Here are some notes on how to enable the SMA SNMP agent in Solaris 10. There is also some info on how to extend it and how to use it to send traps to a central management station. Note that SMA is a limited version of Net-SNMP. For those who want the extra functions available in Net-SNMP, there is some info about that at the end. I will also describe how to parse the system log for errors and send SNMP traps for selected events.
Installation
Sun's System Management Agent consist of the following packages which are available on the Solaris 10 DVD: SUNWsmagt, SUNWsmapi, SUNWsmcmd, SUNWsmdoc and SUNWsmmgr. Install them with the pkgadd command.
Configuration files and mibs will be located under /etc/sma/snmp. Commands can be found at /usr/sfw/bin and /usr/sfw/sbin. The daemon is controlled by SVM and the service is called svc:/application/management/sma:default
Configuration
All configuration of SMA is done in the files snmp.conf and snmpd.conf located in /etc/sma/snmp. snmp.conf is for general configuration such as defining the locations of mibs, port numbers, etc. If you are using the default, you don't have to touch this file.
snmpd.conf is the configuration file that defines how the SNMP agent operates. Here you setup things such as access control, extensions, and some simple monitoring. There is a script, /usr/sfw/bin/snmpconf that can be used to set it up. As an example, download and have a look at this snmpd.conf file that has some Basic configuration and comments.
To enable sending traps for a limited number of events, such as file disk fill-ups, high load averages or for example when a monitor directive exceeds a certain limit (please see snmpd.conf), you have to add trapsink and/or trap2sink directives that define the IP address of the host that is to receive the traps. trapsink is for SNMPv1 traps and trap2sink is for SNMPv2c traps.
Startup
You start the agent with svcadm enable sma and the daemon logs to /var/log/snmp.log . You should be able to test that it is working with the following command: /usr/sfw/bin/snmpget -v 1 -c public localhost sysDescr.0 . This should give you a similar output to uname -snrvm
Extension
SMA can be extended so that it acts as a kind of proxy between other agents and the management station. For example, if you want snmpd to communicate with the Fault Manager Daemon, add the following line to snmpd.conf:
dlmod sunFM /usr/lib/fm/sparcv9/libfmd_snmp.so.1
Also make sure that the file SUN-FM-MIB.mib exists in the mibs directory and that FMD is running.
To check that it works you can run /usr/sfw/bin/snmpwalk -v 2c -c public localhost sunFmModuleTable. This should give you the same information as fmadm config.
Open source Net-SNMP
As mentioned above, SMA is Sun's version of the open source Net-SNMP which can be found at http://net-snmp.sourceforge.net . One thing Net-SNMP can do but not SMA is to monitor the link status of network interfaces. If you want to do this, you will have to download and install Net-SNMP. You can find it in pkg format at http://www.sunfreeware.com . Net-SNMP installs under /usr/local so it can co-exist with SMA but it is recommended that you at least disable SMA to avoid confusion.
To monitor network interfaces, add the directive
linkUpDownNotifications yes
to snmpd.conf
Monitor logfiles
Net-SNMP has a very basic ability to match strings in a logfile and send traps when a matching string appears. The logmatch directive in snmpd.conf handles this. You will also need a monitor entry to send the trap when the logmatch triggers. It could look something like this:
logmatch CRITICAL /var/adm/messages 60 kern.crit monitor -u sysadm -r 60 -o logMatchFilename "Log Match" != logMatchCurrentCount
The first line defines a rule where the file /var/adm/messages is scanned every 60 seconds for lines with the string "kern.crit"
If such a line appears, the OID logMatchCurrentCount will be raised. This will trigger the monitor directive that will send a trap to the management station defined in the trapsink directive.
If you want to do some serious logfile monitoring, I recommend that you install the SEC perl script that can be downloaded from http://www.estpak.ee/~risto/sec/ . This will monitor the logfiles of your choice and when a match is found it can use the snmptrap command to send a trap to the management station. SEC uses a rules file to define what to look for and what actions to take. An example could look like this:
sec.rules:
type=single continue=dontcont ptype=regexp pattern=^\S+\s+\d+\s+\S+\s+(\S+).*(kern.crit)..(.*)$ desc=Received critical kernel event from $1 action=shellcmd /usr/sfw/bin/snmptrap -v 2c -c public 192.168.0.2 "" SMA-NOTIFICATION-MIB::statusChange \ hostName s "$1" moduleName s "SEC log monitor" statusOID o ".1.3.6.1.4.1.42.2.2.4.3.0" statusOIDcontext s "" \ status s "$2" description s "$0"
This will scan a logfile for lines containing the pattern defined on the pattern= line. Basically anything that contains kern.crit with some words before and after. When it appears SEC will execute the command specified on the action= line. The snmptrap command will send an SNMPv2c trap to the address 192.168.0.2 with the content that follows on the rest of the line. The variables $0, $1 and $2 is taken from the pattern. $0 is the whole log entry, $1 will be the hostname extracted from the log entry and $2 is the string kern.crit.
No comments:
Post a Comment