that a particular community string can request, as well as view any trap destinations you have already configured.

To Add, Edit, or Remove a Community String using iPlanet Console

1. In the iPlanet Console navigation tree, select the instance of Administration Server that you want to work with.

2. Click Open to open the management window for the server instance.

3. Click the Tasks tab.

4. Click the Configure SNMP Master Agent button, and then click Communities.

   
   
   

5. Click the appropriate button for the task you are performing.
   • If you want to add a community string, click Add.

   • If you want to edit a community string, select it, and then click Edit.

   • If you want to remove a community string, select it, and then click Remove.

6. Enter community string information as necessary.

   Community. Enter a community string you want to add, or edit the listed community string.

   GET and SET. Choose this option if you want to use this community string for requesting data, replying to messages, and setting variable values.

   GET only. Choose this option if you want to use this community string only for requesting data and replying to messages.

   SET only. Choose this option if you want to use this community string only for setting variable values.

   
   
   

7. Click OK.

To Add, Edit, or Remove a Trap Destination

1. In the iPlanet Console navigation tree, select the instance of Administration Server on which the master agent is running.

2. Click Open to open the management window for the server instance.

3. Click the Tasks tab.

4. Click the Configure SNMP Master Agent button, then click Managers.

   
   
   

5. Click the appropriate button for the task you are performing.
   • If you are adding a trap destination, click Add.

   • If you are editing a trap destination, select it, and then click Edit.

   • If you are removing a trap destination, select it, and then click Remove.

6. If you are adding or editing a trap destination, enter Manager information as necessary:

   Manager Station. Enter a valid system name or an IP address for the network management station.

   Trap Port. Enter the port number that the network management station uses to listen for traps. The default is 162.

   With Community. Enter the community string you want to use in the trap.

   
   
   

7. Click OK.

Manually Configuring the Master Agent

Although you can easily set SNMP master agent parameters through iPlanet Console, you may want to manually add or modify some settings. You can do this by editing the master agent's configuration file. This file is called CONFIG and it contains all master agent settings, whether entered manually or through iPlanet Console.

To Configure the Master SNMP Agent Manually

1. Log in as root.

2. Check to see if there is a native agent (snmpd) running on port 161.

   If a native agent is running, make sure you know which MIB trees it supports and how to restart it, then stop it.

3. Edit the CONFIG file located in the <server-root>/plugins/snmp/magt directory.

4. (Optional) Define sysContact and sysLocation variables in the CONFIG file.

Instructions for editing the CONFIG file and defining the sysContact and sysLocation variables are detailed below.

Editing the Master Agent Config File

The CONFIG file defines the community and manager with which the master agent will work. The manager value should be a valid system name or an IP address. Here is an example of a basic CONFIG file:

COMMUNITY          public                    ALLOW ALL OPERATIONS MANAGER            <your_manager_station_name>                    SEND ALL TRAPS TO PORT 162                    WITH COMMUNITY public

Defining sysContact and sysLocation Variables

You can edit the CONFIG file to include initial values for the sysContact and sysLocation variables (these variables are defined as part of MIB-II, the MIB section of the second version of SNMP). The value for sysContact specifies the person in charge of the host system on which the master agent runs. The value for sysLocation specifies a physical address where the host machine can be found.

The following example CONFIG file defines the sysContract and sysLocation variables. The strings for the variables in this example are enclosed in quotes. Any string that contains spaces, line breaks, or tabs must be in quotes. Alternatively, you can omit the quotes and specify the value of these whitespace characters in hexadecimal notation.

COMMUNITY          public                    ALLOW ALL OPERATIONS MANAGER            nms2                    SEND ALL TRAPS TO PORT 162                    WITH COMMUNITY public INITIAL            sysLocation "Server room                    501 East Middlefield Road                    Mountain View, CA 94043                    USA" INITIAL            sysContact "John Doe                    email: <jdoe@netscape.com>"

Starting the Master Agent on UNIX Systems

---

Once you have configured the SNMP master agent, you can start it from iPlanet Console or from the command line.

Starting the Agent Using iPlanet Console

iPlanet Console can start the SNMP master agent on the standard port (161) only. If you want to use a non-standard port, see "Starting the Agent From the Command Line" below.

To Start the Master Agent Using iPlanet Console

1. Log in as root.

2. Check to see if there is a native agent (snmpd) running on port 161.

   If a native agent is running, make sure you know which MIB trees it supports and how to restart it, then stop it.

3. In the iPlanet Console navigation tree, select the instance of Administration Server on which the master agent is running.

4. Click Open to open the management window for the server instance.

5. Click the Tasks tab.

6. Double-click Configure SNMP Master Agent.

7. Click the Start button.

Starting the Agent From the Command Line

If you do not want to start the SNMP master agent from iPlanet Console, you can launch it from the command prompt. If you want to run the agent on a port other than 161, you must modify your CONFIG or system services file and then start the agent from the command line.

To Start the Agent on the Standard Port

• Enter the following at the command prompt to start the master agent on port 161:

  magt CONFIG INIT&

  The INIT file contains information from the MIB-II system group, including system location and contact information. If INIT doesn't already exist, starting the master agent for the first time will create it. An invalid manager name in the CONFIG file will cause the master agent to fail during startup.

To Start the Agent on a Non-Standard Port Using the Config File

1. In the CONFIG file, specify a transport mapping for each interface over which the master agent listens for SNMP requests from network management stations. Transport mappings allow the master agent to accept connections on both the standard port and a nonstandard port.

   The maximum number of concurrent SNMP requests is limited by your target system's limits on the number of open sockets or file descriptors per system process.

   Here is an example of a transport mapping entry:

   TRANSPORT          extraordinary   SNMP                    OVER UDP SOCKET                    AT PORT 11161

2. After manually editing the CONFIG file, you should start the master agent by typing the following at the command prompt:

   # magt CONFIG INIT&

To Start the Agent on a Non-Standard Port Using System Services

• Edit the /etc/services file to allow the master agent to accept connections on the standard port as well as on a nonstandard port. For information on editing this file, see your system documentation.

Enabling the Subagent on UNIX Systems

---

For information on enabling the subagent, see the documentation for your iPlanet or Netscape server. If you need more information, see your system documentation.

Using the Windows NT SNMP Service

---

Windows NT implements SNMP as a service. Any iPlanet servers that use SNMP communicate directly with this service. iPlanet Administration Server does not perform any SNMP-related tasks on Windows NT. All SNMP-related tasks are handled by the operating system.

To Set Up SNMP on Windows NT Systems

1. Install the SNMP service on your server.

   Refer to your Windows NT documentation for instructions.

2. Configure your server software to use SNMP.

   For more information, see your server documentation.

3. Click Start, and then choose Settings > Control Panel.

4. Open the Services control panel.

5. Select the SNMP service from the list of services and then click the Start button.

6. Click Close to exit the Services control panel.