|
| | | Forum Member
 
Group: Forum Members
Last Login: 10/24/2008 2:02:12 PM
Posts: 27, Visits: 97 |
| Hello all. Thank you in advanced for your help.
So I'm currently working with WhatsUp Gold v11. I'm trying to set up an SNMP monitor to check a linux process (there will end up being a couple of processes, one for each monitor). I've read a lot of the forum threads on this topic, but they all seem to be missing one thing that seems to be really important (the thing that I'm assuming I'm screwing up, and why it's not working correctly)
All of my systems have the same snmpd.conf so that all of the proc's are exactly the same for monitoring purposes. The following is the proc list from the snmpd.conf:
proc snmpd
proc iscsid
proc thunder_client
proc sshd
proc httpd
proc mysqld
proc vmware-serverd
proc pvs
proc snort
proc named
Let's, for example, say that we wanted to check the process called thunder_client. I go into WhatsUp. Go to Configure -> Active Monitor. Select New. Select SNMP Monitor and press OK. I name the monitor "Thunder Client" or something. When it comes to the OID, I browse to the SNMP processes table - 1.3.6.1.4.1.2023.2.1.1 - and select the third instance, which is thunder_client, and press OK.
Now, here is the thing that hasn't been answered for me, I think. The "check type." I assumed that it would be a constant value - 1 means the value is up, 0 means it's down. But when I set it that way, the monitor shows as down. I also tried setting it the opposite (0 up, 1 down) and it shows the same thing. I checked another SNMP monitor. Actually, it's an SNMP monitor that monitors SNMP (makes sense i guess). The way it's set up is that it uses a "Range of Values," the low being 1.3.6.1 and the high being 9999, and the monitor works fine.
At this point I have no idea what to do. What value(s) am I supposed to be looking for? is there a way that I can find them easily?
Oh, I did just notice something too. Inside the SNMP MIB Walker used to browse in the snmp monitor creation window, the SNMP process table - "procTable.prEntry" is a blue folder, and at the bottom, the access says "No Access." But the Instance itself says "Read Only." Maybe that's an issue?
Thanks again for any help that gets this working for me.
~Jeeves Murphy
ITS/Engineering
Tenable Network Security |
| |
| | | Forum Member
Group: Forum Members
Last Login: 10/24/2008 2:02:12 PM
Posts: 27, Visits: 97 |
| Alright so it's taken me a full day to figure it out, and of course I figure it out right after I post on here. So here's how I figured out what I was doing wrong (one of those DUH moments).
After creating the monitor, I went back to the Active Monitor Library and saw the TEST button (this was the duh moment). I selected the Thunder_client monitor, hit test. I selected a device that I know it was running on, selected the default network interface, and the credentials, and hit Test. Here were my results:
SNMP check (Thunderd) for 172.20.10.20
OID=1.3.6.1.4.1.2021.2.1.1 Instance=3 Argument=
ReadCommunity=tns-snmp Timeout=5 Retries=1
Comment=
Constant Value Check: Polled Value=3, Constant Value=thunder_client
Polled value(3) DID NOT MATCH constant value(thunder_client). Monitor is DOWN
From this I inferred that the polled Value is the instance number. So, I went back into the monitor, changed the Constant Value to 3 (the instance number of the OID) and tested it again:
SNMP check (Thunderd) for 172.20.10.20
OID=1.3.6.1.4.1.2021.2.1.1 Instance=3 Argument=
ReadCommunity=tns-snmp Timeout=5 Retries=1
Comment=
Constant Value Check: Polled Value=3, Constant Value=3
Polled value MATCHED constant value. Monitor is UP
Works beautifully. Now, of course, I'll be able to make the rest of my monitors. I hope this information helps others out there with this issue!. Thanks guys!
~Jeeves Murphy
ITS/Engineering
Tenable Network Security |
| |
| | | Forum Member
Group: Forum Members
Last Login: 10/24/2008 2:02:12 PM
Posts: 27, Visits: 97 |
| Now that I have successfully made is so that I can monitor the snmp.conf file (duh moment number two - man it's gonna be a long day), I'll be reworking things so that I can actually monitor the process. I'll post again once I get that stuff working correctly.
~Jeeves Murphy
ITS/Engineering
Tenable Network Security |
| |
| | | Forum Member
Group: Forum Members
Last Login: 10/24/2008 2:02:12 PM
Posts: 27, Visits: 97 |
| Okay, I was pretty close the first time. I had the wrong OID by a number or two. Here's what I ended up doing. I changed the OID to 1.3.6.1.4.1.2021.2.1.5. The instance number stayed the same. But now, the constant value changes to either 1 as up or 0 as down (like I originally thought). This OID monitors the procs specifically in the snmpd.conf file. Def works perfectly. I put it on systems that have SNMP and Thunder running and it shows as up, and then put it on systems with SNMP but without Thunder and it fails like it should.
Hope this helps people.
~Jeeves Murphy
ITS/Engineering
Tenable Network Security |
| |
|
|