As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
This article describes how to configure SNMP in the TIE appliance to offer host-level monitoring. It also explains how SNMP can be integrated into Nagios.
NOTE:There's no specific SNMP Management Information Base (MIB) to monitor TIE Server internals.
After a successful installation, you have to start the service:
Check the status using the following command:
-bash-4.1# service snmpd status
Output snmpd is stopped
To start the service, use the following command:
-bash-4.1# service snmpd start
Output Starting snmpd: [ OK ]
To check the status, type the following command:
-bash-4.1# service snmpd status
Output snmpd (pid 2863) is running...
-bash-4.1#
Configuration
Configure the SNMP service according to your monitoring needs, and then restart the service. The actual configuration is specific to each environment and monitoring approach. The same context ID must be used when remotely accessing SNMP data to secure the exchange. Run the following commands on the appliance:
Run the following command to edit the snmpd configuration file:
vi /etc/snmp/snmpd.conf
Replace /etc/snmp/snmpd.conf content with the following example configuration:
# Map 'idv90we3rnov90wer' community to the 'ConfigUser'
# Map '209ijvfwer0df92jd' community to the 'AllUser'
# sec.name source community
com2sec ConfigUser default idv90we3rnov90wer
com2sec AllUser default 209ijvfwer0df92jd
# Map 'ConfigUser' to 'ConfigGroup' for SNMP Version 2c
# Map 'AllUser' to 'AllGroup' for SNMP Version 2c
# sec.model sec.name
group ConfigGroup v2c ConfigUser
group AllGroup v2c AllUser
# Define 'SystemView', which includes everything under .1.3.6.1.2.1.1 (or .1.3.6.1.2.1.25.1)
# Define 'AllView', which includes everything under .1
# incl/excl subtree
view SystemView included .1.3.6.1.2.1.1
view SystemView included .1.3.6.1.2.1.25.1.1
view AllView included .1
# Give 'ConfigGroup' read access to objects in the view 'SystemView'
# Give 'AllGroup' read access to objects in the view 'AllView'
# context model level prefix read write notify
access ConfigGroup "" any noauth exact SystemView none none
access AllGroup "" any noauth exact AllView none none
dontLogTCPWrappersConnects yes
For SNMP v3:
Stop the SNMP service if it's running:
service snmpd stop
Create two different users with different visibilities of the MIB tree:
net-snmp-create-v3-user -ro -A "AUTHENTICATION_PASSWORD" -X "ENCRYPTION_PASSWORD" -a SHA -x AES TIESnmpRoUser
net-snmp-create-v3-user -ro -A "ADMIN_AUTHENTICATION_PASSWORD" -X "ADMIN_ENCRYPTION_PASSWORD" -a SHA -x AES TIESnmpRoAdmin
NOTE: For the previous commands:
Replace the AUTHENTICATION_PASSWORD, ENCRYPTION_PASSWORD, ADMIN_AUTHENTICATION_PASSWORD, and ADMIN_ENCRYPTION_PASSWORD with strong passwords or passphrases to be used for authentication and encryption:
Run the following command to edit the snmpd configuration file:
vi /etc/snmp/snmpd.conf
Replace /etc/snmp/snmpd.conf content with the following example configuration:
Configuration
Run the following commands on the appliance:
# Add rule to iptables
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
vi /etc/sysconfig/iptables
# make sure to add the line
-A TIE -p udp -m udp --dport 161 -j ACCEPT
Service Restart
Run the following commands on the appliance:
# Enable service
chkconfig snmpd on
# Restart services
service iptables restart
service snmpd restart
Testing
Locally test the appliance by running the following commands:
# show monitoring information
snmpwalk -v 2c -c idv90we3rnov90wer -O e 127.0.0.1
# show monitoring information
snmpwalk -v 2c -c 209ijvfwer0df92jd -O e 127.0.0.1
NOTE: In a typical TIE appliance, the default output of the last command is several pages long. It provides a large amount of information that might be useful, according to each deployment's needs.
Nagios Configuration
To use SNMP from Nagios, configure a remote check using check scripts available as part of the Nagios plug-ins package. The procedure to include the checks as part of the Nagios monitoring server is standard for any other Linux distributions. The following is an example of what must be configured on the Nagios monitoring server, and not the TIE appliance:
define service {
use generic-service
host_name TIE1
service_description CPU 0 Load
normal_check_interval 1
retry_check_interval 1
check_command check_snmp! -o iso.3.6.1.2.1.25.3.3.1.2.196608 -P2c -C 209ijvfwer0df92jd -m '' -w 75 -c 90
}
IMPORTANT:Nagios Remote Plugin Execute (NRPE) integration isn't supported because it requires dependency installations inside the appliance.
Nagios Remote Testing
To test that the integration is working, you can remotely run the following command on the Nagios monitoring server using the check_snmp script:
NOTE: The check_snmp script is only available if both net-snmp-perland net-snmp-utils packages are available in the monitoring system while the Nagios plug-ins are built.