Complete Contents
About This Guide
Chapter 1 Introduction to iPlanet Web Server
Chapter 2 Administrating iPlanet Web Servers
Chapter 3 Setting Administration Preferences
Chapter 4 Managing Users and Groups
Chapter 5 Working with Server Security
Chapter 6 Managing Server Clusters
Chapter 7 Configuring Server Preferences
Chapter 8 Understanding Log Files
Chapter 9 Using SNMP to Monitor Servers
Chapter 10 Configuring the Server for Performance
Chapter 11 Extending Your Server with Programs
Chapter 12 Working with Configuration Styles
Chapter 13 Managing Server Content
Chapter 14 Controlling Access to Your Server
Chapter 15 Configuring Web Publishing
Chapter 16 Using Search
Appendix A HyperText Transfer Protocol
Appendix B ACL File Syntax
Appendix C Internationalized iPlanet Web Server
Appendix D Server Extensions for Microsoft FrontPage
Appendix E iPlanet Web Server User Interface
Glossary
Index
Administrator's Guide: Using SNMP to Monitor Servers
Previous Next Contents Index Bookshelf


Chapter 9 Using SNMP to Monitor Servers

The majority of the content in this chapter is identical to the content in the SNMP chapter in Managing Servers with Netscape Console. However, some sections have been modified and new sections have been added to this chapter to make the content more specific to iPlanet Web Server.

You can use Simple Network Management Protocol (SNMP) together with Netscape/iPlanet management information bases (MIB) and network management software such as HP OpenView to monitor your servers in real-time just as you monitor other devices in your network. If you're using Windows NT, SNMP is built in and already enabled.

If you're using Unix/Linux, you must configure your Netscape/iPlanet server for SNMP if you plan to use it. This chapter provides the information you need to use SNMP on Unix/Linux with your Netscape/iPlanet server. Topics include:


SNMP Basics
SNMP (Simple Network Management Protocol) is a protocol used to exchange data about network activity. With SNMP, data travels between a managed device and a network management station (NMS), a machine users can use to remotely manage a network. A managed device is anything that runs SNMP such as hosts, routers, and Netscape/iPlanet servers.

An NMS is usually a powerful workstation with one or more network management applications installed. A network management application such as HP OpenView graphically shows information about managed devices. For example, it might show which servers in your enterprise are up or down, or the number and type of error messages received. When you use SNMP with a Netscape/iPlanet server, this information is transferred between the NMS and the sever through the use of two types of agents.

SNMP Subagent
The SNMP subagent gathers information about the server and passes the information to the server's master agent. Every Netscape/iPlanet server, except for the Administration Server, has as subagent.

SNMP Master Agent
The master agent exchanges information between the various subagents and the NMS. The master agent is installed with the Administration Server.

You can have multiple subagents installed on a host computer, but only one master agent. For example, if you had Directory Server, iPlanet Web Server, and the Messaging Server installed on the same host, the subagents for each of the servers would communicate with the same master agent.

Figure 9.1    Interaction between the a network management station and a host computer.

How SNMP Works
A managed entity, such as a server, stores variables pertaining to network management. Variables that the master agent can access are known as managed objects. Managed objects are defined in a tree-like hierarchy known as a server's management information base (MIB).

Each Netscape/iPlanet server subagent provides an MIB for use in SNMP communication. The MIB is a tree-like hierarchy that contains variables pertaining to the server's management. The server reports significant events to the network management station (NMS) by sending messages or traps containing these variables. The NMS can also query the server's MIB for data, or can remotely change variables in the MIB.

Netscape/iPlanet MIBs
Each Netscape/iPlanet server has its own management information base (MIB). All Netscape/iPlanet MIBs are located at:

A server's MIB contains variable definitions pertaining to network management for that particular server. The top level of the MIB tree is shown in Figure 9.2.

Figure 9.2    Top level of the MIB tree

 Figure 9.2 shows the internet object identifier has four subtrees: directory (1), mgmt (2), experimental (3), and private (4). The private (4) subtree contains the enterprises (1) node. Each subtree in the enterprises (1) node is assigned to an individual enterprise, which is an organization that has registered its own specific MIB extensions. An enterprise can then create product-specific subtrees under its subtree. MIBs created by companies are located under the enterprises (1) node. The Netscape/iPlanet MIBs are located under the enterprises (1) node.

For detailed information about iPlanet Web Server's network management variables, see The iPlanet Web Server MIB.

The iPlanet Web Server MIB
The iPlanet Web Server MIB is a file named netscape-http.mib.

This file lists each object identifier for all servers currently supported. It also defines the iPlanet Web Server object identifier as netscape 1 (http OBJECT IDENTIFIER : := { netscape 1 }).

Types of SNMP Messages
GET and SET are two types of messages defined by SNMP. GET and SET messages are sent by an NMS to a master agent. You can use one or the other, or both with the Administration Server. SNMP exchanges network information in the form of protocol data units (PDUs). PDUs contain information about variables stored on the managed device. These variables, also known as managed objects, have values and titles that are reported to the NMS as necessary. PDUs sent by the server to the NMS are known as "traps." The following examples best illustrate the use of GET, SET, and "trap" messages.

NMS-initiated communication. The NMS either requests information from the server or changes the value of a variable store in the server's MIB. For example:

    1. The NMS sends a message to the Administration Server master agent. The message might be a request for data (a GET message), or an instruction to set a variable in the MIB (a SET message).

    2. The master agent forwards the message to the appropriate subagent.

    3. The subagent retrieves the data or changes the variable in the MIB.

    4. The subagent reports data or status to the master agent, and then the master agent forwards the message back (a GET message) to the NMS.

    5. The NMS displays the data textually or graphically through its network management application.

Server-initiated communication. The server subagent sends a message or "trap" to the NMS when a significant event has occurred. For example:

    1. The subagent informs the master agent that the server has stopped.

    2. The master agent sends a message or "trap" reporting the event to the NMS.

    3. The NMS displays the information textually or graphically through its network management application.
The iPlanet Web Server MIB
Each Netscape/iPlanet server has its own management information base (MIB). The iPlanet Web Server's MIB is a file called netscape-http.mib. This MIB contains the definitions for various variables pertaining to network management for iPlanet Web Server. These variables are known as managed objects. Using the iPlanet Web Server MIB and network management software, such as HP OpenView, you can monitor your web server like all other devices on your network.

The iPlanet Web Server MIB has an object identifier of netscape 1 (http OBJECT IDENTIFIER : := { netscape 1 }) and is located in the server_root/plugins/snmp directory.

You can see administrative information about your web server and monitor the server in real time using the iPlanet Web Server MIB. Table 9.1 lists and describes the managed objects stored in the netscape-http.mib.

Table 9.1 netscape-http.mib managed objects and descriptions
Managed object
Description
httpEntityDescr
A description of the server (includes operating system information).
httpEntityId
The enterprise subtree for vendors (for example, Netscape/iPlanet's MIB has an object identifier of 1.3.6.1.4.1.1450).
httpEntityProtocol
The HTTP version number.
httpEntityVersion
The server software version number.
httpEntityOrganization
The organization responsible for the server.
httpEntityLocation
The full path for the server.
httpEntityContact
The person(s) responsible for the server and contact information.
httpEntityAddress
The IP address of the machine the server is running on.
httpEntityPort
The port number on which the server is listening.
httpEntityName
The server's identifier name (for example, server2.a.com).
httpEntityType
The type of server.
httpEntityMethods
The methods supported by the server (for example, GET, POST, PUT).
httpEntityMaxProcess
The maximum number of active processes on the server.
httpEntityMinProcess
The minimum number of active processes on the server.
httpEntityMaxThread
The maximum number of active threads on the server.
httpEntityMinThread
The minimum number of active threads on the server.
httpStatisticsPort
The port number on which this server is listening.
httpStatisticsAddress
The IP address to which this server is bound.
httpStatisticsStatus
The status of the server (up or down).
httpStatisticsUptime
The uptime of the server since it was started.
httpStatisticsNumProcessIdle
The number of idle threads.
httpStatisticsNumProcessProc
The number of threads that are processing requests.
httpStatisticsNumProcessDns
The number of threads resolving host names.
httpStatisticsRequests
The total number of requests received and generated.
httpStatisticsRequestError
The total number of request errors detected.
httpStatisticsInUnknowns
The total number of unknown messages received/generated.
httpStatisticsInBytes
The total number of bytes received.
httpStatisticsOutBytes
The total number of bytes sent by the server.
httpStatisticsTimeOut
The total number of times the server has timed out.
httpStatisticsProcessNum
The number of running processes.
httpStatisticsThreadNum
The number of running threads.
httpStatisticsNumBytes
The total number of bytes sent by the server.
httpStatisticsNum2xx
The number of 200-level status requests handled by the server.
httpStatisticsNum3xx
The number of 300-level status requests handled by the server.
httpStatisticsNum4xx
The number of 400-level status requests handled by the server.
httpStatisticsNum5xx
The number of 500-level status requests handled by the server.
httpStatisticsNum200
The number of 200 (Transfer OK) requests.
httpStatisticsNum302
The number of 302 (Moved Temporarily) requests.
httpStatisticsNum304
The number of 304 (Not Modified) requests.
httpStatisticsNum401
The number of 401 (Unauthorized) requests.
httpStatisticsNum403
The number of 403 (Forbidden) requests.


Setting Up SNMP
In general, to use SNMP you must have a master agent and at least one subagent installed and running on a your system. You need to install the master agent before you can enable a subagent.

The procedures for setting up SNMP are different depending upon your system. Table 8.1 provides an overview of procedures you will follow for different situations. The actual procedures are described in detail later in the chapter.

Before you begin, you should verify two things:

See your system documentation for information on how to verify this information.

Table 9.2 Overview of procedures for enabling SNMP master agents and subagents.
If your server meets these conditions....
...follow these procedures. These are discussed in detail in the following sections.
No native agent is currently running

  1. Start the master agent.
    2. Enable the subagent for each server installed on the system.

  1. Stop the native agent when you install the master agent for your Administration Server.
    2. Start the master agent.

    Enable the subagent for each server installed on the system.

  1. Install a proxy SNMP agent.

  2. Start the proxy SNMP agent.

  3. Restart the native agent using a port number other than the master agent port number.

  4. Start the master agent.

  5. Enable the subagent for each server installed on the system.

  1. Reconfigure the SNMP native agent.

  2. Enable the subagent for each server installed on the system.
Using a Proxy SNMP Agent (Unix/Linux)
You need to use a proxy SNMP agent when you already have a native agent running, and you want to use continue using it concurrently with an iPlanet Web Server master agent. Before you start, be sure to stop the native master agent. (See your system documentation for detailed information.)

Figure 9.3    Using a proxy server when you're running a native SNMP agent.

 Note. To use a proxy agent, you'll need to install it and then start it. You'll also have to restart the native SNMP master agent using a port number other than the one the iPlanet Web Server master agent is running on.

Installing the Proxy SNMP Agent
If an SNMP agent is running on your system and you want to continue using the native SNMP daemon, follow the steps in these sections:

  1. Install the SNMP master agent. See Installing the SNMP Master Agent.

  2. Install and start the proxy SNMP agent and restart the native SNMP daemon. See Using a Proxy SNMP Agent (Unix/Linux).

  3. Start the SNMP master agent. See Enabling and Starting the SNMP Master Agent.

  4. Enable the subagent. See Enabling the Subagent.
To install the SNMP proxy agent, edit the CONFIG file (you can give this file a different name), located in plugins/snmp/sagt in the server root directory, so that it includes the port that the SNMP daemon will listen to. It also needs to include the MIB trees and traps that the proxy SNMP agent will forward.

Here is an example CONFIG file:

Starting the Proxy SNMP Agent
To start the proxy SNMP agent, at the command prompt, enter:

Restarting the Native SNMP Daemon
After starting the proxy SNMP agent, you need to restart the native SNMP daemon at the port you specified in the CONFIG file. To restart the native SNMP daemon, at the command prompt, enter

where port_number is the port number specified in the CONFIG file. For example, on the Solaris platform, using the port in the previously mentioned example CONFIG file, you'd enter:


Reconfiguring the SNMP Native Agent
If your SNMP daemon is running on AIX, it supports SMUX. For this reason, you don't need to install a master agent. However, you do need to change the AIX SNMP daemon configuration.

AIX uses several configuration files to screen its communications. One of them, snmpd.conf, needs to be changed so that the SNMP daemon accepts the incoming messages from the SMUX subagent. For more information, see the online manual page for snmpd.conf. You need to add a line to define each subagent.

For example, you might add this line to the snmpd.conf:

IP_address is the IP address of the host the subagent is running on, and net_mask is the network mask of that host.

Note. Do not use the loopback address 127.0.0.1; use the real IP address instead.


Installing the SNMP Master Agent
You cannot use the Server Manager to install and start the master SNMP agent unless the server is running as root.

To install the master SNMP agent using the Server Manager:

  1. Log in as root.

  2. Check whether an SNMP daemon (snmpd) is running on port 161.

  3. If an SNMP daemon is running, kill its process.

  4. In the Server Manager, choose the SNMP Master Agent Trap page from the Global Settings tab. The Manager Entries page appears.

  5. Type the name of the system that is running your network management software.

  6. Type the port number at which your network management system listens for traps. (The well-known port is 162.) For more information on traps, see Configuring Trap Destinations.

  7. Type the community string you want to use in the trap. For more information on community strings, see Configuring the Community String.

  8. Click OK.

  9. In the Server Manager, the SNMP Master Agent Community page from the choose Global Settings tab. The Community Strings page appears.

  10. Type the community string for the master agent.

  11. Choose an operation for the community.

  12. Click OK.
Enabling and Starting the SNMP Master Agent
Master agent operation is defined in an agent configuration file named CONFIG. You can edit the CONFIG file using the Server Manager, or you can edit the file manually.You must install the master SNMP agent before you can enable the SNMP subagent.

If you get a bind error similar to "System Error: Could not bind to port," when restarting the master agent, use ps -ef | grep snmp to check if magt is running. If it is running, use the command kill -9 pid to end the process. The CGIs for SNMP will then start working again.

Manually Configuring the SNMP Master Agent
To configure the master SNMP agent manually:

  1. Log in as superuser.

  2. Check to see if there is an SNMP daemon (snmpd) running on port 161.

  3. Edit the CONFIG file located in plugins/snmp/magt in the server root directory.

  4. (Optional) Define sysContact and sysLocation variables in the CONFIG file.
Editing the Master Agent CONFIG File
The CONFIG file defines the community and the manager that master agent will work with. The manager value should be a valid system name or an IP address. Here is an example of a basic CONFIG file:

Defining sysContact and sysLocation Variables
You can edit the CONFIG file to add initial values for sysContact and sysLocation which specify the sysContact and sysLocation MIB-II variables. The strings for sysContact and sysLocation in this example are enclosed in quotes. Any string that contains spaces, line breaks, tabs, and so on must be in quotes. You can also specify the value in hexadecimal notation.

Here is an example of a CONFIG file with sysContract and sysLocation variables defined:

Configuring the SNMP Master Agent
To start the SNMP master agent using the Server Manager,

  1. Log in as root.

  2. Check whether an SNMP daemon (snmpd) is running on port 161.

  3. Log in to the Administration Server.

  4. From the Administration Server, choose the Global Settings tab and click the SNMP Master Agent Trap link to go to the SNMP Master Agent Control page. The Manager Entries page appears. Complete the following information:

  5. Click the SNMP Master Community link. The Community Strings page appears. Enter the following community information:
Starting the SNMP Master Agent
Once you have installed the SNMP master agent, you can start it manually or by using the Administration Server.

Manually Starting the SNMP Master Agent
To start the master agent manually, enter the following at the command prompt:


The INIT file is a nonvolatile file that contains information from the MIB-II system group, including system location and contact information. If INIT doesn't already exist, starting the master agent for the first time will create it. An invalid manager name in the CONFIG file will cause the master agent start-up to fail.

To start a master agent on a nonstandard port, use one of two methods:

Method one: In the CONFIG file, specify a transport mapping for each interface over which the master agent listens for SNMP requests from managers. Transport mappings allow the master agent to accept connections at the standard port and at a nonstandard port. The master agent can also accept SNMP traffic at a nonstandard port. The maximum number of concurrent SNMP is limited by your target system's limits on the number of open sockets or file descriptors per process. Here is an example of a transport mapping entry:


After editing the CONFIG file manually, you should start the master agent manually by typing the following at the command prompt:

Method two: Edit the /etc/services file to allow the master agent to accept connections at the standard port as well as a nonstandard port.

Starting the SNMP Master Agent Using the Administration Server
To start the SNMP master agent using the Administration Server, perform the following steps:

  1. Log in to the Administration Server.

  2. In the Server Manager, choose the SNMP Master Agent Control page from the Global Settings tab. The SNMP Master Agent Control page appears.

  3. Click Start.
Configuring the SNMP Master Agent
Once you've enabled the master agent and enabled a subagent on a host computer, you need to configure the host's Administration Server. This entails specifying community strings and trap destinations.

Configuring the Community String
A community string is a text string that an SNMP agent uses for authorization. This means that a network management station would send a community string with each message it sends to the agent. The agent can then verify whether the network management station is authorized to get information. Community strings are not concealed when sent in SNMP packets; strings are sent in ASCII text.

You can configure the community string for the SNMP master agent from The Community Strings Page (Unix/Linux) in the Server Manager. You also define which SNMP-related operations a particular community can perform. From the Server Manager, you can also view, edit, and remove the communities you have already configured.

Configuring Trap Destinations
An SNMP trap is a message the SNMP agent sends to a network management station. For example, an SNMP agent sends a trap when an interface's status has changed from up to down. The SNMP agent must know the address of the network management station so it knows where to send traps. You can configure this trap destination for the SNMP master agent from iPlanet Web Server. You can also view, edit, and remove the trap destinations you have already configured. When you configure trap destinations using iPlanet Web Server, you are actually editing the CONFIG file.


Enabling the Subagent
After you have installed the master agent that comes with the Administration Server, you must enable the subagent for your server instance before you attempt to start it. For more information on installing the master agent, see Installing the SNMP Master Agent. You can use the Server Manager to enable the subagent.

To stop the SNMP function on Unix/Linux platforms, you must stop the subagent first, then the master agent. If you stop the master agent first, you may not be able to stop the subagent. If that happens, restart the master agent, stop the subagent, then stop the master agent.

To enable the SNMP subagent, use The SNMP Configuration Page in the Server Manager, and start the subagent from The SNMP Subagent Control Page (Unix/Linux). For more information, see the corresponding sections in the online help.

Once you have enabled the subagent, you can start, stop or restart it from The SNMP Subagent Control Page (Unix/Linux) or the Services Control Panel for Windows NT.

 

© Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.