I want to monitor some servers in a cluster with Zabbix. if it is feasible to use "snmp agent" instead of "zabbix agent" to monitoring the servers, I will not install zabbix agent in every server.
So what is the advantage of zabbix agent than the snmp agent?
It depends on which parameters would you like to monitor. We are using SNMP monitoring on hosts (clusters and standalones) where vendor does not allow installation any other application except from himself.
Even in case of SNMP you need to modify configuration of your SNMP daemon on monitored host. But in some cases default configuration is sufficient to monitor at least some values without any installation/configuration/modification on monitored host. Be advised that the network must allow SNMP traffic (161/udp). I don't need to mention that SNMP v1 and v2c can be seen by somebody listening on the network. Values which can be monitored by SNMP daemon are listed in OID list http://www.alvestrand.no/objectid/top.html.
On the other hand Zabbix agent can monitor similar values like SNMP daemon. Additionaly there are some parameters which are more complex (like DNS response etc.). The list of values which can be monitored by Zabbix agent is on https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes/zabbix_agent
Related
I am trying to discover some Windows and Linux machines that are provided by a 3rd part vendor so I dont have Local Admin access.
Providing I have the community string can discover these devices and find information like OS, HDD utilization, machine name?
Kind Regards,
Warren Gardner
The typical SNMP discovery is simply a number of SNMP GET/GET-NEXT requests to query the list of predefined OIDs. The procedure scans the range of IP addresses (UDP port 161) using the same SNMP security parameters. For SNMP v1/v2C the only parameter you need to specify is Read Community string. For SNMPv3 you have to specify security level, auth/priv protocol, username and password and some other parameters.
Please note that there is no standard for SNMP discovery. So usually the results of discovery are very limited (subset of RFC1213 - MIB-2):
sysName,
sysDescr,
sysLocation
network interfaces
The advanced SNMP discovery procedure is usually implemented in commercial software/NMS and includes extended information from Cisco IOS, printer status (toner level and so on), etc. Also these systems are capable of doing topology discovery based on CDP, LLDP, routing tables.
Our Zabbix frontend shows SNMP availability status of several hosts that seems to be monitored well as "unknown", Zabbix API also returns snmp_available=0, because zabbix_proxy set "unknown status" of SNMP agent availability for these hosts.
But I can see actual latest data collected from those hosts with SNMP and I'm in doubt: how to debug that situation, how Zabbix server or Zabbix proxy makes a decision that some hosts' SNMP agent status is unknown? What SNMP checks does it performs to know, whether host is available by SNMP or no? Where [in source codes of Zabbix] can I look for real internal implementation of these checks? I was trying to search in checks_internal.c, but no luck (and "item" parameter of get_value_internal function written by Alexei Vladishev seems to be described in a very unclear manner: "item - item we are interested in").
So... how to do the same checks as Zabbix does when investigating whether host is available or not - by hand?
My OpenNMS system is running on Windows Server 2012 and I am doing most of my configurations through the web interface.
I have configured an SNMP community associated with a range of ip addresses for the node I want to monitor. I have specified a string for this community. I have added the node (which contains multiple ip addresses) for provisioning. I have added the node to the default data collection group. However, when I try to navigate to the node, rescan it, and manage data collection per interface, I cannot view the node as an option from which to collect data. I also do not see SNMP data on the node availability graphs, only ICMP data. How should I approach this problem. Are there any additional files I need to edit?
If any of you have some knowledge of OpenNMS, I would appreciate the help. I have only been using OpenNMS for 2 weeks now, and I have very little knowledge of SNMP or networking, though I am learning more every day.
First of all, it is important to ensure your OpenNMS as SNMP access to your Device you want to monitor. You can verify this by running the following command from the CLI off your OpenNMS server:
snmpwalk -v 2c -c <your-community-string> <your-ip-interface>
If you don't see any output or a timeout, you have connectivity issues which can be firewalls between your OpenNMS and the device you want to monitor. It can also be the SNMP Agent on your Device does not allow access from your OpenNMS servers IP address.
As I'm reading your Node has multiple IP interfaces you have provisioned. You can define an attribute "SNMP Primary" which means:
P: It is the primary interface and when it is reachable, OpenNMS will try to fetch all SNMP performance data from this interface
S: It is set as secondary, it means SNMP is available but will only be used to fetch SNMP performance data if the primary interface is down
N: Not used for SNMP performance data collection
By default OpenNMS detects also services like SNMP. The SNMP service is assigned to the interface when it is possible to fetch the System Object ID (sysoid) .1.3.6.1.2.1.1.2.0 from the given IP interface using the SNMP community you have configured by the IP address in the WebUI. You can troubleshoot this on the CLI using the snmpget command from your OpenNMS server like this:
snmpget -v 2c -c <your-community-string> <your-ip-interface> .1.3.6.1.2.1.1.2.0
If you don't get a result, OpenNMS will not detect the SNMP service. OpenNMS will only try to collect SNMP performance data from an IP interface when the SNMP service is associated.
Hope this helps for further troubleshooting.
In Zabbix Server 3, I have a linux host monitored through SNMP.
The SNMP OID of the monitored MIB is as below:
SNMPv2-SMI::enterprises.94.7.1.4.2.1.5.1 = STRING: "CLUSTER STARTED (RESTARTED)"
I have configured this SNMP OID to be monitored for every 10 minutes. The Zabbix server is sending a SNMP get-request and the linux host replies back. The timestamp is updated in this case in Zabix>Monitoring>Latest Data section of Zabbix dashboard
I also have an SNMP trap defined for this event.
I restarted the cluster in the linux host, which triggered an SNMP trap message to zabbix and the event is captured in /var/log/zabbix/snmptrapfmt.log of zabbix server. But the Zabix>Monitoring>Latest Data section of Zabbix dashboard still has old timestamp for latest data. The new value is not updated from SNMP trap.
Is there any separate configuration needed for this?
I am using zabbix appliance 3 as zabbix server
The first item you showed, the one that polls SNMP, should not be relevant for trap processing.
Regarding the second item (snmptrap), make sure you have started SNMP trapper (StartSNMPTrapper parameter in the server configuration file).
Also check that Zabbix server points at the location where you traps are written with the parameter SNMPTrapperFile.
If all that is configured, check the server log - if a trap is written there, it was not matched to your item - in that case, check your regexp against the trap data and make sure the IP address Zabbix sees the trap from matches the SNMP interface address for that item.
The documentation on saltstack appears to be unclear regarding what ports are required from the salt-master -> salt-minion (apparently none are required).
It suggests that ports only need to be opened from the salt-minion -> salt-master.
(See: http://docs.saltstack.com/en/latest/topics/tutorials/firewall.html)
If however commands are executed remotely on the salt-master targeted to a minion, surely the master needs to be able to push this into the minion and therefore require a network opening to allow for this.
Therefore my question is if the saltstack ports (4505 & 4506) need to be opened in both directions, or whether the remote commands are triggered over another protocol?
[A bit of background: My team want salt-stack setup to manage a server landscape in quite a restrictive network where each individual network route needs to be requested in the security concept. This is not controlled by our company and I need to explicitly request all required routes and in each direction.]
Salt uses a zeromq pub/sub interface to communicate with the minions. Indeed, you only need to open ports 4505 and 4506 on the master's firewall.
The minions listen on one port on the master, which is the "pub" port, and then return results to the master on the other port.
The master never actually "pushes" commands to the minions. The minions listen for commands published on the pub port. Which is why you don't need to open any incoming ports on your minions.