SNMP - Getting information from a process - windows

I need to setup a process monitor on a number of servers using a monitoring tool called Zenoss. The problem I'm facing is how can I get information on a specific process via SNMP? I'm not familiar with SNMP at all and I'm having trouble finding out what I need.
I've been trying to use a tool called SNMP-Probe but it only seems to give basic system information, nothing that I need or can use.
Any help here is appreciated.

What you need is to query the hrSWRunTable in order to gather the information you need. This MIB gives you a lot of information such as process name, path, type, status, parameters, CPU and RAM usage even though those two informations are stored on another MIB (hrSWRunPerfEntry). However how you do that "query" depends on the environment you're using, I am almost sure that vbs includes an SNMP library.

Here is a example retrieval via NetSnmp from a Linux host. (I would have added this as a comment on the accepted answer from #raz3r, but I wanted ability to format the text!)
snmptable -v2c -Ci -c public myserver HOST-RESOURCES-MIB::hrSWRunTable
SNMP table: HOST-RESOURCES-MIB::hrSWRunTable
index hrSWRunIndex hrSWRunName hrSWRunID hrSWRunPath hrSWRunParameters hrSWRunType hrSWRunStatus
1 1 "init" SNMPv2-SMI::zeroDotZero "/sbin/init" "" application runnable
2 2 "kthreadd" SNMPv2-SMI::zeroDotZero "kthreadd" "" application runnable
3 3 "ksoftirqd/0" SNMPv2-SMI::zeroDotZero "ksoftirqd/0" "" application runnable
// other rows snipped for brevity

I was just working on the same thing
snmpwalk -v2c -c public xxx.xxx.xxx.xxx .1.3.6.1.2.1.25.4.2.1.2
HOST-RESOURCES-MIB::hrSWRunName

Unfortunately, I wasn't able to find out exactly how to do this. I ended up going with a vbs script on each machine to find the misbehaving process and kill it automatically.

Related

Format of snmpwalk instruction

I'm working with SNMP and was given a command to use. However, I'm trying to break it down into its components so I can understand if I need to change anything. I've found documentation on pretty much everything except for the last part.
The command has this structure:
snmpwalk -v 2c -c communityname address.com .1
From my understanding the meaning of this structure is:
snmpwalk - command
-v 2c - specifies that the version is 2c, options are 1, 2c, 3
-c communityname - specifies the community name, which is like a password to an extent
address.com - the address of the computer in question
.1 - What is this ? I can't seem to find much documentation on it.
man snmpwalk and snmpwalk -h should give you the info you need on the various parameters.
The .1 is the OID and it is an optional parameter to that command, and it pinpoints a point in the hierarchical SNMP MIB on the SNMP agent host. The walk will retrieve all OIDs "below" that point.
Have a read at http://www.net-snmp.org and get a SNMP book to learn about SNMP and MIBs and OIDs; but quoting from SNMP wikipedia article:
SNMP itself does not define which information (which variables) a
managed system should offer. Rather, SNMP uses an extensible design,
where the available information is defined by management information
bases (MIBs). MIBs describe the structure of the management data of a
device subsystem; they use a hierarchical namespace containing object
identifiers (OID). Each OID identifies a variable that can be read or
set via SNMP.
EDIT: Here is image to show the OID tree with ".1" i.e. ISO just below the root.

How to set intel_idle.max_cstate=0 to disable c-states?

I would like to disable c-states on my computer.
I disabled c-state on BIOS but I don't obtain any result. However, I found an explanation :
"Most newer Linux distributions, on systems with Intel processors, use the “intel_idle” driver (probably compiled into your kernel and not a separate module) to use C-states. This driver uses knowledge of the various CPUs to control C-states without input from system firmware (BIOS). This driver will mostly ignore any other BIOS setting and kernel parameters"
I found two solutions to solve this problem but I don't know how to apply:
1) " so if you want control over C-states, you should use kernel parameter “intel_idle.max_cstate=0” to disable this driver."
I don't know neither how I can check the value (of intel_idle.max_cstate ) and neither how I can change its value.
2) "To dynamically control C-states, open the file /dev/cpu_dma_latency and write the maximum allowable latency to it. This will prevent C-states with transition latencies higher than the specified value from being used, as long as the file /dev/cpu_dma_latency is kept open. Writing a maximum allowable latency of 0 will keep the processors in C0"
I can't read the file cpu_dma_latency.
Thanks for your help.
Computer:
Intel Xeon CPU E5-2620
Gnome 2.28.2
Linux 2.6.32-358
To alter the value at boot time, you can modify the GRUB configuration or edit it on the fly -- the method to modify that varies by distribution. This is the Ubuntu documentation to change kernel parameters either for a single boot, or permanently. For a RHEL-derived distribution, I don't see docs that are quite as clear, but you directly modify /boot/grub/grub.conf to include the parameter on the "kernel" lines for each bootable stanza.
For the second part of the question, many device files are read-only or write-only. You could use a small perl script like this (untested and not very clean, but should work) to keep the file open:
#!/usr/bin/perl
use FileHandle;
my $fd = open (">/dev/cpu_dma_latency");
print $fd "0";
print "Press CTRL-C to end.\n";
while (1) {
sleep 5;
}
Redhat has a C snippet in a KB article here as well and more description of the parameter.

What snmp OID should I watch to see if my printers and switches is up an running

I am new to snmp, and I am trying to figure out what OID's I should get/trap to see if my printers, switches (and servers) is running? I do not need to know the details - just a simple test. I have successfully med get, getbulk, (and walk) request from a device, both from bash and iReasoning MIB browser.
Edit:
Maybe the
.1.3.6.1.2.1.1.3.0
Name/OID: sysUpTime.0; Value (TimeTicks): 194 hours 43 seconds (69844352)
is used for just that!? What happens when something is wrong? -will this be reset immediately? -or will it just stop counting? or is it just the time since last power on?
Printers
You should use the Printer MIBv2 to monitior printer error status for jams...
hrPrinterDetectedErrorState reports printer errors such as low toner, jams, etc... the RFC contains details on what specific codes mean
hrDeviceStatus will reveal the big picture ability of the printer to handle tasks. For more info, see Printer MIBv2, Section 2.2.13.2
sysUpTime.0 is an OID that reports the time a system's SNMP stack has been up (reference RFC 1213: MIB-II). If this value is returned and incrementing, it's a 99% safe bet that a printer is up. Most people use sysUpTime to detect whether the device has rebooted for some reason; if that happens, you'll see a sudden decrease in sysUpTime.0, unless your last value was around 248 days (where a 32-bit counter would roll).
Ethernet Switches
Checking the basic health of ethernet switches is usually done with checks to sysDescr.0 or sysUpTime.0; the problem with this heuristic comes if you care about the up/down status of particular links... at that point, you need to check values from ifOperStatus, which is indexed by ifIndex and uses interface names from ifName. See the following examples...
[mpenning#Hotcoffee ~]$ ## Walk ifName correlated to ifIndex
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.31.1.1.1.1
iso.3.6.1.2.1.31.1.1.1.1.1 = STRING: "Fa0/0"
iso.3.6.1.2.1.31.1.1.1.1.2 = STRING: "Nu0"
[mpenning#Hotcoffee ~]$ ## Walk ifOperStatus (up==1)
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.2.2.1.8
iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 1
[mpenning#Hotcoffee ~]$
Thus we know from the example that both interface "Fa0/0" (index: 1) and "Nu0" (index: 2) have an ifOperStatus of "up"; the index value is the last integer returned in the OID of the results.
Scripting
I assume you will use bash for your monitoring scripts; if so, check out Net-SNMP for your SNMP manager

How to fix GET requests for "usmUserSecurity" in netsnmp?

snmpget -v 2c -c public myDevice usmUserSecurity
Returns:
SNMP-USER-BASED-SM-MIB::usmUserSecurityName.".q...s...."."__internal__" = STRING: __internal__
instead of NoSuchObject/Instance.
The same behaviour happens for all the other columns in usmUserTable.
Looks like the get requests act as getNext in this case. I am trying to fix this, but I can't seem to find the relevant part of code ( in the net-snmp code base ) which deals with these requests. Can someone assist?
You'd better capture the network packets and then see if the captured packets are special. As Net-SNMP is so "old" and stable, it is least likely that you discover a new bug.

SNMP - get complete Mac table in one call

For my project I need to download mac table from switch and do it as fast as possible. Official solution is kind of slow. It requires to get list of all Vlan's, and for each one trigger separate call of snmpwalk with OID=.1.3.6.1.2.1.17.4.3.1.1 and community string indexed with vlan number. It can take significant amount of time, since number of vlan's on our switches ranges in tens.
Is there a way to get all mac addresses from mac table at once(some special community index representing all available vlan indexes)?
Thanks in advance..
I think BRIDGE-MIB::dot1dTpFdbTable (1.3.6.1.2.1.17.4.3) will do the job. One can simply retrieve dot1dTpFdbPort (1.3.6.1.2.1.17.4.3.1.2) to retrieve learned MAC -> PORT table. For my DLINK DGS-1216T I can get mac-to-port table from my Linux box by this command:
$ snmpwalk -O0sUX -v2c -Cc -c public 192.168.0.1 BRIDGE-MIB::dot1dTpFdbPort
Additionally I found extra (17th) port number for maintenance MAC.
Do you try to retreive the ipNetToMediaTable ({iso(1) identified-organization(3) dod(6) internet(1) mgmt(2) mib-2(1) ip(4) ipNetToMediaTable(22)} or 1.3.6.1.2.1.4.22) from your switch management address. It represents the IP Address Translation table used for mapping from IP addresses to physical addresses.
----EDIT----
If you want to Use SNMP to Find a Port Number from a MAC Address on a Catalyst Switch with a minimum of frames you can us a Get-Bulk PDU, it assume that you switch is SNMP V2c.

Resources