470 UNIX System Administration: A Beginner’s Guide 9. What command discussed in this module produces the following line of output? Transferring protocols.byname 10. The __________ is used in situations where no NIS server exists on the local network and the NIS broadcast option is not used or the network infrastructure doesn’t support broadcast facilities. Mastery Check TEAMFLY Team-Fly ® Module16 SNMP System Management Tools Critical Skills 16.1 Discover Elements of System Management 16.2 Explore the UCD SNMP Package 16.3 Use the UCD Management Tools Copyright 2002 by The McGraw-Hill Companies, Inc. Click Here for Terms of Use. W hen addressing system management from a more global or even group basis, it is important that robust and scalable solutions be available to handle the many different aspects of system management. For example, consider the potential impact of a UNIX server failure, which means that an important system is unusable until it can be fixed and brought back in service. 16.1 Discover Elements of System Management Every moment the system is down, it can financially impact the company. If the failed system went down in the middle of the night, this might not be detected until the next morning when users attempted to access the system. In this case, a significant amount of time has gone by and the problem should have been detected much earlier (just as the system went down). This is the job of a system or network management application. As previously mentioned, SNMP is a powerful protocol that provides both system and network management functions. However, SNMP by itself is just a set of rules for how to obtain information and provide control for systems and network devices; the administrator needs specific tools to help manage systems that support SNMP. Due to the popularity of SNMP, several robust and functional SNMP applications are available for UNIX. These tools can be used to provide system management functions such as system heartbeat, system up/down messages, system process activity, network information (protocol statistics, interface performance, and routing information), system information, and configuration control. Although the subject of the book is centered on UNIX system administration, it is helpful to review some elements of networking that involve other devices, since more and more system administrators are called upon to manage networking components as well. Thus, some of the examples provided involve configuration of networking devices such as routers. 472 UNIX System Administration: A Beginner’s Guide HintHint From a network management standpoint, the management of UNIX systems is very similar to the management of networking devices such as routers, switches, and other networking components that support SNMP. System Heartbeat A system heartbeat is used to determine the general health of a system. In the case of SNMP, a system manager application uses a get request message to determine the general reachability of an agent and the system. For example, the system administrator may poll the system clock MIB variable of the agent to determine that each successive poll is more recent than the previous one. Each successive poll should indicate that time is moving forward. The MIB variable that may be polled is the unixTime object, which is part of the sunSystem group of the Sun system agent. As an alternative, the sysUpTime object may be polled from the MIB-2 system group, which should be supported on all SNMP agents. System Up/Down Messages Should the system be brought down and rebooted for any reason, a message will be sent to the designated network management system in the form of an SNMP trap. Recall that a trap is an unsolicited message emitted from the agent indicating some special condition or event. By receiving these messages, the manager is informed (for example) of system outages and can take appropriate action. The Linux agent, for example, uses a configuration file, and additional tools can be used to forward trap messages to one or more network management systems. 16 Module 16: SNMP System Management Tools 473 16 HintHint The SNMP tools described here come standard on Linux, but must be installed on other UNIX versions such as Solaris and HP-UX. HintHint Specific MIB agent information is available in Appendix C under “Using UNIX SNMP Agents.” HintHint Polling a single SNMP MIB object can serve as the means by which a system heartbeat can be established. Thus, when a series of polls fail, either the SNMP agent isn’t working or the system is having trouble communicating on the network. 474 UNIX System Administration: A Beginner’s Guide System Process Activity The SNMP agents support the management of critical system activities and other aspects of system administration. With the Sun MIB and the UCD agent, the monitoring of system processes is possible. Thus, with the SNMP agent, the administrator may obtain a detailed list of processes on the system. This functionality is analogous to executing the ps command remotely. Additional agent functions can establish the overall health of the system or the condition of an individual component by monitoring critical processes and other related information. Network Information Many SNMP agents support the MIB-II standard, which means that protocol performance monitoring and basic system monitoring are possible. This includes monitoring of IP, ICMP, TCP, SNMP, network interface counters, and additional agent system performance objects. Also, additional network protocol MIBs are supported by the agents, which provide even greater information and control of the network and system elements. For example, route-monitoring MIB objects can report the routing configuration of a system and report any errors found. Or, if an organization has determined that each UNIX workstation must have a default route, this can be verified by probing the SNMP agent within these systems. Agents also provide objects that contain performance information for each of the network interfaces installed within the system. With this information, it is possible to report on network performance of all active interfaces. System Configuration Control Many networked systems (for example, UNIX workstations, printers, and so forth) must be configured before they can be effectively used. For example, the configuration of important services like DNS client configuration can be managed with an SNMP agent. Also, as network requirements change, so too the configurations within these systems must change. SNMP tools can be used to alter system configuration in an automated fashion, thus reducing the interaction and tasks from the system administrator’s point of view. Today, most versions of UNIX support one or more SNMP agents. With Linux, the UCD package is provided by default, while on Solaris the Sun SNMP agent is available. On HP-UX, the Emanate SNMP agent is provided. HintHint All of these agents support MIB-II objects. 16.2 Explore the UCD SNMP Package The University of California at Davis (UCD) package provides not only a robust and powerful SNMP agent, but it also provides a series of handy tools that can be used to manage SNMP-enabled systems and query any SNMP agent. These tools support SNMPv1, SNMPv2, and SNMPv3 management protocols, and each SNMP version is available using command-line options. These command-line tools can be used to build scripts or other programs to accomplish management functions or other customized tasks. For example, the snmpget command can monitor critical server network interfaces to determine if one or more of them become inoperable. In such a case, the system administrator can be notified automatically should a failure occur. The UCD package includes tools that obtain MIB information and also tools to alter MIB objects. Table 16-1 lists all the commands that are provided by the UCD package. Module 16: SNMP System Management Tools 475 16 HintHint Only the most common UCD package tools are fully described in this module. Command Description snmpconf Configures SNMP agent based on configuration file. snmpdelta Monitors changes of SNMP variables. snmpget Obtains one or more MIB object values. snmpgetnext Continuously walks an SNMP MIB tree and obtains MIB object values. snmpnetstat Obtains agent interface configuration information. snmpset Sets one or more MIB objects to specified value. snmpstatus Obtains important MIB object information. snmptable Obtains a complete SNMP table. snmptest Communicates with an SNMP agent entity. snmptranslate Converts MIB objects into more meaningful information. snmptrap Sends SNMP trap messages to one or more managers. snmptrapd Retrieves SNMP traps from the network. snmpwalk Obtains a group of related MIB objects. snmpbulkwalk Obtains a MIB object with SNMP bulk request. Table 16-1 UCD SNMP Applications 476 UNIX System Administration: A Beginner’s Guide The basic syntax of most of the UCD tools includes the following: snmpcmd protocol_version [additional_options] hostname community object [object] The snmpcmd is a placeholder and represents one of the commands listed in Table 16-1. The word protocol_version determines which SNMP protocol version should be used and can be 1, 2c,or3. The command-line option 1 represents the standard SNMPv1 format, which includes the use of a simple password for authentication. The 2c option indicates differences within the supported SNMP protocol data units, but uses the same community-based approach as in SNMPv1. The final option, 3, indicates the use of the SNMPv3 security model, which provides the most advanced security model available for SNMP. The additional_options placeholder represents options that control both display attributes and operational behavior of the tools. The most commonly used command-line options are described next. Luckily, most of the tools support these common options. The hostname can be replaced with the name of any system on the network that contains an SNMP agent that matches the protocol_version information specified on the command line. Also, a valid IP address, expressed in dotted notation, may be used instead of a hostname. The community represents the password strings for authentication if version 1 or 2c is used. The object represents the MIB OID that should be retrieved (in the case of an SNMP get request) or altered (in the case of an SNMP set request). It may be expressed in either dotted numeric or dotted named notation. In the case of an SNMP set request operation, additional object information will be required. Note that one or more MIB objects may be specified on the command line. Common Command-Line Options UCD tools share a number of common command-line arguments. Having a core set of options makes them easier to remember and use. The arguments supported by all the commands are divided into two categories: operational options and display options. The operational options control the behavior of each of the tools, while the display options control how the MIB objects, associated values, and other information are displayed. HintHint Instead of using the native SNMP agents from different vendors, and because the UCD SNMP package is functional on many different releases of UNIX, it is recommended that this agent can be deployed across most (if not all) of the important systems. Using a single agent will simplify many aspects of system management and configuration. Application Display Options Table 16-2 lists the display arguments that control some aspect of the output. Note that the table does not fully describe each of the available options. For instance, the -h option, which displays a help string of the command-line arguments, is not described because it is fairly intuitive. Three of these options provide control over how MIB object path information is formatted and displayed: -f, -s, and -S. The -f option displays the full object identifier path information. Thus, this option will display the object system.sysContact.0 with the full MIB path .iso.org.dod.internet.mgmt.mib-2.system.sysContact.0 The -s option permits only the suffix component of the OID to be printed; the last symbolic portion of the MIB object identifier will be shown. For example, the –s option will display the object .iso.org.dod.internet.mgmt.mib-2.system.sysName.0 in the following format: sysName.0 Module 16: SNMP System Management Tools 477 16 Option Description -D Displays debugging information. -S Displays both suffix identifiers and MIB name. -V Displays version information for the tools. -d Dumps SNMP packets to the display. -f Displays the full object identifier path. -h Displays a help message. -q Makes the output easier to parse for programs. -s Displays only suffix identifiers. Table 16-2 Common UCD Application Command-Line Options 478 UNIX System Administration: A Beginner’s Guide Finally, the -S option requests that the MIB object be printed with both suffix and the MIB name. Thus, when this option is displayed, .iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 the following will be shown: SNMPv2-MIB:sysUpTime.0 NoteNote In this example, the sysUpTime object is found within the SNMPv2-MIB; this is true when the UCD tools are used. Traditionally, however, this object is found in the MIB-II tree. If you need to collect SNMP information from a system and use this information as input into another program, the -q option will come in handy. Normally, MIB object information is displayed as shown: system.sysObjectID.0 = OID: enterprises.9.1.17 system.sysUpTime.0 = Timeticks: (139494644) 16 days, 3:29:06.44 system.sysContact.0 = Matthew Maxwell system.sysName.0 = remote-gw5 system.sysLocation.0 = Remote Sales Office (San Jose) system.sysServices.0 = 6 This option, which stands for quick format, causes the output from the UCD tools to be formatted differently. First, the equal sign (=) is removed; this makes it easier to parse because the data is now in columnar format. Second, notice that both the sysObjectID and sysUptime formats have been altered. The information for these two objects in the preceding example is interpreted, while, in the following example, only the raw data is displayed: system.sysObjectID.0 enterprises.9.1.17 system.sysUpTime.0 16:3:24:11.44 system.sysContact.0 Matthew Maxwell HintHint Use the –q option to format the output so that it will be suitable as input to other UNIX tools and programs. system.sysName.0 remote-gw5 system.sysLocation.0 Remote Sales Office (San Jose) system.sysServices.0 6 To display debugging information, use the -d option. This shows the packet information, including the size and destination, and also provides a hexadecimal and ASCII dump of the packet. The output shown here is the result of an SNMP get request of the system.sysContact MIB object: sending 51 bytes to 10.0.2.220:161: 0000: 30 82 00 2F 02 01 00 04 06 70 75 62 6C 69 63 A0 0 / public. 0016: 82 00 20 02 04 41 C9 4A 92 02 01 00 02 01 00 30 A.J 0 0032: 82 00 10 30 82 00 0C 06 08 2B 06 01 02 01 01 04 0 + 0048: 00 05 00 received 60 bytes from 10.0.2.220:161: 0000: 30 82 00 38 02 01 00 04 06 70 75 62 6C 69 63 A2 0 8 public. 0016: 2B 02 04 41 C9 4A 92 02 01 00 02 01 00 30 1D 30 + A.J 0.0 0032: 1B 06 08 2B 06 01 02 01 01 04 00 04 0F 4D 61 74 + Mat 0048: 74 68 65 77 20 4D 61 78 77 65 6C 6C thew Maxwell system.sysContact.0 = Matthew Maxwell The first part of the output is the request packet, as indicated by the string sending 51 bytes to 10.0.2.220:161, which are in the standard SNMP packet format. Note the echoing of the community string of public. The receiving packet is the response from the agent and it, too, uses the standard SNMP packet format. In this case, we see both the community string public and the sysContact object string. The second part is the response, which starts with the string receiving 60 bytes from 10.0.2.220:161. Operational Options Table 16-3 lists many of the available operational arguments for the UCD applications. Module 16: SNMP System Management Tools 479 16 HintHint Some of the options in Table 16-3 are not fully described because their use is somewhat limited. For instance, the -c option, which controls the ability to define the clock values with SNMPv2 authentication messages, is not a critical function for using the tools and is not described. However, some of the more useful options are described. [...]... total datagrams received 0 datagrams with header errors 0 datagrams with an invalid destination address 0 datagrams forwarded 0 datagrams with unknown protocol 0 datagrams discarded 22222673 datagrams delivered 0 output datagram requests Module 16: 0 0 0 0 0 0 0 0 SNMP System Management Tools output datagrams discarded datagrams with no route fragments received datagrams reassembled reassembly failures... a system heartbeat used for? What are the two categories of arguments supported by all the UCD tool commands? To determine the general system health Operational and display 481 16 482 UNIX System Administration: A Beginner’s Guide Environment Variables Each of the UCD applications uses a small set of environment variables that help establish global values for certain operating parameters and shortcuts... its implications because doing so changes the configuration or operating state of a system This tool represents a power mechanism for controlling agents on a global scale The ability to change the configuration of a large number of devices provides an important facility that every network manager or system administrator 491 16 492 UNIX System Administration: A Beginner’s Guide must have Having the... contains a single interface: called Ethern, which represents an Ethernet interface If we query a network device such as a network 488 UNIX System Administration: A Beginner’s Guide router, we might see a large number of interfaces Typically, Cisco routers and switches (and other vendor devices, too) may contain a large number of interfaces For example, executing the above snmpnetstat command on a Cisco... types altered, and the value represents the new object value The type is a single character that represents one of the object types listed in Table 16-5 From a system administration or general networking standpoint, SNMP can be used to handle a variety of management tasks For example, SNMP can be used to Hint G Disable or enable a network interface G Update a device with new administration information... information (sysContact, for example) Module 16: SNMP System Management Tools G Reset certain network traffic counters G Restart a device or agent G Modify some configuration parameter G Monitor critical processes G Monitor system logs You may recall an earlier scenario in which a disabled interface caused a network problem There are also situations when not disabling an interface can cause additional network... failures datagrams fragmented fragmentation failures fragments created This output provides a quick snapshot of the network performance and the activity of each of the networking protocols Many of the counters appear to represent normal network usage However, one metric value, 7727372 datagrams to an invalid port, may represent a significant problem For some unknown reason, data is arriving into this system, ... Note that in the command we have used, the -IR option activates random access to the agent MIB This makes it easy to obtain the desired MIB objects A high discard rate may indicate trouble with the interface This trouble could be caused by a hardware problem related to cabling or even a software configuration error In the example above, the discard rate is changed and is not zero, thus indicating a problem... tableID The tableID must be a real SNMP table, such as interfaces.ifTable The ifTable table contains a series of MIB objects that contain performance information and other characteristics of the interfaces within a device The basic purpose of this command is to give the user the ability to display SNMP tables and import the data into other programs for additional reporting and manipulation Snmptest... traps listed in Module 13 The specific-trap value indicates more specifically the nature of the trap The uptime field is used as a timestamp between the last initialization of the device and the issuance of the trap The object ID, type, and value fields provide additional information relating to the trap These additional fields are known as the variable binding and may contain any type of information . general health of a system. In the case of SNMP, a system manager application uses a get request message to determine the general reachability of an agent and the system. For example, the system administrator. network. 474 UNIX System Administration: A Beginner’s Guide System Process Activity The SNMP agents support the management of critical system activities and other aspects of system administration. . UNIX System Administration: A Beginner’s Guide Environment Variables Each of the UCD applications uses a small set of environment variables that help establish global values for certain operating