How to monitor a device with SNMP - snmp

I've been given a task to write some code to notify administrators if the device sends a trap. Also I'd like to be able to check upon the device as well.
I'm not so sure where to begin. Is there a test server online where I can test if I setup the device correctly? (Whether it send traps according to the condition I set?)
If I were to write code to monitor this device, I think I should learn how the snmp and mib files work exactly. Is there good summary and reference for me?
Is there some simple example code for snmp?

download any trial based S/W to receive traps on your system like LoriotProV6 or SolarWids.
In windows based sys open run evntwin.exe n select ur preferred options to generate traps like SNMP.
Here you need to check for Trapping column if it says "Yes" then only select it..
or else it wont mean any thing.
then click add run ur SNMP services.
To rum SNMP services go to control panel-> Add/Remove -> Add/Remove Windows component -> check Management & Monitoring click on details n check SNMP & WMI options.
now go to control panel-> Administrator tools -> Services -> search SNMP services n& start it.

You can consider 2 basic ways to check whether the device of interest generating/sending out SNMP traps.
You can just run wireshark on the device (if possible) or on the target server (where the traps supposed to arrive). Then you can filter the traffic using default SNMP ports. For example it could be one of the following: 161, 162, 10161, 10162.
You can install a MIB browser on the target server and see if any traps arrive. There are number of available free applications on the web.

Related

What is the difference between SNMP agent and subagent?

I am having issues of writing a very huge mib, as due to the senario that I have only one agent connected with many devices which do not have snmp. All Devices are sending same type of data to agent by pushing and agent is then sending snmp traps to SNMP manager. Also Manager is sending SNMP GETs to agent. I want to write a standard mib, which applies to every device and Manager has to send only some OIDs to get values against, not hundreds of OIDs.
A very huge mib means a lot of branches.
A sub-agent is an additional SNMP daemon that extends functionality of the master agent. Basically, OID sub-trees are assigned to the sub-agent(s). There are also a few other ways of extending functionality. For example, Here's a nice article on different ways of extending an Net-SNMP agent.
Some of the differences pointed out in the article include:
No configuration is needed for the master agent to accept an
additional sub-agent. A sub-agent registers to the master agent the
MIB modules (or part of them) it wants to take care of.
A sub-agent is decoupled from the master agent. It can run with a
different identity or be integrated into another daemon to export its
internal metrics, send traps or allow remote configuration through
SNMP.
AgentX protocol can be carried over TCP. Sub-agents can therefore run
on a foreign host or in a jailed environment.
64bit types are fully supported. Traps are also supported.
From what I can understand, you have remote devices pushing data to an agent, who in turn needs to be able to process and return this data to an SNMP manager using SNMP traps and/or SNMP gets. One thing to keep in mind is that your SNMP agent may be blocking when processing the incoming data. A sub-agent could be helpful in taking care of this work independently.
In regards to having a large amount of branches to cover each device, a table could be used. Depending on what kind of data your sending, bit fields can also be useful. Defined bitfields can be used to send large amounts of information on one device via one transaction.

Callback for System Events e.g. ARP Entry Addition

I am looking at creating a network monitoring system for Windows 7/8. My process needs to be able to monitor events e.g. Addition of a new ARP Entry, Network Up/Down on different interfaces, DHCP success/renew etc.
Is there a way by which a program can register to get all these system wide events without having to Poll using the standard APIs? I definitely do not want to sleep and keep reading the ARP table to check if a new entry is added.
I am coding in Visual C++.

Hyperterminal and alerts

I have a device that sends data to Hyperterminal. What I want is that when a certain piece of text appears is to get an alert, either audible or visual. Is there any software/scripts etc available that might of that functionality?
You'd probably be as well using vb .net or similar and listen to the device using the comms port directly. You can then trigger an event based on the returned data.
There's some useful info here:
How to access serial and parallel ports by using Visual Basic .NET

Getting data from my program into snmpd

I guess I have missed the obvious, maybe, but I am lost for a good answer.
I am developing a stand alone program that will be running on a Linux (Ubuntu?) embedded PC inside a piece of hardware. I want it to be the "thing" SNMP talks to. Well, short of compiling in my own SNMD "daemon" code and persuading Linux to let a general user have access to port 161, I think I'll opt for Net-SNMP's snmpd. I am open to suggestions for better products to use. LGPL, BSD, MIT, licenses, please.
I am working separately on the MIB and assigning OIDs, etc. I know what vars I want to set and get, etc.
I have read and reread the stuff on making an SNMP/snmpd Agent and/or subagent. Near as I can tell, they are both compiled into snmp or linked to it as a shared library. Right?
So, how do I get that agent to talk to my sepaprate program running in a separate general user session? Is there a direct technique to use? D-Bus? ppen()? Named pipes? Shared memory? Temp files? UDP port? Something better? Or do I really want to turn my program into a .SO and let snmpd launch it? I assume at that point I'd be abe to tell snmpd where to call in to me to get/set vars. Right?
Thanks!
The "AgentX" protocol is a way for arbitrary applications to supply SNMP services to a running system SNMP daemon. Your application listens on some port other than 161 (typically a library will take care of the details for you), and the system snmpd will forward requests for your OIDs to your subagent. This method doesn't involve linking any code into the system snmpd.
Often an easier way is to configure the system snmpd to run a script to get or set data. The script can, if you like, use some other kind of IPC to talk to your application (such as JSON to an HTTP server, for example).

How to identify users which are connected to a windows server via remote desktop

At my workplace, we have lab machines that we use to do our testing.
The standard procedure to reserve a machine for testing was to walk around the office to make sure that no one was using the machine.
This is highly inefficient and time consuming.
At first, I set up a web page where people could reserve the lab machine but nobody was keeping the page updated so that turned up to be useless.
I finally found a solution using Microsoft log parser and wanted to share it to the stack overflow community.
It is a batch file that runs on the machine so the user can identify the last users that use the machine and easily IM them to ask if the machine is free.
Is there a better solution to do this?
Use the built-in command qwinsta (Query Win Station) to figure out what sessions (including console) are active or inactive (disconnected) and then act on the given information (creds to krusty.ar btw for linking this already).
If you feel people are abusing the machine in question, refer to rwinsta to nuke their sessions into oblivion...
You will need to install the Microsoft Log Parser
Then create the following 2 files
TSLoginsDetails.sql
SELECT
timegenerated,
EXTRACT_TOKEN(Strings,1,'|') AS Domain,
EXTRACT_TOKEN(Strings,0,'|') AS User,
EXTRACT_TOKEN(Strings,3,'|') AS SessionName,
EXTRACT_TOKEN(Strings,4,'|') AS ClientName,
EXTRACT_TOKEN(Strings,5,'|') AS ClientAddress,
EventID
FROM Security
WHERE EventID=682
ORDER BY timegenerated DESC
TSLogins.bat
echo off
cls
c:
cd "c:\Program Files\Log Parser 2.2\"
logparser.exe file:TSLoginsDetails.sql -o:DATAGRID
Now by placing this batch file on the desktop, the user can see who were the last people to login and contact them by IM to verify if they are done.
How about posting the information from the log file to the website that tells who is currently using the machine as well.
Check and notify when they log in.
Updated the "who is using the machine" page you made prior.
Run a AT job that checks every couple of hours who is on it.
Totally out of the box:
You can install the Software Testing Automation Framework (STAF) on your servers and desktops to manage your tests. It's written in Java, so you can use it on Windows and Unix/Linux desktops and servers.
Using STAF, you can create a resource pool of test servers on which you conduct tests, then write STAX jobs (STAX is a STAF execution framework) to conduct the tests. The job can grab the first available server from the resource pool, run the test, monitor the test status, log results, notify the submitter, then release the server back into the pool when done. If you have multiple people submitting jobs for tests, STAF will manage the queue of requests and satisfy them as they came in. Users can either monitor the job from their desktop, or you can set up email alerts to notify them when the test is complete.
I'm not sure if I understand you, but there are a set of command line tools to deal with terminal server sessions, and there's also a Windows API to do the same if you need to do this from a program.
Since it sounds like you're a microsoft shop, you can set up the machines as resources in outlook/exchange and reserve them that way.

Resources